Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
srihari_ml
Explorer

Kindly need information on upgrading 4800 from R77.30. to R80.10 using cpuse

We are currently utilizing the 4800 (4GB) as an independent gateway for a mobile access blade. Our objective is to upgrade the gateway from version r77.30 to 80.10 through CPUSE in order to address the findings from Bitsight. Please advise if a fresh installation is the sole option available, as upgrading the RAM and replacing the device are not feasible due to budget constraints.

0 Kudos
7 Replies
_Val_
Admin
Admin

Please be advised, R80.10 is very old and EOL ages ago.

All documentation and upgrade packages, including CPUSE upgrade package for R77.XX, are available in sk111841 

srihari_ml
Explorer

Dear @_Val_ ,

I am doing an upgrade test using Check_Point_R80.10_T479_Fresh_Install_and_Upgrade_from_R7X.tgz, but the import of this package does not finish even after waiting for more than 2 hours.(Errors that were displayed with other packages so far do not occur.)Even if I close the session and reopen the GUI, it appears that the import is not completed. Please find the screenshot and suggest.

Thanks and regards.

0 Kudos
PhoneBoy
Admin
Admin

You need to update to the latest Deployment Agent before doing any upgrades: https://support.checkpoint.com/results/sk/sk92449 
Even so, unless your Standalone 4800 has at least 8GB of RAM, you will not be able to run R8x releases.

0 Kudos
emmap
Employee
Employee

From the screenshot the Deployment Agent has already been updated, but to the wrong one. It should not be the latest version (which it seems to be) but the older one in the article listed for versions R80.30 and older. 

0 Kudos
PhoneBoy
Admin
Admin

Is this a Standalone (i.e. no external management) 4800?
Unfortunately, according to the release notes, R80.10 will not run in a Standalone configuration with under 8GB of RAM: https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_ReleaseNotes/html_frameset.h... 

Also, am curious what specific findings you're referring to from Bitsight.
If it is related to CVE-2024-24919, we have patches for R77.30 here: https://support.checkpoint.com/results/sk/sk182336
If you weren't aware of this CVE previously, it is highly recommended to patch for this issue and follow the remediation steps in the SK.

0 Kudos
srihari_ml
Explorer

These are bitsight findings for the device:

Website Does Not Implement HSTS Best Practices
Website does not implement X-Content-Type-Options Best Practices

 

We are only using it as standalone Mobile access blade and no VPN and Threat detection were configured on the device.

0 Kudos
PhoneBoy
Admin
Admin

Since you have Mobile Access Blade enabled, you are vulnerable to CVE-2024-24919 unless you apply the relevant patch or upgrade to a version where the issue is fixed.
Please refer to the following section of sk182336:

image.png

I believe you can fix the issues Bitsight identified without an upgrade: https://support.checkpoint.com/results/sk/sk138813 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events