Well that makes that decision easy.  I wonder why it is available as a download on the CPUSE page then?

As for your other recommendation, I had read that the Blink install performs the exact same install as doing an ISOmorphic via USB because it literally mounts a new partition and builds it on that new partiton?  Based on your comments here, I'm assuming that is not actually the case?

Thanks for your quick reply!

Blink installs GA + current GA Jumbo in one shot.

More details here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Hi Rob,

Maarten is right, you need to use Gaia 2.6.18 for 4400 appliance. 

As Valeri said, you can use the "R80.30 Security Gateway + JHF T155 for Appliances and Open Servers" blink package which available in CPUSE and SupportCenter

Hey @Rob_Bush ,

Can you please share the CPUSE page with the packages that you see? the 3.1 package should have been blocked for appliances which are not supported, and if you can see the 3.1 package it is a bug that we need (and will) fix.

Adding @Boaz_Orshav to be aware

Here you go!

It's happening on both my 4400 series as well as my 4800 series appliance.  Let me know if you need anything else.

Hi @Rob_Bush ,

The issue was fixed, thank you for pointing this out!

@Tsahi_Etziony  is there any value in doing the ISOmorphic over the Blink?  I've read a lot of your posts, watched a lot of videos on this, read a bunch of KB articles, and the only difference I can find is that the ISOmorphic allows you to completely format the disk prior whereas the Blink obviously can't do that.  If I'm dealing with firewalls that are just flat out unstable (we've been working with CP TACfor a while now without much luck) would you recommend that I go the ISOmorphic route to actually be able to format the drive given I'm having stability issues, or would the Blink be just as effective?  I'd really like to go the Blink route via CPUSE as this is a remote device.

Blink is fast, but as you said, it does not change the file system.

Full installation takes longer time due to re-format , OS full re-install and software packages deployment. On top, you want Jumbo anyway. Good exercise, but not really required on any of Check Point appliances. Might make more sense in case of an open server.

@Rob_Bush ,

Both you and @_Val_  have summarized the differences correctly. 

If you do not suspect any problems with the HDD itself or the partition sizing, I would recommend the Blink solution. it is very straightforward when launching it from the CPUSE page, and you benefit from a version+JHF in a short process. 

@Tsahi_EtzionyBecause so much of the Blink information out there is about running Blink at the console, I haven't been able to find an answer on how it works via CPUSE.  Will CPUSE Blink clean install put the primary IP back on so that I can access it via a web page to run the first time setup, or will I still need console access to start the first time setup to get the primary IP on?

@Tsahi_Etziony @Dmitry_Krupnik 

Just some feedback for you.  We performed a CPUSE Blink + JHT clean install last night on a secondary gateway.  The blink package went nice and quick, and the device came back up with all interfaces configured with the correct IP addresses.  We simply needed to re-establish SIC, push policy and we thought we were good to go.  As we started poking around to verify everything, we released the config did not get pulled over entirely, it appeared hit and miss.  We were missing NTP time server, DNS server (which caused contract lookup, AV/TP update lookup and HTTP Categorization lookup errors) OSPF routing config completely missing, the description on some of the interfaces was missing (some had them though which was interesting) and other various little missing configs.  We decide to re-import the config back in as we were playing whack-a-mole with what was missing.  As soon as we re-imported the config back on, bounced the box, pushed policy, bounced the box again, then everything began working as expected.

I'm not sure if my experience here was a one-off, but I figured it would be good to communicate this back just in case it represented a larger problem.  I will be performing another Blink upgrade in the exact same fashion on a different cluster tomorrow night, and then we will be upgrading the other cluster nodes some time next week.  I'll report back my results of those.

Also, the Blink + JHT Gaia 3.10 did get removed from my package list on the 4000 series gateways.

Hi @Rob_Bush ,

Loosing of configuration is expected behavior for Clean install procedure. It isn't related to Blink, you will see same behavior with regular package. We only keep the minimal information that is required to maintain connectivity.

Thank you for feedback, we very appreciate it! 

@Dmitry_Krupnik 

Okay, not problem.  That is for SURE something that is not specified in the documentation under the Blink sk.  The only thing the documentation says is "4. Installation/Upgrade will start and you can follow the installation via CPUSE WebUI or CLI." and then that is it for the CPUSE set of instructions under sk120193. 

It sounds like the instructions need to be improved to include backing up the configuration and restoring the configuration.  We did the backup/restore via clish, but perhaps you feel doing the same via the webui works as well?

Perhaps a silly question, but... given how powerful CPUSE is, why not provide an option after you click on "clean install" that says "would you like to have the configuration fully restore or just the IP addresses restored?"

@Rob_Bush ,

I would like to refer to the sk92449 (Check Point Upgrade Service Engine (CPUSE) - Gaia Deployment Agent) because "Clean install" and "Upgrade" are therms of CPUSE, not Blink.

According to the sk, you have 2 options to perform installation of Major Version by CPUSE:

So, configuration reset is planed action of Clean install procedure.

@Rob_Bush 

We are working on Blink sk and will take into account your feedback.

Appreciate your comments!