Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
cosmos
Advisor
Jump to solution

This package is not supported by current Deployment Agent build

The only time I _ever_ need to update CPUSE / CPDA is to install hotfixes.

Is there any reason the agent is not included and installed as part of the hotfix, to mitigate the dependency?

0 Kudos
2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin

That's not exactly foolproof as you sometimes need the latest deployment agent to install the latest JHF, one not made available in a previous JHF. 
In any case, you can always download the Deployment Agent and install it offline here: https://support.checkpoint.com/results/sk/sk92449 

I believe we plan to start adding AutoUpdater content to the JHF for offline gateways.
Don't believe CPUSE is currently part of this. 

View solution in original post

(1)
Boaz_Orshav
Employee
Employee

Notice that when using central deployment from Smart Console or central deployment tool (CDT) it's enough to have the latest DA on the management machine and it will be pushed automatically to the gateways.

 

View solution in original post

11 Replies
Chris_Atkinson
Employee Employee
Employee

It should routinely self-update avoiding the dependency.

Is this on a machine that has internet access and a valid license or is isolated?

CCSM R77/R80/ELITE
cosmos
Advisor

Isolated. Practically all the environments I touch are. Except for maybe management IPS updates via proxy...

the_rock
Legend
Legend

I agree with Chris, I never have to do this manually, its always auto-updated. I mean, periodically (maybe once a month, if that), I click on "check for update" in web UI, but usually does not return any new versions of CPUSE agent. 

0 Kudos
PhoneBoy
Admin
Admin

That's not exactly foolproof as you sometimes need the latest deployment agent to install the latest JHF, one not made available in a previous JHF. 
In any case, you can always download the Deployment Agent and install it offline here: https://support.checkpoint.com/results/sk/sk92449 

I believe we plan to start adding AutoUpdater content to the JHF for offline gateways.
Don't believe CPUSE is currently part of this. 

(1)
cosmos
Advisor

Wouldn't it be smarter to include the dependent DA in the JHF itself, and install it as part of the HFA if required?

0 Kudos
_Val_
Admin
Admin

Not really, considering you may need an updated DA to install a hotfix. As mentioned above, it is a separate type of software update.

cosmos
Advisor

Of course, that is how it works today and likely a result of the packaging, process and architecture. And I understand it may not be simple to change the process to include the latest DA at the time the HFA is released to hopefully make the offline installation process a tiny bit simpler. It may not sound like much but anything we can do to reduce the amount of maintenance required adds value.

KISS

the_rock
Legend
Legend

I think last part of you statement, I agree with 100%...anything to make upgrade process easier would help.

0 Kudos
Boaz_Orshav
Employee
Employee

Notice that when using central deployment from Smart Console or central deployment tool (CDT) it's enough to have the latest DA on the management machine and it will be pushed automatically to the gateways.

 

Bob_Zimmerman
Authority
Authority

I found that out in the most annoying way possible when a new CPUSE version was in the "gradual deployment" stage. One of the members of the cluster I was trying to upgrade knew about it, but the other member and the management server did not yet. Not particularly hard to deal with. We just check for a new CPUSE build before using CDT and install it if there is one. It's ultimately just a little snag made more noticeable because of how smooth the process is otherwise.

Agreed that if CDT is usable in the environment, it's a great way to address this problem. My environment has a separate firewall between the management and the firewalls, and we had to allow CPRID through it. Now that we have it working, my team doesn't do any manual jumbo installations on firewalls anymore.

cosmos
Advisor

CDT is great, but often we are building new gateways that are not yet managed.

At the very least, it would be great if a link to the latest DA was provided with the HFA download, and as accessible as the HFA itself (no login is required to download the HFA, yet one is to download the DA?).

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events