This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kenneth_Greger1
Contributor
‎2022-10-07 06:22 AM
Jump to solution

VmWare - Blink image - R81.10 - mix-up?

Hi

So, we have re-installed a lot of VmWare based clusters to get to R81.10.
Everything has been going very  as planned, and we have used the VmWare files (OVF) to do the installations:

 

Mode   LastWriteTime     Length     Name
---- -------------      ------      ----
-a---- 25.07.2021 15:59 3542973440 Check_Point_R81.10_SG_R81.10-disk1.vmdk
-a---- 25.07.2021 15:59 2441       Check_Point_R81.10_SG_R81.10.cert
-a---- 25.07.2021 15:59 221        Check_Point_R81.10_SG_R81.10.mf
-a---- 25.07.2021 15:59 17327      Check_Point_R81.10_SG_R81.10.ovf

Yesterday we deployed a new firewall, using the very same files as earlier, but this time when we run CPUSE it shows this:

1.png

I have never seen this reference to BLINK image before, and certainly not as the only option to patch.

I got the T66 patch from our partner, uploaded it (using Import package) - but the system would not accept it (Check_Point_R81_10_JUMBO_HF_MAIN_Bundle_T66_FULL.tar).

2.png

 

Then we got the ongoing T75 from our vendor (Check_Point_R81_10_JUMBO_HF_MAIN_Bundle_T75_FULL.tar), and that could be imported to the gateway - and apparently we can install it.

The firewall cluster is working today, but I'm a little bit reluctant to apply the patch on a Friday afternoon.

But, can somebody explain what might have happened here?
It seems to me that we have gotten completely different behavior/firewall gateway - using the same set of installation files.

/Kenneth

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2022-10-10 11:15 AM
In response to Kenneth_Greger1
Jump to solution

The OVF hasn't changed, but the Deployment Agent needed to deploy any hotfixes or version upgrades surely has.
I presume it now (correctly) recognizes you've effectively deployed a blink image in OVF form.

View solution in original post

8 Replies
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2022-10-07 08:09 AM
Jump to solution

There was an issue identified with upgrades  between certain jumbo takes which we subsequently blocked from being performed to prevent damage.

For more information please see sk179799.

 

CCSM R77/R80/ELITE
0 Kudos
Kenneth_Greger1
Contributor
‎2022-10-07 11:17 AM
In response to Chris_Atkinson
Jump to solution

I agree that this is very interesting, but as I said the most confusing part is that we have used the very same OVF files to install Gaia Security Gateway R81.10, but now we seem to be running some kind of Blink image on our Vmware Security Gateways.

The OVF files are from 25. July 2021

I'm confused.

0 Kudos
PhoneBoy
Admin
Admin
‎2022-10-07 09:24 AM
Jump to solution

Had you deployed JHF 66 on your other installs previously?
In any case, it's possible the OVF we supply includes a JHF in it that has the incompatibilities listed when you apply JHF 66.

0 Kudos
Kenneth_Greger1
Contributor
‎2022-10-07 11:12 AM
In response to PhoneBoy
Jump to solution

Hi

We have deployed Take 66 on 44 clusters in our network - without any problems.
The Take 66 have always been available via CPUSE when we have deployed the R81.10 from the same OVF files.
I think our last successful deployment were 3-4 weeks ago.

 

0 Kudos
PhoneBoy
Admin
Admin
‎2022-10-07 12:07 PM
In response to Kenneth_Greger1
Jump to solution

I assume in the intervening time that we identified this incompatibility and block attempts to upgrade to that version.
Likewise, I assume we are now correctly identifying the OVF file as a Blink image since it clearly includes a JHF.

0 Kudos
Kenneth_Greger1
Contributor
‎2022-10-08 01:22 AM
In response to PhoneBoy
Jump to solution

Thanks - but what I don't understand is why the very same OVF installation (files) is suddenly identified as a Blink installation.

As I have stated, the files are over 1 year old, and we have used them many times to install Gaia Security Gateways.

Is there is a change in CPUSE that now identifies the installed gateway as a Blink installed gateway?

0 Kudos
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2022-10-08 04:16 AM
In response to Kenneth_Greger1
Jump to solution

Understand what your saying given the release dates associated with T55 compared with your image.

T55: "Released on 1 May 2022 and moved to General Availability on 1 June 2022."

Please query it with TAC and if I receive any relevant feedback myself I will share it here for you.

It may simply have been the case that it was easiest to take the broad approach than have a risk of edge cases leaving customers with badly broken gateways but that is only a guess on my part.

CCSM R77/R80/ELITE
PhoneBoy
Admin
Admin
‎2022-10-10 11:15 AM
In response to Kenneth_Greger1
Jump to solution

The OVF hasn't changed, but the Deployment Agent needed to deploy any hotfixes or version upgrades surely has.
I presume it now (correctly) recognizes you've effectively deployed a blink image in OVF form.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events