- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- Re: VmWare - Blink image - R81.10 - mix-up?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
VmWare - Blink image - R81.10 - mix-up?
Hi
So, we have re-installed a lot of VmWare based clusters to get to R81.10.
Everything has been going very as planned, and we have used the VmWare files (OVF) to do the installations:
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 25.07.2021 15:59 3542973440 Check_Point_R81.10_SG_R81.10-disk1.vmdk
-a---- 25.07.2021 15:59 2441 Check_Point_R81.10_SG_R81.10.cert
-a---- 25.07.2021 15:59 221 Check_Point_R81.10_SG_R81.10.mf
-a---- 25.07.2021 15:59 17327 Check_Point_R81.10_SG_R81.10.ovf
Yesterday we deployed a new firewall, using the very same files as earlier, but this time when we run CPUSE it shows this:
I have never seen this reference to BLINK image before, and certainly not as the only option to patch.
I got the T66 patch from our partner, uploaded it (using Import package) - but the system would not accept it (Check_Point_R81_10_JUMBO_HF_MAIN_Bundle_T66_FULL.tar).
Then we got the ongoing T75 from our vendor (Check_Point_R81_10_JUMBO_HF_MAIN_Bundle_T75_FULL.tar), and that could be imported to the gateway - and apparently we can install it.
The firewall cluster is working today, but I'm a little bit reluctant to apply the patch on a Friday afternoon.
But, can somebody explain what might have happened here?
It seems to me that we have gotten completely different behavior/firewall gateway - using the same set of installation files.
/Kenneth
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The OVF hasn't changed, but the Deployment Agent needed to deploy any hotfixes or version upgrades surely has.
I presume it now (correctly) recognizes you've effectively deployed a blink image in OVF form.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There was an issue identified with upgrades between certain jumbo takes which we subsequently blocked from being performed to prevent damage.
For more information please see sk179799.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I agree that this is very interesting, but as I said the most confusing part is that we have used the very same OVF files to install Gaia Security Gateway R81.10, but now we seem to be running some kind of Blink image on our Vmware Security Gateways.
The OVF files are from 25. July 2021
I'm confused.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Had you deployed JHF 66 on your other installs previously?
In any case, it's possible the OVF we supply includes a JHF in it that has the incompatibilities listed when you apply JHF 66.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
We have deployed Take 66 on 44 clusters in our network - without any problems.
The Take 66 have always been available via CPUSE when we have deployed the R81.10 from the same OVF files.
I think our last successful deployment were 3-4 weeks ago.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I assume in the intervening time that we identified this incompatibility and block attempts to upgrade to that version.
Likewise, I assume we are now correctly identifying the OVF file as a Blink image since it clearly includes a JHF.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks - but what I don't understand is why the very same OVF installation (files) is suddenly identified as a Blink installation.
As I have stated, the files are over 1 year old, and we have used them many times to install Gaia Security Gateways.
Is there is a change in CPUSE that now identifies the installed gateway as a Blink installed gateway?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Understand what your saying given the release dates associated with T55 compared with your image.
T55: "Released on 1 May 2022 and moved to General Availability on 1 June 2022."
Please query it with TAC and if I receive any relevant feedback myself I will share it here for you.
It may simply have been the case that it was easiest to take the broad approach than have a risk of edge cases leaving customers with badly broken gateways but that is only a guess on my part.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The OVF hasn't changed, but the Deployment Agent needed to deploy any hotfixes or version upgrades surely has.
I presume it now (correctly) recognizes you've effectively deployed a blink image in OVF form.
