Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Dima_M
Employee
Employee

Updatable SmartConsole Early Availability

Hi all,

We’re excited to announce an Updatable SmartConsole Early Availability for CheckMates members. We encourage you to give it a try and eager to get your feedbacks (you can reply to the post or send me an email), your opinion is very valuable for us!

Notes:

  • Current version is based on Check Point R81 General Availability release, please note that current build number doesn’t isn’t real, but once Updatable SmartConsole will be released, it will reflect an actual build number.
  • Installation requires administrator permissions. Update requires admin permissions only if the installation location requires it  (e.g. C:\Program Files (x86) requires admin permissions, %LocalAppData% does not), Background updates without requiring administrator permission will be introduced soon.
  • Currently the update process does not delete previous versions. This feature will be added soon as well.

Instructions:

  • Download  and Install the latest SmartConsole from sk170116
  • When an update is available, a few minutes after SmartConsole is opened, the following message will appear (If SmartConsole was launched from the installation wizard, this message is skipped).

Dima_M_0-1605810286106.png

 

  • Clicking “Install Now” will be followed after a about a minute by Windows’ message to approve administrator’s permissions for the update process (we are working on a solution to reduce that delay).
  • When the update finishes, another popup will appear:

Dima_M_1-1605810286112.png

  • This will restart SmartConsole into the newly installed version.
  • Uninstalling SmartConsole from the Add/Remove Programs dialog will remove all versions of SmartConsole R81.

 

Looking forward for your feedback!

All the credit goes to: @Omer_Ran   @Raz_Shlomo  @Neta_Sadeh  @Alon_Alapi  

(Edited by PhoneBoy on 21 Feb 2021)

45 Replies
Bob_Zimmerman
Authority
Authority

Old SmartConsole let you launch other applications and would pass your credentials to the new application so you wouldn't have to log in again. Does this do something similar, or do you need to log in to the new version once it launches?

Either way, this is pretty great! Updating SmartConsole has long been a headache in my organization (VDIs which revert to the base image seemingly at random).

Jerry
Mentor
Mentor

unable to download ... I wish I could beta-test that product tonite ... 😞 

 

 

Screenshot 2020-11-19 231357.png

Jerry
0 Kudos
Garrett_DirSec
Advisor

as of today, Dec7 2020, the problem still exists with embedded download link in original post.   @Dima_M @Tomer_Noy 

0 Kudos
Dima_M
Employee
Employee

@Garrett_DirSec Re-uploaded, thanks for heads-up Garrett!

Garrett_DirSec
Advisor

confirmed.   thanks @Dima_M .   downloading now.  thx -GA

0 Kudos
Tomer_Noy
Employee
Employee

Looks like there's a problem with the link.

Easiest way to get it is to open the following in WinSCP:
sftp://q2lOnd:Q8iLiSOw@sftp.checkpoint.com/outgoing/ 

In that folder, you'll find the installer file: SmartConsole_995000008_1.exe

@Dima_M - Please check the link and fix it if needed.

Jerry
Mentor
Mentor

yup, I've figured it out already and SFTP download completed now 🙂 just broken link but if you take it down and sftp manually indeed in a folder U'll find mentioned file.

installing 🙂 

Jerry
Dima_M
Employee
Employee

Link is working now.

0 Kudos
Garrett_DirSec
Advisor

Hello @Tomer_Noy @Dima_M .   no file present in /outgoing as of today, Dec7 2020.   Is the EA over? 

0 Kudos
Dima_M
Employee
Employee

@Garrett_Anderso Re-uploaded, thanks for heads-up Garrett! 

0 Kudos
Scott_Paisley
Advisor

Will it ever be 64 bit?

0 Kudos
HristoGrigorov

For what benefit ? I don't see any practical advantages to have it 64 bit.

Jerry
Mentor
Mentor

completely agree, what's the point of having SC with 64bit? what's the benefit though? any elaboration on that Scott?

ever since SC is 32bit nobody ever complained about it's "compile or build" just because it isn't 64bit so that is really interesting.

would be also great of anyone of you folks (cp-epmployees) have a say here about all this?

Jerry
0 Kudos
Scott_Paisley
Advisor

All of the boxes I run it on are 64bit, and this is about the only 32bit app left. It may not be a problem, although when it hangs it leaves a lot of garbage behind. I was just asking.

0 Kudos
Bob_Zimmerman
Authority
Authority

WoW64 has a performance hit for all syscalls and many API calls. Basically, you have Win32 thunks which translate the calls as needed, then forward them to the real Win64 calls. When using Win64 directly, there's no need to call to the thunks at all, you just make the Win64 calls yourself. This is only something like a quarter of a percent on calls which dip into kernelspace (because the userspace to kernelspace transition is extremely expensive), but higher on purely userspace calls.

Separately, Microsoft also supports Windows on aarch64 and there is a set of translation layers to allow it to run ia32 Win32 software and amd64 Win64 software. Running ia32 Win32 software on aarch64 has more significant performance hits than running amd64 Win64 software on aarch64.

The performance impact is small, but it is there. SmartConsole performance isn't critical to the use of the product, but it's definitely nice to have faster client-side software. Saves time, saves energy, and so on.

Jerry
Mentor
Mentor

hi all

little thing to add if you don't mind

I've used this EA SC for few days now and I'm happy to share my impressions with you all should anyone care and willing to fix/improve/debug:

1. I've had no single chance to "verify policy" on my standalone R81 with success, all the time I run Verify Policy I receive error as following:

 

Screenshot 2020-11-24 081901.png

2. I've started to have much much often following errors when connecting from none "Mgmt" interface (still permitted and always used with no issues) - please don't ask me CCSA questions how I'm connecting to the FWA alright? This error is completely isolated issue and not related to rights, acl's, host-access, gui permit etc.!):

Screenshot 2020-11-24 082215.png

 

Summary: anyone who want's to take a look and work on that I'm 24/7 avail. for you chaps 🙂

 

Jerry

Jerry
Raz_Shlomo
Employee Alumnus
Employee Alumnus

Hi Jerry,

 

I would like to have some log files in order to check it.

  • All SmartConsole*.log files located in your 'app data' -> Check Point/SmartConsole/R81
  • cpm*.elg from your management server. Located under $MDS_FWDIR/log
  • install*.elg

Can you send them to me please?

 

Also, please share date and time with the errors

 

Thanks,

Raz

0 Kudos
Jerry
Mentor
Mentor

hi Raz

I'll be happy to do that for you. Just bear with me and send me an email if you can with sftp access so I can share those files with you. I don't think they're tiny enough to be shared via email or message on that platform, aren't they? Let me check.

 

Jerry

Jerry
0 Kudos
Jerry
Mentor
Mentor

found something in SC logs on SC computer:

 

[12] [24 Nov 2020 09:01:21,059] (ERROR) CP.Infrastructure.DLE.MgmtServerExceptionsHandler - Management server error
System.ServiceModel.Security.SecurityNegotiationException: Could not establish secure channel for SSL/TLS with authority 'cp:19009'. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
at System.Net.HttpWebRequest.GetResponse()
at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
--- End of inner exception stack trace ---

 

*** interesting, seems like network issue rather than console am I right assuming it is the case Raz?

Jerry
0 Kudos
Jerry
Mentor
Mentor

@Raz_Shlomo I think that thanks for your logs enquiry I've managed to find the root causes - my portal pki cert expired this very August, now I've replaced this with current cert and pushed policy.  Let's see if that was the cause. Will keep you posted here 🙂 Cheers!

Jerry
0 Kudos
Raz_Shlomo
Employee Alumnus
Employee Alumnus

@Jerry , sounds correct. Let me know if it was fixed.

Regarding the verification, can you share cpm*.elg and install*.elg from $MDS_FWDIR/log? send them to me privately.

Please mention the time you tried to do the verification.

 

Raz

0 Kudos
Jerry
Mentor
Mentor

Alright. Got Verification failing. Time stamp is 10:20 UK Time. File is stripped from that time frame and flies to you via PM shortly.

Jerry
0 Kudos
Jerry
Mentor
Mentor

hi Raz, once again thanks a bunch for your kindness and support during this challenging times.

As mentioned by email I've managed to sort myself out of trouble by simply doing 2 things:

1. cloned R80.40 based policy to new R81-based policy (on StandAlone R81 Appliance) and named it differently.

2. Installed DB then Policy and got it all successful,

3. Verified new policy and all ended up GREEN (Successful).

4. Re-enabled HitCount in Global Properties

5. Check if hitcounts increases - and they will presumably in 15 mins. ish so looking fwd to it.

 

Seems I've sorted myself really after couple of sk's and your suggestions to review cpm.elg (what I heavily did!).

 

Cheers folks. You all ROCKS!

 

Jerry
Jerry
Mentor
Mentor

another I supposed "bug" from recent R81 SC. all hitcounts hover bubble's on the lefthand side looks as following:

1.png2.png

what you say guys? hope it helps to narrow some creepy little things along the way.

ps. should you need to see it live or get some files from my lab do let me know 🙂

Cheers

Jerry
0 Kudos
Tomer_Noy
Employee
Employee

Hi @Jerry ,

This post should be focused on the new updatable capability of SmartConsole. We'd be glad to hear about your experience with the updatability (was it simple, fast, did it work well?), or with issues that are specific to this package and do not happen with the regular GA SmartConsole.

If you have other feedback on the R81 release itself, whether SmartConsole bugs or other, it would be better to discuss them by a private message or another thread that would be dedicated to that. 

Thanks,
Tomer

0 Kudos
Jerry
Mentor
Mentor

ok. my apologise, yes you're totally right with that. sorry again.

Jerry
0 Kudos
Greg_Harbers
Collaborator

How about a "check for latest version" button. Right now we know there is a new build available because we can see it in secure knowledge and the Mgmt server portal says there is a new build, but unless we want to uninstall the current and re-install the new version, there is no way to pro-actively upgrade smartconsole. Waiting until smartconsole itself figures out there is a new version is a bit hit and miss.

Thanks

Tomer_Noy
Employee
Employee

Great suggestion!
I myself also experienced this and asked the team to develop it 😀

It's in advanced stages of development, will receive some QA in the upcoming version and then we'll back deliver it to R81.10 as well.

Note that the time it takes for SmartConsole to update is a gradual rollout process. As time goes by and we have more confidence, we shorten that period as well.

0 Kudos
Garrett_DirSec
Advisor

Hello @Tomer_Noy .   Does not the new R81.10 SmartConsole simply check for available update at time of startup and some unknown schedule while running? 

my point:  the act of simply restarting the client should have identified the available update.   If secure knowledge SK article and CPUSE referring to new release, maybe the client itself looking to wrong resource (under the covers) -- or someone didn't post new build in right place/format?   

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events