That is very true, Timothy ! Here, i would just stay with the Dashboard instead of using several CPUSE WebGUIs 😎:

But this manual process will download the Jumbo on every GW - if you have many GWs, you can use sk111158: Central Deployment Tool (CDT)

Notice that you can upload packages to a package repository placed on the management machine.

Then the package will be distributed to the GWs from the management repository instead of download it for each GW separately:

Yes, that is true, we have a selectable package location source - i can then do Action > Install HF using the Jumbo from SMS !

I see this now.... I've never used the central deployment from the Smart Update console so assumed when I had the right version of R80 or 81 then that was it!..... hadn't done my research!

It seems you can only get the JHF's from Checkpoint download centre via this method so the machine has to have Internet access. Unfortunately this particular install is air-gapped and can't reach the Internet. 

Ah! Thank you.

Wow. I've seen people put hardware information in hostnames, but that's a whole other level. This box is in a lab, surely?

Of course 😎

Ah I was wondering if the SmartUpdate upgrading capability was even still supported any more, thanks for the clarification.

Maybe the original name of "SmartUpdate" is little bit confusing now. It WAS used in the past for updates, but nowadays mostly as licensing tool, so maybe correct name should be "SmartLicense". Not sure if this should be considered in the future, as starting from R81 there shouldnt be use case for SmartUpdate...

Ultimately, the goal is to completely deprecate SmartUpdate.
Right now, the only reasons to still use SmartUpdate in R8x are specific to licensing in specific scenarios per sk149872:

• Open Server activation (not entirely sure this is required)
• License manual updates for totally offline domains (activation, renewal, relicense…)
• Central licensing for Dynamic gateway IPs (if the gateway doesn't have a built-in license)

The packages never show up in our Domains/CMA's.   I have uploaded the packages in the global domain and the pushed this out to our 5 MDS servers with 60+domains.  When I open the SmartConsole for the domain level, the packages are empty.  If you try and upload via local it gives an error stating this must be done via the global repository.   For me this has become a useless tool in R81.10.   Also the command line version of CDT has had a 50% failure rate.  I even upgraded to 9.5 and i can run a generate and no candidates will show up.  Yes the mdsenv is correct and the model is on the hardware list.  I can open a browser to the GW and do it manually fine via CPUSE.   I am a little frustrated because as soon as we upgraded the MDS servers to R81.10 all it broke CDT. 

Hi Michael, 

i think we can investigate the issues in your environment and solve it so you can use both CDT and Central Deployment from Smart Console. 

can you please collect the following logs and send me via email?

1. collect CDT logs for the generate execution with the empty candidates list.
2. run collect_logs.bash on your MDS machine to collect Central Deployment from Smart Console logs. 

send the collected logs to mahmods@checkpoint.com

i will investigate it and update you ASAP.

Thanks. 

Hi @M_Ruszkowski , 

Kind reminder.

still waiting for you response. 

Thanks. 

I have opened a case with our Diamond Support Engineer.   

I was mainly posting this in Checkmates to see if anyone else had the same issue.   

CheckPoint has replicated the issue in the their lab.  It appears to be a sync issue with regarding MDS servers in an HA environment.   The packages are not replicated to the other MDS servers.   So at this time we are waiting for R&D to resolve the issue.    

So how in the world does something like CDT GUI not get tested with multiple MDS servers?  Check Point has to assume that the majority of their customers have more than one MDS server.  Especially the larger customers that manage 100's of firewalls where we need something like CDT to help with faster upgrades and patch deployments.