- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hey guys,
Just wondering if this would be something to be concerned about...so, to make a long story short, we upgraded R80.40 cluster last week to jumbo 131 and one of the firewalls went fine, but the other one installed the jumbo and then could not be accessed via VPN at all, so customer had to go on site and make sure firewall was accessible, reboot it ands then it worked. Since then, we see message in the title in web UI and though jumbo shows its installed and clustering is working, I just wanted to confirm its not a cause for concern.
I found below sk:
I also attached the install log about it too. Also, fw fetch local command works fine, so I am pretty sure all is fine, but just wanted to get second opinion : - )
Cheers.
Seems some processes were not running (yet) - so to confirm, i would compare the processes of both nodes to see if same are running on both !
Thanks brother, thats first thing I checked and they match exactly the same!
Hi
After the installation is done, the Deployment Agent (CPUSE) verifies some things and if any test fails it issues the message you describe.
Unless you configured anything special, it verifies that the main processes that were up before the upgrade are up after.
Sometimes it might take too long for a process to start so the mechanism times out.
You do not need to be concerned but please verify on the machine that the processes are not terminated (i.e. T state) using "cpwd_admin list" and that install policy to this machine finishes successfully.
I'm almost sure the reboot recovered a failed process if there was such but just to be on the safe side - please check the above
Boaz
Yes, confirmed with that command and it looks correct.
Also, another weird thing that happened after this was that customer experienced inconsistent results with DUO push notification sent to users defined for radius, sometimes they would get it, sometimes not...personally, I dont believe this jumbo is the cause for it, but its odd that never used to happened before the procedure and reboot. Anyway, we will check more with TAC on that today. I will probably end up running capture on the active fw for port 1812 and see what we get.
Thanks guys!
Anyway Boaz, due to some other issues, customer decided its best we revert to take 120, which we did, so I asked them to test everything to make sure it works as expected. I will see if any other issues, but lets hope not : - )
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY