Support Center > Search Results > SecureKnowledge Details
Potential Denial of Service (DoS), which might be triggered by a certain traffic condition on Security Gateways when Anti-Virus or Anti-Bot blades are enabled
Symptoms
  • Potential Denial of Service (DoS), which might be triggered by a certain traffic condition on Security Gateways when Threat Prevention blades are enabled (Anti-Bot blade or Anti-Virus blade).

  • Affected versions: R75.40 / R75.40VS / R75.40VS for 61000 / R75.45 / R75.46 / R75.47 / R76 / R76SP / R77 / R77.10.

  • Affected underlying operating systems: Gaia / SecurePlarform / Linux / Windows / IPSO.

Solution

To mitigate this issue, if you are using Check Point IPS, you can update to the latest IPS version.

Non-IPS customers should install the following hotfix on their Security Gateways.

 

Notes:

 

Procedure:

  • Show / Hide instructions - Gaia OS using CPUSE (Check Point Update Service Engine)

    Note: Hotfix has to be installed on Security Gateway / each cluster member.

    We recommend using CPUSE to install this hotfix.

    • In Gaia Portal:

      Important Note for VSX mode: Gaia Portal is not supported on Security Gateway in VSX mode. Users must use the Clish.

      1. Connect to the Gaia Portal on Security Gateway / each cluster member.

      2. Obtain the lock over the configuration database (click on the lock icon at the top - near 'Sign Out').

      3. Navigate to the 'Software Updates' - 'Status and Actions' pane.

      4. Go to the 'Updates' tab to see the published hotfixes available for download.

      5. Select the Check_Point_Hotfix_VERSION_sk100195.tgz package - right-click on it - click on 'Download' (this will download the hotfix to your machine).

      6. Right-click on the Check_Point_Hotfix_VERSION_sk100195.tgz package - click on 'Install' (this will install the hotfix on the machine and display the installation status).

      7. When prompted for reboot (a pop up window appears), confirm to reboot the machine.

      8. After Security Gateway / each cluster member is rebooted, install the policy from SmartDashboard.

        Explanation: After reboot, SmartView Monitor might show the following for Anti-Virus & Anti-Bot blade:

        Error: Update failed. Gateway can not access internet ("http://secureupdates.checkpoint.com/AMW/v<NUMBER>/Version"). Check connectivity and proxy settings.
        Example:


    • In Clish:

      Important Note for VSX mode: Gaia Portal is not supported on Security Gateway in VSX mode. Users must use the Clish.

      1. Connect to command line on Security Gateway / each cluster member (over SSH, or console).

      2. Log in to Clish shell.

      3. See the list of available packages for download:

        HostName> show installer available_packages

      4. Download this hotfix:

        HostName> installer download Check_Point_Hotfix_VERSION_sk100195.tgz

      5. Check the download progress by repeatedly running this command:

        HostName> show installer package_status
        Outputs for example:
        Check_Point_Hotfix_R76_sk100195.tgz - Downloading (2.95 MB/s)   - Progress: 6%
        Check_Point_Hotfix_R76_sk100195.tgz - Available for install
        
      6. See the list of available packages for install:

        HostName> show installer available_local_packages

      7. Install this hotfix:

        HostName> installer install Check_Point_Hotfix_VERSION_sk100195.tgz

      8. Check the installation progress by repeatedly running this command:

        HostName> show installer package_status
        Outputs for example:
        Check_Point_Hotfix_R76_sk100195.tgz - Installing                - Progress: 3%
        Check_Point_Hotfix_R76_sk100195.tgz - installed
        
      9. Machine will be rebooted automatically.

      10. After Security Gateway / each cluster member is rebooted, install the policy from SmartDashboard.

        Explanation: After reboot, SmartView Monitor might show the following for Anti-Virus & Anti-Bot blade:

        Error: Update failed. Gateway can not access internet ("http://secureupdates.checkpoint.com/AMW/v<NUMBER>/Version"). Check connectivity and proxy settings.
        Example:

    Contact Check Point Support for any assistance.



  • Show / Hide instructions - Gaia / SecurePlatform / Linux OS

    Contact Check Point Support for any assistance.

    1. Hotfix has to be installed on Security Gateway / each cluster member.

    2. Download the relevant hotfix package:

      Platform R75.46 R75.47 R76 R77 R77.10 *
      Gaia / SecurePlatform / Linux (TGZ) (TGZ) (TGZ) (TGZ) (TGZ)
      For fixes on top of other affected versions, contact Check Point Support.
      * Note:
      This hotfix package for R77.10 is already integrated in sk100176 (Enhanced prevention and stability for Threat Prevention blades on Gaia R77.10 Security Gateway).

    3. Transfer the hotfix package to the machine (into some directory, e.g., /some_path_to_fix/).

    4. Unpack the hotfix package:

      [Expert@HostName]# cd /some_path_to_fix/
      [Expert@HostName]# tar zxvf Check_Point_Hotfix_VERSION_Linux_sk100195.tgz

    5. Install the hotfix:

      [Expert@HostName]# ./fw1_wrapper_HOTFIX_NAME

      Note: The script will stop all of Check Point services (cpstop) - read the output on the screen.

    6. Reboot the machine.

    7. After Security Gateway / each cluster member is rebooted, install the policy from SmartDashboard.

      Explanation: After reboot, SmartView Monitor might show the following for Anti-Virus & Anti-Bot blade:

      Error: Update failed. Gateway can not access internet ("http://secureupdates.checkpoint.com/AMW/v<NUMBER>/Version"). Check connectivity and proxy settings.
      Example:


  • Show / Hide instructions - 61000 Security System

    To mitigate this threat, the following images were released:

    • New image for R75.40VS for 61000 release
    • New image for R76SP release

    Customers are advised to upgrade to the following images:

    Note: Contact 61000_41000_installation_forum@checkpoint.com to get the relevant image.

    Current software version Upgrade to this version Documentation
    R75.40VS for 61000 R75.40VS for 61000
    take 173
    R75.40VS for 61000
    Administration Guide
    R76SP R76SP
    take 131
    R76SP
    Administration Guide

    In order to apply the fix, refer to:



  • Show / Hide instructions - IPSO OS

    Contact Check Point Support for any assistance.

    1. Hotfix has to be installed on Security Gateway / each cluster member.

    2. Download the relevant hotfix package:

      Platform R75.46 R75.47 R76 R77 R77.10
      IPSO (TGZ) (TGZ) (TGZ) (TGZ) (TGZ)


    3. Transfer the hotfix package to the machine (into some directory, e.g., /some_path_to_fix/).

    4. Unpack the hotfix package:

      [Expert@HostName]# cd /some_path_to_fix/
      [Expert@HostName]# tar zxvf Check_Point_Hotfix_VERSION_IPSO_sk100195.tgz

    5. Install the hotfix:

      [Expert@HostName]# ./fw1_wrapper_HOTFIX_NAME

      Note: The script will stop all of Check Point services (cpstop) - read the output on the screen.

    6. Reboot the machine.

    7. After Security Gateway / each cluster member is rebooted, install the policy from SmartDashboard.

      Explanation: After reboot, SmartView Monitor might show the following for Anti-Virus & Anti-Bot blade:

      Error: Update failed. Gateway can not access internet ("http://secureupdates.checkpoint.com/AMW/v<NUMBER>/Version"). Check connectivity and proxy settings.
      Example:


  • Show / Hide instructions - Windows OS

    Contact Check Point Support for any assistance.

    1. Hotfix has to be installed on Security Gateway / each cluster member.

    2. Download the relevant hotfix package:

      Platform R75.46 R75.47 R76 R77 R77.10
      Windows (TGZ) (TGZ) (TGZ) (TGZ) (TGZ)


    3. Transfer the hotfix package to the machine (into some directory, e.g., C:\some_path_to_fix\).

    4. Install the hotfix:

      1. Use any archive program (WinZIP, WinRAR, 7-Zip, TUGZip, IZArc) to unpack the Check_Point_Hotfix_VERSION_Win_sk100195.tgz file.

      2. Open the Disk_Images folder.

      3. Open the Disk1 folder.

      4. Right-click on the setup.exe file - click on 'Run as administrator'.

        Note: The script will stop all of Check Point services (cpstop) - read the output on the screen.


    5. Reboot the machine.

    6. After Security Gateway / each cluster member is rebooted, install the policy from SmartDashboard.

      Explanation: After reboot, SmartView Monitor might show the following for Anti-Virus & Anti-Bot blade:

      Error: Update failed. Gateway can not access internet ("http://secureupdates.checkpoint.com/AMW/v<NUMBER>/Version"). Check connectivity and proxy settings.
      Example:
Applies To:
  • 01392409 , 01393112 , 01393752 , 01393754 , 01393967 , 01394324 , 01394368 , 01394618 , 01394888 , 01395075 , 01395077 , 01395097 , 01395124 , 01395288 , 01395567 , 01395628 , 01396570 , 01396689 , 01396866 , 01397798 , 01398288 , 01398598 , 01398766 , 01399393 , 01400136 , 01402670 , 01404683 , 01405088

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment