Support Center > Search Results > SecureKnowledge Details
R77.20 Add-On
Solution

Table of Contents

  • R77.20 Add-On What's New
  • R77.20 Add-On Downloads
  • R77.20 Add-On Installation Instructions
  • R77.20 Add-On Uninstall Instructions

 

Click Here to Show the Entire Article

 

The R77.20 Security Management Server and some Software Blades have new features that require the installation of the Add-on.

 

R77.20 features that require the Add-on

Threat Prevention

  • Import of custom indicators (for example: MD5 and URLs, signatures) to the Threat Prevention policy
  • Anti-Virus and Anti-Bot inspection of links inside emails
  • Full support of Threat Prevention in VSX. Threat Emulation support for VSX: Cloud and Remote
  • Ability to send attack information to the customer's User Center account
  • Ability to not allow Threat Cloud policy override from User Center

Mobile Access Blade

  • Mobile Enterprise enhanced logs for Login and Passcode
  • SSL version configuration for Mobile Access applications (SSLv3, TLSv1)
  • Single Sign On authentication format configuration
  • Push Notification for Secure Container Mail from the First Time Wizard

Compliance Blade

  • User-defined Firewall policy Best Practices
  • Multi-Domain Security Management support for Compliance, shows Compliance across all Domains

Endpoint Security

  • Multiple adaptor support (see new Interface column in Endpoint Firewall Rulebase)

General

  • DHCP stability fixes and easier configuration. Refer to sk104114.
  • User and Device Management Portal connectivity to Security Management Server. Refer to sk101672.

Note: The R77.20 Add-On is not included in the Jumbo HFA and there is no issue for both to be installed on the same machine, as they have no conflict.

 

R77.20 Add-On Downloads

Download the relevant package from the table below.

Use CPUSE in the Gaia Portal to quickly and easily update Check Point products.

Gaia
CPUSE Offline
Gaia
Legacy CLI
SecurePlatform Linux IPSO Windows

 

When to install the Add-On

Check Point recommends that you install the R77.20 Add-on only if you require the feature it enables, or if your Check Point Reseller or Technical Support suggests that you do so.

Note: To use the Add-On, you must install it on all Security Management servers, Multi-Domain Servers, and Log Servers in your environment.
For environments with Endpoint Security it must be installed on all Policy Servers as well.
It is crucial to take a Database Revision Control / backup / snapshot of your Check Point machine before installing this Add-on.

 

Installation Instructions

  • On Gaia OS using CPUSE (Check Point Update Service Engine)

    1. [This Step applies to CPUSE Agent build 974 and lower] Manually restart the CPUSE Agent:

      Note: For details, refer to sk110235 - Check Point processes are down after CPUSE installation of a package that does not require reboot.

      1. Connect to command line on Security Management Server / Multi-Domain Security Management Server.

      2. Log in to Expert mode.

      3. Disable monitoring of the CPUSE Agent daemon by Check Point WatchDog:

        [Expert@HostName]# $DADIR/bin/dastop

      4. Manually stop the CPUSE Agent daemon:

        [Expert@HostName]# DAClient stop

      5. Enable monitoring of the CPUSE Agent daemon by Check Point WatchDog:

        [Expert@HostName]# $DADIR/bin/dastart

      6. Manually start the CPUSE Agent daemon:

        [Expert@HostName]# DAClient start

    2. To install the R77.20 Add-On package, refer to sk92449: Check Point Upgrade Service Engine (CPUSE) - Gaia Deployment Agent - section "(4) How to work with CPUSE".

      Important Note: If you wish to reboot the machine after installation is complete, then it is necessary to wait for at least 10 minutes to make sure that FWM daemon had enough time to perform the relevant updates in the management database. As an indicator, you could monitor the FWM daemon's utilization of CPU (using the top command, or ps auxw | grep -E "PID|fwm" command).

    3. On Multi-Domain Security Management Server - activate the Add-on on each relevant Domain:

      1. Connect with SmartDomain Manager to Multi-Domain Security Management Server.

      2. Go to Version & Blade Updates tab on the Selection Bar.

      3. Right-click on the Domain - select R77.20 Add-on - select Activate Update on this Domain.

    4. Verify that Add-on is explicitly listed as Installed Plug-in:

      1. Connect to command line on Security Management Server / Multi-Domain Security Management Server.

      2. Log in to Expert mode.

      3. Check that the "Installed Plug-ins" line shows the text "Add-on":

        [Expert@HostName:0]# fwm ver
        Installed Plug-ins: R77.20 Add-on


  • On Gaia OS, SecurePlatform, Linux, and IPSO OS (manual installation in Command Line)

    1. Download and transfer the relevant Check Point R77.20 Add-on Package from the above table to the Security Management Server / Multi-Domain Security Management Server.

    2. Connect to command line on Security Management Server / Multi-Domain Security Management Server.

    3. Log in to Expert mode.

    4. Extract the TGZ:

      [Expert@HostName:0]# tar -zxvf Check_Point_R77_20_T<XXX>_Add-On_<OS>.tgz
    5. Stop Check Point services:

      • On Security Management Server:
        [Expert@HostName:0]# cpstop

      • On Multi-Domain Security Management Server:
        [Expert@HostName:0]# mdsstop

    6. Run the installation file:

      [Expert@HostName:0]# ./UnixInstallScript

      Important Note: If you wish to reboot the machine after installation is complete, then it is necessary to wait for at least 10 minutes to make sure that FWM daemon had enough time to perform the relevant updates in the management database. As an indicator, you could monitor the FWM daemon's utilization of CPU (using the top command, or ps auxw | grep -E "PID|fwm" command).

    7. Start Check Point services upon completing the installation:

      • On Security Management Server:
        [Expert@HostName:0]# cpstart

      • On Multi-Domain Security Management Server:
        [Expert@HostName:0]# mdsstart

      No reboot is required.
    8. Verify that Add-on is explicitly listed as Installed Plug-in.
      Check that the "Installed Plug-ins" line shows the text "Add-on":

      [Expert@HostName:0]# fwm ver
      Installed Plug-ins: R77.20 Add-on
    9. On Multi-Domain Security Management Server - activate the Add-on on each relevant Domain:

      1. Connect with SmartDomain Manager to Multi-Domain Security Management Server.

      2. Go to Version & Blade Updates tab on the Selection Bar.

      3. Right-click on the Domain - select R77.20 Add-on - select Activate Update on this Domain.



  • On Windows OS

    1. Download and transfer the relevant Check Point R77.20 Add-on Package from the above table to the Security Management Server.

    2. Extract the TGZ:

      Use an archiving program to open the package (e.g., WinZIP, WinRAR, 7-zip, IZArc, etc.)
    3. Stop Check Point services. Run cpstop command in Windows Command Prompt.

    4. Stop Windows SNMP service per sk61840 - Upgrade of Management Server on Windows OS might fail due to SNMP service.

    5. Run the installation file:

      Right-click on setup.exe - select Run as administrator

      Important Note: If you wish to reboot the machine after installation is complete, then it is necessary to wait for at least 10 minutes to make sure that FWM daemon had enough time to perform the relevant updates in the management database. As an indicator, you could monitor the FWM daemon's utilization of CPU (using Windows Task Manager).

    6. Start Check Point services. Run cpstart command in Windows Command Prompt. No reboot is required.

    7. Verify that Add-on is explicitly listed as Installed Plug-in.
      Check that the "Installed Plug-ins" line shows the text "Add-on":

      C:\> fwm ver
      Installed Plug-ins: R77.20 Add-on
    8. Start Windows SNMP service per sk61840 - Upgrade of Management Server on Windows OS might fail due to SNMP service.

Notes:

  • Make sure to take a Database Revision Control / backup / snapshot of your Check Point machine before installing this Add-on.
  • In Management HA environment, this procedure must be performed on both Management Servers.

 

Uninstall Instructions

  • On Gaia OS using CPUSE (Check Point Update Service Engine)

    Note: For detailed instructions see sk92449: Check Point Upgrade Service Engine (CPUSE) - Gaia Deployment Agent.

    1. On Multi-Domain Security Management Server - deactivate the Add-on on each relevant Domain:

      1. Connect with SmartDomain Manager to Multi-Domain Security Management Server.

      2. Go to Version & Blade Updates tab on the Selection Bar.

      3. Right-click on the Domain - select R77.20 Add-on - select Deactivate Update on this Domain.

    2. Connect to the Gaia Portal on your Check Point machine and navigate to Upgrades (CPUSE) pane - click on Status and Actions.

    3. Select Installed in the menu near the Help icon.

    4. Select the package Check Point R77.20 Add-on - click on More button on the toolbar - click on Uninstall.
      Example:

    5. Connect to command line on Security Management Server / Multi-Domain Security Management Server.

    6. Log in to Expert mode.

    7. Verify that the indicators plugin "PItpi" was uninstalled:

      [Expert@HostName:0]# rpm -qa | grep PItpi

      • If the returned output is empty, then proceed to the next step.

      • If the returned output shows the "PItpi" package, then uninstall it manually:

        [Expert@HostName:0]# /opt/CPPItpi-R77/bin/uacRunner -p PItpi -preuninstall
        [Expert@HostName:0]# rpm -e CPPItpi-R77
    8. Start Check Point services:

      • On Security Management Server:
        [Expert@HostName:0]# cpstart

      • On Multi-Domain Security Management Server:
        [Expert@HostName:0]# mdsstart

      No reboot is required.
    9. Verify that Add-on is not listed as Installed Plug-in.
      Check that the "Installed Plug-ins" line does not show the text "Add-on":

      [Expert@HostName:0]# fwm ver
      Installed Plug-ins:


  • On Gaia OS, SecurePlatform, Linux and IPSO OS (manual uninstall in Command Line)

    • On Security Management Server:

      1. Connect to command line on Security Management Server.

      2. Log in to Expert mode.

      3. Run the uninstall script:

        [Expert@HostName:0]# /opt/CPUninstall/R77.20_Add-ons_Package/UnixUninstallScript
      4. Start Check Point services:

        [Expert@HostName:0]# cpstart
        No reboot is required.
      5. Verify that the indicators plugin "PItpi" was uninstalled:

        [Expert@HostName:0]# rpm -qa | grep PItpi

        • If the returned output is empty, then proceed to the next step.

        • If the returned output shows the "PItpi" package, then uninstall it manually:

          [Expert@HostName:0]# /opt/CPPItpi-R77/bin/uacRunner -p PItpi -preuninstall
          [Expert@HostName:0]# rpm -e CPPItpi-R77
      6. Verify that Add-on is not listed as Installed Plug-in.
        Check that the "Installed Plug-ins" line does not show the text "Add-on":

        [Expert@HostName:0]# fwm ver
        Installed Plug-ins:
    • On Multi-Domain Security Management Server:

      1. Deactivate the Add-on on each relevant Domain:

        1. Connect with SmartDomain Manager to Multi-Domain Security Management Server.

        2. Go to Version & Blade Updates tab on the Selection Bar.

        3. Right-click on the Domain - select R77.20 Add-on - select Deactivate Update on this Domain.

      2. Connect to command line on Multi-Domain Security Management Server.

      3. Log in to Expert mode.

      4. Switch to the context of MDS:

        [Expert@HostName:0]# mdsenv
      5. Run the uninstall script:

        [Expert@HostName:0]# /opt/CPUninstall/R77.20_Add-ons_Package/UnixUninstallScript
      6. Verify that the indicators plugin "PItpi" was uninstalled:

        [Expert@HostName:0]# rpm -qa | grep PItpi

        • If the returned output is empty, then proceed to the next step.

        • If the returned output shows the "PItpi" package, then uninstall it manually:

          [Expert@HostName:0]# /opt/CPPItpi-R77/bin/uacRunner -p PItpi -preuninstall
          [Expert@HostName:0]# rpm -e CPPItpi-R77
      7. Start Check Point services:

        [Expert@HostName:0]# mdsstart
        No reboot is required.
      8. Verify that Add-on is not listed as Installed Plug-in.
        Check that the "Installed Plug-ins" line does not show the text "Add-on":

        [Expert@HostName:0]# fwm ver
        Installed Plug-ins:


  • On Windows OS

    1. Run the following commands in Windows Command Prompt:

      1. Stop Check Point services:

        C:\> cpstop
      2. Run the pre-uninstall validation for the indicators plugin "PItpi":

        C:\> cd /d "%ProgramFiles%\CheckPoint\CPPItpi\R77\bin\"
        C:\...\R77\bin\> uacRunner -p PItpi -preuninstall

        The following should be displayed on the screen:

        Uninstall of plug-in is allowed
        After uninstalling the plug-in, all objects will be removed from the database.
        Execution has finished
    2. Go to Start menu - go to Control Panel.

    3. Go to "Add/Remove Programs" (Windows 2000/2003) / "Programs and Features" (Windows 2008).

    4. Select "Check Point R77.20 Add-on R77.20" - click on "Uninstall" on the toolbar - wait for the uninstall to complete.

    5. Reboot is required.

    6. Verify that Add-on is not listed as Installed Plug-in.
      Check that the "Installed Plug-ins" line does not show the text "Add-on":

      C:\> fwm ver
      Installed Plug-ins:

    Alternative method:

    1. Download and unpack the hotfix package (refer to the "Installation Instructions" above).
    2. Open the elevated Command Prompt:
      Start - Programs - Accessories - right-click on 'Command Prompt' icon - select 'Run as administrator'.
    3. Stop Check Point services. Run cpstop command.
    4. Navigate to the folder where you unpacked the hotfix package:
      DISK:\> cd "path_to_unpacked_hotfix_package"
    5. Run the installation program with '-u' flag:
      DISK:\path_to_unpacked_hotfix_package\> Setup.exe -u
    6. Start Check Point services. Run cpstart command in Windows Command Prompt. No reboot is required.

Notes:

  • Make sure to take a Database Revision Control / backup / snapshot of your Check Point machine before uninstalling this Add-on.
  • In Management HA environment, this procedure must be performed on both Management Servers.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment