Table of Contents

• R77.30 Add-On What's New
• R77.30 Add-On Downloads
• R77.30 Add-On Installation Instructions
• R77.30 Add-On Uninstall Instructions
• Revision History

 

 

The R77.30 Security Management Server and some Software Blades have new features that require the installation of the Add-on.

R77.30 Add-On What's New

• New Software Blade: Threat Extraction - is a new Software Blade in the Threat Prevention family that pro-actively cleans potential threats from incoming documents.
  
  
• Application Control Software Blade: Detailed monitoring and enforcement of Modbus traffic.
  
  
• Mobile Access blade and Capsule enhancements: Introducing Session Management tool, SSO improvements, and Capsule Workspace Push Notification management from SmartDashboard (refer to sk104542).
  
  
• Manage 1100 / 1200R / 1400 Appliances running R77.20 (refer to sk105379 and sk111292).
  
  
• Support for Carrier solutions (LTE suite): NAT64, GTP, SCTP, CGNAT and more.
  
  
• Compliance Blade enhancements (refer to sk104541).
  
  
• Configure R77.30 Security Gateway on Gaia OS to send FireWall logs directly to an external Syslog server (refer to sk87560).

 

R77.30 Add-On Downloads

Download the relevant package from the table below.

Use CPUSE in the Gaia Portal to quickly and easily update Check Point products.

Gaia CPUSE Online	Gaia CPUSE Offline	Gaia Legacy CLI	SecurePlatform	Linux	IPSO	Windows
Check_Point_R77_30_T204_Add-on.tgz

Important Note: Effective May 27, 2015, Installation and Upgrade images for Windows OS have been replaced to Take 207 resolving sk106229.

Note: T204 on the package name is refering to the R77.30 GA take, and not to Jumbo hotfix take. There is no conflict between any Jumbo Hotfix Accumulator and the R77.30 Add-On.

 

When to install the Add-On

Check Point recommends that you install the R77.30 Add-on only if you require the feature it enables, or if your Check Point Reseller or Technical Support suggests that you do so.

Note: To use the Add-On, you must install it on all Security Management servers, Multi-Domain Servers, and Log Servers in your environment.
For environments with Endpoint Security it must be installed on all Policy Servers as well.
It is crucial to take a Database Revision Control / backup / snapshot of your Check Point machine before installing this Add-on.

 

Installation Instructions

• On Gaia OS using CPUSE (Check Point Update Service Engine)
  
  

  1. [This Step applies to CPUSE Agent build 974 and lower] Manually restart the CPUSE Agent:

     Note: For details, refer to sk110235 - Check Point processes are down after CPUSE installation of a package that does not require reboot.

     1. Connect to command line on Security Management Server / Multi-Domain Security Management Server.

     2. Log in to Expert mode.

     3. Disable monitoring of the CPUSE Agent daemon by Check Point WatchDog:

        [Expert@HostName]# $DADIR/bin/dastop

     4. Manually stop the CPUSE Agent daemon:

        [Expert@HostName]# DAClient stop

     5. Enable monitoring of the CPUSE Agent daemon by Check Point WatchDog:

        [Expert@HostName]# $DADIR/bin/dastart

     6. Manually start the CPUSE Agent daemon:

        [Expert@HostName]# DAClient start

  2. To install the R77.30 Add-On package, refer to sk92449: Check Point Upgrade Service Engine (CPUSE) - Gaia Deployment Agent - section "(4) How to work with CPUSE".

     Important Note: If you wish to reboot the machine after installation is complete, then it is necessary to wait for at least 10 minutes to make sure that FWM daemon had enough time to perform the relevant updates in the management database. As an indicator, you could monitor the FWM daemon's utilization of CPU (using the top command, or ps auxw | grep -E "PID|fwm" command).

  3. On Multi-Domain Security Management Server - activate the Add-on on each relevant Domain:

     1. Connect with SmartDomain Manager to Multi-Domain Security Management Server.

     2. Go to Version & Blade Updates tab on the Selection Bar.

     3. Right-click on the Domain - select select both R77.20 Add-on and R77.30 Add-on - select Activate Update on this Domain.

  4. Verify that Add-on is explicitly listed as Installed Plug-in:

     1. Connect to command line on Security Management Server / Multi-Domain Security Management Server.

     2. Log in to Expert mode.

     3. Check that the "Installed Plug-ins" line shows the text "Add-on":

        [Expert@HostName:0]# fwm ver
        Installed Plug-ins: R77.20 Add-on, R77.30 Add-on

  
  
  
• On Gaia OS, SecurePlatform, Linux, and IPSO OS (manual installation in Command Line)
  
  

  1. Download and transfer the relevant Check Point R77.30 Add-on Package from the above table to the Security Management Server / Multi-Domain Security Management Server.

  2. Connect to command line on Security Management Server / Multi-Domain Security Management Server.

  3. Log in to Expert mode.

  4. Extract the TGZ:

     [Expert@HostName:0]# tar -zxvf Check_Point_R77_30_T<XXX>_Add-On_<OS>.tgz

  5. Stop Check Point services:

     • On Security Management Server:
       [Expert@HostName:0]# cpstop

     • On Multi-Domain Security Management Server:
       [Expert@HostName:0]# mdsstop

  6. Run the installation file:

     [Expert@HostName:0]# ./UnixInstallScript

  7. Start Check Point services upon completing the installation:

     • On Security Management Server:
       [Expert@HostName:0]# cpstart

     • On Multi-Domain Security Management Server:
       [Expert@HostName:0]# mdsstart

     No reboot is required.

  8. Verify that Add-on is explicitly listed as Installed Plug-in.
     Check that the "Installed Plug-ins" line shows the text "Add-on":

     [Expert@HostName:0]# fwm ver
     Installed Plug-ins: R77.20 Add-on, R77.30 Add-on

  9. On Multi-Domain Security Management Server - activate the Add-on on each relevant Domain:

     1. Connect with SmartDomain Manager to Multi-Domain Security Management Server.

     2. Go to Version & Blade Updates tab on the Selection Bar.

     3. Right-click on the Domain - select both R77.20 Add-on and R77.30 Add-on - select Activate Update on this Domain.

  
  
  
• On Windows OS
  
  

  1. Download and transfer the relevant Check Point R77.30 Add-on Package from the above table to the Security Management Server.

  2. Extract the TGZ:

     Use an archiving program to open the package (e.g., WinZIP, WinRAR, 7-zip, IZArc, etc.)

  3. Stop Check Point services. Run cpstop command in Windows Command Prompt.

  4. Stop Windows SNMP service per sk61840 - Upgrade of Management Server on Windows OS might fail due to SNMP service.

  5. Run the installation file:

     Right-click on setup.exe - select Run as administrator

     Important Note: If you wish to reboot the machine after installation is complete (not mandatory), then it is necessary to wait for at least 10 minutes to make sure that FWM daemon had enough time to perform the relevant updates in the management database. As an indicator, you could monitor the FWM daemon's utilization of CPU (using Windows Task Manager).

  6. Reboot is required.

  7. Verify that Add-on is explicitly listed as Installed Plug-in.
     Check that the "Installed Plug-ins" line shows the text "Add-on":

     C:\> fwm ver
     Installed Plug-ins: R77.20 Add-on, R77.30 Add-on

  8. Start Windows SNMP service per sk61840 - Upgrade of Management Server on Windows OS might fail due to SNMP service.

Notes:

• Make sure to take a Database Revision Control / backup / snapshot of your Check Point machine before installing this Add-on.
• In Management HA environment, this procedure must be performed on both Management Servers.

 

Uninstall Instructions

• On Gaia OS using CPUSE (Check Point Update Service Engine)
  
  

  Note: For detailed instructions see sk92449: Check Point Upgrade Service Engine (CPUSE) - Gaia Deployment Agent.

  1. On Multi-Domain Security Management Server - deactivate the Add-on on each relevant Domain:

     1. Connect with SmartDomain Manager to Multi-Domain Security Management Server.

     2. Go to Version & Blade Updates tab on the Selection Bar.

     3. Right-click on the Domain - select both R77.20 Add-on and R77.30 Add-on - select Deactivate Update on this Domain.

  2. Connect to the Gaia Portal on your Check Point machine and navigate to Upgrades (CPUSE) pane - click on Status and Actions.

  3. Select Installed in the menu near the Help icon.

  4. Select the package Check Point R77.30 Add-on - click on More button on the toolbar - click on Uninstall.
     Example:
     

  5. Connect to command line on Security Management Server / Multi-Domain Security Management Server.

  6. Log in to Expert mode.

  7. Verify that the indicators plugin "PItpi" was uninstalled:

     [Expert@HostName:0]# rpm -qa | grep PItpi

     • If the returned output is empty, then proceed to the next step.

     • If the returned output shows the "PItpi" package, then uninstall it manually:

       [Expert@HostName:0]# /opt/CPPItpi-R77/bin/uacRunner -p PItpi -preuninstall
       [Expert@HostName:0]# rpm -e CPPItpi-R77

  8. Verify that the scrub plugin "PIscrub" was uninstalled:

     [Expert@HostName:0]# rpm -qa | grep PIscrub

     • If the returned output is empty, then proceed to the next step.

     • If the returned output shows the "PIscrub" package, then uninstall it manually:

       [Expert@HostName:0]# /opt/CPPIscrub-R77/bin/uacRunner -p PIscrub -preuninstall
       [Expert@HostName:0]# rpm -e CPPIscrub-R77

  9. Start Check Point services:

     • On Security Management Server:
       [Expert@HostName:0]# cpstart

     • On Multi-Domain Security Management Server:
       [Expert@HostName:0]# mdsstart

     No reboot is required.

  10. Verify that Add-on is not listed as Installed Plug-in.
      Check that the "Installed Plug-ins" line does not show the text "Add-on":

      [Expert@HostName:0]# fwm ver
      Installed Plug-ins:

  
  
  
• On Gaia OS, SecurePlatform, Linux and IPSO OS (manual uninstall in Command Line)
  
  

  • On Security Management Server:

    1. Connect to command line on Security Management Server.

    2. Log in to Expert mode.

    3. Run the uninstall script:

       [Expert@HostName:0]# /opt/CPUninstall/R77.30_Add-ons_Package/UnixUninstallScript

    4. Start Check Point services:

       [Expert@HostName:0]# cpstart
       No reboot is required.

    5. Verify that the indicators plugin "PItpi" was uninstalled:

       [Expert@HostName:0]# rpm -qa | grep PItpi

       • If the returned output is empty, then proceed to the next step.

       • If the returned output shows the "PItpi" package, then uninstall it manually:

         [Expert@HostName:0]# /opt/CPPItpi-R77/bin/uacRunner -p PItpi -preuninstall
         [Expert@HostName:0]# rpm -e CPPItpi-R77

    6. Verify that the scrub plugin "PIscrub" was uninstalled:

       [Expert@HostName:0]# rpm -qa | grep PIscrub

       • If the returned output is empty, then proceed to the next step.

       • If the returned output shows the "PIscrub" package, then uninstall it manually:

         [Expert@HostName:0]# /opt/CPPIscrub-R77/bin/uacRunner -p PIscrub -preuninstall
         [Expert@HostName:0]# rpm -e CPPIscrub-R77

    7. Verify that Add-on is not listed as Installed Plug-in.
       Check that the "Installed Plug-ins" line does not show the text "Add-on":

       [Expert@HostName:0]# fwm ver
       Installed Plug-ins:

  • On Multi-Domain Security Management Server:

    1. Deactivate the Add-on on each relevant Domain:

       1. Connect with SmartDomain Manager to Multi-Domain Security Management Server.

       2. Go to Version & Blade Updates tab on the Selection Bar.

       3. Right-click on the Domain - select both R77.20 Add-on and R77.30 Add-on - select Deactivate Update on this Domain.

    2. Connect to command line on Multi-Domain Security Management Server.

    3. Log in to Expert mode.

    4. Switch to the context of MDS:

       [Expert@HostName:0]# mdsenv

    5. Run the uninstall script:

       [Expert@HostName:0]# /opt/CPUninstall/R77.30_Add-ons_Package/UnixUninstallScript

    6. Verify that the indicators plugin "PItpi" was uninstalled:

       [Expert@HostName:0]# rpm -qa | grep PItpi

       • If the returned output is empty, then proceed to the next step.

       • If the returned output shows the "PItpi" package, then uninstall it manually:

         [Expert@HostName:0]# /opt/CPPItpi-R77/bin/uacRunner -p PItpi -preuninstall
         [Expert@HostName:0]# rpm -e CPPItpi-R77

    7. Verify that the scrub plugin "PIscrub" was uninstalled:

       [Expert@HostName:0]# rpm -qa | grep PIscrub

       • If the returned output is empty, then proceed to the next step.

       • If the returned output shows the "PIscrub" package, then uninstall it manually:

         [Expert@HostName:0]# /opt/CPPIscrub-R77/bin/uacRunner -p PIscrub -preuninstall
         [Expert@HostName:0]# rpm -e CPPIscrub-R77

    8. Start Check Point services:

       [Expert@HostName:0]# mdsstart
       No reboot is required.

    9. Verify that Add-on is not listed as Installed Plug-in.
       Check that the "Installed Plug-ins" line does not show the text "Add-on":

       [Expert@HostName:0]# fwm ver
       Installed Plug-ins:

  
  
  
• On Windows OS
  
  

  1. Run the following commands in Windows Command Prompt:

     1. Stop Check Point services:

        C:\> cpstop

     2. Run the pre-uninstall validation for the scrub plugin "PIscrub":

        C:\> cd /d "%ProgramFiles%\CheckPoint\CPPIscrub\bin\"
        C:\...\bin\> uacRunner -p PIscrub -preuninstall

        The following should be displayed on the screen:

        Uninstall of plug-in is allowed
After uninstalling the plug-in, all objects will be removed from the database.
Execution has finished

     3. Run the pre-uninstall validation for the indicators plugin "PItpi":

        C:\> cd /d "%ProgramFiles%\CheckPoint\CPPItpi\R77\bin\"
        C:\...\R77\bin\> uacRunner -p PItpi -preuninstall

        The following should be displayed on the screen:

        Uninstall of plug-in is allowed
After uninstalling the plug-in, all objects will be removed from the database.
Execution has finished

  2. Go to Start menu - go to Control Panel.

  3. Go to "Add/Remove Programs" (Windows 2000/2003) / "Programs and Features" (Windows 2008).

  4. Select "Check Point R77.30 Add-on R77.30" - click on "Uninstall" on the toolbar - wait for the uninstall to complete.

  5. Select "Check Point R77.20 Add-on R77.20" - click on "Uninstall" on the toolbar - wait for the uninstall to complete.

  6. Reboot is required.

  7. Verify that Add-on is not listed as Installed Plug-in.
     Check that the "Installed Plug-ins" line does not show the text "Add-on":

     C:\> fwm ver
     Installed Plug-ins:

  Alternative method:

  1. Download and unpack the hotfix package (refer to the "Installation Instructions" above).
  2. Open the elevated Command Prompt:
     Start - Programs - Accessories - right-click on 'Command Prompt' icon - select 'Run as administrator'.
  3. Stop Check Point services. Run cpstop command.
  4. Navigate to the folder where you unpacked the hotfix package:
     DISK:\> cd "path_to_unpacked_hotfix_package"
  5. Run the installation program with '-u' flag:
     DISK:\path_to_unpacked_hotfix_package\> Setup.exe -u
  6. Reboot is required.
  7. Verify that Add-on is not listed as Installed Plug-in.
     Check that the "Installed Plug-ins" line does not show the text "Add-on":
     C:\> fwm ver
     Installed Plug-ins:

Notes:

• Make sure to take a Database Revision Control / backup / snapshot of your Check Point machine before uninstalling this Add-on.
• In Management HA environment, this procedure must be performed on both Management Servers.

 

Revision History

This solution is about products that are no longer supported and it will not be updated