Table of Contents:

• Introduction
• Installation instructions
• Uninstall instructions
• Related solutions

 

This hotfix is accumulative and contains the previous R77.30 Recommended Hotfixes - for more details, refer to sk106389 - R77.30 Recommended Hotfixes.

Note: This hotfix is fully integrated into Check Point R80.10.

 

Introduction

This article provides a unified hotfix package for the following issues:

• Policy Verification fails to find overlapping rules (sk106854).
• Policy Verification fails with "Diameter rule service's check: Failed to flatten services list" (sk107322).
• Improved security of H.323 protocol inspection (sk107184).
• Memory leak caused by identity sharing when used by Application Control rules (sk106420).

This hotfix package should be installed on all machines in the environment:

• Security Gateway
• Cluster
• VSX
• Security Management Server
• Multi-Domain Security Management Server
• Standalone machine (Gateway + Management)

 

Installation instructions

Important Note: Effective Aug 19, 2015, all hotfix packages have been replaced with updated packages resolving sk107322 - "Policy Verification fails with "Diameter rule service's check: Failed to flatten services list".

• Instructions for Gaia OS using CPUSE (Check Point Update Service Engine)
  
  

  • Online installation

    1. Connect to the Gaia Portal on your Check Point machine and navigate to Upgrades (CPUSE) pane - click on Status and Actions.
    2. Select the hotfix package R77.30 Hotfix for sk106994 (Improved overlapping rules verification and H.323 protocol stability) - click on Install Update button on the toolbar.
    3. Reboot is required.

  • Offline installation

    OS	R77.30
    Gaia - CPUSE

    
    
    1. Download the Gaia CPUSE Offline package from the table above.
    2. Connect to the Gaia Portal on your Check Point machine and navigate to Upgrades (CPUSE) pane (in Gaia R77.20 and above) / to Software Updates pane (in Gaia R77.10 and lower) - click on Status and Actions.
    3. On the toolbar, click on the More button - select Import Package - browse for the CPUSE Offline package (TGZ file) - click on Upload.
    4. Select the hotfix package R77.30 Hotfix for sk106994 (Improved overlapping rules verification and H.323 protocol stability) - click on Install Update button on the toolbar.
    5. Reboot is required.

  Notes:

  • For detailed installation instructions, refer to sk92449: CPUSE - Gaia Software Updates (including Gaia Software Updates Agent) - section "(4) How to work with CPUSE".
  • Make sure to take a snapshot of your Check Point machine before installing this hotfix.
  • Hotfix has to be installed on all Check Point machines running on Gaia OS.
  • In cluster environment, this procedure must be performed on all members of the cluster.
  • In Management HA environment, this procedure must be performed on both Management Servers.

  
  
  
• Instructions for Gaia OS (manual installation in Command Line)
  
  

  Click here to see the available downloads.

  OS	R77.30
  Gaia - CLI

  Procedure:

  1. Download the relevant hotfix package from the table above, transfer the hotfix package to the machine and unpack it:
     [Expert@HostName]# tar -zxvf Check_Point_Hotfix_R77.30_Gaia_sk106994.tgz
  2. Install the hotfix:
     [Expert@HostName]# ./UnixInstallScript
     Note: The script will stop all of Check Point services ('cpstop') - read the output on the screen.
  3. Reboot is required.

  Notes:

  • Make sure to take a snapshot of your Check Point machine before installing this hotfix.
  • Hotfix has to be installed on all Check Point machines running on Gaia OS.
  • In cluster environment, this procedure must be performed on all members of the cluster.
  • In Management HA environment, this procedure must be performed on both Management Servers.

  
  
  
• Instructions for SecurePlatform OS and Linux OS
  
  

  Click here to see the available downloads.

  OS	R77.30
  SecurePlatform and Linux - CLI

  Procedure:

  1. Download the relevant hotfix package from the table above, transfer the hotfix package to the machine and unpack it:
     [Expert@HostName]# tar -zxvf Check_Point_Hotfix_R77.30_Linux_sk106994.tgz
  2. Install the hotfix:
     [Expert@HostName]# ./UnixInstallScript
     Note: The script will stop all of Check Point services ('cpstop') - read the output on the screen.
  3. Reboot is required.

  Notes:

  • Make sure to take a snapshot of your Check Point machine before installing this hotfix (on SecurePlatform OS).
  • Hotfix has to be installed on all Check Point machines running on SecurePlatform OS / Linux OS.
  • In cluster environment, this procedure must be performed on all members of the cluster.
  • In Management HA environment, this procedure must be performed on both Management Servers.

  
  
  
• Instructions for IPSO OS
  
  

  Click here to see the available downloads.

  OS	R77.30
  IPSO

  Procedure:

  1. Download the relevant hotfix package from the table above, transfer the hotfix package to the machine and unpack it:
     [admin]# tar -zxvf Check_Point_Hotfix_R77.30_IPSO_sk106994.tgz
  2. Install the hotfix:
     [admin]# ./UnixInstallScript
     Note: The script will stop all of Check Point services ('cpstop') - read the output on the screen.
  3. Reboot is required.

  Notes:

  • Hotfix has to be installed on all Check Point machines running on IPSO OS.
  • In cluster environment, this procedure must be performed on all members of the cluster.
  • In Management HA environment, this procedure must be performed on both Management Servers.

  
  
  
• Instructions for Windows OS
  
  

  Click here to see the available downloads.

  OS	R77.30
  Windows

  Procedure:

  1. Download the relevant hotfix package from the table above, transfer the hotfix package to the machine and unpack it using an archive program (e.g., WinZIP, WinRAR, 7-zip, etc.).
  2. Install the hotfix: Right-click on the Setup.exe - click on Run as administrator
     Note: The script will stop all of Check Point services ('cpstop') - read the output on the screen.
  3. Reboot is required.

  Notes:

  • Hotfix has to be installed on all Check Point machines running on Windows OS.
  • In cluster environment, this procedure must be performed on all members of the cluster.
  • In Management HA environment, this procedure must be performed on both Management Servers.

 

Uninstall instructions

• On Gaia OS using CPUSE (Check Point Update Service Engine)
  
  

  1. Connect to the Gaia Portal on your Check Point machine and navigate to Upgrades (CPUSE) pane - click on Status and Actions.
  2. Select Installed in the menu near the Help icon.
  3. Select the hotfix package R77.30 Hotfix for sk106994 (Improved overlapping rules verification and H.323 protocol stability) - click on More button on the toolbar - click on Uninstall.
     Example:
     
  4. Reboot is required.

  Notes:

  • For detailed uninstall instructions, refer to sk92449: CPUSE - Gaia Software Updates (including Gaia Software Updates Agent) - section "(4) How to work with CPUSE".
  • In cluster environment, this procedure must be performed on all members of the cluster.
  • In Management HA environment, this procedure must be performed on both Management Servers.

  
  
  
• On Gaia OS, SecurePlatform OS, Linux OS and IPSO OS (manual uninstall in Command Line)
  
  

  1. Download and unpack the hotfix package (refer to the "Installation instructions" (manual installation in Command Line) above).
  2. Run the installation script with "-u" flag:
     # ./UnixInstallScript -u
  3. Reboot is required.

  Notes:

  • In cluster environment, this procedure must be performed on all members of the cluster.
  • In Management HA environment, this procedure must be performed on both Management Servers.

  
  
  
• On Windows OS
  
  

  1. Go to Control Panel:
     
     • On Windows 2000 / 2003 - click on Add/Remove Programs
     • On Windows 2008 / Vista / 7 - click on Programs and Features
  2. Select the hotfix Check Point R77.30 Hotfix R77_30_HF4SW - click on Uninstall button.
     Note: The script will stop all of Check Point services ('cpstop') - read the output on the screen.
  3. Reboot is required.

  Alternatively, run the installation program with '-u' flag:

  1. Open the elevated Command Prompt:
     Start - Programs - Accessories - right-click on 'Command Prompt' icon - select 'Run as administrator'.
  2. Navigate to the folder where you unpacked the hotfix package:
     DISK:\> cd "path_to_unpacked_hotfix_package"
  3. Run the installation program with '-u' flag:
     DISK:\path_to_unpacked_hotfix_package\> Setup.exe -u
  4. Reboot is required.

  Notes:

  • In cluster environment, this procedure must be performed on all members of the cluster.
  • In Management HA environment, this procedure must be performed on both Management Servers.

 

Related solutions

• sk106389 - R77.30 Recommended Hotfixes
• sk107322 - Policy Verification fails with "Diameter rule service's check: Failed to flatten services list"