R77.30 - Improved overlapping rules verification and H.323 protocol stability (Hotfix # 4)
Table of Contents:
Click Here to Show Entire Article
This hotfix is accumulative and contains the previous R77.30 Recommended Hotfixes - for more details, refer to sk106389 - R77.30 Recommended Hotfixes.
Note: This hotfix is fully integrated into Check Point R80.10.
Introduction
This article provides a unified hotfix package for the following issues:
- Policy Verification fails to find overlapping rules (sk106854).
- Policy Verification fails with "
Diameter rule service's check: Failed to flatten services list" (sk107322).
- Improved security of H.323 protocol inspection (sk107184).
- Memory leak caused by identity sharing when used by Application Control rules (sk106420).
This hotfix package should be installed on all machines in the environment:
- Security Gateway
- Cluster
- VSX
- Security Management Server
- Multi-Domain Security Management Server
- Standalone machine (Gateway + Management)
Installation instructions
Important Note: Effective Aug 19, 2015, all hotfix packages have been replaced with updated packages resolving sk107322 - "Policy Verification fails with "Diameter rule service's check: Failed to flatten services list".
-
Instructions for Gaia OS using CPUSE (Check Point Update Service Engine)
-
Online installation
- Connect to the Gaia Portal on your Check Point machine and navigate to Upgrades (CPUSE) pane - click on Status and Actions.
- Select the hotfix package R77.30 Hotfix for sk106994 (Improved overlapping rules verification and H.323 protocol stability) - click on Install Update button on the toolbar.
- Reboot is required.
-
Offline installation
- Download the Gaia CPUSE Offline package from the table above.
- Connect to the Gaia Portal on your Check Point machine and navigate to Upgrades (CPUSE) pane (in Gaia R77.20 and above) / to Software Updates pane (in Gaia R77.10 and lower) - click on Status and Actions.
- On the toolbar, click on the More button - select Import Package - browse for the CPUSE Offline package (TGZ file) - click on Upload.
- Select the hotfix package R77.30 Hotfix for sk106994 (Improved overlapping rules verification and H.323 protocol stability) - click on Install Update button on the toolbar.
- Reboot is required.
Notes:
- For detailed installation instructions, refer to sk92449: CPUSE - Gaia Software Updates (including Gaia Software Updates Agent) - section "(4) How to work with CPUSE".
- Make sure to take a snapshot of your Check Point machine before installing this hotfix.
- Hotfix has to be installed on all Check Point machines running on Gaia OS.
- In cluster environment, this procedure must be performed on all members of the cluster.
- In Management HA environment, this procedure must be performed on both Management Servers.
-
Instructions for Gaia OS (manual installation in Command Line)
Procedure:
- Download the relevant hotfix package from the table above, transfer the hotfix package to the machine and unpack it:
[Expert@HostName]# tar -zxvf Check_Point_Hotfix_R77.30_Gaia_sk106994.tgz
- Install the hotfix:
[Expert@HostName]# ./UnixInstallScript
Note: The script will stop all of Check Point services ('cpstop') - read the output on the screen.
- Reboot is required.
Notes:
- Make sure to take a snapshot of your Check Point machine before installing this hotfix.
- Hotfix has to be installed on all Check Point machines running on Gaia OS.
- In cluster environment, this procedure must be performed on all members of the cluster.
- In Management HA environment, this procedure must be performed on both Management Servers.
-
-
Instructions for IPSO OS
Procedure:
- Download the relevant hotfix package from the table above, transfer the hotfix package to the machine and unpack it:
[admin]# tar -zxvf Check_Point_Hotfix_R77.30_IPSO_sk106994.tgz
- Install the hotfix:
[admin]# ./UnixInstallScript
Note: The script will stop all of Check Point services ('cpstop') - read the output on the screen.
- Reboot is required.
Notes:
- Hotfix has to be installed on all Check Point machines running on IPSO OS.
- In cluster environment, this procedure must be performed on all members of the cluster.
- In Management HA environment, this procedure must be performed on both Management Servers.
-
Instructions for Windows OS
Procedure:
- Download the relevant hotfix package from the table above, transfer the hotfix package to the machine and unpack it using an archive program (e.g., WinZIP, WinRAR, 7-zip, etc.).
- Install the hotfix: Right-click on the Setup.exe - click on Run as administrator
Note: The script will stop all of Check Point services ('cpstop') - read the output on the screen.
- Reboot is required.
Notes:
- Hotfix has to be installed on all Check Point machines running on Windows OS.
- In cluster environment, this procedure must be performed on all members of the cluster.
- In Management HA environment, this procedure must be performed on both Management Servers.
Uninstall instructions
-
On Gaia OS using CPUSE (Check Point Update Service Engine)
- Connect to the Gaia Portal on your Check Point machine and navigate to Upgrades (CPUSE) pane - click on Status and Actions.
- Select Installed in the menu near the Help icon.
- Select the hotfix package R77.30 Hotfix for sk106994 (Improved overlapping rules verification and H.323 protocol stability) - click on More button on the toolbar - click on Uninstall.
Example:
- Reboot is required.
Notes:
-
On Gaia OS, SecurePlatform OS, Linux OS and IPSO OS (manual uninstall in Command Line)
- Download and unpack the hotfix package (refer to the "Installation instructions" (manual installation in Command Line) above).
- Run the installation script with "-u" flag:
# ./UnixInstallScript -u
- Reboot is required.
Notes:
- In cluster environment, this procedure must be performed on all members of the cluster.
- In Management HA environment, this procedure must be performed on both Management Servers.
-
On Windows OS
- Go to Control Panel:
- On Windows 2000 / 2003 - click on Add/Remove Programs
- On Windows 2008 / Vista / 7 - click on Programs and Features
- Select the hotfix Check Point R77.30 Hotfix R77_30_HF4SW - click on Uninstall button.
Note: The script will stop all of Check Point services ('cpstop') - read the output on the screen.
- Reboot is required.
Alternatively, run the installation program with '-u' flag:
- Open the elevated Command Prompt:
Start - Programs - Accessories - right-click on 'Command Prompt' icon - select 'Run as administrator'.
- Navigate to the folder where you unpacked the hotfix package:
DISK:\> cd "path_to_unpacked_hotfix_package"
- Run the installation program with '-u' flag:
DISK:\path_to_unpacked_hotfix_package\> Setup.exe -u
- Reboot is required.
Notes:
- In cluster environment, this procedure must be performed on all members of the cluster.
- In Management HA environment, this procedure must be performed on both Management Servers.
