Gaia, SecurePlatform 2.6, IPSO 6.2, Linux, Windows
Platform / Model
All
Date Created
10-Aug-2015
Last Modified
28-Oct-2018
Symptoms
Unable to upgrade from R77.20 to R77.30 fails with the following messages:
[Expert@HostName]# ./UnixInstallScript
***********************************************************
Welcome to Check Point R77.30 installation
***********************************************************
Verifying installation environment for R77.30...Error!
R77.30 installation was aborted due to:
A fix conflict was detected during pre-install validation.
To prevent system instability, installation will not continue.
Please contact Check Point support with the following information:
HFA Check Point Security Gateway R77 R77_30
Conflict with hotfix R77_20_HF9 - details:
01667373
01695195
A fix conflict was detected during pre-install validation.
To prevent system instability, installation will not continue.
Please contact Check Point support with the following information:
HFA Check Point SecurePlatform R77 R77_30
Conflict with hotfix R77_20_HF9 - details:
01697528
Cause
A Gaia OS / SecurePlatform OS part of the currently installed "Bar Mitzvah" hotfix (sk106478) for R77.20 ("R77_20_HF9") is not integrated into R77.30.
Solution
Important Note: This procedure applies only to (and is only supported for) "Bar Mitzvah" hotfix for R77.20 ("R77_20_HF9") when upgrading to R77.30.
Follow these steps:
Connect to command line on the involved R77.20 machine.
Log in to Expert mode.
Uninstall the "Bar Mitzvah" hotfix:
Important Note: On Gaia OS, the uninstall method must match the installation method:
If the "Bar Mitzvah" hotfix ("R77_20_HF9") was installed via CPUSE, then it must be uninstalled via CPUSE
If the "Bar Mitzvah" hotfix ("R77_20_HF9") was installed via Legacy CLI, then it must be uninstalled via Legacy CLI
Connect to the Gaia Portal on your Check Point machine and navigate to Upgrades (CPUSE) pane - click on Status and Actions.
Select Installed in the menu near the Help icon.
Select the hotfix package R77.20 Hotfix for sk106478 (Check Point Response to CVE-2015-2808 (Bar Mitzvah)) - click on More button on the toolbar - click on Uninstall. Example:
Download the hotfix package from sk106478 - from the section "Disabling RC4-including cipher suites for HTTPS Inspection, Mobile Access Portal, Identity Awareness Portal, ICA Portal, SmartManagement Portal, LDAP".
Unpack the hotfix package into some directory.
Go into that directory (where you just unpacked the hotfix package).
Run the installation script with "-u" flag: # ./UnixInstallScript -u
Reboot is required.
Notes:
In cluster environment, this procedure must be performed on all members of the cluster.
In Management HA environment, this procedure must be performed on both Management Servers.
On Windows 2000 / 2003 - click on Add/Remove Programs
On Windows 2008 / Vista / 7 - click on Programs and Features
Select the hotfix Check Point R77.20 Hotfix R77_20_HF9W - click on Uninstall button. Note: The script will stop all of Check Point services ('cpstop') - read the output on the screen.
Reboot is required.
Alternatively, run the installation program with '-u' flag:
Open the elevated Command Prompt: Start - Programs - Accessories - right-click on 'Command Prompt' icon - select 'Run as administrator'.
Navigate to the folder where you unpacked the hotfix package: DISK:\> cd "path_to_unpacked_hotfix_package"
Run the installation program with '-u' flag: DISK:\path_to_unpacked_hotfix_package\> Setup.exe -u
Reboot is required.
Notes:
In cluster environment, this procedure must be performed on all members of the cluster.
In Management HA environment, this procedure must be performed on both Management Servers.
Only on Gaia OS:
Remove the "Bar Mitzvah" hotfix from Check Point Registry: