The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
60000 / 40000 Appliances - Jumbo Hotfix Accumulator for R76SP.50
Technical Level
Solution ID
sk117633
Technical Level
Product
Quantum Scalable Chassis
Version
R76SP.50 (EOL)
OS
Gaia
Platform / Model
41000, 44000, 61000, 64000
Date Created
27-Aug-2017
Last Modified
10-May-2022
Solution
Table of Contents:
Introduction
Availability
Important Notes
List of resolved issues per Take
Installation instructions
List of replaced files
Troubleshooting instructions
Revision History
Introduction
R76SP.50 Jumbo Hotfix Accumulator is an accumulation of stability and quality fixes resolving multiple issues on 60000 / 40000 products running R76SP.50.
This Incremental Hotfix and this article are periodically updated with new fixes.
The list of resolved issues below describes each resolved issue and provides a Take number, in which the fix was included. A resolved issue is included in the Incremental Hotfix starting from the Take number listed in this table (inclusive). The date on which this take was made available is listed near the Take's number.
This Jumbo Hotfix Accumulator is suitable only for 41000 / 44000 / 61000 / 64000 running:
R76SP.50 OS build 84 clean installation
R76SP.50 OS build 84 with lower (than the latest) Takes of this Jumbo Hotfix Accumulator
To see the OS version you are running, run one of the below commands from CLISH/GCLISH:
show version os build The correct output should be:
OS build 84
asg_version The correct output should be:
blades
======
OS version
----------
-*- 1 blade: 1_02 -*-
OS build 84, OS kernel version 2.6.18-92cpx86_64, OS edition 64-bit
If you are running an earlier R76SP.50 OS build, you should upgrade to OS build 84 before installing this Jumbo Hotfix Accumulator.
If you have previously installed any private hotfixes on top of your current version, contact Check Point Supportbefore applying this Jumbo Hotfix Accumulator to verify that it is compatible with your environment.
Changing between Static NAT port allocation and Dynamic NAT port allocation (refer to sk103656) requires a full system reboot.
CRITICAL: When you upgrade to a newer version of the R76SP.50 Jumbo Hotfix, you must redo the procedure for CPDIAG updates. See sk173969.
Enhancement: Disabled the option to upgrade the SSM firmware during the installation of the Jumbo Hotfix Accumulator.
SPC-2899
General
The output of the 'asg diag' command fails the test "Unconfigured VLANs" (asg_vlan_verifier), although it shows "warning".
SPC-3078
General
Installation of the Jumbo Hotfix Accumulator fails during the "Post install steps" with: "Setting admin state bindings [ FAILED ] Failed to set admin state bindings".
SPC-2983
General
Changed the available options in the installation script "AsgInstallScript" of the Jumbo Hotfix Accumulator (removed the "-b all" option).
SPC-2072
General
MSS clamping configuration is reverted after policy installation.
MSS clamping incorrectly subtracts TCP overhead from the configured MSS value.
SPC-2076
General
When the command 'fw ctl affinity' is executed more than one time, it causes the SGM to fail to come up or other general failures, with one or more of the following error messages:
"Failed to open file /tmp/fwaffinity_cmd_out.tmp: No such file or directory"
"Failed to acquire MQ interfaces"
SPC-3004
Multiple Security Groups
"cmd: is_ssm_mtx_initialized: SSM<ID>: mtx-bucket <N> is NOT initialized" error might appear in the /var/log/messages file when Multiple Security Groups are configured.
SPC-2859, 01786202
Gaia
The RouteD daemon might stop working when BGP is configured.
Take 213 (01 January 2020)
SPC-2922
General
Enhancement: Added the SSM uptime verification to 'asg diag'.
SPC-2940
General
The Geo Policy IPToCountry database fails to update on Security Gateways (sk163672).
SPC-2963
General
Description for the "-l" flag is missing from the 'AsgInstallScript' command.
SPC-2929
Gaia
When a Linux password is changed for a user on an SGM, it is not updated on other SGMs in the Security Group.
SPC-2770
CoreXL
Output of the 'hw_utilization -d' command (the "HW Utilization" test) incorrectly shows "FWK cores:<EMPTY>".
SPC-2907
Identity Awareness
SGMs instability in the following scenario:
Some SGMs in the same Security Group are installed with R76SP.50 only.
Some SGMs in the same Security Group are installed with R76SP.50 and R76SP.50 Jumbo Hotfix Accumulator.
The Identity Awareness Software Blade is enabled on the Security Group.
SPC-2948
VSX
In cases in which Virtual Systems pass large volumes of traffic, SNMP query of OID .1.3.6.1.4.1.2620.1.48.30.90.10 (Throughput per VS per SGM) returns incorrect large values.
Take 208 (03 November 2019)
SPC-2431, SPC-2562, SPC-2713
General
General Stability fixes
SPC-734
General
The Chassis Monitor daemon does not continue monitoring hardware after the PSU fails.
SPC-2010
General
TFTP connections might be dropped with a distribution mode combination of SSM L4 + General.
SPC-2163
General
The 'hw_utilization –d' command misinterprets an unlimited connection limit.
SPC-2245
General
SSM clock settings do not survive a reboot.
SPC-2400
General
Added SSM long uptime verification on 'asg diag'.
SPC-2437
General
Memory leak in CPD daemon might fail a policy push. Refer to sk111880.
SPC-2552
General
Added VSX support for ‘asg_drop_monitor’ command.
SPC-2766
General
Support for Internal CA certificate replacement.
SPC-2805
General
fastaccel connections cause a large number of log messages.
SPC-2831
General
Improved affinity distribution on gexec processes.
SPC-855
VPN
SPI Distribution should be disabled when VPN Sticky SA is enabled.
SPC-2175
VPN
Even though incorrect Matching Criteria were configured, a tunnel is established.
SPC-2750
Gaia OS
Extended character limitation on snapshot names from 15 characters to 256 characters.
SPC-2840
Identity Awareness
When the PDP deletes the 0.0.0.0/0 published network, the result is an endless loop.
SPC-2855
Multiple Security Groups
SGRM server is not responsive after the SGM restarts.
Take 205 (01 September 2019)
SPC-1519
General
General Stability fixes
SPC-2772
General
"asg diag" hardware verification fails when PSUs are not placed in consecutive order (degradation from Take 196).
SPC-2413
General
CPD memory leak due to cpmon threshold.
SPC-2186
General
Added the ability to collect asg_info on SGMs in down state.
SPC-1470
General
The $CPDIR/tmp/ directory is filled with 'file...' files. Refer to sk98567.
SPC-2581
General
The asg_serial_info command returns wrong output - shows "Not in the security group" for SGMs on chassis 1.
SPC-2604
General
Added time estimation when adding/removing bond’s primary slaves with more than 60 VLANs.
SPC-2041
General
Fixed general issues with asg_hw_monitor command.
SPC-1222
General
DC Power consumptions optimization for 41K Chassis.
Security Gateway randomly stops forwarding the IGMP / PIM Sparse Mode multicast traffic. Refer to sk106858.
SPC-2588
RouteD
RouteD daemon might crash when PIM packets are received in an unsupported IP format group. Refer to sk111891.
SPC-2599
RouteD
RouteD daemon might crash on cluster member when PIM Sparse Mode multicast is configured and multicast traffic arrives from peer cluster member. Refer to sk104847.
SPC-2240
RouteD
Previously reachable BGP routes are still advertised to BGP peers on ClusterXL after switch that connects these members goes down.
SPC-2598
FireWall-1
As the result of a large rule base, the string_dictionary_table kernel table on Security Gateway can fill up. Refer to sk66342.
SPC-2585
SGW
Policy installation fails with error "Reason: Load on Module failed - failed to load Security Policy" due to a problem with spii_multi_pset2kbuf_map kernel table. Refer to Scenario 22 in sk33893.
SPC-2567
VSX
VSW does not pull the manually 'set affinity' from the SMO.
SPC-2606
VSX
VSX configuration push led all routes/interface to be deleted from single SGM. Refer to sk160572.
SPC-2238
VSX
"Fetching Security Policy Succeeded fw ctl affinity -l can only run from the context of the VSX (VS0)" warning appears when running the 'fw fetchlocal' command on non-VS0.
SPC-2203
Threat Emulation
The maximal size of extension for file which is uploaded for emulation was increased.
SPC-2405
VoIP
SIP connections may be regularly dropped with "Number of reinvites exceeded the limit" error. New "sip_expire" parameter added to enable users to customize how much time a registration request should take.
Take 198 (03 July 2019)
SPC-2574
General
Software blades cannot be updated due to a certificate validation error. This is a degradation from Take 180.
SPC-2577
VSX
Deleting a VLAN in VSX mode shuts down (admin-state) the Trunk interface on the SSM. This is a degradation from Take 159.
Take 196 (30 June 2019)
SPC-2309, SPC-2277, SPC-2237, SPC-448
General
General stability fixes.
SPC-1639
General
Added support for MAGG with LACP configuration.
SPC-381
General
Added port 28581 to TCP Management forward list.
SPC-2297
General
asg_drop_monitor enhancement. For details, refer to the "Packet Drop Monitoring (asg_drop_monitor)" section in the R76SP.50 Administration Guide.
SPC-2084
General
VSX configuration fails because the SMO fails to tar zip the local.vs file to tgz.
SPC-1990, SPC-1666
General
IPv6 traffic may be dropped when working with a distribution mode combination of SSM L4 + General + IPv6.
SPC-1803
General
The ARP table is cleared after a policy installation.
SPC-1718
General
Working with eth1-Mgmt3 causes incorrect logs on the SSM2's interfaces.
SPC-538
General
asg_hf_installer gets stuck when the user reboots the SGMs.
SPC-749
General
hw_utilization fails to execute.
SPC-2202
General
In rare cases, the SGM goes DOWN afer a policy installation.
SPC-930
General
Changing the SGM's slot-ID when using only one SSM could result in unnecessary reboots.
SPC-728
Gaia OS
The 'show smo log auditlog' command is unavailable.
SPC-727
Gaia OS
When the user presses ENTER, the expert audit log regards it as a repetition of the previous command.
SPC-2506, SPC-2521
FireWall-1
Check Point response to TCP SACK PANIC - Linux Kernel vulnerabilities - CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479 - refer to sk156192.
SPC-2156
FireWall-1
Security Gateway logging issues to the log server when the active_remote_servers parameter value is set to 0.
SPC-2155
FireWall-1
Logs do not arrive at the log server when the active_remote_servers parameter value is set to 0.
SPC-2315
Multiple Security Groups
When the Gateway is in Multiple Security Groups, adding an interface to a bonding group results in an error.
SPC-2130
Multiple Security Groups
When the Gateway is in Multiple Security Groups, interface eth1-09 does not receive traffic on SSM440.
Take 187 (27 May 2019)
SPC-2209
General
Added new SSM440 firmware: 5.5.R5.7.CP.T-ATCA510.
SPC-2207
General
Added new SSM160 firmware: 5.5.R1.6.CP.T-ATCA404.
SPC-2089
General
A disorderly exit (Ctrl + c) from asg alert ("Full Configuration Wizard" section) causes the alert messages to not be sent.
SPC-2068
General
You can now change the severity of asg alert events. Refer to the "Configuring Alerts for SGM and Chassis Events" section in the R76SP.50 Administration Guide.
SPC-1830
General
Running the fw6 tab -t connections -s command in a non-VS0 context generates a fw6 core dump.
SPC-2288
VSX
Reverted 'Policy Based Routing' feature for VSX only.
Take 184 (07 May 2019)
SPC-2192, SPC-2151
General
General stability fixes.
SPC-2138
General
"SSM Management Loss" enhancement. For details, refer to sk145792.
SPC-2150
General
Fix for situations in which the CPD hangs.
SPC-2119
General
The Chassis Monitor daemon brings the CMMs down after a failover without a grace period.
SPC-2088
General
Post installation succeeds, but the admin state script fails.
SPC-2173
General
Mail alerts are sent with VS0 statistics only, instead of with statistics for the entire SGM.
SPC-2153
General
asg_perf_hogs does not properly alert the user of ARP table overflow.
SPC-2083
VSX
For VSLS only: VSs are not on the primary chassis due to a failure to load the chassis kernel parameters.
config_verify -v command fails on te_attributes.conf.
SPC-1300
General
Routes get stuck in the OSPF database.
SPC-883
General
Added support for excluding specific IP addresses from acceleration.
SPC-1297
VSX
Added support for PBR in VSX (Policy Based Routing). For details, refer to sk137232.
SPC-1392
LTE
TEID log field is not shown in GTPv2 drop log when TEID exceeds 0x7FFFFFFF
Take 84 (28 August 2018)
SPC-1319
General
asg alert configuration is reset after installation of JHF Take_72 and above.
SPC-2038
General
The $FWDIR/conf/alert.conf file on SGMs is overwritten when the user upgrades from Takes 72 - 83 to a higher Take of the R76SP.50 Jumbo Hotfix Accumulator. To upgrade from Takes 72 - 83 to Take 84 (or higher) of the R76SP.50 Jumbo Hotfix Accumulator:
Back up the current $FWDIR/conf/alert.conf file on all SGMs.
Upgrade to Take 84 (or higher) of the R76SP.50 Jumbo Hotfix Accumulator.
Restore the $FWDIR/conf/alert.conf file you backed up on all SGMs.
Take 83 (21 August 2018)
SPC-1293
Security Gateway
Check Point response to SegmentSmack (CVE-2018-5390) & FragmentSmack (CVE-2018-5391). Refer to sk134253.
SPC-1192
General
Added support for:
10G SFP transceiver for SSM440 (BTI10GSRSFPP)
40G QSFP transceiver for SSM440 (BTI40GSRDDQSFP)
100G QSFP transceiver for SSM440 (100GLR4LCW2SMLC)
100G QSFP transceiver for SSM440 (100GLR4LN10SMLC)
Take 82 (15 August 2018)
SPC-1029, SPC-1009, SPC-1077, SPC-1041
General
General stability fixes.
SPC-747
General
The asg stat -v command displays '0' PSUs and fans if only PSUs 5 and 6 are used (applies only to 64K).
SPC-1084
General
Added new SSD firmware (SCV10142).
SPC-1122
General
Improved failure detection response. Refer to sk132934.
SPC-1120
General
In some cases, syslog is sent only by the SMO.
SPC-276
General
Added support for L4 and General Distribution mode combination.
SPC-831
General
CIN traffic between the SGM and the SSM is dropped by Security Gateway. Refer to sk133376.
SPC-1214
SNMP
snmpv3_dbget_conf_engineBoots errors are printed in the log for each event.
SPC-1220
LTE
Valid GTPv1 echo messages are logged as expired with no response (GTP Code:310).
SPC-1228
LTE
SNMP GTP counters for active bearers are not decremented.
SPC-1229
LTE
Incorrect lookup in gtpv2_ignore_elements table cause GTPv2 IEs failure to be ignored.
SPC-1028
LTE
Added parsing for GTPv2 EUTRAN-NB-IoT Radio access type.
When trying to access a website with URL in upper case (including WWW), the RAD normalization is done wrong and 'www.' is not removed.
SPC-136
General
In a rare scenarios, traffic is dropped with "dropped by fwkdrv_enqueue_packet_user_ex Reason: VS or Instance Down (vsid <number>);" message. Refer to sk120984.
SPC-1071, 01687181
HTTPS Inspection
HTTPS Categorization with Hold configuration sometimes drops big URLs.
Added support for transceiver per SSM440 (SJ8512-X5ATOS)
SPC-520
General
LACP Bond slave is down after reboot under some conditions.
SPC-879, SPC-549
General
Failing ICMPv6 traffic does not display error message. Refer to sk129732.
SPC-853
General
After performing chassis failover while generating user logs, PDP constantly disappearing from the "pep sh pdp all" list after reaching approx 13-14k users.
SPC-906
SNMP
Added support for SHA1/AES for SNMP USM users.
SPC-825
SNMP
SNMP trap is not sent upon interface Up/Down event.
SPC-586, 01204836
SNMP
The snmpwalk command fails with "Timeout: No Response from" message when runnig OID 1.3.6.1.4.1.2620.1.16 on VSX machine with large number of Virtual Systems. Refer to sk97947.
SPC-927, SPC-922
SNMP
snmpwalk for asgIF table (1.3.6.1.4.1.2620.1.48.26) fails after upgrade to R76SP.50 Jumbo Hotfix Take_40. Refer to sk123355.
SPC-651, 02525379
VPN
VPN packets are dropped when VPN Sticky SA is enabled. Refer to sk118084.
SPC-667, 02721008
Logging
Logs with Track "None" in rule base are being logged to SmartLog, although logging is disabled.
SPC-886
VSX
In some scenarios, IPv6 Scopelocal routes are missing after adding new VLAN in VSX.
SPC-579, 01178961
VoIP
"sip reason: Too many streams in SDP" drop log in SmartView Tracker. Refer to sk93752.
SPC-857, 02356285
VoIP
H.323 VoIP Keep Alive "ACK" packets are not forwarded to the client. Refer to sk113749.
SPC-939, 02729238
SSL Inspection
Rule mismatch on SSL inspection rulebase if partial match higher than full match. Refer to sk123718.
SPC-699, 01427150
DLP
Enabling DLP and TE software blades cause the DLPU process to stop working producing core dump after policy installation.
SPC-18
LTE
Carrier Security (LTE) stability fixes. Refer to sk130212.
Take 62 (26 Apr 2018)
SPC-571, SPC-662
Gaia OS
The distutil verify command fails in specific scenarios. Refer to sk123777.
SPC-537, 02620877
Gaia OS
When monitored by CPWD, FWD process stops working in specific scenarios.
Added the transceiver 1G Source Photonics SP-GB-TX-CNFC to "asg diag verify" certified list.
Added the transceiver 10G Source Photonics SPP-10E-LR-CDFF to "asg diag verify" certified list.
Added the transceiver 40G Source Photonics SPQ-10E-LR-CDFB to "asg diag verify" certified list.
Added the transceiver 100G Innolight TR-FC13T-N00 to "asg diag verify" certified list.
Added the transceiver 40G Source Photonics SPQ-10E-SR-CDFG to "asg diag verify" certified list.
Added the transceiver 40G Finisar FTL410QE2C to "asg diag verify" certified list.
02527710
General
Check Point response to CVE-2016-2183 (Sweet32). It is now possible to control the use of 3DES in HTTPS Inspection, Mobile Access Portal, Identity Awareness Portal, Mobile Access curl (fix for SSL connections from a client to Mobile Access Gateway). Refer to sk113114.
At the end of the installation of this Take 16 (and above), if CPdiag RPM package was not installed before, the following message is shown to the user: Help us to enhance product usability and services by automatically sending daily diagnostic and usage data to the secure Check Point Cloud. For more information, see sk111080
This support for Check Point PRO Report only adds the ability for 60000 / 40000 appliance to send the relevant monitoring information to Check Point. A quote needs to be generated to benefit from Check Point PRO reports.
02560029; 02530894
General
"asg_serial_info" is now the unified tool for showing serial information for all hardware components.
02531922
General
Number of queries per connection from RAD daemon to Check Point cloud can be configured in Check Point Registry. On 40000 / 60000 appliances the default is 50 queries per connection. Refer to sk103422.
02504948
General
The "asg diag" test for parity errors fails when parity counter's value is greater than zero, even when it does not increase over time.
02558360
General
routed and syslogd daemons consume CPU at high level. Refer to sk119138.
02556886
General
Improved stability of routed daemon in BGP (when "aspath"/"community" are used).
02527652
General
The "asg_parity_verify" output shows inaccurate values in the SSM Parity Counters (cosmetic issue).
Example scenario:
There were 10 SSM parity errors on Chassis1
There were 0 SSM parity errors on Chassis2
When running the "asg_parity_verify" command from Chassis1, the output will show the expected values in the SSM1 / SSM2 Parity Counters for both chassis:
When running the "asg_parity_verify" command from Chassis2 (on which there are no SSM parity errors), the output will incorrectly show the values in the SSM1 / SSM2 Parity Counters from Chassis1:
Added the ability to disable/enable SSM alerts: run the "asg alert" command - select "Edit Configuration" - select "All" - select "Configure Excluded Modules"
02527688
General
Improved the "asg_process_verifier -a" to kill all zombies and their parents. Refer to sk116721.
02527711
General
Despite RC4 being disabled on the web server, and applying the steps from sk93395, security reports show that the web server is still allowing RC4 ciphers. Refer to sk104095.
02527683
General
After reverting a snapshot, RMAed/new SGM restarts with wrong "SGM_ID". Refer to sk115962.
02527699
General
"Status: Table entries in fdb_shadow table is different between SGMs" failure for the Bridge test when running "asg diag verify".
02529655
General
"asg_cp2blades" command does not preserve file permissions on the copied files. Instead, it sets the permissions to "644". Refer to sk117735.
02567502
General
Spelling corrections in the "asg vsx_verify" utility.
02565236
General
MGCP traffic is NATed to port range of 10000. Refer to sk101587.
02591245
General
After SGM reboot, it is stuck in endless reboot loop. Refer to sk119836.
02565249
General
Traffic is being dropped as "Non Compliant HTTP". Refer to sk119192.
02565246
General
Traffic from ClusterXL to third party devices is dropped. Refer to sk116975.
02549763
General
Improved stability when processing NAT connections.
02525474
Security Gateway
Security Gateway crashes during policy installation in rare scenarios. Refer to sk102787.
02527693
Security Gateway, VSX
Added ability to prevent chassis state flapping during policy installation. Refer to sk116414.
02527662
VSX
Multiple 'gzip' processes in zombie state on VSX Gateway after VSX configuration push.
Example excerpt from the 'ps' command output:
UID PID PPID C STIME TTY STAT TIME CMD
admin 352 15270 0 Mar12 ? Z 0:00 [gzip] <defunct>
02520864
VSX
When running 64-bit VSX system, changing distribution on VS0 does not change the distribution on other Virtual Systems.
02527668
VSX
The "asg diag" fails due to wrong port count in VSLS mode.
02506815
VSX
Memory leak detection tool (sk35496) now works in VSX mode as well.
02529849
VSX
"vsx stat -n" command fails occasionally with "fwctl_setget_conns_number failed on VS <ID>" error.
02565250
VSX
Virtual memory is used at 100% in VSX mode. Refer to sk119613.
02527691
SecureXL
Security Gateway with enabled SecureXL and IPSec VPN blade crashes when traffic passes over VPN tunnel. Refer to sk107912.
02527659
SecureXL
SGM crashes during policy installation if SecureXL Drop Templates are enabled. Refer to sk117112.
02527660
SecureXL
Kernel memory leak during policy installation.
02529650
Gaia OS
"/home/<UserName>/.ssh" is a symbolic link to the "/home/admin/.ssh". Refer to sk117738.
02527707
Gaia OS
Following cluster failover, RouteD daemon sends OSPF "Hello" packets with no DR/BDR. Refer to sk105169.
02527676
Gaia OS
The "show configuration router-id" command shows Router ID as being configured, but configuration is not in the Gaia OS Database.
"NMSUSR0056 Cannot add homedir for user USERNAME, homedir already in use" error in Gaia Clish when adding a new user. Refer to sk118082.
02584673
Threat Emulation
Improved stability of Threat Emulation online updates.
02565255
Threat Emulation
On VSX systems, Threat Emulation related links are not created properly during creation of a Virtual System. The ted process does not run on the Virtual System after enabling Threat Emulation.
02565253
Threat Emulation
Files are not sent for emulation to Check Point Cloud.
02539513
URL Filtering
URL Filtering blocks access to sites that do not contain the dot character ('.') in URL. Refer to sk64162.
02538345
URL Filtering
URL Filtering log "Internal System Error occurred, allowing / blocking request (as configured in engine settings)" due to empty CN field in HTTPS site's certificate. Refer to sk64162.
02527692
Identity Awareness
Identity Awareness stops working, users are not identified and Access Roles are not enforced. Refer to sk114575.
02532578
Identity Awareness
Policy installation on Identity Awareness Gateway fails randomly. Refer to sk108290.
02532702
Identity Awareness
PDP daemon does not show user identities despite getting the correct information from the Domain Controllers. Refer to sk101288.
02533450
Identity Awareness
If Identity Awareness fails to insert an entry into a relevant kernel table because that table's limit was reached, then the relevant log will be generated (to be viewed in SmartView Tracker, SmartLog).
02522133
Identity Awareness
"Login failed. If the problem persists please contact your administrator." error during login in Captive Portal using RADIUS on 60000 / 40000 appliance. Refer to sk116612.
02539610
UserCheck
Improved stability and memory consumption in UserCheck.
02522150
UserCheck
Web sites are blocked as expected by 60000 / 40000 appliance running R76SP.30 / R76SP.40 / R76SP.50, but UserCheck page is not displayed. Refer to sk114627.
02527702
SNMP
SNMP Request for OID "asgNetIfTable" (1.3.6.1.4.1.2620.1.48.26) returns 0 for TX and RX values. Refer to sk117280.
Jumbo Hotfix Accumulator was not installed on some SGMs,but the Check Point Registry was pulled from the SMO, on which the Jumbo Hotfix Accumulator was already installed. Issue is most likely to occur when adding freshly installed SGM to Security Group.
Solution:
Run the following command on the problematic SGMs:
# ./AsgInstallScript -FORCED
Optional syntax:
# ./AsgInstallScript -b <chassis_ID | specific blade> force
Upgrade of SSM during Jumbo Hotfix Accumulator installation might fail with "Mismatch md5sum ... Retry again or fix manually" error.
Example:
Upgrading SSM1 on Chassis2 ========================== Copying new firmware 2.4.C20.1 to SSM1 [ OK ] Checking md5sum of new firmware file [ FAILED ] Mismatch md5sum between GW and SSM1. Retry again or fix manually