Support Center > Search Results > SecureKnowledge Details
How to keep your Security Gateways up to date Technical Level

This article presents the available tools to help you with the task of installing a new hotfix or upgrading to a new version.
Starting from R80.40 (Security Management), we recommend using our centralized deployment tools. With these tools, you can keep your Security Gateways up to date while using CP best practices and reducing the significant amount of the required manual effort. 

Central Deployment from SmartConsole - Recommended

Starting from R80.40, Central Deployment allows you to perform a batch deployment of Jumbo Hotfix Accumulators and Hotfixes from SmartConsole.

  • You can select up to 30 Security Gateways and ClusterXL Cluster Members.
  • You can deploy a package to 10 targets at the same time.
  • Works for both online and offline situation (starting R81 Security Management)
    • For online packages – you can configure each Security Gateway to download the relevant package during the installation process.

For instructions, see the Quantum Security Management Administration Guide.


Show / Hide this Section

Check Point Update Service Engine (CPUSE), also known as Gaia Software Updates [Agent], is an advanced and intuitive mechanism for software deployment on the Gaia OS. CPUSE supports deployments of Hotfixes (HFs), Hotfix Accumulators (HFAs), and Major Versions.

Use CPUSE to install a CPUSE package on a:

  • Security Gateway
  • Security Management Server
  • Multi-Domain Security Management Server
  • Cluster - Install on all members of the cluster. In a Management HA environment, install on all Management Servers.

Make sure you have the latest build of the CPUSE Agent.

Refer to sk92449: CPUSE - Gaia Software Updates (including Gaia Software Updates Agent):

  • Sections "(4-A-c)" and "(4-A-d)" - refer to import instructions for Offline procedures
  • Section "(4-B-a)" - refer to installation instructions for Hotfixes

On Security Gateway or Cluster, you may need to reboot after you install the Hotfix.

Central Deployment Tool (CDT)

Show / Hide this Section

Central Deployment Tool (CDT) is a utility that runs on Security Management Servers and Multi-Domain Security Management Servers running Gaia OS. This utility lets you manage a deployment of software packages from your Management Server to the multiple managed Security Gateways and Cluster Members at the same time:

Use the Central Deployment Tool on the Management Server to deploy packages to the managed Security Gateways and clusters.

Refer to the "Workflow for installing a Hotfix on a Security Gateway or Cluster" section in sk111158 - Central Deployment Tool (CDT).

Installing Hotfixes on Scalable Platforms (Maestro and Chassis)

Show / Hide this Section

See the Quantum Maestro Administration Guide for your version > Chapter "Installing and Uninstalling a Hotfix".

See the Quantum Scalable Chassis Administration Guide for your version (or Quantum Scalable Chassis Installation and Upgrade Guide) > Chapter "Installing and Uninstalling a Hotfix on SGMs".

Installing Hotfixes on R77.30 and lower versions

Show / Hide this Section

Using Legacy CLI

You must be connected over a console, or using a LOM card. Do not connect over an SSH session because it can get disconnected. On VSX R77.30, the Gaia CPUSE does not support installation of Hotfixes (refer to sk92449 - section "(2)" - "VSX Gateways").

To install with legacy CLI:

  1. Download the Hotfix package to your machine to a specific directory, e.g., /some_path_to_fix/ .

  2. Unpack and install the Hotfix package:

    [Expert@HostName]# cd /some_path_to_fix/
    [Expert@HostName]# tar -zxvf fw1_wrapper_<HOTFIX_NAME>.tgz
    [Expert@HostName]# ./fw1_wrapper_<HOTFIX_NAME>

    Note: The script stops all Check Point services (cpstop) - read the output on the screen.
  3. Reboot the machine.



Give us Feedback
Please rate this document