Support Center > Search Results > SecureKnowledge Details
How to check which Hotfixes are installed on a Check Point machine
Solution

Check Point fixes the reported issues and provides hotfixes. Depending on the fixed code, a hotfix might be provided as a Linux kernel RPM with improved Linux kernel / improved hardware drivers, or as a separate hotfix package to replace Check Point files.

 

Click Here to Show Entire Article

 

  1. How to check, which RPM packages are installed on Gaia / SecurePlatform OS?

    In order to check, which RPM packages were installed on the machine, collect the list of current RPM packages and compare it with the list of RPM packages, which were installed by default from ISO.

    List of RPM packages, which are installed by default from ISO can only be obtained right after installing Check Point from ISO.
    Meaning, that a clean install must be performed (this can be done even in VMWare).

    Run this command:

    [Expert@HostName]# rpm -qa | sort


  2. How to check, which hotfix packages are installed using CPinfo utility?

    Refer to sk83860 - How to get installed hotfix versions using CPInfo

    Run this command:

    [Expert@HostName]# cpinfo -y all


  3. How to check, which hotfix packages are installed using Gaia CPUSE?

    Related solution: sk92449: CPUSE - Gaia Software Updates (including Gaia Software Updates Agent).

    • Show / Hide instructions for Gaia Portal

      • Show / Hide instructions for Gaia Portal - Get simple list of hotfixes

        Note: Requires CPUSE build 710 and above.

        1. Connect to the Gaia Portal and obtain the lock over the configuration database (click on the lock icon at the top - near 'Sign Out'):



        2. Navigate to Upgrades (CPUSE) pane (in Gaia R77.20 and above) / to Software Updates pane (in Gaia R77.10 and lower) - click on Status and Actions:

          In Gaia R77.20 and above In Gaia R77.10 and lower


        3. Click on the Hotfixes link near the version.

          Example:



        4. A pop-up Hotfixes Information appears.

          Example:



      • Show / Hide instructions for Gaia Portal - See list of hotfixes with full details

        1. Connect to the Gaia Portal and obtain the lock over the configuration database (click on the lock icon at the top - near 'Sign Out'):



        2. Navigate to Upgrades (CPUSE) pane (in Gaia R77.20 and above) / to Software Updates pane (in Gaia R77.10 and lower) - click on Status and Actions:

          In Gaia R77.20 and above In Gaia R77.10 and lower


        3. All packages are displayed in categories - and by default are filtered to view recommended packages only.

          Click on the filter button near the help icon - select the Installed.



    • Show / Hide instructions for Gaia Clish

      1. Connect to command line on Gaia OS.

      2. Log in to Clish shell.

      3. Get the list of all installed packages:

        • CPUSE versions 802 and above:

          HostName> show installer packages installed
        • CPUSE versions 747 and lower:

          HostName> show installer installed_packages


  4. How to check, which hotfix package was installed using Check Point Registry file?

    Notes:

    • This check applies to all operating systems.
    • Check Point software consists of various parts - e.g., FW1 (main FireWall code), CVPN (Mobile Access code), SecurePlatform (OS code on Gaia / SecurePlatform), etc.
      Some hotfixes replace files only in one part, while other hotfixes replace files in several parts (e.g., Jumbo Hotfix Accumulators).
      Therefore, the search for hotfixes in Check Point Registry file should be performed in the entire file.

    Refer to Check Point Registry file:

    • On Gaia / SecurePlatform / IPSO / XOS:

      $CPDIR/registry/HKLM_registry.data
    • On Windows OS:

      Information is saved in Windows Registry - in HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\

    Follow these steps:

    • On Gaia / SecurePlatform / IPSO / XOS:

      1. Open the file in "less" pager:

        [Expert@HostName]# less -M $CPDIR/registry/HKLM_registry.data

      2. Press the right slash key "/"

      3. Type HotFixes

        Note: case sensitive.

      4. Press Enter key.
        Copy the names of the relevant hotfixes.

      5. Press n key to go to the next "HotFixes" section
    • On Windows OS:

      1. Start Windows built-in Registry Editor:

        Start menu - 'Run...' - type regedit - click OK / press Enter key.

        Important Note: Before proceeding, refer to these Microsoft KB articles:



      2. Go to HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\

      3. Search for HotFixes in "CheckPoint" branch

    In the example below, we can see the following:

    1. this machine was R70.10
    2. then machine was upgraded to R70.30
    3. then hotfix 'FLO_HF_HA30_471' was installed (for FW1 - "fw1_wrapper")

    [Expert@HostName]# less -M $CPDIR/registry/HKLM_registry.data

    This line starts the header
    version=XYZ
    ! This line ends the header
    ("CheckPoint Repository Set"
    	:App_Manage ("[4]0")
    	: (SOFTWARE
    		: (CheckPoint
    			: (CPshared
    			........................................................
    			)
    			: (Components
    			........................................................
    			)
    			: (Products
    			........................................................
    			)
    			........................................................
    			: (FW1
    				:CurrentVersion (6.0)
    				: (6.0
    				........................................................
    					: (HotFixes
    						:HOTFIX_R70_10 (1)
    						:HOTFIX_R70_30 (1)
    						:HOTFIX_FLO_HF_HA30_471 (1)
    						: (LastInfo
    							:LastHFARegName (HOTFIX_R70_30)
    							:LastHFAIndex (30)
    						)
    					)
    					: (HOTFIX_R70_10
    						:PrevHFARegName (0)
    						:PrevHFAIndex (0)
    						:SilentUninstall ("/opt/CPsuite-R70/uninstall_fw1_HOTFIX_R70_10 -SU")
    					)
    					: (HOTFIX_R70_30
    						:SilentUninstall ("/opt/CPsuite-R70/uninstall_fw1_HOTFIX_R70_30 -SU")
    						:PrevHFARegName (HOTFIX_R70_10)
    						:PrevHFAIndex (10)
    					)
    					: (HOTFIX_FLO_HF_HA30_471
    						:SilentUninstall ("/opt/CPsuite-R70/uninstall_fw1_HOTFIX_FLO_HF_HA30_471 -SU")
    					)
    				)
    			........................................................
    			)
    			........................................................
    			: (VPN1
    			........................................................
    			)
    		........................................................
    		)
    	)
    )
    


  5. How to verify that hotfix package was installed correctly?
    1. Installation of a hotfix package should complete successfully - no errors, no failures.

    2. Installation log file has to be created - /opt/CPInstLog/install_<HOTFIX_NAME>.elg
      (example: /opt/CPInstLog/install_fw1_wrapper_HOTFIX_FOXX_HF_HA40_041)

    3. Uninstall script has to be created - /opt/CPsuite-<RXX>/uninstall_<HOTFIX_NAME>
      (example: /opt/CPsuite-R75.40/uninstall_fw1_wrapper_HOTFIX_FOXX_HF_HA40_041)


  6. How to verify that hotfix package replaced the relevant files correctly?

    Hotfix package is provided by Check Point Support with relevant Release Notes.

    Release Notes specify which files will be replaced on the machine, and what will be the 'Build Number' and the 'Minor Release' of the replaced files.

    Use the 'cpvinfo' command in order to get the 'Build Number' and the 'Minor Release' of the file:

    [Expert@HostName]# cpvinfo /<path_to>/<file_name> | grep -E "Build|Minor"

    Example:

    Excerpt from Release Notes of the 'FOXX_HF_HA40_041' hotfix:

    Files updated by this hotfix (Linux):
    =====================================
    
    please verify that in the cpvinfo output on the below files you see :
    Module Name = NACServer
    Minor Release = foxx_hf_ha40_041
    Build Number = 986041005
    /opt/CPsuite-R75.40/fw1/lib/libpdplib.so
    

    Therefore, we run:
    [Expert@HostName]# cpvinfo /opt/CPsuite-R75.40/fw1/lib/libpdplib.so | grep -E "Build|Minor"

    The output should show:
    Build Number = 986041005
    Minor Release = foxx_hf_ha40_041


  7. How to verify, which Take of Jumbo Hotfix Accumulator is installed?

    Refer to sk98028 - Jumbo Hotfix Accumulator FAQ - Question 1 "How to check the Take number of the currently installed Jumbo Hotfix Accumulator (if it is installed)?"


    Note: Regarding R80.10, since CPinfo build B914000164 the command # cpinfo -y all prints the Jumbo hotfix accumulator take number. See sk83860 for more information

    Click Here to Show Entire Section
    1. On R75.47 with sk95827 - Jumbo Hotfix Accumulator for R75.47 (fiat_hf_base_026)
      • For Take 88 and above

        The same command applies to Jumbo that was installed in Gaia Portal (CPUSE) and on CLI

        [Expert@HostName:0]# installed_jumbo_take [-n | -h]

        Notes:

        • On VSX Gateway, this command must be run from the context of VS0 (run "vsenv" command).
        • If no argument is specified, then the command will print: "RXX.XX Jumbo Hotfix Accumulator take_N is installed, see skXXXXX".
        • If "-n" argument is specified, then the command will print only the number of the Take (value "0" means that a reference to the Jumbo Hotfix Accumulator was not found in Check Point Registry).
        • If "-h" argument is specified, then the command will print the usage help.
      • For Take 86 and lower

        • If Jumbo Hotfix Accumulator was installed using Gaia CPUSE:

          [Expert@HostName]# $CPDIR/bin/cpprod_util CPPROD_GetValue "CPUpdates/6.0/BUNDLE_FIAT_HF_BASE_026" SU_Build_Take 0

        • If Jumbo Hotfix Accumulator was installed using Legacy CLI:

          [Expert@HostName]# $CPDIR/bin/cpprod_util CPPROD_GetValue "Check Point Mini Suite/setup/FIAT_HF_BASE_026" Take 0


    2. On R76 with sk96191 - Jumbo Hotfix Accumulator for R77 (gizmo_hf_041_050)
      • For Take 61 and above

        The same command applies to Jumbo that was installed in Gaia Portal (CPUSE) and on CLI

        [Expert@HostName:0]# installed_jumbo_take [-n | -h]

        Notes:

        • On VSX Gateway, this command must be run from the context of VS0 (run "vsenv" command).
        • If no argument is specified, then the command will print: "RXX.XX Jumbo Hotfix Accumulator take_N is installed, see skXXXXX".
        • If "-n" argument is specified, then the command will print only the number of the Take (value "0" means that a reference to the Jumbo Hotfix Accumulator was not found in Check Point Registry).
        • If "-h" argument is specified, then the command will print the usage help.
      • For Take 54 and lower

        • If Jumbo Hotfix Accumulator was installed using Gaia CPUSE:

          [Expert@HostName]# $CPDIR/bin/cpprod_util CPPROD_GetValue "CPUpdates/6.0/BUNDLE_GIZMO_HF_041_050" SU_Build_Take 0

        • If Jumbo Hotfix Accumulator was installed using Legacy CLI:

          [Expert@HostName]# $CPDIR/bin/cpprod_util CPPROD_GetValue "Check Point Mini Suite/setup/GIZMO_HF_041_050" Take 0


    3. On R77 with sk96192 - Jumbo Hotfix Accumulator for R77 (gulli_hf_base_008)
      • For Take 38 and above

        The same command applies to Jumbo that was installed in Gaia Portal (CPUSE) and on CLI

        [Expert@HostName:0]# installed_jumbo_take [-n | -h]

        Notes:

        • On VSX Gateway, this command must be run from the context of VS0 (run "vsenv" command).
        • If no argument is specified, then the command will print: "RXX.XX Jumbo Hotfix Accumulator take_N is installed, see skXXXXX".
        • If "-n" argument is specified, then the command will print only the number of the Take (value "0" means that a reference to the Jumbo Hotfix Accumulator was not found in Check Point Registry).
        • If "-h" argument is specified, then the command will print the usage help.
      • For Take 37 and lower

        • If Jumbo Hotfix Accumulator was installed using Gaia CPUSE:

          [Expert@HostName]# $CPDIR/bin/cpprod_util CPPROD_GetValue "CPUpdates/6.0/BUNDLE_GULLI_HF_BASE_008" SU_Build_Take 0

        • If Jumbo Hotfix Accumulator was installed using Legacy CLI:

          [Expert@HostName]# $CPDIR/bin/cpprod_util CPPROD_GetValue "Check Point Mini Suite/setup/GULLI_HF_BASE_008" Take 0


    4. On R77.10 with sk98285 - Jumbo Hotfix Accumulator for R77.10 (gypsy_hf_base_021)
      • For Take 131 and above

        The same command applies to Jumbo that was installed in Gaia Portal (CPUSE) and on CLI

        [Expert@HostName:0]# installed_jumbo_take [-n | -h]

        Notes:

        • On VSX Gateway, this command must be run from the context of VS0 (run "vsenv" command).
        • If no argument is specified, then the command will print: "RXX.XX Jumbo Hotfix Accumulator take_N is installed, see skXXXXX".
        • If "-n" argument is specified, then the command will print only the number of the Take (value "0" means that a reference to the Jumbo Hotfix Accumulator was not found in Check Point Registry).
        • If "-h" argument is specified, then the command will print the usage help.
      • For Take 130 and lower

        • If Jumbo Hotfix Accumulator was installed using Gaia CPUSE:

          [Expert@HostName]# $CPDIR/bin/cpprod_util CPPROD_GetValue "CPUpdates/6.0/BUNDLE_GYPSY_HF_BASE_021" SU_Build_Take 0

        • If Jumbo Hotfix Accumulator was installed using Legacy CLI:

          [Expert@HostName]# $CPDIR/bin/cpprod_util CPPROD_GetValue "Check Point Mini Suite/setup/GYPSY_HF_BASE_021" Take 0


    5. On R77.20 with sk101975 - Jumbo Hotfix Accumulator for R77.20 (R77_20_jumbo_hf)
      • For Take 110 and above

        The same command applies to Jumbo that was installed in Gaia Portal (CPUSE) and on CLI

        [Expert@HostName:0]# installed_jumbo_take [-n | -h]

        Notes:

        • On VSX Gateway, this command must be run from the context of VS0 (run "vsenv" command).
        • If no argument is specified, then the command will print: "RXX.XX Jumbo Hotfix Accumulator take_N is installed, see skXXXXX".
        • If "-n" argument is specified, then the command will print only the number of the Take (value "0" means that a reference to the Jumbo Hotfix Accumulator was not found in Check Point Registry).
        • If "-h" argument is specified, then the command will print the usage help.
      • For Take 99 and lower

        • If Jumbo Hotfix Accumulator was installed using Gaia CPUSE:

          [Expert@HostName]# $CPDIR/bin/cpprod_util CPPROD_GetValue "CPUpdates/6.0/BUNDLE_R77_20_JUMBO_HF" SU_Build_Take 0

        • If Jumbo Hotfix Accumulator was installed using Legacy CLI:

          [Expert@HostName]# $CPDIR/bin/cpprod_util CPPROD_GetValue "Check Point Mini Suite/setup/R77_20_jumbo_hf" Take 0


    6. On R77.30 with sk106162 - Jumbo Hotfix Accumulator for R77.30 (R77_30_jumbo_hf)

      The same command applies to Jumbo that was installed using CPUSE and using Legacy CLI.

      [Expert@HostName:0]# installed_jumbo_take [-n | -h]

      Notes:

      • On VSX Gateway, this command must be run from the context of VS0 (run "vsenv" command).
      • If no argument is specified, then the command will print: "RXX.XX Jumbo Hotfix Accumulator take_N is installed, see skXXXXX".
      • If "-n" argument is specified, then the command will print only the number of the Take (value "0" means that a reference to the Jumbo Hotfix Accumulator was not found in Check Point Registry).
      • If "-h" argument is specified, then the command will print the usage help.

 

Related Solutions

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment