During products upgrade, the products package performs "cpstop -fwflag -proc" to stop the FireWall user mode processes at the pre-installation stage.
In this specific case, the Multi-Portal SSL process (vpnd) will stop working, while the FireWall driver will keep trying to move SSL traffic on port 443 to it.
This causes failure on connections to all portals on port 443, running on the upgraded machine.
This problem was fixed. The fix is included in:
Check Point recommends to always upgrade to the most recent version (upgrade Security Gateway / upgrade VSX / upgrade Security Management Server / upgrade Multi-Domain Security Management Server).
For upgrade from R75.40 to R75.40VS, there are several possible workarounds and temporary solutions for this issue. User may choose the one that best fits his environment and needs. Please use one of the following to overcome the issue:
- Change the Gaia Portal port before the upgrade to a port other than 443. Refer to Gaia Administration Guide (R75.40, R75.40VS). After the upgrade, the user may configure Gaia Portal port back to 443.
- Upgrade via Command Line instead of Gaia Portal.
- Disable all the activated software blades before upgrading and enable them after the upgrade.
- User may ignore the Gaia Portal disconnect and wait until the machine reboots. The upgrade process may be monitored from the Command Line (Expert mode) using the "
ps auxwwwf" command or "
If the machine does not reboot after a while, the upgrade may have failed for some other reason.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.
This solution is about products that are no longer supported and it will not be updated