Support Center > Search Results > SecureKnowledge Details
Check Point Upgrade Service Engine (CPUSE) - Gaia Deployment Agent Technical Level
Solution

Table of Contents:

  1. Introduction
  2. System requirements and limitations
  3. Download the latest build of CPUSE Agent, What's New and Installation instructions
  4. How to work with CPUSE
    1. How to download and import a CPUSE package
      1. Download and import instructions for Online procedure - Gaia Portal
      2. Download and import instructions for Online procedure - Gaia Clish
      3. Import instructions for Offline procedure - Gaia Portal
      4. Import instructions for Offline procedure - Gaia Clish
    2. How to install a CPUSE package
      1. Install a Hotfix package / Minor Version package
      2. Perform an upgrade to a Major Version
      3. Perform a clean install of Major Version
      4. Perform a clean install or upgrade of a Blink image
    3. How to uninstall a CPUSE package
    4. "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)
  5. Architecture and Design
  6. Limitations, Troubleshooting and Related solutions
  7. Information about older CPUSE builds
  8. Revision history

In addition, refer to sk111158 - Central Deployment Tool (CDT).

 

Click Here to Show the Entire Article

 

(1) Introduction

Show / Hide this section

Check Point Update Service Engine (CPUSE), also known as Deployment Agent [DA], is an advanced and intuitive mechanism for software deployment on Gaia OS, which supports deployments of single HotFixes (HF), of HotFix Accumulators (Jumbo), and of Major Versions.

Gaia Software Updates offers a Smart, Fast and Safe deployment solution:

Smart

  • Discover only the applicable software updates
  • Reboot only if required
  • Auto authentication with Download Center
  • View hierarchy of software updates
  • E-mail notification for new updates

Fast

  • Fast download
  • Fast installation
  • Short down time

Safe

  • Upgrade to next Major Version is performed on a new disk partition and preserves Gaia OS configuration
  • Automatic conflicts validation
  • Checksum validation of packages on target machine
  • Self-test after installation
  • Auto roll-back on failures

 

(2) System requirements and limitations

Show / Hide this section

Table of Contents for this section:

  1. License and contract
  2. Connection to the Internet
  3. CPUSE communication with Check Point cloud
  4. Deployment Agent update to the latest version
  5. Upgrade
  6. Free disk space

#

Topic

Comments

A

License and contract

  • Valid license has to be installed on the target machine.

  • Valid Software Subscription or Technical Support Contract has to be associated with the license.

  • The Contract File must be installed on the target machine.

Notes:

  1. There is a 30 days grace period upon first installation/activation of the Deployment Agent, during which no license is needed at all.

  2. Evaluation License is not enough to enable Gaia Software Updates.

    A real valid support license is required.

    Access to Check Point Download Server is available via subscription only.

    An Evaluation License is not sufficient to grant download access from the User Center.

B

Connection to the Internet

  • Gaia machine should be connected to the Internet:

    • To perform online self-update of Deployment Agent

    • To obtain Software Updates from Check Point Cloud

    Note: The option "Automatically download Contracts and other important data (Recommended)" should be enabled as described in sk94508 (SmartConsole - "Policy" menu - "Global Properties" - "Security Management Access").

  • Manual offline installation of CPUSE packages is available if Gaia machine is disconnected from the Internet.

C

CPUSE communication with Check Point cloud

To allow CPUSE to communicate with Check Point cloud, follow the steps below in SmartDashboard.

An explicit firewall rule has to be created in the these scenarios:

#

Scenario
description

Which explicit
firewall rule
to create

Traffic
Source

Traffic
Destination

Traffic
proto /
ports

Where to
install / apply
the explicit rule

1

Check Point Security Gateway running on Gaia OS, which must connect to Check Point cloud.

Implied rule "Accept outgoing packets originating from Gateway" is disabled in Policy menu - Global Properties... - FireWall pane.

Create an explicit firewall rule for this Check Point Security Gateway (see procedure below) to allow the communication between CPUSE on this Check Point Security Gateway and Check Point cloud.

Check
Point
Security
Gateway

Check
Point
domains

Required
HTTP /
HTTPS /
DNS
traffic

Check
Point
Security
Gateway

2

Perimeter Check Point Security Gateway that protects internal Check Point machine running on Gaia OS, which must connect to Check Point cloud.

Create an explicit firewall rule for the Perimeter Check Point Security Gateway (see procedure below) to allow the communication between CPUSE on internal Check Point machine and Check Point cloud.

Internal
Check
Point
machine

Check
Point
domains

Required
HTTP /
HTTPS /
DNS
traffic

Perimeter
Check
Point
Security
Gateway

3

Perimeter non-Check Point FireWall that protects Check Point machine running on Gaia OS, which must connect to Check Point cloud.

Create an explicit firewall rule (for reference, see procedure below) for this non-Check Point FireWall to allow the communication between CPUSE on internal Check Point machine and Check Point cloud.

Internal
Check
Point
machine

Check
Point
domains

Required
HTTP /
HTTPS /
DNS
traffic

Perimeter
non-Check
Point
FireWall

Procedure for Check Point Security Gateway:

Note: For non-Check Point FireWall, the equivalent rule must be created. Related solution: sk83520.

  1. Create the these Domain objects for Check Point domains and for Akamai domain (note the dot in the beginning:

    • .updates.checkpoint.com

    • .updates.g01.checkpoint.com

    • .gwevents.checkpoint.com

    • .gwevents.us.checkpoint.com

    • .deploy.static.akamaitechnologies.com

    Instructions:

    1. Go to the "Manage" menu - click "Network Objects..."

    2. Click the "New..." button - select "Domain..."

    3. In the "Name" field, paste the name of the domain listed above (note the dot in the beginning) and click "OK".

    4. Repeat Steps i-iii for all domains listed above.

    5. Click the "Close" button.

  2. Create this Firewall security rule for the involved Security Gateway (use predefined services):

    Important Note: Rules with Domain Objects should be located as low as possible in the rulebase.

    For Scenario #1 - Check Point Security Gateway running on Gaia OS (and implied rule "Accept outgoing packets originating from Gateway" is disabled)

    SOURCE

    DESTINATION

    SERVICE

    ACTION

    INSTALL ON

    Check Point
    Security
    Gateway

    .updates.checkpoint.com

    .updates.g01.checkpoint.com

    .gwevents.checkpoint.com

    .gwevents.us.checkpoint.com

    .deploy.static.akamaitechnologies.com

    http

    https

    HTTP_and_HTTPS_proxy

    domain-udp

    Accept

    Check Point
    Security
    Gateway

    For Scenario #2 - Perimeter Check Point Security Gateway that protects internal Check Point machine

    SOURCE

    DESTINATION

    SERVICE

    ACTION

    INSTALL ON

    Internal
    Check Point
    machine

    .updates.checkpoint.com

    .updates.g01.checkpoint.com

    .gwevents.checkpoint.com

    .gwevents.us.checkpoint.com

    .deploy.static.akamaitechnologies.com

    http

    https

    HTTP_and_HTTPS_proxy

    domain-udp

    Accept

    Perimeter
    Check Point
    Security
    Gateway

  3. Install the policy onto involved Security Gateway.

D

Deployment Agent update to the latest version

  • On an online Gaia machine (that is connected to the Internet):

    • Deployment Agent must always be updated to the latest available version before being able to perform any action.

    • We recommend to leave the default Deployment Agent policy configuration "Periodically update new Deployment Agent version (recommended)".

  • On an offline Gaia machine (that is disconnected from the Internet), it is strongly recommended to always update the Deployment Agent to the latest available build.

E

Upgrade

  • Upgrade to a higher Major Version (e.g., from R80.40 to R81.X) using CPUSE will not be available on these machines/appliances:

    • Scalable Chassis R80.20SP (refer to to R80.20SP Installation and Upgrade Guide)

    • Open Servers that were upgraded from SecurePlatform OS to Gaia OS

    • IP Appliances that were upgraded from IPSO OS to Gaia OS

    • UTM-1 130 and UTM-1 270 appliances (regardless of previous OS)

  • Major Upgrade using CPUSE on IP Appliances running Gaia OS is supported only in Gaia Clish.

F

Free disk space

  • To import a CPUSE package, the /var/log/ partition on Gaia OS must have enough free disk space - at least twice the size of the package you want to import.

    To see the amount of available disk space in /var/log/ partition, run this command in the Expert mode:

    [Expert@HostName:0]# df -h | grep -E "Avail|/var/log"

    Example:
    [Expert@Gaia:0]# df -h | grep -E "Avail|/var/log"
    Filesystem            Size  Used Avail Use% Mounted on
    11G  286M  9.9G   3% /var/log
    [Expert@Gaia]#
    
  • To upgrade to a higher Major Version, or to perform Clean Installation using CPUSE, machine must have enough unallocated (unpartitioned) disk space - at least as the size of the root partition.

    Run these commands in the Expert mode:

    1. Examine the size of the "root" partition:

      [Expert@HostName:0]# df -h | grep -E "Avail|\/$"

      Example:
      [Expert@Gaia:0]# df -h | grep -E "Avail|\/$"
      Filesystem            Size  Used Avail Use% Mounted on
      17G  9.1G  6.6G  59% /
      [Expert@Gaia]#
      
    2. Examine the amount of unallocated (unpartitioned) disk space:

      [Expert@HostName:0]# pvs

      Example:
      [Expert@Gaia:0]# pvs
      PV         VG       Fmt  Attr PSize  PFree
      /dev/sda3  vg_splat lvm2 a-   57.81G 29.81G
      [Expert@Gaia]#
      

    To free the unallocated disk space, remove Gaia snapshots (if they exist), follow sk91060.

 

(3) Download the latest build of Deployment Agent, What's New and Installation instructions

Build
Number

Release
Date

Status

Download
Link

What's New

2193

17 May 2022

General Availability

(TGZ)

  • Improve CPUSE integration with auto-updates.
  • Fix of an issue causing instability of upgrades triggered by CDT.
  • Split an error of “BAD_PATH” to several different errors and fail during verification instead of during installation.
  • Fix an issue causing bundle extraction failure during Blink management upgrade.

Notes:

  • Latest build is usually gradually released to all customers. Therefore, not all machines might receive the latest build at the same time.

  • This package should not be used for upgrading the Deployment Agent for Maestro and Scalable Chassis products.

  • Check Point always recommends to upgrade the Deployment Agent to the latest available build.

 

Show / Hide this section

Table of Contents for this section:

  1. How to see the current CPUSE build
  2. How to manually install CPUSE

(3-A) How to see the current build of the CPUSE Agent

Where to see

Instructions

In Gaia Portal

  1. Navigate to the Upgrades (CPUSE) section - click the Status and Actions page.

  2. Build of the installed Deployment Agent appears at the top.

    Example:

In Gaia Clish

  1. Connect to command line on Gaia machine.

  2. Log in to Gaia Clish.

  3. Run this command:

    HostName:0> show installer status build

    Example output:

    Build number: 2019 (agent build is up to date)

in the Expert mode

  1. Connect to command line on Gaia machine.

  2. Log in to the Expert mode.

  3. Run this command:

    [Expert@HostName:0]# da_cli da_status

    {
       "Action ID" : "0",
       "DABuildNumber" : "2019",
       "DAService State" : "ready",
       "New DA Availability" : "up to date"
    }
    

 

(3-B) How to manually install the CPUSE Agent package

Procedure in Gaia Portal:

  1. Connect to Gaia Portal and obtain the lock over the configuration database (click the lock icon at the top - near 'Sign Out').

  2. Navigate to the Upgrades (CPUSE) section - click the Status and Actions page.

  3. Click the "Install DA" button:

  4. Browse to the Deployment Agent TGZ package on your computer.

  5. Follow the instructions on the screen.

Procedure in CLI:

  1. Transfer the CPUSE Agent package (DeploymentAgent_<build>.tgz) to the machine (into some directory - e.g., /some_path_to_CPUSE/).

  2. Connect to the command line.

  3. Log in to Gaia Clish.

  4. Run:

    installer agent install <full path>/DeploymentAgent_<build>.tgz

 

(4) How to work with CPUSE

Show this section

Table of Contents for this section:

  1. How to download and import a CPUSE package
  2. How to install a CPUSE package
  3. How to uninstall a CPUSE package
  4. "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)

(4-A) How to work with CPUSE - How to download and import a CPUSE package

Show this sub-section

Important Note: After the desired CPUSE package is downloaded / imported, proceed to sub-section "(4-B) How to work with CPUSE - How to install a CPUSE package".

  • (4-A-a) Show / Hide download and import instructions for Online procedure - Gaia Portal

    The online procedure in Gaia Portal can be used in these cases:

    • Gaia machine is connected to the Internet (meaning, full access to Check Point Cloud - refer to section "System requirements and limitations" - requirement "CPUSE communication with Check Point cloud" above, and to sk83520).

    • CPUSE package is available on the Check Point Cloud.

    Procedures:

    • (4-A-a-i) Show / Hide online download instructions in Gaia Portal for Public Hotfixes / Minor Version / Major Version

      1. Connect to Gaia Portal and obtain the lock over the configuration database (click the lock icon at the top - near 'Sign Out'):

      2. Navigate to the Upgrades (CPUSE) section - click the Status and Actions page.

      3. All packages appear in categories and by default are filtered to view recommended packages only.

        Note: Use the filter button near the help icon and select the packages you wish to see:

      4. Verify the package - see whether this package can be installed without conflicts:

        • Either select the package - click the More button on the toolbar - click Verifier:

        • Or right-click package - click Verifier:

        Result of this test should be one of these:

        • Installation is allowed

        • Upgrade is allowed

        Examples:

        For a Hotfix package:

        For a Major Version:

      5. Download the package in the applicable category:

        Note: The download progress (in per cent) appears in "Gaia Portal" - "Upgrades (CPUSE)" section - "Status and Actions" page, and in the output of the Gaia Clish command "show installer package <Package_Number>".

        Category

        Instructions

        Hotfixes

        • Option 1 - only download the package:

          1. Select the package.

          2. Download the package:

            • Either select the package - click the More button on the toolbar, and click Download:

            • Or right-click the package and click Download:

          3. You can pause the download at any time:

            • Either select the package and click Pause button on the toolbar:

            • Or right-click the package and click Pause:

            The status of the package will change to "Pausing Download" and then to "Partially Downloaded":

          4. You can resume the download at any time:

            • Either select the package and click Resume button on the toolbar:

            • Or right-click the package and click Resume:

            The status of the package will change to "Resuming Download" and then to "Downloading":

        • Option 2 - download and install the package in one step:

          • Either select the package and click Install Update button on the toolbar:

          • Or right-click the package and click Install Update:

        Major Versions

        1. Select the package.

        2. Download the package:

          • Either select the package - click the Download button on the toolbar:

          • Or right-click the package and click Download:

        3. You can pause the download at any time:

          • Either select the package and click the Pause button on the toolbar:

          • Or right-click the package and click Pause:

          The status of the package will change to "Pausing Download" and then to "Partially Downloaded":

        4. You can resume the download at any time:

          • Either select the package and click Resume button on the toolbar:

          • Or right-click the package and click Resume:

          The status of the package will change to "Resuming Download" and then to "Downloading":

      6. Proceed to sub-section "(4-B) How to work with CPUSE - How to install a CPUSE package".



    • (4-A-a-ii) Show / Hide online import instructions in Gaia Portal for Private Hotfixes / Jumbo Hotfix Accumulators

      1. Connect to Gaia Portal and obtain the lock over the configuration database (click the lock icon at the top - near 'Sign Out'):

      2. Navigate to the Upgrades (CPUSE) section - click the Status and Actions page.

      3. Click the Add hotfixes from the cloud button:

      4. A pop-up appears:

      5. Contact Check Point Support to get the applicable CPUSE Identifier.

        If you know that the CPUSE package for required hotfix is available on Check Point Download Center, then copy-and-paste the exact name of the regular package for required hotfix as appears in the "File Name" field on the hotfix Download Page.

        Notes:

        • Currently, only these keys are supported in this field: Left/Right arrow, Delete, Backspace.

        • Downloading the hotfix by its URL is not supported.

        • Packages that are not suitable for this machine, will not be available (e.g., if some Take of a Jumbo Hotfix Accumulator is installed, then Takes lower than the current Take will not be available).

        Example:

        CPUSE Identifier of a Jumbo Hotfix Accumulator is:

        Check_Point_R81_JUMBO_HF_MAIN_Bundle_T36.tgz:

      6. Click the magnifying glass icon to start the search.

        Example:

      7. When the package is found, it appears as a link along with its title and release date.

        Example:

      8. Click the package to add it to the list of available packages.

        Example:

      9. The package will be added with the status Available for Download, and the filter will automatically change to show all packages.

      10. Verify the package - see whether this package can be installed without conflicts:

        • Either select the package - click the More button on the toolbar - click Verifier:

        • Or right-click the package - click Verifier:

        Result of this test should be one of these:

        • Installation is allowed

        • Upgrade is allowed

      11. Download the package - same as (5)

      12. If you only downloaded the package (without installing it), then proceed to sub-section "(4-B) How to work with CPUSE - How to install a CPUSE package".



  • (4-A-b) Show / Hide download and import instructions for Online procedure - Gaia Clish

    The online procedure in Gaia Clish can be used in these cases:

    • Gaia machine is connected to the Internet (meaning, full access to Check Point Cloud - refer to section "System requirements and limitations" - requirement "CPUSE communication with Check Point cloud" above, and to sk83520).

    • CPUSE package is available on the Check Point Cloud.

    • If this Gaia machine is running in VSX Mode, then refer to section "(2) System requirements and limitations" - subsection "G. VSX Gateways".

    Note: For details about Gaia Clish commands, refer to section "(4-D) How to work with CPUSE - "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)".

    Procedures:

    • (4-A-b-i) Show / Hide online download instructions in Gaia Clish for Public Hotfixes / Minor Version / Major Version

      1. Connect to command line on Gaia machine.

      2. Log in to Gaia Clish.

      3. Obtain the lock over Gaia configuration database:

        HostName:0> lock database override

      4. Get the available packages (run the applicable command):

        HostName:0> show installer packages recommended

        HostName:0> show installer packages available-for-download

        HostName:0> show installer package[press Space key][press Tab key]

        HostName:0> show installer package <Package_Number>

      5. Download the desired package from the Check Point Cloud:

        Note: The download progress (in per cent) appears in the output of the Gaia Clish command "show installer package <Package_Number>", and in "Gaia Portal" - "Upgrades (CPUSE)" section - "Status and Actions" page.

        HostName:0> installer download <Package_Number>

      6. You can pause the download at any time:

        HostName:0> installer download <Package_Number> pause

      7. You can resume the download at any time:

        HostName:0> installer download <Package_Number> resume

      8. Show the downloaded packages:

        HostName:0> show installer packages downloaded

      9. Verify the package - see whether this package can be installed without conflicts:

        HostName:0> installer verify <Package_Number>

        Result of this test should be:

        • For a Hotfix package:

          Result: Installation is allowed
          Status: Available for Install
          
        • For a Minor / Major Version:

          Result: Verifier results: Clean Install: Installation is allowed. Upgrade: Upgrade is allowed.
          Status: Available for Install
          
      10. Proceed to sub-section "(4-B) How to work with CPUSE - How to install a CPUSE package".



    • (4-A-b-ii) Show / Hide online import instructions in Gaia Clish for Private Hotfixes / Jumbo Hotfix Accumulators

      1. Connect to command line on Gaia machine.

      2. Log in to Gaia Clish.

      3. Obtain the lock over Gaia configuration database:

        HostName:0> lock database override

      4. Import the desired package from the Check Point Cloud:

        HostName:0> installer import cloud <CPUSE_Identifier>

        Contact Check Point Support to get the applicable CPUSE Identifier.

        Note: Packages that are not suitable for this machine, will not be available.

        If you know that the CPUSE package for required hotfix is available on Check Point Download Center, then copy-and-paste the exact name of the regular package for required hotfix as appears in the "File Name" field on the hotfix Download Page:

        Example:

        CPUSE Identifier of a Jumbo Hotfix Accumulator is:

        Check_Point_R81_JUMBO_HF_1_Bundle_T23.tgz

      5. Show the imported packages:

        HostName:0> show installer packages imported

      6. Verify the package - see whether this package can be installed without conflicts:

        HostName:0> installer verify[press Space key][press Tab key]

        HostName:0> installer verify <Package_Number>

        Result of this test should be:

        Result: Installation is allowed
        Status: Available for Install
        
      7. Proceed to sub-section "(4-B) How to work with CPUSE - How to install a CPUSE package".



  • (4-A-c) Show / Hide import instructions for Offline procedure - Gaia Portal

    The offline import procedure in Gaia Portal can be used in these cases:

    • Gaia machine is disconnected from the Internet (meaning, no access to Check Point Cloud).

    • CPUSE package is not available on the Check Point Cloud.

    • Although Gaia machine is connected to the Internet, administrator wishes to manually import a CPUSE package instead of downloading it from Check Point Cloud.

    • Gaia machine is not running in VSX Mode (in which case, Gaia Portal is not available).

    Notes:

    • Starting from R81, the installed offline packages must be *.tar files.

    • Either get the offline CPUSE package from Check Point Support, or export the CPUSE package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to section "(4) How to work with CPUSE" - "(D) Additional information about Gaia Clish commands and Gaia Portal actions for CPUSE" - "Show / Hide how to export a CPUSE package in Gaia Portal".

    • Requirements for free disk space exist.

    • For details about Gaia Clish commands, refer to section "(4-D) How to work with CPUSE - "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)".

    Import procedure for Offline CPUSE package / Exported CPUSE package:

    1. Make sure you have the applicable CPUSE offline package (TGZ file) / exported package (TAR file).

    2. Connect to Gaia Portal on the target Gaia OS.

    3. Obtain the lock over the configuration database (click the lock icon at the top - near 'Sign Out'):

    4. Navigate to the Upgrades (CPUSE) section - click the Status and Actions page.

    5. In the upper right corner, click the Import Package button:

    6. In the Import Package window, click Browse... - select the CPUSE offline package (TGZ file) / exported package (TAR file) - click Import.

      Note: If this error appears, then wrong package was uploaded (contact Check Point Support for assistance):

      Import Failed

      Cannot import package <Name_of_File>. It is not a valid CPUSE package.

      Refer to the package's official documentation to get a list of compatible machines. For more information, contact Check Point Technical Services.

      Example:

      • Popup at the bottom:

      • Event Log entry:

    7. Click the filter button near the help icon (that currently says "Showing Recommended packages") and click "All" (the filter should change to "Showing All packages"):

    8. Verify the imported package - see whether this package can be installed without conflicts:

      • Either select the imported package - click the More button on the toolbar - click Verifier:

      • Or right-click the imported package - click Verifier:

      Result of this test should be one of these:

      • Installation is allowed

      • Upgrade is allowed

    9. Proceed to sub-section "(4-B) How to work with CPUSE - How to install a CPUSE package".



  • (4-A-d) Show / Hide import instructions for Offline procedure - Gaia Clish

    The offline import procedure in Gaia Clish can be used in these cases:

    • Gaia machine is disconnected from the Internet (meaning, no access to Check Point Cloud).

    • CPUSE package is not available on the Check Point Cloud.

    • Although Gaia machine is connected to the Internet, administrator wishes to manually import a CPUSE package instead of downloading it from Check Point Cloud.

    • If this Gaia machine is running in VSX Mode, then refer to section "(2) System requirements and limitations" - subsection "H. VSX Gateways".

    Notes:

    • Starting from R81, the installed offline packages must be *.tar files.

    • Either get the offline CPUSE package from Check Point Support, or export the CPUSE package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to section "(4) How to work with CPUSE" - "(D) Additional information about Gaia Clish commands and Gaia Portal actions for CPUSE" - "Show / Hide how to export a CPUSE package in Gaia Portal".

    • Requirements for free disk space exist.

    • For details about Gaia Clish commands, refer to section "(4-D) How to work with CPUSE - "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)".

    Import procedure for Offline CPUSE package / Exported CPUSE package:

    1. Make sure you have the applicable CPUSE offline package (TGZ file) / exported package (TAR file).

    2. Transfer the CPUSE offline package (TGZ) / exported package (TAR) to the target Gaia machine (into some directory, e.g., /some_path_to_package/).

    3. Connect to command line on the target Gaia OS.

    4. Log in to Gaia Clish.

    5. Obtain the lock over Gaia configuration database:

      HostName:0> lock database override
    6. Import the package from the hard disk:

      Note: When import completes, this package is deleted from the original location.

      HostName:0> installer import local <Full_Path>/<Package_File_Name>.<TGZ_or_TAR>

      Example:

      HostName:0> installer import local /var/log/path_to_pkg/Check_Point_Hotfix_R81.tgz

    7. Show the imported packages:

      HostName:0> show installer packages imported

    8. Verify the package - see whether this package can be installed without conflicts:

      HostName:0> installer verify[press Space key][press Tab key]

      HostName:0> installer verify <Package_Number>

      Result of this test should be:

      • For a Hotfix package:

        Result: Installation is allowed
        Status: Available for Install
        
      • For a Minor / Major Version:

        Result: Verifier results: Clean Install: Installation is allowed. Upgrade: Upgrade is allowed.
        Status: Available for Install
        
    9. Proceed to sub-section "(4-B) How to work with CPUSE - How to install a CPUSE package".

 

(4-B) How to work with CPUSE - How to install a CPUSE package

Show this sub-section
  • (4-B-a) Show / Hide instructions for installing a Hotfix / JUMBO package

    Note: Requirements for free disk space and limitations in VSX mode exist.

    • (4-B-a-i) Show / Hide installation instructions in Gaia Portal for Hotfixes

      1. All packages appear in categories and by default are filtered to view recommended packages only.

        Note: Use the filter button near the help icon and select the packages you wish to see:

      2. Verify the package (if you have not done it yet) - see whether this package can be installed without conflicts:

        • Either select the package - click the More button on the toolbar - click Verifier:

        • Or right-click the package - click Verifier:

        Result of this test should be:

        Installation is allowed

      3. Install the package:

        Note: The installation progress (in per cent) appears in "Gaia Portal" - "Upgrades (CPUSE)" section - "Status and Actions" page, and in the output of the Gaia Clish command "show installer package <Package_Number>".

        • Either select the package and click the Install Update button on the toolbar:

        • Or right-click the package and click Install Update:

      4. Machine is rebooted automatically (only if required so by the installed hotfix).

    • (4-B-a-iii) Show / Hide installation instructions in Gaia Clish for Hotfixes / JUMBO packages

      Note: For details about Gaia Clish commands, refer to section "(4-D) How to work with CPUSE - "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)".

      1. Connect to command line on Gaia OS.

      2. Log in to Gaia Clish.

      3. Obtain the lock over Gaia configuration database:

        HostName:0> lock database override
      4. Get the downloaded / available for install packages:

        HostName:0> show installer packages

        Example from R81.00:

        HostName:0> show installer packages
        **  ************************************************************************* **
        **                                 Hotfixes                                   **
        **  ************************************************************************* **
        Display name                                      Status
        R81 Jumbo Hotfix Accumulator General Availability (Take 36)             Available for Install
        **  ************************************************************************* **
        **                                  Majors                                    **
        **  ************************************************************************* **
        Display name                                      Status 
        R81.10 Gaia Fresh Install and upgrade                               Available for Download
        HostName:0>
        
      5. Verify the package (if you have not done it yet) - see whether this package can be installed without conflicts:

        HostName:0> installer verify[press Space key][press Tab key]

        HostName:0> installer verify <Package_Number>

        Result of this test should be:

        Result: Installation is allowed
        Status: Available for Install
        
      6. Install the desired package:

        Note: The installation progress (in per cent) appears in the output of the Gaia Clish command "show installer package <Package_Number>", and in "Gaia Portal" - "Upgrades (CPUSE)" section - "Status and Actions" page.

        HostName:0> installer install[press Space key][press Tab key]

        HostName:0> installer install <Package_Number>

        Example from R81.00:

        HostName:0> installer install[press Space key][press Tab key]
        **  ************************************************************************* **
        **                                 Hotfixes                                   **
        **  ************************************************************************* **
        Num Display name                                      Type
        1   R81 Jumbo Hotfix Accumulator General Availability (Take 36)            Hotfix
        HostName:0> installer install 1
        Initiating install of R81 Jumbo Hotfix Accumulator General Availability (Take 36)...
        Interactive mode is enabled. Press CTRL + C to exit (this will not stop the operation)
        Result: Package R81 Jumbo Hotfix Accumulator General Availability (Take 36) was installed successfully.
        Status: Installing (100%)
        
      7. Machine is rebooted automatically (only if required so by the installed hotfix).

        Note: If machine was not rebooted by the installed package, it might be necessary to connect to command line and to manually run the cpstart / mdsstart command.



  • (4-B-b) Show / Hide instructions for performing an upgrade to a Major Version

    Important Note: Existing OS settings and the Check Point Database are preserved during this procedure.

    Notes:

    • Requirements for free disk space and limitations in VSX mode exist.

    • Upgrade to a Major version is performed on a new hard disk partition, and the "old" partition is converted into Gaia Snapshot (the new partition space is taken from the un-partitioned space on the hard disk.

    • During an upgrade to a Major version, the CPUSE Agent copies these files from the current version to the target version:

      • The current $CPDIR/database/*authkeys.C files are copied to the target $CPDIR/database/ directory

      • The current $FWDIR/lib/user.def file is copied to the target $FWDIR/lib/ directory

      • The current $FWDIR/lib/user_early.def file is copied to the target $FWDIR/lib/ directory

      • The current $FWDIR/lib//defaultfilter.boot file is copied to the target $FWDIR/conf/defaultfilter.pf file

      • The current /etc/fw.boot/ha_boot.conf file is copied to the target /etc/fw.boot/ directory

      • The current /etc/fw.boot/modules/fwkern.conf file is copied to the target /etc/fw.boot/modules/ directory

      • The current /etc/ppk.boot/boot/modules/sim_aff.conf file is copied to the target /etc/ppk.boot/boot/modules/ directory

    • The date of the created snapshot indicates when the "old" partition was created and not when it was converted to snapshot. The date of the conversion to snapshot is indicated in the snapshot description.

    Instructions:

    • (4-B-b-i) Show / Hide upgrade instructions in Gaia Portal for Major Version

      1. All packages appear in categories and by default are filtered to view recommended packages only.

      2. Verify the package (if you have not done it yet) - see whether this package can be upgraded:

        • Either select the package - click the More button on the toolbar - click Verifier:

        • Or right-click the package - click Verifier:

        Result of this test should be one of these:

        • Installation is allowed

        • Upgrade is allowed

      3. Install the package:

        Note: The installation progress (in per cent) appears in "Gaia Portal" - "Upgrades (CPUSE)" section - "Status and Actions" page, and in the output of the Gaia Clish command "show installer package <Package_Number>".

        • Either select the package and click the Upgrade button on the toolbar:

          Example:

        • Or right-click the package and click Upgrade:

      4. CPUSE shows this warning in Gaia Portal:

        After this upgrade, there will be an automatic reboot.

        (Existing OS settings and the Check Point Database are preserved.)

      5. Machine is rebooted automatically.

      6. If you connect to command line and log in, this notification from CPUSE appears above the prompt:

        Upgrade is still running. Log in to the Status and Actions page to see the progress.
      7. Connect to Gaia Portal and obtain the lock over the configuration database (click the lock icon at the top - near 'Sign Out'):

      8. CPUSE shows this pop-up in Gaia Portal:

        "Upgrade is still running. Log in to the Status and Actions page to see the progress."

        Example:

      9. Navigate to the Upgrades (CPUSE) section - click the Status and Actions page.

      10. Click the filter button near the help icon (that currently says "Showing Recommended packages") and click "All" (the filter should change to "Showing All packages"):

      11. Manually install the policy:

        • If you upgraded a Security Management Server / Multi-Domain Security Management Server, then install the policy onto all managed Security Gateways / Clusters.

        • If you upgrade a Security Gateway / Cluster Members, then install the policy on this Security Gateway / Cluster.



    • (4-B-b-ii) Show / Hide upgrade instructions in Gaia Clish for Major Version

      Note: For details about Gaia Clish commands, refer to section "(4-D) How to work with CPUSE - "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)".

      1. Connect to command line on Gaia machine.

      2. Log in to Gaia Clish.

      3. Obtain the lock over Gaia configuration database:

        HostName:0> lock database override
      4. Get the downloaded / available for install packages:

        HostName:0> show installer packages

        Example from R81.00 being upgraded to R81.10 (clean install):

        HostName:0> show installer packages
        **  ************************************************************************* **
        **                                 Hotfixes                                   **
        **  ************************************************************************* **
        Display name                                                       Status 
        R81 Jumbo Hotfix Accumulator General Availability (Take 36)       Installed 
        **  ************************************************************************* **
        **                                  Majors                                    **
        **  ************************************************************************* **
        Display name                                      Status
        R81.10 Gaia Fresh Install and upgrade                        Available for Install
        HostName:0>
        
        HostName:0> show installer packages downloaded
        **  ************************************************************************* **
        **                                  Majors                                    **
        **  ************************************************************************* **
        Display name                                      Type
        R81.10 Gaia Fresh Install and upgrade            Major Version
        HostName:0>
        
      5. Verify the package (if you have not done it yet) - see whether this package can be installed without conflicts:

        HostName:0> installer verify[press Space key][press Tab key]

        HostName:0> installer verify <Package_Number>

        Result of this test should be:

        Result: Verifier results: Clean Install: Installation is allowed. Upgrade: Upgrade is allowed.
        Status: Available for Install
        
      6. Start the upgrade to Major Version:

        HostName:0> installer upgrade[press Space key][press Tab key]

        HostName:0> installer upgrade <Package_Number>

        Note: Once you see "Validating Install", press CTRL+C.

        Example from R81.00 being upgraded to R81.10 (clean install):

        HostName:0> installer upgrade[press Space key][press Tab key]
        **  ************************************************************************* **
        **                                  Majors                                    **
        **  ************************************************************************* **
        Num Display name                                      Type
        1   R81.10 Gaia Fresh Install and upgrade           Major Version
        HostName:0> installer upgrade 1
        The machine will automatically reboot after installation (y/n) [n]  y
        
        Initiating upgrade of R81.10 Gaia Fresh Install and upgrade...
        Note:      After this upgrade, there will be an automatic reboot.
        Existing OS settings and the Check Point Database are preserved.
        Interactive mode is enabled. Press CTRL + C to exit (this will not stop the operation)
        Validating Install:            5%
        
      7. Get the Package Number of the package being installed:

        HostName:0> show installer package[press Space key][press Tab key]

      8. To see the installation progress:

        Repeatedly run this command and refer to the "Status" line:

        HostName:0> show installer package <Package_Number>

        Example from R81.00 being upgraded to R81.10 (clean install):

        HostName:0> show installer package 3
        Display name:     R81.10 Gaia Fresh Install and upgrade
        Description:      No Description
        Size:             3.18 GB
        Type:             Major Version
        Status:           Installing (13%)
        Requires reboot:  Yes
        Recommended:      No
        Contains:         None
        Contained-in:     None
        Downloaded on:    Thu Mar  3 19:56:01 2021
        Imported on:      N/A
        Installed on:     N/A
        Installation log: /opt/CPInstLog//install_Major_R81_10.log
        HostName:0>
        
        ... ... ...
        HostName:0> show installer package 3
        ... ... ...
        
        HostName:0> show installer package 3
        Display name:     R81.10 Gaia Fresh Install and upgrade
        Description:      No Description
        Size:             3.18 GB
        Type:             Major Version
        Status:           Installing (100%)
        Requires reboot:  Yes
        Recommended:      No
        Contains:         None
        Contained-in:     None
        Downloaded on:    Thu Mar  3 19:56:01 2021
        Imported on:      N/A
        Installed on:     Thu Mar  3 20:31:53 2021
        Installation log: /opt/CPInstLog//install_Major_R81_10.log
        HostName:0>
        
      9. Machine is rebooted automatically.

      10. If you connect to command line and log in, this notification from CPUSE appears above the prompt:

        Upgrade is still running. Log in to the Status and Actions page to see the progress.

      11. Connect to Gaia Portal and obtain the lock over the configuration database (click the lock icon at the top - near 'Sign Out'):

      12. CPUSE shows this pop-up in Gaia Portal:

        "Upgrade is still running. Log in to the Status and Actions page to see the progress."

        Example:

      13. Navigate to the Upgrades (CPUSE) section - click the Status and Actions page.

      14. Click the filter button near the help icon (that currently says "Showing Recommended packages") and click "All" (the filter should change to "Showing All packages"):

      15. You will see the applicable progress (no need to refresh the page).

      16. Manually install the policy:

        • If you upgraded a Security Management Server / Multi-Domain Security Management Server, then install the policy onto all managed Security Gateways / Clusters.

        • If you upgrade a Security Gateway / Cluster Members, then install the policy on this Security Gateway / Cluster.



  • (4-B-c) Show / Hide instructions for performing a clean install of a Major Version

    Note: Requirements for free disk space and limitations in VSX mode exist.

    Important Note: Existing OS settings and the Check Point Database will be overwritten during this procedure.

    • (4-B-c-i) Show / Hide clean install instructions in Gaia Portal for Major Version

      1. All packages appear in categories and by default are filtered to view recommended packages only.

        Note: Use the filter button near the help icon and select the packages you wish to see

      2. Verify the package (if you have not done it yet) - see whether this package can be installed without conflicts:

        • Either select the package - click the More button on the toolbar - click Verifier:

        • Or right-click the package - click Verifier:

        Result of this test should be one of these:

        • Installation is allowed

        • Upgrade is allowed

      3. Install the package:

        Note: The installation progress (in per cent) appears in "Gaia Portal" - "Upgrades (CPUSE)" section - "Status and Actions" page, and in the output of the Gaia Clish command "show installer package <Package_Number>".

        • Either select the package and click the Clean Install button on the toolbar.

        • Or right-click the package and click Clean Install:

      4. Machine is rebooted automatically.

      5. Connect to Gaia Portal and complete the First Time Configuration Wizard.



    • (4-B-c-ii) Show / Hide clean install instructions in Gaia Clish for Major Version

      Note: For details about Gaia Clish commands, refer to section "(4-D) How to work with CPUSE - "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)".

      1. Connect to command line on Gaia machine.

      2. Log in to Gaia Clish.

      3. Obtain the lock over Gaia configuration database:

        HostName:0> lock database override

      4. Get the downloaded / available for install packages:

        HostName:0> show installer packages

      5. Verify the package (if you have not done it yet) - see whether this package can be installed without conflicts:

        HostName:0> installer verify[press Space key][press Tab key]

        HostName:0> installer verify <Package_Number>

        Result of this test should be:

        Result: Verifier results: Clean Install: Installation is allowed. Upgrade: Upgrade is allowed.
        Status: Available for Install
        
      6. Start the clean install of Major Version:

        HostName:0> installer clean-install[press Space key][press Tab key]

        HostName:0> installer clean-install <Package_Number>

        Note: Once you see "Validating Install", press CTRL+C.

        Example from R75.46 being upgraded to R77 (clean install):

        HostName:0> installer install[press Space key][press Tab key]
        **  ************************************************************************* **
        **                                  Majors                                    **
        **  ************************************************************************* **
        Num Display name                                      Type
        1   R81.10 Gaia Fresh Install and upgrade           Major Version
        HostName:0> installer install 1
        The machine will automatically reboot after installation (y/n) [n]  y
        
        Initiating install of R81.10 Gaia Fresh Install and upgrade...
        Note:      This installs a new machine.
        Existing OS settings and the Check Point Database will be overwritten.There will be an automatic reboot.
        Interactive mode is enabled. Press CTRL + C to exit (this will not stop the operation)
        Validating Install:            5%
        
      7. Get the Package Number of the package being installed:

        HostName:0> show installer package[press Space key][press Tab key]
      8. To see the installation progress:

        Repeatedly run this command and refer to the "Status" line:

        HostName:0> show installer package <Package_Number>

        Example from R81.00 being upgraded to R81.10 (clean install):

        HostName:0> show installer package 3
        Display name:     R81.10 Gaia Fresh Install and upgrade
        Description:      No Description
        Size:             3.18 GB
        Type:             Major Version
        Status:           Installing (13%)
        Requires reboot:  Yes
        Recommended:      No
        Contains:         None
        Contained-in:     None
        Downloaded on:    Thu Mar  3 19:56:01 2021
        Imported on:      N/A
        Installed on:     N/A
        Installation log: /opt/CPInstLog//install_Major_R81_10.log
        HostName:0>
        
        ... ... ...
        HostName:0> show installer package 3
        ... ... ...
        
        HostName:0> show installer package 3
        Display name:     R81.10 Gaia Fresh Install and upgrade
        Description:      No Description
        Size:             3.18 GB
        Type:             Major Version
        Status:           Installing (100%)
        Requires reboot:  Yes
        Recommended:      No
        Contains:         None
        Contained-in:     None
        Downloaded on:    Thu Mar  3 19:56:01 2021
        Imported on:      N/A
        Installed on:     Thu Mar  3 20:06:30 2021
        Installation log: /opt/CPInstLog//install_Major_R81_10.log
        HostName:0>
        
      9. Machine is rebooted automatically.

      10. Connect to command line on Gaia machine.

      11. Log in.

      12. Gaia OS prompts to run the First Time Configuration Wizard.

        Example from R81.00 being upgraded to R81.10 (clean install):

        login as: admin
        This system is for authorized use only.
        admin@172.30.41.100's password:
        Last login: Thu Mar  3 13:08:47 2021
        In order to configure your system, please access the Web UI and finish the First Time Wizard.
        gw-aa7bc3>
        
        gw-aa7bc3> show installer package[press Space key][press Tab key]
        **  ************************************************************************* **
        **                                  Majors                                    **
        **  ************************************************************************* **
        Num Display name                                      Type
        1   R81.10 Gaia Fresh Install and upgrade            Major Version
        gw-aa7bc3> show installer package 1
        Display name:     R81.10 Gaia Fresh Install and upgrade
        Description:      No Description
        Size:             3.18 GB
        Type:             Major Version
        Status:           Installed
        Requires reboot:  Yes
        Recommended:      No
        Contains:         None
        Contained-in:     None
        Downloaded on:    N/A
        Imported on:      N/A
        Installed on:     N/A
        Installation log: N/A
        gw-aa7bc3>
        
      13. Connect to Gaia Portal and complete the First Time Configuration Wizard.

 

(4-C) How to work with CPUSE - How to uninstall a CPUSE package

Show / Hide this sub-section

Notes:

Where to uninstall

How to uninstall

Gaia Portal

  • Either select the package - click the More button on the toolbar, and click Uninstall:

    (Note: Machine is rebooted automatically)

    Example:

  • Or right-click the package and click Uninstall:

    (Note: Machine is rebooted automatically)

  • You will get uninstall options window.

    The available uninstall options are to uninstall the last Jumbo HFA Take and to uninstall completely if there were more than one Take installed:

Gaia Clish

Note: For details about Gaia Clish commands, refer to section "(4-D) How to work with CPUSE - "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)".

  1. Connect to command line on Gaia machine.

  2. Log in to Gaia Clish.

  3. Obtain the lock over Gaia configuration database:

    HostName:0> lock database override

  4. Show the installed packages:

    HostName:0> show installer packages installed

  5. Uninstall the desired package:

    HostName:0> installer uninstall[press Space key][press Tab key]

    HostName:0> installer uninstall <Package_Number>[press Space key][press Tab key]

    INFO: This package is installed on top of Jumbo HFA Take 154

    Select one of the following uninstall options:

    completely - After uninstall, there is no version of the package installed on your machine

    last-take - Only the latest Jumbo HFA Take is uninstalled. The previously installed Jumbo HFA Take remains on your machine

  6. Machine is rebooted automatically (if required so by the uninstalled package).

 

(4-D) "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)

Show this sub-section
  • Show / Hide available Gaia Clish commands for CPUSE

    These command are available in Gaia Clish to work with CPUSE:

    1. Connect to command line on Gaia machine.

    2. Log in to Gaia Clish.

    3. Obtain the lock over Gaia configuration database:

      HostName:0> lock database override

    4. Run the applicable Gaia Clish commands:

      Table of Contents for applicable actions:

      1. Show the CPUSE Packages, Status and Agent Policy
      2. Configure the CPUSE Agent Policy and Mail Notifications
      3. Download, Install, Import a CPUSE package

      #

      Action

      Commands

      1

      Show the CPUSE Packages, Status and Agent Policy:

      HostName:0> show installer
      mail-notifications - Show mail notifications for user
      package            - Show information about a specific package
      packages           - Show packages information
      policy             - Show policies configurations
      status             - Show status
      HostName:0>

      where the full syntax is:

      • HostName:0> show installer mail-notifications {<e-mail> | <user_number>}

        Shows for which categories mail notifications were configured for specific user

        Specific commands:

        HostName:0> show installer mail-notifications <e-mail>

        HostName:0> show installer mail-notifications[press Space key][press Tab key]

        HostName:0> show installer mail-notifications <user_number>

      • HostName:0> show installer package <Package_Number>

        Shows complete information about a specific package (name, size, status, what packages it contains, etc.)

      • HostName:0> show installer packages {all}

        Shows brief information (name and status) about all packages in all categories

        HostName:0> show installer packages available-for-download

        Shows only packages with the status "Available for Download" and "Partially Downloaded"

        HostName:0> show installer packages downloaded

        Shows only packages with the status "Downloaded"

        HostName:0> show installer packages imported

        Shows only packages that were imported

        HostName:0> show installer packages installed

        Shows only packages that were installed

        HostName:0> show installer packages recommended

        Shows only recommended packages

      • HostName:0> show installer policy {all}

        Shows CPUSE policy (how often to check for updates, which self tests to perform, etc.)

        HostName:0> show installer policy check-for-updates-period

        Shows how often CPUSE Agent checks for packages updates

        HostName:0> show installer policy downloads

        Shows download policy for "Hotfixes" (automatic / manual / scheduled)

        HostName:0> show installer policy periodically-self-update

        Shows if CPUSE Agent will periodically check for newer CPUSE builds

        HostName:0> show installer policy self-test {all | auto-rollback | install-policy | network-link-up | start-processes}

        Shows which sanity tests CPUSE Agent performs after installing a CPUSE package

        HostName:0> show installer policy send-cpuse-data

        Shows if CPUSE Agent sends statistics to Check Point about about download and installation of packages

      • HostName:0> show installer status {all}

        Shows CPUSE Agent status (enabled or not, build, license, connected or not, etc.)

        HostName:0> show installer status agent

        Shows if CPUSE Agent is enabled or not

        HostName:0> show installer status build

        Shows CPUSE Agent build

        HostName:0> show installer status connection

        Shows if CPUSE Agent is connected or not

        HostName:0> show installer status license

        Shows if license for CPUSE Agent is valid or not

        HostName:0> show installer status update-from-cloud

        Shows when CPUSE Agent perform last check for new applicable CPUSE packages

      2

      Configure the CPUSE Agent
      Policy and Mail Notifications

      HostName:0> set installer
      mail-notifications - Set mail notifications policy
      policy             - Set policies
      HostName:0>

      where the full syntax is:

      • HostName:0> set installer mail-notifications {<e-mail> | <user_number>} {download-status | install-status | new-available-packages} {on | off}

        Defines for which categories CPUSE Agent sends mail notifications to specific user

        Specific commands:

        HostName:0> set installer mail-notifications <e-mail> download-status {on | off}

        or

        HostName:0> set installer mail-notifications[press Space key][press Tab key]

        HostName:0> set installer mail-notifications <user_number> download-status {on | off}

        Configures CPUSE Agent whether to send mail notifications to specific user when packages are available for download

        HostName:0> set installer mail-notifications <e-mail> install-status {on | off}

        or

        HostName:0> set installer mail-notifications[press Space key][press Tab key]

        HostName:0> set installer mail-notifications <user_number> install-status {on | off}

        Configures CPUSE Agent whether to send mail notifications to specific user when a package was installed

        HostName:0> set installer mail-notifications <e-mail> new-available-packages {on | off}

        or

        HostName:0> set installer mail-notifications[press Space key][press Tab key]

        HostName:0> set installer mail-notifications <user_number> new-available-packages {on | off}

        Configures CPUSE Agent whether to send mail notifications to specific user when new packages are available

        Notes:

        • This setting configures Gaia OS to sent e-mail notifications about Software Updates for these categories:

          1. Download Status

          2. Install Status

          3. New Available Packages

        • If mail server is not configured yet, then configure the mail server and the root user for that mail server:

          HostName:0> set mail-notification server <SERVER_HOST_or_IP_ADDRESS>

          HostName:0> set mail-notification username <ROOT_USER@MAIL_DOMAIN>

          HostName:0> save config

        • Currently, it is not possible to view the e-mail notifications settings in Gaia Clish (only to configure).

          To verify the e-mail notifications settings in the Expert mode:

          1. Connect to command line on Gaia machine.

          2. Log in to the Expert mode.

          3. Examine the applicable lines in Gaia configuration database - search for Mail Domain:

            [Expert@HostName:0]# grep "Configured_Mail_Domain" /config/db/initial

            Example for "mail.company.com":

            [Expert@HostName:0]# grep 'company' /config/db/initial
            ssmtp:root root_user@mail.company.com
            ssmtp:mailhub mail.company.com
            installer:mail_notifications:user_3@mail.company.com:d_status true
            installer:mail_notifications:user_3@mail.company.com:available true
            installer:mail_notifications:user_2@mail.company.com 1
            installer:mail_notifications:user_2@mail.company.com:i_status true
            installer:mail_notifications:user_2@mail.company.com:d_status false
            installer:mail_notifications:user_2@mail.company.com:available false
            installer:mail_notifications:user_1@mail.company.com 1
            installer:mail_notifications:user_1@mail.company.com:i_status true
            installer:mail_notifications:user_1@mail.company.com:d_status true
            installer:mail_notifications:user_1@mail.company.com:available true
            [Expert@HostName:0]#
            

            Legend:

            Notification category

            Attribute in Gaia Database

            Clarification

            Install Status

            i_status

            • If the category was enabled, then the corresponding attribute will appear with value true.

            • If the category was never enabled, then the corresponding attribute will not appear at all.

            • If the category was never disabled, then the corresponding attribute will appear with value false.

            Download Status

            d_status

            New Available Packages

            available

      • HostName:0> set installer policy check-for-updates-period <Time_in_Hours>

        Configures the period, in hours, between checks for available packages in the cloud.

        • Default value = 6 hours

        • Valid values = 0 - 240 hours (configure 0 to disable these checks)

        Note: The configured period is saved in Gaia Database in seconds.

        Example for value of 2 hours:

        [Expert@HostName:0]# grep check_for_updates_period /config/db/initial

        installer:check_for_updates_period 7200

      • HostName:0> set installer policy downloads {automatic | manual}

        Defines how CPUSE Agent should download "Hotfixes" packages

        Specific commands:

        HostName:0> set installer policy downloads automatic

        Configures CPUSE Agent to download packages when they become available

        HostName:0> set installer policy downloads manual

        Configures CPUSE Agent to download packages only manually

        These settings control how to download CPUSE packages of "Hotfixes" (does not apply to "Minor Versions (HFAs)" / "Major Versions" packages):

        automatic

        If enabled, CPUSE Agent downloads packages when they become available:

        • immediately after the Gaia OS boots up

        • each time "Status and Actions" page is accessed in Gaia Portal

        • each time period is defined with "set installer policy check-for-updates-period <Time_in_Hours>" command

        manual

        If enabled, CPUSE Agent downloads packages only manually

      • HostName:0> set installer policy periodically-self-update {on | off}

        Defines if CPUSE Agent should periodically check for and installer newer CPUSE builds

        Notes:

        • If this setting is enabled (default), then, if an updated version of CPUSE (Gaia Software Updates) Agent is available for

          download, Gaia OS downloads it from Check Point Cloud and installs it automatically (CPUSE Agent "self-update").

        • If this setting is disabled, then:

          1. If administrator attempts to install any other software update, a warning will appear saying that CPUSE (Gaia Software Updates) Agent must be updated first.

          2. This setting is added to the Gaia Database: installer:self_update_policy_no_permission 1

            (this attribute is removed when this box is checked)

      • HostName:0> set installer policy self-test {auto-rollback | install-policy | network-link-up | start-processes} {on | off}

        Defines which sanity tests CPUSE Agent performs after installing a CPUSE package

        Specific commands:

        HostName:0> set installer policy self-test install-policy {on | off}

        HostName:0> set installer policy self-test network-link-up {on | off}

        HostName:0> set installer policy self-test start-processes {on | off}

        These settings are used for sanity checks after installing a CPUSE package:

        install-policy

        If enabled, CPUSE makes sure that it is possible to install a policy

        network-link-up

        If enabled, CPUSE makes sure that all the configured network interfaces on the Gaia machine are up

        start-processes

        If enabled, CPUSE makes sure that Check Point processes are running

      3

      Download, Install, Import a CPUSE package:

      HostName:0> installer
      agent                - Perform Deployment agent actions
      check-for-updates    - Check for new available packages in Check Point cloud
      clean-install        - Clean install a new major version    
      delete               - Delete package
      download             - Download package
      download-and-install - Download and install package
      import               - Import package
      install              - Install package
      reinstall            - Renstall package
      uninstall            - Uninstall package
      upgrade              - Upgrade to a new major version
      verify               - Verify if package is compatible with this machine
      HostName:0>

      where the syntax is:

      • HostName:0> installer agent disable

        Disables CPUSE Agent

        Notes:

        • This command disables all CPUSE Agent actions

        • This command survives reboot

        • This command is used with the "installer agent enable" command

          Important: Must wait at least 10 seconds after running the "installer agent disable" command and before running the "installer agent enable" command; and vice versa

        HostName:0> installer agent enable

        Enables CPUSE Agent (if it was disabled with "installer agent disable")

        Notes:

        • This command enables all CPUSE Agent actions

        • This command survives reboot

        • This command is used with the "installer agent disable" command

          Important: Must wait at least 10 seconds after running the "installer agent disable" command and before running the "installer agent enable" command; and vice versa

        HostName:0> installer agent start

        Starts CPUSE Agent (if it was stopped with the "installer agent stop" command)

        Notes:

        • This command starts all CPUSE Agent actions

        • This command survives reboot

        • This command is used with the "installer agent stop" command

          Important: Must wait at least 10 seconds after running the "installer agent stop" command and before running the "installer agent start" command; and vice versa

        • When running this command, the error "NMINST9999  Timeout waiting for response from database server" might appear, although the command worked; if you run this command again, the message "Deployment agent is already running" will appear

        HostName:0> installer agent stop

        Stops the CPUSE Agent

        Notes:

        • This command stops all CPUSE Agent actions

        • This command does not survive reboot

        • This command is used with the "installer agent start" command

          Important: Must wait at least 10 seconds after running the "installer agent stop" command and before running the "installer agent start" command; and vice versa

        HostName:0> installer agent update [not-interactive]

        Forces CPUSE Agent to check for and install a newer CPUSE build

      • HostName:0> installer check-for-updates [not-interactive]

        Forces CPUSE Agent to check for new available packages in Check Point cloud

      • HostName:0> installer delete {<Package_Number> | <Package_Name>} [not-interactive]

        Deletes the specified CPUSE package

      • HostName:0> installer download {<Package_Number> | <Package_Name>} [pause | resume | not-interactive]

        Starts the download of the specified CPUSE package

        HostName:0> installer download {<Package_Number> | <Package_Name>} not-interactive

        Starts the download of the specified CPUSE package without waiting for result

        HostName:0> installer download {<Package_Number> | <Package_Name>} pause

        Pauses the download of the specified CPUSE package

        HostName:0> installer download {<Package_Number> | <Package_Name>} resume

        Resumes the download of the specified CPUSE package

      • HostName:0> installer download-and-install {<Package_Number> | <Package_Name>} [not-interactive]

        Downloads and installs the specified CPUSE package in "Hotfixes" category in one step

      • HostName:0> installer import cloud <CPUSE_Identifier> [not-interactive]

        Imports the specified CPUSE package from Check Point cloud

        HostName:0> installer import ftp <IPv4_Address> path <Path> username <Username> [password <Password>] [not-interactive]

        Imports the specified CPUSE package from an FTP server

        HostName:0> installer import local <Full_Path>/<Package_File_Name>.<TGZ_or_TAR> [not-interactive]

        Imports the specified CPUSE package from a local directory

      • HostName:0> installer install {<Package_Number> | <Package_Name>} [not-interactive]

        Installs the specified CPUSE Hotfix package

      • HostName:0> installer clean-install {<Package_Number> | <Package_Name>} [not-interactive]

        Installs the specified CPUSE major package

      • HostName:0> installer uninstall {<Package_Number> | <Package_Name>} {completely | last-take} [not-interactive]

        Uninstalls the specified CPUSE package

      • HostName:0> installer upgrade {<Package_Number> | <Package_Name>} [not-interactive]

        Starts the upgrade to Major Version using the specified CPUSE package

      • HostName:0> installer verify {<Package_Number> | <Package_Name>} [not-interactive]}

        Verifies if the specified CPUSE package can be installed without conflicts

      The progress (in per cent) of the download / install / uninstall actions appears in "Gaia Portal" - "Upgrades (CPUSE)" section and in the output of the Gaia Clish command "show installer package <Package_Number>".



  • Show / Hide information about Important Messages

    This section (yellow rectangular at the top) shows important static messages - e.g., about CPUSE license, whether a reboot / restart of the Check Point services is required.

    Example:

  • Show / Hide information about Event Log

    Note: To see complete technical details about the operations performed by CPUSE (Gaia Software Updates) Agent, refer to /opt/CPInstLog/DeploymentAgent.log.* files.

    The general messages from CPUSE Agent appear in the Event Log.

    In "Gaia Portal" - go to the "Upgrades (CPUSE)" section - click the "Status and Actions" page - scroll to the bottom - click the "Event Log" button:

    Notes:

    • This window shows the general messages only for the last 10 minutes.

    • Events in this window appear in the ascending order (the latest event is at the top).

    • To see the full log file, click the the Save full event log button in the upper right corner. Web browser will save the /opt/CPInstLog/DA_UI.log file to your computer (events in this file appear in the descending order - the latest event is at the bottom).

    • Events in the pop-up are marked by different icons:

      • - Information

      • - Success

      • - Warning

      • - Error

  • Show / Hide how to get the Take number of the installed Gaia OS

    Gaia Take number appears near the version.

    Example:

  • Show / Hide information about the help icon

    It is a link to this article (sk92449):

  • Show / Hide how to save a CPUSE package install log in Gaia Portal

    After a package is installed, user can see the package installation log in Gaia Portal in one of these two ways:

    Note: The package installation log is located in /opt/CPInstLog/ directory.

    Way 1

    Way 2

    1. Select the installed package

    2. Click the More button on the toolbar

    3. Click Save Install Log

    1. Right-click the installed package

    2. Click Save Install Log



  • Show / Hide information about categories of CPUSE packages

    All packages (available and installed) appear on Status and Actions page in categories (click the category title to see the explanation):

    Category

    Explanation (refer to sk95746)

    Hotfixes

    Check Point's software updates and Jumbo Hotfix Accumulators, for security fixes and feature improvement.

    Released after fixes for issue(s) were developed and tested.

    Major Versions

    Introduce new functions and cutting edge innovative technologies to the market while maintaining high product quality.

    All packages appear in a hierarchy - parent package and its child packages are nested.

    Notes (see example screenshots below):

    • Each category can be collapsed or expanded by clicking on the category title.

      When clicking on the category title, the explanation about the category appears in the right section.

    • The number of packages in each category appears to the right of the category title (in the end of the line).

      The number of packages that appear depends on the current filter (see the next bullet).

    • If all the recommended packages in the category were already installed, then it will show "Aligned with the latest version".

    • The recommended software updates are marked by a yellow star on the package icon.

      (Note: this yellow star appears only if the Gaia machine is connected to the Internet (this information is obtained from Check Point Cloud).

    • Software packages that were installed as part of another package (an accumulative hotfix that includes several hotfixes inside, or an HFA that includes several package) appears with the status "Installed As Part Of Another Package" and will be grayed out.



  • Show / Hide how to filter the list of CPUSE packages

    You can use the filter button near the help icon and select the packages you wish to see:

    • Recommended (default)

    • Installed

    • All

  • Show / Hide how to export a CPUSE package in Gaia Portal

    A package that was already downloaded / installed, can be exported from this Gaia machine for backup purposes, or to be transferred to another Gaia machine (for example, if another Gaia machine is disconnected from the Internet):

    Note: Currently, this operation is available only in Gaia Portal.

    1. Export the package:

      1. Right-click the package

      2. Click Export Package

    2. The package will be saved on your computer as a special TAR archive file that contains the necessary files.



  • Show / Hide how to import a CPUSE package

    Note: Either get the offline CPUSE package from Check Point Support, or export the CPUSE package from a source Gaia machine, on which this package was already downloaded / installed (see the instructions how to export a CPUSE package in Gaia Portal). Do not change the package name.

    In Gaia Portal

    In Gaia Clish

    1. Connect to Gaia Portal on the target Gaia OS.

    2. Obtain the lock over the configuration database (click the lock icon at the top - near 'Sign Out'):

    3. Navigate to the Upgrades (CPUSE) section, click the Status and Actions page.

    4. In the upper right corner, click the Import Package button:

    5. In the Import Package window, click Browse... - select the CPUSE offline package (TGZ file) / exported package (TAR file) - click Import.

      Note: If this error appears, then wrong package was uploaded (contact Check Point Support for assistance):

      Import Failed

      Cannot import package <Name_of_File>. It is not a valid CPUSE package.

      Refer to the package's official documentation to get a list of compatible machines. For more information, contact Check Point Technical Services.

      Example:

      • Popup at the bottom:

      • Event Log entry:

    Note: For details about Gaia Clish commands, refer to section "(4-D) How to work with CPUSE - "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)".

    1. Transfer the CPUSE offline package (TGZ) / exported package (TAR) to the target Gaia machine (into some directory, e.g., /some_path_to_package/).

    2. Connect to command line on the target Gaia OS.

    3. Log in to Gaia Clish.

    4. Obtain the lock over Gaia configuration database:

      HostName:0> lock database override
    5. Import the package from the hard disk:

      Note: When import completes, this package is deleted from the original location.

      HostName:0> installer import local <Full_Path>/<Package_File_Name>.<TGZ_or_TAR>

      Example:

      HostName:0> installer import local /var/log/path_to_pkg/Check_Point_Hotfix_R81_10.tgz

    6. Show the imported packages:

      HostName:0> show installer packages imported


  • Show / Hide how to verify a CPUSE package

    Verify the package to see whether this package can be installed without conflicts:

    In Gaia Portal

    In Gaia Clish

    1. Connect to Gaia Portal.

    2. Obtain the lock over the configuration database (click the lock icon at the top - near 'Sign Out'):

    3. Navigate to the Upgrades (CPUSE) section - click the Status and Actions page.

    4. Initiate the Verifier:

      • Either select the package - click the More button on the toolbar - click Verifier:

      • Or right-click the package - click Verifier:

    5. Result of this test appears in a pop-up.

      One of these:

      • Installation is allowed

      • Upgrade is allowed

    Note: For details about Gaia Clish commands, refer to section "(4-D) How to work with CPUSE - "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)".

    1. Connect to command line on the target Gaia OS.

    2. Log in to Gaia Clish.

    3. Obtain the lock over Gaia configuration database:

      HostName:0> lock database override
    4. Show the applicable packages:

      HostName:0> show installer packages {available-for-download | downloaded | imported | recommended}

      Specific commands:

      HostName:0> show installer packages available-for-download

      HostName:0> show installer packages downloaded

      HostName:0> show installer packages imported

      HostName:0> show installer packages recommended

    5. Verify the package - see whether this package can be installed without conflicts:

      HostName:0> installer verify[press Space key][press Tab key]

      HostName:0> installer verify <Package_Number>

      Result of this test should be:

      • For a Hotfix package:

        Result: Installation is allowed
        Status: Available for Install
        
      • For a Major Version:

        Result: Verifier results: Clean Install: Installation is allowed. Upgrade: Upgrade is allowed.
        Status: Available for Install
        


  • Show / Hide how to add a CPUSE package for specific hotfix from Check Point Cloud

    Note: This requires connection to the Internet and to Check Point Cloud (refer to section "System requirements and limitations" - requirement "CPUSE communication with Check Point cloud" above, and to sk83520).

    In Gaia Portal

    In Gaia Clish

    1. Connect to Gaia Portal.

    2. Obtain the lock over the configuration database (click the lock icon at the top - near 'Sign Out'):

    3. Navigate to the Upgrades (CPUSE) section - click the Status and Actions page.

    4. Click the Add Hotfix from Cloud button:

    5. A pop-up appears:

    6. Contact Check Point Support to get the applicable CPUSE Identifier.

      If you know that the CPUSE package for required hotfix is available on Check Point Download Center, then copy-and-paste the exact name of the regular package for required hotfix as appears in the "File Name" field on the hotfix Download Page:

      Notes:

      • Currently, only these keys are supported in this field: Left/Right arrow, Delete, Backspace.

      • Downloading the hotfix by its URL is not supported.

      • Packages that are not suitable for this machine, will not be available.

      Example:

      Paste the hotfix name in the pop-up search window:

    7. Click the magnifying glass icon to start the search

    8. When the package is found, it appears as a link along with its title and release date.

    9. Click the package to add it to the list of available packages.

      Example:

    10. The package will be added with the status Available for Download.

    Note: For details about Gaia Clish commands, refer to section "(4-D) How to work with CPUSE - "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)".

    1. Connect to command line on Gaia machine.

    2. Log in to Gaia Clish.

    3. Obtain the lock over Gaia configuration database:

      HostName:0> lock database override
    4. Import the package from the Check Point Cloud:

      HostName:0> installer import cloud <CPUSE_Identifier>

      Contact Check Point Support to get the applicable CPUSE Identifier.

      Note: Packages that are not suitable for this machine, will not be available.

      If you know that the CPUSE package for required hotfix is available on Check Point Download Center, then copy-and-paste the exact name of the regular package for required hotfix as appears in the "File Name" field on the hotfix Download Page

      Show the imported packages:

      HostName:0> show installer packages imported


  • Show / Hide how to configure CPUSE Software Updates Policy

    In Gaia Portal

    In Gaia Clish

    Refer to R77 Versions Gaia Administration Guide - chapter "CPUSE" - section "Configuring a CPUSE Policy - WebUI".

    1. Connect to Gaia Portal.

    2. Obtain the lock over the configuration database (click the lock icon at the top - near 'Sign Out'):

    3. Navigate to:

      1. Upgrades (CPUSE) section

      2. Software Updates Policy page

    4. Configure the desired policy:

      Note: After any change in settings, you need to click the "Apply" button.

      • Self Tests to perform

        These settings are used for sanity checks after installing a CPUSE package:

        Start the Check Point Processes

        If enabled, CPUSE makes sure that Check Point processes are running

        Install Policy

        If enabled, CPUSE makes sure that it is possible to install a policy

        Network Link Up

        If enabled, CPUSE makes sure that all the configured network interfaces on the Gaia machine are up

      • Check for updates period

        Configures the period, in hours, between checks for available packages in the cloud.

        • Default value = 6 hours

        • Valid values = 0 - 240 hours (configure 0 to disable these checks)

        Note: The configured period is saved in Gaia Database in seconds.

        Example for value of 2 hours:

        [Expert@HostName:0]# grep check_for_updates_period /config/db/initial

        installer:check_for_updates_period 7200

      • Self test - Auto-rollback upon failure

        This setting is used for sanity test after installing a CPUSE package.

        If this box is checked, then CPUSE runs a fall-back procedure if the installed CPUSE package fails one of the sanity tests enabled in the Self Tests to perform sub-section - CPUSE would automatically restore the version that was active before the CPUSE package was installed and send a notification that the installation failed.

      • Periodically update new Deployment Agent version (recommended)

        • If this box is checked (default), then, if an updated version of CPUSE (Gaia Software Updates) Agent is available for download, Gaia OS downloads it from Check Point Cloud and installs it automatically (CPUSE Agent "self-update").

        • If this box is cleared, then:

          • Important Messages (yellow section at the top) will show "click here" to download the new version.

          • If administrator attempts to install any other software update, a warning will appear saying that CPUSE (Gaia Software Updates) Agent must be updated first.

          • This setting is added to the Gaia Database: installer:self_update_policy_no_permission 1 (this attribute is removed when this box is checked).

    Note: For details about Gaia Clish commands, refer to section "(4-D) How to work with CPUSE - "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)".

    1. Connect to command line on Gaia machine.

    2. Log in to Gaia Clish.

    3. Obtain the lock over Gaia configuration database:

      HostName:0> lock database override
    4. Configure the desired CPUSE (Gaia Software Updates) Agent Policy:

      • HostName:0> set installer policy check-for-updates-period <Time_in_Hours>

        Configures the period, in hours, between checks for available packages in the cloud.

        Note: When updating CPUSE Agent from build 839, it is necessary to restart all Gaia Clish daemons for this Gaia Clish command to become available (does not apply if updating from older CPUSE builds) - refer to section "(3) Download the latest build of CPUSE Agent and What's New" - Step "(3-C) How to manually install the CPUSE Agent package" - Step 5.

        • Default value = 6 hours

        • Valid values = 0 - 240 hours (configure 0 to disable these checks)

        Note: The configured period is saved in Gaia Database in seconds.

        Example for value of 2 hours:

        [Expert@HostName:0]# grep check_for_updates_period /config/db/initial

        installer:check_for_updates_period 7200

      • HostName:0> set installer policy downloads {automatic | manual }

        Specific commands:

        HostName:0> set installer policy downloads automatic

        HostName:0> set installer policy downloads manual

        These settings control how to download CPUSE packages (applies only to "Hotfixes" and JUMBO packages - and does not apply to "Major Versions" packages):

        automatic

        If enabled, CPUSE Agent downloads packages when they become available:

        • immediately after the Gaia OS boots up
        • each time "Status and Actions" page is accessed in Gaia Portal
        • each time period defined with "set installer policy check-for-updates-period <Time_in_Hours>" command

        manual

        If enabled, CPUSE Agent downloads packages only manually

      • HostName:0> set installer policy periodically-self-update {on | off}

        Notes:

        • If this setting is enabled (default), then, if an updated version of CPUSE (Gaia Software Updates) Agent is available for download, Gaia OS downloads it from Check Point Cloud and installs it automatically (CPUSE Agent "self-update").

        • If this setting is disabled, then:

          1. If administrator attempts to install any other software update, a warning will appear saying that CPUSE (Gaia Software Updates) Agent must be updated first.

          2. This setting is added to the Gaia Database: installer:self_update_policy_no_permission 1 (this attribute is removed when this box is checked).

      • HostName:0> set installer policy self-test {auto-rollback | install-policy | network-link-up | start-processes} {on | off}

        Specific commands:

        HostName:0> set installer policy self-test install-policy {on | off}

        HostName:0> set installer policy self-test network-link-up {on | off}

        HostName:0> set installer policy self-test start-processes {on | off}

        These settings are used for sanity checks after installing a CPUSE package:

        install-policy

        If enabled, CPUSE makes sure that it is possible to install a policy

        network-link-up

        If enabled, CPUSE makes sure that all the configured network interfaces on the Gaia machine are up

        start-processes

        If enabled, CPUSE makes sure that Check Point processes are running



  • Show / Hide how to configure CPUSE Software Updates Mail Notifications

    In Gaia Portal

    In Gaia Clish

    1. Connect to Gaia Portal.

    2. Obtain the lock over the configuration database (click the lock icon at the top - near 'Sign Out'):

    3. Navigate to:

      1. Upgrades (CPUSE) section

      2. Click the Software Updates Policy page

    4. Configure the desired Mail Notifications:

      Note: After any change in settings, you need to click the "Apply" button.

      • This setting configures Gaia OS to sent e-mail notifications about Software Updates for these categories:

        • Download Status

        • Install Status

        • New Available Packages

      • If a mail server is not configured yet, then:

        1. Click the applicable link:

          In order to configure a mail server, use the Mail Notification page, found in the advanced view mode.

        2. System Management section - Mail Notification page will open.

          Configure the mail server and the root user for this mail server.

          Click the "Apply" button.

          Example:

        3. Navigate back to:

          • Upgrades (CPUSE) section - Software Updates Policy page - Mail Notifications sub-section

        4. Click the Add button to add a user, to whom e-mail notifications should be sent.

        5. Add the user's e-mail address and select for which categories to send the e-mail notifications - click the "OK" button.

          Example:

        6. By selecting the user's e-mail address in the list, you can see and change on-the-fly the categories, for which the e-mail notifications are sent to this user.

    Note: For details about Gaia Clish commands, refer to section "(4-D) How to work with CPUSE - "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)".

    1. Connect to command line on Gaia machine.

    2. Log in to Gaia Clish.

    3. Obtain the lock over Gaia configuration database:

      HostName:0> lock database override
    4. Configure the desired CPUSE (Gaia Software Updates) Agent Mail Notifications:

      • HostName:0> set installer mail-notifications {<Package_Number> | <e-mail>} {download-status | install-status | new-available-packages} {on | off}

        Specific commands:

        HostName:0> set installer mail-notifications <Package_Number> download-status {on | off}

        HostName:0> set installer mail-notifications <Package_Number> install-status {on | off}

        HostName:0> set installer mail-notifications <Package_Number> new-available-packages {on | off}

        or

        HostName:0> set installer mail-notifications <e-mail> download-status {on | off}

        HostName:0> set installer mail-notifications <e-mail> install-status {on | off}

        HostName:0> set installer mail-notifications <e-mail> new-available-packages {on | off}

        Notes:

        • This setting configures Gaia OS to sent e-mail notifications about Software Updates for these categories:

          1. Download Status

          2. Install Status

          3. New Available Packages

        • If mail server is not configured yet, then configure the mail server and the root user for that mail server:

          HostName:0> set mail-notification server <SERVER_HOST_or_IP_ADDRESS>

          HostName:0> set mail-notification username <ROOT_USER@MAIL_DOMAIN>

          HostName:0> save config

        • Currently, it is not possible to view the e-mail notifications settings in Gaia Clish (only to configure).

          To verify the e-mail notifications settings in the Expert mode:

          1. Connect to command line on Gaia machine.

          2. Log in to the Expert mode.

          3. Examine the applicable lines in Gaia configuration database - search for Mail Domain:

            [Expert@HostName:0]# grep "Configured_Mail_Domain" /config/db/initial

            Example for "mail.company.com":

            [Expert@HostName:0]# grep 'company' /config/db/initial
            ssmtp:root root_user@mail.company.com
            ssmtp:mailhub mail.company.com
            installer:mail_notifications:user_3@mail.company.com:d_status true
            installer:mail_notifications:user_3@mail.company.com:available true
            installer:mail_notifications:user_2@mail.company.com 1
            installer:mail_notifications:user_2@mail.company.com:i_status true
            installer:mail_notifications:user_2@mail.company.com:d_status false
            installer:mail_notifications:user_2@mail.company.com:available false
            installer:mail_notifications:user_1@mail.company.com 1
            installer:mail_notifications:user_1@mail.company.com:i_status true
            installer:mail_notifications:user_1@mail.company.com:d_status true
            installer:mail_notifications:user_1@mail.company.com:available true
            [Expert@HostName:0]#
            

            Legend:

            Notification category

            Attribute in Gaia Database

            Clarification

            Install Status

            i_status

            • If the category was enabled, then the corresponding attribute will appear with value true.

            • If the category was never enabled, then the corresponding attribute will not appear at all.

            • If the category was never disabled, then the corresponding attribute will appear with value false.

            Download Status

            d_status

            New Available Packages

            available



  • Show / Hide how to download SmartConsole package from Gaia Portal

    Note: SmartConsole package will be available only on machine that is configured as Security Management Server / Multi-Domain Security Management Server, or as a StandAlone (Security Management Server and Security Gateway).

    In Gaia Portal

    In Gaia Clish

    1. Connect to Gaia Portal.

    2. Obtain the lock over the configuration database (click the lock icon at the top - near 'Sign Out'):

    3. Navigate to the Upgrades (CPUSE) section (in Gaia R77.20 and above) / to Software Updates section (in Gaia R77.10 and lower) - click the Status and Actions page.

      In Gaia R77.20 and above:

      In Gaia R77.10 and lower:

    4. Use the filter button near the help icon and select All:

    5. SmartConsole package appears in the category "Minor Versions (HFAs)".

    6. Select the SmartConsole package.

    7. Download the SmartConsole package:

      • Either select the package - click the Download button on the toolbar.

        Example:

      • Or right-click the package and click Download:

    8. Install the SmartConsole package:

      • Either select the package - click the Install Update button on the toolbar.

        Example:

      • Or right-click the package - click Install Update:

    9. The SmartConsole package will be unpacked.

    10. Gaia Portal will offer to download the SmartConsole.exe file.

      Example:

    11. The SmartConsole package can now be downloaded from Gaia Portal in the these places:

      • Go to the Overview section - click the Download Now button:

      • Go to the Maintenance section - click the Download Smart Console page:

    Note: For details about Gaia Clish commands, refer to section "(4-D) How to work with CPUSE - "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)".

    1. Connect to command line on Gaia machine.

    2. Log in to Gaia Clish.

    3. Obtain the lock over Gaia configuration database:

      HostName:0> lock database override
    4. Get the available packages:

      HostName:0> show installer packages available-for-download

      Note: SmartConsole package appears in the category "HFAs".

      Example:

      HostName:0> show installer packages available-for-download
      **  ************************************************************************* **
      **                                 Hotfixes                                   **
      **  ************************************************************************* **
      ... ... ...
      **  ************************************************************************* **
      **                                   HFAs                                     **
      **  ************************************************************************* **
      Display name                                      Status
      R77 Hotfix for sk95056 (UDP Drops)                Available for Download
      R77 SmartConsole for Windows                      Available for Download
      R77.20 Gaia Software Updates Package for R77      Available for Download
      R77.30 Gaia Software Updates Package for R77      Available for Download
      **  ************************************************************************* **
      **                                  Majors                                    **
      **  ************************************************************************* **
      ... ... ...
      HostName:0>
      

      HostName:0> show installer package[press Space key][press Tab key]

      HostName:0> show installer package <Package_Number>

      Example:

      HostName:0> show installer package 16
      Display name:     R77 SmartConsole for Windows
      Description:       Check Point R77 SmartConsole for Windows:
        1. Download SmartConsole package on the Gaia server. 
        2. Install the package - It will be automatically downloaded
        to your client machine, and will also be available in Overview Download Now.
      Size:             292.51 MB
      Type:             HFA
      Status:           Available for Download
      Requires reboot:  No
      Recommended:      No
      Contains:         None
      Contained-in:     None
      Downloaded on:    N/A
      Imported on:      N/A
      Installed on:     N/A
      Installation log: N/A
      HostName:0>
      
    5. Download the SmartConsole package:

      Note: The download progress (in per cent) appears in "Gaia Portal" - "Upgrades (CPUSE)" section (in Gaia R77.20 and above) / to "Software Updates" section (in Gaia R75.40 - R77.10) - "Status and Actions" page, and in the output of the Gaia Clish command "show installer package <Package_Number>".

      HostName:0> installer download[press Space key][press Tab key]

      HostName:0> installer download <Package_Number>

      Example:

      HostName:0> show installer package 16
      Display name:     R77 SmartConsole for Windows
      Description:       Check Point R77 SmartConsole for Windows:
        1. Download SmartConsole package on the Gaia server. 
        2. Install the package - It will be automatically downloaded
        to your client machine, and will also be available in Overview Download Now.
      Size:             292.51 MB
      Type:             HFA
      Status:           Downloading (18%)
      Requires reboot:  No
      Recommended:      No
      Contains:         None
      Contained-in:     None
      Downloaded on:    N/A
      Imported on:      N/A
      Installed on:     N/A
      Installation log: N/A
      HostName:0>
      
    6. Install the SmartConsole package:

      Note: The installation progress (in per cent) appears in the output of the Gaia Clish command "show installer package <Package_Number>", and in "Gaia Portal" - "Upgrades (CPUSE)" section (in Gaia R77.20 and above) / to "Software Updates" section (in Gaia R75.40 - R77.10) - "Status and Actions" page.

      HostName:0> installer install[press Space key][press Tab key]

      HostName:0> installer install <Package_Number>

      Example:

      HostName:0> show installer package 16
      Display name:     R77 SmartConsole for Windows
      Description:       Check Point R77 SmartConsole for Windows:
        1. Download SmartConsole package on the Gaia server. 
        2. Install the package - It will be automatically downloaded
        to your client machine, and will also be available in Overview Download Now.
      Size:             292.51 MB
      Type:             HFA
      Status:           Installing (30%)
      Requires reboot:  No
      Recommended:      No
      Contains:         None
      Contained-in:     None
      Downloaded on:    Tue Mar 15 15:15:22 2016
      Imported on:      N/A
      Installed on:     Tue Mar 15 15:27:53 2016
      Installation log: /opt/CPInstLog//install_CPUpdates_R77_SC.log
      HostName:0>
      
    7. The SmartConsole package will be unpacked.

    8. If Gaia Portal is currently opened, then it will offer to download the SmartConsole.exe file.

      Example:

    9. The SmartConsole package can now be downloaded from Gaia Portal in the these places:

      • Go to the Overview section - click the Download Now button:

      • Go to the Maintenance section - click the Download Smart Console page:



 

(5) Architecture and Design

Show / Hide this section

The CPUSE Agent (Gaia Software Updates Agent) is installed on each Gaia-based device and it is responsible for all software deployment process on that device.

Table of Contents for this section:

  1. Applicable Software Updates
  2. CPUSE Agent daemon
  3. Software update installation process
  4. CPUSE verification checks
  5. Suppress Reboot behavior

(5-A) Architecture and Design - Applicable Software Updates

All applicable software updates are uploaded to Check Point Download Center.

CPUSE Agent shows software updates that are applicable only to this specific machine.

Note: For each official release and recommended hotfix, CPUSE Offline package can be downloaded from the applicable solution article.

Software Updates

Description

Where / how new
software updates appear

  • In Gaia Portal

    If new software updates are available, they are appear in Upgrades (CPUSE) section - Status and Actions page with the status Available for Download.

  • In Gaia Clish

    If new software updates are available, they are appear in the output of the show installer packages available-for-download command.

How new software
updates are installed

Packages are installed based on the CPUSE (Gaia Software Updates) Agent Policy - either manually, on schedule, or automatically.

  • In Gaia Portal, refer to:

    1. Upgrades (CPUSE) section

    2. Software Updates Policy page

    3. Download Hotfixes sub-section

  • In Gaia Clish, refer to:

    Output of the show installer policy downloads command.

Where are downloaded
software updates located

All downloaded software updates will be located in $DADIR/repository/tmp/ directory, which actually contains symbolic links to the /var/log/CPda/repository/tmp/ directory, where the downloaded software updates are physically stored

 

(5-B) Architecture and Design - CPUSE Agent daemon

Architecture and Design

Description

Main directory

/opt/CPda/

(environment variable $DADIR)

Main daemon

$DADIR/bin/DAService

Log files

  • /opt/CPInstLog/DeploymentAgent.log

    Notes:

    • Contains detailed technical log for administrators and for troubleshooting.

    • Up to 10 rotated files are kept (DeploymentAgent.log.1, DeploymentAgent.log.2, etc.).

  • /opt/CPInstLog/DA_UI.log

    Notes:

    • Contains general messages for users.

    • This log file is not rotated.

    • The last 10 minutes of the this log file appear in the "Event Log":

      In "Gaia Portal" - go to the "Upgrades (CPUSE)" section - click the "Status and Actions" page - scroll to the bottom - click the "Event Log" button.

How to manually start
the CPUSE Agent daemon

  1. Enable the monitoring of the CPUSE Agent daemon by Check Point WatchDog:

    [Expert@HostName:0]# $DADIR/bin/dastart

    Which will run this command:

    $CPDIR/bin/cpwd_admin start -name DASERVICE -path "/opt/CPda/bin/DAService_script" -command "DAService_script"

  2. Manually start the CPUSE Agent daemon:

    • Either in Gaia Clish:

      HostName:0> installer agent start

    • Or in the Expert mode:

      [Expert@HostName:0]# DAClient start

How to manually stop
the CPUSE Agent daemon

  1. Disable the monitoring of the CPUSE Agent daemon by Check Point WatchDog:

    [Expert@HostName:0]# $DADIR/bin/dastop

    Which will run this command:

    cpwd_admin stop -name DASERVICE

  2. Manually stop the CPUSE Agent daemon:

    • Either in Gaia Clish:

      HostName:0> installer agent stop

    • Or in the Expert mode:

      [Expert@HostName:0]# DAClient stop

 

(5-C) Architecture and Design - Software update installation process

When started, installation process is automatic and does not require any interaction from the user.

Which package is installed

Installation process

Hotfix or JUMBO

  1. Pre-install validation (installation type (GW/MGMT), package validation, disk space, CRs conflicts, version compatibility).

    For details about verification checks run by CPUSE, refer to sub-section (5-D) CPUSE verification checks.

  2. Unpack the new CPUSE package.

  3. Back up the current CPUSE package.

  4. Stop the Check Point services ('cpstop').

  5. Prepare diff-files (what exactly should be replaced).

  6. Replace target files. Rollback, if installation fails.

  7. Register the installed package in Check Point Registry.

  8. Reboot (automatically) / Start the Check Point services ('cpstart').

  9. Run the self-test.

Major Version (Upgrade)

  1. Pre-install validation (installation type (GW/MGMT), package validation, disk space, CRs conflicts, version compatibility, machine type (Check Point Appliance/Open Server), upgrade path).

    For details about CPUSE verification checks, refer to sub-section (5-D) CPUSE verification checks.

  2. Create new disk partition.

  3. Install new version files onto the new disk partition.

  4. Configure new version, migrate the applicable configuration.

    (Database on Management Server, SIC, Licenses, FireWall / VPN / SecureXL / CoreXL / Hardware configuration on Security Gateway).

  5. Configure products on the new disk partition.

  6. Reboot the machine from the new partition.

  7. Import database (on Management Server), last products configurations, fetch policy (on Security Gateway).

  8. Run post-install self-tests (as configured before the installation).

 

(5-D) Architecture and Design - CPUSE verification checks

  • Pre-Install verifications:

    As part of the "Verify" actions, or at the start of each installation, CPUSE Agent runs several tests to make sure the package is compatible for the installation:

    1. Available disk space

    2. Content validation (conflicts with installed content)

    3. Package is not corrupted

    On Security Management Server / Multi-Domain Security Management Server, at the beginning of an upgrade, CPUSE Agent automatically runs the Pre-Upgrade Verifier - a validation tool, similar to the pre-upgrade verifier that runs as a part of the Management Server migration process.

    In case of an error in one of the verification tests, the administrator is required to first follow the instructions and resolve the issue, and only then to start the upgrade again.

  • Post-Install self-tests:

    CPUSE Agent has a self-test feature that runs after installation and checks whether the installation has succeeded - and its purpose is to validate that the Gaia OS machine is up and running.

    Three checks can be configured to run:

    1. Check Point daemons that were up and running prior to installation, are up and running post installation (enabled by default)

    2. Local policy-fetch works (disabled by default)

    3. Network links that were up prior to installation, are up post installation (disabled by default)

    The self-test configuration is controlled:

    • In Gaia Portal, navigate to the Upgrades (CPUSE) section - click Policy.

    • In Gaia Clish, refer to set installer policy ... commands

    Please note the self-test failure condition is different from a regular installation failure - during a regular installation failure, there is an automatic roll back and the machine returns to a point before the installation started.

  • All CPUSE packages are signed by Check Point using an SHA-256 digital signature since April 2015.

    Until then, CPUSE packages were signed by MD5 and SHA-1 digital signature.

    Note: If CPUSE is served from an on-premises Private ThreatCloud, then all CPUSE packages are signed at the source (i.e., by Check Point) using an ECDSA P-521/SHA-512 digital signature.

  • CPUSE Agent performs SHA-256 signature verification and MD5 integrity verification of the downloaded files.

    If the either verification fails, the download is considered as failed.

 

(5-E) Architecture and Design - Suppress Reboot behavior

At the beginning of each installation / uninstall of a Hotfix or JUMBO, CPUSE Agent asks the user whether to perform a reboot automatically when install / uninstall completes. The purpose of the suppress reboot functionality is to allow the administrator to perform post-install / post-uninstall actions (that also require reboot) and thus reduce the number of reboots.

If administrator chooses to suppress the automatic reboot, then the CPUSE Agent will not reboot the machine automatically. However, some of the Gaia OS functionality will be blocked:

  • After installation of a Hotfix or a JUMBO:

    • No additional actions are allowed for the installed package (except exporting the package and deleting the package from disk)

    • All actions on other packages are allowed

Important Note: During the installation / uninstall of a package, all Check Point services are stopped (cpstop). Therefore, it is strongly recommended to complete all the necessary maintenance operations and reboot the machine as soon as possible, to restore the normal operation of Check Point software. For more details, refer to sk113045.

 

Show / Hide this section

#

Troubleshooting

1

Тo open debug, run (no need to restart the Deployment Agent ):

da_cli edit_configuration operation=add_config PING_DEBUG=1 - to activate debug

da_cli edit_configuration operation=add_config PING_DEBUG=0 - to deactivate debug (default)

2

By default, if the Deployment Agent identifies a newer version in Download Center and if the self-update option is off, the Deployment Agent blocks the operations until the latest version is installed. To bypass this, use:

da_cli edit_configuration operation=add_config ENFORCE_NEW_DA=1 - to enable (default)

da_cli edit_configuration operation=add_config ENFORCE_NEW_DA=0 - to disable

3

Symptom: clish, DAClient and da_cli commands seem to have no effect.

Solution:

If MDPS is enabled on the Security Gateway, make sure that the shell runs on the management plane.

When MDPS is enabled on theSecurity Gateway, CPUSE service runs in the management plane, any command line interaction with CPUSE should be executed in the same plane (clish, DAClient and da_cli).

4

Symptom: Not enough free disk space on /var/log due to old packages.

After upgrade the CPUSE shows only the packages that are applicable for the current version while packages of the previous version are not deleted.

Solution:

Use "da_cli delete package=<name>"

Important note: Delete a package only if you are 100% sure there will not be any revert to previous snapshot of this version.

If, for example, after upgrade from 80.40 to 81.00 the Jumbo of 80.40 will be deleted, a revert to snapshot to 80.40 snapshot will cause the system to be unstable.

#

Category

Related solutions

1

Connectivity to
Check Point servers

2

Update of CPUSE Agent

3

Installation / uninstall
of CPUSE packages

4

Installation / uninstall of
Jumbo Hotfix Accumulators

5

CPUSE Agent does
not work correctly

 

(7) Information about older CPUSE builds

Show this section
  • Show / Hide information about Gaia Software Updates Agent versions from 1127 to 1272

    • Available options in Gaia Portal

      • Import Package

        On the toolbar, click the More button and click Import Package.

        Important Note: This option was moved from the More button to the main page (upper right corner) starting in CPUSE Agent Build 1272.



  • Show / Hide information about Gaia Software Updates Agent versions from 747 to 1127

    • Available options in Gaia Portal

      • Legacy Upgrade to the next Major Version

        Important Note: This option was removed from Gaia Portal starting in CPUSE Agent Build 1127.

        Note: This option is used only to upgrade to Major releases R75.40VS / R76 GA / R77.X (refer to the upgrade map) using the Legacy CLI upgrade package.

        1. Download the Legacy CLI upgrade Gaia OS package of the supported Major release (R75.40VS / R76 / R77 / R77.10 / R77.20 / R77.30).

        2. Connect to Gaia Portal.

        3. Obtain the lock over the configuration database (click the lock icon at the top - near 'Sign Out'):

        4. Navigate to the Upgrades (CPUSE) section (in Gaia R77.20 and higher) / to Software Updates section (in Gaia R77.10 and lower) - click the Status and Actions page.

          In Gaia R77.20 and higher:

          In Gaia R77.10 and lower:

        5. Click the "Legacy Upgrade" button, upload the upgrade package to Gaia OS, and click the "Upgrade" button:

        6. Upload the Legacy CLI upgrade package.

        7. Click Upgrade button.

        8. Machine is rebooted automatically.



  • Show / Hide information about Gaia Software Updates Agent versions from 802 to 840

    • Available options in Gaia Portal

      Refer to section "(4) How to work with CPUSE" - refer to instructions for Gaia Portal.

    • Available Gaia Clish commands

      1. Obtain the lock over Gaia configuration database:

        HostName:0> lock database override

      2. Show the Gaia Software Updates Agent Policy, Status and Packages:

        Refer to R77 Versions Gaia Administration Guide - chapter "CPUSE" - "Reviewing CPUSE ? clish".

        HostName:0> show installer
        mail-notifications - Show mail notifications for user
        package            - Show information about a specific package
        packages           - Show packages information
        policy             - Show policies configurations
        status             - Show status
        HostName:0>
        

        where full syntax is:

        • HostName:0> show installer mail-notifications {<Package_Number> | <email>}

        • HostName:0> show installer package <Package_Number>

        • HostName:0> show installer packages {all | available-for-download | downloaded | imported | installed | recommended}

        • HostName:0> show installer policy {all | downloads | periodically-self-update | self-test {all | auto-rollback | install-policy | network-link-up | start-processes} | send-cpuse-data}

        • HostName:0> show installer status {agent | all | build | connection | license | update-from-cloud}

      3. Configure the Gaia Software Updates Agent Policy:

        Refer to R77 Versions Gaia Administration Guide - chapter "CPUSE" - "Configuring a CPUSE Policy - clish", and "Configuring CPUSE Mail Notifications - clish".

        HostName:0> set installer
        mail-notifications - Set mail notifications policy
        policy             - Set policies
        HostName:0>
        

        where full syntax is:

        • HostName:0> set installer mail-notifications {<Package_Number> | <email>} {download-status | install-status | new-available-packages} {on | off}

        • HostName:0> set installer policy downloads {automatic | manual | scheduled {daily <Time> | monthly <Day> at <Time> | once <date> at <Time> | weekly <Day_of_the_Week> at <Time>}

        • HostName:0> set installer policy periodically-self-update {on | off}

        • HostName:0> set installer policy self-test {auto-rollback | install-policy | network-link-up | start-processes} {on | off}

        • HostName:0> set installer policy send-cpuse-data {on | off}

      4. Start/Stop the applicable action:

        Refer to R77 Versions Gaia Administration Guide - chapter "CPUSE" - "Downloading and Installing with CPUSE - clish".

        HostName:0> installer 
        agent                - Perform Deployment agent actions
        check-for-updates    - Check for new available packages in Check Point cloud
        delete               - Delete package
        download             - Download package
        download-and-install - Download and install package
        import               - Import package
        install              - Install package
        uninstall            - Uninstall package
        upgrade              - Upgrade to a new major version
        verify               - Verify if package is compatible with this machine
        HostName:0>
        

        where full syntax is:

        • HostName:0> installer agent {start | stop | update [not-interactive]}
        • HostName:0> installer check-for-updates [not-interactive]

        • HostName:0> installer delete {<Package_Number> | <Package_Name>} [not-interactive]

        • HostName:0> installer download {<Package_Number> | <Package_Name>} [pause | resume | not-interactive]

        • HostName:0> installer download-and-install {<Package_Number> | <Package_Name>} [not-interactive]

        • HostName:0> installer import {cloud <CPUSE_Identifier> | ftp <IPv4_Address> path <Path> username <Username> [password <Password>] | local <Full_Path>} [not-interactive]

        • HostName:0> installer install {<Package_Number> | <Package_Name>} [not-interactive]

        • HostName:0> installer uninstall {<Package_Number> | <Package_Name>} [not-interactive]

        • HostName:0> installer upgrade {<Package_Number> | <Package_Name>} [not-interactive]

        • HostName:0> installer verify {<Package_Number> | <Package_Name>} [not-interactive]}

        Note: The progress (in per cent) of the download/install/uninstall actions appears in both Gaia Clish and in "Gaia Portal" - "Upgrades (CPUSE)" section (in Gaia R77.20 and higher) / to "Software Updates" section (in Gaia R75.40 - R77.10) - "Status and Actions" page.



  • Show / Hide information about Gaia Software Updates Agent versions from 710 to 747

    • Available options in Gaia Portal

      Refer to section "(4) How to work with CPUSE" - refer to instructions for Gaia Portal.

    • Available Gaia Clish commands

      1. Obtain the lock over Gaia configuration database:

        HostName:0> lock database override

      2. Configure the Gaia Software Updates Agent Policy:

        HostName:0> set installer
        deployment-mail-notification - Set the installer mail notifications
        download_mode                - Set the installer download mode to automatic, manual or schedule
        install_mode                 - Set the installer install mode to automatic, manual or schedule
        HostName:0>
        

        Notes:

        • The "set installer download_mode schedule" sub-command is disabled - use the Gaia Portal.

        • The "set installer install_mode schedule" sub-command is disabled - use the Gaia Portal.

      3. Start/Stop the applicable action:

        HostName:0> installer 
        download       - Download a selected package
        install        - Install a selected package
        restore_policy - Restore the default update policy
        start          - Start the installer service
        stop           - Stop the installer service
        uninstall      - Uninstall a selected package
        upgrade        - Upgrade a selected package
        HostName:0>
        

        Note: The progress (in per cent) of the download/install/uninstall actions appears in both Gaia Clish and in "Gaia Portal" - "Upgrades (CPUSE)" section (in Gaia R77.20 and higher) / to "Software Updates" section (in Gaia R75.40 - R77.10) - "Status and Actions" page.

      4. To see software updates in Gaia Clish:

        HostName:0> show installer 
        available_local_packages - Show available packages for install
        available_packages       - Show available packages for download
        installed_packages       - Show the installed packages on this machine
        package_status           - Show the packages status
        HostName:0>
        

        Notes:

        • "show installer available_packages" command reads the information about the packages that are pending download from the $DADIR/bin/pd_file file (exists only while the Gaia Software Updates Agent service is running).

          Example:

          HostName:0> show installer available_packages 
          Num File Name                                             Type
          1   Check_Point_R77_10_R77_20_T124.tgz                    Wrapper
          2   Check_Point_R75.46_Fresh_Install.tgz                  Major Version
          3   Check_Point_R75_40VS_T157.tgz                         Major Version
          4   Check_Point_R77.10_Install_and_Upgrade.tgz            Major Version
          5   Check_Point_R76_T265.tgz                              Major Version
          HostName:0>
          
        • "show installer available_local_packages" command reads the information about the packages that were downloaded and are pending installation from the $DADIR/bin/pi_file file (exists only while the Gaia Software Updates Agent service is running).

          Example:

          HostName:0> show installer available_local_packages 
          Num File Name                                             Type
          1   Check_Point_Hotfix_R77_10_sk102673.tgz                Hotfix
          HostName:0>
          
        • "show installer installed_packages" command reads the information about the packages that were installed from the $DADIR/bin/pu_file file (exists only while the Gaia Software Updates Agent service is running).

          Example:

          HostName:0> show installer installed_packages
          Num File Name                                             Type
          1   Check_Point_SmartConsole_R75.47.tgz                   Wrapper
          2   Check_Point_Hotfix_R75.47_sk101186.tgz                Hotfix
          HostName:0>
          
        • "show installer package_status" command reads the information about the status of packages from the $DADIR/bin/prv_file file (exists only while the Gaia Software Updates Agent service is running).

          Example:

          HostName:0> show installer package_status
          Num File Name                              Status                       Progress
          1   Check_Point_SmartConsole_R75.47.tgz    Installed
          2   Check_Point_R75.46_Fresh_Install.tg... Available for Download
          3   Check_Point_R76_T265.tgz               Available for Download
          4   Check_Point_R77.20_T124_Install_and... Partially Downloaded         (5%)
          5   Check_Point_R77.10_Install_and_Upgr... Available for Download
          6   Check_Point_Hotfix_R75_47_sk102673.... Available for Install
          7   Check_Point_R77.tgz                    Available for Download
          8   Check_Point_R75_40VS_T157.tgz          Available for Download
          9   Check_Point_Hotfix_R75.47_sk101186.... Installed
          10  Check_Point_Hotfix_R75.47_sk100195.... Unknown
          11  Check_Point_Hotfix_R75.47_sk100431.... Unknown
          12  Check_Point_R75.47_OSPF_Hotfix_sk94... Available for Download
          HostName:0>
          
        • Information about the packages that are pending uninstall is stored in $DADIR/bin/pu_file file (exists only while the Gaia Software Updates Agent service is running).

      5. To download a software update in Gaia Clish:

        Example:

        HostName:0> installer download 
        Num File Name                                             Type
        1   Check_Point_R75.46_Fresh_Install.tgz                  Major Version
        2   Check_Point_R76_T265.tgz                              Major Version
        3   Check_Point_R77.20_T124_Install_and_Upgrade.tgz       Major Version
        4   Check_Point_R77.10_Install_and_Upgrade_R75.4X.tgz     Major Version
        5   Check_Point_R77.tgz                                   Major Version
        6   Check_Point_R75_40VS_T157.tgz                         Major Version
        7   Check_Point_R75.47_OSPF_Hotfix_sk94490.tgz            Hotfix
        HostName:0>
        HostName:0> installer download 7
        Initiating download of Check_Point_R75.47_OSPF_Hotfix_sk94490.tgz...
        HostName:0> 
        HostName:0> show installer package_status
        .............
        12  Check_Point_R75.47_OSPF_Hotfix_sk94... Downloading                  (6%)
        ............. 
        HostName:0>
        
      6. To install a software update in Gaia Clish:

        Important Note: Requirements for free disk space exist.

        Example:

        HostName:0> installer install 
        Num File Name                                             Type
        1   Check_Point_Hotfix_R75_47_sk102673.tgz                Hotfix
        2   Check_Point_R75.47_OSPF_Hotfix_sk94490.tgz            Hotfix
        HostName:0>
        HostName:0> installer install 2
        Initiating install of package 1: Check_Point_R77_hotfix_sk95245.tgz
        HostName:0> 
        HostName:0> show installer package_status
        .............
        Initiating install of Check_Point_R75.47_OSPF_Hotfix_sk94490.tgz...
        ............. 
        HostName:0>
        HostName:0> show installer package_status
        .............
        12  Check_Point_R75.47_OSPF_Hotfix_sk94... Installing                   (30%)
        ............. 
        HostName:0>
        
      7. To upgrade a software update in Gaia Clish:

        Important Note: Requirements for free disk space exist.

        Example:

        HostName:0> installer upgrade 
        Num File Name                                             Type
        1   Check_Point_R75.46_Fresh_Install.tgz                  Major Version
        HostName:0>
        HostName:0> installer upgrade 1
        Initiating upgrade of package 1: Check_Point_R75.46_Fresh_Install.tgz
        HostName:0>
        


  • Show / Hide information about Gaia Software Updates Agent versions from 502 to 615

    • Available options in Gaia Portal

      Tab

      Options

      Updates

        • On this tab, user will see the available / manually uploaded hotfix packages.

        • When a software update is "Available for Download", click the "Download" button.

        • When a software update is "Available for Install", user can verify whether there are any warnings about this update and whether this update can be installed without conflicts.

          Click the "Actions" button and then click the "Verifier" button (formerly known as "Check Install") - a pop-up will appear with "Verifier results".

          If there are no warnings/conflicts, then click the "Install Update" button.

        • After a software update is installed, user can see the installation log by clicking on the 'scroll' icon in the "Logs" column.

          A new window will open. Information can be selected and copied from this window.

        • If a software update was installed and has to be uninstalled, click the "Uninstall" button.

        • A software update that was already downloaded / installed, can be exported from this Gaia machine for backup purposes, or to transfer it to another Gaia machine (for example, if another Gaia machine is disconnected from the Internet):

          1. Select the update.

          2. Click the "Actions" button - click the "Export" button.

          3. The update will be saved as TAR file on your computer.

        • A software update can be manually imported to this Gaia machine (for example, if this machine is disconnected from the Internet).

          Important Note: Requirements for free disk space exist.

          This feature (importing a package) supports only these types of packages:

          1. Packages that were specifically created to be installed using Gaia Software Updates.

            1. Contact Check Point Support to get the required Gaia Software Updates package for Offline installation.

            2. Connect to the Gaia Portal on your machine.

            3. Obtain the lock over the configuration database (click the lock icon at the top - near "Sign Out").

            4. Navigate to the "Upgrades (CPUSE)" / "Software Updates" section - "Status and Actions" pane.

            5. Click the "Actions" button - click the "Import" button.

            6. Browse for the TGZ file that was provided by Check Point Support - click "Upload".

            7. Install the uploaded package either in Gaia Portal, or in Gaia Clish - see the applicable instructions above.

          2. Packages that were exported from another Gaia machine using Gaia Software Updates.

            1. Export the applicable update package (that was already downloaded / installed) from a source Gaia machine (that is connected to the Internet) to your computer.

            2. If needed, transfer this file to an external storage device.

            3. Open the Gaia Portal of the target Gaia machine (on which this update package should be imported).

            4. Go to "Gaia Portal" - "Upgrades (CPUSE)" / "Software Updates"section - "Status and Actions" page.

            5. Click the "Actions" button - click the "Import" button.

            6. Browse for the TAR file that was exported from a source Gaia machine - click "Upload".

          Note: If this error appears, then incorrect package was uploaded (contact Check Point Support for assistance):

          Cannot import package.

          It is not a valid exported "Gaia Software Updates" package.

        • Customized packages / images that were created by Check Point for specific customer are added in this way:

          1. Click the "Actions" button - click the "Add Private Hotfix" button.

          2. In the "Add Private Package" window, paste the special link to the customized package / image (sent to you by Check Point) - click the "Add" button.

          3. See the progress in the "Important Messages" section at the bottom (scroll down).

          4. The customized package / image will appear in the list of available packages with the status "Available for Download".

          5. Proceed as with regular hotfix package / image.

        • User can see the general progress in the "Important Messages" section at the bottom (scroll down).

          For complete log, click the "History" button. Information can be selected and copied from these windows.

          Notes:

          • In the "Important Messages" section, the messages appear from bottom-to-top (most recent log is at the top).

          • In the "Important Messages Log" ('History') window, the messages appear from top-to-bottom (most recent log is at the bottom).

      Full Images

        • On this tab, user will see the available / manually uploaded upgrade packages and fresh install images.

        • When an image is "Available for Download", click the "Download" button.

        • When an image is "Available for Install", user can verify whether there are any warnings about this image and whether this image can be installed without conflicts.

          Click the "Actions" button and then click the "Verifier" button (formerly known as "Check Install") - a pop-up will appear with "Verifier results".

          If there are no warnings/conflicts, then click the "Install Update" button.

        • If an image is already installed, you can click the "Reinstall" button.

        • If an upgrade image was installed and has to be uninstalled, click the "Uninstall" button.

          Important Note: There is no uninstall option for fresh install images.

        • An image that was already downloaded / installed, can be exported from this Gaia machine for backup purposes, or to transfer it to another Gaia machine (for example, if that machine is disconnected from the Internet):

          1. Select the update.

          2. Click the "Actions" button - click the "Export" button.

          3. The update will be saved as TAR file on your computer.

          4. You can store this TAR file for backup purposes, or transfer it to another Gaia machine.

        • An image can be manually imported to this Gaia machine (for example, if this machine is disconnected from the Internet).

          Important Note: Requirements for free disk space exist.

          This feature (importing an image) supports only images that were exported from another Gaia machine using Gaia Software Updates:

          1. Export the applicable image from a source Gaia machine to your computer.

          2. If needed, transfer this file to an external storage device.

          3. Open the Gaia Portal of the target Gaia machine (on which this image should be imported).

          4. Go to "Gaia Portal" - "Upgrades (CPUSE)" / "Software Updates" section - "Status and Actions" page.

          5. Click the "Actions" button - click the "Import" button.

          6. Browse for the TAR file that was exported from a source Gaia machine - click "Upload".

            Note:

            Gaia Portal will only accept a TAR file that was exported from another Gaia machine (it contains the image TGZ file and special metadata TGZ file).

            Otherwise, this error appears:

            Cannot import package.

            It is not a valid exported "Gaia Software Updates" package.

        • User can see the general progress in the "Important Messages" section at the bottom (scroll down).

          For complete log, click the "History" button. Information can be selected and copied from these windows.

          Notes:

          • In the "Important Messages" section, the messages appear from bottom-to-top (most recent log is at the top).

          • In the "Important Messages Log" ('History') window, the messages appear from top-to-bottom (most recent log is at the bottom).

    • Available Gaia Clish commands

      1. Obtain the lock over Gaia configuration database:

        HostName:0> lock database override

      2. Configure the Gaia Software Updates Agent Policy:

        HostName:0> set installer
        deployment-mail-notification - Set the installer mail notifications
        download_mode                - Set the installer download mode to automatic, manual or schedule
        install_mode                 - Set the installer install mode to automatic, manual or schedule
        HostName:0>
        

        Notes:

        • The "set installer download_mode schedule" sub-command is disabled - use the Gaia Portal.

        • The "set installer install_mode schedule" sub-command is disabled - use the Gaia Portal.

        • For more information about "deployment-mail-notification", refer to "Configuring e-mail notifications in Gaia Clish" section.

      3. Start/Stop the applicable action:

        HostName:0> installer 
        download       - Download a selected package
        install        - Install a selected package
        restore_policy - Restore the default update policy
        start          - Start the installer service
        stop           - Stop the installer service
        uninstall      - Uninstall a selected package
        upgrade        - Upgrade a selected package
        HostName:0>
        

        Note: The progress (in per cent) of the download/install/uninstall actions appears in both Gaia Clish and in "Gaia Portal" - "Upgrades (CPUSE)" / "Software Updates" section - "Status and Actions" page.

      4. To see software updates in Gaia Clish:

        HostName:0> show installer 
        available_local_packages - Show available packages for install
        available_packages       - Show available packages for download
        installed_packages       - Show the installed packages on this machine
        package_status           - Show the packages status
        HostName:0>
        

        Notes:

        • "show installer available_packages" command reads the information about the packages that are pending download from the $DADIR/bin/pd_file file (exists only while the Gaia Software Updates Agent service is running).

          Example:

          HostName:0> show installer available_packages
          List of available packages for download:
          [1].    R75.46  - Check_Point_R75.46_Fresh_Install.tgz (1.48 GB)        - <b>R75.46 is a maintenance release for R75.40 and R75.45 with important Check Point product updates.<br>For more about this release, see the <a href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk90960" target="_blank">R75.46 home page</a>.</b>
          [2].    R77_SC  - Check_Point_SmartConsole_and_SmartDomain_Manager_R77.tgz (292.51 MB)  - Check_Point_SmartConsole_and_SmartDomain_Manager_R77.tgz
          HostName:0>
        • "show installer available_local_packages" command reads the information about the packages that were downloaded and are pending installation from the $DADIR/bin/pi_file file (exists only while the Gaia Software Updates Agent service is running).

          Example:

          HostName:0> show installer available_local_packages
          List of available packages for install:
          [1].    HOTFIX_GULLI_UDP_FIX    - Check_Point_R77_UDP_Hotfix_sk95056.tgz (206.90 KB)    - Check_Point_R77_UDP_Hotfix_sk95056.tgz
          [2].    R77     - Check_Point_R77.tgz (1.18 GB) - <b>Check Point R77.
          For more about this release - <a& href=https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk92965 target=_blank>R77 home page</a>.</b>
          [3].    HOTFIX_GULLI_HF1        - Check_Point_R77_hotfix_sk95245.tgz (2.99 MB)  - This hotfix solves Threat Emulation Incorrect MIME encoding.
          [4].    BUNDLE_DUMMY    - Check_Point_Hotfix_Bundle.tgz (206.90 KB)     - Check_Point_Hotfix_Bundle.tgz
          [5].    HOTFIX_GULLI_HF2        - Check_Point_hotfix_R77_sk96269.tgz (2.97 MB)  - This hotfix solves Threat Emulation Incorrect MIME encoding.
          HostName:0>
        • "show installer installed_packages" command reads the information about the packages that were installed from the $DADIR/bin/pu_file file (exists only while the Gaia Software Updates Agent service is running).

          Example:

          HostName:0> show installer installed_packages
          List of installed packages:
          [1]   Check_Point_R77_Hotfix_sk96124.tgz      -   FW1                  - HOTFIX_GULLI_HF2_CPAS
          [2]   flow_cmp_HOTFIX_GULLI_FLOW_CMP_003_GA.tgz-   R7520CMP             - HOTFIX_GULLI_FLOW_CMP_003
          [3]   fiber_cmp_HOTFIX_GULLI_FIBER_CMP_004_GA.tgz-   R7540CMP             - HOTFIX_GULLI_FIBER_CMP_004
          [4]   giza_cmp_HOTFIX_GULLI_GIZA_CMP_005_GA.tgz-   R7540VSCMP           - HOTFIX_GULLI_GIZA_CMP_005
          [5]   fox_cmp_HOTFIX_GULLI_FOX_CMP_007_GA.tgz -   R75CMP               - HOTFIX_GULLI_FOX_CMP_007
          [6]   enf_cmp_HOTFIX_GULLI_ENF_CMP_032_GA.tgz -   NGXCMP               - HOTFIX_GULLI_ENF_CMP_032
          [7]   fl_cmp_HOTFIX_GULLI_FL_CMP_006_GA.tgz   -   FLICMP               - HOTFIX_GULLI_FL_CMP_006
          [8]   Check_Point_R77_UDP_Hotfix_sk95056.tgz  -   CPUpdates            - HOTFIX_GULLI_UDP_FIX
          HostName:0>
          
        • "show installer package_status" command reads the information about the status of packages from the $DADIR/bin/prv_file file (exists only while the Gaia Software Updates Agent service is running).

          Example:
          HostName:0> show installer package_status
          Check_Point_Hotfix_Bundle.tgz                 - Downloading               - Progress: 0%
          Check_Point_R75.46_Fresh_Install.tgz          - Available for download
          Check_Point_R77.tgz                           - Installed
          Check_Point_R77_Hotfix_sk96124.tgz            - Installed
          Check_Point_R77_UDP_Hotfix_sk95056.tgz        - Installed
          Check_Point_R77_hotfix_sk95245.tgz            - Pre-install validation failed (CRs validation error).
          Check_Point_SmartConsole_and_SmartDomain_Manager_R77.tgz - Downloading (2.95 MB/s)   - Progress: 6%
          Check_Point_hotfix_R77_sk96269.tgz            - Installing                - Progress: 0%
          HostName:0>
          
        • Information about the packages that are pending uninstall is stored in $DADIR/bin/pu_file file (exists only while the Gaia Software Updates Agent service is running).

      5. To download a software update in Gaia Clish:

        Example:

        HostName:0> installer download
        List of available packages for download:
        [1].    R75.46  - Check_Point_R75.46_Fresh_Install.tgz (1.48 GB)        - <b>R75.46 is a maintenance release for R75.40 and R75.45 with important Check Point product updates.<br>For more about this release, see the <a href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk90960" target="_blank">R75.46 home page</a>.</b>
        [2].    R77_SC  - Check_Point_SmartConsole_and_SmartDomain_Manager_R77.tgz (292.51 MB)  - Check_Point_SmartConsole_and_SmartDomain_Manager_R77.tgz
        HostName:0>
        HostName:0> installer download 2
        Initiating download of package 2: Check_Point_SmartConsole_and_SmartDomain_Manager_R77.tgz (292.51 MB)
        HostName:0>
        HostName:0> show installer package_status
        .............
        Check_Point_SmartConsole_and_SmartDomain_Manager_R77.tgz - Downloading (2.95 MB/s)   - Progress: 6%
        .............
        HostName:0>
      6. To install a software update in Gaia Clish:

        Important Note: Requirements for disk space exist - refer to "System requirements and limitations" section.

        Example:

        HostName:0> installer install
        List of available packages for install:
        [1].    HOTFIX_GULLI_HF1        - Check_Point_R77_hotfix_sk95245.tgz (2.99 MB)  - This hotfix solves Threat Emulation Incorrect MIME encoding.
        [2].    BUNDLE_R77_10   - Check_Point_R77.10_EA_T72_4SEs.tgz (202.19 MB)        - Check_Point_R77.10_EA_T72_4SEs.tgz
        [3].    HOTFIX_GULLI_HF2        - Check_Point_hotfix_R77_sk96269.tgz (2.97 MB)  - This hotfix solves Threat Emulation Incorrect MIME encoding.
        [4].    HOTFIX_GULLI_UDP_FIX    - Check_Point_R77_UDP_Hotfix_sk95056.tgz (206.90 KB)    - Check_Point_R77_UDP_Hotfix_sk95056.tgz
        [5].    R77     - Check_Point_R77.tgz (1.18 GB) - <b>Check Point R77.<br> For more about this release - <a href=https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk92965 target=_blank>R77 home page</a>.</b>
        HostName:0>
        HostName:0> installer install 1
        Initiating install of package 1: Check_Point_R77_hotfix_sk95245.tgz
        HostName:0>
        HostName:0> show installer package_status
        .............
        Check_Point_R77_hotfix_sk95245.tgz - Installing                - Progress: 3%
        .............
        HostName:0>
      7. To upgrade a software update in Gaia Clish:

        Important Note: Requirements for disk space exist - refer to "System requirements and limitations" section.

        Example:

        HostName:0> installer upgrade
        List of available packages for upgrade:
        [1].    R77     - Check_Point_R77.tgz (1.18 GB) - <b>Check Point R77.<br> For more about this release - <a href=https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk92965 target=_blank>R77 home page</a>.</b>
        HostName:0>
        HostName:0> installer upgrade 1
        Initiating upgrade of package 1: Check_Point_R77.tgz
        HostName:0>


  • Show / Hide information about Gaia Software Updates Agent versions lower than 502

    • Available options in Gaia Portal

        • When a software update is "Available for Download", click the "Download" button.

        • When a software update is "Available for Install", click the "Check Install" button to check whether this software update can be installed without conflict. If there are no warnings/conflicts, then click the "Install" button.

        • If a software update was installed and has to be uninstalled, click the "Uninstall" button.

    • Available Gaia Clish commands

      1. Obtain the lock over Gaia configuration database:

        HostName:0> lock database override

      2. Configure the Gaia Software Updates Agent Policy:

        HostName:0> set installer
        deployment-mail-notification - Set the installer mail notifications
        download_mode                - Set the installer download mode to automatic, manual or schedule
        install_mode                 - Set the installer install mode to automatic, manual or schedule
        HostName:0>
        

        Notes:

        • The "set installer download_mode schedule" sub-command is disabled - use the Gaia Portal.

        • The "set installer install_mode schedule" sub-command is disabled - use the Gaia Portal.

      3. Start/Stop the applicable action:

        HostName:0> installer 
        download       - Download a selected package
        install        - Install a selected package
        restore_policy - Restore the default update policy
        start          - Start the installer service
        stop           - Stop the installer service
        uninstall      - Uninstall a selected package
        HostName:0>
        

        Note: The progress (in per cent) of the download/install/uninstall actions appears only in "Gaia Portal" - "Software Updates" - "Status and Actions".

      4. To see software updates in Gaia Clish:

        HostName:0> show installer 
        available_local_packages - Show available packages for install
        available_packages       - Show available packages for download
        installed_packages       - Show the installed packages on this machine
        package_status           - Show the packages status
        HostName:0>
        

        Notes:

        • "show installer available_packages" command reads the information about the files that are pending download from the $DADIR/bin/pd_file file (exists only while the Gaia Software Updates Agent service is running).

          Example:
          HostName:0> show installer available_packages 
          List of available packages for download:
          [1].    R75.40  - R75.40_2.tgz (804.64 MB)      - R75.40
          [2].    R77  - R77.tgz (1.10 GB)  - R77 Take 34
          [3].    R76_GA  - R76_GA.tgz (1.06 GB)  - R76
          HostName:0>
          
        • "show installer available_local_packages" command reads the information about the files that were downloaded and are pending installation from the $DADIR/bin/pi_file file (exists only while the Gaia Software Updates Agent service is running).

          Example:

          List of available packages for install: [1].    software update_GIZMO_PING_DUMMY_002   - Check_Point_GIZMO_DUMMY_002_Bundle.tgz (31.38 KB)   - Check_Point_GIZMO_DUMMY_002_Bundle.tgz HostName:0>
        • "show installer package_status" command reads the information about the status of software updates from the $DADIR/bin/prv_file file (exists only while the Gaia Software Updates Agent service is running).

          Example:
          HostName:0> show installer package_status
          Check_Point_GIZMO_DUMMY_002_Bundle.tgz  - Available for install
          R77.tgz         - Available for download
          R75.40_2.tgz    - Available for download
          R76_GA.tgz      - Available for download
          HostName:0>
          
        • Information about the files that are pending uninstall is stored in $DADIR/bin/pu_file file (exists only while the Gaia Software Updates Agent service is running).

      5. To download a software update in Clish:

        Example:

        HostName:0> installer download 
        List of available packages for download:
        [1].    R75.40  - R75.40_2.tgz (804.64 MB)      - R75.40
        [2].    R77  - R77.tgz (1.10 GB)  - R77 Take 34
        [3].    R76_GA  - R76_GA.tgz (1.06 GB)  - R76
        HostName:0>
        HostName:0> installer download 2
        Initiating download of package 2: R77.tgz (1.10 GB)
        HostName:0> 
        
        HostName:0> show installer package_status 
        Check_Point_GIZMO_DUMMY_002_Bundle.tgz  - Available for install
        R77.tgz         - Downloading
        R75.40_2.tgz    - Available for download
        R76_GA.tgz      - Available for download
        HostName:0>
        

 


(8) Revision history

Show / Hide this section

Date

Description

24 May 2022

"Latest build of CPUSE and What's New" section - added new GA Build 2193

04 May 2022

  • Improved formatting
  • "(4-D) "How to ..." section - restored the sub-section "How to download SmartConsole package from Gaia Portal"

21 March 2022

"Latest build of CPUSE and What's New" section - added new GA Build 2176

30 Jan 2022

"Latest build of CPUSE and What's New" section - added new GA Build 2154

14 Dec 2021

"Latest build of CPUSE and What's New" section - added new GA Build 2140

14 Nov 2021

"(6) Limitations, Troubleshooting and Related solutions" - added point #4

07 Oct 2021

"Latest build of CPUSE and What's New" section - added new GA Build 2113

02 Sep 2021

Updating screenshots and removed documentation for unsupported versions (77.10 and below)

24 Aug 2021

"Latest build of CPUSE and What's New" section - added new GA Build 2101

08 Jul 2021

"Latest build of CPUSE and What's New" section - added new GA Build 2084

18 Apr 2021

"(6) Limitations, Troubleshooting and Related solutions" - added a Troubleshooting scenario #3

11 Apr 2021

"Latest build of CPUSE and What's New" section - added new GA Build 2047

07 Feb 2021

"Latest build of CPUSE and What's New" section - added new GA Build 2019

14 Dec 2020

"Latest build of CPUSE and What's New" section - added new GA Build 1999

25 Nov 2020

"Latest build of CPUSE and What's New" section - added new GA Build 1986

28 Oct 2020

"Latest build of CPUSE and What's New" section - added new GA Build 1976

23 Sep 2020

"Latest build of CPUSE and What's New" section - added new GA Build 1959

10 Sep 2020

"Latest build of CPUSE and What's New" section - added new GA Build 1935

20 Aug 2020

"Latest build of CPUSE and What's New" section - added new GA Build 1931

19 Jul 2020

"Latest build of CPUSE and What's New" section - added new GA Build 1928

30 Jun 2020

Updated (6) Troubleshooting

18 Jun 2020

"Latest build of CPUSE and What's New" section - added new GA Build 1905

16 Apr 2020

"Latest build of CPUSE and What's New" section - added new GA Build 1889

16 Feb 2020

"Latest build of CPUSE and What's New" section - added new GA Build 1865

09 Feb 2020

"Latest build of CPUSE and What's New" section - added new GA Build 1858

16 Jan 2020

"Latest build of CPUSE and What's New" section - added new GA Build 1848

10 Dec 2019

"Latest build of CPUSE and What's New" section - added new GA Build 1832

27 Nov 2019

Added section (4-B-d) Perform a clean install or upgrade of a Blink image

20 Nov 2019

"Latest build of CPUSE and What's New" section - added new GA Build 1818

03 Oct 2019

"Latest build of CPUSE and What's New" section - added new GA Build 1786

19 Aug 2019

"Latest build of CPUSE and What's New" section - added new GA Build 1751

11 Aug 2019

"Latest build of CPUSE and What's New" section - added new GA Build 1731

16 July 2019

"Latest build of CPUSE and What's New" section - added new GA Build 1728

01 July 2019

"Latest build of CPUSE and What's New" section - added new GA Build 1722

05 June 2019

Added a note that CPUSE package is not compatible with R80.20SP

14 May 2019

"Latest build of CPUSE and What's New" section - added new GA Build 1677

01 May 2019

"Latest build of CPUSE and What's New" section - added new GA Build 1676

31 Mar 2019

Updated setion 4C - "How to uninstall a CPUSE package"

26 Mar 2019

"Latest build of CPUSE and What's New" section - added new GA Build 1671

17 Mar 2019

"Latest build of CPUSE and What's New" section - added new GA Build 1669

23 Jan 2019

"Latest build of CPUSE and What's New" section - added new GA Build 1580

28 Nov 2018

"Latest build of CPUSE and What's New" section - added new GA Build 1577

29 Sep 2018

"Latest build of CPUSE and What's New" section - added new GA Build 1573

26 Sep 2018

Added link to R80.20 Gaia Administration Guide

15 July 2018

Added R80.20 to Versions list

25 June 2018

"Latest build of CPUSE and What's New" section - added new GA Build 1511

24 June 2018

"Latest build of CPUSE and What's New" section - added new GA Build 1510

14 June 2018

"Latest build of CPUSE and What's New" section - added new GA Build 1508

06 May 2018

"Latest build of CPUSE and What's New" section - added new GA Build 1483

08 Apr 2018

Updated Section (2) System requirements and limitations, item G.

12 Feb 2018

"Latest build of CPUSE and What's New" section - added new GA Build 1439

02 Jan 2018

"Latest build of CPUSE and What's New" section - added new GA Build 1418

26 Nov 2017

"Latest build of CPUSE and What's New" section - added new GA Build 1405

10 Oct 2017

Corrected the import instructions in Gaia Portal - correct the name of the button from "Upload" to "Import".

08 Oct 2017

Renamed the "Latest build of CPUSE and What's New" section to the "Download the latest build of CPUSE Agent and What's New".

24 Sep 2017

"Latest build of CPUSE and What's New" section - "(3-D) History of older CPUSE Agent builds" subsection - updated the text to show that build 1130 is integrated into R80 GA version.

27 Aug 2017

"Latest build of CPUSE and What's New" section - added new GA Build 1298.

23 Aug 2017

"Troubleshooting and Related solutions" section - added sk104479.

17 Aug 2017

"Troubleshooting and Related solutions" section - added sk119993.

16 Aug 2017

"Troubleshooting and Related solutions" section - added sk119954.

24 July 2017

"Latest build of CPUSE and What's New" section - added a note that restarting the ConfD daemon should be performed during a maintenance window.

06 July 2017

"System requirements and limitations" section - updated a note that on VSX R80.10, any package can be installed using CPUSE.

27 June 2017

"Latest build of CPUSE and What's New" section - added new GA Build 1294.

21 June 2017

  • Updated the instructions for importing a package in Gaia Portal (by clicking on the Import Package button on the main page).
  • Added link to R80.10 Gaia Administration Guide.

16 June 2017

"Latest build of CPUSE and What's New" section - added new GA Build 1293.

18 May 2017

Added R80.10 version to the article.

25 Apr 2017

"Latest build of CPUSE and What's New" section - added new GA Build 1283.

04 Apr 2017

"Latest build of CPUSE and What's New" section - added new GA Build 1278.

28 Mar 2017

  • Updated the title of this article from "CPUSE - Gaia Software Updates (including Gaia Software Updates Agent)" to "Check Point Upgrade Service Engine (CPUSE) - Gaia Deployment Agent".
  • "Latest build of CPUSE and What's New" section - added the Build 1272 back.

20 Mar 2017

"Latest build of CPUSE and What's New" section - temporarily reverted from Build 1272 to the previous Build 1130.

15 Mar 2017

Added the applicable screenshots for "Verifier" results.

13 Mar 2017

"Latest build of CPUSE and What's New" section - added new GA Build 1272.

11 Feb 2017

"Troubleshooting and Related solutions" section - added sk114592.

05 Feb 2017

"Troubleshooting and Related solutions" section - added sk115719.

15 Jan 2017

"Troubleshooting and Related solutions" section - added sk115515.

31 Dec 2016

  • "(4-A) "How to ..." section - improved import instructions for Offline procedure in Gaia Portal.
  • "Troubleshooting and Related solutions" section - added sk111158, sk115243.

19 Nov 2016

  • "(4-A) "How to ..." section - improved notes about VSX mode.
  • "(4-B) "How to ..." section - improved notes about VSX mode.
  • "(4-B) "How to ..." section - "(4-B-b)" subsection - added a list of files that are copied by CPUSE during an upgrade to a Major Version.

14 Nov 2016

"(4-D) "How to ..." section - improved notes.

03 Nov 2016

"System requirements and limitations" section - added clarifications about the required license and contract.

02 Oct 2016

"Latest build of CPUSE and What's New" section - added new Build 1130.

21 Sep 2016

"Troubleshooting and Related solutions" section - added sk113268, sk113269, sk113270.

21 Aug 2016

"Latest build of CPUSE and What's New" section - added new Build 1127.

23 June 2016

"(4-D) "How to ..." section - improved the description of "installer agent start" command.

21 June 2016

"(4-D) "How to ..." section - improved the description of "installer agent <disable|enable>" and "installer agent <stop|start>" commands.

16 June 2016

"Latest build of CPUSE and What's New" section - added new Build 1005.

14 Apr 2016

"Latest build of CPUSE and What's New" section - added new Build 994.

10 Apr 2016

  • "Troubleshooting and Related solutions" section - added sk105746.
  • "System requirements and limitations" section - added the applicable Domain objects.

09 Apr 2016

"Latest build of CPUSE and What's New" section - added a note about manual installation of CPUSE Agent RPM.

31 Mar 2016

Improved text readability.

30 Mar 2016

"Troubleshooting and Related solutions" section - added sk109359.

27 Mar 2016

Article was redesigned and updated.

03 Jan 2015

Minor text improvements.

03 Jan 2015

"System requirements and limitations" section - updated the information.

20 Nov 2015

Add explanation for "DAClient" commands.

20 Sep 2015

"System requirements and limitations" section - updated the information.

29 July 2015

Corrected Gaia Clish syntax for starting and stopping the Gaia Software Updates Agent daemon.

26 July 2015

Added Gaia Clish syntax for Build 802 and higher.

22 July 2015

Added sk106696 to "Related solutions" section.

11 Mar 2015

"System requirements and limitations" section - added instructions for allowing CPUSE to work with Check Point cloud.

29 Jan 2015

"System requirements and limitations" section - updated the information that option "Automatically download Contracts and other important data (Recommended)" should be enabled in SmartDashboard.

05 Oct 2014

Added description for Gaia Software Updates Agent version from 710 to 747.

11 Sep 2014

"Overview" - "Description" section - added a note that CPuse mechanism supports deployment of Major Versions (starting from build 502).

19 Aug 2014

  • "Software Updates Notifications" section - updated the information.
  • Updated the notes for "set installer" commands.

24 July 2014

Added a note about the "ping" syntax in $DADIR/bin/connection_test.sh script if Gaia machine is disconnected from the Internet.

15 June 2014

"Related solutions" section - added this new section.

12 May 2014

Updated the information about the "Import" operation in Gaia Portal.

17 Mar 2014

Improvements in HTML design.

26 Jan 2014

  • Added notes about importing an image / package.
  • Modified manual installation instructions.

12 Dec 2013

Added description for Gaia Software Updates Agent versions from 502 to 615.

03 Mar 2013

First release of this document.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment