Support Center > Search Results > SecureKnowledge Details
Check Point Upgrade Service Engine (CPUSE) - Gaia Deployment Agent Technical Level
Solution

Table of Contents:

  1. Introduction
  2. System requirements and limitations
  3. Download the latest build of CPUSE Agent, What's New and Installation instructions
  4. How to work with CPUSE
    1. How to download and import a CPUSE package
      1. Download and import instructions for Online procedure - Gaia Portal
      2. Download and import instructions for Online procedure - Gaia Clish
      3. Import instructions for Offline procedure - Gaia Portal
      4. Import instructions for Offline procedure - Gaia Clish
    2. How to install a CPUSE package
      1. Install a Hotfix package / Minor Version package
      2. Perform an upgrade to a Major Version
      3. Perform a clean install of Major Version
      4. Perform a clean install or upgrade of a Blink image
    3. How to uninstall a CPUSE package
    4. "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)
  5. Architecture and Design
  6. Limitations, Troubleshooting and Related solutions
  7. Information about older CPUSE builds
  8. Revision history

In addition, refer to sk111158 - Central Deployment Tool (CDT).

 

Click Here to Show the Entire Article

 

(1) Introduction

Show / Hide this section

Check Point Update Service Engine (CPUSE), also known as Deployment Agent [DA], is an advanced and intuitive mechanism for software deployment on Gaia OS, which supports deployments of single HotFixes (HF), of HotFix Accumulators (Jumbo), and of Major Versions.

Gaia Software Updates offers a Smart, Fast and Safe deployment solution:

Smart   
  • Discover only relevant software updates
  • Reboot only if required
  • Auto authentication with Download Center
  • View hierarchy of software updates
  • E-mail notification for new updates
Fast
  • Fast download
  • Fast installation
  • Short down time
Safe
  • Upgrade to next Major Version is performed on a new disk partition and preserves Gaia OS configuration
  • Automatic conflicts validation
  • Checksum validation of packages on target machine
  • Self-test after installation
  • Auto roll-back on failures

 

(2) System requirements and limitations

Show / Hide this section

Table of Contents for this section:

  1. License and contract
  2. Connection to the Internet
  3. CPUSE communication with Check Point cloud
  4. Deployment Agent update to the latest version
  5. Upgrade
  6. Free disk space
# Topic Comments
A License and contract
  • Valid license has to be installed on the target machine.
  • Valid Software Subscription or Technical Support Contract has to be associated with the license.
  • The Contract File must be installed on the target machine.

Notes:

  1. There is a 30 days grace period upon first installation/activation of the Deployment Agent, during which no license is needed at all.
  2. Evaluation License is not enough to enable Gaia Software Updates.
    A real valid support license is required.
    Access to Check Point Download Server is available via subscription only.
    An Evaluation License is not sufficient to grant download access from the User Center.
B Connection to the Internet
  • Gaia machine should be connected to the Internet:
    • To perform online self-update of Deployment Agent
    • To obtain Software Updates from Check Point Cloud
    Note: The option "Automatically download Contracts and other important data (Recommended)" should be enabled
    per sk94508 (SmartConsole - "Policy" menu - "Global Properties" - "Security Management Access").
  • Manual offline installation of CPUSE packages is available if Gaia machine is disconnected from the Internet.
C CPUSE communication with Check Point cloud

To allow CPUSE to communicate with Check Point cloud, follow the steps below in SmartDashboard.

An explicit firewall rule has to be created in the following scenarios:

# Scenario
description
Which explicit
firewall rule
to create
Traffic
Source
Traffic
Destination
Traffic
proto /
ports
Where to
install / apply
the explicit rule
1

Check Point Security Gateway running on Gaia OS, which must connect to Check Point cloud.

Implied rule "Accept outgoing packets originating from Gateway" is disabled in Policy menu - Global Properties... - FireWall pane.
Create an explicit firewall rule for this Check Point Security Gateway (see procedure below) to allow the communication between CPUSE on this Check Point Security Gateway and Check Point cloud. Check
Point
Security
Gateway
Check
Point
domains
Relevant
HTTP /
HTTPS /
DNS
traffic
Check
Point
Security
Gateway
2 Perimeter Check Point Security Gateway that protects internal Check Point machine running on Gaia OS, which must connect to Check Point cloud. Create an explicit firewall rule for the Perimeter Check Point Security Gateway (see procedure below) to allow the communication between CPUSE on internal Check Point machine and Check Point cloud. Internal
Check
Point
machine
Check
Point
domains
Relevant
HTTP /
HTTPS /
DNS
traffic
Perimeter
Check
Point
Security
Gateway
3 Perimeter non-Check Point FireWall that protects Check Point machine running on Gaia OS, which must connect to Check Point cloud. Create an explicit firewall rule (for reference, see procedure below) for this non-Check Point FireWall to allow the communication between CPUSE on internal Check Point machine and Check Point cloud. Internal
Check
Point
machine
Check
Point
domains
Relevant
HTTP /
HTTPS /
DNS
traffic
Perimeter
non-Check
Point
FireWall

Procedure for Check Point Security Gateway:

Note: For non-Check Point FireWall, the equivalent rule must be created. Related solution: sk83520.

  1. Create the following Domain objects for Check Point domains and for Akamai domain (note the dot in the beginning:

    • .updates.checkpoint.com
    • .updates.g01.checkpoint.com
    • .gwevents.checkpoint.com
    • .gwevents.us.checkpoint.com
    • .deploy.static.akamaitechnologies.com

    Instructions:

    1. Go to "Manage" menu - click on "Network Objects..."

    2. Click on "New..." button - select "Domain..."

    3. In the "Name" field, paste the name of the domain listed above (note the dot in the beginning) and click on "OK".

    4. Repeat Steps i-iii for all domains listed above.

    5. Click on "Close" button.

  2. Create the following Firewall security rule for the involved Security Gateway (use predefined services):

    Important Note: Rules with Domain Objects should be located as low as possible in the rulebase.

    For Scenario #1 - Check Point Security Gateway running on Gaia OS (and implied rule "Accept outgoing packets originating from Gateway" is disabled)

    SOURCE DESTINATION SERVICE ACTION INSTALL ON
    Check Point
    Security
    Gateway

    .updates.checkpoint.com

    .updates.g01.checkpoint.com

    .gwevents.checkpoint.com

    .gwevents.us.checkpoint.com

    .deploy.static.akamaitechnologies.com

    http

    https

    HTTP_and_HTTPS_proxy

    domain-udp

    Accept Check Point
    Security
    Gateway

    For Scenario #2 - Perimeter Check Point Security Gateway that protects internal Check Point machine

    SOURCE DESTINATION SERVICE ACTION INSTALL ON
    Internal
    Check Point
    machine

    .updates.checkpoint.com

    .updates.g01.checkpoint.com

    .gwevents.checkpoint.com

    .gwevents.us.checkpoint.com

    .deploy.static.akamaitechnologies.com

    http

    https

    HTTP_and_HTTPS_proxy

    domain-udp

    Accept Perimeter
    Check Point
    Security
    Gateway
  3. Install the policy onto involved Security Gateway.

D Deployment Agent update to the latest version
  • On online Gaia machine (that is connected to the Internet):

    • Deployment Agent must always be updated to the latest available version before being able to perform any action.
    • It is recommended to leave the default Deployment Agent policy set to "Periodically update new Deployment Agent version (recommended)".
  • On offline Gaia machine (that is disconnected from the Internet), it is strongly recommended to always update the Deployment Agent to the latest available build.

E Upgrade
  • Upgrade to a higher Major Version (e.g., from R80.40 to R81.X) using CPUSE will not be available on these machines/appliances:

    • IP Appliances that were upgraded from IPSO OS to Gaia OS
    • Open Servers that were upgraded from SecurePlatform OS to Gaia OS
    • UTM-1 130 and UTM-1 270 appliances (regardless of previous OS)
    • Scalable Platform R80.20SP (refer to to R80.20SP Installation and Upgrade Guide)
  • Major Upgrade using CPUSE on IP Appliances running Gaia OS is supported only in Clish.

F Free disk space
  • To import a CPUSE package, the /var/log/ partition on Gaia OS must have enough free disk space - at least twice the size of the package you want to import.

    To see the amount of available disk space in /var/log/ partition, run the following command in Expert mode:

    [Expert@HostName:0]# df -h | grep -E "Avail|/var/log"
    Example:
    [Expert@Gaia:0]# df -h | grep -E "Avail|/var/log"
    	Filesystem            Size  Used Avail Use% Mounted on
    	11G  286M  9.9G   3% /var/log
    	[Expert@Gaia]#
    	
  • To upgrade to a higher Major Version, or to perform Clean Installation using CPUSE, machine must have enough unallocated (unpartitioned) disk space -
    at least as the size of the root partition.

    Run the following commands in Expert mode:

    1. Check the size of the "root" partition:

      [Expert@HostName:0]# df -h | grep -E "Avail|\/$"
      Example:
      [Expert@Gaia:0]# df -h | grep -E "Avail|\/$"
      	Filesystem            Size  Used Avail Use% Mounted on
      	17G  9.1G  6.6G  59% /
      	[Expert@Gaia]#
      	
    2. Check the amount of unallocated (unpartitioned) disk space:

      [Expert@HostName:0]# pvs
      Example:
      [Expert@Gaia:0]# pvs
      	PV         VG       Fmt  Attr PSize  PFree
      	/dev/sda3  vg_splat lvm2 a-   57.81G 29.81G
      	[Expert@Gaia]#
      	

    The unallocated disk space could be freed by removing Gaia snapshots (if any exist), and by following sk91060.

 

(3) Download the latest build of Deployment Agent, What's New and Installation instructions

Build
Number
Release
Date
Status Download
Link
What's New
2113 29 September 2021 General Availability   (TGZ)

Notes:

  • Latest build is usually gradually released to all customers. Therefore, not all machines might receive the latest build at the same time.
  • This package should not be used for upgrading the Deployment Agent for the R80.20SP version for Maestro & chassis products.
  • Check Point always recommends to upgrade the Deployment Agent to the latest available build.

 

Show / Hide this section

Table of Contents for this section:

  1. How to check the current CPUSE build
  2. How to manually install CPUSE

(3-A) How to check the current build of the CPUSE Agent

Where to check Instructions
In Gaia Portal
  1. Navigate to Upgrades (CPUSE) section - click on Status and Actions page.

  2. Build of the installed Deployment Agent is displayed at the top.

    Example:

In Gaia Clish
  1. Connect to command line on Gaia machine.

  2. Log in to Clish.

  3. Run this command:

    HostName:0> show installer status build

    Example output:

    Build number: 2019 (agent build is up to date)
In Expert mode
  1. Connect to command line on Gaia machine.

  2. Log in to Expert mode.

  3. Run this command:

    [Expert@HostName:0]# da_cli da_status

    {
    "Action ID" : "0",
    "DABuildNumber" : "2019",
    "DAService State" : "ready",
    "New DA Availability" : "up to date"
    }

 

(3-B) How to manually install the CPUSE Agent package

Procedure in Gaia Portal:

  1. Connect to Gaia Portal and obtain the lock over the configuration database (click on the lock icon at the top - near 'Sign Out').

  2. Navigate to Upgrades (CPUSE) section - click on Status and Actions page.

  3. Click the "Install DA" button:

  4. Browse to the Deployment Agent TGZ package on your computer.

  5. Follow the instructions on the screen.

Procedure in CLI:

  1. Transfer the CPUSE Agent package (DeploymentAgent_<build>.tgz) to the machine (into some directory - e.g., /some_path_to_CPUSE/).

  2. Connect to the command line.

  3. Log in to Gaia Clish.

  4. Run:

    installer agent install <full path>/DeploymentAgent_<build>.tgz

 

(4) How to work with CPUSE

Show this section

Table of Contents for this section:

  1. How to download and import a CPUSE package
  2. How to install a CPUSE package
  3. How to uninstall a CPUSE package
  4. "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)

(4-A) How to work with CPUSE - How to download and import a CPUSE package

Show this sub-section

Important Note: After the desired CPUSE package is downloaded / imported, proceed to sub-section "(4-B) How to work with CPUSE - How to install a CPUSE package".

  • (4-A-a) Show / Hide download and import instructions for Online procedure - Gaia Portal

    The online procedure in Gaia Portal can be used in the following cases:

    • Gaia machine is connected to the Internet (meaning, full access to Check Point Cloud - refer to section "System requirements and limitations" -
      requirement "CPUSE communication with Check Point cloud" above, and to sk83520).
    • CPUSE package is available on the Check Point Cloud.

    Procedures:

    • (4-A-a-i) Show / Hide online download instructions in Gaia Portal for Public Hotfixes / Minor Version / Major Version

      1. Connect to Gaia Portal and obtain the lock over the configuration database (click on the lock icon at the top - near 'Sign Out'):

      2. Navigate to Upgrades (CPUSE) section - click on Status and Actions page.

      3. All packages are displayed in categories and by default are filtered to view recommended packages only.

        Note: Use the filter button near the help icon and select the packages you wish to see:

      4. Verify the package - check whether this package can be installed without conflicts:

        • Either select the package - click on the More button on the toolbar - click on Verifier:

        • Or right-click on the package - click on Verifier:

        Result of this test should be:

        • Installation is allowed
        • Upgrade is allowed

        Examples:

        For Hotfix package: For Major Version:
      5. Download the package in relevant category:

        Note: The download progress (in per cent) is displayed in "Gaia Portal" - "Upgrades (CPUSE)" section - "Status and Actions" page,
        and in the output of Clish command "show installer package <Package_Number>".

        Category Instructions
        Hotfixes
        • Option 1 - only download the package:

          1. Select the package.

          2. Download the package:

            • Either select the package - click on More button
              on the toolbar, and click on Download:

            • Or right-click on the package and click on Download:

          3. You can pause the download at any time:

            • Either select the package and click
              on Pause button on the toolbar:

            • Or right-click on the package and click on Pause:

            The status of the package will change to "Pausing Download"
            and then to "Partially Downloaded":

          4. You can resume the download at any time:

            • Either select the package and click
              on Resume button on the toolbar:

            • Or right-click on the package and click on Resume:

            The status of the package will change to "Resuming Download"
            and then to "Downloading":

        • Option 2 - download and install the package in one step:

          • Either select the package and click
            on Install Update button on the toolbar:

          • Or right-click on the package and click on Install Update:

        Major Versions
        1. Select the package.

        2. Download the package:

          • Either select the package - click
            on Download button on the toolbar:

          • Or right-click on the package and click on Download:

        3. You can pause the download at any time:

          • Either select the package and click
            on Pause button on the toolbar:

          • Or right-click on the package and click on Pause:

          The status of the package will change to "Pausing Download"
          and then to "Partially Downloaded":

        4. You can resume the download at any time:

          • Either select the package and click
            on Resume button on the toolbar:

          • Or right-click on the package and click on Resume:

          The status of the package will change to "Resuming Download"
          and then to "Downloading":

      6. Proceed to sub-section "(4-B) How to work with CPUSE - How to install a CPUSE package".



    • (4-A-a-ii) Show / Hide online import instructions in Gaia Portal for Private Hotfixes / Jumbo Hotfix Accumulators
      1. Connect to Gaia Portal and obtain the lock over the configuration database (click on the lock icon at the top - near 'Sign Out'):

      2. Navigate to Upgrades (CPUSE) section - click on Status and Actions page.

      3. Click on the Add hotfixes from the cloud button:

      4. A pop-up appears:

      5. Contact Check Point Support to get the relevant CPUSE Identifier.

        If you know that the CPUSE package for required hotfix is available on Check Point Download Center, then copy-and-paste
        the exact name of the regular package for required hotfix as appears in the "File Name" field on the hotfix Download Page.

        Notes:

        • Currently, only the following keys are supported in this field: Left/Right arrow, Delete, Backspace.
        • Downloading the hotfix by its URL is not supported.
        • Packages that are not suitable for this machine, will not be available (e.g., if some Take of a Jumbo Hotfix Accumulator is installed, then Takes lower than the current Take will not be available).

        Examples:

        Example
        • CPUSE Identifier of a Jumbo Hotfix Accumulator is:
          Check_Point_R81_JUMBO_HF_MAIN_Bundle_T36.tgz:
      6. Click on the magnifying glass icon to start the search.

        Example:

      7. When the package is found, it will be displayed as a link along with its title and release date.

        Example:

      8. Click on the package to add it to the list of available packages.

        Example:

      9. The package will be added with status Available for Download, and the filter will automatically change to show all packages.

      10. Verify the package - check whether this package can be installed without conflicts:

        • Either select the package - click on the More button on the toolbar - click on Verifier:

        • Or right-click on the package - click on Verifier:

        Result of this test should be:

        • Installation is allowed
        • Upgrade is allowed

      11. Download the package - same as (5)

      12. If you only downloaded the package (without installing it), then proceed to sub-section "(4-B) How to work with CPUSE - How to install a CPUSE package".



  • (4-A-b) Show / Hide download and import instructions for Online procedure - Gaia Clish

    The online procedure in Gaia Clish can be used in the following cases:

    • Gaia machine is connected to the Internet (meaning, full access to Check Point Cloud - refer to section "System requirements and limitations" -
      requirement "CPUSE communication with Check Point cloud" above, and to sk83520).
    • CPUSE package is available on the Check Point Cloud.
    • If this Gaia machine is running in VSX Mode, then refer to section "(2) System requirements and limitations" - subsection "G. VSX Gateways".

    Note: For details about Clish commands, refer to section "(4-D) How to work with CPUSE - "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)".

    Procedures:

    • (4-A-b-i) Show / Hide online download instructions in Gaia Clish for Public Hotfixes / Minor Version / Major Version

      1. Connect to command line on Gaia machine.

      2. Log in to Clish.

      3. Acquire the lock over Gaia configuration database:

        HostName:0> lock database override
      4. Check the available packages (run the relevant command):

        HostName:0> show installer packages recommended

        HostName:0> show installer packages available-for-download

        HostName:0> show installer package[press Space key][press Tab key]
        HostName:0> show installer package <Package_Number>
      5. Download the desired package from the Check Point Cloud:

        Note: The download progress (in per cent) is displayed in the output of Clish command "show installer package <Package_Number>", and
        in "Gaia Portal" - "Upgrades (CPUSE)" section - "Status and Actions" page.

        HostName:0> installer download <Package_Number>
      6. You can pause the download at any time:

        HostName:0> installer download <Package_Number> pause
      7. You can resume the download at any time:

        HostName:0> installer download <Package_Number> resume
      8. Show the downloaded packages:

        HostName:0> show installer packages downloaded
      9. Verify the package - check whether this package can be installed without conflicts:

        HostName:0> installer verify <Package_Number>

        Result of this test should be:

        • For Hotfix package:

          Result: Installation is allowed
          	Status: Available for Install
          	
        • For Minor / Major Version:

          Result: Verifier results: Clean Install: Installation is allowed. Upgrade: Upgrade is allowed.
          	Status: Available for Install
          	
      10. Proceed to sub-section "(4-B) How to work with CPUSE - How to install a CPUSE package".



    • (4-A-b-ii) Show / Hide online import instructions in Gaia Clish for Private Hotfixes / Jumbo Hotfix Accumulators

      1. Connect to command line on Gaia machine.

      2. Log in to Clish.

      3. Acquire the lock over Gaia configuration database:

        HostName:0> lock database override
      4. Import the desired package from the Check Point Cloud:

        HostName:0> installer import cloud <CPUSE_Identifier>

        Contact Check Point Support to get the relevant CPUSE Identifier.

        Note: Packages that are not suitable for this machine, will not be available.

        If you know that the CPUSE package for required hotfix is available on Check Point Download Center, then copy-and-paste
        the exact name of the regular package for required hotfix as appears in the "File Name" field on the hotfix Download Page:

        Examples:

        Example
        • CPUSE Identifier of a Jumbo Hotfix Accumulator is:
          Check_Point_R81_JUMBO_HF_1_Bundle_T23.tgz
      5. Show the imported packages:

        HostName:0> show installer packages imported
      6. Verify the package - check whether this package can be installed without conflicts:

        HostName:0> installer verify[press Space key][press Tab key]
        HostName:0> installer verify <Package_Number>

        Result of this test should be:

        Result: Installation is allowed
        	Status: Available for Install
        	
      7. Proceed to sub-section "(4-B) How to work with CPUSE - How to install a CPUSE package".



  • (4-A-c) Show / Hide import instructions for Offline procedure - Gaia Portal

    The offline import procedure in Gaia Portal can be used in the following cases:

    • Gaia machine is disconnected from the Internet (meaning, no access to Check Point Cloud).
    • CPUSE package is not available on the Check Point Cloud.
    • Although Gaia machine is connected to the Internet, administrator wishes to manually import a CPUSE package instead of downloading it from Check Point Cloud.
    • Gaia machine is not running in VSX Mode (in which case, Gaia Portal is not available).

    Notes:

    • Starting from R81, the installed offline packages must be .tar files.
    • Either get the offline CPUSE package from Check Point Support, or export the CPUSE package from a source Gaia machine, on which this package was already
      downloaded / installed (for package export instructions, refer to section "(4) How to work with CPUSE" - "(D) Additional information about Gaia Clish commands
      and Gaia Portal actions for CPUSE" - "Show / Hide how to export a CPUSE package in Gaia Portal"
      .
    • Requirements for free disk space exist.
    • For details about Clish commands, refer to section "(4-D) How to work with CPUSE - "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)".

    Import procedure for Offline CPUSE package / Exported CPUSE package:

    1. Make sure you have the relevant CPUSE offline package (TGZ file) / exported package (TAR file).

    2. Connect to Gaia Portal on the target Gaia OS.

    3. Obtain the lock over the configuration database (click on the lock icon at the top - near 'Sign Out'):

    4. Navigate to Upgrades (CPUSE) section - click on Status and Actions page.

    5. In the upper right corner, click on the Import Package button:

    6. In the Import Package window, click on Browse... - select the CPUSE offline package (TGZ file) / exported package (TAR file) - click on Import.

      Note: If the following error is displayed, then wrong package was uploaded (contact Check Point Support for assistance):

      Import Failed
      Cannot import package <Name_of_File>. It is not a valid CPUSE package.
      Refer to the package's official documentation to get a list of compatible machines. For more information, contact Check Point Technical Services.

      Example:

      • Popup at the bottom:

      • Event Log entry:

    7. Click on the filter button near the help icon (that currently says "Showing Recommended packages") and click on "All" (the filter should change to "Showing All packages"):

    8. Verify the imported package - check whether this package can be installed without conflicts:

      • Either select the imported package - click on the More button on the toolbar - click on Verifier:

      • Or right-click on the imported package - click on Verifier:

      Result of this test should be:

      • Installation is allowed
      • Upgrade is allowed

    9. Proceed to sub-section "(4-B) How to work with CPUSE - How to install a CPUSE package".



  • (4-A-d) Show / Hide import instructions for Offline procedure - Gaia Clish

    The offline import procedure in Gaia Clish can be used in the following cases:

    • Gaia machine is disconnected from the Internet (meaning, no access to Check Point Cloud).
    • CPUSE package is not available on the Check Point Cloud.
    • Although Gaia machine is connected to the Internet, administrator wishes to manually import a CPUSE package instead of downloading it from Check Point Cloud.
    • If this Gaia machine is running in VSX Mode, then refer to section "(2) System requirements and limitations" - subsection "H. VSX Gateways".

    Notes:

    • Starting from R81, the installed offline packages must be .tar files.
    • Either get the offline CPUSE package from Check Point Support, or export the CPUSE package from a source Gaia machine, on which this package was already
      downloaded / installed (for package export instructions, refer to section "(4) How to work with CPUSE" - "(D) Additional information about Gaia Clish commands
      and Gaia Portal actions for CPUSE" - "Show / Hide how to export a CPUSE package in Gaia Portal"
      .
    • Requirements for free disk space exist.
    • For details about Clish commands, refer to section "(4-D) How to work with CPUSE - "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)".

    Import procedure for Offline CPUSE package / Exported CPUSE package:

    1. Make sure you have the relevant CPUSE offline package (TGZ file) / exported package (TAR file).

    2. Transfer the CPUSE offline package (TGZ) / exported package (TAR) to the target Gaia machine (into some directory, e.g., /some_path_to_package/).

    3. Connect to command line on the target Gaia OS.

    4. Log in to Clish.

    5. Acquire the lock over Gaia configuration database:

      HostName:0> lock database override
    6. Import the package from the hard disk:

      Note: When import completes, this package is deleted from the original location.

      HostName:0> installer import local <Full_Path>/<Package_File_Name>.<TGZ_or_TAR>

      Example:
      HostName:0> installer import local /var/log/path_to_pkg/Check_Point_Hotfix_R81.tgz
    7. Show the imported packages:

      HostName:0> show installer packages imported
    8. Verify the package - check whether this package can be installed without conflicts:

      HostName:0> installer verify[press Space key][press Tab key]
      HostName:0> installer verify <Package_Number>

      Result of this test should be:

      • For Hotfix package:

        Result: Installation is allowed
        	Status: Available for Install
        	
      • For Minor / Major Version:

        Result: Verifier results: Clean Install: Installation is allowed. Upgrade: Upgrade is allowed.
        	Status: Available for Install
        	
    9. Proceed to sub-section "(4-B) How to work with CPUSE - How to install a CPUSE package".

 

(4-B) How to work with CPUSE - How to install a CPUSE package

Show this sub-section
  • (4-B-a) Show / Hide instructions for installing a Hotfix / JUMBO package 

    Note: Requirements for free disk space and limitations in VSX mode exist.

    • (4-B-a-i) Show / Hide installation instructions in Gaia Portal for Hotfixes

      1. All packages are displayed in categories and by default are filtered to view recommended packages only.

        Note: Use the filter button near the help icon and select the packages you wish to see:

      2. Verify the package (if you have not done it yet) - check whether this package can be installed without conflicts:

        • Either select the package - click on the More button on the toolbar - click on Verifier:

        • Or right-click on the package - click on Verifier:

        Result of this test should be:

        • Installation is allowed
      3. Install the package:

        Note: The installation progress (in per cent) is displayed in "Gaia Portal" - "Upgrades (CPUSE)" section - "Status and Actions" page,
        and in the output of Clish command "show installer package <Package_Number>".

        • Either select the package and click on Install Update button on the toolbar:

        • Or right-click on the package and click on Install Update:

      4. Machine is rebooted automatically (only if required so by the installed hotfix).

    • (4-B-a-iii) Show / Hide installation instructions in Gaia Clish for Hotfixes / JUMBO packages

      Note: For details about Clish commands, refer to section "(4-D) How to work with CPUSE - "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)".

      1. Connect to command line on Gaia OS.

      2. Log in to Clish.

      3. Acquire the lock over Gaia configuration database:

        HostName:0> lock database override
      4. Display the downloaded / available for install packages:

        HostName:0> show installer packages

        Example from R81.00:

        HostName:0> show installer packages
        	**  ************************************************************************* **
        	**                                 Hotfixes                                   **
        	**  ************************************************************************* **
        	Display name                                      Status
        	R81 Jumbo Hotfix Accumulator General Availability (Take 36)             Available for Install
        	**  ************************************************************************* **
        	**                                  Majors                                    **
        	**  ************************************************************************* **
        	Display name                                      Status 
        R81.10 Gaia Fresh Install and upgrade                               Available for Download HostName:0>
      5. Verify the package (if you have not done it yet) - check whether this package can be installed without conflicts:

        HostName:0> installer verify[press Space key][press Tab key]
        HostName:0> installer verify <Package_Number>

        Result of this test should be:

        Result: Installation is allowed
        	Status: Available for Install
        	
      6. Install the desired package:

        Note: The installation progress (in per cent) is displayed in the output of Clish command "show installer package <Package_Number>", and
        in "Gaia Portal" - "Upgrades (CPUSE)" section - "Status and Actions" page.

        HostName:0> installer install[press Space key][press Tab key]
        HostName:0> installer install <Package_Number>

        Example from R81.00:

        HostName:0> installer install[press Space key][press Tab key]
        	**  ************************************************************************* **
        	**                                 Hotfixes                                   **
        	**  ************************************************************************* **
        	Num Display name                                      Type
        	1   R81 Jumbo Hotfix Accumulator General Availability (Take 36)            Hotfix
        	HostName:0> installer install 1
        	Initiating install of R81 Jumbo Hotfix Accumulator General Availability (Take 36)...
        	Interactive mode is enabled. Press CTRL + C to exit (this will not stop the operation)
        	Result: Package R81 Jumbo Hotfix Accumulator General Availability (Take 36) was installed successfully.
        	Status: Installing (100%)
        	
      7. Machine is rebooted automatically (only if required so by the installed hotfix).

        Note: If machine was not rebooted by the installed package, it might be necessary to connect to command line and to manually run the cpstart / mdsstart command.

  • (4-B-b) Show / Hide instructions for performing an upgrade to a Major Version

    Important Note: Existing OS settings and the Check Point Database are preserved during this procedure.

    Notes:

    • Requirements for free disk space and limitations in VSX mode exist.

    • Upgrade to a Major version is performed on a new hard disk partition, and the "old" partition is converted into Gaia Snapshot (the new partition space is taken from the un-partitioned space on the hard disk.

    • During an upgrade to a Major version, the CPUSE Agent copies the following files from the current version to the target version:

      • The current $CPDIR/database/*authkeys.C files are copied to the target $CPDIR/database/ directory
      • The current $FWDIR/lib/user.def file is copied to the target $FWDIR/lib/ directory
      • The current $FWDIR/lib/user_early.def file is copied to the target $FWDIR/lib/ directory
      • The current $FWDIR/lib//defaultfilter.boot file is copied to the target $FWDIR/conf/defaultfilter.pf file
      • The current /etc/fw.boot/ha_boot.conf file is copied to the target /etc/fw.boot/ directory
      • The current /etc/fw.boot/modules/fwkern.conf file is copied to the target /etc/fw.boot/modules/ directory
      • The current /etc/ppk.boot/boot/modules/sim_aff.conf file is copied to the target /etc/ppk.boot/boot/modules/ directory
    • The date of the created snapshot indicates when the "old" partition was created and not when it was converted to snapshot. The date of the conversion to snapshot is indicated in the snapshot description.

    Instructions:

    • (4-B-b-i) Show / Hide upgrade instructions in Gaia Portal for Major Version

      1. All packages are displayed in categories and by default are filtered to view recommended packages only.

      2. Verify the package (if you have not done it yet) - check whether this package can be upgraded:

        • Either select the package - click on the More button on the toolbar - click on Verifier:

        • Or right-click on the package - click on Verifier:

        Result of this test should be:

        • Installation is allowed
        • Upgrade is allowed

      3. Install the package:

        Note: The installation progress (in per cent) is displayed in "Gaia Portal" - "Upgrades (CPUSE)" section - "Status and Actions" page,
        and in the output of Clish command "show installer package <Package_Number>".

        • Either select the package and click on Upgrade button on the toolbar:

          Example:
        • Or right-click on the package and click on Upgrade:

      4. CPUSE shows the following warning over Gaia Portal:

        After this upgrade, there will be an automatic reboot.
        (Existing OS settings and the Check Point Database are preserved.)

      5. Machine is rebooted automatically.

      6. If you connect to command line and log in, the following notification from CPUSE will be displayed above the prompt:

        Upgrade is still running. Log in to the Status and Actions page to see the progress.
      7. Connect to Gaia Portal and obtain the lock over the configuration database (click on the lock icon at the top - near 'Sign Out'):

      8. CPUSE shows the following pop-up over Gaia Portal:

        "Upgrade is still running. Log in to the Status and Actions page to see the progress."

        Example:
      9. Navigate to Upgrades (CPUSE) section  - click on Status and Actions page.

      10. Click on the filter button near the help icon (that currently says "Showing Recommended packages") and click on "All" (the filter should change to "Showing All packages"):

        11. Manually install the policy:

        • If you upgraded a Security Management Server / Multi-Domain Security Management Server, then install the policy onto all managed Security Gateways / Clusters.
        • If you upgrade a Security Gateway / Cluster Members, then install the policy on this Security Gateway / Cluster.


      11. (4-B-b-ii) Show / Hide upgrade instructions in Gaia Clish for Major Version

        Note: For details about Clish commands, refer to section "(4-D) How to work with CPUSE - "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)".

        1. Connect to command line on Gaia machine.

        2. Log in to Clish.

        3. Acquire the lock over Gaia configuration database:

          HostName:0> lock database override
        4. Display the downloaded / available for install packages:

          HostName:0> show installer packages

          Example from R81.00 being upgraded to R81.10 (clean install):

          HostName:0> show installer packages
          	**  ************************************************************************* **
          	**                                 Hotfixes                                   **
          	**  ************************************************************************* **
          	Display name                                                       Status 
          R81 Jumbo Hotfix Accumulator General Availability (Take 36)      Installed ** ************************************************************************* ** ** Majors ** ** ************************************************************************* ** Display name Status R81.10 Gaia Fresh Install and upgrade                        Available for Install HostName:0> HostName:0> show installer packages downloaded ** ************************************************************************* ** ** Majors ** ** ************************************************************************* ** Display name Type R81.10 Gaia Fresh Install and upgrade            Major Version HostName:0>
        5. Verify the package (if you have not done it yet) - check whether this package can be installed without conflicts:

          HostName:0> installer verify[press Space key][press Tab key]
          HostName:0> installer verify <Package_Number>

          Result of this test should be:

          Result: Verifier results: Clean Install: Installation is allowed. Upgrade: Upgrade is allowed.
          	Status: Available for Install
          	
        6. Start the upgrade to Major Version:

          HostName:0> installer upgrade[press Space key][press Tab key]
          HostName:0> installer upgrade <Package_Number>

          Note: Once you see "Validating Install", press CTRL+C.

          Example from R81.00 being upgraded to R81.10 (clean install):

          HostName:0> installer upgrade[press Space key][press Tab key]
          	**  ************************************************************************* **
          	**                                  Majors                                    **
          	**  ************************************************************************* **
          	Num Display name                                      Type
          	1   R81.10 Gaia Fresh Install and upgrade           Major Version
          	HostName:0> installer upgrade 1
          	The machine will automatically reboot after installation (y/n) [n]  y
          
          	Initiating upgrade of R81.10 Gaia Fresh Install and upgrade...
          	Note:      After this upgrade, there will be an automatic reboot.
          	Existing OS settings and the Check Point Database are preserved.
          	Interactive mode is enabled. Press CTRL + C to exit (this will not stop the operation)
          	Validating Install:            5%
          	
        7. Get the Package Number of the package being installed:

          HostName:0> show installer package[press Space key][press Tab key]

          
          
        8. Monitor the installation progress:

          Repeatedly run this command and refer to the "Status" line:

          HostName:0> show installer package <Package_Number>

          Example from R81.00 being upgraded to R81.10 (clean install):

          HostName:0> show installer package 3
          	Display name:     R81.10 Gaia Fresh Install and upgrade
          Description: No Description Size: 3.18 GB Type: Major Version Status: Installing (13%) Requires reboot: Yes Recommended: No Contains: None Contained-in: None Downloaded on: Thu Mar 3 19:56:01 2021 Imported on: N/A Installed on: N/A Installation log: /opt/CPInstLog//install_Major_R81_10.log HostName:0> ... ... ... HostName:0> show installer package 3 ... ... ... HostName:0> show installer package 3 Display name:     R81.10 Gaia Fresh Install and upgrade
          Description: No Description Size: 3.18 GB Type: Major Version Status: Installing (100%) Requires reboot: Yes Recommended: No Contains: None Contained-in: None Downloaded on: Thu Mar 3 19:56:01 2021 Imported on: N/A Installed on: Thu Mar 3 20:31:53 2021 Installation log: /opt/CPInstLog//install_Major_R81_10.log HostName:0>
        9. Machine is rebooted automatically.

        10. If you connect to command line and log in, the following notification from CPUSE will be displayed above the prompt:

          Upgrade is still running. Log in to the Status and Actions page to see the progress.
        11. Connect to Gaia Portal and obtain the lock over the configuration database (click on the lock icon at the top - near 'Sign Out'):

        12. CPUSE shows the following pop-up over Gaia Portal:

          "Upgrade is still running. Log in to the Status and Actions page to see the progress."

          Example:
        13. Navigate to Upgrades (CPUSE) section - click on Status and Actions page.

        14. Click on the filter button near the help icon (that currently says "Showing Recommended packages") and click on "All" (the filter should change to "Showing All packages"):

        15. You will see the relevant progress (no need to refresh the page).

        16. Manually install the policy:

          • If you upgraded a Security Management Server / Multi-Domain Security Management Server, then install the policy onto all managed Security Gateways / Clusters.
          • If you upgrade a Security Gateway / Cluster Members, then install the policy on this Security Gateway / Cluster.


    • (4-B-c) Show / Hide instructions for performing a clean install of a Major Version

      Note: Requirements for free disk space and limitations in VSX mode exist.

      Important Note: Existing OS settings and the Check Point Database will be overwritten during this procedure.

      • (4-B-c-i) Show / Hide clean install instructions in Gaia Portal for Major Version

        1. All packages are displayed in categories and by default are filtered to view recommended packages only.

          Note: Use the filter button near the help icon and select the packages you wish to see

        2. Verify the package (if you have not done it yet) - check whether this package can be installed without conflicts:

          • Either select the package - click on the More button on the toolbar - click on Verifier:

          • Or right-click on the package - click on Verifier:

          Result of this test should be:

          • Installation is allowed
          • Upgrade is allowed

        3. Install the package:

          Note: The installation progress (in per cent) is displayed in "Gaia Portal" - "Upgrades (CPUSE)" section - "Status and Actions" page,
          and in the output of Clish command "show installer package <Package_Number>".

          • Either select the package and click on Clean Install button on the toolbar.

          • Or right-click on the package and click on Clean Install:

        4. Machine is rebooted automatically.

        5. Connect to Gaia Portal and complete the First Time Configuration Wizard.



      • (4-B-c-ii) Show / Hide clean install instructions in Gaia Clish for Major Version

        Note: For details about Clish commands, refer to section "(4-D) How to work with CPUSE - "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)".

        1. Connect to command line on Gaia machine.

        2. Log in to Clish.

        3. Acquire the lock over Gaia configuration database:

          HostName:0> lock database override
        4. Display the downloaded / available for install packages:

          HostName:0> show installer packages

        5. Verify the package (if you have not done it yet) - check whether this package can be installed without conflicts:

          HostName:0> installer verify[press Space key][press Tab key]
          HostName:0> installer verify <Package_Number>

          Result of this test should be:

          Result: Verifier results: Clean Install: Installation is allowed. Upgrade: Upgrade is allowed.
          	Status: Available for Install
          	
        6. Start the clean install of Major Version:

          HostName:0> installer clean-install[press Space key][press Tab key]
          HostName:0> installer clean-install <Package_Number>

          Note: Once you see "Validating Install", press CTRL+C.

          Example from R75.46 being upgraded to R77 (clean install):

          HostName:0> installer install[press Space key][press Tab key]
          	**  ************************************************************************* **
          	**                                  Majors                                    **
          	**  ************************************************************************* **
          	Num Display name                                      Type
          	1   R81.10 Gaia Fresh Install and upgrade           Major Version
          	HostName:0> installer install 1
          	The machine will automatically reboot after installation (y/n) [n]  y
          
          	Initiating install of R81.10 Gaia Fresh Install and upgrade...
          	Note:      This installs a new machine.
          	Existing OS settings and the Check Point Database will be overwritten.
          	There will be an automatic reboot.
          	Interactive mode is enabled. Press CTRL + C to exit (this will not stop the operation)
          	Validating Install:            5%
          	
        7. Get the Package Number of the package being installed:

          HostName:0> show installer package[press Space key][press Tab key]
        8. Monitor the installation progress:

          Repeatedly run this command and refer to the "Status" line:

          HostName:0> show installer package <Package_Number>

          Example from R81.00 being upgraded to R81.10 (clean install):

          HostName:0> show installer package 3
          	Display name:     R81.10 Gaia Fresh Install and upgrade
          Description: No Description Size: 3.18 GB Type: Major Version Status: Installing (13%) Requires reboot: Yes Recommended: No Contains: None Contained-in: None Downloaded on: Thu Mar 3 19:56:01 2021 Imported on: N/A Installed on: N/A Installation log: /opt/CPInstLog//install_Major_R81_10.log HostName:0> ... ... ... HostName:0> show installer package 3 ... ... ... HostName:0> show installer package 3 Display name:     R81.10 Gaia Fresh Install and upgrade
          Description: No Description Size: 3.18 GB Type: Major Version Status: Installing (100%) Requires reboot: Yes Recommended: No Contains: None Contained-in: None Downloaded on: Thu Mar 3 19:56:01 2021 Imported on: N/A Installed on: Thu Mar 3 20:06:30 2021 Installation log: /opt/CPInstLog//install_Major_R81_10.log HostName:0>
        9. Machine is rebooted automatically.

        10. Connect to command line on Gaia machine.

        11. Log in.

        12. Gaia OS prompts to run the First Time Configuration Wizard.

          Example from R81.00 being upgraded to R81.10 (clean install):

          login as: admin
          	This system is for authorized use only.
          	admin@172.30.41.100's password:
          	Last login: Thu Mar  3 13:08:47 2021
          	In order to configure your system, please access the Web UI and finish the First Time Wizard.
          	gw-aa7bc3>
          
          	gw-aa7bc3> show installer package[press Space key][press Tab key]
          	**  ************************************************************************* **
          	**                                  Majors                                    **
          	**  ************************************************************************* **
          	Num Display name                                      Type
          	1   R81.10 Gaia Fresh Install and upgrade            Major Version
          	gw-aa7bc3> show installer package 1
          	Display name:     R81.10 Gaia Fresh Install and upgrade
          Description: No Description Size: 3.18 GB Type: Major Version Status: Installed Requires reboot: Yes Recommended: No Contains: None Contained-in: None Downloaded on: N/A Imported on: N/A Installed on: N/A Installation log: N/A gw-aa7bc3>
        13. Connect to Gaia Portal and complete the First Time Configuration Wizard.

     

    (4-C) How to work with CPUSE - How to uninstall a CPUSE package

    Show / Hide this sub-section

    Notes:


    Where to uninstall How to uninstall
    Gaia Portal
    • Either select the package - click on More button on the toolbar, and click on Uninstall:
      (Note: Machine is rebooted automatically)

      Example:
    • Or right-click on the package and click on Uninstall:
      (Note: Machine is rebooted automatically)

    • You will get uninstall options window.
      The available uninstall options are to uninstall the last Jumbo HFA Take and to uninstall completely if there were more than one Take installed:

    Gaia Clish

    Note: For details about Clish commands, refer to section "(4-D) How to work with CPUSE - "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)".

    1. Connect to command line on Gaia machine.

    2. Log in to Clish.

    3. Acquire the lock over Gaia configuration database:

      HostName:0> lock database override
    4. Show the installed packages:

      HostName:0> show installer packages installed
    5. Uninstall the desired package:

      HostName:0> installer uninstall[press Space key][press Tab key]
      HostName:0> installer uninstall <Package_Number> [press Space key][press Tab key]

      INFO: This package is installed on top of Jumbo HFA Take 154

      Select one of the following uninstall options:
      completely - After uninstall, there is no version of the package installed on your machine
      last-take - Only the latest Jumbo HFA Take is uninstalled. The previously installed Jumbo HFA Take remains on your machine
    6. Machine is rebooted automatically (if required so by the uninstalled package).

     

    (4-D) "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)

    Show this sub-section
    • Show / Hide available Clish commands for CPUSE

      The following command are available in Gaia Clish to work with CPUSE:

      1. Connect to command line on Gaia machine.

      2. Log in to Clish.

      3. Acquire the lock over Gaia configuration database:

        HostName:0> lock database override
      4. Run the relevant Clish commands:

        Table of Contents for relevant actions:

        1. Show the CPUSE Packages, Status and Agent Policy
        2. Set the CPUSE Agent Policy and Mail Notifications
        3. Download, Install, Import a CPUSE package
        # Action Commands
        1 Show the CPUSE Packages, Status and Agent Policy:
        HostName:0> show installer
        	mail-notifications - Show mail notifications for user
        	package            - Show information about a specific package
        	packages           - Show packages information
        	policy             - Show policies configurations
        	status             - Show status
        	HostName:0>
        	

        where the full syntax is:

        • HostName:0> show installer mail-notifications {<e-mail> | <user_number>}
          Shows for which categories mail notifications were configured for specific user

          Specific commands:

          HostName:0> show installer mail-notifications <e-mail>

          HostName:0> show installer mail-notifications[press Space key][press Tab key]
          HostName:0> show installer mail-notifications <user_number>
        • HostName:0> show installer package <Package_Number>
          Shows complete information about a specific package (name, size, status, what packages it contains, etc.)

        • HostName:0> show installer packages {all}
          Shows brief information (name and status) about all packages in all categories

          HostName:0> show installer packages available-for-download
          Shows only packages with status "Available for Download" and "Partially Downloaded"
          HostName:0> show installer packages downloaded
          Shows only packages with status "Downloaded"
          HostName:0> show installer packages imported
          Shows only packages that were imported
          HostName:0> show installer packages installed
          Shows only packages that were installed
          HostName:0> show installer packages recommended
          Shows only recommended packages

        • HostName:0> show installer policy {all}
          Shows CPUSE policy (how often to check for updates, which self tests to perform, etc.)

          HostName:0> show installer policy check-for-updates-period
          Shows how often CPUSE Agent checks for packages updates
          HostName:0> show installer policy downloads
          Shows download policy for "Hotfixes" (automatic / manual / scheduled)
          HostName:0> show installer policy periodically-self-update
          Shows if CPUSE Agent will periodically check for newer CPUSE builds
          HostName:0> show installer policy self-test {all | auto-rollback | install-policy | network-link-up | start-processes}
          Shows which sanity tests CPUSE Agent performs after installing a CPUSE package
          HostName:0> show installer policy send-cpuse-data
          Shows if CPUSE Agent sends statistics to Check Point about about download and installation of packages

        • HostName:0> show installer status {all}
          Shows CPUSE Agent status (enabled or not, build, license, connected or not, etc.)

          HostName:0> show installer status agent
          Shows if CPUSE Agent is enabled or not
          HostName:0> show installer status build
          Shows CPUSE Agent build
          HostName:0> show installer status connection
          Shows if CPUSE Agent is connected or not
          HostName:0> show installer status license
          Shows if license for CPUSE Agent is valid or not
          HostName:0> show installer status update-from-cloud
          Shows when CPUSE Agent perform last check for new relevant CPUSE packages

        2 Set the CPUSE Agent
        Policy and Mail Notifications
        HostName:0> set installer
        	mail-notifications - Set mail notifications policy
        	policy             - Set policies
        	HostName:0>
        	

        where the full syntax is:

        • HostName:0> set installer mail-notifications {<e-mail> | <user_number>} {download-status | install-status | new-available-packages} {on | off}
          Defines for which categories CPUSE Agent sends mail notifications to specific user

          Specific commands:

          HostName:0> set installer mail-notifications <e-mail> download-status {on | off}
          or
          HostName:0> set installer mail-notifications[press Space key][press Tab key]
          HostName:0> set installer mail-notifications <user_number> download-status {on | off}
          Configures CPUSE Agent whether to send mail notifications to specific user when packages are available for download

          HostName:0> set installer mail-notifications <e-mail> install-status {on | off}
          or
          HostName:0> set installer mail-notifications[press Space key][press Tab key]
          HostName:0> set installer mail-notifications <user_number> install-status {on | off}
          Configures CPUSE Agent whether to send mail notifications to specific user when a package was installed

          HostName:0> set installer mail-notifications <e-mail> new-available-packages {on | off}
          or
          HostName:0> set installer mail-notifications[press Space key][press Tab key]
          HostName:0> set installer mail-notifications <user_number> new-available-packages {on | off}
          Configures CPUSE Agent whether to send mail notifications to specific user when new packages are available

          Notes:

          • This setting configures Gaia OS to sent e-mail notifications about Software Updates for following categories:
            1. Download Status
            2. Install Status
            3. New Available Packages
          • If mail server is not configured yet, then configure the mail server and the root user for that mail server:
            HostName:0> set mail-notification server <SERVER_HOST_or_IP_ADDRESS>
            HostName:0> set mail-notification username <ROOT_USER@MAIL_DOMAIN>
            HostName:0> save config
          • Currently, it is not possible to view the e-mail notifications settings in Clish (only to configure).
            To verify the e-mail notifications settings in Expert mode:
            1. Connect to command line on Gaia machine.
            2. Log in to Expert mode.
            3. Check the relevant lines in Gaia configuration database - search for Mail Domain:
              [Expert@HostName:0]# grep "Configured_Mail_Domain" /config/db/initial
              Example for "mail.company.com":
              [Expert@HostName:0]# grep 'company' /config/db/initial
              	ssmtp:root root_user@mail.company.com
              	ssmtp:mailhub mail.company.com
              	installer:mail_notifications:user_3@mail.company.com:d_status true
              	installer:mail_notifications:user_3@mail.company.com:available true
              	installer:mail_notifications:user_2@mail.company.com 1
              	installer:mail_notifications:user_2@mail.company.com:i_status true
              	installer:mail_notifications:user_2@mail.company.com:d_status false
              	installer:mail_notifications:user_2@mail.company.com:available false
              	installer:mail_notifications:user_1@mail.company.com 1
              	installer:mail_notifications:user_1@mail.company.com:i_status true
              	installer:mail_notifications:user_1@mail.company.com:d_status true
              	installer:mail_notifications:user_1@mail.company.com:available true
              	[Expert@HostName:0]#
              	

              Legend:

              Notification category Attribute in Gaia Database Clarification
              Install Status i_status
              • If the category was enabled, then the corresponding attribute will appear with value true.
              • If the category was never enabled, then the corresponding attribute will not appear at all.
              • If the category was never disabled, then the corresponding attribute will appear with value false.
              Download Status d_status
              New Available Packages available
        • HostName:0> set installer policy check-for-updates-period <Time_in_Hours>
          Sets the period, in hours, between checks for available packages in the cloud.

          • Default value = 6 hours
          • Valid values = 0 - 240 hours (set 0 to disable these checks)

          Note: The configured period is saved in Gaia Database in seconds.
          Example for value of 2 hours:

          [Expert@HostName:0]# grep check_for_updates_period /config/db/initial
          installer:check_for_updates_period 7200
        • HostName:0> set installer policy downloads {automatic | manual}
          Defines how CPUSE Agent should download "Hotfixes" packages

          Specific commands:

          HostName:0> set installer policy downloads automatic
          Configures CPUSE Agent to download packages when they become available

          HostName:0> set installer policy downloads manual
          Configures CPUSE Agent to download packages only manually

          These settings control how to download CPUSE packages of "Hotfixes" (does not apply to "Minor Versions (HFAs)" / "Major Versions" packages):

          automatic If enabled, CPUSE Agent downloads packages when they become available:
          • immediately after the Gaia OS boots up
          • each time "Status and Actions" page is accessed in Gaia Portal
          • every time period defined with "set installer policy check-for-updates-period <Time_in_Hours>" command
          manual If enabled, CPUSE Agent downloads packages only manually
        • HostName:0> set installer policy periodically-self-update {on | off}
          Defines if CPUSE Agent should periodically check for and installer newer CPUSE builds

          Notes:

          • If this setting is enabled (default), then, if an updated version of CPUSE (Gaia Software Updates) Agent is available for
            download, Gaia OS downloads it from Check Point Cloud and installs it automatically (CPUSE Agent "self-update").

          • If this setting is disabled, then:

            1. If administrator attempts to install any other software update, a warning will appear saying
              that CPUSE (Gaia Software Updates) Agent must be updated first.
            2. The following setting is added to the Gaia Database: installer:self_update_policy_no_permission 1
              (this attribute is removed when this box is checked).
        • HostName:0> set installer policy self-test {auto-rollback | install-policy | network-link-up | start-processes} {on | off}
          Defines which sanity tests CPUSE Agent performs after installing a CPUSE package

          Specific commands:

          HostName:0> set installer policy self-test install-policy {on | off}
          HostName:0> set installer policy self-test network-link-up {on | off}
          HostName:0> set installer policy self-test start-processes {on | off}

          These settings are used for sanity checks after installing a CPUSE package:

          install-policy If enabled, CPUSE makes sure that it is possible to install a policy
          network-link-up If enabled, CPUSE makes sure that all the configured network interfaces on the Gaia machine are up
          start-processes If enabled, CPUSE makes sure that Check Point processes are running

        3 Download, Install, Import a CPUSE package:
        HostName:0> installer 
        	agent                - Perform Deployment agent actions
        	check-for-updates    - Check for new available packages in Check Point cloud
        	clean-install        - Clean install a new major version    
        	delete               - Delete package
        	download             - Download package
        	download-and-install - Download and install package
        	import               - Import package
        	install              - Install package
        	reinstall            - Renstall package    
        	uninstall            - Uninstall package
        	upgrade              - Upgrade to a new major version
        	verify               - Verify if package is compatible with this machine
        	HostName:0>
        	

        where the syntax is:

        • HostName:0> installer agent disable

          Disables CPUSE Agent
          Notes:
          • This command disables all CPUSE Agent actions
          • This command survives reboot
          • This command is used with the "installer agent enable" command
            Important: Must wait at least 10 seconds after running the "installer agent disable" command and before running the "installer agent enable" command; and vice versa

          HostName:0> installer agent enable

          Enables CPUSE Agent (if it was disabled with "installer agent disable")
          Notes:
          • This command enables all CPUSE Agent actions
          • This command survives reboot
          • This command is used with the "installer agent disable" command
            Important: Must wait at least 10 seconds after running the "installer agent disable" command and before running the "installer agent enable" command; and vice versa

          HostName:0> installer agent start

          Starts CPUSE Agent (if it was stopped with "installer agent stop")
          Notes:
          • This command starts all CPUSE Agent actions
          • This command survives reboot
          • This command is used with the "installer agent stop" command
            Important: Must wait at least 10 seconds after running the "installer agent stop" command and before running the "installer agent start" command; and vice versa
          • When running this command, the error "NMINST9999  Timeout waiting for response from database server" might appear, although the command worked; if you run this command again, the message "Deployment agent is already running" will appear

          HostName:0> installer agent stop

          Stops CPUSE Agent
          Notes:
          • This command stops all CPUSE Agent actions
          • This command does not survive reboot
          • This command is used with the "installer agent start" command
            Important: Must wait at least 10 seconds after running the "installer agent stop" command and before running the "installer agent start" command; and vice versa

          HostName:0> installer agent update [not-interactive]
          Forces CPUSE Agent to check for and install a newer CPUSE build

        • HostName:0> installer check-for-updates [not-interactive]
          Forces CPUSE Agent to check for new available packages in Check Point cloud

        • HostName:0> installer delete {<Package_Number> | <Package_Name>} [not-interactive]
          Deletes the specified CPUSE package

        • HostName:0> installer download {<Package_Number> | <Package_Name>} [pause | resume | not-interactive]
          Starts the download of the specified CPUSE package

          HostName:0> installer download {<Package_Number> | <Package_Name>} not-interactive
          Starts the download of the specified CPUSE package without waiting for result

          HostName:0> installer download {<Package_Number> | <Package_Name>} pause
          Pauses the download of the specified CPUSE package

          HostName:0> installer download {<Package_Number> | <Package_Name>} resume
          Resumes the download of the specified CPUSE package

        • HostName:0> installer download-and-install {<Package_Number> | <Package_Name>} [not-interactive]
          Downloads and installs the specified CPUSE package in "Hotfixes" category in one step

        • HostName:0> installer import cloud <CPUSE_Identifier> [not-interactive]
          Imports the specified CPUSE package from Check Point cloud

          HostName:0> installer import ftp <IPv4_Address> path <Path> username <Username> [password <Password>] [not-interactive]
          Imports the specified CPUSE package from an FTP server

          HostName:0> installer import local <Full_Path>/<Package_File_Name>.<TGZ_or_TAR> [not-interactive]
          Imports the specified CPUSE package from a local directory

        • HostName:0> installer install {<Package_Number> | <Package_Name>} [not-interactive]
          Installs the specified CPUSE Hotfix package

        • HostName:0> installer clean-install {<Package_Number> | <Package_Name>} [not-interactive]
          Installs the specified CPUSE major package

        • HostName:0> installer uninstall {<Package_Number> | <Package_Name>} {completely | last-take} [not-interactive]
          Uninstalls the specified CPUSE package

        • HostName:0> installer upgrade {<Package_Number> | <Package_Name>} [not-interactive]
          Starts the upgrade to Major Version using the specified CPUSE package

        • HostName:0> installer verify {<Package_Number> | <Package_Name>} [not-interactive]}
          Verifies if the specified CPUSE package can be installed without conflicts

        The progress (in per cent) of the download / install / uninstall actions is displayed in "Gaia Portal" - "Upgrades (CPUSE)" section
        and in the output of Clish command "show installer package <Package_Number>".



    • Show / Hide information about Important Messages

      This section (yellow rectangular at the top) shows important static messages - e.g., about CPUSE license, whether a reboot / restart of Check Point services is required.

      Example:

    • Show / Hide information about Event Log

      Note: To see complete technical details about the operations performed by CPUSE (Gaia Software Updates) Agent, refer to /opt/CPInstLog/DeploymentAgent.log.* files.

      The general messages from CPUSE Agent are displayed in the Event Log.

      In "Gaia Portal" - go to "Upgrades (CPUSE)" section  -
      click on "Status and Actions" page - scroll to the bottom - click on "Event Log" button:

      Notes:

      • This window displays the general messages only for the last 10 minutes.
      • Events in this window are displayed in the ascending order (the latest event is at the top).
      • To see the full log file, click on the Save full event log button in the upper right corner.
        Web browser will save the /opt/CPInstLog/DA_UI.log file to your computer (events in this file appear in the descending order - the latest event is at the bottom).
      • Events in the pop-up are marked by different icons:
        • - Information
        • - Success
        • - Warning
        • - Error

    • Show / Hide how to check the Take number of the installed Gaia OS

      Gaia Take number is displayed near the version.

      Example:

    • Show / Hide information about the help icon

      It is a link to this article (sk92449):

    • Show / Hide how to save a CPUSE package install log in Gaia Portal

      After a package is installed, user can see the package installation log in Gaia Portal in one of these two ways:

      Note: The package installation log is located in /opt/CPInstLog/ directory.

      Way 1 Way 2
      1. Select the installed package
      2. Click on More button on the toolbar
      3. Click on Save Install Log

      1. Right-click on the installed package
      2. Click on Save Install Log



    • Show / Hide information about categories of CPUSE packages

      All packages (available and installed) are displayed on Status and Actions page in categories (click on the category title to see the explanation):

      Category Explanation (refer to sk95746)
      Hotfixes Check Point's software updates and Jumbo Hotfix Accumulators, for security fixes and feature improvement.
      Released after fixes for issue(s) were developed and tested.
      Major Versions Introduce new functionalities and cutting edge innovative technologies to the market while maintaining high product quality.

      All packages are displayed in a hierarchy - parent package and its child packages are nested.

      Notes (see example screenshots below):

      • Each category can be collapsed or expanded by clicking on the category title.
        When clicking on the category title, the explanation about the category is displayed in the right section.
      • The number of packages in each category appears to the right of the category title (in the end of the line).
        The displayed number of packages depends on the current filter (see the next bullet).
      • If all the recommended packages in the category were already installed, then it will show "Aligned with the latest version".
      • The recommended software updates are marked by a yellow star on the package icon
        (Note: this yellow star appears only if the Gaia machine is connected to the Internet (this information is obtained from Check Point Cloud).
      • Software packages that were installed as part of another package (an accumulative hotfix that includes several hotfixes inside,
        or an HFA that includes several package) will be displayed with status "Installed As Part Of Another Package" and will be grayed out.


      • Show / Hide how to filter the displayed CPUSE packages

        You can use the filter button near the help icon and select the packages you wish to see:

        • Recommended (default)
        • Installed
        • All
      • Show / Hide how to export a CPUSE package in Gaia Portal

        A package that was already downloaded / installed, can be exported from this Gaia machine for backup purposes, or to be
        transferred to another Gaia machine (for example, if another Gaia machine is disconnected from the Internet):

        Note: Currently, this operation is available only in Gaia Portal.

        1. Export the package:

          1. Right-click on the package
          2. Click on Export Package

        2. The package will be saved on your computer as a special TAR archive file that contains the necessary files.



      • Show / Hide how to import a CPUSE package

        Note: Either get the offline CPUSE package from Check Point Support, or export the CPUSE package from a source Gaia machine, on which this package was already
        downloaded / installed (see the instructions how to export a CPUSE package in Gaia Portal). Do not change the package name.

        In Gaia Portal In Gaia Clish
        1. Connect to Gaia Portal on the target Gaia OS.

        2. Obtain the lock over the configuration database (click on the lock icon at the top - near 'Sign Out'):

        3. Navigate to Upgrades (CPUSE) section, click on Status and Actions page.

        4. In the upper right corner, click on the Import Package button:

        5. In the Import Package window, click on Browse... - select the CPUSE offline package (TGZ file) / exported package (TAR file) - click on Import.

          Note: If the following error is displayed, then wrong package was uploaded (contact Check Point Support for assistance):

          Import Failed
          Cannot import package <Name_of_File>. It is not a valid CPUSE package.
          Refer to the package's official documentation to get a list of compatible machines. For more information, contact Check Point Technical Services.

          Example:

          • Popup at the bottom:
          • Event Log entry:

        Note: For details about Clish commands, refer to section "(4-D) How to work with CPUSE - "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)".

        1. Transfer the CPUSE offline package (TGZ) / exported package (TAR) to the target Gaia machine (into some directory, e.g., /some_path_to_package/).

        2. Connect to command line on the target Gaia OS.

        3. Log in to Clish.

        4. Acquire the lock over Gaia configuration database:

          HostName:0> lock database override
        5. Import the package from the hard disk:

          Note: When import completes, this package is deleted from the original location.

          HostName:0> installer import local <Full_Path>/<Package_File_Name>.<TGZ_or_TAR>

          Example:
          HostName:0> installer import local /var/log/path_to_pkg/Check_Point_Hotfix_R81_10.tgz
        6. Show the imported packages:

          HostName:0> show installer packages imported


      • Show / Hide how to verify a CPUSE package

        Verify the package to check whether this package can be installed without conflicts:

        In Gaia Portal In Gaia Clish
        1. Connect to Gaia Portal.

        2. Obtain the lock over the configuration database (click on the lock icon at the top - near 'Sign Out'):

        3. Navigate to Upgrades (CPUSE) section  - click on Status and Actions page.

        4. Initiate the Verifier:

          • Either select the package - click on the More button on the toolbar - click on Verifier:

          • Or right-click on the package - click on Verifier:

        5. Result of this test will be displayed in a pop-up.

          • Installation is allowed
          • Upgrade is allowed

          Note: For details about Clish commands, refer to section "(4-D) How to work with CPUSE - "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)".

          1. Connect to command line on the target Gaia OS.

          2. Log in to Clish.

          3. Acquire the lock over Gaia configuration database:

            HostName:0> lock database override
          4. Show the relevant packages:

            HostName:0> show installer packages {available-for-download | downloaded | imported | recommended}

            Specific commands:
            HostName:0> show installer packages available-for-download
            HostName:0> show installer packages downloaded
            HostName:0> show installer packages imported
            HostName:0> show installer packages recommended
          5. Verify the package - check whether this package can be installed without conflicts:

            HostName:0> installer verify[press Space key][press Tab key]
            HostName:0> installer verify <Package_Number>

            Result of this test should be:

            • For Hotfix package:

              Result: Installation is allowed
              Status: Available for Install
            • For  Major Version:

              Result: Verifier results: Clean Install: Installation is allowed. Upgrade: Upgrade is allowed.
              Status: Available for Install


        6. Show / Hide how to add a CPUSE package for specific hotfix from Check Point Cloud

          Note: This requires connection to the Internet and to Check Point Cloud (refer to section "System requirements and limitations" -
          requirement "CPUSE communication with Check Point cloud" above, and to sk83520).

          In Gaia Portal In Gaia Clish
          1. Connect to Gaia Portal.

          2. Obtain the lock over the configuration database (click on the lock icon at the top - near 'Sign Out'):

          3. Navigate to Upgrades (CPUSE) section - click on Status and Actions page.

          4. Click on the Add Hotfix from Cloud button:

          5. A pop-up appears:

          6. Contact Check Point Support to get the relevant CPUSE Identifier.

            If you know that the CPUSE package for required hotfix is available on Check Point Download Center, then copy-and-paste
            the exact name of the regular package for required hotfix as appears in the "File Name" field on the hotfix Download Page:

            Notes:

            • Currently, only the following keys are supported in this field: Left/Right arrow, Delete, Backspace.
            • Downloading the hotfix by its URL is not supported.
            • Packages that are not suitable for this machine, will not be available.

            Example:

            1. Paste the hotfix name in the pop-up search window:
          7. Click on the magnifying glass icon to start the search

          8. When the package is found, it will be displayed as a link along with its title and release date.
          9. Click on the package to add it to the list of available packages.

            Example:

          10. The package will be added with status Available for Download .

          Note: For details about Clish commands, refer to section "(4-D) How to work with CPUSE - "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)".

          1. Connect to command line on Gaia machine.

          2. Log in to Clish.

          3. Acquire the lock over Gaia configuration database:

            HostName:0> lock database override
          4. Import the package from the Check Point Cloud:

            HostName:0> installer import cloud <CPUSE_Identifier>

            Contact Check Point Support to get the relevant CPUSE Identifier.

            Note: Packages that are not suitable for this machine, will not be available.

            If you know that the CPUSE package for required hotfix is available on Check Point Download Center, then copy-and-paste
            the exact name of the regular package for required hotfix as appears in the "File Name" field on the hotfix Download Page

            Show the imported packages:

            HostName:0> show installer packages imported


        7. Show / Hide how to configure CPUSE Software Updates Policy

          In Gaia Portal In Gaia Clish

          Refer to R77 Versions Gaia Administration Guide - chapter "CPUSE" - section "Configuring a CPUSE Policy - WebUI".

          1. Connect to Gaia Portal.

          2. Obtain the lock over the configuration database (click on the lock icon at the top - near 'Sign Out'):

          3. Navigate to:

            1. Upgrades (CPUSE) section
            2. Software Updates Policy page

          4. Configure the desired policy:

            Note: After any change in settings, you need to click on "Apply" button.

            • Self Tests to perform

              These settings are used for sanity checks after installing a CPUSE package:

              Start Check Point Processes If enabled, CPUSE makes sure that Check Point processes are running
              Install Policy If enabled, CPUSE makes sure that it is possible to install a policy
              Network Link Up If enabled, CPUSE makes sure that all the configured network interfaces on the Gaia machine are up
            • Check for updates period

              Sets the period, in hours, between checks for available packages in the cloud.

              • Default value = 6 hours
              • Valid values = 0 - 240 hours (set 0 to disable these checks)

              Note: The configured period is saved in Gaia Database in seconds.
              Example for value of 2 hours:

              [Expert@HostName:0]# grep check_for_updates_period /config/db/initial
              installer:check_for_updates_period 7200
            • Self test - Auto-rollback upon failure

              This setting is used for sanity check after installing a CPUSE package.
              If this box is checked, then CPUSE runs a fall-back procedure if the installed CPUSE package fails one of the sanity tests enabled in the Self Tests to perform sub-section - CPUSE would automatically restore the version that was active before the CPUSE package was installed and send a notification that the installation failed.
            • Periodically update new Deployment Agent version (recommended)

              • If this box is checked (default), then, if an updated version of CPUSE (Gaia Software Updates) Agent is available for download, Gaia OS downloads it from Check Point Cloud and installs it automatically (CPUSE Agent "self-update").

              • If this box is cleared, then:

                • Important Messages (yellow section at the top) will show "click here" to download the new version.
                • If administrator attempts to install any other software update, a warning will appear saying that CPUSE (Gaia Software Updates) Agent must be updated first.
                • The following setting is added to the Gaia Database: installer:self_update_policy_no_permission 1 (this attribute is removed when this box is checked).

          Note: For details about Clish commands, refer to section "(4-D) How to work with CPUSE - "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)".

          1. Connect to command line on Gaia machine.

          2. Log in to Clish.

          3. Acquire the lock over Gaia configuration database:

            HostName:0> lock database override
          4. Set the desired CPUSE (Gaia Software Updates) Agent Policy:

            • HostName:0> set installer policy check-for-updates-period <Time_in_Hours>

              Sets the period, in hours, between checks for available packages in the cloud.

              Note: When updating CPUSE Agent from build 839, it is necessary to restart all Clish daemons for this Clish command to become available (does not apply if updating from older CPUSE builds) - refer to section "(3) Download the latest build of CPUSE Agent and What's New" - Step "(3-C) How to manually install the CPUSE Agent package" - Step 5.

              • Default value = 6 hours
              • Valid values = 0 - 240 hours (set 0 to disable these checks)

              Note: The configured period is saved in Gaia Database in seconds.
              Example for value of 2 hours:

              [Expert@HostName:0]# grep check_for_updates_period /config/db/initial
              installer:check_for_updates_period 7200
            • HostName:0> set installer policy downloads {automatic | manual }
              Specific commands:
              HostName:0> set installer policy downloads automatic
              HostName:0> set installer policy downloads manual

              These settings control how to download CPUSE packages (applies only to "Hotfixes" and JUMBO packages - and does not apply to "Major Versions" packages):

              automatic If enabled, CPUSE Agent downloads packages when they become available:
              • immediately after the Gaia OS boots up
              • each time "Status and Actions" page is accessed in Gaia Portal
              • every time period defined with "set installer policy check-for-updates-period <Time_in_Hours>" command
              manual If enabled, CPUSE Agent downloads packages only manually
            • HostName:0> set installer policy periodically-self-update {on | off}

              Notes:

              • If this setting is enabled (default), then, if an updated version of CPUSE (Gaia Software Updates) Agent is available for download, Gaia OS downloads it from Check Point Cloud and installs it automatically (CPUSE Agent "self-update").

              • If this setting is disabled, then:

                1. If administrator attempts to install any other software update, a warning will appear saying that CPUSE (Gaia Software Updates) Agent must be updated first.
                2. The following setting is added to the Gaia Database: installer:self_update_policy_no_permission 1 (this attribute is removed when this box is checked).
            • HostName:0> set installer policy self-test {auto-rollback | install-policy | network-link-up | start-processes} {on | off}

              Specific commands:


              HostName:0> set installer policy self-test install-policy {on | off}
              HostName:0> set installer policy self-test network-link-up {on | off}
              HostName:0> set installer policy self-test start-processes {on | off}

              These settings are used for sanity checks after installing a CPUSE package:

              install-policy If enabled, CPUSE makes sure that it is possible to install a policy
              network-link-up If enabled, CPUSE makes sure that all the configured network interfaces on the Gaia machine are up
              start-processes If enabled, CPUSE makes sure that Check Point processes are running


          5. Show / Hide how to configure CPUSE Software Updates Mail Notifications

            In Gaia Portal In Gaia Clish
            1. Connect to Gaia Portal.

            2. Obtain the lock over the configuration database (click on the lock icon at the top - near 'Sign Out'):

            3. Navigate to:

              1. Upgrades (CPUSE) section
              2. Click on Software Updates Policy page

            4. Configure the desired Mail Notifications:

              Note: After any change in settings, you need to click on "Apply" button.

              • This setting configures Gaia OS to sent e-mail notifications about Software Updates for following categories:

                • Download Status
                • Install Status
                • New Available Packages
              • If mail server is not configured yet, then:

                1. Click on the relevant link:
                  In order to configure a mail server, use the Mail Notification page, found in the advanced view mode.
                2. System Management section - Mail Notification page will open.
                  Configure the mail server and the root user for this mail server.
                  Click on "Apply" button.
                  Example:
                3. Navigate back to:
                  • Upgrades (CPUSE) section - Software Updates Policy page - Mail Notifications sub-section
                4. Click on Add button to add a user, to whom e-mail notifications should be sent.
                5. Add the user's e-mail address and select for which categories to send the e-mail notifications - click on "OK" button.
                  Example:
                6. By selecting the user's e-mail address in the list, you can see and change on-the-fly the categories, for which the e-mail notifications are sent to this user.

            Note: For details about Clish commands, refer to section "(4-D) How to work with CPUSE - "How to ..." (Gaia Clish commands, Gaia Portal actions, configuration, etc.)".

            1. Connect to command line on Gaia machine.

            2. Log in to Clish.

            3. Acquire the lock over Gaia configuration database:

              HostName:0> lock database override
            4. Set the desired CPUSE (Gaia Software Updates) Agent Mail Notifications:

              • HostName:0> set installer mail-notifications {<Package_Number> | <e-mail>} {download-status | install-status | new-available-packages} {on | off}
                Specific commands:
                HostName:0> set installer mail-notifications <Package_Number> download-status {on | off}
                HostName:0> set installer mail-notifications <Package_Number> install-status {on | off}
                HostName:0> set installer mail-notifications <Package_Number> new-available-packages {on | off}
                or
                HostName:0> set installer mail-notifications <e-mail> download-status {on | off}
                HostName:0> set installer mail-notifications <e-mail> install-status {on | off}
                HostName:0> set installer mail-notifications <e-mail> new-available-packages {on | off}
                Notes:
                • This setting configures Gaia OS to sent e-mail notifications about Software Updates for following categories:
                  1. Download Status
                  2. Install Status
                  3. New Available Packages
                • If mail server is not configured yet, then configure the mail server and the root user for that mail server:
                  HostName:0> set mail-notification server <SERVER_HOST_or_IP_ADDRESS>
                  HostName:0> set mail-notification username <ROOT_USER@MAIL_DOMAIN>
                  HostName:0> save config
                • Currently, it is not possible to view the e-mail notifications settings in Clish (only to configure).
                  To verify the e-mail notifications settings in Expert mode:
                  1. Connect to command line on Gaia machine.
                  2. Log in to Expert mode.
                  3. Check the relevant lines in Gaia configuration database - search for Mail Domain:
                    [Expert@HostName:0]# grep "Configured_Mail_Domain" /config/db/initial
                    Example for "mail.company.com":
                    [Expert@HostName:0]# grep 'company' /config/db/initial
                    	ssmtp:root root_user@mail.company.com
                    	ssmtp:mailhub mail.company.com
                    	installer:mail_notifications:user_3@mail.company.com:d_status true
                    	installer:mail_notifications:user_3@mail.company.com:available true
                    	installer:mail_notifications:user_2@mail.company.com 1
                    	installer:mail_notifications:user_2@mail.company.com:i_status true
                    	installer:mail_notifications:user_2@mail.company.com:d_status false
                    	installer:mail_notifications:user_2@mail.company.com:available false
                    	installer:mail_notifications:user_1@mail.company.com 1
                    	installer:mail_notifications:user_1@mail.company.com:i_status true
                    	installer:mail_notifications:user_1@mail.company.com:d_status true
                    	installer:mail_notifications:user_1@mail.company.com:available true
                    	[Expert@HostName:0]#
                    	

                    Legend:

                    Notification category Attribute in Gaia Database Clarification
                    Install Status i_status
                    • If the category was enabled, then the corresponding attribute will appear with value true.
                    • If the category was never enabled, then the corresponding attribute will not appear at all.
                    • If the category was never disabled, then the corresponding attribute will appear with value false.
                    Download Status d_status
                    New Available Packages available


           

          (5) Architecture and Design

          Show / Hide this section

          The CPUSE Agent (Gaia Software Updates Agent) is installed on every Gaia-based device and it is responsible for all software deployment process on that device.

          Table of Contents for this section:

          1. Relevant Software Updates
          2. CPUSE Agent daemon
          3. Software update installation process
          4. CPUSE verification checks
          5. Suppress Reboot behavior

          (5-A) Architecture and Design - Relevant Software Updates

          All relevant software updates are uploaded to Check Point Download Center.
          CPUSE Agent displays software updates that are relevant only to this specific machine.

          Note: For each official release and recommended hotfix, CPUSE Offline package can be downloaded from the relevant solution article.

          Software Updates Description
          Where / how new
          software updates are shown
          • In Gaia Portal

            If new software updates are available, they are shown in Upgrades (CPUSE) section - Status and Actions page with status Available for Download.
          • In Gaia Clish

            If new software updates are available, they are shown in the output of show installer packages available-for-download command.
          How new software
          updates are installed

          Packages are installed based on the CPUSE (Gaia Software Updates) Agent Policy - either manually, on schedule, or automatically.

          • In Gaia Portal, refer to:

            1. Upgrades (CPUSE) section
            2. Software Updates Policy page
            3. Download Hotfixes sub-section
          • In Gaia Clish, refer to:

            Output of the show installer policy downloads command.
          Where are downloaded
          software updates located

          All downloaded software updates will be located in $DADIR/repository/tmp/ directory, which actually contains symbolic links to
          /var/log/CPda/repository/tmp/ directory, where the downloaded software updates are physically stored

          
          

           

          (5-B) Architecture and Design - CPUSE Agent daemon

          Architecture and Design Description
          Main directory /opt/CPda/
          (environment variable $DADIR)
          Main daemon $DADIR/bin/DAService
          Log files
          • /opt/CPInstLog/DeploymentAgent.log

            Notes:

            • Contains detailed technical log for administrators and for troubleshooting.
            • Up to 10 rotated files are kept (DeploymentAgent.log.1, DeploymentAgent.log.2, etc.).
          • /opt/CPInstLog/DA_UI.log

            Notes:

            • Contains general messages for users.
            • This log file is not rotated.
            • The last 10 minutes of the this log file are displayed in the "Event Log":
              In "Gaia Portal" - go to "Upgrades (CPUSE)" section - click on "Status and Actions" page - scroll to the bottom - click on "Event Log" button.
          How to manually start
          the CPUSE Agent daemon
          1. Enable monitoring of the CPUSE Agent daemon by Check Point WatchDog:

            [Expert@HostName:0]# $DADIR/bin/dastart

            Which will run the following command:
            $CPDIR/bin/cpwd_admin start -name DASERVICE -path "/opt/CPda/bin/DAService_script" -command "DAService_script"
          2. Manually start the CPUSE Agent daemon:

            • Either in Gaia Clish:

              HostName:0> installer agent start
            • Or in Expert mode:

              [Expert@HostName:0]# DAClient start
          How to manually stop
          the CPUSE Agent daemon
          1. Disable monitoring of the CPUSE Agent daemon by Check Point WatchDog:

            [Expert@HostName:0]# $DADIR/bin/dastop

            Which will run this command:
            cpwd_admin stop -name DASERVICE
          2. Manually stop the CPUSE Agent daemon:

            • Either in Gaia Clish:

              HostName:0> installer agent stop
            • Or in Expert mode:

              [Expert@HostName:0]# DAClient stop

           

          (5-C) Architecture and Design - Software update installation process

          When started, installation process is automatic and does not require any interaction from the user.

          Which package is installed Installation process
          Hotfix or JUMBO
          1. Pre-install validation (installation type (GW/MGMT), package validation, disk space, CRs conflicts, version compatibility).
            For details about verification checks run by CPUSE, refer to sub-section (5-D) CPUSE verification checks.
          2. Unpack the new CPUSE package.
          3. Backup the current CPUSE package.
          4. Stop Check Point services ('cpstop').
          5. Prepare diff-files (what exactly should be replaced).
          6. Replace target files. Rollback, if installation fails.
          7. Register the installed package in Check Point Registry.
          8. Reboot (automatically) / Start Check Point services ('cpstart').
          9. Self-test.
          Major Version (Upgrade)
          1. Pre-install validation (installation type (GW/MGMT), package validation, disk space, CRs conflicts, version compatibility,
            machine type (Check Point Appliance/Open Server), upgrade path).
            For details about CPUSE verification checks, refer to sub-section (5-D) CPUSE verification checks.
          2. Create new disk partition.
          3. Install new version files onto the new disk partition.
          4. Configure new version, migrate the relevant configuration
            (Database on Management Server, SIC, Licenses,
            FireWall / VPN / SecureXL / CoreXL / Hardware configuration on Security Gateway).
          5. Setup products on the new disk partition.
          6. Reboot the machine from the new partition.
          7. Import database (on Management Server), last products configurations, fetch policy (on Security Gateway).
          8. Run post-install self-tests (as configured before the installation).

           

          (5-D) Architecture and Design - CPUSE verification checks

          • Pre-Install verifications:

            As part of the "Verify" actions, or at the start of every installation, CPUSE Agent runs several tests to make sure the package is compatible for the installation:

            1. Available disk space
            2. Content validation (conflicts with installed content)
            3. Package is not corrupted

            On Security Management Server / Multi-Domain Security Management Server, at the beginning of an upgrade, CPUSE Agent automatically runs the Pre-Upgrade Verifier - a validation tool, similar to the pre-upgrade verifier that runs as a part of the Management Server migration process.

            In case of an error in one of the verification tests, the administrator is required to first follow the instructions and resolve the issue, and only then to start the upgrade again.

          • Post-Install self-tests:

            CPUSE Agent has a self-test feature that runs after installation and checks whether the installation has succeeded - and its purpose is to validate that the Gaia OS machine is up and running.

            Three checks can be configured to run:

            1. Check Point daemons that were up and running prior to installation, are up and running post installation (enabled by default)
            2. Local policy-fetch works (disabled by default)
            3. Network links that were up prior to installation, are up post installation (disabled by default)

            The self-test configuration is controlled:

            • In Gaia Portal, navigate to Upgrades (CPUSE) section - click on Policy.
            • In Gaia Clish, refer to set installer policy ... commands

            Please note the self-test failure condition is different from a regular installation failure - during a regular installation failure, there is an automatic roll back and the machine returns to a point before the installation started.

          • All CPUSE packages are signed by Check Point using an SHA-256 digital signature since April 2015.
            Until then, CPUSE packages were signed by MD5 and SHA-1 digital signature.

            Note: If CPUSE is served from an on-premises Private ThreatCloud, then all CPUSE packages are signed at the source (i.e., by Check Point) using an ECDSA P-521/SHA-512 digital signature.

          • CPUSE Agent performs SHA-256 signature verification and MD5 integrity verification of the downloaded files.
            If the either verification fails, the download is considered as failed.

           

          (5-E) Architecture and Design - Suppress Reboot behavior

          At the beginning of every installation / uninstall of a Hotfix or JUMBO, CPUSE Agent asks the user whether to perform a reboot automatically when install / uninstall completes. The purpose of the suppress reboot functionality is to allow the administrator to perform post-install / post-uninstall actions (that also require reboot) and thus reduce the number of reboots.

          If administrator chooses to suppress the automatic reboot, then the CPUSE Agent will not reboot the machine automatically. However, some of the Gaia OS functionality will be blocked:

          • After installation of a Hotfix or a JUMBO:

            • No additional actions are allowed for the installed package (except exporting the package and deleting the package from disk)
            • All actions on other packages are allowed

            Important Note: During the installation / uninstall of a package, all Check Point services are stopped (cpstop). Therefore, it is strongly recommended to complete all the necessary maintenance operations and reboot the machine as soon as possible, to restore the normal operation of Check Point software. For more details, refer to sk113045.

             

            Show / Hide this section

            Troubleshooting
            1 Тo open debug, run the following (no need to restart Deployment Agent ):

            da_cli edit_configuration operation=add_config PING_DEBUG=1 - to activate debug
            da_cli edit_configuration operation=add_config PING_DEBUG=0  - to deactivate debug (default)
            2 By default, if the Deployment Agent identifies a newer version in Download Center and if the self-update option is off, the Deployment Agent blocks the operations until the latest version is installed. To bypass this, use:

            da_cli edit_configuration operation=add_config ENFORCE_NEW_DA=1 - to enable (default)
            da_cli edit_configuration operation=add_config ENFORCE_NEW_DA=0 - to disable

            3 Symptom: clish, DAClient and da_cli commands seem to have no effect.

            Solution: if MDSPS is enabled on the Security Gateway, make sure that the shell runs on the management plane.
            When MDPS is enabled on theSecurity Gateway, CPUSE service runs in the management plane, any command line interaction with CPUSE should be executed in the same plane (clish, DAClient and da_cli).
            # Category Related solutions
            1 Connectivity to
            Check Point servers
            2 Update of CPUSE Agent
            3 Installation / uninstall
            of CPUSE packages
            4 Installation / uninstall of
            Jumbo Hotfix Accumulators
            5 CPUSE Agent does
            not work correctly

             

            (7) Information about older CPUSE builds

            Show this section
            • Show / Hide information about Gaia Software Updates Agent versions from 1127 to 1272

              • Available options in Gaia Portal

                • Import Package

                  On the toolbar, click on the More button and click on Import Package.

                  Important Note: This option was moved from the More button to the main page (upper right corner) starting in CPUSE Agent Build 1272.



            • Show / Hide information about Gaia Software Updates Agent versions from 747 to 1127

              • Available options in Gaia Portal

                • Legacy Upgrade to the next Major Version

                  Important Note: This option was removed from Gaia Portal starting in CPUSE Agent Build 1127.

                  Note: This option is used only to upgrade to Major releases R75.40VS / R76 GA / R77.X (refer to the upgrade map) using the Legacy CLI upgrade package.

                  1. Download the Legacy CLI upgrade Gaia OS package of the supported Major release (R75.40VS / R76 / R77 / R77.10 / R77.20 / R77.30).

                  2. Connect to Gaia Portal.

                  3. Obtain the lock over the configuration database (click on the lock icon at the top - near 'Sign Out'):

                  4. Navigate to Upgrades (CPUSE) section (in Gaia R77.20 and higher) / to Software Updates section (in Gaia R77.10 and lower) - click on Status and Actions page.

                    In Gaia R77.20 and higher: In Gaia R77.10 and lower:
                  5. Click on the "Legacy Upgrade" button, upload the upgrade package to Gaia OS, and click on "Upgrade" button:

                  6. Upload the Legacy CLI upgrade package.

                  7. Click on Upgrade button.

                  8. Machine is rebooted automatically.



            • Show / Hide information about Gaia Software Updates Agent versions from 802 to 840

              • Available options in Gaia Portal

                Refer to section "(4) How to work with CPUSE" - refer to instructions for Gaia Portal.

              • Available Clish commands

                1. Acquire the lock over Gaia configuration database:

                  HostName:0> lock database override

                2. Show the Gaia Software Updates Agent Policy, Status and Packages:

                  Refer to R77 Versions Gaia Administration Guide - chapter "CPUSE" - "Reviewing CPUSE ? clish".

                  HostName:0> show installer
                  	mail-notifications - Show mail notifications for user
                  	package            - Show information about a specific package
                  	packages           - Show packages information
                  	policy             - Show policies configurations
                  	status             - Show status
                  	HostName:0>
                  	

                  where full syntax is:

                  • HostName:0> show installer mail-notifications {<Package_Number> | <email>}
                  • HostName:0> show installer package <Package_Number>
                  • HostName:0> show installer packages {all | available-for-download | downloaded | imported | installed | recommended}
                  • HostName:0> show installer policy {all | downloads | periodically-self-update | self-test {all | auto-rollback | install-policy | network-link-up | start-processes} | send-cpuse-data}
                  • HostName:0> show installer status {agent | all | build | connection | license | update-from-cloud}
                3. Set the Gaia Software Updates Agent Policy:

                  Refer to R77 Versions Gaia Administration Guide - chapter "CPUSE" - "Configuring a CPUSE Policy - clish", and "Configuring CPUSE Mail Notifications - clish".

                  HostName:0> set installer
                  	mail-notifications - Set mail notifications policy
                  	policy             - Set policies
                  	HostName:0>
                  	

                  where full syntax is:

                  • HostName:0> set installer mail-notifications {<Package_Number> | <email>} {download-status | install-status | new-available-packages} {on | off}
                  • HostName:0> set installer policy downloads {automatic | manual | scheduled {daily <Time> | monthly <Day> at <Time> | once <date> at <Time> | weekly <Day_of_the_Week> at <Time>}
                  • HostName:0> set installer policy periodically-self-update {on | off}
                  • HostName:0> set installer policy self-test {auto-rollback | install-policy | network-link-up | start-processes} {on | off}
                  • HostName:0> set installer policy send-cpuse-data {on | off}
                4. Start/Stop the relevant action:

                  Refer to R77 Versions Gaia Administration Guide - chapter "CPUSE" - "Downloading and Installing with CPUSE - clish".

                  HostName:0> installer 
                  	agent                - Perform Deployment agent actions
                  	check-for-updates    - Check for new available packages in Check Point cloud
                  	delete               - Delete package
                  	download             - Download package
                  	download-and-install - Download and install package
                  	import               - Import package
                  	install              - Install package
                  	uninstall            - Uninstall package
                  	upgrade              - Upgrade to a new major version
                  	verify               - Verify if package is compatible with this machine
                  	HostName:0>
                  	

                  where full syntax is:

                  • HostName:0> installer agent {start | stop | update [not-interactive]}
                  • HostName:0> installer check-for-updates [not-interactive]
                  • HostName:0> installer delete {<Package_Number> | <Package_Name>} [not-interactive]
                  • HostName:0> installer download {<Package_Number> | <Package_Name>} [pause | resume | not-interactive]
                  • HostName:0> installer download-and-install {<Package_Number> | <Package_Name>} [not-interactive]
                  • HostName:0> installer import {cloud <CPUSE_Identifier> | ftp <IPv4_Address> path <Path> username <Username> [password <Password>] | local <Full_Path>} [not-interactive]
                  • HostName:0> installer install {<Package_Number> | <Package_Name>} [not-interactive]
                  • HostName:0> installer uninstall {<Package_Number> | <Package_Name>} [not-interactive]
                  • HostName:0> installer upgrade {<Package_Number> | <Package_Name>} [not-interactive]
                  • HostName:0> installer verify {<Package_Number> | <Package_Name>} [not-interactive]}

                  Note: The progress (in per cent) of the download/install/uninstall actions is displayed in both Clish and in "Gaia Portal" - "Upgrades (CPUSE)" section (in Gaia R77.20 and higher) / to "Software Updates" section (in Gaia R75.40 - R77.10) - "Status and Actions" page.


            • Show / Hide information about Gaia Software Updates Agent versions from 710 to 747

              • Available options in Gaia Portal

                Refer to section "(4) How to work with CPUSE" - refer to instructions for Gaia Portal.

              • Available Clish commands

                1. Acquire the lock over Gaia configuration database:

                  HostName:0> lock database override

                2. Set the Gaia Software Updates Agent Policy:
                  HostName:0> set installer
                  	deployment-mail-notification - Set the installer mail notifications
                  	download_mode                - Set the installer download mode to automatic, manual or schedule
                  	install_mode                 - Set the installer install mode to automatic, manual or schedule
                  	HostName:0>
                  	

                  Notes:

                  • The "set installer download_mode schedule" sub-command is disabled - use the Gaia Portal.
                  • The "set installer install_mode schedule" sub-command is disabled - use the Gaia Portal.
                3. Start/Stop the relevant action:

                  HostName:0> installer 
                  	download       - Download a selected package
                  	install        - Install a selected package
                  	restore_policy - Restore the default update policy
                  	start          - Start the installer service
                  	stop           - Stop the installer service
                  	uninstall      - Uninstall a selected package
                  	upgrade        - Upgrade a selected package
                  	HostName:0>
                  	

                  Note: The progress (in per cent) of the download/install/uninstall actions is displayed in both Clish and in "Gaia Portal" - "Upgrades (CPUSE)" section (in Gaia R77.20 and higher) / to "Software Updates" section (in Gaia R75.40 - R77.10) - "Status and Actions" page.

                4. To see software updates in Clish:

                  HostName:0> show installer 
                  	available_local_packages - Show available packages for install
                  	available_packages       - Show available packages for download
                  	installed_packages       - Show the installed packages on this machine
                  	package_status           - Show the packages status
                  	HostName:0>
                  	

                  Notes:

                  • "show installer available_packages" command reads the information about the packages that are pending download from the $DADIR/bin/pd_file file (exists only while the Gaia Software Updates Agent service is running).

                    Example:

                    HostName:0> show installer available_packages 
                    	Num File Name                                             Type
                    	1   Check_Point_R77_10_R77_20_T124.tgz                    Wrapper
                    	2   Check_Point_R75.46_Fresh_Install.tgz                  Major Version
                    	3   Check_Point_R75_40VS_T157.tgz                         Major Version
                    	4   Check_Point_R77.10_Install_and_Upgrade.tgz            Major Version
                    	5   Check_Point_R76_T265.tgz                              Major Version
                    	HostName:0>
                    	
                  • "show installer available_local_packages" command reads the information about the packages that were downloaded and are pending installation from the $DADIR/bin/pi_file file (exists only while the Gaia Software Updates Agent service is running).

                    Example:

                    HostName:0> show installer available_local_packages 
                    	Num File Name                                             Type
                    	1   Check_Point_Hotfix_R77_10_sk102673.tgz                Hotfix
                    	HostName:0>
                    	
                  • "show installer installed_packages" command reads the information about the packages that were installed from the $DADIR/bin/pu_file file (exists only while the Gaia Software Updates Agent service is running).

                    Example:

                    HostName:0> show installer installed_packages
                    	Num File Name                                             Type
                    	1   Check_Point_SmartConsole_R75.47.tgz                   Wrapper
                    	2   Check_Point_Hotfix_R75.47_sk101186.tgz                Hotfix
                    	HostName:0>
                    	
                  • "show installer package_status" command reads the information about the status of packages from the $DADIR/bin/prv_file file (exists only while the Gaia Software Updates Agent service is running).

                    Example:

                    HostName:0> show installer package_status
                    	Num File Name                              Status                       Progress
                    	1   Check_Point_SmartConsole_R75.47.tgz    Installed
                    	2   Check_Point_R75.46_Fresh_Install.tg... Available for Download
                    	3   Check_Point_R76_T265.tgz               Available for Download
                    	4   Check_Point_R77.20_T124_Install_and... Partially Downloaded         (5%)
                    	5   Check_Point_R77.10_Install_and_Upgr... Available for Download
                    	6   Check_Point_Hotfix_R75_47_sk102673.... Available for Install
                    	7   Check_Point_R77.tgz                    Available for Download
                    	8   Check_Point_R75_40VS_T157.tgz          Available for Download
                    	9   Check_Point_Hotfix_R75.47_sk101186.... Installed
                    	10  Check_Point_Hotfix_R75.47_sk100195.... Unknown
                    	11  Check_Point_Hotfix_R75.47_sk100431.... Unknown
                    	12  Check_Point_R75.47_OSPF_Hotfix_sk94... Available for Download
                    	HostName:0>
                    	
                  • Information about the packages that are pending uninstall is stored in $DADIR/bin/pu_file file (exists only while the Gaia Software Updates Agent service is running).
                5. To download a software update in Clish:

                  Example:

                  HostName:0> installer download 
                  	Num File Name                                             Type
                  	1   Check_Point_R75.46_Fresh_Install.tgz                  Major Version
                  	2   Check_Point_R76_T265.tgz                              Major Version
                  	3   Check_Point_R77.20_T124_Install_and_Upgrade.tgz       Major Version
                  	4   Check_Point_R77.10_Install_and_Upgrade_R75.4X.tgz     Major Version
                  	5   Check_Point_R77.tgz                                   Major Version
                  	6   Check_Point_R75_40VS_T157.tgz                         Major Version
                  	7   Check_Point_R75.47_OSPF_Hotfix_sk94490.tgz            Hotfix
                  	HostName:0>
                  	HostName:0> installer download 7
                  	Initiating download of Check_Point_R75.47_OSPF_Hotfix_sk94490.tgz...
                  	HostName:0> 
                  	HostName:0> show installer package_status
                  	.............
                  	12  Check_Point_R75.47_OSPF_Hotfix_sk94... Downloading                  (6%)
                  	............. 
                  	HostName:0>
                  	
                6. To install a software update in Clish:

                  Important Note: Requirements for free disk space exist.

                  Example:

                  HostName:0> installer install 
                  	Num File Name                                             Type
                  	1   Check_Point_Hotfix_R75_47_sk102673.tgz                Hotfix
                  	2   Check_Point_R75.47_OSPF_Hotfix_sk94490.tgz            Hotfix
                  	HostName:0>
                  	HostName:0> installer install 2
                  	Initiating install of package 1: Check_Point_R77_hotfix_sk95245.tgz
                  	HostName:0> 
                  	HostName:0> show installer package_status
                  	.............
                  	Initiating install of Check_Point_R75.47_OSPF_Hotfix_sk94490.tgz...
                  	............. 
                  	HostName:0>
                  	HostName:0> show installer package_status
                  	.............
                  	12  Check_Point_R75.47_OSPF_Hotfix_sk94... Installing                   (30%)
                  	............. 
                  	HostName:0>
                  	
                7. To upgrade a software update in Clish:

                  Important Note: Requirements for free disk space exist.

                  Example:

                  HostName:0> installer upgrade 
                  	Num File Name                                             Type
                  	1   Check_Point_R75.46_Fresh_Install.tgz                  Major Version
                  	HostName:0>
                  	HostName:0> installer upgrade 1
                  	Initiating upgrade of package 1: Check_Point_R75.46_Fresh_Install.tgz
                  	HostName:0>
                  	


            • Show / Hide information about Gaia Software Updates Agent versions from 502 to 615

              • Available options in Gaia Portal

                Tab Options
                Updates
                  • On this tab, user will see the available / manually uploaded hotfix packages.

                  • When a software update is "Available for Download", click on "Download" button.

                  • When a software update is "Available for Install", user can verify whether there are any warnings about this update and whether this update can be installed without conflicts.
                    Click on "Actions" button and then click on "Verifier" button (formerly known as "Check Install") - a pop-up will appear with "Verifier results".
                    If there are no warnings/conflicts, then click on "Install Update" button.

                  • After a software update is installed, user can see the installation log by clicking on the 'scroll' icon in the "Logs" column.
                    A new window will open. Information can be selected and copied from this window.

                  • If a software update was installed and has to be uninstalled, click on "Uninstall" button.

                  • A software update that was already downloaded / installed, can be exported from this Gaia machine for backup purposes,
                    or to transfer it to another Gaia machine (for example, if another Gaia machine is disconnected from the Internet):

                    1. Select the update.
                    2. Click on "Actions" button - click on "Export" button.
                    3. The update will be saved as TAR file on your computer.
                  • A software update can be manually imported to this Gaia machine (for example, if this machine is disconnected from the Internet).

                    Important Note: Requirements for free disk space exist.

                    This feature (importing a package) supports only the following types of packages:

                    1. Packages that were specifically created to be installed using Gaia Software Updates.

                      1. Contact Check Point Support to get the required Gaia Software Updates package for Offline installation.
                      2. Connect to the Gaia Portal on your machine.
                      3. Obtain the lock over the configuration database (click on the lock icon at the top - near "Sign Out").
                      4. Navigate to "Upgrades (CPUSE)" / "Software Updates" section - "Status and Actions" pane.
                      5. Click on "Actions" button - click on "Import" button.
                      6. Browse for the TGZ file that was provided by Check Point Support - click on "Upload".
                      7. Install the uploaded package either in Gaia Portal, or in Clish - see the relevant instructions above.
                    2. Packages that were exported from another Gaia machine using Gaia Software Updates.

                      1. Export the relevant update package (that was already downloaded / installed) from a source Gaia machine (that is connected to the Internet) to your computer.
                      2. If needed, transfer this file to an external storage device.
                      3. Open the Gaia Portal of the target Gaia machine (on which this update package should be imported).
                      4. Go to "Gaia Portal" - "Upgrades (CPUSE)" / "Software Updates"section - "Status and Actions" page.
                      5. Click on "Actions" button - click on "Import" button.
                      6. Browse for the TAR file that was exported from a source Gaia machine - click on "Upload".

                    Note: If the following error is displayed, then incorrect package was uploaded (contact Check Point Support for assistance):

                    Cannot import package.
                    It is not a valid exported "Gaia Software Updates" package.

                  • Customized packages / images that were created by Check Point for specific customer are added in the following way:

                    1. Click on "Actions" button - click on "Add Private Hotfix" button.
                    2. In the "Add Private Package" window, paste the special link to the customized package / image (sent to you by Check Point) - click on "Add" button.
                    3. Monitor the progress in the "Important Messages" section at the bottom (scroll down).
                    4. The customized package / image will appear in the list of available packages with status "Available for Download".
                    5. Proceed as with regular hotfix package / image.
                  • User can monitor the general progress in the "Important Messages" section at the bottom (scroll down).
                    For complete log, click on "History" button. Information can be selected and copied from these windows.

                    Note:
                    • In the "Important Messages" section, the messages appear from bottom-to-top (most recent log is at the top).
                    • In the "Important Messages Log" ('History') window, the messages appear from top-to-bottom (most recent log is at the bottom).
                Full Images
                  • On this tab, user will see the available / manually uploaded upgrade packages and fresh install images.

                  • When an image is "Available for Download", click on "Download" button.

                  • When an image is "Available for Install", user can verify whether there are any warnings about this image and whether this image can be installed without conflicts.
                    Click on "Actions" button and then click on "Verifier" button (formerly known as "Check Install") - a pop-up will appear with "Verifier results".
                    If there are no warnings/conflicts, then click on "Install Update" button.



                  • If an image is already installed, you can click on "Reinstall" button.

                  • If an upgrade image was installed and has to be uninstalled, click on "Uninstall" button.
                    Important Note: There is no uninstall option for fresh install images.

                  • An image that was already downloaded / installed, can be exported from this Gaia machine for backup purposes,
                    or to transfer it to another Gaia machine (for example, if that machine is disconnected from the Internet):

                    1. Select the update.
                    2. Click on "Actions" button - click on "Export" button.
                    3. The update will be saved as TAR file on your computer.
                    4. You can store this TAR file for backup purposes, or transfer it to another Gaia machine.
                  • An image can be manually imported to this Gaia machine (for example, if this machine is disconnected from the Internet).

                    Important Note: Requirements for free disk space exist.

                    This feature (importing an image) supports only images that were exported from another Gaia machine using Gaia Software Updates:

                    1. Export the relevant image from a source Gaia machine to your computer.
                    2. If needed, transfer this file to an external storage device.
                    3. Open the Gaia Portal of the target Gaia machine (on which this image should be imported).
                    4. Go to "Gaia Portal" - "Upgrades (CPUSE)" / "Software Updates" section - "Status and Actions" page.
                    5. Click on "Actions" button - click on "Import" button.
                    6. Browse for the TAR file that was exported from a source Gaia machine - click on "Upload".
                      Note:
                      Gaia Portal will only accept a TAR file that was exported from another Gaia machine (it contains the image TGZ file and special metadata TGZ file).
                      Otherwise, the following error will be displayed:
                      Cannot import package.
                      It is not a valid exported "Gaia Software Updates" package.
                  • User can monitor the general progress in the "Important Messages" section at the bottom (scroll down).

                    For complete log, click on "History" button. Information can be selected and copied from these windows.
                    Note:
                    • In the "Important Messages" section, the messages appear from bottom-to-top (most recent log is at the top).
                    • In the "Important Messages Log" ('History') window, the messages appear from top-to-bottom (most recent log is at the bottom).
              • Available Clish commands

                1. Acquire the lock over Gaia configuration database:

                  HostName:0> lock database override

                2. Set the Gaia Software Updates Agent Policy:
                  HostName:0> set installer
                  	deployment-mail-notification - Set the installer mail notifications
                  	download_mode                - Set the installer download mode to automatic, manual or schedule
                  	install_mode                 - Set the installer install mode to automatic, manual or schedule
                  	HostName:0>
                  	

                  Notes:

                  • The "set installer download_mode schedule" sub-command is disabled - use the Gaia Portal.
                  • The "set installer install_mode schedule" sub-command is disabled - use the Gaia Portal.
                  • For more information about "deployment-mail-notification", refer to "Configuring e-mail notifications in Clish" section.
                3. Start/Stop the relevant action:

                  HostName:0> installer 
                  	download       - Download a selected package
                  	install        - Install a selected package
                  	restore_policy - Restore the default update policy
                  	start          - Start the installer service
                  	stop           - Stop the installer service
                  	uninstall      - Uninstall a selected package
                  	upgrade        - Upgrade a selected package
                  	HostName:0>
                  	

                  Note: The progress (in per cent) of the download/install/uninstall actions is displayed in both Clish and in "Gaia Portal" - "Upgrades (CPUSE)" / "Software Updates" section - "Status and Actions" page.

                4. To see software updates in Clish:
                  HostName:0> show installer 
                  	available_local_packages - Show available packages for install
                  	available_packages       - Show available packages for download
                  	installed_packages       - Show the installed packages on this machine
                  	package_status           - Show the packages status
                  	HostName:0>
                  	

                  Notes:

                  • "show installer available_packages" command reads the information about the packages that are pending download from the $DADIR/bin/pd_file file (exists only while the Gaia Software Updates Agent service is running).

                    Example:
                    HostName:0> show installer available_packages
                    List of available packages for download:
                    [1]. R75.46 - Check_Point_R75.46_Fresh_Install.tgz (1.48 GB) - <b>R75.46 is a maintenance release for R75.40 and R75.45 with important Check Point product updates.<br>For more about this release, see the <a href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk90960" target="_blank">R75.46 home page</a>.</b>
                    [2]. R77_SC - Check_Point_SmartConsole_and_SmartDomain_Manager_R77.tgz (292.51 MB) - Check_Point_SmartConsole_and_SmartDomain_Manager_R77.tgz
                    HostName:0>
                  • "show installer available_local_packages" command reads the information about the packages that were downloaded and are pending installation from the $DADIR/bin/pi_file file (exists only while the Gaia Software Updates Agent service is running).

                    Example:
                    HostName:0> show installer available_local_packages
                    List of available packages for install:
                    [1]. HOTFIX_GULLI_UDP_FIX - Check_Point_R77_UDP_Hotfix_sk95056.tgz (206.90 KB) - Check_Point_R77_UDP_Hotfix_sk95056.tgz
                    [2]. R77 - Check_Point_R77.tgz (1.18 GB) - <b>Check Point R77.
                    For more about this release - <a& href=https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk92965 target=_blank>R77 home page</a>.</b>
                    [3]. HOTFIX_GULLI_HF1 - Check_Point_R77_hotfix_sk95245.tgz (2.99 MB) - This hotfix solves Threat Emulation Incorrect MIME encoding.
                    [4]. BUNDLE_DUMMY - Check_Point_Hotfix_Bundle.tgz (206.90 KB) - Check_Point_Hotfix_Bundle.tgz
                    [5]. HOTFIX_GULLI_HF2 - Check_Point_hotfix_R77_sk96269.tgz (2.97 MB) - This hotfix solves Threat Emulation Incorrect MIME encoding.
                    HostName:0>
                  • "show installer installed_packages" command reads the information about the packages that were installed from the $DADIR/bin/pu_file file (exists only while the Gaia Software Updates Agent service is running).

                    Example:
                    HostName:0> show installer installed_packages
                    	List of installed packages:
                    	[1]   Check_Point_R77_Hotfix_sk96124.tgz      -   FW1                  - HOTFIX_GULLI_HF2_CPAS
                    	[2]   flow_cmp_HOTFIX_GULLI_FLOW_CMP_003_GA.tgz-   R7520CMP             - HOTFIX_GULLI_FLOW_CMP_003
                    	[3]   fiber_cmp_HOTFIX_GULLI_FIBER_CMP_004_GA.tgz-   R7540CMP             - HOTFIX_GULLI_FIBER_CMP_004
                    	[4]   giza_cmp_HOTFIX_GULLI_GIZA_CMP_005_GA.tgz-   R7540VSCMP           - HOTFIX_GULLI_GIZA_CMP_005
                    	[5]   fox_cmp_HOTFIX_GULLI_FOX_CMP_007_GA.tgz -   R75CMP               - HOTFIX_GULLI_FOX_CMP_007
                    	[6]   enf_cmp_HOTFIX_GULLI_ENF_CMP_032_GA.tgz -   NGXCMP               - HOTFIX_GULLI_ENF_CMP_032
                    	[7]   fl_cmp_HOTFIX_GULLI_FL_CMP_006_GA.tgz   -   FLICMP               - HOTFIX_GULLI_FL_CMP_006
                    	[8]   Check_Point_R77_UDP_Hotfix_sk95056.tgz  -   CPUpdates            - HOTFIX_GULLI_UDP_FIX
                    	HostName:0>
                    	
                  • "show installer package_status" command reads the information about the status of packages from the $DADIR/bin/prv_file file (exists only while the Gaia Software Updates Agent service is running).

                    Example:
                    HostName:0> show installer package_status
                    	Check_Point_Hotfix_Bundle.tgz                 - Downloading               - Progress: 0%
                    	Check_Point_R75.46_Fresh_Install.tgz          - Available for download
                    	Check_Point_R77.tgz                           - Installed
                    	Check_Point_R77_Hotfix_sk96124.tgz            - Installed
                    	Check_Point_R77_UDP_Hotfix_sk95056.tgz        - Installed
                    	Check_Point_R77_hotfix_sk95245.tgz            - Pre-install validation failed (CRs validation error).
                    	Check_Point_SmartConsole_and_SmartDomain_Manager_R77.tgz - Downloading (2.95 MB/s)   - Progress: 6%
                    	Check_Point_hotfix_R77_sk96269.tgz            - Installing                - Progress: 0%
                    	HostName:0>
                    	
                  • Information about the packages that are pending uninstall is stored in $DADIR/bin/pu_file file (exists only while the Gaia Software Updates Agent service is running).
                5. To download a software update in Clish:

                  Example:
                  HostName:0> installer download
                  List of available packages for download:
                  [1]. R75.46 - Check_Point_R75.46_Fresh_Install.tgz (1.48 GB) - <b>R75.46 is a maintenance release for R75.40 and R75.45 with important Check Point product updates.<br>For more about this release, see the <a href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk90960" target="_blank">R75.46 home page</a>.</b>
                  [2]. R77_SC - Check_Point_SmartConsole_and_SmartDomain_Manager_R77.tgz (292.51 MB) - Check_Point_SmartConsole_and_SmartDomain_Manager_R77.tgz
                  HostName:0>
                  HostName:0> installer download 2
                  Initiating download of package 2: Check_Point_SmartConsole_and_SmartDomain_Manager_R77.tgz (292.51 MB)
                  HostName:0>
                  HostName:0> show installer package_status
                  .............
                  Check_Point_SmartConsole_and_SmartDomain_Manager_R77.tgz - Downloading (2.95 MB/s) - Progress: 6%
                  .............
                  HostName:0>
                6. To install a software update in Clish:

                  Important Note: Requirements for disk space exist - refer to "System requirements and limitations" section.

                  Example:
                  HostName:0> installer install
                  List of available packages for install:
                  [1]. HOTFIX_GULLI_HF1 - Check_Point_R77_hotfix_sk95245.tgz (2.99 MB) - This hotfix solves Threat Emulation Incorrect MIME encoding.
                  [2]. BUNDLE_R77_10 - Check_Point_R77.10_EA_T72_4SEs.tgz (202.19 MB) - Check_Point_R77.10_EA_T72_4SEs.tgz
                  [3]. HOTFIX_GULLI_HF2 - Check_Point_hotfix_R77_sk96269.tgz (2.97 MB) - This hotfix solves Threat Emulation Incorrect MIME encoding.
                  [4]. HOTFIX_GULLI_UDP_FIX - Check_Point_R77_UDP_Hotfix_sk95056.tgz (206.90 KB) - Check_Point_R77_UDP_Hotfix_sk95056.tgz
                  [5]. R77 - Check_Point_R77.tgz (1.18 GB) - <b>Check Point R77.<br> For more about this release - <a href=https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk92965 target=_blank>R77 home page</a>.</b>
                  HostName:0>
                  HostName:0> installer install 1
                  Initiating install of package 1: Check_Point_R77_hotfix_sk95245.tgz
                  HostName:0>
                  HostName:0> show installer package_status
                  .............
                  Check_Point_R77_hotfix_sk95245.tgz - Installing - Progress: 3%
                  .............
                  HostName:0>
                7. To upgrade a software update in Clish:

                  Important Note: Requirements for disk space exist - refer to "System requirements and limitations" section.

                  Example:
                  HostName:0> installer upgrade
                  List of available packages for upgrade:
                  [1]. R77 - Check_Point_R77.tgz (1.18 GB) - <b>Check Point R77.<br> For more about this release - <a href=https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk92965 target=_blank>R77 home page</a>.</b>
                  HostName:0>
                  HostName:0> installer upgrade 1
                  Initiating upgrade of package 1: Check_Point_R77.tgz
                  HostName:0>


            • Show / Hide information about Gaia Software Updates Agent versions lower than 502

              • Available options in Gaia Portal

                  • When a software update is "Available for Download", click on "Download" button.

                  • When a software update is "Available for Install", click on "Check Install" button to check whether this software update can be installed without conflict. If there are no warnings/conflicts, then click on "Install" button.

                  • If a software update was installed and has to be uninstalled, click on "Uninstall" button.

              • Available Clish commands

                1. Acquire the lock over Gaia configuration database:

                  HostName:0> lock database override

                2. Set the Gaia Software Updates Agent Policy:
                  HostName:0> set installer
                  	deployment-mail-notification - Set the installer mail notifications
                  	download_mode                - Set the installer download mode to automatic, manual or schedule
                  	install_mode                 - Set the installer install mode to automatic, manual or schedule
                  	HostName:0>
                  	

                  Notes:

                  • The "set installer download_mode schedule" sub-command is disabled - use the Gaia Portal.
                  • The "set installer install_mode schedule" sub-command is disabled - use the Gaia Portal.
                3. Start/Stop the relevant action:

                  HostName:0> installer 
                  	download       - Download a selected package
                  	install        - Install a selected package
                  	restore_policy - Restore the default update policy
                  	start          - Start the installer service
                  	stop           - Stop the installer service
                  	uninstall      - Uninstall a selected package
                  	HostName:0>
                  	

                  Note: The progress (in per cent) of the download/install/uninstall actions is displayed only in "Gaia Portal" - "Software Updates" - "Status and Actions".

                4. To see software updates in Clish:
                  HostName:0> show installer 
                  	available_local_packages - Show available packages for install
                  	available_packages       - Show available packages for download
                  	installed_packages       - Show the installed packages on this machine
                  	package_status           - Show the packages status
                  	HostName:0>
                  	

                  Notes:

                  • "show installer available_packages" command reads the information about the files that are pending download from the $DADIR/bin/pd_file file (exists only while the Gaia Software Updates Agent service is running).

                    Example:
                    HostName:0> show installer available_packages 
                    	List of available packages for download:
                    	[1].    R75.40  - R75.40_2.tgz (804.64 MB)      - R75.40
                    	[2].    R77  - R77.tgz (1.10 GB)  - R77 Take 34
                    	[3].    R76_GA  - R76_GA.tgz (1.06 GB)  - R76
                    	HostName:0>
                    	
                  • "show installer available_local_packages" command reads the information about the files that were downloaded and are pending installation from the $DADIR/bin/pi_file file (exists only while the Gaia Software Updates Agent service is running).

                    Example:
                    HostName:0> show installer available_local_packages
                    List of available packages for install:
                    [1]. software update_GIZMO_PING_DUMMY_002 - Check_Point_GIZMO_DUMMY_002_Bundle.tgz (31.38 KB) - Check_Point_GIZMO_DUMMY_002_Bundle.tgz
                    HostName:0>
                  • "show installer package_status" command reads the information about the status of software updates from the $DADIR/bin/prv_file file (exists only while the Gaia Software Updates Agent service is running).

                    Example:
                    HostName:0> show installer package_status
                    	Check_Point_GIZMO_DUMMY_002_Bundle.tgz  - Available for install
                    	R77.tgz         - Available for download
                    	R75.40_2.tgz    - Available for download
                    	R76_GA.tgz      - Available for download
                    	HostName:0>
                    	
                  • Information about the files that are pending uninstall is stored in $DADIR/bin/pu_file file (exists only while the Gaia Software Updates Agent service is running).
                5. To download a software update in Clish:

                  Example:
                  HostName:0> installer download 
                  	List of available packages for download:
                  	[1].    R75.40  - R75.40_2.tgz (804.64 MB)      - R75.40
                  	[2].    R77  - R77.tgz (1.10 GB)  - R77 Take 34
                  	[3].    R76_GA  - R76_GA.tgz (1.06 GB)  - R76
                  	HostName:0>
                  	HostName:0> installer download 2
                  	Initiating download of package 2: R77.tgz (1.10 GB)
                  	HostName:0> 
                  
                  	HostName:0> show installer package_status 
                  	Check_Point_GIZMO_DUMMY_002_Bundle.tgz  - Available for install
                  	R77.tgz         - Downloading
                  	R75.40_2.tgz    - Available for download
                  	R76_GA.tgz      - Available for download
                  	HostName:0>
                  	

             


             

            (8) Revision history

            Show / Hide this section

            Date Description
            02 Sep 2021 Updating screenshots and removed documentation for unsupported versions (77.10 and below)
            18 Apr 2021 "(6) Limitations, Troubleshooting and Related solutions" - added a Troubleshooting scenario #3
            11 Apr 2021 "Latest build of CPUSE and What's New" section - added new GA Build 2047
            07 Feb 2021 "Latest build of CPUSE and What's New" section - added new GA Build 2019
            14 Dec 2020 "Latest build of CPUSE and What's New" section - added new GA Build 1999
            25 Nov 2020 "Latest build of CPUSE and What's New" section - added new GA Build 1986
            28 Oct 2020 "Latest build of CPUSE and What's New" section - added new GA Build 1976
            23 Sep 2020 "Latest build of CPUSE and What's New" section - added new GA Build 1959
            10 Sep 2020 "Latest build of CPUSE and What's New" section - added new GA Build 1935
            20 Aug 2020 "Latest build of CPUSE and What's New" section - added new GA Build 1931
            19 Jul 2020 "Latest build of CPUSE and What's New" section - added new GA Build 1928
            30 Jun 2020 Updated (6) Troubleshooting
            18 Jun 2020 "Latest build of CPUSE and What's New" section - added new GA Build 1905
            16 Apr 2020 "Latest build of CPUSE and What's New" section - added new GA Build 1889
            16 Feb 2020 "Latest build of CPUSE and What's New" section - added new GA Build 1865
            09 Feb 2020 "Latest build of CPUSE and What's New" section - added new GA Build 1858
            16 Jan 2020 "Latest build of CPUSE and What's New" section - added new GA Build 1848
            10 Dec 2019 "Latest build of CPUSE and What's New" section - added new GA Build 1832
            27 Nov 2019 Added section (4-B-d) Perform a clean install or upgrade of a Blink image
            20 Nov 2019 "Latest build of CPUSE and What's New" section - added new GA Build 1818
            03 Oct 2019  "Latest build of CPUSE and What's New" section - added new GA Build 1786
            19 Aug 2019  "Latest build of CPUSE and What's New" section - added new GA Build 1751
            11 Aug 2019 "Latest build of CPUSE and What's New" section - added new GA Build 1731
            16 July 2019  "Latest build of CPUSE and What's New" section - added new GA Build 1728
            01 July 2019 "Latest build of CPUSE and What's New" section - added new GA Build 1722
            05 June 2019 Added a note that CPUSE package is not compatible with R80.20SP
            14 May 2019  "Latest build of CPUSE and What's New" section - added new GA Build 1677
            01 May 2019 "Latest build of CPUSE and What's New" section - added new GA Build 1676
            31 Mar 2019 Updated setion 4C - "How to uninstall a CPUSE package"
            26 Mar 2019 "Latest build of CPUSE and What's New" section - added new GA Build 1671 
            17 Mar 2019 "Latest build of CPUSE and What's New" section - added new GA Build 1669
            23 Jan 2019 "Latest build of CPUSE and What's New" section - added new GA Build 1580
            28 Nov 2018 "Latest build of CPUSE and What's New" section - added new GA Build 1577
            29 Sep 2018  "Latest build of CPUSE and What's New" section - added new GA Build 1573
            26 Sep 2018 Added link to R80.20 Gaia Administration Guide
            15 July 2018 Added R80.20 to Versions list
            25 June 2018  "Latest build of CPUSE and What's New" section - added new GA Build 1511
            24 June 2018 "Latest build of CPUSE and What's New" section - added new GA Build 1510 
            14 June 2018 "Latest build of CPUSE and What's New" section - added new GA Build 1508
            06 May 2018 "Latest build of CPUSE and What's New" section - added new GA Build 1483
            08 Apr 2018 Updated Section (2) System requirements and limitations, item G.
            12 Feb 2018 "Latest build of CPUSE and What's New" section - added new GA Build 1439
            02 Jan 2018 "Latest build of CPUSE and What's New" section - added new GA Build 1418
            26 Nov 2017 "Latest build of CPUSE and What's New" section - added new GA Build 1405
            10 Oct 2017 Corrected the import instructions in Gaia Portal - correct the name of the button from "Upload" to "Import".
            08 Oct 2017 Renamed the "Latest build of CPUSE and What's New" section to the "Download the latest build of CPUSE Agent and What's New".
            24 Sep 2017 "Latest build of CPUSE and What's New" section - "(3-D) History of older CPUSE Agent builds" subsection -
            updated the text to show that build 1130 is integrated into R80 GA version.
            27 Aug 2017 "Latest build of CPUSE and What's New" section - added new GA Build 1298.
            23 Aug 2017 "Troubleshooting and Related solutions" section - added sk104479.
            17 Aug 2017 "Troubleshooting and Related solutions" section - added sk119993.
            16 Aug 2017 "Troubleshooting and Related solutions" section - added sk119954.
            24 July 2017 "Latest build of CPUSE and What's New" section - added a note that restarting the ConfD daemon should be performed during a maintenance window.
            06 July 2017 "System requirements and limitations" section - updated a note that on VSX R80.10, any package can be installed using CPUSE.
            27 June 2017 "Latest build of CPUSE and What's New" section - added new GA Build 1294.
            21 June 2017
            • Updated the instructions for importing a package in Gaia Portal (by clicking on the Import Package button on the main page).
            • Added link to R80.10 Gaia Administration Guide.
            16 June 2017 "Latest build of CPUSE and What's New" section - added new GA Build 1293.
            18 May 2017 Added R80.10 version to the article.
            25 Apr 2017 "Latest build of CPUSE and What's New" section - added new GA Build 1283.
            04 Apr 2017 "Latest build of CPUSE and What's New" section - added new GA Build 1278.
            28 Mar 2017
            • Updated the title of this article from "CPUSE - Gaia Software Updates (including Gaia Software Updates Agent)" to "Check Point Upgrade Service Engine (CPUSE) - Gaia Deployment Agent".
            • "Latest build of CPUSE and What's New" section - added the Build 1272 back.
            20 Mar 2017 "Latest build of CPUSE and What's New" section - temporarily reverted from Build 1272 to the previous Build 1130.
            15 Mar 2017 Added relevant screenshots for "Verifier" results.
            13 Mar 2017 "Latest build of CPUSE and What's New" section - added new GA Build 1272.
            11 Feb 2017 "Troubleshooting and Related solutions" section - added sk114592.
            05 Feb 2017 "Troubleshooting and Related solutions" section - added sk115719.
            15 Jan 2017 "Troubleshooting and Related solutions" section - added sk115515.
              31 Dec 2016
              • "(4-A) "How to ..." section - improved import instructions for Offline procedure in Gaia Portal.
              • "Troubleshooting and Related solutions" section - added sk111158, sk115243.
              19 Nov 2016
              • "(4-A) "How to ..." section - improved notes about VSX mode.
              • "(4-B) "How to ..." section - improved notes about VSX mode.
              • "(4-B) "How to ..." section - "(4-B-b)" subsection - added a list of files that are copied by CPUSE during an upgrade to a Major Version.
              14 Nov 2016 "(4-C) "How to ..." section - improved notes.
              03 Nov 2016 "System requirements and limitations" section - added clarifications about the required license and contract.
              02 Oct 2016 "Latest build of CPUSE and What's New" section - added new Build 1130.
              21 Sep 2016 "Troubleshooting and Related solutions" section - added sk113268, sk113269, sk113270.
              21 Aug 2016 "Latest build of CPUSE and What's New" section - added new Build 1127.
              23 June 2016 "(4-D) "How to ..." section - improved the description of "installer agent start" command.
              21 June 2016 "(4-D) "How to ..." section - improved the description of "installer agent <disable|enable>" and "installer agent <stop|start>" commands.
              16 June 2016 "Latest build of CPUSE and What's New" section - added new Build 1005.
              14 Apr 2016 "Latest build of CPUSE and What's New" section - added new Build 994.
              10 Apr 2016
              • "Troubleshooting and Related solutions" section - added sk105746.
              • "System requirements and limitations" section - added relevant Domain objects.
              09 Apr 2016 "Latest build of CPUSE and What's New" section - added a note about manual installation of CPUSE Agent RPM.
              31 Mar 2016 Improved text readability.
              30 Mar 2016 "Troubleshooting and Related solutions" section - added sk109359.
              27 Mar 2016 Article was redesigned and updated.
              03 Jan 2015 Minor text improvements.
              03 Jan 2015 "System requirements and limitations" section - updated the information.
              20 Nov 2015 Add explanation for "DAClient" commands.
              20 Sep 2015 "System requirements and limitations" section - updated the information.
              29 July 2015 Corrected Clish syntax for starting and stopping the Gaia Software Updates Agent daemon.
              26 July 2015 Added Clish syntax for Build 802 and higher.
              22 July 2015 Added sk106696 to "Related solutions" section.
              11 Mar 2015 "System requirements and limitations" section - added instructions for allowing CPUSE to work with Check Point cloud.
              29 Jan 2015 "System requirements and limitations" section - updated the information that option "Automatically download Contracts and other important data (Recommended)" should be enabled in SmartDashboard.
              05 Oct 2014 Added description for Gaia Software Updates Agent version from 710 to 747.
              11 Sep 2014 "Overview" - "Description" section - added a note that CPuse mechanism supports deployment of Major Versions (starting from build 502).
              19 Aug 2014
              • "Software Updates Notifications" section - updated the information.
              • Updated the notes for "set installer" commands.
              24 July 2014 Added a note about the "ping" syntax in $DADIR/bin/connection_test.sh script if Gaia machine is disconnected from the Internet.
              15 June 2014 "Related solutions" section - added this new section.
              12 May 2014 Updated the information about the "Import" operation in Gaia Portal.
              17 Mar 2014 Improvements in HTML design.
              26 Jan 2014
              • Added notes about importing an image / package.
              • Modified manual installation instructions.
              12 Dec 2013 Added description for Gaia Software Updates Agent versions from 502 to 615.
              03 Mar 2013 First release of this document.

              Give us Feedback
              Please rate this document
              [1=Worst,5=Best]
              Comment