Support Center > Search Results > SecureKnowledge Details
Anti-Virus / Anti-Bot policy enforcement issue on VSX gateways Technical Level
Symptoms
  • Anti-Virus / Anti-Bot policy is not enforced in some scenarios on Security Gateway in VSX mode.

  • This issue is relevant to R75.40VS and R76 in VSX mode on Gaia OS and Crossbeam XOS.
Cause

Anti-Virus / Anti-Bot policy is not enforced on Security Gateway in VSX mode in the following scenarios:

  • After running 'cpstop;cpstart' commands. The issue will affect only VS0.
  • After rebooting the Security Gateway.
  • After 'fwk' process is restarted or has crashed. The issue will affect the Virtual System corresponding to that fwk process.

Solution

This problem was fixed. The fix is included in:

Check Point recommends to always upgrade to the most recent version (upgrade Security Gateway / upgrade VSX / upgrade Security Management Server / upgrade Multi-Domain Security Management Server).

 

For R75.40VS and R76 versions, Check Point offers Hotfix for this issue.

Hotfix installation instructions:

  1. Hotfix has to be installed on VSX Security Gateway.

    Note: In cluster environment, this procedure must be performed on all members of the cluster.

  2. On Gaia OS: Download and install the updated version of the Gaia Software Updates Agent:  

    1. Download the package with updated version of Gaia Software Updates Agent from sk92449: CPUSE - Gaia Software Updates (including Gaia Software Updates Agent) - section "(3) Latest build of CPUSE and What's New".

    2. Transfer the updated Gaia Software Updates Agent package (DeploymentAgent_<version>.tgz) to Security Gateway into /some_path_to_updated_DA/ directory.

    3. UnPack the Gaia Software Updates Agent package:

      [Expert@HostName]# cd /some_path_to_updated_DA/
      [Expert@HostName]# tar xvfz DeploymentAgent_<version>.tgz

    4. Stop the Gaia Software Updates Agent service:

      [Expert@HostName]# $DADIR/bin/dastop
      [Expert@HostName]# dbget installer:stop

    5. Install the Gaia Software Updates Agent RPM:

      [Expert@HostName]# rpm -Uhv --force CPda-00-00.i386.rpm

    6. Start the Gaia Software Updates Agent:

      [Expert@HostName]# $DADIR/bin/dastart


  3. Download the hotfix package(s).



  4. Transfer the hotfix packages to the Security Gateway (e.g., into /some_path_to_fix/ directory):

    • For R75.40VS:
      Important note: these two hotfix packages have to be placed into separate directories.
      • Transfer the First hotfix package (fw1_wrapper_HOTFIX_R75.40VS_HF_BASE_006.Gaia_SecurePlatform.tgz) into /some_path_to_fix_1/ directory.
      • Transfer the Second hotfix package (Check_Point_R75.40VS_Hotfix_BASE_025_SK92464.tgz) into /some_path_to_fix_2/ directory.


    • For R76:
      • Transfer the hotfix package (Check_Point_R76_Hotfix_BASE_014_SK92464.tgz) into /some_path_to_fix/ directory.


  5. Unpack the hotfix package(s):

    • For R75.40VS:
      1. First hotfix package:

        [Expert@HostName]# cd /some_path_to_fix_1/
        [Expert@HostName]# tar xvfz fw1_wrapper_HOTFIX_R75.40VS_HF_BASE_006.Gaia_SecurePlatform.tgz

      2. Second hotfix package:

        [Expert@HostName]# cd /some_path_to_fix_2/
        [Expert@HostName]# tar xvfz Check_Point_R75.40VS_Hotfix_BASE_025_SK92464.tgz


    • For R76:
      • [Expert@HostName]# cd /some_path_to_fix/
        [Expert@HostName]# tar xvfz Check_Point_R76_Hotfix_BASE_014_SK92464.tgz


  6. Install the hotfix(es):

    • For R75.40VS:

      Important Note: It is crucial to install the hotfixes in the given order - first 'HF_BASE_006', second 'HF_BASE_025'.

      1. First hotfix package:

        [Expert@HostName]# vsenv 0
        [Expert@HostName]# cd /some_path_to_fix_1/
        [Expert@HostName]# ./fw1_wrapper_HOTFIX_GIZA_HF_BASE_006_<BUILD_NUMBER>

        Note: do NOT reboot yet.

      2. Second hotfix package:

        [Expert@HostName]# vsenv 0
        [Expert@HostName]# cd /some_path_to_fix_2/
        [Expert@HostName]# ./fw1_wrapper_HOTFIX_GIZA_HF_BASE_025_<BUILD_NUMBER>


    • For R76:
      • [Expert@HostName]# vsenv 0
        [Expert@HostName]# cd /some_path_to_fix/
        [Expert@HostName]# ./fw1_wrapper_HOTFIX_GIZMO_HF_BASE_014_<BUILD_NUMBER>


  7. Reboot the machine.
Applies To:
  • 01120268 , 01120269 , 01120292 , 01120309 , 01120313 , 01120315 , 01120316 , 01121222 , 01241192 , 01381065
  • 01120916 , 01121206 , 01123534 , 01126613 , 01133803 , 01381051

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment