Support Center > Search Results > SecureKnowledge Details
Compliance Blade Hotfix for R75.40 / R75.45 / R75.46 / R75.47 / R76 Technical Level
Solution

General Availability release is available as a hotfix package. This hotfix is supported only on top of these versions:

  • R75.40
  • R75.45
  • R75.46
  • R75.47
  • R76

Note: Compliance Software Blade is integrated into Check Point R77.

 

Table of Contents:

  • Overview
  • What's New
  • Known Limitations
  • Downloads
  • Documentation
  • Related solutions

 

Overview

Compliance Software Blade provides a detailed compliance analysis and reporting of major regulations and international standards against a library of Check Point security best practices and recommendations.

The Compliance Software Blade incorporates alert notifications upon changes to policy configurations in other Software Blades.

 

What's New

Major features:

  • Regulatory compliance analysis
  • Security Best Practices
  • Continuous policy monitoring
  • Compliance alerts
  • Action scheduling
  • Reporting

 

Known Limitations

The following limitations exist in General Availability version:

ID Symptoms
01131903 This hotfix supports only R75.40 / R75.45 / R75.46 / R75.47 and R76.
If you upgrade to R75.40VS, the Compliance Blade is not available.
01133547 User must perform a full manual scan after these actions in SmartDashboard:
  • Adding or removing a Security Gateway / VSX Gateway / VSX Virtual System / Cluster object.
  • Enabling or disabling a Software Blade in a Security Gateway / VSX Gateway / VSX Virtual System / Cluster object.
  • Activating or deactivating Best Practice tests on 'Compliance' tab.
01134245 Relevant only for R75.45 Multi-Domain Security Management Server running on Gaia OS.

After installing the Compliance Software Blade package on Multi-Domain Security Management Server, perform the following steps for each active Domain:

  1. Switch to the context of MDS:

    [Expert@HostName]# mdsenv
    [Expert@HostName]# mcd

  2. Copy the license file cp.macro
    from the $CPDIR/conf/ directory in the context of MDS
    to the $CPDIR/conf/ directory in the context of Domain:

    [Expert@HostName]# cp  /opt/CPshrd-R75.40/conf/cp.macro  /opt/CPmds-R75.40/customers/<Domain_Name>/CPshrd-R75.40/conf/cp.macro

  3. Restart all Check Point services on Multi-Domain Security Management Server:

    [Expert@HostName]# mdsstop
    [Expert@HostName]# mdsstart

Note: The following shell script can be used to automate this process:

#!/bin/sh
mdsenv
mcd
for DOMAIN in $($MDSVERUTIL AllCMAs)
    do
        echo "Copying license file into - ${DOMAIN} :"
        cp -v  $CPDIR/conf/cp.macro  $MDSDIR/customers/${DOMAIN}/conf/cp.macro
done
echo "Going to restart the Multi-Domain Security Management Server..."
sleep 3
mdsstop
mdsstart
01365981

Relevant only for R75.45:

Refer to sk98651 (Upgrade from R75.45 to a later version fails after R75.45 Compliance Blade hotfix was uninstalled).

01373581

Relevant only for R75.47:

Compliance Blade is not able to start the initial scan if the hotfix was installed, uninstalled and then re-installed again (see the steps below):

  1. Installed Compliance Blade hotfix for R75.47.
  2. Enabled Compliance Blade.
  3. Uninstalled Compliance Blade hotfix for R75.47.
  4. Re-installed Compliance Blade hotfix for R75.47.
  5. Enabled Compliance Blade.
  6. Compliance Blade is not able to start the initial scan.

Workaround:

If you uninstalled the Compliance Blade hotfix for R75.47, then you must follow these steps after re-installing the hotfix and before enabling the Compliance Blade.

  1. Connect to command line on the Security Management Server / Multi-Domain Security Management Server (over SSH, or console).
  2. Log in to Expert mode.
  3. Navigate to '$CPDIR/database/downloads/' directory:
    [Expert@HostName]# cd  $CPDIR/database/downloads/
  4. Delete the 'GRC' directory:
    [Expert@HostName]# rm -rf  GRC
  5. Connect with SmartDashboard to Security Management Server / Domain Management Server.
  6. Enable Compliance Blade in the Management Server object.

 

Downloads

Note: In order to download some of the packages you will need to have a Software Subscription or Active Support plan.

Refer to R75.40 / R75.45 Compliance Blade Release Notes - 'Installation and Uninstallation' section for detailed instructions.

Hotfix Installation Package:

Platform R75.40 R75.45 R75.46 R75.47 R76 *
Gaia (TGZ) (TGZ) (TGZ) (TGZ) (TGZ)
SecurePlatform (TGZ) (TGZ) (TGZ) (TGZ) (TGZ)
Linux (TGZ) (TGZ) (TGZ) (TGZ) (TGZ)
Windows (TGZ) (TGZ) (TGZ) (TGZ) (TGZ)

* Note: To upgrade from R76 with Compliance Blade Hotfix to R77, refer to sk97048 (Upgrade of R76 Management Server with Compliance Blade Hotfix to R77 fails).

SmartConsole Installation Package:

Platform R75.40 R75.45 R75.46 R75.47 R76
Windows (EXE) (EXE) (EXE) (EXE) (EXE)

 

Documentation

 

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment