Support Center > Search Results > SecureKnowledge Details
Compliance Blade Hotfix for R75.40 / R75.45 / R75.46 / R75.47 / R76 Technical Level
Solution

General Availability release is available as a hotfix package. This hotfix is supported only on top of these versions:

  • R75.40
  • R75.45
  • R75.46
  • R75.47
  • R76

Note: Compliance Software Blade is integrated into Check Point R77.

 

Table of Contents:

  • Overview
  • What's New
  • Known Limitations
  • Downloads
  • Documentation
  • Related solutions

 

Overview

Compliance Software Blade provides a detailed compliance analysis and reporting of major regulations and international standards against a library of Check Point security best practices and recommendations.

The Compliance Software Blade incorporates alert notifications upon changes to policy configurations in other Software Blades.

 

What's New

Major features:

  • Regulatory compliance analysis
  • Security Best Practices
  • Continuous policy monitoring
  • Compliance alerts
  • Action scheduling
  • Reporting

 

Known Limitations

The following limitations exist in General Availability version:

ID Symptoms
01131903 This hotfix supports only R75.40 / R75.45 / R75.46 / R75.47 and R76.
If you upgrade to R75.40VS, the Compliance Blade is not available.
01133547 User must perform a full manual scan after these actions in SmartDashboard:
  • Adding or removing a Security Gateway / VSX Gateway / VSX Virtual System / Cluster object.
  • Enabling or disabling a Software Blade in a Security Gateway / VSX Gateway / VSX Virtual System / Cluster object.
  • Activating or deactivating Best Practice tests on 'Compliance' tab.
01134245 Relevant only for R75.45 Multi-Domain Security Management Server running on Gaia OS.

After installing the Compliance Software Blade package on Multi-Domain Security Management Server, perform the following steps for each active Domain:

  1. Switch to the context of MDS:

    [Expert@HostName]# mdsenv
    [Expert@HostName]# mcd

  2. Copy the license file cp.macro
    from the $CPDIR/conf/ directory in the context of MDS
    to the $CPDIR/conf/ directory in the context of Domain:

    [Expert@HostName]# cp  /opt/CPshrd-R75.40/conf/cp.macro  /opt/CPmds-R75.40/customers/<Domain_Name>/CPshrd-R75.40/conf/cp.macro

  3. Restart all Check Point services on Multi-Domain Security Management Server:

    [Expert@HostName]# mdsstop
    [Expert@HostName]# mdsstart

Note: The following shell script can be used to automate this process:

#!/bin/sh
mdsenv
mcd
for DOMAIN in $($MDSVERUTIL AllCMAs)
    do
        echo "Copying license file into - ${DOMAIN} :"
        cp -v  $CPDIR/conf/cp.macro  $MDSDIR/customers/${DOMAIN}/conf/cp.macro
done
echo "Going to restart the Multi-Domain Security Management Server..."
sleep 3
mdsstop
mdsstart
01365981

Relevant only for R75.45:

Refer to sk98651 (Upgrade from R75.45 to a later version fails after R75.45 Compliance Blade hotfix was uninstalled).

01373581

Relevant only for R75.47:

Compliance Blade is not able to start the initial scan if the hotfix was installed, uninstalled and then re-installed again (see the steps below):

  1. Installed Compliance Blade hotfix for R75.47.
  2. Enabled Compliance Blade.
  3. Uninstalled Compliance Blade hotfix for R75.47.
  4. Re-installed Compliance Blade hotfix for R75.47.
  5. Enabled Compliance Blade.
  6. Compliance Blade is not able to start the initial scan.

Workaround:

If you uninstalled the Compliance Blade hotfix for R75.47, then you must follow these steps after re-installing the hotfix and before enabling the Compliance Blade.

  1. Connect to command line on the Security Management Server / Multi-Domain Security Management Server (over SSH, or console).
  2. Log in to Expert mode.
  3. Navigate to '$CPDIR/database/downloads/' directory:
    [Expert@HostName]# cd  $CPDIR/database/downloads/
  4. Delete the 'GRC' directory:
    [Expert@HostName]# rm -rf  GRC
  5. Connect with SmartDashboard to Security Management Server / Domain Management Server.
  6. Enable Compliance Blade in the Management Server object.

 

Downloads

Note: In order to download some of the packages you will need to have a Software Subscription or Active Support plan.

Refer to R75.40 / R75.45 Compliance Blade Release Notes - 'Installation and Uninstallation' section for detailed instructions.

Hotfix Installation Package:

Platform R75.40 R75.45 R75.46 R75.47 R76 *
Gaia (TGZ) (TGZ) (TGZ) (TGZ) (TGZ)
SecurePlatform (TGZ) (TGZ) (TGZ) (TGZ) (TGZ)
Linux (TGZ) (TGZ) (TGZ) (TGZ) (TGZ)
Windows (TGZ) (TGZ) (TGZ) (TGZ) (TGZ)

* Note: To upgrade from R76 with Compliance Blade Hotfix to R77, refer to sk97048 (Upgrade of R76 Management Server with Compliance Blade Hotfix to R77 fails).

SmartConsole Installation Package:

Platform R75.40 R75.45 R75.46 R75.47 R76
Windows (EXE) (EXE) (EXE) (EXE) (EXE)

 

Documentation

 

This solution is about products that are no longer supported and it will not be updated

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment