Security Gateways running version prior to R76 (R65 / R70.X / R71.X / R75.X) drop UDP traffic on non-standard ports after upgrading Security Management Server to R77.
Note: Hotfix has to be installed on Security Management Server.
In Gaia Portal:
Connect to the Gaia Portal on your machine.
Obtain the lock over the configuration database (click on the lock icon at the top - near 'Sign Out').
Navigate to the 'Software Updates' - 'Status and Actions' pane.
Go to the 'Updates' tab to see the published hotfixes available for download.
Select the Check_Point_R77_UDP_Hotfix_sk95056.tgz package - right-click on it - click on 'Download' (this will download the hotfix to your machine).
Right-click on the Check_Point_R77_UDP_Hotfix_sk95056.tgz package - click on 'Install' (this will install the hotfix on the machine and display the installation status).
When prompted for reboot (a pop up window appears), confirm to reboot the machine.
Connect to R77 Security Management Server with SmartDashboard.
Install policy onto all Security Gateways prior to R76 (R65 / R70.X / R71.X / R75.X).
Important Step: Clear all entries from the Connections kernel table on all Security Gateways prior to R76 (R65 / R70.X / R71.X / R75.X):
Connect to command line on Security Gateway. Note: Preferred way is to connect over console, because SSH connection will be disconnected when you clear all entries from the Connections kernel table.
Log in to Expert mode.
Clear all entries from the Connections kernel table:
Note: This command does not prompt for any confirmation and its action is irreversible. All current connections will be lost!
[Expert@HostName]# fw tab -t connections -x -y
In Clish:
Connect to Gaia command line (over SSH, or console).
Connect to R77 Security Management Server with SmartDashboard.
Install policy onto all Security Gateways prior to R76 (R65 / R70.X / R71.X / R75.X).
Important Step: Clear all entries from the Connections kernel table on all Security Gateways prior to R76 (R65 / R70.X / R71.X / R75.X):
Connect to command line on Security Gateway. Note: Preferred way is to connect over console, because SSH connection will be disconnected when you clear all entries from the Connections kernel table.
Log in to Expert mode.
Clear all entries from the Connections kernel table:
Note: This command does not prompt for any confirmation and its action is irreversible. All current connections will be lost!
Hotfix has to be installed on Security Management Server.
Download the relevant hotfix package:
Platform
R77
Gaia / SecurePlatform / Linux
(TGZ)
Transfer the hotfix package to the machine (into some directory, e.g., /some_path_to_fix/).
Unpack the hotfix package:
[Expert@HostName]# cd /some_path_to_fix/ [Expert@HostName]# tar zxvf Check_Point_R77_UDP_Hotfix_Linux_sk95056.tgz
Install the hotfix:
[Expert@HostName]# ./UnixInstallScript
Note: The script will stop all of Check Point services (cpstop) - read the output on the screen.
Reboot the machine.
Connect to R77 Security Management Server with SmartDashboard.
Install policy onto all Security Gateways prior to R76 (R65 / R70.X / R71.X / R75.X).
Important Step: Clear all entries from the Connections kernel table on all Security Gateways prior to R76 (R65 / R70.X / R71.X / R75.X):
Connect to command line on Security Gateway. Note: Preferred way is to connect over console, because SSH connection will be disconnected when you clear all entries from the Connections kernel table.
Log in to Expert mode.
Clear all entries from the Connections kernel table:
Note: This command does not prompt for any confirmation and its action is irreversible. All current connections will be lost!
Hotfix has to be installed on Multi-Domain Security Management Server.
Download the relevant hotfix package:
Platform
R77
Gaia / SecurePlatform / Linux
(TGZ)
Transfer the hotfix package to the machine (into some directory, e.g., /some_path_to_fix/).
Unpack the hotfix package:
[Expert@HostName]# cd /some_path_to_fix/ [Expert@HostName]# tar zxvf Check_Point_R77_UDP_Hotfix_Linux_Multi_Domain_sk95056.tgz
Install the hotfix:
[Expert@HostName]# ./UnixInstallScript
Note: The script will stop all of Check Point services (cpstop) - read the output on the screen.
Reboot the machine.
Connect to each R77 Domain Management Server with SmartDashboard.
Install policy onto all Security Gateways prior to R76 (R65 / R70.X / R71.X / R75.X).
Important Step: Clear all entries from the Connections kernel table on all Security Gateways prior to R76 (R65 / R70.X / R71.X / R75.X):
Connect to command line on Security Gateway. Note: Preferred way is to connect over console, because SSH connection will be disconnected when you clear all entries from the Connections kernel table.
Log in to Expert mode.
Clear all entries from the Connections kernel table:
Note: This command does not prompt for any confirmation and its action is irreversible. All current connections will be lost!
Hotfix has to be installed on Security Management Server.
Download the relevant hotfix package:
Platform
R77
IPSO
(TGZ)
Transfer the hotfix package to the machine (into some directory, e.g., /some_path_to_fix/).
Unpack the hotfix package:
[Expert@HostName]# cd /some_path_to_fix/ [Expert@HostName]# tar zxvf Check_Point_R77_UDP_Hotfix_IPSO6_sk95056.tgz
Install the hotfix:
[Expert@HostName]# ./UnixInstallScript
Note: The script will stop all of Check Point services (cpstop) - read the output on the screen.
Reboot the machine.
Connect to R77 Security Management Server with SmartDashboard.
Install policy onto all Security Gateways prior to R76 (R65 / R70.X / R71.X / R75.X).
Important Step: Clear all entries from the Connections kernel table on all Security Gateways prior to R76 (R65 / R70.X / R71.X / R75.X):
Connect to command line on Security Gateway. Note: Preferred way is to connect over console, because SSH connection will be disconnected when you clear all entries from the Connections kernel table.
Log in to Expert mode.
Clear all entries from the Connections kernel table:
Note: This command does not prompt for any confirmation and its action is irreversible. All current connections will be lost!
Hotfix has to be installed on Security Management Server.
Download the relevant hotfix package:
Platform
R77
Windows
(TGZ)
Transfer the hotfix package to the machine (into some directory, e.g., C:\some_path_to_fix\).
Use any archive program (WinZIP, WinRAR, 7-Zip, TUGZip, IZArc) to unpack the Check_Point_R77_UDP_Hotfix_Windows_sk95056.tgz.
Install the hotfix:
Right-click on the Setup.exe file - select 'Run as administrator'.
Reboot the machine.
Connect to R77 Security Management Server with SmartDashboard.
Install policy onto all Security Gateways prior to R76 (R65 / R70.X / R71.X / R75.X).
Important Step: Clear all entries from the Connections kernel table on all Security Gateways prior to R76 (R65 / R70.X / R71.X / R75.X):
Connect to command line on Security Gateway. Note: Preferred way is to connect over console, because SSH connection will be disconnected when you clear all entries from the Connections kernel table.
Log in to Expert mode.
Clear all entries from the Connections kernel table:
Note: This command does not prompt for any confirmation and its action is irreversible. All current connections will be lost!
***********************************************************
Welcome to Check Point <HOTFIX_NAME> Uninstall Utility
***********************************************************
All <HOTFIX_NAME> packages will be uninstalled.
Uninstallation program is about to stop all Check Point processes.
Do you want to continue (y/n) ?
Reboot the machine.
This solution is about products that are no longer supported and it will not be updated