The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Some protections may not work for specific HTTP evasions in R77.10 / R77 / R76
Technical Level
Solution ID
sk98814
Technical Level
Severity
High
Product
IPS, Application Control, Anti-Bot, Anti-Virus, URL Filtering, Threat Emulation
Version
R76, R77, R77.10
Platform / Model
All
Date Created
10-Mar-2014
Last Modified
17-Apr-2016
Symptoms
This recommended fix improves the following protections under specific HTTP evasions:
IPS
Application Control
URL Filtering
Anti-Virus
Anti-Bot
Threat Emulation
The fix is relevant to the following releases:
R76
R77
R77.10
R76SP for 61000
Other versions do not require this fix.
Solution
This problem was fixed. The fix is included in:
Check Point recommends to always upgrade to the most recent version (upgrade Security Gateway / upgrade VSX / upgrade Security Management Server / upgrade Multi-Domain Security Management Server ).
For lower versions , Check Point offers a hotfix for this issue.
Procedure:
Note: In cluster environment, this procedure must be performed on all members of the cluster.
Show / Hide instructions - Gaia OS using CPUSE (Check Point Update Service Engine)
We recommend using CPUSE to install this hotfix.
Note: Hotfix has to be installed on Security Gateway / each cluster member .
In Gaia Portal:
Important Note for VSX mode: Gaia Portal is not supported on Security Gateway in VSX mode. Users must use the Clish.
Connect to the Gaia Portal on your machine.
Obtain the lock over the configuration database (click on the lock icon at the top - near 'Sign Out
').
Navigate to the 'Software Updates
' - 'Status and Actions
' pane.
Go to the 'Updates
' tab to see the published hotfixes available for download.
Select the Check_Point_Hotfix_R7X _sk98814.tgz
package - right-click on it - click on 'Download
' (this will download the hotfix to your machine).
Right-click on the Check_Point_Hotfix_R7X _sk98814.tgz
package - click on 'Install
' (this will install the hotfix on the machine and display the installation status).
When prompted for reboot (a pop up window appears), confirm to reboot the machine.
In Clish:
Important Note for VSX mode: Gaia Portal is not supported on Security Gateway in VSX mode. Users must use the Clish.
Connect to Gaia command line (over SSH, or console).
Log in to Clish shell.
See the list of available packages for download:
HostName> show installer available_packages
Download this hotfix:
HostName> installer download Check_Point_Hotfix_R7X _sk98814.tgz
Check the download progress by repeatedly running this command:
HostName> show installer package_status
Outputs for example :
Check_Point_Hotfix_R77.10_sk98814.tgz - Downloading (2.95 MB/s) - Progress: 6%
Check_Point_Hotfix_R77.10_sk98814.tgz - Available for install
See the list of available packages for install:
HostName> show installer available_local_packages
Install this hotfix:
HostName> installer install Check_Point_Hotfix_R7X _sk98814.tgz
Check the installation progress by repeatedly running this command:
HostName> show installer package_status
Outputs for example :
Check_Point_Hotfix_R77.10_sk98814.tgz - Installing - Progress: 3%
Check_Point_Hotfix_R77.10_sk98814.tgz - installed
Machine will be rebooted automatically.
Contact Check Point Support for any assistance.
Show / Hide instructions - Gaia / SecurePlatform / Linux OS
Contact Check Point Support for any assistance.
Hotfix has to be installed on Security Gateway / each cluster member .
Download the relevant hotfix package:
Transfer the hotfix package to the machine (into some directory, e.g., /some_path_to_fix/
).
Unpack the hotfix package: [Expert@HostName]# cd /some_path_to_fix/
[Expert@HostName]# tar zxvf Check_Point_Hotfix_VERSION _sk98814.tgz
Install the hotfix: [Expert@HostName]# ./fw1_wrapper_HOTFIX_NAME
Note: The script will stop all of Check Point services (cpstop
) - read the output on the screen.
Reboot the machine.
Show / Hide instructions - IPSO OS
Contact Check Point Support for any assistance.
Hotfix has to be installed on Security Gateway / each cluster member .
Download the relevant hotfix package:
Transfer the hotfix package to the machine (into some directory, e.g., /some_path_to_fix/
).
Unpack the hotfix package: [Expert@HostName]# cd /some_path_to_fix/
[Expert@HostName]# tar zxvf Check_Point_Hotfix_VERSION _sk98814.tgz
Install the hotfix: [Expert@HostName]# ./fw1_wrapper_HOTFIX_NAME
Note: The script will stop all of Check Point services (cpstop
) - read the output on the screen.
Reboot the machine.
Show / Hide instructions - Windows OS
Contact Check Point Support for any assistance.
Hotfix has to be installed on Security Gateway / each cluster member .
Download the relevant hotfix package:
Transfer the hotfix package to the machine (into some directory, e.g., C:\some_path_to_fix\
).
Install the hotfix:
Reboot the machine.
This solution is about products that are no longer supported and it will not be updated
Applies To:
01371106 , 01369029 , 01373092 , 01373146 , 01373340 , 01373341 , 01374176 , 01374992 , 01375066 , 01379576 , 01380064 , 01380537 , 01380654 , 01380694 , 01380904 , 01381291 , 01407054