Hello Magnus, thankyou for the session. Since i am also lerner of Check point technology so this video was little bit out of my hand but not all. I would suggest for such session, it would be really well and helpful if you could give a short intro of what is CPUSE and why do we need it, what is Hot fix and why do we need it before moving forward on upgradation part because it will help learner to grasp the session quickly.
Girjesh Sharma i think that’s a really good suggestion :) I will make a concept video about cpuse and put it before the lab videos. And maybe some of the history for cpuse as it’s actually fairly new. I actually think the whole concept about releases deserve a dedicated video. Thank you for the great idea :)
Hello, Magnus. Excellent video. I have a question, if I have a distributed architecture, 1 SMC + 2 Firewall (in different boxes), but I only update the Firewall with the latest version of Hotfix available, and the SMC I leave it with an old version, this can give me problems in production? Any service impact or complication in my real environment? Is it always important to do the installation in this case, in the 3 equipments mentioned? Thanks for your clarification and help. Regards.
Its normally no issue to run firewalls / mgmt servers on diff jumbos/hfa :) Ofc its the recommendation to install the HFA on all boxes, but in general this can be done on seperate times. The general rule (there are exceptions) is that the mgmt should have same or higher major version then the GW. Keep in mind that check point can be used in really large enviroments and its hard to upgrade everything at once Customers may have 100 of firewalls so running on diff HFA for months is nothing uncommon. If you are upgrading to resolve a specific bug or similar ofc the fix will only be applied to the box that are upgraded. If there is new functions you may need the HFA on the mgmt server to actually use the new functions on the gw.
Blink image dose already include JFA, so its good when installing appliance boxes. Its needed to use it to install R80.40 on openservers as the first image dosn´t support open servers. More or less you do need to read the release notes, Blink images are made to speed things up :) But when using CPUSE for an upgrade for example, the tool will show you what is possible (clean installation or upgrade)
Congratulations. You have excellent content. One query, I am new to the platform and I am trying to understand many terms of the product. The JUMBO HOTFIX, is it essential at Checkpoints? What is it for? Would you recommend some documentation platform to learn more about the platform along with your videos. Greetings from Peru.
Thank you Ranghel :) Within check point you do have maintrain versions such as R77, R80, R80.10 and so on. This versions include new features and functions. More or less every month check point releases bug fixes and possible small new functions such as API calls. These are released within patches knows as HFA or jumbo hotfix. A release can either be Ongoing meaning you can use it if you need a specific fix or function. But the recommended is to use the GA (general availability) as it’s tested and have enough customers on it for check point to recommend it. Regarding documentation/info I do recommend the checkmates community. There are a lot of tips and trix on that platform, aswell as some general training videos :) Regards Magnus
Hi Magnus thanks for the video, its a great resource material for me. I am trying to to check if my file is the recent file using the CPUSE as explained in this video but i noticed you quoted SK of the file first. How do i know the SK of my file. I am running Deployment agent build 2084 | R81.10
Hi Magnus, thank you very much for your super helpful Checkpoint tutorials. Can you explain how to add a shared folder if the management server is an actual appliance connected to a PC for initial configuration instead of a VM?
Hi, I don’t add any shared folder. The shared folder I use in the labs are only between my workstation (windows boxes) to not need to download the files multiple times. So the transfer to mgmt station is with scp and it’s the same no matter if it’s appliance or in VMware. If you referring to the first installation of a mgmt station, they do come with some software on them from start. And if you want diff software installing via USB mem is normally easiest. If it’s open server I use the ILO for installations
Hello, Magnus. One question, what are the advantages of upgrading a hotfix package, every so often? I have seen that JHF packages are updated with new versions as time goes by. I would like to know if there is any advantage to do so or if it is just optional to know whether to upgrade or not. Thanks for your time.
Previusly JHA has only been bug fixes, but now it also include new features. I would try to upgrade the firewall 2-4times per year. Check point has made the upgrade process a lot easier now in r81 for the firewalls. If you doing a tac case, check point may ask you to upgrade to the latest JFA as a “troubleshooting step” so it’s good to be on fairly new versions. But yes, some firewalls are hard to upgrade and get maintenance on, so before any upgrades it’s ofc good to check the release notes and see if there is anything included that you actually need/want. I always try to keep to the GA versions and skip the ongoing once as it’s important to have a stable environment.
Hi Magnus i have gotten a solution to my earlier question, now my problem is that i can't download the jumbo hotfix, keep telling i am not entiltle to download the file even with my active demo account that expired next year
Hi Magnus going through the video over and over again i discovered i need to download and install deployment agent before uploading the Jumbo hotfixes. What can i do to get this deployment agent dodwnloaded all effort had proof futile. I keep getting this error message." You are not entiltle to download this file" . i have not been able to proceed with my Lab for days cos of this. Kindly advise.
Hi, you will need to create an account on check points website. Not sure if you need to have a support contract or not, just try with a normal free account first :)
I guess you would need to logged in on check point website. But if you download from the gateway/mgmt server directly it works aslong as you have the trail licens.
Great Stuff Magnus with a real easy to follow presentation. Thanks !!
Thank you for watching, hope you enjoy the course :)
Hello Magnus, thankyou for the session. Since i am also lerner of Check point technology so this video was little bit out of my hand but not all. I would suggest for such session, it would be really well and helpful if you could give a short intro of what is CPUSE and why do we need it, what is Hot fix and why do we need it before moving forward on upgradation part because it will help learner to grasp the session quickly.
Girjesh Sharma i think that’s a really good suggestion :)
I will make a concept video about cpuse and put it before the lab videos.
And maybe some of the history for cpuse as it’s actually fairly new.
I actually think the whole concept about releases deserve a dedicated video.
Thank you for the great idea :)
Hello, Magnus. Excellent video. I have a question, if I have a distributed architecture, 1 SMC + 2 Firewall (in different boxes), but I only update the Firewall with the latest version of Hotfix available, and the SMC I leave it with an old version, this can give me problems in production? Any service impact or complication in my real environment? Is it always important to do the installation in this case, in the 3 equipments mentioned? Thanks for your clarification and help. Regards.
Its normally no issue to run firewalls / mgmt servers on diff jumbos/hfa :)
Ofc its the recommendation to install the HFA on all boxes, but in general this can be done on seperate times.
The general rule (there are exceptions) is that the mgmt should have same or higher major version then the GW.
Keep in mind that check point can be used in really large enviroments and its hard to upgrade everything at once
Customers may have 100 of firewalls so running on diff HFA for months is nothing uncommon.
If you are upgrading to resolve a specific bug or similar ofc the fix will only be applied to the box that are upgraded.
If there is new functions you may need the HFA on the mgmt server to actually use the new functions on the gw.
Awesome, you nailed it!!
Thank you Rizwan, lets see how many parts this will actually be :D
So far i have recorded 4 parts and its only the very basics. hehe
@@MagnusHolmberg-NetSec can you please explain what is the blink image on the download center
Blink image dose already include JFA, so its good when installing appliance boxes.
Its needed to use it to install R80.40 on openservers as the first image dosn´t support open servers.
More or less you do need to read the release notes, Blink images are made to speed things up :)
But when using CPUSE for an upgrade for example, the tool will show you what is possible (clean installation or upgrade)
Thanks Magnus appreciated
Congratulations. You have excellent content. One query, I am new to the platform and I am trying to understand many terms of the product. The JUMBO HOTFIX, is it essential at Checkpoints? What is it for? Would you recommend some documentation platform to learn more about the platform along with your videos. Greetings from Peru.
Thank you Ranghel :)
Within check point you do have maintrain versions such as R77, R80, R80.10 and so on. This versions include new features and functions.
More or less every month check point releases bug fixes and possible small new functions such as API calls. These are released within patches knows as HFA or jumbo hotfix.
A release can either be Ongoing meaning you can use it if you need a specific fix or function. But the recommended is to use the GA (general availability) as it’s tested and have enough customers on it for check point to recommend it.
Regarding documentation/info I do recommend the checkmates community.
There are a lot of tips and trix on that platform, aswell as some general training videos :)
Regards
Magnus
Hi Magnus thanks for the video, its a great resource material for me. I am trying to to check if my file is the recent file using the CPUSE as explained in this video but i noticed you quoted SK of the file first. How do i know the SK of my file. I am running Deployment agent build 2084 | R81.10
Hi Magnus, thank you very much for your super helpful Checkpoint tutorials. Can you explain how to add a shared folder if the management server is an actual appliance connected to a PC for initial configuration instead of a VM?
Hi, I don’t add any shared folder.
The shared folder I use in the labs are only between my workstation (windows boxes) to not need to download the files multiple times.
So the transfer to mgmt station is with scp and it’s the same no matter if it’s appliance or in VMware.
If you referring to the first installation of a mgmt station, they do come with some software on them from start. And if you want diff software installing via USB mem is normally easiest. If it’s open server I use the ILO for installations
@@MagnusHolmberg-NetSec Never mind, I found I can just upload it from my computer :-)
Hello, Magnus. One question, what are the advantages of upgrading a hotfix package, every so often? I have seen that JHF packages are updated with new versions as time goes by. I would like to know if there is any advantage to do so or if it is just optional to know whether to upgrade or not. Thanks for your time.
Previusly JHA has only been bug fixes, but now it also include new features.
I would try to upgrade the firewall 2-4times per year. Check point has made the upgrade process a lot easier now in r81 for the firewalls.
If you doing a tac case, check point may ask you to upgrade to the latest JFA as a “troubleshooting step” so it’s good to be on fairly new versions.
But yes, some firewalls are hard to upgrade and get maintenance on, so before any upgrades it’s ofc good to check the release notes and see if there is anything included that you actually need/want. I always try to keep to the GA versions and skip the ongoing once as it’s important to have a stable environment.
Hi Magnus i have gotten a solution to my earlier question, now my problem is that i can't download the jumbo hotfix, keep telling i am not entiltle to download the file even with my active demo account that expired next year
what it`s issue if i don`t do upgrade jumbo hotfix ?
You should always try to run your mgmt servers on the recommended version and jumbo. The jumbos are to resolve issues and add smaller new functions.
Hi Magnus going through the video over and over again i discovered i need to download and install deployment agent before uploading the Jumbo hotfixes. What can i do to get this deployment agent dodwnloaded all effort had proof futile. I keep getting this error message." You are not entiltle to download this file" . i have not been able to proceed with my Lab for days cos of this. Kindly advise.
Hi, you will need to create an account on check points website. Not sure if you need to have a support contract or not, just try with a normal free account first :)
i can't download the CPUSE package from the Check point website. I'm get the message "You are not entitled to download this file."
I guess you would need to logged in on check point website.
But if you download from the gateway/mgmt server directly it works aslong as you have the trail licens.