You are on page 1of 12

27 May 2015

Appendix to R77.30

Release Notes
Classification: [Protected]
2015 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyright and
distributed under licensing restricting their use, copying, distribution, and decompilation. No part of
this product or related documentation may be reproduced in any form or by any means without
prior written authorization of Check Point. While every precaution has been taken in the
preparation of this book, Check Point assumes no responsibility for errors or omissions. This
publication and features described herein are subject to change without notice.
RESTRICTED RIGHTS LEGEND:
Use, duplication, or disclosure by the government is subject to restrictions as set forth in
subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS
252.227-7013 and FAR 52.227-19.
TRADEMARKS:
Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our
trademarks.
Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html)
for a list of relevant copyrights and third-party licenses.
Important Information
Latest Software
We recommend that you install the most recent software release to stay up-to-date
with the latest functional improvements, stability fixes, security enhancements and
protection against new and evolving attacks.

Check Point R77.30


For more about this release, see the R77.30 home page
(http://supportcontent.checkpoint.com/solutions?id=sk104859).

Latest Version of this Document


Download the latest version of this document
(http://supportcontent.checkpoint.com/documentation_download?ID=40108).
To learn more, visit the Check Point Support Center
(http://supportcenter.checkpoint.com).

Feedback
Check Point is engaged in a continuous effort to improve its documentation.
Please help us by sending your comments
(mailto:cp_techpub_feedback@checkpoint.com?subject=Feedback on Appendix to
R77.30 Release Notes).

Searching in Multiple PDFs


To search for text in all the R77 Versions PDF documents, download and extract the
complete R77 documentation package
(http://supportcontent.checkpoint.com/documentation_download?ID=26770).
Use Shift-Control-F in Adobe Reader or Foxit reader.

Revision History
Date Description
27 May 2015 Windows, SecurePlatform, and Linux released
New packages to download

21 May 2015 Windows details removed - will be available soon

19 May 2015 First release of this document


Introduction to this Appendix

Introduction to this Appendix


This version installs important Check Point product updates for R77.30 Multi-Domain Server,
Security Management Server, and Security Gateways. R77.30 Resolves Issues
(http://supportcontent.checkpoint.com/solutions?id=sk104861), gives a new Software Blade,
improves stability, supports more technologies, and more.
This document explains R77.30 installation and upgrade for SecurePlatform, IPSO, Linux, and
Windows platforms. It is an appendix to the R77.30 Release Notes
(http://supportcontent.checkpoint.com/documentation_download?ID=40107).
Before you install or upgrade:
Review the Known Limitations (http://supportcontent.checkpoint.com/solutions?id=sk104860)
Read the R77 Release Notes
(http://supportcontent.checkpoint.com/documentation_download?ID=24827) for important
prerequisites and recommendations

Important Note!
Effective 27 May 2015: Windows Installation and Upgrade images were replaced
resolving sk106229 (http://supportcontent.checkpoint.com/solutions?id=sk106229).
For more information, see the R77.30 Home Page
(http://supportcontent.checkpoint.com/solutions?id=sk104859).

System Requirements and Installation


This release can be installed or upgraded on platforms that are supported by R77 and higher:
Gaia (http://supportcontent.checkpoint.com/documentation_download?ID=40107)
SecurePlatform
Red Hat Enterprise Linux on Security Management Server and Multi-Domain Server:
(Security Gateway is not supported)
Supported upgrade from all Check Point versions and clean install: Kernels 5.0 and 5.4;
32-bit only
Supported upgrade from R77.20 and higher and clean install: Kernels 5.9 and 6.5; 32-
and 64-bit
IPSO:
6.2: MR4 or MR4a
Flash-based or Disk-based
Windows

Appendix to R77.30 Release Notes | 4


Introduction to this Appendix

Supported Upgrade Paths


You can install this release on supported appliances and open servers as a new installation. See
the R77 Release Notes
(http://supportcontent.checkpoint.com/documentation_download?ID=24827) for platform details.
You can upgrade to R77.30 from:

Version Upgrade Path for non-Gaia Platforms


R77, R77.10, R77.20 Install the appropriate installation and upgrade packages (on
page 11).
Note - Upgrade from these versions, non-Gaia to Gaia R77.30
is not supported.

R76 Install the appropriate installation and upgrade package


("Installation and Upgrade Packages" on page 11).
Note - If the R76 OS is Gaia, SecurePlatform or IPSO, you
can upgrade to Gaia R77.30.
If the R76 OS is Linux, you must upgrade to R77 first.

R75.40, R75.45, R75.46, If you upgrade to Gaia R77.30, upgrade directly with the
R75.47, R75.40VS appropriate package.
If you upgrade to R77.30 on the same non-Gaia OS, upgrade
first to R77.
Note - R75.47 gateway can be upgraded to R77 only if you
continue immediately to R77.30.

R75, R75.10, R75.20, R75.30 Upgrade first to R77.

R70.40, R70.50, R71.50 Advanced Upgrade


See the "Advanced Upgrade and Database Migration" chapter
in R77 Installation and Upgrade Guide
(http://supportcontent.checkpoint.com/documentation_downloa
d?ID=24831).

R71 - R71.45 Upgrade first to R71.50.

R70 - R70.30 Upgrade first to R70.50.

Appendix to R77.30 Release Notes | 5


Introduction to this Appendix

Required Disk Space


To make space, delete the downloaded TGZ after extracting.

IPSO
Current Version / Tool Server Gateway
Clean Install /var 801 MB
/opt 742 MB

R77 - CLI /var 282 MB


/opt 827 MB

SecurePlatform
Current Version / Tool Server Gateway
Clean Install / - 258 MB / - 286 MB
/opt - 2520 MB /opt - 1963 MB
/var - 1473 MB /var - 1410 MB

R77.20 - CLI / - 50 MB
/opt - 2330 MB
/var - 909 MB

R77 - CLI / - 0 MB
/opt - 2057 MB
/var - 3663 MB

R77 - Web Legacy / - 50 MB


/opt - 684 MB
/var - 4441 MB

R76 - CLI / - 268 MB / - 252 MB


/opt - 2615 MB /opt - 2029 MB
/var - 11043 MB /var - 3704 MB

Linux
Current Version / Tool Server
Clean Install / - 3542 MB

R77.20 - CLI / - 3572 MB

Windows
Current Version / Tool Server Gateway
Clean Install C:\ - 3763 MB

R77.10 - CLI C:\ - 655 MB

R77.20 - CLI C:\ - 1316 MB C:\ - 690 MB

Appendix to R77.30 Release Notes | 6


Introduction to this Appendix

Installing on SecurePlatform, IPSO, Linux, or Windows


To install R77.30 on SecurePlatform, IPSO Disk-based, Linux 32-bit, Windows:
1. Download the R77.30 package appropriate for your platform from the Check Point Support
Center (http://supportcontent.checkpoint.com/solutions?id=sk101208).
2. Use the instructions in the R77 Installation and Upgrade Guide
(http://supportcontent.checkpoint.com/documentation_download?ID=24831).
To install a management server on a supported 64-bit Red Hat Enterprise Linux kernel, you must
first install dependent RPMs. See sk98760
(http://supportcontent.checkpoint.com/solutions?id=sk98760).
To install on IPSO Flash-based, you must first clean the appliance and then install.

Cleaning IPSO Flash-Based Gateways


To install on IPSO, clean the Security Gateway of Check Point installations, TGZ files, and unused
IPSO images. Use Network Voyager or the command shell. (Use Voyager to delete unused IPSO
images.)

To delete Check Point packages using Network Voyager:


1. Click Configuration > System Configuration > Packages > Delete Packages.
2. Select an installation package to delete, and click Apply.
3. Delete TGZ files.
4. Click Apply.

To delete Check Point packages using command shell:


1. Run: newpkg -q
The output is the list of installed packages. Use this output in the next commands.
2. Run: newpkg -u <package name>
3. Run: rm opt/packages/<tgz name>

To delete unused IPSO images using Network Voyager:


1. Click Configuration > System Configuration > Images > Manage Images.
2. Click Delete IPSO Images.
3. Select the IPSO image to delete, and click Apply.

Installing on Flash-Based IPSO


After you clean the gateway, before you install R77.30, find out if a memory or flash upgrade is
required. See sk94625 (http://supportcontent.checkpoint.com/solutions?id=sk94625).

To install on IPSO Flash-based Security Gateway with CLI:


1. Run: newpkg
The output shows download and install options.
Load a new package from:
1. Install from anonymous FTP server.
2. Install from FTP server with user and password.
3. Install from local filesystem.
4. Exit new package installation.
Appendix to R77.30 Release Notes | 7
Introduction to this Appendix

Choose an installation method (1-4):


2. Enter the number you want (1 or 2 for FTP, 3 if you downloaded the packages already).
3. Enter the IP address, credentials, and pathnames when prompted.
4. Enter y to download the TGZ when prompted.
The file is downloaded and installation starts.
5. When prompted for installation type, type 1 to select Install this as a new package.
R77.30 is installed in: /opt

To install on IPSO Flash-based Security Gateway with manual download:


1. Download the R77.30 clean install package for IPSO 6.2 Flash-based to:
/preserve/opt/packages
2. Copy the file to an ftp server and run:
add package media ftp addr <ip_address> user <username> password <password>
name Check_Point_R77.30_T204_Install.IPSO6.2_FlashBased.tgz
If you want to use Network Voyager, see "Installation on IPSO" in the R77 Installation and
Upgrade Guide.

Upgrading
Important - Before installing on Multi-Domain Security Management, run mdsenv and then
mdsstop.
If this is not done, the system will experience functionality issues.
We recommend that you back up the system before installation: mds_backup

To upgrade from R77:


1. Log on to the target machine.
On SecurePlatform only:
a) Run idle 120 to make sure that the installation is not interrupted by the automatic logon
timeout.
b) Run expert to enter expert mode.
2. Create a temporary directory
In the /var partition on non-Windows platforms.
In the c:\ partition on Windows platforms.
3. Copy the upgrade package for your platform to the temporary directory using SFTP, SCP, or
similar secure utility.
4. Go to the temporary directory and extract the .tgz package.
On non-Windows platforms run: gtar -zxvf <file name>
On Windows platforms use an archive utility such as WinZip.
5. Start upgrade:
On non-Windows platforms, from the /var partition, run: ./UnixInstallScript
Note: You must run this command from the /var partition.
On Windows platforms, run: Setup.exe
6. Do the instructions on the screen to install the applicable components.
Only components required for a specific target (management or gateway) are installed
automatically.

Appendix to R77.30 Release Notes | 8


Introduction to this Appendix

When the installation finishes, each successfully installed component appears in a list followed
by: Succeeded.
7. When prompted, reboot.
Note: In a cluster environment, make sure to upgrade all the cluster members.

Installing SmartConsole
Install the SmartConsole after the Security Management Server.
If this is the first time you installed SmartConsole on this computer, download the
SmartConsole EXE file from the R77.30 home page
(http://supportcontent.checkpoint.com/solutions?id=sk104859), and then install it.
The SmartConsole and the Security Management Server versions must match. If you did not
upgrade the server, you cannot upgrade the SmartConsole.

To install the SmartConsole:


1. Download R77.30 SmartConsole for Windows:
Check_Point_SmartConsole_and_SmartDomain_Manager_R77.30_T204_Windows.
exe
2. Double-click the file to install the SmartConsole.

Installing R77.30 Add-on


Important - The R77.30 Add-on can only be installed on R77.30.
If you install the R77.30 Add-on, you must install it on every Security Management
Server, Multi-Domain Server, and Log Server.

Check Point recommends that you install the R77.30 Add-on only if you require the feature it
enables, or if Technical Support suggests that you do so.

Upgrade From To Result


R77.20 R77.30 R77.30 without features that require the Add-ons

R77.20 + Add-on R77.30 R77.30 with Add-on features of R77.20

R77.20 R77.30 + Add-on R77.30 with Add-on features of R77.20 and R77.30

R77.20 + Add-on R77.30 + Add-on R77.30 with Add-on features of R77.20 and R77.30

To install:
1. Download the Check Point R77.30 Add-on Package to the Security Management Server,
Multi-Domain Server, or Log Server.
2. Extract the TGZ: tar xvfz Check_Point_R77_30_T*_Add-on_*.tgz
Where the wildcard is the name of the operating system.
3. Run the installation file:
Non-Windows: ./UnixInstallScript
Windows: double-click the EXE
4. After installation completes, run: cpstart

Appendix to R77.30 Release Notes | 9


Introduction to this Appendix

To install on Multi-Domain Security Management environments:


1. On the Multi-Domain Server, run: mdsstart
2. Install the R77.30 Add-on on the Multi-Domain Server and Multi-Domain Log Server.
3. Login to the SmartDomain Manager.
4. In Versions & Blades Updates, right-click a relevant Domain Management Server and select
Activate.
5. Select R77.20 Add-on and R77.30 Add-on.
6. Repeat to activate both Add-ons for each relevant Domain Management Server.
Check Point recommends that you activate both the R77.20 Add-on and the R77.30 Add-on on
Domain Management Servers.

To import the database from R77.20 + R77.20 Add-on to R77.30:


Install R77.30 and the R77.30 Add-on on the target server before you import the database.
See the "Advanced Upgrade and Database Migration" chapter in the R77 Installation and Upgrade
Guide.

Uninstalling from SecurePlatform, Linux, Windows, and


IPSO
You can uninstall R77.30 if it was an upgrade from R77 or R77.xx.
Note: On SecurePlatform, the login prompt and the WebUI Welcome screen will still show "Check
Point SecurePlatform R77.30".
If you installed the R77.30 Add-on, you must uninstall it first (see next section).
In Multi-Domain Security Management environments, you must deactivate the R77.30 Add-on
before you uninstall it (see next section).

To uninstall R77.30 from servers and gateways:


Non-Windows: Run: /opt/CPUninstall/R77.30/UnixUninstallScript
Windows: From C:\Program files\CheckPoint\CPUninstall\R77.30, run:
Uninstall.bat

To uninstall R77.30 in Multi-Domain Security Management environments:


Run this command on each Multi-Domain Server, Domain Log Server, and Multi-Domain Log
Server:
/opt/CPUninstall/R77.30/UnixUninstallScript

Uninstalling R77.30 Add-on


During uninstallation, objects and services added by the Add-on are removed. Before you uninstall
the Add-on, delete rules and groups that use the Add-on objects and services (or remove these
objects and services from the rules and groups).
If you do not remove the Add-on objects and services, and try to uninstall the R77.30 Add-on,
uninstallation fails. You can see the list of the remaining Add-on objects to remove in this log:
/opt/CPshrd-R77/log/PIscrub-preuninstall.elg

Appendix to R77.30 Release Notes | 10


Introduction to this Appendix

To uninstall the R77.30 Add-on:


1. Remove all Add-on objects.
2. Run:
Non-Windows:
/opt/CPUninstall/R77.30_Add-ons_Package/UnixUninstallScript
Windows: C:\Program
Files\CheckPoint\CPUninstall\R77.30_Add-ons_Package/Uninstall.bat
3. After installation completes, run: cpstart

To uninstall the R77.30 Add-on in Multi-Domain Security Management environments:


1. Login to SmartDomain Manager.
2. In Versions & Blades Updates, right click and select Deactivate.
3. Run this command on each Multi-Domain Server and Multi-Domain Log Server:
/opt/CPUninstall/R77.30_Add-ons_Package/UnixUninstallScript
4. When prompted, run: mdsstart

Installation and Upgrade Packages


SecurePlatform Packages:
Install / Procedure Platform Package
Upgrade
Install / CLI open servers Check_Point_R77.30_T207_Install_and_Upg
Upgrade rade.SPLAT_Open_Server.iso

Install CLI Smart-1 Check_Point_R77.30_T207_Install.SPLAT_S


Appliances mart-1.iso

Install wizard appliances and Check_Point_R77.30_T207_Install.SPLAT_A


Data Center ppliance.iso

Install / CLI open servers and Check_Point_R77.30_T207_Install_and_Upg


Upgrade Smart-1 rade_MD.SPLAT.iso
Multi-Domain
Server

Upgrade from WebUI open servers and Check_Point_R77.30_T207.SPLAT.tgz


R77, R77.x SmartUpdate appliances

Upgrade from WebUI open servers and Check_Point_R77.30_T207_upg_WEBUI_and_S


R76 appliances* martUpdate.SPLAT.tgz

* Check_Point_R77.30_T207_upg_WEBUI_and_SmartUpdate.SPLAT.tgz can upgrade


Smart-1 appliances for Security Management Server but not for Multi-Domain Server

Appendix to R77.30 Release Notes | 11


Introduction to this Appendix

Red Hat Enterprise Linux Packages:


Install / Procedure Platform Package
Upgrade
Install / CLI open servers Check_Point_R77.30_T207_Install_and_Upg
Upgrade from rade.SPLAT_Open_Server.iso
R76

Upgrade from CLI open servers Check_Point_R77.30_T207.Linux.tgz


R77, R77.xx

IPSO Packages:
Install / Procedure Platform Package
Upgrade
Install / CLI Disk-based Check_Point_R77.30_T204_Install_and_Upg
Upgrade from Voyager rade.IPSO6.2_DiskBased.tgz
R76

Install CLI 6.2 Check_Point_R77.30_T204_Install.IPSO6.2


Voyager Flash-based _FlashBased.tgz
with 4GB

Upgrade from CLI Disk-based Check_Point_R77.30_T204.Ipso6.tgz


R77, R77.x

Windows Packages:
Install / Upgrade Package
Install / Upgrade from R76 Check_Point_R77.30_T207_Install_and_Upgrade.Windows
.iso

Upgrade from R77, R77.x Check_Point_R77.30_T207.Windows.tgz

Appendix to R77.30 Release Notes | 12

You might also like