CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 3 of 3

Thread: IPS failing updates

  1. 2016-10-18 #1
    andyjgw
    andyjgw is offline Junior Member
    Join Date
    2016-06-01
    Posts
    5
    Rep Power
    0

    Default IPS failing updates

    Afternoon all

    The last week, our R77.20 IPS has been failing updates, whether on schedule or initiated manually. All proxy and credential settings are correct, despite it asking us to check otherwise.

    When I captured a trace as it passed through TMG, I noticed that there was the SSL certificate being returned from CP on the HTTPS request, and after that the connection was dropped. Would this be a certificate issue perhaps, any clue how to resolve this?

    Thanks
    AW
    Reply With Quote Reply With Quote
  2. 2016-10-18 #2
    ShadowPeak.com
    ShadowPeak.com is offline Senior Member
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,252
    Rep Power
    17

    Default Re: IPS failing updates

    IPS updates are probably signed with SHA-256 which vanilla R77.20 does not support, check this:

    sk103839: Check Point update and online services migration to SHA-256 based certificates
    --
    Third Edition of my "Max Power 2020" Firewall Book
    Now Available at http://www.maxpowerfirewalls.com
    Reply With Quote Reply With Quote
  3. 2016-11-10 #3
    varera
    varera is offline Senior Member
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    1,030
    Rep Power
    19

    Default Re: IPS failing updates

    Quote Originally Posted by ShadowPeak.com View Post
    IPS updates are probably signed with SHA-256 which vanilla R77.20 does not support, check this:

    sk103839: Check Point update and online services migration to SHA-256 based certificates
    Was about to say just that...
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. HTTPS Bypass - RedHat Yum updates failing
    By ewilliams79 in forum Application Control Blade
    Replies: 1
    Last Post: 2016-08-17, 10:32
  2. 12000 updates
    By capital-p in forum Check Point Security Gateway Appliances
    Replies: 1
    Last Post: 2015-02-24, 14:49
  3. Understanding IPS updates
    By aweldon in forum IPS Blade (Formerly SmartDefense)
    Replies: 3
    Last Post: 2014-12-03, 12:02
  4. Gaia Software Updates vs. CLI Updates
    By Neilharrison_253 in forum R75.40 (GAiA)
    Replies: 1
    Last Post: 2013-09-17, 06:51
  5. CI: AV Database Updates Failing
    By jaandrade3rd in forum Content Security/Security Servers/CVP/UFP
    Replies: 2
    Last Post: 2009-04-22, 12:27

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules