CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 14 of 14

Thread: HFA identifier from cpinfo -y

  1. #1
    Join Date
    2006-03-21
    Posts
    87
    Rep Power
    16

    Default HFA identifier from cpinfo -y

    Hi everyone,

    I have a mixture of R7X firewalls, most of them with no support for the [very nice] installed_jumbo_take script to get the right Jumbo HFA installed.

    Does anybody know how to identify (if possible) the exact HFA installed based on the name identifier in the cpinfo -y output. Searching the registry dumps quite the same names.


    Example of what I am looking for:

    [Expert@FW:0]# cpinfo -y

    ------------------------
    Hotfix versions
    ------------------------
    [FW1]
    HOTFIX_R77_10
    HOTFIX_R77_HF_HA10_005
    HOTFIX_GYPSY_HF_BASE_021 <<<< R77.10 HFA TAKE_62

    [SecurePlatform]
    HOTFIX_SHELLSHOCK_HF_663
    HOTFIX_GYPSY_HF_BASE_021

    [PPACK]
    HOTFIX_R77_10
    HOTFIX_GYPSY_HF_BASE_021

    [CVPN]
    HOTFIX_R77_10
    HOTFIX_GYPSY_HF_BASE_021

    [rtm]
    No hotfixes..


    Thanks,

    Ed

  2. #2
    Join Date
    2014-11-14
    Location
    Ottawa Canada
    Posts
    364
    Rep Power
    7

    Default Re: HFA identifier from cpinfo -y

    Quote Originally Posted by eduardoxmunoz View Post
    Does anybody know how to identify (if possible) the exact HFA installed based on the name identifier in the cpinfo -y output.
    A - There is no way to do so from that command. You can try the 'installed_jumbo_take' command to give it to you like this:

    Code:
    [Expert@HOST:0]# installed_jumbo_take
    R77.30 Jumbo Hotfix Accumulator take_159 is installed, see sk106162.

  3. #3
    Join Date
    2006-03-21
    Posts
    87
    Rep Power
    16

    Default Re: HFA identifier from cpinfo -y

    Quote Originally Posted by jdmoore0883 View Post
    You can try the 'installed_jumbo_take' command to give it to you like this:
    Thanks for your reply, but that's exactly the problem these firewalls do not support the installed_jumbo_take command.

  4. #4
    Join Date
    2014-11-14
    Location
    Ottawa Canada
    Posts
    364
    Rep Power
    7

    Default Re: HFA identifier from cpinfo -y

    Then you will either need to get that info from the registry, or install a newer take of the jumbo that includes that command.

  5. #5
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,668
    Rep Power
    11

    Default Re: HFA identifier from cpinfo -y

    yeah there were a few version of the jumbo hotfix that didn't note in the registry the take number. It really would be helpful if there was some md5sum based utlities that would just look at all the binaries and tell you where they all came from.

    Phoneboy: can you make that happen like yesterday?

  6. #6
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    649
    Rep Power
    8

    Default Re: HFA identifier from cpinfo -y

    I am not sure where to go from here. I've a mgmt. server on R77.30:

    [Expert@fwmgmt:0]# fw ver -k
    Local host is not a FireWall-1 module
    This is Check Point's software version R77.30 - Build 503


    How can I find out what date or jumbofix version I currently have?

  7. #7
    Join Date
    2006-03-21
    Posts
    87
    Rep Power
    16

    Default Re: HFA identifier from cpinfo -y

    Quote Originally Posted by laf_c View Post
    I am not sure where to go from here. I've a mgmt. server on R77.30:

    How can I find out what date or jumbofix version I currently have?
    Hi Laf,

    If your management is running R77.30 and Take_98 (or higher) is installed the command installed_jumbo_take should give you the information

    Otherwise, cpinfo -y all can give you an idea, but you will fail in the same issue of the first post of this threat

    Regards

    Ed

  8. #8
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    649
    Rep Power
    8

    Default Re: HFA identifier from cpinfo -y

    Quote Originally Posted by eduardoxmunoz View Post
    Hi Laf,

    If your management is running R77.30 and Take_98 (or higher) is installed the command installed_jumbo_take should give you the information

    Otherwise, cpinfo -y all can give you an idea, but you will fail in the same issue of the first post of this threat

    Regards

    Ed
    Indeed that worked! Thanks, mate!

    Now how can I update the WEB UI certificate on this mgmt. server from SHA1 to SHA256? Can someone point me to the right SK.

  9. #9
    Join Date
    2006-03-21
    Posts
    87
    Rep Power
    16

    Default Re: HFA identifier from cpinfo -y

    Quote Originally Posted by laf_c View Post
    Can someone point me to the right SK.
    sk103839 is your best friend for this one...

    If your firewalls are running R77.30, theoretically the hotfix is included already.

    Regards

    Ed

  10. #10
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    649
    Rep Power
    8

    Default Re: HFA identifier from cpinfo -y

    Quote Originally Posted by eduardoxmunoz View Post
    sk103839 is your best friend for this one...

    If your firewalls are running R77.30, theoretically the hotfix is included already.

    Regards

    Ed
    I actually used https://supportcenter.checkpoint.com...ionid=sk108252 ; thanks for the input!

  11. #11
    Join Date
    2014-07-21
    Posts
    57
    Rep Power
    7

    Default Re: HFA identifier from cpinfo -y

    Did someone notice that with the latest cpinfo version you could see the JHFA Take Number with the "cpinfo -y all" command BUT ONLY when JHFA was installed via legacy CLI installation.
    After installing JHFA via CPUSE you do not see the JHFA Take anymore within cpinfo -y all. Using "installed_jumbo_take" will work with both, of course.



    Regards

  12. #12
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,499
    Rep Power
    18

    Default Re: HFA identifier from cpinfo -y

    Quote Originally Posted by Nachtfalke View Post
    Did someone notice that with the latest cpinfo version you could see the JHFA Take Number with the "cpinfo -y all" command BUT ONLY when JHFA was installed via legacy CLI installation.
    After installing JHFA via CPUSE you do not see the JHFA Take anymore within cpinfo -y all. Using "installed_jumbo_take" will work with both, of course.
    This issue will be fixed in an upcoming release of CPInfo
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

  13. #13
    Join Date
    2014-07-21
    Posts
    57
    Rep Power
    7

    Default Re: HFA identifier from cpinfo -y

    Quote Originally Posted by PhoneBoy View Post
    This issue will be fixed in an upcoming release of CPInfo
    Thank you for feedback :-)

  14. #14
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,499
    Rep Power
    18

    Default Re: HFA identifier from cpinfo -y

    New CPinfo package #176 was released in the download center and via CPUSE.
    This version includes a new CPWinUploader build (uploader GUI for windows).

    Changes incorporated in this package:
    Take Number of installed Jumbo Hotfix Accumulators was added to the output of "cpinfo -y all" command.
    Updated tools used for R80 upgrade simulation service.
    "JAR versions" section was added. It includes builds of java jars which are installed under the cpm-server directory.
    Fixed CPWinUploader crash when provided invalid email and R80 flag is marked.
    Added message to CPWinUploader to reflect a case in which not all files were uploaded successfully.
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

Similar Threads

  1. RADIUS Calling-Station Identifier
    By Quivos in forum Authentication
    Replies: 2
    Last Post: 2016-11-29, 15:56
  2. CPINFO Error : bash: cpinfo: command not found
    By PTVenom in forum cpinfo/InfoView
    Replies: 5
    Last Post: 2011-09-25, 02:47
  3. cpinfo
    By sleepytom in forum cpinfo/InfoView
    Replies: 3
    Last Post: 2009-11-20, 08:21
  4. DR from cpinfo
    By jyctan in forum cpinfo/InfoView
    Replies: 11
    Last Post: 2009-04-16, 08:14
  5. CPINFO
    By Mattps in forum cpinfo/InfoView
    Replies: 6
    Last Post: 2009-03-28, 09:35

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •