R75.

30

Release Notes

16 April 2012

Classification: [Protected]

 2012 Check Point Software Technologies Ltd.

All rights reserved. This product and related documentation are protected by copyright and distributed under
licensing restricting their use, copying, distribution, and decompilation. No part of this product or related
documentation may be reproduced in any form or by any means without prior written authorization of Check
Point. While every precaution has been taken in the preparation of this book, Check Point assumes no
responsibility for errors or omissions. This publication and features described herein are subject to change
without notice.
RESTRICTED RIGHTS LEGEND:
Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph
(c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR
52.227-19.
TRADEMARKS:
Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks.
Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of
relevant copyrights and third-party licenses.

Important Information
Latest Software
We recommend that you install the most recent software release to stay up-to-date with the latest functional
improvements, stability fixes, security enhancements and protection against new and evolving attacks.

Latest Documentation
The latest version of this document is at:
http://supportcontent.checkpoint.com/documentation_download?ID=12964
For additional technical information, visit the Check Point Support Center
(http://supportcenter.checkpoint.com).

Revision History
Date

Description

16 April 2012

Update to Endpoint Connect compatibility table

02 April 2012

Added release of dual boot, fixed IP appliance support for Disk

Based only models

14 March 2012

Added Clean Install instructions

8 March 2012

Updates to Required Disk Space

26 February 2012

Added IPSO 6.2 support for SmartWorkflow

7 February 2012

Update to installation instructions

29 January 2012

Added R75.20 to the list of Gateway versions supported by this

release of management

16 January 2012

Added gateway/client compatibility

12 January 2012

Added upgrade instructions for maintaining customizations

9 January 2012

Update to Disk Space requirements, added supported appliances

5 January 2012

First release of this document

Feedback
Check Point is engaged in a continuous effort to improve its documentation.
Please help us by sending your comments
(mailto:cp_techpub_feedback@checkpoint.com?subject=Feedback on R75.30 Release Notes).

Contents
Important Information .............................................................................................3
Introduction .............................................................................................................5
What's New ......................................................................................................... 5
Important Solutions.............................................................................................. 5
Supported Upgrade Path ........................................................................................5
Compatibility with Gateways and Endpoint Clients .............................................. 6
Supported Security Products by Platform ............................................................7
Supported OS on Open Servers .......................................................................... 7
Supported Appliances ......................................................................................... 8
Security Gateway Software Blades ...................................................................... 9
Security Management Software Blades ..............................................................10
Clients and Consoles by Windows Platform .......................................................11
Required Disk Space ............................................................................................12
Console Requirements .........................................................................................12
Build Numbers ......................................................................................................13
Installing R75.30 ...................................................................................................14
New Installation ..................................................................................................14
Cleaning IPSO Flash-Based Gateways .........................................................14
Downloading the Clean Install Package .........................................................14
Clean Install on Flash-Based with CLI ...........................................................15
Clean Install on Flash-Based with Manual Download .....................................15
Clean Install on Disk-Based with Network Voyager ........................................15
Installing the Client Applications ....................................................................16
Upgrading ...........................................................................................................17
Before You Upgrade! .....................................................................................17
Downloading the Upgrade Package ...............................................................17
Upgrading with CLI ........................................................................................18
Upgrading with CLI for IPSO Flash-Based .....................................................19
Upgrading with SmartUpdate .........................................................................20
Upgrading with the SecurePlatform Web User Interface ................................20
Troubleshooting IPS-1 Sensor .............................................................................21
Uninstalling ...........................................................................................................22

Introduction

Introduction
Thank you for updating to Check Point version R75.30. This version resolves issues for R75.20. Please read
this document carefully before installing R75.30.
Important - Check Point software versions R75.10 or higher must have a valid
Software Blades license. Users with NGX licenses cannot install the software. To
migrate NGX licenses to Software Blades licenses, see Software Blade Migration
(http://www.checkpoint.com/products/promo/software-blades/upgrade/index.html) or
contact Account Services.
If you manage GX gateways from a Security Management server, you must regenerate
your GX licenses in the User Center to be compliant with Software Blades. This
procedure is optional for Multi-Domain Servers and Domain Management Servers.

What's New
This release has numerous resolutions to known limitations of earlier releases.

Dual Boot on appliances:

Check Point appliances are preinstalled with two images: R71.40 and R75.30.
To learn how to change images on an appliance, see the relevant R75.30 Image Management Guide.

Important Solutions
Check Point R75.30 Home Page - sk66283 (http://supportcontent.checkpoint.com/solutions?id=sk66283)
R75.30 Resolved Issues - sk66286 (http://supportcontent.checkpoint.com/solutions?id=sk66286)
R75.30 Known Limitations - sk66284 (http://supportcontent.checkpoint.com/solutions?id=sk66284)

Supported Upgrade Path

R75.20 Security Gateways, Security Management servers, and Multi-Domain Servers can be upgraded to
R75.30.
Important - If you installed any hotfix post R75.20, run the Validation utility
(http://supportcontent.checkpoint.com/documentation_download?ID=13681).

R75.30 Release Notes

| 5

Supported Upgrade Path

Compatibility with Gateways and Endpoint Clients

R75.30 Management servers (Security Management server and Multi-Domain Server) can manage Check
Point gateways and Endpoint Security clients of these versions.
Release

Version

Gateways
Security Gateway

NGX R65, R70, R70.1, R70.20, R70.30, R70.40, R71, R71.10, R71.20, R71.30,
R75, R75.10, R75.20

DLP-1

R71 and higher

IPS-1

R71

Series 80

R71

VSX

VSX NGX R65, VSX NGX R67

Connectra

Centrally Managed NGX R66

UTM-1 Edge

7.5.x and above *

GX

4.0

Endpoint Clients
SecureClient

up to SecureClient NGX R60 HFA 3 with support for Windows 7 32-bit

Endpoint Connect

up to Endpoint Connect R73 HFA1

Endpoint Security

up to R73 HFA1

*- UTM-1 Edge and Safe@ devices that use locally configured VPN connections with download
configuration settings, may experience VPN connectivity failure with R75.30 Security Gateways.
To enable this configuration with R75.30, see sk65369
(http://supportcontent.checkpoint.com/solutions?id=sk65369).

R75.30 Release Notes

| 6

Supported Security Products by Platform

Supported Security Products by

Platform
These tables show the security products related to this release and on which platforms they are supported.

Supported OS on Open Servers

You can install these Check Point components on a platform that supports and is running these operating
systems.
OS \ Component

Security
Security Gateway
Management Server

SecurePlatform

MS Windows Server 2003

SP1* or SP2, on 32-bit

32 or 64

32-bit

MS Windows Server 2008, MS

Windows Server 2008 R2
SP1 or SP2

Multi-Domain Security
Management

MS Windows XP
Professional SP3 32-bit

MS Windows 7
Professional, Enterprise,
Ultimate, 32 or 64

Red Hat EL 5.0

32-bit

Red Hat EL 5.4

kernel 2.6.18, 32-bit

Crossbeam X-series
Solaris Ultra-SPARC 8, 9, 10

(on Sun M-Series)

* - For Windows 2003 SP1, you must install the hotifx specified in Microsoft KB 906469
(http://support.microsoft.com/kb/906469).

R75.30 Release Notes

| 7

Supported Security Products by Platform

Supported Appliances
Platform

Security
Security Gateway
Management Server

2200 Appliance

4000 Appliances

12000 Appliances

21400 Appliance

Smart-1 Appliances

5, 25, 50

IP150, IP280, IP290,

IP390, IP560, IP690,
IP1280, IP2450

(on IPSO DiskBased)

50, 150

(on IPSO Disk-Based or

Flash-Based*)

Power-1 Appliances
UTM-1 Appliances

Multi-Domain Security
Management

* - 1G of RAM is enough to run Firewall, IPS and VPN blades only. To activate more blades, 2G of
RAM is required on IP290, IP390, and IP560 flash-based appliances.
You cannot upgrade these appliances to R75.30:

Series 80

UTM-1 Edge

IPS-1 Sensor

VSX-1

DLP-1

R75.30 Release Notes

| 8

Supported Security Products by Platform

Security Gateway Software Blades

Software Blade

Operating System
Check Point

Microsoft

Secure
IPSO
Platform 6.2
Diskbased

IPSO 6.2
Flashbased

Crossbeam

Windows
Server 2003

Windows
Server 2008

X-series

Firewall

Identity Awareness

IPSec VPN

IPS

Mobile Access

DLP

Application Control

Anti-Virus & Anti-Malware

4

URL Filtering

Anti-Spam &
Email Security

Web Security

Advanced Networking QOS

Advanced Networking Dynamic Routing and

Multicast Support

Acceleration & Clustering

Notes about Security Gateway Software Blades

1. DLP supports High-Availability clusters, including Full HA.
DLP supports Load Sharing clusters in the Detect mode.
On UTM-1 130/270, you can use DLP with Firewall and other Security Gateway software
blades, or with Firewall and Security Management software blades.
The DLP portal supports these web browsers: Internet Explorer 6, 7, 8, 9; Firefox 3,4;
Chrome 8; and Safari 5.
2. Only Clustering is supported on Windows. Acceleration is not supported.
3. Only third-party clustering is supported on Crossbeam.
4. HTTPS Inspection is not supported Windows.

R75.30 Release Notes

| 9

Supported Security Products by Platform

Security Management Software Blades

Software Blade

Operating System
Check Point

Microsoft

Secure
Platform

Windows
Server
2003

IPSO
6.2
Diskbased

Network Policy
Management

Endpoint Policy
Management

Logging & Status

Monitoring

SmartProvisioning

Windows
Server
2008

Windows
XP, 7

RedHat
Solaris
Linux
RHEL 5.0, Ultra5.4
SPARC

Management Portal*

User Directory

SmartWorkflow

SmartEvent

SmartReporter

**

* Management Portal is supported on the following Web browsers: Internet Explorer 7, and
Firefox 1.5 - 3.0
** SmartEvent is supported on 32-bit only.

R75.30 Release Notes

| 10

Supported Security Products by Platform

Clients and Consoles by Windows Platform

Check Point
Product

XP
Home
(SP3)
32-bit

XP
Pro
(SP3)
32-bit

Server
2003
(SP1-2)
32-bit

Server
2008
(SP1-2)
32-bit

SmartConsole

SmartDomain
Manager

Endpoint
Security VPN

SSL Network
Extender

SecureClient

DLP
User Check

DLP Exchange
Agent
Identity Agent

Remote Access
Clients E75.x

Vista Vista Windows 7

(SP1) (SP1) Ultimate &
32-bit 64-bit Enterprise
32-bit

Windows 7
Ultimate &
Enterprise
64-bit
2

Notes about Clients and Consoles

1. SmartConsole supports Windows Server 2008 R2.
2. SmartConsole supports Windows 7 Professional (32 and 64 bit).
3. Endpoint Security VPN, SSL Network Extender, and Identity Agent clients support all
editions of Windows 7.
4. DLP Exchange Agent supports Exchange Server 2007 and Exchange Server 2010 on
both Windows Server 2003 64-bit (SP1-2) and Windows Server 2008 64-bit (SP1-2). A
32-bit version is available for demo or educational purposes.

R75.30 Release Notes

| 11

Required Disk Space

Required Disk Space

Note - It is safe to delete the downloaded .tgz file after it is extracted, to have more
disk space for installation.

Required Disk Space for Installation on Security Management Server

Operating System

Packed and Extracted During Installation*

.tgz File

Final Used Disk Space

SecurePlatform/

root - 160 MB

root - 4.7 MB

Linux

/opt - 745 MB

/opt - 351 MB

/var - 300 MB

/var - 100 MB

/opt - 400 MB

/opt - 150 MB

/var - 540 MB

/var - 100 MB

/var - 100 MB

630 MB

690 MB

600 MB

/opt - 345 MB

/opt - 190 MB

/var - 400 MB

/var - 400 MB

/var - 700 MB
IPSO Disk-based

Windows
Solaris

/var - 300 MB

* During installation, the process may use additional disk space that will be released when installation ends.

Required Disk Space for Installation on Security Gateway

Operating System

Packed and Extracted During Installation*

.tgz File

SecurePlatform

Final Used Disk Space

root - 170 MB

root - 12 MB

/opt - 700 MB

/opt - 500 MB

/var - 1 GB

/var - 700 MB

/opt - 345 MB

/opt - 185 MB

/var 700 MB

/var - 500 MB

/var - 400 MB

/preserve - 295 MB

/preserve - 700 MB

/preserve - 6 MB

/opt - 20 MB

/opt - 16 MB

/var - 400 MB

/var - 170 MB

680 MB

520 MB

/var - 1.3 GB
IPSO Disk-based

IPSO Flash-based

Windows

590 MB

* During installation, the process may use additional disk space that will be released when installation ends.

Console Requirements
This table shows the minimum hardware requirements for console applications: SmartDashboard,
SmartView Tracker, SmartView Monitor, SmartProvisioning, SmartReporter, and SmartEvent, SecureClient
Packaging Tool, SmartUpdate, and SmartDomain Manager.

R75.30 Release Notes

| 12

Build Numbers

Component

Windows

CPU

Intel Pentium Processor E2140 or 2 GHz equivalent processor

Memory

1024MB

Available Disk Space 900MB

Video Adapter

Minimum resolution: 1024 x 768

Build Numbers
This table contains the R75.30 software products updated in this release and their build numbers. To
confirm that the hotfix is installed, run the version command for each product. If the command returns the
build number shown here, or the last three digits of the build number, the hotfix is installed.
*

Software Blade / Product Upgrade

Clean Install

Version Command

Security Gateway

983625066

983625126

fw ver -k

Security Management

983625008

983625008

fwm ver

SmartConsole
Applications

983625020

983625022

Help > About Check Point

<Application Name>

Multi-Domain Server

983625022

983625022

fwm mds ver

SmartDomain Manager

983625012

983625012

Help > About Check Point

SmartDomain Manager

SecurePlatform

983625007

983625023

upgrade - splat_ver
clean install - ver

* When you run the command on a CLI, it shows only the last three digits of the build number.

R75.30 Release Notes

| 13

Installing R75.30

Installing R75.30
In This Section
New Installation
Upgrading

14
17

Important - Check Point software versions R75.10 or higher must have a valid
Software Blades license. Users with NGX licenses cannot install the software. To
migrate NGX licenses to Software Blades licenses, see Software Blade Migration
(http://www.checkpoint.com/products/promo/software-blades/upgrade/index.html) or
contact Account Services.
If you manage GX gateways from a Security Management server, you must regenerate
your GX licenses in the User Center to be compliant with Software Blades. This
procedure is optional for Multi-Domain Servers and Domain Management Servers.

New Installation
R75.30 is released as:

an upgrade to version R75.20

a clean installation for IPSO Flash-based appliances, including 1GB and 2GB Flash appliances
(IP29x,IP39x and IP56x)

Cleaning IPSO Flash-Based Gateways

To install on IPSO, clean the Security Gateway of Check Point installations, TGZ files, and unused IPSO
images. You use Network Voyager or the command shell. (Use Voyager to delete unused IPSO images.)

To delete Check Point packages using Network Voyager:

1.
2.
3.
4.

Click Configuration > System Configuration > Packages > Delete Packages.
Select an installation package to delete, and click Apply.
Delete TGZ files.
Click Apply.

To delete Check Point packages using command shell:

1. Run: newpkg -q
The output is the list of installed packages. Use this output in the next commands.
2. Run: newpkg -u <package name>
3. Run: rm opt/packages/<tgz name>

To delete unused IPSO images using Network Voyager:

1. Click Configuration > System Configuration > Images > Manage Images.
2. Click Delete IPSO Images.
3. Select the IPSO image to delete, and click Apply.

Downloading the Clean Install Package

Download the R75.30 Full ISO package for your platform from the Check Point Support Center.

R75.30 Release Notes

| 14

Installing R75.30

Platform

Package

Power-1, UTM-1, 2012 Models

Check_Point_R75.30_Appliance.iso

Smart-1 Appliances

Check_Point_R75.30_Smart-1.iso

IPSO 6.2 Disk-based

Check_Point_R75.30_IPSO6.2.tgz

IPSO 6.2 Flash-based

Check_Point_R75.30_Fresh.IPSO6_2.tgz

Clean Install on Flash-Based with CLI

To install on IPSO Flash-based Security Gateway with CLI:
1. If there are installed Check Point installations, TGZ files, or unused IPSO images, clean the gateway
("Cleaning IPSO Flash-Based Gateways" on page 14).
2. Make sure there is enough free disk space for installation.
3. Download the R75.30 Fresh Install Package for IPSO 6.2 Flash-based Systems
(Check_Point_R75.30_Fresh.IPSO6_2_Flash.tgz ) to /preserve/opt/packages.
4. Run: newpkg
5. Type the number (1 - 3) for the FTP server or local path where the TGZ is.
6. Enter the IP address, credentials, and pathnames when prompted.
7. Type y to download the TGZ. The file is downloaded and installation starts.
8. When prompted for installation type, type 1 to select Install this as a new package.
R75.30 is installed under /opt.

Clean Install on Flash-Based with Manual Download

To install on IPSO Flash-based Security Gateway with manual download:
1. Download the R75.30 Fresh Install Package for IPSO 6.2 Flash-based Systems
(Check_Point_R75.30_Fresh.IPSO6_2_Flash.tgz).
2. Install the package:

Network Voyager - See "Installation on IPSO" in the R75.20 Installation and Upgrade Guide.

Command Line add package - Copy the file to an ftp server and run:
add package media ftp addr <ip_address> user <username> password
<password> name Check_Point_R75.30_Fresh.IPSO6_2_Flash.tgz

Clean Install on Disk-Based with Network Voyager

To install on IPSO disk-based appliances with Network Voyager:
1.
2.
3.
4.

Download the package: Check_Point_R75.30_IPSO6.2.tgz.

Put the downloaded package on an FTP site or on your local disk.
Log in to your appliance using Network Voyager.
In the Network Voyager tree, select Configuration > System Configuration > Packages > Install
Package.
5. Upload the package file using one of these methods:
Upload from an FTP site:
a) In the Voyager Install Package window, select FTP.
b) Enter the name or IP address of the FTP server.
c) Enter the path to the directory on the FTP server where the packages are stored.
d) If necessary, enter the applicable user name and password.
e) Click Apply. The names of the available packages show in the Site Listing window.
R75.30 Release Notes

| 15

Installing R75.30

f)

Select the package .tgz file in the Site Listing window and click Apply.

g) When the <package name> downloaded to message shows, click it and then click Apply again.
Upload from a local disk:
(i) In the Voyager Install Package window, select Upload.
(ii) Click Browse and navigate to the package .tgz file.
(iii) Click Apply.
(iv) Select the package .tgz file in the Unpack Package window and click Apply.
6.
7.
8.
9.

Click the Click here to install/upgrade link to continue with the installation.
In the Package Installation and Upgrade pane, select Install and then click Apply.
Click the Install Package branch in the Voyager tree to see the installation progress.
Go to the Manage Packages page.

The R75.30 and Check Point CPInfo packages are automatically activated during installation (diskbased appliances only).

Enable other packages, with the compatibility packages, as needed for your deployment.
Important - When you install a package using Network Voyager, this message
shows:
Voyager environment has been updated with the latest package
info.
The telnet session environment will be updated by:
logging out and logging in again the telnet session.
This message can be misleading. Click Manage Packages to verify that the package
is actually installed correctly. Refresh the page periodically until you see that the
installation is complete.

10. Log out of Network Voyager and then log in again.

Installing the Client Applications

The client applications for this release are part of the Check Point SmartConsole.

To manually install the SmartConsole:

1. Download R75.30 SmartConsole for Windows: Check_Point_SmartConsole_R75.30.Windows.exe
2. Double-click the file to install the SmartConsole.

To install the Multi-Domain Security Management SmartDomain Manager:

1. Download R75.30 SmartDomain Manager for Windows:
Check_Point_R75.30_SmartDomain_Manager.Windows.exe
2. Double-click the file to install the SmartDomain Manager.

R75.30 Release Notes

| 16

Installing R75.30

Upgrading
Important - If you installed any hotfix post R75.20, run the Validation utility
(http://supportcontent.checkpoint.com/documentation_download?ID=13681).

We recommend that you back up your system before installing this release package. Save a manually
created image before you install.

Before You Upgrade!

If you use the Mobile Access Software Blade and you edited the R75.20 configurations, make sure that you
review the edits before you upgrade to R75.30.
1. Open these files and make note of your changes.
Data

Path

Gateway Configurations

$CVPNDIR/conf/cvpnd.C

Apache Configuration Files

$CVPNDIR/conf/httpd.conf
$CVPNDIR/conf/includes/*

Local certificate authorities

$CVPNDIR/var/ssl/ca-bundle/

DynamicID (SMS OTP) Local Phone List

$CVPNDIR/conf/SmsPhones.lst

RSA configuration

/var/ace/sdconf.rec

Any PHP files that were edited

Any image file that was replaced (*.gif, *.jpg)
2. Upgrade to R75.30.
3. Update Endpoint Compliance (SmartDashboard > Mobile Access > Endpoint Security On Demand >
Update Databases Now).
4. Manually edit the new versions of the files, to include your changes.
Do not overwrite the R75.30 files with your customized files!

Downloading the Upgrade Package

Download the R75.30 upgrade package for your platform from the Check Point Support Center.
Platform

R75.30 Upgrade Package

SecurePlatform, Linux on Check_Point_Upgrade_for_R75.30_Splat.tgz

open server
Appliances:
Power-1, UTM-1, Smart1, 21000, 12000
appliances,
40000 appliances
IPSO 6.2
Disk-based

Check_Point_R75.30_Upgrade.IPSO6_2.tgz

Upgrade Procedure

SecurePlatform
Web UI

CLI

SmartUpdate

CLI

SmartUpdate

R75.30 Release Notes

| 17

Installing R75.30

Platform

R75.30 Upgrade Package

Upgrade Procedure

IPSO 6.2 Flash-based (*)

Check_Point_R75.30_Upgrade.IPSO6_2_Flash.tgz

IPSO FlashBased CLI

SmartUpdate

CLI

SmartUpdate

Windows

Check_Point_R75.30_Upgrade.Windows.tgz

Solaris

Check_Point_R75.30_Upgrade.Solaris.tgz

CLI

* This upgrade package is only for appliances with 4GB Flash (IP69x, IP128x and IP245x). For appliances
with 2GB Flash (IP29x, IP39x and IP56x), you must do a clean install.

Upgrading with CLI

You can use these instructions to install R75.30 using the CLI on open servers and IP series appliances,
except for IPSO Flash-based appliances. To install on IPSO flash-based appliances, you must use the CLI
instructions for IPSO flash-based appliances.

To install on Check Point appliances with SecurePlatform, use the Web User Interface or
SmartUpdate.

To install on IPSO platforms, use the command line. Network Voyager is not supported.

You can safely delete the .tgz file after you extract the package (step 6).

To install R75.30 using the CLI:

1. Log onto the target machine.
2. If you are installing on SecurePlatform:
a) Run idle 120 to make sure that the installation is not interrupted by the automatic logon timeout.
b) Run expert to enter expert mode.
3. Verify that the target computer contains sufficient free disk space.
4. Create a temporary directory in the /var partition on non-Windows platforms, or in the c:\ partition on
Windows platforms.
5. Copy the upgrade package for your platform to the temporary directory using SFTP, SCP, or another
secure utility.
6. Go to the temporary directory and extract the .tgz package.

On non-Windows platforms, run: gtar -zxvf <file name>

On Windows platforms, use an archive utility such as WinZip.

Important - Before installing on Multi-Domain Security Management, run mdsenv and then
mdsstop.
If this is not done, the system will experience functionality issues.
We recommend that you back up the system before installation: mds_backup

7. Start installation:

On non-Windows platforms, run: ./UnixInstallScript.

You must run this command from the /var partition.

On Windows platforms, run: Setup.exe

8. Do the instructions on the screen to install the applicable components. Only those components required
for a specific target (management or gateway) are installed automatically.
When the installation finishes, each successfully installed component appears in a list followed by the
word Succeeded.
9. When prompted, reboot the computer.
10. Open SmartDashboard and log in to the R75.30 Security Management server that controls the upgraded
gateways.
11. Open the gateway object properties window for an upgraded gateway and change the version to
R75.30.
R75.30 Release Notes

| 18

Installing R75.30

12. Repeat the above steps for all management servers, log servers and gateways.
13. Install the security policy on upgraded gateways and servers.
14. Install the database on the Security Management server.

Upgrading with CLI for IPSO Flash-Based

Notes

IPSO Flash-based platforms are supported for use as Security Gateways only.

Installation using Network Voyager is not supported and may result in system
instability. You must install this version using the CLI only.

Only use this upgrade procedure for appliances with 4GB Flash (IP69x, IP128x
and IP245x). For appliances with 2GB Flash (IP29x, IP39x and IP56x), you
must do a clean install.

Before installing on an IPSO Flash-based Appliance:

1. Delete any Check Point packages that are earlier than R75.20, and then delete any previous tgz files.
You can do this using Network Voyager or using the command shell:
Using Network Voyager:
a) Choose Configuration > System Configuration > Packages > Delete Packages.
b) Select a previous installation package to delete, and click Apply.
c) Delete the any tgz files.
d) Click Apply.
Using the command shell, run:
newpkg -q
newpkg -u <previous package name>
rm opt/packages/<previous tgz name>
newpkg -q prints a list of the installed packages.
2. If there is an IPSO image on the machine that is not in use, delete it using Network Voyager:
a) Choose Configuration > System Configuration > images > Manage Images.
b) Click Delete IPSO Images.
c) Select the IPSO image to delete, and click Apply.
3. Verify that there is enough free disk space for the installation of the packages. ("Required Disk Space"
on page 12)
4. The installation package must be in the /var/tmp directory.

To install and activate this version on an IPSO Flash-based Appliance:

1. Using the command shell, copy the upgrade package for IPSO Flash-based appliances to /var/tmp on
the IP Appliance through ftp.
2. Navigate to the /var/tmp directory.
3. Extract the tgz package by running:
tar -zxvf <file name>
4. Delete the tgz package by running:
rm -rf <file name>
5. Run
./UnixInstallScript
6. Follow the instructions on the screen to install the appropriate components. When prompted, stop all
Check Point processes.
Only those components required for a specific target (management or gateway) are installed
automatically. When the installation finishes, each successfully installed component appears in a list
followed by the word 'Succeeded'.
7. When prompted, reboot the computer by pressing y.
R75.30 Release Notes

| 19

Installing R75.30

Upgrading with SmartUpdate

You can use SmartUpdate to remotely install this version on Security Gateways installed on all supported
platforms.

To install with SmartUpdate:

1. Install the upgrade package for your platform on the Security Management Server using the Command
Line ("Upgrading with CLI" on page 18).
2. Open SmartUpdate and close SmartDashboard.
3. Click Packages > Get Data from All.
When the Operation Status of the known gateways is Done, the installed packages and their
versions are listed.
4. Open the Package Repository: Packages > View Repository.
5. Add the installation package file (*.tgz) for each required gateway platform to the Package Repository
(Packages > Add; or drag-and-drop).
Wait until the Operation Status of adding the package is Done. The packages appear in the Package
Repository. This can take a few minutes.
6. Right-click the package and choose Distribute.
7. From the Distribute Package window, select the devices on which you want to install this version.
8. Click Distribute.
The installation package is distributed to and installed on the selected Security Gateways. The Security
Gateways are rebooted automatically, except for those that are installed on Windows. You must
manually reboot Security Gateways installed on Windows.
Note - On a Windows platform, if the gateway does not accept traffic after installing
this version, re-install the policy.

Upgrading with the SecurePlatform Web User Interface

You can install R75.30 on SecurePlatform Security Gateways and Security Management open servers and
appliances using the Web User Interface.
Important - Safe Upgrade is not supported from R75.20 to R75.30. Make a manual
snapshot of the machine before you upgrade.

To install R75.30 using the Web User Interface:

1. Make sure all GUI applications are closed.
2. Download the upgrade package for your platform.
3. Connect to the SecurePlatform Web User Interface:

Open server: https://<IP>

Appliance: https://<IP>:4434

4. Open the Upgrade page:

5.
6.
7.
8.

Open server: Device > Upgrade

Appliance: Appliance > Upgrade

In the Upgrade Steps pane, browse to the downloaded file.
Click the Upload package button.
Click Start Upgrade.
At the end of the installation, the device automatically reboots.
Re-login to the machine.
Important - After upgrading, move the snapshot file from the Desktop to a pathname
without spaces. This must be done before attempting to restore the machine.
To uninstall afterwards, revert to the snapshot manually.

R75.30 Release Notes

| 20

Troubleshooting IPS-1 Sensor

Troubleshooting IPS-1 Sensor

If install policy fails on an IPS-1 Sensor appliance at the Verification step, do these steps:
1. Remove profiles associated with IPS-1 sensor. For example: IPS-1_Recommended and sofa
2. Remove the IPS-1 sensor object.
3. Run: cpstop
4. Delete the FWDIR/conf/CPMIL* file.
5. Run: cpstart
6. Configure the object again.
7. Install policy.

R75.30 Release Notes

| 21

Uninstalling

Uninstalling
Notes

Uninstallation from IPSO flash-based appliances is not supported.

Uninstallation of IPS pattern granularity is not supported. After uninstall of

R75.30, the patterns remain converted to protections.

To uninstall R75.30 in Security Management Server deployments:

1. Disable the IPS Event Analysis and/or SmartWorkflow Software Blades. If you already disabled them
before upgrading to R75.30, you do not need to disable the Software Blades.
To do this, disable the Software Blades in the Security Management server's object.
2. On each management server and dedicated log server:

All non-Windows platforms:

Run: /opt/CPUninstall/R75.30/UnixUninstallScript

Windows platforms:
(i) Go to: C:\Program files\CheckPoint\CPUninstall\R75.30
(ii) Run: Uninstall.bat

To uninstall R75.30 in Multi-Domain Security Management deployments:

1. Disable the R75.30 from each CMA as follows:
a) Login to the Multi-Domain Security Management MDG.
b) In Versions & Blades Updates, right click and select Deactivate.
2. Run this command on each Multi-Domain Server, Domain Log Server and Multi-Domain Log Server:
/opt/CPUninstall/R75.30/UnixUninstallScript
3. Activate Software Blades that were active before the upgrade to R75.30.
Note - After uninstalling this release from a SecurePlatform machine, the command line
login prompt and the Web interface Welcome screen will still display Check Point
SecurePlatform R75.30 as the installed version. This is because packages related to the
SecurePlatform operating system are not uninstalled during the uninstallation process. Use
the fw ver command to see the current version of your software.

To uninstall with SmartUpdate:

You can use SmartUpdate to remotely uninstall on gateways of all platforms, except IPSO.
1.
2.
3.
4.

Make sure SmartDashboard is closed.

Open SmartUpdate.
From the Packages menu choose Get Data From All.
Right-click each package with Minor_Version value of R75.30 and select Uninstall, in this order:

Security Gateway

Mobile Access (for SecurePlatform gateways, if installed)

all other Minor_Version products

Note - All packages must be uninstalled except for the SecurePlatform
package that cannot be uninstalled from SecurePlatform gateways.

5. On Windows platforms, reboot manually.

R75.30 Release Notes

| 22