Troubleshoot Contract and Subscription

On the Security Gateway:

contract_util -d mgmt

cplic print

 

cpstat -f subscription_status antimalware

cpstat antimalware -f update_status

cpstat appi -f subscription_status

cpstat urlf -f subscription_status

 

On GUI machine

Check connectivity and DNS:

Confirm that the machine can connect to the Internet:    

# ping cws.checkpoint.com

# curl_cli -vk cws.checkpoint.com

 

On Management

Confirm that the machine can connect to the Internet:

# ping cws.checkpoint.com

# curl_cli -vk cws.checkpoint.com

Missing Appliance type in Smart Console

Missing Appliance type in SmartConsole Platform Hardware Type list

Solution ID	sk111292
Product	SmartConsole / SmartDashboard, Security Management, Multi-Domain Management / Provider-1, Small and Medium Business Appliances, Data Center Security Appliances, Enterprise Appliances, Branch Office Appliances
Version	R77, R77.10, R77.20, R77.30, R80
OS	Gaia, Gaia Embedded
Platform / Model	1400, 3000, 5000
Date Created	15-Jun-2016
Last Modified	03-Jul-2017

Symptoms

• Appliances (Hardware) list in SmartConsole is not updated with the latest released appliances - 1400, 3000, 5000, 15000 and 23000.
  
• The 1400 SMB appliances ignore setting for ADSL, LAN7 and LAN8.
  In 1470 / 1490 appliances, you cannot configure settings for LAN9 and higher through R77.30 SmartProvisioning.
  
• You can not configure 5GHz wireless networks through R77.30 SmartProvisioning.

Solution

Table of Contents

• Introduction
• Security Gateway managed by Security Management / Multi-Domain Management
  • Online Mode
  • Offline Mode
• 1400 Small Business Appliances managed by R77.30 Security Management / Multi-Domain Management
• Troubleshooting

Introduction

Selecting the correct hardware for a Security Gateway enables the relevant features for the specific appliance. The list of available hardware is automatically updated on the Security Management / Multi-Domain Management Server machine from the Check Point User Center and all new hardware is added to it once released by Check Point.

Security Gateway managed by Security Management / Multi-Domain Management Server

Online Mode

If Management Server is connected to the Internet, then configure the Security Management / Multi-Domain Management Server to be able to connect to the Check Point Download Center:

1. Follow sk94508 - Recommended Internet Access Settings for Automatic Downloads for the Security Management / Multi-Domain Management Server machine.
2. Configure correct Proxy and DNS settings on the Security Management / Multi-Domain Management Server machine.
3. Hardware list will be updated periodically and upon running the cpstop;cpstart commands.

Offline Mode

If Management Server is not connected to the Internet, then update the Appliances list offline without connecting to the Check Point Download Center. To do so:

1. Download the appropriate fix manually from the table below according to the Security Management / Multi-Domain Management server version:
   
   

   R80 Security Management / Multi-Domain Management server	R77.30 Security Management / Multi-Domain Management server
   (ZIP) additional_hardware.C and slim_fw_types.C	(ZIP) additional_hardware.C

   
   Note: R77.30 Security Management / Multi-Domain Management that manages 1400 SMB appliances, should follow the instructions of 1400 section below.
   
2. Update the Hardware List:
   
   
   1. Close the SmartConsole / SmartDashboard.
      
   2. Go to the $FWDIR/conf/ directory and backup the file(s) that will be replaced:
      
      
      • For R80: additional_hardware.C and slim_fw_types.C
        
      • For R77.30: additional_hardware.C
      
      
   3. Copy the downloaded file(s) to:
      
      
      • On Windows OS: %FWDIR%\conf\ directory.
        
      • On Gaia OS: $FWDIR/conf/ directory.
        
        Note: on Multi-Domain Management server, this file should be replaced in the $FWDIR/conf/ directory of each Domain.
      
      
   4. Open the SmartConsole / SmartDashboard and check the hardware list.

1400 Small Business Appliances managed by R77.30 Security Management / Multi-Domain Management

For R77.30 Security Management / Multi-Domain Management that manages 1400 SMB appliances
To add the 1400 appliances to the Hardware list in R77.30 SmartConsole, download and install the below HotFix.
If this HotFix was already installed in the past and 3100 Appliance is missing from hardware list, use this file to update "3000 appliances" models in SmartConsole.
After downloading the file, follow the instructions in the "Offline Mode" section above. 

Note: HotFix adds the 1400 appliances to the SmartDashboard, but NOT to the SmartProvisioning.

Package	Download
R77.30 Management HotFix	CPUSE Offline package:  (TGZ)
	CPUSE Online Identifier: Check_Point_R77.30_Hotfix_sk111292_FULL.tgz
	CLI Installation:
R77.30 SmartDashboard	(ZIP)

Installation Instructions:

1. Close the SmartDashboard.
   
2. Important: Download and install the R77.30 Management Add-On on your Security Management / Multi-Domain Management server.
   
   Note: On Multi-Domain Management server, this Add-On must be manually activated on the relevant Domain. 
   
3. Download the R77.30 Management HotFix from the table above and install it on the Security Management / Multi-Domain Management server. 
   
   
   Show / Hide the instructions
   
4. Uninstall the current R77.30 SmartDashboard on all GUI client machines that connect to this Security Management / Multi-Domain Management server.
   
5. Download the improved R77.30 SmartDashboard from the table above and install it.
   
6. Open the SmartDashboard and verify that appliances list is updated.

If you do not want to install the Hotfix, in R77.30 SmartDashboard, R77.30 SmartProvisioning or R77.30 SmartUpdate, the 1400-series SMB appliances can be managed as 1100-series SMB appliances.
To manage the 1400-series SMB appliance, you must install the R77.30 Add-On package.

Once installed, follow the below setup procedure in SmartDashboard:

• In the "Gateway platform" drop-down list, select the 1100 Appliances.
  
• For "Platform Type", select Wired or Wireless.

Note:
To use R77.30 SmartProvisioning and R77.30 SmartUpdate with 1400 SMB appliances, use the firmware upgrade package CP1400AS1100*. If you do not use the CP1400AS1100, you cannot select the package in the view.

Related Solutions:

• sk111100 - R77.20.20 for Small and Medium Business Appliances Known Limitations
• sk110985 - Check Point 1400 Appliances

Troubleshooting

Check the error in the Update_Status.dat file, located in $CPDIR/database/downloads/ADDITIONAL_HARDWARE/<build number directory (e.g 991000000)>

Applies To:

• 01885305 , 02034350
• This article is merged with sk111295