CPUSE Tool
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:04
>> Welcome to this lesson
00:04
on the CPUSE Deployment Tool.
00:04
In our previous lesson,
00:04
we talked about the essence of deployment,
00:04
the types and methods of deployment,
00:04
and the tools that can be
00:04
used for deploying Check Point software.
00:04
In this lesson, we will focus on the CPUSE tool.
00:04
By the end of this lesson,
00:04
you will be able to describe when CPUSE should be used,
00:04
describe the prerequisites for deploying with CPUSE,
00:04
describe the process of deploying with CPUSE,
00:04
use CPUSE to perform common use cases of deployment,
00:04
and you will be able to perform
00:04
basic troubleshooting in the CPUSE deployment process.
00:04
When should we use CPUSE?
00:04
CPUSE should be executed within
00:04
a single Gaia Check Point machine when you
00:04
wish to upgrade it to a higher version,
00:04
install a Hotfix or a Jumbo Hotfix,
00:04
and when you wish to downgrade
00:04
a machine to a lower version.
00:04
In terms of prerequisites,
00:04
it is advised to always use
00:04
the latest CPUSE Deployment Agent,
00:04
which can be found in sk92449.
00:04
This is relevant to offline installations.
00:04
Additionally, the deployment should be
00:04
performed on a Gaia OS machine.
00:04
You should make sure you have a valid license
00:04
and contract before you perform the deployment.
00:04
In case of online deployment,
00:04
you need to verify connectivity
00:04
>> to the Check Point Cloud.
00:04
>> Finally, you need to ensure you have
00:04
enough free disk space before
00:04
you import the CPUSE package.
00:04
The free disk space on the
00:04
>> /var/log/ partition in Gaia OS
00:04
>> should be at least twice the size of
00:04
the package you wish to import for installation.
00:04
Let's go over the CPUSE deployment process in
00:04
high level before we get into a common use scenario.
00:04
To begin, we first need to update
00:04
CPUSE to its latest deployment agent.
00:04
Next, which is the package we'd like to install?
00:04
We retrieve the package to the machine.
00:04
Finally, we install it.
00:04
>> As simple as that.
00:04
>> Now, let's focus on the following scenario.
00:04
Before we begin, you should
00:04
note that there are two ways of using CPUSE,
00:04
via WebUI or through the Gaia Clish command line.
00:04
In this case, for the ease of user experience,
00:04
let's perform the upgrade using the CPUSE WebUI.
00:04
David, a security admin, would like
00:04
to upgrade a single machine to a higher version,
00:04
followed by installation of a Jumbo Hotfix.
00:04
He will be doing this through an online deployment.
00:04
To start, David logs into the machine's WebUI.
00:04
The machine Overview page displays general information.
00:04
Next, he clicks the software update link
00:04
to reach the CPUSE page.
00:04
The status now field displays
00:04
all the information regarding
00:04
the deployment agents built,
00:04
the machine version and take,
00:04
and when the last update was performed,
00:04
David needs to make sure
00:04
he's using the latest CPUSE deployment agent.
00:04
Therefore, he clicks the check
00:04
for updates button to see whether
00:04
new software updates are
00:04
available in the Check Point download center.
00:04
Accordingly, he updates the agent.
00:04
Next, he examines the package's window pane.
00:04
Since he's looking to upgrade to a major version,
00:04
he selects the major version
00:04
>> he would like to upgrade to.
00:04
>> To proceed, he right-clicks on the selected version.
00:04
Next, he chooses verify in order to check
00:04
whether this package would be
00:04
compatible with this machine.
00:04
Once the verification process is completed,
00:04
he can download the package.
00:04
Once downloaded, David can choose
00:04
the type of deployment by right-clicking the package.
00:04
In this case, he chooses upgrade,
00:04
which initiates the installation.
00:04
Upgrading to a new major version is
00:04
performed on a new hard disk partition.
00:04
The old partition is converted into a Gaia snapshot.
00:04
Note that in case of a failure,
00:04
CPUSE will perform an auto roll
00:04
back to the machine's state prior to the upgrade.
00:04
After a successful upgrade and reboot,
00:04
David logs into the machine again.
00:04
The status bar indicates that the machine
00:04
is now upgraded to the major version of choice.
00:04
This completes the first part of our upgrade.
00:04
Upgrading to a major version.
00:04
Now for the second part of the upgrade,
00:04
deploying the latest suitable Jumbo Hotfix.
00:04
For the sake of this scenario,
00:04
David will perform the deployment
00:04
using the offline installation process.
00:04
We can find the latest package in
00:04
the Check Point support center where
00:04
we search for the relevant Jumbo Hotfix
00:04
for our major version.
00:04
Once the package is retrieved,
00:04
we need to import it to the target machine.
00:04
After importing the package,
00:04
David changes the package view pane to all
00:04
to display the downloaded Jumbo Hotfix package.
00:04
Now, he verifies the package
00:04
to make sure the installation is allowed.
00:04
After a successful verification,
00:04
he installs the package.
00:04
This covers the upgrading to a Jumbo Hotfix.
00:04
In this final section of the lesson,
00:04
we will discuss how to troubleshoot
00:04
issues that arise during CPUSE deployment.
00:04
We need to be able to identify CPUSE issues and
00:04
their causes and review and analyze CPUSE logs.
00:04
When you encounter a yellow banner in
00:04
the WebUI during your deployment process,
00:04
it's an indicator of an issue.
00:04
For instance, this banner which
00:04
indicates a connectivity issue
00:04
>> to the Check Point Cloud.
00:04
>> This can happen if no proxy or DNS is defined
00:04
>> or when there is no valid license.
00:04
>> Another issue that can arise during
00:04
deployment is an installation failure.
00:04
To tackle this, you need to open
00:04
the relevant log files and search for the root cause.
00:04
The logs can be found in the /opt/CPInstLog directory.
00:04
There are two relevant logs which can
00:04
be used to investigate such issues.
00:04
The DeploymentAgent.log and the DA_Actions.xml.
00:04
The DA_Actions.xml log file
00:04
lists the actions performed on packages.
00:04
Each action in the list specifies the following data.
00:04
The CPUSE action ID,
00:04
the type of action,
00:04
such as install or upgrade,
00:04
the package file in question,
00:04
the interface where the user run the action source,
00:04
the start time, the completion time,
00:04
and the completion status.
00:04
If the completion status is failure,
00:04
you may want to start investigating from there.
00:04
The DeploymentAgent.log file is the CPUSE log file.
00:04
It lists the full debug information
00:04
on the actions performed by CPUSE.
00:04
You can take the relevant action ID from the
00:04
>> DA_Actions.xml log file and search
00:04
>> for it in the DeploymentAgent.log file.
00:04
Here are some common upgrade failure errors.
00:04
Some of them are related to CPUSE and some aren't.
00:04
Pause this video and see if you can
00:04
identify those that are related to CPUSE.
00:04
Highlighted are the correct answers.
00:04
Did you get them all?
00:04
With that, our CPUSE lesson comes to its end.
00:04
In this lesson, we explored when CPUSE should be used,
00:04
the prerequisites for deploying with CPUSE,
00:04
the process of deploying with CPUSE,
00:04
we went over a few common use cases
00:04
of deployment with CPUSE,
00:04
>> and we examined some basic troubleshooting principles
00:04
>> in the CPUSE deployment process.
00:04
You should now be able to perform
00:04
a typical deployment using CPUSE.
00:04
Thank you for taking this lesson,
00:04
and I'll see you in our next one.
Up Next
Instructed By
Similar Content
