• Check Point
  • Check Point Users: You Are Not Ready for June 5th, 2016

Check Point Users: You Are Not Ready for June 5th, 2016

UPDATE May 31st 2016: Check Point has updated the SK. The rollout of SHA-256 has been postponed to June 5th 2016.

Back in April 2015, Check Point published SK103839. In it, Check Point informs its customers that the update services for the various software blades will start using SHA-256 instead of SHA-1. This is in response to reports that SHA-1 has weaknesses that, if not already overcome by hackers, may be overcome as soon as 2018. Check Point is not alone in this effort, Google and other vendors are at it, too.

As the SK states, “To ensure the connectivity of Check Point software to Check Point online update services that use SHA-256 based certificates, a hotfix is required. Check Point highly recommends to install this hotfix to maintain the aforementioned update services functionality.”. In other words – if you’re not on R77.30, you should install the hotfix on all of your firewalls and management servers before November.

Shockingly, though, a quick query of indeni Insight‘s database shows that only 17.9% of Check Point firewalls are either running R77.30 or the required hotfix. So the vast majority of Check Point firewalls out there are not ready for November.

So, what should you do? This is what we recommend:

  1. Read the SK to get the complete picture.
  2. Map out the devices that you own, the versions of software they are running and which of them have the hotfix installed.

    Users of indeni can generate an inventory report (Reporting -> Inventory Report in the web dashboard) and review the Hotfixes Installed sheet. For each device, you should have either a hotfix containing “R77_30” installed or one containing the text “SHA256”. The screenshot to the right shows an example of what you should look for. In 5.3, you will also receive an alert for each device that still needs to be upgraded.

  3. Plan the installation of the hotfix throughout your environment. According to the SK, this should not result in any downtime.

Time to get cracking!

Get in touch

We’re the DDI provider you’ve been looking for.
Drop us a line and let’s talk.

Related content

BlueCat enters agreement to acquire LiveAction to broaden its portfolio of network infrastructure management solutions

Expanded solutions to include LiveAction’s industry-leading network observability and intelligence platform, purpose built for enterprise-grade network…

Read more

BlueCat partners with Pacific Tech to expand distribution in APAC

The new distribution agreement between BlueCat and Pacific Tech will help businesses and organizations in Southeast Asia accelerate network modernization.

Read more

BlueCat announces new capabilities to help organizations modernize their network infrastructure

Enhanced products and expanded portfolio offerings provide flexibility and control to manage, secure, and build complex, multicloud networks.

Read more

BlueCat appoints Scott Fulton as Chief Product and Technology Officer

An accomplished executive in software product management and engineering leadership, he will lead the next phase of product development and growth.

Read more

BlueCat to acquire LiveAction

BlueCat adds LiveAction’s network observability and intelligence platform, which helps large enterprises optimize the performance, resiliency, and security of their networks.