After upgrading your system

After upgrading to A33.00 or to a hotfix version of the build, follow the steps in this topic before running your ASMS system.

Check upgrade success

To make sure that the upgrade to A33.00 was successful, perform system sanity checks.

Do the following:

  1. In the algosec_conf main menu, select 17 System health.

  2. Select 1: Check services status to check that basic ASMS processes are running on your machines.

  3. Select 2: Check system health and run a Full check.

Run all firewalls

Run a manual analysis to create an unscheduled report on all on individual devices, groups, and matrices defined in AFA. See Run a manual AFA analysis.

SSO integration (if applicable)

If you used custom UID parsers (in pre-existing SSO environments), you may need additional adjustments to your local code. See Configure a customized UID parser​.

Existing open Change Requests for Panorama devices

If you did not close Change Requests for panorama devices before the upgrade (see Close any open Change Requests for Panorama devices ), note the following:

  • For each Change Request in the Implement stage: Recalculate the work order.

  • For Change Requests in the Validate stage: Since the Change Request from before the upgrade doesn't have a URL Category field but the matched rule does, if you recalculate the validation after the upgrade, the recommended compatibility check will incorrectly show a failure in the Destination/URL Category column.

For Check Point R80 device R80.30 and lower | configure SFTP

For an R80 device version R80.30 and lower, enable SFTP on the device. To enable SFTP, see Check Point SecureKnowledge article sk82281.

For Azure Subscriptions

Note: In A33.00, to see Azure topology in the ASMS map (used for Traffic Simulation Queries and FireFlow automation), you must onboard the Azure Subscription in both ASMS and AlgoSec Cloud.

Do the following:

Case Do this
If you already have all your Azure subscription(s) onboarded to both AlgoSec Cloud and ASMS

  1. Offboard AlgoSec SaaS. Follow instructions here.

  2. Reconnect AlgoSec Cloud to ASMS. Follow instructions here.

  3. Make sure to add the Azure permission in AlgoSec CloudMicrosoft.Network/virtualHubs/effectiveRoutes/action. See HERE.
If you have AlgoSec Cloud, but don't have all your Azure susbscriptions onboarded to both AlgoSec Cloud and ASMS

  1. Offboard AlgoSec SaaS. See instructions here.

  2. Reconnect AlgoSec Cloud to ASMS. See instructions here.

  3. Make sure all your Azure subscriptions are onboarded to ASMS, if required. See instructions here.

  4. Make sure all your Azure subscriptions are onboarded to AlgoSec Cloud, if required. See instructions here.

  5. Make sure to add the Azure permission in AlgoSec CloudMicrosoft.Network/virtualHubs/effectiveRoutes/action. See HERE.
If you don't have AlgoSec Cloud connected to ASMS

  1. Connect between your AlgoSec Cloud tenant and ASMS. See ASMS integration to SaaS services

  2. Make sure all your Azure subscriptions are onboarded to ASMS, if required. See instructions here.

  3. Make sure all your Azure subscriptions are onboarded to AlgoSec Cloud, if required. See instructions here.

  4. Make sure to add the Azure permission in AlgoSec CloudMicrosoft.Network/virtualHubs/effectiveRoutes/action. See HERE.