Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Employee+
Employee+

*** NEW in R81: Accelerated Access Install Policy ***

All,

We're anxious to share with you an exciting new feature in R81 that already shows exceptional results among our EA customers: Accelerated Access Install Policy.

UPDATE: Join a live demo of the Accelerated Access Install Policy as part of "Delivering Security Consolidation Across the Enterprise" webinar at 28 Oct 2020. Register here

The policy installation is accelerated depending on the changes that were made to the Access Control policy since the last installation.

The new accelerated flow optimizes common use-cases and drastically speeds up the installation with up to 90% improvement as shown already in production of EA customers. When the policy installation is accelerated, the icon icon-0 (1).jpg will appear under the "Install Policy Acceleration" column. For example:

Acceleration.jpg

We strongly invite everyone to try out the Accelerated Access Install Policy in R81!

The feature is the outcome of a significant team effort and deep collaboration between the Gateway R&D team (led by @Meital_Natanson) and the Management R&D team (which I lead) and our excellent QA teams (led by @IrinaAstanovsky and @Ilya_Yusupov).

To learn more about Accelerated Policy Installation refer to: http://downloads.checkpoint.com/dc/download.htm?ID=108670 (or see PDF attached).

For further information, feel free to post your question here or to reach our privately to me or @Meital_Natanson.

Regards,

Eran and Meital

10 Replies
Highlighted
Champion
Champion

Thanks for further improving policy installation time. We all remember Check Points efforts on this topic in R80.10 as well as in R80.20 as documented here.

Your screen shot shows that Access Control and Threat Prevention Policy are installed together. We've been recently told by Check Point support that in order to avoid any issues these should not be installed together. What about this in R81?

0 Kudos
Reply
Highlighted
Admin
Admin

The only issue I'm aware of is the very first Access Policy installation, namely Threat Prevention cannot be installed until an Access Policy has been installed.
Are there others?

0 Kudos
Reply
Highlighted
Employee+
Employee+

There is no such limitation/guideline, in R80.x you can trigger installation of several blades at the same time. If such advice was given by TAC under specific circumstances it might be related to specific issue. Let's discuss it offline.

By the way, this is the place to also share that in R81 we added for the first time the ability to run several policy installations at the same time - which wasn't possible in R80.x:

concurrent.jpg

 

Highlighted
Contributor

Very Welcomed solution, to successfully deal with the competitors where only the delta changes are pushed which makes policy push fast

0 Kudos
Reply
Highlighted
Employee+
Employee+

Indeed @Mark_Gurevich, the new Accelerated Policy installation relies heavily on the "delta", we do major parts of the flow based on the changes that were made since last installation (some parts still use the entire policy). On the Management side, we also do some of the work as part of the Publish operation rather than waiting for the installation itself. For those reasons (and other) - the new flow is much faster.

Highlighted
Advisor

Hi Eran,
I love to hear that news! Accelerated Policy installation and multiple synchronous policy installations are outstanding features we are waiting for.
But I found a point in the admin guide that made my heart bleeding: Limitation: Maestro.

Why? Will it be possible with later releases?

Thanks in advance.
Regards
Sven

Highlighted
Admin
Admin

Certain gateway types require a different policy compilation/installation process.
My guess is that those processes haven’t been updated with the accelerated policy install framework yet.
Hopefully it’s something we’ll address in later releases.

Highlighted
Employee+
Employee+

Hi @Sven_Glock, excellent question 😀

Indeed that's something we want and plan to do soon, we will update when we have good news.

Highlighted
Contributor

Does the acceleration apply to customers who use connection rematch during policy install?   

Highlighted
Admin
Admin

Don’t believe so as it doesn’t materially affect policy compilation at all.