Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
MatanYanay
Employee
Employee
Jump to solution

Announcement: Check Point R81.20 - Recommended Release

R81.20 logo.png

Hi Everyone,

 

We are thrilled to announce that Check Point "Titan" R81.20, launched in November 2022, is now the recommended version for all customers. This release marks a significant milestone in our commitment to delivering cutting-edge solutions that protect your networks, data, and businesses against emerging cyber threats.

 

What does the “recommended” version mean?

The recommended version indicates that "Titan" R81.20 is deployed on thousands of gateways worldwide and is the most suitable option for a wide range of customer use-cases.

Note: The recommended version is R81.20 with its latest recommended Jumbo Hotfix Accumulator

 

What are the key benefits of upgrading to "Titan" R81.20 release?

The key benefits include:

  • Improved Performance: Experience up to a 3x boost in performance for heavy connections, such as file transfers and database backups, along with a 50% increase in TLS encrypted traffic inspection performance.
  • New AI-powered Security Blades: Access three new AI-powered Security Blades, including DNS Security, Zero-Day Anti-Phishing, and IoT Security, enhancing your security capabilities.
  • Integrated SD-WAN: Optimize user experience with sub-second recovery for video conferencing applications through integrated SD-WAN functionality.
  • Cloud-powered Management Services: Leverage new cloud-powered management services, such as cloud logging with Horizon Events, detection and response with Horizon XDR/XPR, and automated response playbooks with Horizon Playblocks.
  • Extended Support Period: Enjoy an extended support period until November 2026, providing peace of mind and continued protection.

 

How can customers upgrade to this release?

Follow the upgrade instructions in the Check Point Support Center: sk173903

 

Quantum “Titan” R81.20 page:

https://www.checkpoint.com/quantum/unified-cyber-security-platform/

 

Two 4-min videos that discuss key release capabilities and benefits:

 

We would like to take this opportunity to remind you that Quantum R80.40 release is approaching it’s end of support in January 2024. We recommend that you upgrade your systems at your earliest convenience.

 

We believe that upgrading to Check Point "Titan" R81.20 is a crucial step to strengthen your organization's security posture and take advantage of the latest performance and feature enhancements. Should you require any assistance or have further questions, our dedicated team of experts is ready to support you throughout the upgrade process. Find our support contact details here.

 

Best Regards

Release Operations Group

1 Solution

Accepted Solutions
32 Replies
the_rock
Legend
Legend

YES!!! Awesome news 🙌🙌🙌

0 Kudos
the_rock
Legend
Legend

I see the sk was also updated, great job! I have 2 customers constantly asking me about R81.20, so this will make them feel much better.

https://support.checkpoint.com/results/sk/sk95746

0 Kudos
Lloyd_Braun
Collaborator

"along with a 50% increase in TLS encrypted traffic inspection performance."

 

Does this translate to 50% increase in HTTPS inspection performance?

 

I cannot find any other references to TLS traffic inspection performance increases in r81.20 or JHFs, I see "Up to 50% performance enhancement to IPS CIFS protections."

0 Kudos
Chris_Atkinson
Employee Employee
Employee

I believe that reference from CPX was in relation to R82.x not R81.20

CCSM R77/R80/ELITE
the_rock
Legend
Legend

From all my testing https inspection in R81.20 last 8 months, super solid AND better performance than R81.10

Andy

0 Kudos
PhoneBoy
Admin
Admin

It may not translate exactly, as there are other factors involved, but yes, it should improve this.

0 Kudos
Scottc98
Collaborator

Thats awesome news!      

Is there any 'reservations' on select deployments to consider before upgrading?    I understand the general sense of 'recommended' but is there more 'caution' on deployments like VSX clusters, Maestro/Scalable to consider?    Sitting at a situation where I have a VSX cluster going prod in about 45 days and whether i should stick with R81.10 or upgrade to R81.20 before hand.  

I noticed that a lot of fixes that just came out with R81.10 Jumbo Take 110 are included in the "list of upcoming resolved issues' in the "jumbo hotfix accumulator for R81.20" documents.    Is there a new R81.20 jumbo coming really soon?    Always use to latest versions being fixed and then backported to lower ones so it 'feels' like a new jumbo is coming real soon 😉

0 Kudos
the_rock
Legend
Legend

Thats sort of the way I look at it too : - ). I installed jumbo 24 recently and so far so good.

Andy

0 Kudos
MeravAlon
Employee
Employee

Hi @Scottc98 

R81.20 is our recommended version for all deployments, therefor for the upcoming planned upgrade, I recommend to go with R81.20.

Regarding R81.20 next Jumbo, we are planning to release a new Jumbo in the very near future. 

Regards, Merav

the_rock
Legend
Legend

Super happy with R81.20 so far!

0 Kudos
Oliver_Fink
Advisor
Advisor

We had very bad experiences to go with new recommended versions when upgrading VSX from R77.30 to R80.30 and from R80.30 to R81.10 in the past – at different customers. None of the upgrades went without serious problems. Functions were missing or not working as expected, bugs that took us to massive escalations over weeks and months. None of that happened with "normal" (non-VSX) systems.

That is why we decided to upgrade to recommended version "minus 1" for VSX with different customers – meaning: Because R81.20 is recommended version now, we would upgrade to R81.10.

Such, my recommendation is to use R81.10 with VSX (and Maestro). For anything else use R81.20.

 

genisis__
Leader Leader
Leader

I feel your pain, I went through something similar with VSX, and I would certainly suggested sticking to R81.10 for existing building, for now, and wait until the Q3/Q4 next year.

Also when upgrading, actually regardless of device, do a clean install as you will get the partition table fix as well.

RamGuy239
Advisor
Advisor

Regarding JHF releases. My experience is this is how it usually works when new versions get released:

Top priority: Pushing fixes to the current widely recommended version.
Second priority: Pushing fixes to the latest version.
Third priority: Backport needed fixes to older, still supported versions.

 

If you look at the change log from JHF released this year, you will typically locate a specific fix being released for R81.10 first, which makes sense. R81.20 has been in a strange spot as it has received few JHF during its 8-month lifespan as a GA release. Not sure why that is. I suppose, if Check Point gets metrics about very few customers upgrading to R81.20, they prioritise accordingly, which might explain why R81.10, R81 and R80.40 seem to have had a higher priority in terms of JHF this year.

I expect this to change, as R81.20 is now being pushed as the widely recommended version. It's, of course, hard to make 1:1 comparisons between change logs when looking between versions, as there is new functionality with each new version that doesn't exist in older versions etc. So there might be differences to the list as some fixes are irrelevant for a newer (or older) release. But for the most part, JHF released for R81.10, R81, and R80.40 has been pretty similar. And normally, you will see fixes pushed as on-going for R81.10 first, then R81 shortly after, and then R80.40.

 

I've had mixed results with R81.20 on regular HA-clusters, Maestro and VSX. I have ended up reverting to R81.10 on all installations. None of this was running R81.20 Take 24, so I can't say much about the version being pushed as widely recommended. But the changelog from Take 14 to Take 24 isn't extensive. But I believe in Check Point when they mark it as recommended. And as the recommended release, it will be in great hands regarding support moving forward. This has been one of the stranger things when running into issues with R81.20 early on, as the JHF were so few and far between, so it felt like things didn't move forward in any meaningful way. Thus we ended up reverting to R81.10 in most scenarios.

And as usual, just because R81.20 is widely recommended doesn't mean you need to upgrade a perfectly working R81.10 installation unless there is something specific from R81.20 you want. It just means that if you have something from R81.20 you want, you should feel assured and safer about the upgrade now compared to before. And if you are about to deploy anything new, there is no obvious reason not to deploy it on R81.20 over R81.10.

Certifications: CCSA, CCSE, CCSM, CCSM ELITE, CCTA, CCTE, CCVS, CCME
Adam276
Contributor

Since there was such a big delay for it to be recommended, will the EOL date be pushed back to give customers the full time for support on this release?  3/4 of a year has already gone by where it was not a recommended release.

the_rock
Legend
Legend

In all fairness, keep in mind, CP is probably the only major vendor I can think of that actually has an sk with recommended software version. Most other major vendors, I never ever seen something like that. Im sure there are lots of factors that go into such a decision.

Andy

0 Kudos
Bob_Zimmerman
Mentor
Mentor
the_rock
Legend
Legend

What @Bob_Zimmerman gave is most likely reason why the support date was pushed back. 

0 Kudos
genisis__
Leader Leader
Leader

Great News! Will TLS performance stats now finally be published per hardware model in the datasheets?

0 Kudos
genisis__
Leader Leader
Leader

Has anyone deployed R81.20 in VSX mode yet and seen any issues with it?  We are looking to upgrade from R81 to R81.20 due to the EoL status of R81 and R81.10.

0 Kudos
Bob_Zimmerman
Mentor
Mentor

My team has upgraded three of our VSX clusters to R81.20. I’m pretty sure all three are on jumbo 24. We tried to upgrade them via CDT in SmartConsole, but it didn’t quite work. I forget exactly what went wrong, but we ended up upgrading all three manually.

No new problems observed so far, and they were upgraded in September and October.

0 Kudos
genisis__
Leader Leader
Leader

Good to know! we are likely to do clean builds as well.

0 Kudos
RamGuy239
Advisor
Advisor

@genisis__ I will strongly recommend for you to make sure R81.20 - JHF Take 41 or later is installed before going live on production environments. R81.20 has been mostly fine since JHF Take 24 on most installations I've encountered. But my college has some severe issues when moving to R81.20 VSX:

https://community.checkpoint.com/t5/Security-Gateways/VSX-VS-instances-FWK-instances-with-SMT-HT/m-p...

https://community.checkpoint.com/t5/Security-Gateways/VSX-cluster-Hardware-Upgrade/m-p/200813

 

All issues got resolved by moving from JHF Take 26 to JHF Take 41. It seems like the overall consensus here on Check Mates is that R81.20 has become noticeable snappier after Take 41 as well. You also have Take 43 with a bunch of additional improvements, but it's still marked as non-recommended/on-going. I have it running on multiple installations and it seems solid so far. But there is no reason to challenge faith, I would stick with Take 41 as it's the current recommended one with a lot of positive feedback across the community.

Certifications: CCSA, CCSE, CCSM, CCSM ELITE, CCTA, CCTE, CCVS, CCME
0 Kudos
genisis__
Leader Leader
Leader

Thanks,  most certainly by the time we come to do this, the JHFA will like be post JHFA43 anyway.

0 Kudos
the_rock
Legend
Legend

@genisis__ I asked my friend from CP esc. team about this and he told me he was not aware of any issues or had seen any cases on R81.20 version that affected VSX.

Best,

Andy

0 Kudos
genisis__
Leader Leader
Leader

Awesome!

Grappling with another issue at the moment (DMS to SMS migration - can't get the import to work, followed the SKs).

0 Kudos
the_rock
Legend
Legend

Im just working on some Palo Alto stuff (nothing too pressing), so do you have separate post about that issue or can you give brief synopsis here mate? : - )

Andy

0 Kudos
genisis__
Leader Leader
Leader

I've got TAC involved, but basically need to export a DMS to a SMS there are a couple of SK's related to this which I've followed (TAC on at the same time), and the exported file fails to import into a clean SMS.

The reason I'm doing this is because we are looking at Smart-1 Cloud and Checkpoint does not have a procedure to export from MDS direct into cloud (unless that changed?).

Will see how it goes with TAC and post here once we get it done.

 

0 Kudos
the_rock
Legend
Legend

I could not find any official SKs about this, but I recall back in 2020 when S1C was not nearly as good as it is now and TAC had maybe 2 or 3 people that had access to backend customers' instances, we always used to work with this one guy from OTAC esc. team and he told me once that back then, MDS migration to cloud was not supported. Has it changed since, I have no clue...no mention of it in admin guide.

Best,

Andy

0 Kudos
genisis__
Leader Leader
Leader

Last I heard there is no 'direct' migration, unless things have moved on since R81.20 has been released.  It's my understanding that if you want to migrate a DMS to S1C, then you need to export this to a SMS, then from here there is a process to export to S1C.

SK156072 & SK167639 are the two SK's I'm working with at the moment. 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events