Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Admin
Admin

Re: Check Point R80.20 Now GA

There are two different installation ISOs for R80.20:

  • One that supports gateways and standalone installs with the older (2.6.18) kernel
  • One for Security Management only that has the newer (3.10) kernel

So yes, you can upgrade a standalone to R80.20.

Highlighted
Nickel

Re: Check Point R80.20 Now GA

If you do an in place upgrade of an R80.10 management server to R80.20 will the kernel be updated or does this require a fresh build and migrate export/import?

Iain
CISSP
Highlighted

Re: Check Point R80.20 Now GA

Kernel is upgraded on in-place upgrades, but filesystem change from ext3 to xfs is not carried out. This requires advanced upgrade (export/import).

Highlighted

Re: Check Point R80.20 Now GA

Hi, I was going to upgrade from r80.10 to r80.20 soon. You mentioned the "ext3 to xfs is not carried out" is this required and how to access advanced upgrade (export/import)?

Thanks!

0 Kudos
Highlighted

Re: Check Point R80.20 Now GA

This is related to 3.10.X versions: New Linux Kernel Bug Affects Red Hat, CentOS, and Debian Distributions 

Does it effects to Management of R80.20?

Highlighted
Admin
Admin

Re: Check Point R80.20 Now GA

In order to exploit this, you'd have to be an authorized user (most likely an admin of some sort) and get to expert mode (i.e. not be in clish).

That assumes the bug is present in our kernel, which I can't say for sure. 

In any case, these sorts of issues tend to get addressed in later releases/jumbo hotfixes since they pose no immediate risk.

Of course, this is just my initial assessment and should not be construed as official.

My guess is an official SK will appear on this in the near future.

If it's urgent, I recommend opening a TAC case.

Highlighted

Re: Check Point R80.20 Now GA

same for the HP Gen10, it's very annoying that checkpoint hasn´t managed to fix support for this even after 1year+

Highlighted
Employee+
Employee+

Re: Check Point R80.20 Now GA

Highlighted
Employee+
Employee+

Re: Check Point R80.20 Now GA

Clarification: future of HCL (hardware compatibility):

Open server compatibility is expected to be much better with the new linux release. 

As i explained above, mgmt GA works w the updated linux (so it is integrated in the GA). Updated HCL was published (mgmt is user space and therefore simpler).

We also have EA with r80.20 variant based on updated linux for GA - you are welcome to join this EA asap. With this release we will have the latest open servers supported in timely manner (so we hope to put to delayed HCL behind us, once we release the variant that works on the new linux). 

Highlighted

Re: Check Point R80.20 Now GA

Thanks for the reply Dorit, is this GW EA also for VSX?

Within the open servers for HCL are you testing the new 25G nic together with the new servers?

Highlighted
Employee+
Employee+

Re: Check Point R80.20 Now GA

1. The gw variant for new linux is in production EA for both open servers and clous usage

2. VSX w new linux is developed but not yet ready for EA. Why? With the gw move to new linux, the biggest change is replacing the VFRF module with “Name spaces” as VFRF no longer exist. So we released Gw-non-VSX first and now we are QAing the VSX. The exact date of EA for VSX depends on our quality validation and is expected to happen this quarter. 

If you will join the EA for the new kernel GW, you will also get updates on the missing functionality (vsx) 

Last: The exact functionality we certified for open server is based on priorities from the field (at the end we want to cerify everything possible and we believe that w the new kernel the time to market and quality of open servers support will be dramatically better and we can support anything needed).

To impact the order/priority of certifications for HCL, contact the local field and get them to present the business case to our solution center (the entity that manages the field priritization to such things) 

Highlighted

Re: Check Point R80.20 Now GA

Does this mean that VSX is not jet working/supported in R80.20 gateways we can download from sk122485?

Highlighted

Re: Check Point R80.20 Now GA

No, there is a GA for gateway with R80.20 with kernel 2.6 (same kernel as R80.10) which is fully supported.

In parallel there is an EA for gateway with R80.20 with kernel 3.10 (same kernel as R80.20 Mgmt GA and R80.20.M1), which has limited scope.

Highlighted

Re: Check Point R80.20 Now GA

And now I also understand Smiley Happy

Thank you Norbert

Highlighted

Re: Check Point R80.20 Now GA

sure we are aware of that, the question is specifically for GW.

Highlighted
Platinum

Re: Check Point R80.20 Now GA

Cluster object name still cannot be the same as policy package name (and vice versa). Is there any special reason for that ? Beside that the name will be the same ?

Kind regards,
Jozko Mrkvicka
Highlighted

Re: Check Point R80.20 Now GA

Let me guess, you are trying to upgrade from R77.30, right?

Highlighted
Platinum

Re: Check Point R80.20 Now GA

No, fresh installation of R80.20 MDS and playing with it around 10 minutes.

Kind regards,
Jozko Mrkvicka
Highlighted

Re: Check Point R80.20 Now GA

Okay. One of the limitations with R80.10 and up: unique names for everything. Name your policy package as FIREWALL_TEST_POLICY, that would do

Highlighted
Platinum

Re: Check Point R80.20 Now GA

yep, this also happens in case you are going to create for example new Network Group with the name exactly the same as something else ...

Kind regards,
Jozko Mrkvicka
Highlighted

Re: Check Point R80.20 Now GA

Correct. Each object HAS to have a unique name

Highlighted

Re: Check Point R80.20 Now GA

And to use a clear naming convention is useful for ages now (and so you don't run is such problems) Smiley Happy

and now to something completely different
Highlighted
Platinum

Re: Check Point R80.20 Now GA

Management API Version 1.3 released

Check Point - Management API reference 

What's New in v1.3

This release, API version 1.3, introduces several new features and several changes. 

New features:

  • Updatable Object.
  • Show objects as ranges:
    • Show rules as ranges of IP addresses and ports instead of Check Point Objects.
    • Show a nested group, group-with-exclusion or service-group as the accumulative ranges of IP addresses and ports.
  • Show objects as ranges enables you to:
    • Describe policies in a non-Check Point-language.
    • Run custom validations easily.
    • Find rules that are similar to your new rule request.
Changes with the potential to break existing scripts:
  • Changes to the overrides parameter in the set threat protection:
    • The option to add override (overrides > add) is no longer supported. Instead perform a set operation on the protection's override.
    • The option to set override (overrides > set) for specific profile will change the override for this profile only, other profiles will not be changed.
Kind regards,
Jozko Mrkvicka
Highlighted

Re: Check Point R80.20 Now GA

Dameon hi,

Now when R80.20 is released, do we know exact date when Falcon network cards will be released in catalogs?

BR

Vato

Highlighted
Admin
Admin

Re: Check Point R80.20 Now GA

Offhand I do not.

Re: Check Point R80.20 Now GA

 

Hello, do you have any news about this new feature indicated in r80.20 EA?

  • HTTPS Inspection now works in conjunction with HTTPS web sites categorization. HTTPS traffic that is bypassed will be categorized.

There isn't in r80.20 GA?

Thanks

Highlighted
Admin
Admin

Re: Check Point R80.20 Now GA

Occasionally EA features do not make the GA.

I will check.

0 Kudos
Highlighted
Admin
Admin

Re: Check Point R80.20 Now GA

Looks like this was added to R80.20.

It's listed in this SK as a Resolved issue: R80.20 GA and R80.20 Management Feature Release Resolved Issues 

Highlighted

Re: Check Point R80.20 Now GA

Hello, thanks for reply.

This is the bug fix note:

The "Categorize HTTPS sites" feature does not work when HTTPS Inspection is enabled. Refer to sk90840.

The sk indicated (sk90840) isn't linked to this issue:

sk90840 - HTTPS Inspection is not supported for IPv6 traffic in R76 / R77.X / R80.10

Can you verify?

Thanks

Highlighted
Admin
Admin

Re: Check Point R80.20 Now GA

Not sure why they linked that SK to it, but good catch.

If the feature doesn't work as advertised, I'd say: open a TAC ticket. Smiley Happy