cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Employee+
Employee+

Re: Check Point R80.20 Now GA

Check Point configurations are indeed copied when you upgrade using CPUSE, but custom files that are added by the user are not copied to the new partition with the upgrade. Of course we recommend to test the GW after the upgrade to make sure that all is working as expected.

Re: Check Point R80.20 Now GA

For example, what would these custom files be ?

0 Kudos
Admin
Admin

Re: Check Point R80.20 Now GA

See: Manually modified files 

In general, anytime you make a configuration change, particularly via expert mode/Unix shell, you should document it for future you. Smiley Happy

Re: Check Point R80.20 Now GA

Hi, 

I have upgraded sms via cpuse to version 80.20 M2, but when I am going to upgrade the log server the following message appearsWhat is happening?

Other question, the version 80.20 M2 is 80.20 GA?

0 Kudos

Re: Check Point R80.20 Now GA

GA is release of management and gateways, R80.20m2 is just release of management with new features..

Admin
Admin

Re: Check Point R80.20 Now GA

R80.20.M2 was released after R80.20 GA and contains additional features and functionality.

That said, it looks like you are attempting to upgrade from R80.20 GA to R80.20.M2.

This upgrade path requires additional steps, as described here: Security Management upgrade from/to Management Feature Release 

0 Kudos
Employee+
Employee+

Re: Check Point R80.20 Now GA

Indeed R80.20.M2 is a Management Feature Release. It is built on top of R80.20 GA, but adds more Management features. The Mx release train is described in this SK: sk123473

The Management Feature Releases give you access to the latest Management features, but many customers will prefer to go with the official main-train GA. It is important for us to be transparent and clear about our versions, so I would like to reach out directly to understand if there is something that we still need to improve.

** Regarding the installation verification error, it should be possible to upgrade a standard Log Server. Some other configurations (such as Multi Domain Log Server) are not yet supported via an easy CPUSE upgrade (like Dameon mentioned). It's important to note that we are already working on removing these limitations and future releases should support all upgrade paths transparently.

0 Kudos

Re: Check Point R80.20 Now GA

I found the following things missing in R80.20:

  1. Interface can no longer be set with a /32 subnet mask. (This worked in R80.10)
  2. Along with this the OVH failover IP setup is not supported. See also: Configuring IP aliasing
  3. IPv6 routes of /3 are not supported (most notably used for 2000::/3 as alternative for a default gateway) (this worked in R80.10) iIp route add 2000::/3 .... still works in bash)
  4. IPv6 routes can no longer use logical interfaces. (This worked in R80.10)

It would be nice if R&D can see why these issues are no longer working with R80.20 and fix them.

Neither R80.10 nor R80.20 can actually use a default gateway to a host outside a directly attached network. The command is accepted but it fails to work.

Re: Check Point R80.20 Now GA

This works for me with DHCP - I receive a DHCP IP on a /32 subnet, addresses the interface OK and I get a default route, with another route added out of that interface to the upstream gateway.

0 Kudos

Re: Check Point R80.20 Now GA

Update regarding upgrade of Security Management Servers from R80.20.M1 to R80.20:

 

We are gradually enabling customers to upgrade their R80.20.M1 Security Management Servers to R80.20 without the requirement to contact Check Point Support.

 

Some customers will be able to upgrade their R80.20.M1 environments to R80.20, either with CPUSE or with Advanced Upgrade, while other customers will still face the message that requires them to open a ticket to Check Point Support.

 

Customers who currently face the message that requires them to open a ticket to Check Point Support, are advised to either wait for the gradual rollout to complete, or manually retrieve the updated upgrade package.

 

sk137677 contains the updated instructions for upgrading Security Management Servers from R80.20.M1 to R80.20.

 

Notes:

  1. Currently, Multi-Domain customers with version R80.20.M1 are advised to upgrade with the assistance of Check Point Support.
  2. The instructions for upgrading Security Gateways of all versions, or Security Management of versions prior to R80.20.M1 (such as: R80.10, R80, and R77.30) are not affected by this change.

 

Once the gradual rollout completes, we will once again update this thread.

phlrnnr
Silver

Re: Check Point R80.20 Now GA

I was just testing this in my lab:

  • Changes in the number of FW worker instances (FWK) in a VSLS setup do not require downtime.

It seemed to work great - I didn't lose a ping, and it seemed to make the changes on the Standby member, then fail over and make the change on the Active member instead of blowing up both members at the same time as in the past.  This is fantastic news!

I did notice, however, that SmartConsole still warns about this creating downtime.  It appears the wording has changed  stating it only applies to HA clusters (even though my setup is VSLS):

Thanks for including this in R80.20 - it is hugely valuable.

0 Kudos
Admin
Admin

Re: Check Point R80.20 Now GA

It's referring to a VSX HA cluster (entire chassis failover), not VSLS (HA for a given VS).