So, I have been advised by Phoneboy to post my issues here with the hope that someone might be able to provide some help on them so here goes..... oh it’s a long one!
We were forced to upgrade from R77.30 like a lot of people so arranged for a new gateway and management server to be built on new Dell PowerEdge servers (both of which were checked by CheckPoint and confirmed as ok; they were in the compatibility list.)
Both the management server and gateway were built on R80.30 and to begin with, all was fine. However before long we noticed a memory leak in that 32gb of ram was being consumed to the point the gateway was either crashing and rebooted or it required a reboot after 12 hours. It was decided that the issue was my licence hasn’t been cut correctly and was still running an old version so needed to be renewed, which is did, but then the issue with CPUs started.
the gateway was using more CPUs than it was licences for, cue some more investigations and was told that the only way to resolve this was to upgrade to R80.40.
this was planned and carried out and more issues occurred! Our Secureid VPNs no longer worked and the work around from CP didn’t work either. So to stop the whole business from not being able to connect, I rolled back, using the CP method and this failed. We had to reset the database on the gateway and the management server to get the 2 to talk again but in doing so the threat management blade screwed up and the only to resolve is to rebuild the gateway!
CP provided us with a 5900 to use whilst we had out open server rebuilt to R80.40. The applicable is on R80.40 but we cannot use it as the Secureid VPNs still do not work. It’s been looked at a number of times and logs taken and the developers still haven’t got a fix.
So I have:
an open server with a potential memory leak if I use my licence. If I use an eval licence then we have too many CPUs being used. The ‘fix’ for this is to update to R80.40 but this doesn’t work as it’s stops my users connecting to the VPN as the SDCONF.rec file keeps overwriting (yes the SK has been read and doesn’t work).
I have an 5900 that I cannot use as it’s in R80.40 and has the same issues as the open server with the SDCONF.rec file. Not sure about the memory or CPU as it’s not been used in anger!
so I am hoping that R81 will be the saviour to all of this as it’s been over 6 months now and I still do not have a fully working gateway and management server that doesn’t require some sort of babysitting on a weekly, if not daily, basis.