Solved: JHF SMS, Log Server and Dedicated Smart Event

sushantjoshi

I am planning to perform hotfix on my Active/Standby SMS Servers. I also have two dedicated log servers and one dedicated Smart Event Server. Do I need to patch all of these 4 servers (2 SMS , 2 Log Servers and 1 SME) on the same day.

Will there be any issue if SMS is on higher JHF then Log Server and Smart Event are. I planning to do it in 2 separate days so that is why I am trying to understand.

All of these servers are currently running on R81.20 and are managing VSX, Appliance platform

the_rock

100% answer is no, there wont be any issues...BUT, considering latest CVE for remote access VPN, I strongly urge you to install jumbo 65 on your firewalls. I had been literally "forcing" everyone to do the same 🙂

It is now recommended take anyway.

Andy

View solution in original post

the_rock

I never bother installing any jumbos on sms, as I find it tottally irrelevant, same for smart event. All that matters is that gateways are patched and you can easily manage them if sms is on same version (say R81.20), but has lower jumbo.

The only exception to what I said might be if TAC advises there is a fix in specific jumbo for management, otherwise, no.

Andy

sushantjoshi

Thank you for your reply

What exactly do you mean "but by has lower jumbo" ? Does that mean SMS should be on a lower hotfix than the appliance ?

For example SMS on R81.20 Hotfix Take 26 and SGW on R81.20 Hotfix Take Take 41 ?

Will there be any issue if the SMS is on take 65 and SGW is on Take 41 ? This is just for my understanding I know usually gateway's are your priority

the_rock

100% makes no difference if sms is on lower jumbo.

I recall couple of years back when one of customers I constantly help with CP issues asked me this question, as they have S1C (smart one cloud) mgmt and I called TAC, lady logged in and told me that jumbo take was 5 takes behind than what their on prem firewalls were on (this was on R81.10).

I was totally fine with that, as I explained to the customer that as long as management is on same OR higher version than the gateways, there is nothing to worry about.

Put it this way...I would say based on all the fixes I read for jumbos in R80.xx versions and R81.xx, Im not exaggerating when I say that 99% of them were for the gateways. You see maybe 1 or 2 in each take for the management, even if that.

Andy

sushantjoshi

Thanks for the reply and I understood what you are trying to explain.

One last thing will there be any issue if the SMS is on take 65 and SGW is on Take 41 ? This is just for my understanding I know usually gateway's are your priority.

the_rock

100% answer is no, there wont be any issues...BUT, considering latest CVE for remote access VPN, I strongly urge you to install jumbo 65 on your firewalls. I had been literally "forcing" everyone to do the same 🙂

It is now recommended take anyway.

Andy

sushantjoshi

Thank you !

We have a dedicated VPN box and we are not running VPN blades in our checkpoint environment.

Are you a member of CheckMates?

JHF SMS, Log Server and Dedicated Smart Event