cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Ivory

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

I have a customer using MEP to provide load-sharing and resilience across two physical Internet links in two geographically separate data centres for end users (i.e  not site-to-site).  It works really well, and you can clearly see the load balanced almost equally (within single-digits) with 2,000 users per site/cluster.  When one site fails (or is taken down for maintenance) all users just connect seamlessly to the remaining site with MEP.  This has been working for years on R77 and now R80.

0 Kudos
Highlighted
Iron

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

IPsec VPN

  • Configure different VPN encryption domains on a Security Gateway that is a member of multiple VPN communities. This Option was much needed, looking forward to it. Thanks for including this change in R80.40. Alos, just wanted to confirm if SHA-512 is added for Hashing method inside S2S VPN configuration or not. Nowadays many of the Clients asking to use the SHA-512 for Integrity but its not available with Checkpoint yet (Till R80.30).

 

Thanks,

CSR

Highlighted

Re: R80.40 is Public EA now

Jump to solution

Since yesterday it is public EA.

0 Kudos
Highlighted

Re: R80.40 is Public EA now

Jump to solution

From the R80.40 release notes:

Application Control

  • Improved performance, diagnostics and monitoring tools.
  • Enchantment to Server Name Indicators (SNI) classifications.

Always thought SNI seemed like magic and finally we have confirmation!

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
Highlighted

Re: R80.40 is Public EA now

Jump to solution

hoho @Timothy_Hall .  you a funny man!! 

0 Kudos
Highlighted
Employee
Employee

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

Hi All,

In order to release R80.40 we are looking for production sites that are willing to install this week!
we have release candidate and we are on the verge of final version.

Contact us directly at:  EA_SUPPORT@checkpoint.com
or enroll: https://www.surveymonkey.com/r/cp-ea-r8040-enrollment

Highlighted
Nickel

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

Has anyone tested the backup and restore of an individual CMA?

 

0 Kudos
Highlighted

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

Hi, Can a R80.30 or R80.20 manager manage an 80.40 EA gateway?   I'd like to bring up a production 5800 appliance but keep my main manager on a GA version.  I'm guessing the R80.40 manager will be under GA sooner than the gateway, but it seems like R80.40 EA, includes manager and gateway.

0 Kudos
Highlighted

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

hello -- what you describe (production devices) is necessarily the private EA accessed via your local CP field engineers and onsite TLC. 

 

cp-ea1.jpg

Highlighted

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

future planning question.   RE: gateway   Should R80.40 be stable with ext3 or is xfs required/strongly recommended?

0 Kudos
Highlighted

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

Stability should be about the same.  Considering how little the gateway normally hits its hard drive, I doubt it will make much of a performance difference.  XFS might be able to recover itself slightly better in the event of a power loss or crash, but that is about it.

A SMS/MDS on the other hand is a completely different story, and you most definitely want XFS due to heavy hard drive utilization.

 

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
Highlighted
Employee
Employee

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

Hi Daniel,

Currently only R80.40 Management server can manage R80.40 GW.

Once R80.40 is GA it will be supported by next JHF for R80.20 & R80.30.

 

Highlighted
Silver

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

So, once the jumbo support is added to R80.30 management, would an R80.30 manager be able to manage a new pair of R80.40 gateways deployed in Active-Active cluster mode (eg. L3 clustering)?

0 Kudos
Highlighted
Employee
Employee

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

Hi,

Unfortunately Active-Active cluster requires  R80.40 management server, so at this stage you will not be able to use it unless upgrading the management server to R80.40.

0 Kudos
Highlighted

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

RE: upgrade from R80.30 2.6.18 kernel to R80.40 3.10 kernel question for future planning

If you have a 5800 appliance (gateway only) that was recently formatted with ext3 (R80.30 running 2.6.18), and you plan to upgrade to R80.40 GA (once its out in March/April?) will you need to plan to re-format or can you simply count on a normal CPUSE upgrade the gateway to R80.40 GA?  And the kernel should change to 3.10 correct, no re-format necessary y/n?   

From what I can tell an upgrade will get me to R80.40 and 3.10, but if I want xfs, I'd need to re-format.

 

[Expert@fwl-box-03:0]# cat /etc/fstab
/dev/mapper/vg_splat-lv_current / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
devpts /dev/pts devpts gid=5,mode=620 0 0
tmpfs /dev/shm tmpfs defaults 0 0
proc /proc proc defaults 0 0
sysfs /sys sysfs defaults 0 0
/dev/mapper/vg_splat-lv_log /var/log ext3 defaults 1 2
LABEL=SWAP-sda2 swap swap defaults 0 0

 


[Expert@fwl-box-04:0]# cat /etc/fstab
/dev/mapper/vg_splat-lv_current / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
devpts /dev/pts devpts gid=5,mode=620 0 0
tmpfs /dev/shm tmpfs defaults 0 0
proc /proc proc defaults 0 0
sysfs /sys sysfs defaults 0 0
/dev/mapper/vg_splat-lv_log /var/log ext3 defaults 1 2
LABEL=SWAP-sda2 swap swap defaults 0 0

0 Kudos
Highlighted

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

Hi,

 

will be possibile moves from a SMS 80.20 an let become it ad Domanin Management Server (CMA) in 80.40?

 

Regards

Mattia

0 Kudos
Highlighted

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

@Mattia_Varone generally speaking, yes, you can migrate SMS to MDSM as a security domain server. Mind R80.40 public EA is for lab purposes though. If you want to move your production environment, you will have to wait till the release is out.

0 Kudos
Highlighted

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution
Hi Val,
thanks for your reply. So the issue described in the sk122700, will be solved in 80.40?
Thanks
Mattia
0 Kudos
Highlighted

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

Oh, I see... let me check with R&D, it might be my answer was not correct, as it is not applicable to R80.30 and below, apparently.

0 Kudos
Highlighted

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution
Thanks, I'm waiting your update.
I hope will be possible move from a Security Management Server 80.40 to become a Domain Management Server on a Multi-Domain Server 80.40
Regards
Mattia Varone
0 Kudos
Highlighted
Employee+
Employee+

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

Hi @Mattia_Varone, my name is Eran and I'm the R&D manager in Check Point responsible for the core of the Management server. In R80.40 we implemented the ability to do the following:

  • Backup and restore an individual Domain.
  • Migrate Domain to another Multi Domain Server.
  • Migrate a SmartCenter machine to a Domain on a Multi Domain Server (and vice versa).

All those abilities are included and available as part of the public EA of R80.40, more info could be found on the EA version of the Management API reference for R80.40, but note some of the SKs which appear as reference are still internal and will be released once R80.40 is out.

We plan to make those abilities available as part of the JHF of R80.20 and R80.30 soon and we're actually looking for customers who would like to take part in testing the Domain migration feature as part of JHF. Please contact me directly if it's relevant for you - would be great!

Highlighted

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution

@Eran_Habad thanks for your answer

Highlighted

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution
Thanks for your support
Highlighted

Re: R80.40 Early Availability Program @ Check Point Update

Jump to solution
Thanks Eran for your answer
0 Kudos