Well, good point, but this is all lab, so no harm, haha.

Hi  

Since you wrote that Nat hitcount is working , 

let me know if you need anything else .

Best regards .

Well, for now its working, but it was never consistent with R81.10 either, so time will tell.

Just a quick update, I re-enabled qos and desktop policy again (with exact SAME settings) and this time works fine. Let me monitor for few days and see if it stays stable.

I would not be surprised if it ultimately is pushed back, given recent history.

Im fairly positive it will be extended.

I agree!

Definitely something bunch of people said, so Im certain CP will take that into consideration.

That was quick! 😀 The decision help our 2023 planning a lot, cheers 👍

Great feedback the_rock.

The things you have found in a very short period, highlight, in my option that QA needs to be improved prior to release.  I would suggest that R81.20 does not get a 'recommended' installation status until at least Jumbo 100 (maybe excessive).

I say this because ultimately anyone upgrading to R81.20 does so to support the business and the last thing CP and its clients need is negative experiences when doing so.  

Of course, happy to share anything I find. Again, just being brutally honest ( as I always am anyway), I did not notice any revolutionary changes from R81.10, but they may come in the future with JHFs. Having said that, I like the code in general and seems stable so far.

To add to my last comment, I never really care how much work I put into something, as long as it HELPS other people, Im happy about it...just my mentality.

If you need me to try or test anything else in the lab, let me know. Kind of sucks I did not have enough space/resources to build a cluster on that esxi server, but for now, its managent and single gateway.

Cannot Check Point upgrade their CheckMates Labs to include the latest GA version once it is released ?

Even better would be to deploy your own environment directly within Check Point Cloud, where you can play with the specific features and report to TAC/R&D directly. In such a case, you will simple provide some unique deployment ID and CP employees can check the LAB directly without asking any debugs (since they can access it and do whatever they need).

In the past I found couple of bugs, but since I was doing the testing on my personal workstation using VMware, I was not able to open the case and have a bug fixed...

That question, I will let CP employees answer haha

CP4B lab is already on R81.20, as far as I know. @Shay_Levin can you please confirm?

CP4B has R81.20 ISO images that can be manually deployed and also ready to use R81.20 snapshots that are corelated to the lab stages.

I believe atleast some of the lab environments were already upgraded per:

Check Point for Beginners Network Security Lab now... - Check Point CheckMates

I'm still finding memory leak issues in R81.10 JHFA T79. So I will only migrate customers when we get to R81.20 JFA T80+

Yes, 100% agree. I would totally wait until at least few jumbo hotfixes come out and its proven as stable. I dont want people to simply rely on all I say here, because lets be honest, its a lab with a single user behind it, so OF COURSE it will work : - ))

I more put up this post to talk about blades/features to begin with.

We deployed R81.10 with Jumbo T78 and private bundle, since then we have been stable.  I won't look at going further until the new year, but I will most certainly request TAC to create me a new bundle for the GA release at the time.

I know some more bugs fixes were included in T79, but not all.

Good point @genisis__ . You know what they say, why fix it if it aint broke : - ). By the way, I saw some people had Radius auth issue in jumbo 79, but I see 81 also came out, but its not GA as of yet. Lets see when first JHF comes out for R81.20.

I find picking a given JHA count/take not very helpful; I mostly recommend based on do you need a feature or after the version becomes the recommended version, and people seem happy with it. There are some customers I start early because they take forever to certify a release, and I really hate the fire drill when I tell them, "No you can't keep using version 3.0.B Build 315" (Don't laugh, they finally upgraded about 5 years ago). Ask your SE, and if are diamond, ask your diamond engineer, that's what we are here for.

@Jim_Holmes Its bit more complicated than that. See, TAC always tells people to install latest JHF (no matter the issue or if it has zero to do with the problem) because they claim thats what R&D always asks for.

Well, think about it...if they put themselves in customers' shoes, they would not be happy about that advice. So, yes, its fine to advise people to upgrade, but I find its more of a cop out NOT to truly help, than it is for customer's benefit. Anyway, just my opinion based on many experiences in the past dealing with that.

Ostensibly, thats advice most vendors may give, but in my mind, there is a HUGE difference giving such advice at the beginning, middle or end of the problem : - )

My biggest wish for the New Year is for Checkpoint to aim to reduce the number of bugs by 70%.  They are a premium security vendor, but it does not mean anything to a business that is seeing stability issues due to bugs, after upgrades or Jumbo releases

Not only will the customers be happier, but also this would reduce the load on TAC who are already overloaded.

Very well said!