- CheckMates
- :
- Products
- :
- General Topics
- :
- Re: R81.20 feedback
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
R81.20 feedback
Hey guys,
Figured would share my feedback so far on brand new distributed install of R81.20 in esxi lab. I really do like zero phishing feature, though for that to work, https inspection has to be on, so may try that out some time this week.
In all honesty, I dont see any drastic changes from R81.10 as far as policy layout, log filtering, IPS...
Also, not sure if this is just my lab, but I made few rule changes and for some reason, accelerated policy push never takes an effect, though its not disabled.
Just my 100% honest feedback, looks good so far, but the real test would be to see it in busy production environment.
Anyway, thats all I can think of for now. Will add more things as I do more testing : - )
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Martin_Hofbauer we invested a lot of time and effort in testing of course - QA , EAs and checkpoint internal GWs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well, good point, but this is all lab, so no harm, haha.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Latest update as of November 27, 2022:
For now, NAT hit count seems to work and IPS update shows green (as it should be), so thats good news. I will report back if any issues.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
Since you wrote that Nat hitcount is working ,
let me know if you need anything else .
Best regards .
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well, for now its working, but it was never consistent with R81.10 either, so time will tell.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just a quick update, I re-enabled qos and desktop policy again (with exact SAME settings) and this time works fine. Let me monitor for few days and see if it stays stable.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The end of support date needs to be pushed back later than October 2024. That's less than 2 years away. For an enterprise environment that not long enough to make it worth the effort of upgrading.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would not be surprised if it ultimately is pushed back, given recent history.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Im fairly positive it will be extended.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I agree!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Definitely something bunch of people said, so Im certain CP will take that into consideration.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As I expected, the End of Support date for R81.20 date has been adjusted.
It is now officially November 2026 per the Support Life Cycle Policy page:
https://www.checkpoint.com/support-services/support-life-cycle-policy/#software-support
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That was quick! 😀 The decision help our 2023 planning a lot, cheers 👍
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Latest update...though NAT hit count does work, I would say it works 80% of the time and then randomly fails other 20%. I even built another brand new lab and its exact same behavior. By the way, I tried standalone config 2 more times and had EXACT same issue...policy would not load, internal CA was corrupt, so logically, it can only lead me to say that image used for it is wrong, not sure what else could be...though on support site, it shows its same image for mgmt, distributed and standalone config.
Other than that, Im very impressed with the R81.20. Zero phishing is great, https inspection as well, changes made prior to installing policy are now more clearly visible and user friendly (so to say : - )). Sadly, since I dont have actual physical CP appliance to test this, I cant comment on autonomous threat prevention, but on surface, looks promising.
Thats all for now, if anything else comes up, will update : - )
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Great feedback the_rock.
The things you have found in a very short period, highlight, in my option that QA needs to be improved prior to release. I would suggest that R81.20 does not get a 'recommended' installation status until at least Jumbo 100 (maybe excessive).
I say this because ultimately anyone upgrading to R81.20 does so to support the business and the last thing CP and its clients need is negative experiences when doing so.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Of course, happy to share anything I find. Again, just being brutally honest ( as I always am anyway), I did not notice any revolutionary changes from R81.10, but they may come in the future with JHFs. Having said that, I like the code in general and seems stable so far.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To add to my last comment, I never really care how much work I put into something, as long as it HELPS other people, Im happy about it...just my mentality.
If you need me to try or test anything else in the lab, let me know. Kind of sucks I did not have enough space/resources to build a cluster on that esxi server, but for now, its managent and single gateway.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Cannot Check Point upgrade their CheckMates Labs to include the latest GA version once it is released ?
Even better would be to deploy your own environment directly within Check Point Cloud, where you can play with the specific features and report to TAC/R&D directly. In such a case, you will simple provide some unique deployment ID and CP employees can check the LAB directly without asking any debugs (since they can access it and do whatever they need).
In the past I found couple of bugs, but since I was doing the testing on my personal workstation using VMware, I was not able to open the case and have a bug fixed...
Jozko Mrkvicka
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That question, I will let CP employees answer haha
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
CP4B lab is already on R81.20, as far as I know. @Shay_Levin can you please confirm?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
CP4B has R81.20 ISO images that can be manually deployed and also ready to use R81.20 snapshots that are corelated to the lab stages.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I believe atleast some of the lab environments were already upgraded per:
Check Point for Beginners Network Security Lab now... - Check Point CheckMates
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm still finding memory leak issues in R81.10 JHFA T79. So I will only migrate customers when we get to R81.20 JFA T80+
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, 100% agree. I would totally wait until at least few jumbo hotfixes come out and its proven as stable. I dont want people to simply rely on all I say here, because lets be honest, its a lab with a single user behind it, so OF COURSE it will work : - ))
I more put up this post to talk about blades/features to begin with.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We deployed R81.10 with Jumbo T78 and private bundle, since then we have been stable. I won't look at going further until the new year, but I will most certainly request TAC to create me a new bundle for the GA release at the time.
I know some more bugs fixes were included in T79, but not all.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good point @genisis__ . You know what they say, why fix it if it aint broke : - ). By the way, I saw some people had Radius auth issue in jumbo 79, but I see 81 also came out, but its not GA as of yet. Lets see when first JHF comes out for R81.20.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I find picking a given JHA count/take not very helpful; I mostly recommend based on do you need a feature or after the version becomes the recommended version, and people seem happy with it. There are some customers I start early because they take forever to certify a release, and I really hate the fire drill when I tell them, "No you can't keep using version 3.0.B Build 315" (Don't laugh, they finally upgraded about 5 years ago). Ask your SE, and if are diamond, ask your diamond engineer, that's what we are here for.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Jim_Holmes Its bit more complicated than that. See, TAC always tells people to install latest JHF (no matter the issue or if it has zero to do with the problem) because they claim thats what R&D always asks for.
Well, think about it...if they put themselves in customers' shoes, they would not be happy about that advice. So, yes, its fine to advise people to upgrade, but I find its more of a cop out NOT to truly help, than it is for customer's benefit. Anyway, just my opinion based on many experiences in the past dealing with that.
Ostensibly, thats advice most vendors may give, but in my mind, there is a HUGE difference giving such advice at the beginning, middle or end of the problem : - )
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My biggest wish for the New Year is for Checkpoint to aim to reduce the number of bugs by 70%. They are a premium security vendor, but it does not mean anything to a business that is seeing stability issues due to bugs, after upgrades or Jumbo releases
Not only will the customers be happier, but also this would reduce the load on TAC who are already overloaded.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Very well said!