Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Upgrading Management only to R80.20 and user.def.FW1

We recently upgraded our management server from R77.30 Take 302 to R80.20.  We are planning on upgraded the gateways, but they currently are at R77.30.  We have many IPSec VPN tunnels to different cloud providers and partners.  For some of them, I needed to use the user.def.FW1 file to explicitly define the IP ranges to use for a particular tunnel encryption domain.

Today, I discovered that my tunnel to the Oracle cloud was not setting up SA's to all of my IP ranges.  I double checked to be sure the user.def.FW1 file came through with the migrate import process.  It did.  A quick email to my VAR (Thanks Daniel!), and I had the answer.

I have to use the compatibility version of the user.def.FW1 file - user.def.R77CMP.  Once I populated this file, and pushed policy, the gateways negotiated the proper SA's, and all is well.

Tags (1)
3 Replies
Highlighted
Admin
Admin

Re: Upgrading Management only to R80.20 and user.def.FW1

Mind if I move this to a more general space such as General Product Topics‌?

0 Kudos
Highlighted

Re: Upgrading Management only to R80.20 and user.def.FW1

Please do.

Thanks.

0 Kudos
Highlighted
Silver

Re: Upgrading Management only to R80.20 and user.def.FW1

Make sure you check sk98239 before future  upgrades of the Management Server. 

Furthermore, you need this article too if you manage a variety of Security Gateways with different installed versions (and when they are being used for VPN).

My blog: https://checkpoint.engineer