This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Thomas_Allen
Participant
‎2018-11-09 02:36 PM

Upgrading Management only to R80.20 and user.def.FW1

We recently upgraded our management server from R77.30 Take 302 to R80.20.  We are planning on upgraded the gateways, but they currently are at R77.30.  We have many IPSec VPN tunnels to different cloud providers and partners.  For some of them, I needed to use the user.def.FW1 file to explicitly define the IP ranges to use for a particular tunnel encryption domain.

Today, I discovered that my tunnel to the Oracle cloud was not setting up SA's to all of my IP ranges.  I double checked to be sure the user.def.FW1 file came through with the migrate import process.  It did.  A quick email to my VAR (Thanks Daniel!), and I had the answer.

I have to use the compatibility version of the user.def.FW1 file - user.def.R77CMP.  Once I populated this file, and pushed policy, the gateways negotiated the proper SA's, and all is well.

3 Replies
PhoneBoy
Admin
Admin
‎2018-11-09 03:32 PM

Mind if I move this to a more general space such as General Product Topics‌?

0 Kudos
Thomas_Allen
Participant
‎2018-11-09 03:48 PM

Please do.

Thanks.

0 Kudos
RickHoppe
Advisor
‎2018-11-10 01:34 AM

Make sure you check sk98239 before future  upgrades of the Management Server. 

Furthermore, you need this article too if you manage a variety of Security Gateways with different installed versions (and when they are being used for VPN).

My blog: https://checkpoint.engineer

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events