Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Danny
Champion Champion
Champion

Vote for R77.30 support extension

Check Point R77.30 support expiration is near.

Regarding Check Point's Support Life Cycle Policy it will expire in September 2019!

While R80.20 is now Check Point's default recommendation and runs quite stable already, it doesn't feature all functions R77.30 has and is still being heavily developed. End users and partners are desperately waiting for newer releases, such as R80.20 GA for gateways and the first hotfixes in order to adopt to it after thorough planning, preparation and testing. This takes time while the support end for R77.30 is very close.

R77.30 on the other hand is proven to run stable, is well patched, latest jumbo hotfixes often just refer to rare scenarios. End users know how to manage it and need time to adopt to the all new R80 workflow. They use tools like SmartWorkflow that they need to completely rethink after migrating to R80. Even simple tasks, such as searching for objects with duplicate IP addresses, which were just a click away in SmartDashboard R77.30 now require to install and run python scripts in R80. Many additional topics could be easily mentioned here that will surely be cool with R80.x in the future but are currently still under development.

Do you think Check Point should publicly extend R77.30 support, at least for another year?

Extend R77.30 support!357
Let it expire in September 2019!71
62 Replies
HeikoAnkenbrand
Champion Champion
Champion

Please no extension. R80.10 is a stable version with many advantages.
I personally found the following versions very stable: 4.1Smiley Happy, R65 HFA70Smiley Happy, R75.47, R77.30.

But I don't want to have the old times anymore.

The world continues to evolve and we wait for GEN VI and R80.20!

Regards

Heiko

➜ CCSM Elite, CCME, CCTE
0 Kudos
Vladimir
Champion
Champion

Sorry Heiko, I have to disagree with you on this subject.

Besides all of the points about R77.30 that Danny has brought up, there is also the issue with hardware requirements vs. deployed fleet of appliances.

I know of quite a few instances when my clients were quoted and sold (not by me), management units in a year prior to R80 release that are not capable of running it, but are fine with R77.30.

So long as there are Smart-1s not powerful enough to handle all the blades sold with them on R80.XX, R77.30 EOS/EOL should have corresponding horizons.

Cheers,

Vladimir

0 Kudos
Jim_Fessler
Contributor

The 4000 series of appliance will not run R80 standalone without 8gb of memory. Most older 4600 only have 4 and 4400 also only have 4gb. The 4200 cannot run standalone R80+ at all. These appliances are not EOL until 2020 but will still be useless. Just upgraded a 4400 from 4gb of memory with approved Check Point feature. 4GB of memory which can be bought for under 200 all day long is 900+ from Check Point. Left a very bad impression of Check Point appliances with the customer. The 210 at 8gb will run R80.10 but it is a dog! It will need a memory upgrade, but I am afraid to ask the cost. Takes forever to reboot. 

I have R80.10 running at a large customer. I find little value for any customer that isn't running Threat Extraction or Threat Emulation, unless they have multiple administrators. 

Keep R77.30 supported. 

0 Kudos
PhoneBoy
Admin
Admin

If you think you're going to need to run R77.30 past the End of Support date, I would start working with your local office now.

We have granted support extensions on a case-by-case basis in the past.

0 Kudos
Danny
Champion Champion
Champion

Benny Shlesinger wrote that Check Point is currently "evaluating the option to extend support for R77.30 in order to allow more time for migration to R80.10." He also noted "It is an interesting approach to extend it only for GW side." Let's see what finally turns out.

0 Kudos
Vladimir
Champion
Champion

Apologies for minor thread hijacking, but it is kind-of relevant to future upgrade plans and resources available with appliances.

There are presently appliances in the lineup that are somewhat underwhelming, i.e. 5200 for instance.

Wouldn't it be easier to manufacture and sell fewer appliances with more capable CPUs and simply unlock cores with licenses?

Jim Fessler brought up a reasonable question about costs of the memory modules. I'd add to that a support line item associated with those. 

It almost seem counterproductive, at least in the case of SMBs, which end-up running either appliances that are redlining or disable features on them.

Another possible issue is the real-world traffic mix used for sizing. Given that 75 percent of all web traffic is https, do the charts account for HTTPS inspection being turned on the appliances? I am not sure, but it probably should be. Does the same goes for SMB and CIFS? 

0 Kudos
Douglas_Rich
Contributor

It's not a matter of choice, essential features just don't exist yet in R80.xx

R80.x Multi-Domain (Provier-1) is unsupportable by MSPs due to the inability to onboard new customers from R80.x, migrate CMAs/Domains, or backup/restore individual CMAs/Domains... 

From the Upgrade User guide;  "Migration of R80/R80.10 Security Management Server or Domain Management Server to Multi-Domain Server R80/R80.10 is not supported"

0 Kudos
Chris_Butler
Collaborator

This also begs the question as to what becomes of Check Point Endpoint Security with SandBlast? I realize that 80.20 M1 is out, but it is essentially version 0.9 of a totally new platform as far as SandBlast support in Endpoint Client management. There should be 80.20 GA in use with about a year's worth of hotfixes before one would really trust going whole hog over to it. We have a standalone 77.30.03 Endpoint Management server and we are STILL working through lots of hiccups in terms of the clients themselves and even with the more familiar 77.30 interface there are a number of issues with workflow and drilling down to an actual infection or problem to find out what is happening. I think the switch to a completely different codebase for Endpoint Support at this point is doubly troubling as a proposition.

Is support for the special case of Endpoint Security management also going to go bye bye in May 2019?

Oh, and Hi Vladimir! how are ya?

0 Kudos
Vladimir
Champion
Champion

Hi Chris!

All is well, thank you and I hope it is likewise with you.

0 Kudos
PhoneBoy
Admin
Admin

As far as I know, the End of Life also applies to R77.30.03 as well.

But as Benny Shlesinger‌ said, we are re-evaluating all this.

Stay tuned.

0 Kudos
PhoneBoy
Admin
Admin

We are in the process of updating the performance numbers on the datasheets using a newer traffic blend based on what we've seen in current real-world environments.

0 Kudos
Vladimir
Champion
Champion

Can you verify if inspection of HTTPS, SMTP /TLS, CIFS and SMB are included in the calculations?

If not, it would probably make sense to have another version for accurate sizing.

There is another contender for inspection: IPFS. Do you know if it could be blocked if inspection is not possible? 

0 Kudos
PhoneBoy
Admin
Admin

I believe once the numbers are updated on all the datasheets, we'll have more details on the mix of traffic used.

0 Kudos
Corey_Christmas
Participant

Is the HTTPS inspection blade now included in the new policy or does it still revert back to the old UI?

0 Kudos
PhoneBoy
Admin
Admin

Still uses SmartConsole 

0 Kudos
Vladimir
Champion
Champion

You mean SmartDashboard?

0 Kudos
Maksym_Sofer
Employee Alumnus
Employee Alumnus

R80.20M1 is equal by Endpoint functionality to R77.30.03.

0 Kudos
Juan_Carlos
Contributor

"R80.10 is a stable version with many advantages. "

=> I guess a bot has taken control over Heiko's account ^^

R80.10 : 

- does not support individual backup/restore for DMS

- does not have any DBrev option (revert is completely useless since it reverts the structure of the rules and not the objects)

- MDM does not support secondary management servers (not on MDM)

- and so much other issues...

R80.10 is clearly not stable and from our point of view we have faced more issues than we have discovered advantages (we have stopped all R80.10 deployment).

R80.10 is clearly not designed for MSSPs.

But fortunatelly Check Point is working on R80.20 that will fix all those issues 

0 Kudos
Iain_King
Collaborator

Yep, going EOS for R77.30 at this stage with the current R80 etc take-up is going to cause massive hassles to a lot of customers. I vote yes for extension.

0 Kudos
GG27
Contributor

That's true.

the SM 205, as well, does not support R80.10 with NPM, LOG and if you have the event, you have a lot of reason for not migrating to R80.10

please update the support date

0 Kudos
Vladimir
Champion
Champion

Danny, I suspect you've created a headache for CP for now, but may be saving them from a bigger one later: 5:1 in favor of extension so far.

If this is representative of a wider client-base, retiring 77.30 this spring may prove very costly and very painful.

0 Kudos
Uwe_Knoetsch
Participant

Hi,

The Time for Update from systems to 80.x is to short. Many customers has systems that he can't update in production systems without the risk for problems with the new software. This politic from checkpoint is'nt the guarantee for the future that the customers think this product is a stable produkt. Not the newest feature is the key interrest for most of the customers, most of them need a stable system.

Regards Uwe

0 Kudos
A_H
Participant

How can Checkpoint pull support for R77.30 if the Threat Emulations appliance can only run on R77.30? Does anyone know when R80.10 or R80.20 will be supported for the Threat Emulation appliances like TE100X?

Regards,

Adrian

0 Kudos
PhoneBoy
Admin
Admin

It's run with R80.10 for several months now (albeit in EA form).

The current Threat Emulation engine also supports R80.20 in EA.

See: Threat Emulation Engine Update - What's New? 

0 Kudos
A_H
Participant

Thanks Dameon,

Looks like the TE appliances webpage is not up to date, R77.30 is still the only listed for download. I could not find any upgrade guide from R77.30 to R80.20 for the TE appliances. The 80.20 upgrade shows in CPUSE. Can I upgrade the TE appliance if the management server and gateways are running R80.10? Or do I need to upgrade the management and gateways first?

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Thank you,

Adrian

0 Kudos
cezar_varlan1
Collaborator

"Please no extension. R80.10 is a stable version with many advantages."

Sorry but this is an unfounded claim! Come have a stroll through a few enterprise installations. I have at least 7 High Severity tickets open since January that would like to prove the opposite.

"While R80.10 with R80.20 M1 management runs quite stable already"

What about standalone deployments? What about vSEC standalone deployments? How does the 80.20M1 management run there with the 80.10 gateway?

0 Kudos
Petr_Frydl
Participant

with TLS 1.3 you will inpect ...

0 Kudos
Peter_Lyndley
Advisor
Advisor

Agreed from an MSP perspective this is the no.1 issue..... and still no clear defined path to resolving it

0 Kudos
Douglas_Rich
Contributor

It's been a full time job explaining this to customers and reflects very poorly on Check Point.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events