cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
guyxgreen
guyxgreen inside General Topics 8 hours ago
views 19 1

Passing SPAN (Port-Mirror) Through Firewall Appliance

Hi guys, I have the following topology:Switch A <-> Firewall <-> Switch B The firewall is running in Bridge-Mode. I want to configure SPAN on Switch A so that it will arrive to Switch B.Is it possible using Bridge-Mode? Is there any special configuration I need to create under the specific Bridge-Group or physical interfaces? Will I be able to apply security elements such as policy and IPS on this traffic?
JonWilliams
JonWilliams inside General Topics 13 hours ago
views 80 3

Nat through site to site vpn

Hi, I am trying to setup a nat through a site to site vpn. we have a weird setup where our internal source is a public ip /32 talking to a dest public ip /32. When i do a no nat rule it works ok. Issue being that our internal ip is a public ip address in italy so they cannot route to it.i then nat our internal to a spare public ip off our cp range and the tunnel breaks. no nat rule issource ip - dest ip - source nat to public spare ipdest ip - source ip (Public) - denat dest to real ipMy encruption domain is source (real and public) des(dest public) Any help, greatly received,, thanks
MattDunn
MattDunn inside General Topics 13 hours ago
views 72 3

Okta vs DUO?

Does anyone use or have an good/bad opinion on either Okta or DUO 2FA? I have a customer asking which is better suited for use with Capsule VPN. A quick Google search shows both are pretty neck and neck, so does anyone have any other real world input to offer?
Jan_Vejling1
Jan_Vejling1 inside General Topics 14 hours ago
views 70 4

Checkpoint lab FW keeps using old DNS server

We have a LAB fw which - in vain - keeps trying to talk to a shut down DNS server.It asks for resolver(1-5).chkp.ctmail.comThe 1st, second and third Dns server (as seen typing show DNS in clish) are ok but nevertheless it keeps trying to talk to our old DNS server. We are on VSX mode so Web UI is not supported.I need to completely delete all reference to dns 10.46.46.46How can i do that, and where else (if not in DNS setup) coul the old server exist in the configuration? /Jan Vejling
PhoneBoy
inside General Topics 18 hours ago
views 764 12 10
Admin

R80.30 Technical Update TechTalk

Our 12 June 2019 TechTalk on R80.30 covered the following topics: New Check Point Appliances (16000 and 26000 Series) R80.30 OS Kernel 3.10 User Mode Firewall New in SSL Inspection Web Threat Extraction Presentation Materials are available for CheckMates members: Video (excerpt below) R80.30 Technical Overview Presentation Q&A from the session that we did not get answers for will added in the comments in the coming days. LITHIUM.OoyalaPlayer.addVideo('https:\/\/player.ooyala.com\/static\/v4\/production\/', 'lia-vid-Z5eGV5aDE6fnC-Agpm6LnD4j--S7jVhKw1600h900r470', 'Z5eGV5aDE6fnC-Agpm6LnD4j--S7jVhK', {"pcode":"kxN24yOtRYkiJthl3FdL1eXcRmh_","playerBrandingId":"ODI0MmQ3NjNhYWVjODliZTgzY2ZkMDdi","width":"1600px","height":"900px"});(view in My Videos)
HEnRY
HEnRY inside General Topics 21 hours ago
views 59 4

DHCP on Check Point 3200

Hello Mates, Kindly assist i have my device Gaia R80.10 device up and running in production. 1. At the moment i am using Static IP address config to assign ip addresses to end users. 2. I want to users to get DHCP addresses automatically. 3. I have used sk92768 but not successful.4. I dont have an external DHCP servderKindly assist.
Valeri_Loukine
inside General Topics yesterday
views 746 28 1
Admin

Propose your Idea of the Year!

Yes, this is this time of year, again. Same as one year ago, we turn to the community and ask you, good folks, to propose the idea of the year. Or, better: The Idea Of The Year! The rules are the same as before, it is about ideas that you wish Check Point would develop into a product/service offering, or improvements to existing ones. Do you think we miss something important or we should consider to expand our product portfolio, feature set, functionalities, get to a completely new playground, change the rules of the game? Tell us NOW! A few disclaimers/notes: There are no guarantees that any idea suggested will be developed, even the "Idea Of The Year", From the suggestions below, we will choose 3-5 ideas which will be put up for voting later on, Preference will be given to ideas that come from customers and partners, though employees are welcome to participate as well. "Likes" and "discussion" around specific ideas will influence (but not wholly determine) the final list, so if you like something someone has suggested, let it be known! @Dorit_Dor and R&D leaders will choose the best ideas, and if you win, you will get a prize! What prize? We will tell you later. Get creative, use your imagination and PROPOSE!
JonWilliams
JonWilliams inside General Topics Friday
views 37 1

NAT through VPN

Hi, i am trying to setup a vpn to a asa and we are natting on our side. On their enc domain (crypto acl) they only have our nat address as their destination.Am i right in thinking that on our side i have to have the real and nat adress as the source on our side (Enc domain) ? If i only have the nat address, i have to add a normal acl to allow the real address through to talk to the destination and it will always use that rather than the enc domain rule ? Sorry, my Checkpoint exp is limited. Any help gratefully received.
Patricio_Gavila
Patricio_Gavila inside General Topics Friday
views 88 5

Messages of mux error on a cluster (active-standby) in r80.20

Hi all,I have a Lenovo System x3650 M5 (compatibility matrix) with GAIA r80.20 (jumboHF take 80) in distributed deployment. The server firmware is updated to the last level, and with the r77.30 version works great. I have many problems with the Internet, for example, images and Office 365 emails take too long to load, even when the user is in an unrestricted rule. This did not happen with r77.30. In active Gateway shows error messages in file /var/log/messages: Jun 12 14:19:57 2019 FW-NODO1 kernel: [fw4_4];mux_task_handler: ERROR: Failed to handle task. task=ffffc20085221670, app_id=1, mux_state=ffffc20092970c00.Jun 12 14:19:57 2019 FW-NODO1 kernel: [fw4_4];mux_soc_result_handler: ERROR: Failed to handle task queue. mux_opaque=ffffc20092970c00.Jun 12 14:19:57 2019 FW-NODO1 kernel: [fw4_4];tls_main_send_record_layer_message: mux_soc_result_handler failedJun 12 14:19:58 2019 FW-NODO1 kernel: [fw4_4];mux_task_handler: ERROR: Failed to handle task. task=ffffc2008275e530, app_id=1, mux_state=ffffc2005f6a5c00.Jun 12 14:19:58 2019 FW-NODO1 kernel: [fw4_4];mux_soc_result_handler: ERROR: Failed to handle task queue. mux_opaque=ffffc2005f6a5c00.Jun 12 14:19:58 2019 FW-NODO1 kernel: [fw4_4];tls_main_send_record_layer_message: mux_soc_result_handler failedJun 12 14:19:58 2019 FW-NODO1 kernel: [fw4_4];mux_task_handler: ERROR: Failed to handle task. task=ffffc2011e77b7b0, app_id=1, mux_state=ffffc200d97bfc00.Jun 12 14:19:58 2019 FW-NODO1 kernel: [fw4_4];mux_soc_result_handler: ERROR: Failed to handle task queue. mux_opaque=ffffc200d97bfc00.Jun 12 14:19:58 2019 FW-NODO1 kernel: [fw4_4];tls_main_send_record_layer_message: mux_soc_result_handler failedJun 12 14:19:59 2019 FW-NODO1 kernel: [fw4_3];mux_task_handler: ERROR: Failed to handle task. task=ffffc200a775bfb0, app_id=1, mux_state=ffffc2027cc1a420.Jun 12 14:19:59 2019 FW-NODO1 kernel: [fw4_3];mux_soc_result_handler: ERROR: Failed to handle task queue. mux_opaque=ffffc2027cc1a420.Jun 12 14:19:59 2019 FW-NODO1 kernel: [fw4_3];tls_main_send_record_layer_message: mux_soc_result_handler failedJun 12 14:19:59 2019 FW-NODO1 kernel: [fw4_3];mux_task_handler: ERROR: Failed to handle task. task=ffffc200aa947b30, app_id=1, mux_state=ffffc200dffa5810.Jun 12 14:19:59 2019 FW-NODO1 kernel: [fw4_3];mux_soc_result_handler: ERROR: Failed to handle task queue. mux_opaque=ffffc200dffa5810.Jun 12 14:19:59 2019 FW-NODO1 kernel: [fw4_3];tls_main_send_record_layer_message: mux_soc_result_handler failedJun 12 14:20:00 2019 FW-NODO1 kernel: [fw4_2];mux_task_handler: ERROR: Failed to handle task. task=ffffc2007f670b30, app_id=1, mux_state=ffffc200c6950420.Jun 12 14:20:00 2019 FW-NODO1 kernel: [fw4_2];mux_soc_result_handler: ERROR: Failed to handle task queue. mux_opaque=ffffc200c6950420.Jun 12 14:20:00 2019 FW-NODO1 kernel: [fw4_2];tls_main_send_record_layer_message: mux_soc_result_handler failedJun 12 14:20:01 2019 FW-NODO1 kernel: [fw4_5];mux_task_handler: ERROR: Failed to handle task. task=ffffc20122ccdb70, app_id=1, mux_state=ffffc20068218810.Jun 12 14:20:01 2019 FW-NODO1 kernel: [fw4_5];mux_soc_result_handler: ERROR: Failed to handle task queue. mux_opaque=ffffc20068218810.Jun 12 14:20:01 2019 FW-NODO1 kernel: [fw4_5];tls_main_send_record_layer_message: mux_soc_result_handler failedJun 12 14:20:02 2019 FW-NODO1 kernel: [fw4_5];cpas_newconn_ex : called upon something other than tcp SYN. Aborting My question is if anyone knows if it is possible to deactivate the mux?. Otherwise I will rollback to r77.30.My concern is: because Check Point sells a poorly tested product and even more wants to force customers to migrate from r77.30 to r80, knowing that the r77.30 version is the best they have had in many years. The r80 version has too many problems, but even in cluster, the truth is impressive the failures of the product. Thanks,Patricio G.
Wolfgang
Wolfgang inside General Topics Friday
views 74 2

2200 appliacne R80.20 failure

Dear folks,we are running R80.20 on an 2200 appliance since 2 month without problems.This week some problems occurs. We got a lot of errors like these:Jun 13 11:19:25 2019 XXXXX kernel: [fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=1 flags=1 opcode=15)Jun 13 11:19:26 2019 XXXXX kernel: [fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=1 flags=1 opcode=15)Jun 13 11:19:26 2019 XXXXX kernel: [fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15)If we do a restart of the appliance they can't install policy (policy install failed) and default policy is loaded.A manual fw fetch after restart loads the actual policy, but the shown errors occurs again after some minutes.Any ideas or seen this error anywhere?Wolfgang
HeikoAnkenbrand
HeikoAnkenbrand inside General Topics Friday
views 128503 33 121

R80.30 cheat sheet - ClusterXL

Introduction This overview gives you an view of the changes in R80.30 ClusterXL. All R80.10 and R80.20 changes are contained in this command overview (cheat sheet). You could download the cheat sheet at the end of this article as a PDF file. Cheat Sheet Chapter Architecture:R80.x Security Gateway Architecture (Logical Packet Flow)R80.x Security Gateway Architecture (Content Inspection) R80.x Security Gateway Architecture (Acceleration Card Offloading) R80.x Ports Used for Communication by Various Check Point Modules Performance Tuning:R80.x Performance Tuning Tip - AES-NI R80.x Performance Tuning Tip - SMT (Hyper Threading) R80.x Performance Tuning Tip - Multi Queue R80.x Performance Tuning Tip - Connection Table R80.x Performance Tuning Tip - fw monitorR80.x Performance Tuning Tip - TCPDUMP vs. CPPCAP R80.x Performance Tuning Tip – DDoS „fw sam“ vs. „fwaccel dos“ Cheat Sheet:R80.x cheat sheet - fw monitor R80.x cheat sheet - ClusterXL More interesting articles:Article list (Heiko Ankenbrand) References sk56202 - How to troubleshoot failovers in ClusterXL sk62570 - How to troubleshoot failovers in ClusterXL - Advanced Guide sk92723 - Cluster flapping prevention sk43984 - Interface flapping when cluster interfaces are connected through several switches sk83220 - How to collect ClusterXL debug during boot sk31499 - How to find out the Multicast MAC Addresses that are associated with Cluster Virtual interfaces sk92909 - How to debug ClusterXL to understand why a connection is not synchronized sk55081 - Best practice for manual fail-over in ClusterXL sk92723 - Cluster flapping prevention sk32578 - SecureXL Mechanism sk33781 - Performance analysis for Security Gateway NGX R65 / R7x
Egor_Cherkasov
Egor_Cherkasov inside General Topics Friday
views 518 6

standby cluster member fails randomly

Hello CheckMates,Here is the issue, I have faced several times with the issue that standby member has stopped to answer icmp, http, https and ssh requests. Only reboot of a member helps.In var/log/messages there are only 2 lines wich correlates with the time of that failoverJun 10 17:10:46 2019 cpfw-msk-2 kernel: [fw4_1];CLUS-220201-2: Starting CUL mode because CPU usage (81%) on the remote member 1 increased above the configured threshold (80%).Jun 10 17:10:56 2019 cpfw-msk-2 kernel: [fw4_1];CLUS-120202-2: Stopping CUL mode after 10 sec (short CUL timeout), because no member reported CPU usage above the configured threshold (80%) during the last 10 sec. I have read some articles related to that messages on the CheckMates, however, I wonder do these messages mean a failover? And what is the possible cause?Meantime, on the both cluster members by means of monitoring blade I do not see any high peaks - the 1st screenshot is the active member, the second is the standby.
Danny
Danny inside General Topics Thursday
views 61483 173 167

Common Check Point Commands (ccc)

ccc is an interactive script to run common Check Point CLI tasks without having to crawl for cheat sheets, bookmarks, manuals or admin guides. GPL licensed. Installation (expert mode) or download: curl_cli http://dannyjung.de/ccc | zcat > /usr/bin/ccc && chmod +x /usr/bin/ccc Spoiler (Highlight to read) Changelog 0.1 - Initial Release - Inspired by Moti Sagey's Top 3 Check Point CLI commands thread 0.2 - Added more commands 0.3 - Interactive Mode added by Marko Keca‌ 0.4 - Added more commands, removed a bug with the 'View all commands' option, Interface Cleanups 0.5 - Added advanced interface summary developed in this thread 0.6 - Implemented enhancements as suggested by Günther W. Albrecht and Martin Heim, added SIC status check for gateways, general code cleanup 0.7 - Added more Security Management commands and CPU + memory statistics 0.8 - Added IPS/Threat Prevention 'Panic Button' as described in this presentation by Timothy Hall and a command suggested by Maarten Sjouw‌ plus more MDS/VSX commands 0.9 - Implemented enhancements as suggested by Mikael Johnsson‌ and Sven Glock‌, added commands to enable/disable SecureXL 1.0 - Colors added for better user experience, dropping for out-of-state packets can now be turned on/off thanks to Dameon Welch Abernathy's thread, IPS Update Time is now shown on R80.x systems thanks to Jerom van den Hoek's thread and many other little adjustments to make this a real 1.x release 1.1 - Added system info to Main Menu (props to: Rosemarie Rodriguez & Nathan Davieau for their Healthcheck script), started a Threat Emulation & Extraction section, improved command coloring 1.2 - Enhanced system info as suggested by Martin Heim, improved system information for cluster status 1.3 - Code improvements, replaced several sed with faster tr and cut commands, added more cluster info to Main Menu, corrected checking routines as suggested by Günther W. Albrecht 1.4 - Added Identity Awareness commands, ability to check the postfix email queue (sk114034), MDS additions as suggested by Maarten Sjouw‌ and output optimizations as suggested by Sven Glock‌ 1.5 - Changed interactive mode to support arrow keys for navigation, added usage information, general performance improvements via Bash's builtin parameter substitution, various fixes 1.6 - Added self-update functionality as requested by Vladimir Yakovlev in this thread, implemented more tests to avoid calls to non-existing ressources as mentioned by Günther W. Albrecht 1.7 - Fixed a nasty bug discovered by Aleksei Shelepov and Günther W. Albrecht 1.8 - Added commands to start/stop the ICA Management Tool, fixed a typo discovered by Ty King 1.9 - Added cpconfig and mdsconfig utilities, added ipassignment.conf integrity check, improved Multi-Core Performance Tuning commands 2.0 - Improved detection for supported OS as suggested by cciesec2006 at CPUG, added commands for CoreXL Dynamic Dispatcher and Firewall Priority Queue handling 2.1 - Added more details to system info (memory, CPU cores, CoreXL & SecureXL statistics), added migrate export command to Firewall Management section, improved several checks 2.2 - Fixed Firewall Management commands as suggested by Günther W. Albrecht 2.3 - Added more commands for mail handling tasks within Check Point Threat Emulation & code optimization as suggested by Maciej Maczka‌ 2.4 - Added Threat Extraction Bypass commands as suggested by Niels van Sluis, added command to show calculated interface topology for easier address spoofing troubleshooting, general code and interface cleanup 2.5 - Added command to check the LOM of Check Point Appliances, improved Address Spoofing commands as suggested Norbert Bohusch 2.6 - Improved system information as suggested by Michael Asher, added VPN routing information as developed in Heiko Ankenbrand's thread 2.7 - Added IA command as suggested by Hans Hartung. Introduced a QoS Troubleshooting section and several code improvements as suggested by Alexander Wilke 2.8 - Improved system info (new: SMT, CPU Load, Multi-Queue Interfaces and Dynamic Dispatcher), added more performance tuning commands, minor script code fixes 2.9 - Added more system info (new: Policy, Blades), improved check for number of Multi-Queue interfaces, added Postfix queue message distribution commands as suggested by Benoit Verove 3.0 - Improved script starting time, added status dots to script starting routine, added Jumbo Hotfix take number and free RAM to system info 3.1 - Added performance troubleshooting commands (sar, iotop etc.), added check for licensed cores and OS edition to system info, fixed a parameter gone in R80.20 as mentioned by Günther W. Albrecht 3.2 - Added more details to system info as suggested by Rolf Peeters and Jozko Mrkvicka, improved script code, added user confirmation before executing commands 3.3 - Added Endpoint Management support, improved check for number of permitted cores as discussed in this thread 3.4 - Added more warning markup to system info, added core & crash dump checks, added commands to view and edit the malware policy on Threat Prevention gateways 3.5 - Fixed a syntax error spotted by Kaloyan Metodiev, improved crash dump location check, added max power script command 3.6 - Replaced a Non-Standard ASCII character spotted by Martin Heim, added red warning label to SecureXL and CoreXL when disabled, minor code improvements 3.7 - Added Tim Hall's "Super Seven" performance assessment commands from this TechTalk session 3.8 - Added more commands to MDS Troubleshooting, fixed Multi-Domain Server OS string handling, improved error handling 3.9 - Revised the self-update mechanism to support user control, added more commands to Firewall Management and MDS Troubleshooting, minor code fixes 4.0 - Added support for t, f, g, h keys (when arrow keys don't work) as suggested by Vladimir Yakovlev 4.1 - Added blade update status, added Management server status as discussed in this thread, revised command to show VPN routes as suggested by Alibi in this post, added firewall inspection, address spoofing and IPS mode checks, added Geo Policy check as suggested in Tim Hall's presentation 4.2 - Added disk usage check, fixed CoreXL check, grouped VPN routes by peer, improved cpvinfo syntax as suggested by Günther W. Albrecht 4.3 - Added API status and version to menu info, added check for Any host access, added commands for CPUSE Deployment Agent handling, fixed syntax for disk usage check Changelog 0.1 - Initial Release - Inspired by Moti Sagey's Top 3 Check Point CLI commands thread 0.2 - Added more commands 0.3 - Interactive Mode added by Marko Keca‌ 0.4 - Added more commands, removed a bug with the 'View all commands' option, Interface Cleanups 0.5 - Added advanced interface summary developed in this thread 0.6 - Implemented enhancements as suggested by Günther W. Albrecht and Martin Heim, added SIC status check for gateways, general code cleanup 0.7 - Added more Security Management commands and CPU + memory statistics 0.8 - Added IPS/Threat Prevention 'Panic Button' as described in this presentation by Timothy Hall and a command suggested by Maarten Sjouw‌ plus more MDS/VSX commands 0.9 - Implemented enhancements as suggested by Mikael Johnsson‌ and Sven Glock‌, added commands to enable/disable SecureXL 1.0 - Colors added for better user experience, dropping for out-of-state packets can now be turned on/off thanks to Dameon Welch Abernathy's thread, IPS Update Time is now shown on R80.x systems thanks to Jerom van den Hoek's thread and many other little adjustments to make this a real 1.x release 1.1 - Added system info to Main Menu (props to: Rosemarie Rodriguez & Nathan Davieau for their Healthcheck script), started a Threat Emulation & Extraction section, improved command coloring 1.2 - Enhanced system info as suggested by Martin Heim, improved system information for cluster status 1.3 - Code improvements, replaced several sed with faster tr and cut commands, added more cluster info to Main Menu, corrected checking routines as suggested by Günther W. Albrecht 1.4 - Added Identity Awareness commands, ability to check the postfix email queue (sk114034), MDS additions as suggested by Maarten Sjouw‌ and output optimizations as suggested by Sven Glock‌ 1.5 - Changed interactive mode to support arrow keys for navigation, added usage information, general performance improvements via Bash's builtin parameter substitution, various fixes 1.6 - Added self-update functionality as requested by Vladimir Yakovlev in this thread, implemented more tests to avoid calls to non-existing ressources as mentioned by Günther W. Albrecht 1.7 - Fixed a nasty bug discovered by Aleksei Shelepov and Günther W. Albrecht 1.8 - Added commands to start/stop the ICA Management Tool, fixed a typo discovered by Ty King 1.9 - Added cpconfig and mdsconfig utilities, added ipassignment.conf integrity check, improved Multi-Core Performance Tuning commands 2.0 - Improved detection for supported OS as suggested by cciesec2006 at CPUG, added commands for CoreXL Dynamic Dispatcher and Firewall Priority Queue handling 2.1 - Added more details to system info (memory, CPU cores, CoreXL & SecureXL statistics), added migrate export command to Firewall Management section, improved several checks 2.2 - Fixed Firewall Management commands as suggested by Günther W. Albrecht 2.3 - Added more commands for mail handling tasks within Check Point Threat Emulation & code optimization as suggested by Maciej Maczka‌ 2.4 - Added Threat Extraction Bypass commands as suggested by Niels van Sluis, added command to show calculated interface topology for easier address spoofing troubleshooting, general code and interface cleanup 2.5 - Added command to check the LOM of Check Point Appliances, improved Address Spoofing commands as suggested Norbert Bohusch 2.6 - Improved system information as suggested by Michael Asher, added VPN routing information as developed in Heiko Ankenbrand's thread 2.7 - Added IA command as suggested by Hans Hartung. Introduced a QoS Troubleshooting section and several code improvements as suggested by Alexander Wilke 2.8 - Improved system info (new: SMT, CPU Load, Multi-Queue Interfaces and Dynamic Dispatcher), added more performance tuning commands, minor script code fixes 2.9 - Added more system info (new: Policy, Blades), improved check for number of Multi-Queue interfaces, added Postfix queue message distribution commands as suggested by Benoit Verove 3.0 - Improved script starting time, added status dots to script starting routine, added Jumbo Hotfix take number and free RAM to system info 3.1 - Added performance troubleshooting commands (sar, iotop etc.), added check for licensed cores and OS edition to system info, fixed a parameter gone in R80.20 as mentioned by Günther W. Albrecht 3.2 - Added more details to system info as suggested by Rolf Peeters and Jozko Mrkvicka, improved script code, added user confirmation before executing commands 3.3 - Added Endpoint Management support, improved check for number of permitted cores as discussed in this thread 3.4 - Added more warning markup to system info, added core & crash dump checks, added commands to view and edit the malware policy on Threat Prevention gateways 3.5 - Fixed a syntax error spotted by Kaloyan Metodiev, improved crash dump location check, added max power script command 3.6 - Replaced a Non-Standard ASCII character spotted by Martin Heim, added red warning label to SecureXL and CoreXL when disabled, minor code improvements 3.7 - Added Tim Hall's "Super Seven" performance assessment commands from this TechTalk session 3.8 - Added more commands to MDS Troubleshooting, fixed Multi-Domain Server OS string handling, improved error handling 3.9 - Revised the self-update mechanism to support user control, added more commands to Firewall Management and MDS Troubleshooting, minor code fixes 4.0 - Added support for t, f, g, h keys (when arrow keys don't work) as suggested by Vladimir Yakovlev 4.1 - Added blade update status, added Management server status as discussed in this thread, revised command to show VPN routes as suggested by Alibi in this post, added firewall inspection, address spoofing and IPS mode checks, added Geo Policy check as suggested in Tim Hall's presentation 4.2 - Added disk usage check, fixed CoreXL check, grouped VPN routes by peer, improved cpvinfo syntax as suggested by Günther W. Albrecht 4.3 - Added API status and version to menu info, added check for Any host access, added commands for CPUSE Deployment Agent handling, fixed syntax for disk usage check
Michael_Rolbin
Michael_Rolbin inside General Topics Thursday
views 195 5

Upgrade VSLS R80.10 to R80.20

Is it supported to upgrade R80.10 VSX VSLS cluster to R80.20 VSX VSLS cluster, including MDS or Smart Center, upgrade?I checked "Installation and Upgrade R80.20 Guide" page 334 and it looks supported for "VSX Cluster". Could you please confirm that for VSLS?
Yifat_Chen
inside General Topics Thursday
views 61 2
Employee+

R80.20 New Management Image is now available as Ongoing release!

Dear All, R80.20 Homepage [sk122485] has been updated with a new Ongoing Management image. This New Security Management image (T117) contains several fixes and enhancements that apply to the First Time Configuration Wizard, Upgrade process and Initial Installation process. Customers who installed the previously released R80.20 Management image (T101) are not required to install this new image. Note that there is no change in Security Gateway image (Take 101). R80.20 Jumbo Hotfix Accumulator Take 80 and above can be installed on this new image as well as on the previous image(Take 101) R80.20 Jumbo Hotfix Accumulator Take 47 is the latest General Availability release, Take 80 is expected to become GA in the upcoming weeks Please Note: This new image will not be published via CPUSE as a recommended version. Once this image becomes GA, it will be a recommended version for CPUSE upgrade as well Available for download: - Via R80.20 New Image Update FAQ [sk151513] - Via CPUSE by using package identifier For full list of fixes, see R80.20 New Image Update FAQ [sk151513] Regards, Release Management group