This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
RamGuy239
Advisor
Advisor
‎2022-12-06 04:05 AM

Check Point R81.20 "Titan" first release to allow for installation on UEFI and VMware Paravirtual

I did some testing using R81.20 ISO on VMware ESXi. R81.20 ISO does support installation on UEFI, and it does support the use of the VMware Paravirtual controller. I can't locate anything in the documentation mentioning this. The SK for recommendations regarding VMware ESXi installation is rather old (sk104848) and doesn't mention any of this.

Do we have any official feedback from Check Point on this one? Supporting UEFI is a significant improvement for both virtual and especially open server installations. VMware Paravirtual should make noticeable improvements to IOPS with less overhead on VMware installations. I can't see any reason not to opt for VMware Paravirtual unless some unknown issues should be mentioned by Check Point on this topic.

To make sure, I retested using R80.20, R80.30, R80.40, R81 and R81.10 ISO, and they don't allow for UEFI boot or installation, and they don't recognise hard drives using VMware Paravirtual, so this seems to be new with the R81.20 release.

 

But the fact that it works doesn't mean it's something Check Point considers "supported" or even "allowed". Some information from Check Point on this topic would be really helpful to get a better understanding of the changes provided with R81.20.

Certifications: CCSA, CCSE, CCSM, CCSM ELITE, CCTA, CCTE, CCVS, CCME
8 Replies
Chris_Atkinson
Employee Employee
Employee
‎2022-12-06 05:27 AM

R81.20 has a slightly newer kernel which helps.

Were still in the process of updating things like the HCL and SKs like you've mentioned with the relevant parts / info. Stay tuned - subscribe for updates!

 

CCSM R77/R80/ELITE
RamGuy239
Advisor
Advisor
‎2023-01-30 12:48 PM
In response to Chris_Atkinson

Do we have any ETA on when sk104848 is going to be updated? Still nothing about R81.20 in the SK. Rather difficult to get an understanding of how Check Point is looking at the fact that R81.20 natively supports (U)EFI boot and PVSCSI. I just tested deploying R81.20 on Microsoft Hyper-V as well, and as a result of R81.20 supporting UEFI boot, it's now finally possible to deploy both Check Point Gateway and Management installations as Generation-2 virtual machines on Hyper-V.

sk106855 - Check Point Gaia OS support for Hyper-V does mention the existence of R81.20, but none of the other content has been changed or updated. This could mean that Check Point still looks at UEFI as not being supported, thus making Generation-2 virtual machines unsupported deployments. But considering sk104848 does not reflect anything R81.20 specific I have a feeling the details of sk106855 do not take any of these R81.20 changes and improvements into consideration either.

Certifications: CCSA, CCSE, CCSM, CCSM ELITE, CCTA, CCTE, CCVS, CCME
0 Kudos
PhoneBoy
Admin
Admin
‎2022-12-06 07:30 AM

One of the other things R81.20 fixed was how partitions are aligned on the disk.
This will definitely help performance on virtual machines as well.
See:
 https://community.checkpoint.com/t5/Management/Gaia-partition-misalignment/m-p/160677#M32878

Bob_Zimmerman
Authority
Authority
‎2023-01-30 04:36 PM

Just curious: what happens if you install R81.20 in a VM with UEFI boot ROM, then downgrade in-place with CPUSE to R81.10? Or even to R80.40? Do they remain able to boot? Or does the downgrade overwrite the bootloader?

0 Kudos
Vladimir
Champion
Champion
‎2023-01-30 09:45 PM

It is indeed a new feature and I have successfully installed R81.10 UEFI on VirtualBox. This said, I have another question to CP engineers- When using AMD-based hosts, I had to set paravirtualization to "None" to complete the installation and to have the resultant VMs perform adequately. Not doing that results in exceptionally long boot time. This, by the way, is happening regardless of whether UEFI is used or not.

I'd appreciate any insides into this issue.

PhoneBoy
Admin
Admin
‎2023-01-31 08:48 AM
In response to Vladimir

It comes down to the fact that we don't sell appliances with AMD processors.
I don't believe we support any Open Server appliances with AMD either.
Therefore, we do not optimize (or account for) anything AMD specific. 

0 Kudos
Vladimir
Champion
Champion
‎2023-01-31 08:53 AM
In response to PhoneBoy

That I know, but when we are running CP in the cloud environments, are the CSPs guaranteeing that those will be span-up on Intel hardware, or are they masking the underlying CPUs?

0 Kudos
PhoneBoy
Admin
Admin
‎2023-01-31 07:20 PM
In response to Vladimir

It could be either, depending on the provider, I suspect.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events