Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Niek-Vlessert
Participant

Checkpoint and the Linux kernel

Hello all,

I was wondering if someone can point me to some article about the way Checkpoint uses the Linux kernel. Kernel 3.10 is presented as something new, however it was released in june 2013 and declared EOL in 2017, no patches for security vulnerabilities are created anymore by the kernel community. I expect Checkpoint modifies the code heavily, but still, vulnerabilities are detected all the time, and how do they keep up with reality?

Regards

3 Replies
PhoneBoy
Admin
Admin

The kernel we use in Gaia comes with different versions of Red Hat Enterprise Linux.

  • The 2.6.18 kernel comes with RHEL 5 and is still receiving extended support from Red Hat.
  • The 3.10 kernel comes with RHEL 7 and is in production support from Red Hat.

This is obviously a different level of support from the what the Linux kernel team delivers.

Bottom line: the kernels, while older, are fully supported.

It's a lot easier to keep up with potential security vulnerabilities on a stripped-down, hardened OS.

Most of the modifications we make to the kernel and userspace packages are with this in mind.

HeikoAnkenbrand
Champion Champion
Champion

At this time the following kernel available for Open Server:

3.10 kernel for HP DL 360/380 G10 >>>  At this time only G10 server suppots kernel 3.10 for gateways. As I understood it, more Open Servers should follow with R80.20 in the near future.

2.6.18 kernel for all other Open Server in HCL 

More see here: https://community.checkpoint.com/community/infinity-general/appliances-and-gaia/blog/2018/12/06/r802... 

Regards

Heiko

➜ CCSM Elite, CCME, CCTE
Timothy_Hall
Champion
Champion

It should also be noted that the new Smart-1 525, 5050, and 5150 boxes require the use of the 3.10 kernel due to their hardware.  However if you still want to run R80.10 on them there is a special backported version of R80.10 that uses the 3.10 kernel here:

sk120453: Smart-1 525 , 5050 and 5150

--

CheckMates Break Out Sessions Speaker

CPX 2019 Las Vegas & Vienna - Tuesday@13:30

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events