This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kaspars_Zibarts
Employee Employee
Employee
‎2020-08-30 11:53 PM
Jump to solution

Multi Domain Management experience with R80.40

Hi, just wondering if anyone has upgraded MDS to R80.40 and what's the experience so far with it? Any major issues that one should be aware of?

1 Solution

Accepted Solutions
Martin_Valenta
Advisor
‎2020-09-02 11:14 PM
In response to Kaspars_Zibarts
Jump to solution

r20-1, try to publish some changes on CMA and restart cma device on Tufin or use command "cp.client <ID> -full" this will attempt to retrieve full revision

View solution in original post

9 Replies
mk1
Collaborator
‎2020-08-31 12:29 AM
Jump to solution

Hello Kaspars,

We upgraded from R80.20 and up to this moment everything seems to be fine.

Martin_Valenta
Advisor
‎2020-08-31 02:09 AM
Jump to solution

running on mds r80.40 with 12 domains, 350+ gateways (vsx,clusterlx,standalone,smb devices) for last 3 months. There were no big issues after upgrade to r80.40, only with integration with Tufin, we've run in issues with paralel API calls, which was fixed by CP as part of HFA sk167509

 

Kaspars_Zibarts
Employee Employee
Employee
‎2020-09-02 11:10 PM
In response to Martin_Valenta
Jump to solution

@Martin_Valenta do you happen to know which version of Tufin you are running as my Tufin no longer can log into MDS/CMAs 😞

2020-09-03 08:04:20,694  INFO org.apache.cxf.interceptor.LoggingInInterceptor.log:250 [qtp21711298-45] - Inbound Message
----------------------------
ID: 52
Address: http://127.0.0.1:50276/web_api/v1.1/login
Encoding: ISO-8859-1
Http-Method: POST
Content-Type: application/json
Headers: {Accept=[*/*], accept-encoding=[gzip,deflate], connection=[keep-alive], Content-Length=[130], content-type=[application/json], Host=[127.0.0.1:50276], User-Agent=[Apache-HttpClient/4.4.1 (Java/1.8.0_222-ojdkbuild)], X-Forwarded-For=[x.x.x.x], X-Forwarded-Host=[x.x.x.x:443], X-Forwarded-Host-Port=[443], X-Forwarded-Server=[x.x.x.x]}
--------------------------------------
2020-09-03 08:04:20,696  INFO com.checkpoint.management.web_api_is.utils.helpers.ApiCache.<init>:2 [qtp21711298-45] - Cache created and initialized
2020-09-03 08:04:20,697  INFO com.checkpoint.management.web_api.web_services.WebApiEntryPoint.logRequestedCommandInfo:200 [qtp21711298-45] - Executing [login] of version 1.1
2020-09-03 08:04:21,258 ERROR com.checkpoint.management.web_api_is.exceptions.WebApiGeneralException.log:42 [qtp21711298-45] - Error code: [GENERIC_ERR_OBJECT_NOT_FOUND]
2020-09-03 08:04:21,258 ERROR com.checkpoint.management.web_api_is.exceptions.WebApiGeneralException.log:43 [qtp21711298-45] - Error message: [No published session was found in the system]
2020-09-03 08:04:21,259 ERROR com.checkpoint.management.web_api.utils.WebApiCommandExceptionUtils.getErrorReply:15 [qtp21711298-45] -
com.checkpoint.management.web_api_is.exceptions.WebApiGeneralException
        at com.checkpoint.management.web_api_is.utils.RemoteSessionUtils.getLastPublishedWorkSession(RemoteSessionUtils.java:79)
        at com.checkpoint.management.web_api.core.handler.commands.session.login.v1_1.WebApiLoginRequestHandler.buildLoginReply(WebApiLoginRequestHandler.java:21)
        at com.checkpoint.management.web_api.core.handler.commands.session.login.v1_1.WebApiLoginRequestHandler.buildLoginReply(WebApiLoginRequestHandler.java:16)
        at com.checkpoint.management.web_api.core.handler.commands.session.login.WebApiLoginRequestHandler.login(WebApiLoginRequestHandler.java:17)
        at com.checkpoint.management.web_api.core.handler.commands.session.login.v1_1.WebApiLoginRequestHandler.login(WebApiLoginRequestHandler.java:15)
2020-09-03 08:04:21,260  INFO com.checkpoint.management.web_api.web_services.WebApiEntryPoint.postEntryPoint:112 [qtp21711298-45] - In Exception:
ex.toString(): java.lang.reflect.InvocationTargetException
ex.getCause(): com.checkpoint.management.web_api_is.exceptions.WebApiGeneralException
ex.getMessage(): null
Is ex instanceof InvocationTargetException: true
2020-09-03 08:04:21,261  INFO com.checkpoint.management.web_api_is.utils.CsvFileWriterUtils.writeCsvLine:4 [qtp21711298-45] - 2020-09-03,08:04:21 +0200,Apache-HttpClient/4.4.1 (Java/,x.x.x.x y.y.y.y:443,login,FAILED,564
2020-09-03 08:04:21,263  INFO org.apache.cxf.interceptor.LoggingOutInterceptor.log:250 [qtp21711298-45] - Outbound Message
---------------------------
ID: 52
Response-Code: 404
Content-Type: application/json
Headers: {Content-Type=[application/json], Date=[Thu, 03 Sep 2020 06:04:21 GMT]}
Payload: {
  "code" : "generic_err_object_not_found",
  "message" : "No published session was found in the system"
}
--------------------------------------

 

Martin_Valenta
Advisor
‎2020-09-02 11:14 PM
In response to Kaspars_Zibarts
Jump to solution

r20-1, try to publish some changes on CMA and restart cma device on Tufin or use command "cp.client <ID> -full" this will attempt to retrieve full revision

Kaspars_Zibarts
Employee Employee
Employee
‎2020-09-02 11:41 PM
In response to Martin_Valenta
Jump to solution

Bingo! Saved my day buddy! Never had seen this one before!

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee
‎2020-09-03 03:11 AM
In response to Martin_Valenta
Jump to solution

One additional comment from Tufin support:

Please note Checkpoint R80.40 is only supported in TOS 19-3 and 20-1 (latest HF versions are required). 

0 Kudos
Magnus-Holmberg
Advisor
Advisor
‎2020-11-30 08:58 AM
Jump to solution

Upgraded 5 MDS with MLM environments now to R80.40 and it has worked really good 🙂
We did have a few log files/indexes that we needed to clean up, other then that no issues.

https://www.youtube.com/c/MagnusHolmberg-NetSec
Eran_Habad
Employee
Employee
‎2020-12-01 01:34 AM
In response to Magnus-Holmberg
Jump to solution

@Magnus-Holmberg  glad to hear, thanks for the feedback!

Also, thank you for posting the video of upgrade trail last month, we reviewed it thoroughly in R&D and we're already implementing some of your feedback 🙂

BTW, what was your previous version on production?

Magnus-Holmberg
Advisor
Advisor
‎2020-12-01 01:46 AM
In response to Eran_Habad
Jump to solution

Thanks! 🙂

We did upgrade from R80.30 HFA215. 
As always make sure to have enough time for you upgrades, we needed about 5hours per MDS environment when we have <30 CMA within them.
We have some bigger once with <75 so it will be interesting how fast they go.
As referens we have our MDS/MLM in vmware with 12 cores and 64GB ram per box and its SSD only.

Keep in mind that MLM is not possible to upgrade before the MDS is upgraded as the "upgrade" button will not be there before.

fwmgmt07.PNG

 



fwmgmt13.PNG

 

regards,
Magnus

https://www.youtube.com/c/MagnusHolmberg-NetSec
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top