This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Dan_Currens
Participant
‎2017-12-12 07:39 AM

R80.10 upgrade rules verification

R77.30 combined Gateway and SmartCenter server that passed the pre-upgrade-verifier and upgraded to R80.10 through CPUSE.

The upgrade completed without issue.  But when it went to install the policy, two rules that passed the R77.30 Rules Verification did not pass the R80.10 Access Control policy verification and the policy did not install until I modified them. 

Are there some differences documented in R80.10 in how the policy is verified? 

In this case it was a good thing, the rules in violation did have issues.  Just didn't see where the issue was initially.

0 Kudos
7 Replies
paul_mallett
Explorer
‎2017-12-12 12:03 PM

Was the failure due to what was effectively rule duplication? I ask because I believe that redundancy detection was improved in R80.10 - the same was included in a hotfix for R77.30 (can't remember precisely which one).

Dan_Currens
Participant
‎2017-12-14 08:03 AM
In response to paul_mallett

Yes, it was essentially over lapped rules.

0 Kudos
Dan_Zaidman
Employee
Employee
‎2017-12-12 11:31 PM

Hi Dan.

There is no documentation.

IMHO we have a better tool.

You can use the R80 desk to simulate the upgrade process and policy installation.

You can read more about this procedure at :

sk110267 - R80.x Upgrade Verification and Environment Simulation service.

Thanks

Dan Zaidman

0 Kudos
Vladimir
Champion
Champion
‎2017-12-13 11:40 AM
In response to Dan_Zaidman

Dan,

Unless I am misreading "R77.30 combined Gateway and SmartCenter server", the Upgrade Verification and Environment Simulation service will not work.

sk110267 states that "StandAlone installation is not supported:.

0 Kudos
Dan_Zaidman
Employee
Employee
‎2017-12-13 01:46 PM
In response to Vladimir

Hi Vladimir , you are right.

Stand Alone installation is not supported in the simulation service.

0 Kudos
PhoneBoy
Admin
Admin
‎2017-12-14 09:15 AM

There were some bugs in the rulebase validation routines in R77.20 and R77.30 that were fixed in R80.10 and possibly recent jumbo hotfixes of R77.30.

As a result, some policies that installed ok prior to upgrading to R80.10 will not install after you upgrade.

These issues are not caught by the pre-upgrade verifier.

Eyal_Rashelbach
Employee
Employee
‎2018-01-01 05:41 AM

Hi Dan,

I hope that following our help you to succeed with your migrating to R80.10
I appreciate if you share your experience with us in our R80.10 Survey 

if needed I will be happy to assist you with personal attention.

Eyal Rashelbach


R80 Desk Manager, Solution Center | Check Point Software Technologies

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events