This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Harald_Hansen
Advisor
Advisor
‎2018-06-28 02:45 AM

R80.20 Management Feature Release

R80.20 Management Feature Release (sk123473) was released yesterday. Release Notes: R80.20 Management Feature Release Release Notes 

Some first impressions are following.

What are your thoughts?

The good:

[Expert@r80-20-mgmt:0]# uname -a
Linux r80-20-mgmt 3.10.0-693cpx86_64 #1 SMP Tue Feb 6 12:13:02 IST 2018 x86_64 x86_64 x86_64 GNU/Linux

[Expert@r80-20-mgmt:0]# mount|grep vg_splat
/dev/mapper/vg_splat-lv_current on / type xfs (rw,inode32)
/dev/mapper/vg_splat-lv_log on /var/log type xfs (rw,inode32)

Endpoint Security Server from R77.30.3 is finally available on the R80-platform, even though I don't have any customers managing both firewalls and endpoint from the same SmartCenter.

fdisk and tools are updated and disk alignment, even though the disk layout still leaves a bit to be desired (VMware uses 4 MB blocks). The advice to add more storage to /var/log after installing GAiA still applies.

Expert@r80-20-mgmt:0]# parted /dev/sda

(parted) unit mib
(parted) p
Model: VMware Virtual disk (scsi)
Disk /dev/sda: 122880MiB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:

Number Start End Size File system Name Flags
1 0.02MiB 300MiB 300MiB ext3 boot
2 300MiB 8489MiB 8189MiB linux-swap(v1)
3 8489MiB 122880MiB 114391MiB lvm

The bad:

Still selecting the wrong scheduler by default on virtual machines. This should be deadline pr VMware recommendations! 

[Expert@harald-r80-20-mgmt:0]# cat /sys/block/sda/queue/scheduler
noop deadline [cfq]

No improvement to the legacy "Configure in SmartDashboard" blades.

Default new rules still not configurable; Action Drop/No log still default on all new rules.

No support for paravirtualized drivers in VMware, even though this release is supposed to be based on RHEL 7.

Conclusions:

I'm looking forward to do some performance tests on SmartConsole and logs, on larger installations this has been a concern. Also the new kernel and default XFS file system is a major improvement.

Still I'm disappointed with what's not solved or included in this release, hurry up Check Point, your driving to slow! 

6 Replies
RickHoppe
Advisor
‎2018-06-28 04:23 AM

If I understand this correctly this is not R80.20 but R80.20.M1 and includes some new features.  But perhaps for this reason also lacks some new features. Then you have to wait for R80.20.Mx and see if it’s in there. If you interpret this negatively you might say it is an incomplete R80.20 until R80.20 GA (also for Security Gateways) is there.


I just hope that we do not have to wait for Security Gateway R80.20 as long as between R80 and R80.10 release dates.

My blog: https://checkpoint.engineer
0 Kudos
Tomer_Sole
Mentor
Mentor
‎2018-06-28 04:37 AM
In response to RickHoppe

It depends what are the features you are looking for... if you waited for extreme multi-tasking, Multi-Domain VPN support, improved web log viewer, API's for GUI-only features etc. then you could get them right now. It is true that if you are waiting for Dynamic Office 365 Objects, for example, then this is still only available through the Public EA and the Production EA.

Some Check Point components have their own release cycles such as CloudGuard IaaS and Sandblast. With the Management releases, we can provide main-train releases that support ease of management and automation to our gateway components.

Harald_Hansen
Advisor
Advisor
‎2018-06-28 04:45 AM
In response to Tomer_Sole

Then you should have called this release R80.15 in stead, as you should know how to manage customer expectations.

Since I haven't participated in the EA I don't know if the platform/GAiA issues I mentioned above are done right in the final release.

Still I'm happy you have released something i 18H1 and hope for a quick release of the full R80.20 version.

RickHoppe
Advisor
‎2018-06-28 04:57 AM
In response to Tomer_Sole

At some degree I can understand the reasons behind this. But from an customer point of view I'd rather wait for the complete suite (with that I mean Management and Gateway on R80.20). I don't like the idea of having to install multiple R80.20.Mx versions this year to later be able to install R80.20 for Security Gateways too. Of course it's good to have some of  the new features already on management (if you require them), but the new release schedule also means we (as Check Point partners) need to have more maintenance windows within the existing support contracts. Hopefully the complete R80.20-suite will be here before TAC starts telling us that a required fix on R77.30 or R80.10 is already available in R80.20.Mx.

My blog: https://checkpoint.engineer
0 Kudos
Terry_Greensil1
Participant
‎2018-07-05 01:17 AM

When will we be able to deploy R80.20 M1 to Azure. Need to get onto this release ASAP

0 Kudos
Albert_Wilkes
Collaborator
‎2018-07-10 09:40 AM

Found a snag with R80.20M1: loopback interfaces can't be deleted nor used (other than "lo") after upgrade from R80.10 to R80.20.

I've cloned my VM management and upgraded to R80.20 only to find out the hard time that I can't use the loop00 interface which was assigned my lab license

Even more odd is that you can add loop00 and the like but not delete them through neither clish not the webui AND creating them does not have any effect in terms of ifconfig/ip address. They don't get "activated" in the OS it seems

As I needed an active interface for the license to kick into life I needed to remove the loop00. For this I adapted and followed How to delete entries from Gaia configuration database to get rid of the loopback interface like this ... 

grep 'loop0' /config/db/initial | cut -d \  -f 1 | xargs -n 1 dbset

Be aware that the article currently suggests to use a forward slash rather than a backslash followed by two spaces.

PS: As a side note R80.20M1 doesn't have a menu for cloning groups anymore(see second option in "System Management" menu

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events