This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Alex_Lam1
Contributor
‎2020-04-06 01:22 AM

R80.30 Vs R80.40 on MDS

Hello

 

What's the recommendation on R80.30 vs 80.40 on MDS?

Featurewise, i would like to go to R80.40 especially for revert to revision. 

In the current environment we have R80.20 with the latest take. 

Any stability issue or any known hurdles upgrading from R80.20 to R80.40?

 

 

Regards

Alex

0 Kudos
8 Replies
Timothy_Hall
Legend Legend
Legend
‎2020-04-06 05:38 AM

R80.40 is GA but has not been declared the "default recommended release" as of now, also there is no GA Jumbo HFA for R80.40 yet although there is an ongoing take.  That being said assuming you take a snapshot first, upgrading your SMS to a new release like R80.40 is fairly low risk.  Make sure your current R80.20 SMS is using the XFS filesystem (mount command) and if it is go ahead and upgrade to R80.40 in place.  If it is still using ext3 filesystems a migrate export with the R80.40 tools, fresh reload of your SMS to R80.40, and migrate import is strongly recommended to pick up the performance benefits of the XFS filesystem.

Attend my Gateway Performance Optimization R81.20 course
CET (Europe) Timezone Course Scheduled for July 1-2
0 Kudos
Vladimir
Champion
Champion
‎2020-04-06 06:34 AM
In response to Timothy_Hall

Tim,

I think the question is specific to MDS. In which case, even knowing that 80.40 is a fresh release (and not having first-hand experience running MDS on it), I would still chose to go with it. Specifically, because of domain portability and versioning control capabilities.

Maarten_Sjouw
Champion
Champion
‎2020-04-06 07:25 AM
In response to Vladimir

I've been running a MDS (single domain) since it was GA, I needed to install the ongoing Jumbo, as I ran into a Policy install issue that was solved in the jumbo.
That said, there are very little problems I have seen so far with R80.40, I have a Global Policy which also works fine.
Next to that you can always use this method to setup a R80.40 MDS
Create a new VM
Install R80.40 on it
run mdsstop on old MDS and change the IP to a free IP in the same network
Run the export on the old MDS
In the mean time set the new MDS to the original IP of the old MDS
Run the FTW and setup the MDS
Move the export file from old to new MDS
Import the R80.20 MDS export file
Run mdsstart on new MDS.
Regards, Maarten
Alex_Lam1
Contributor
‎2020-04-06 05:05 PM
In response to Maarten_Sjouw

Thanks for the feedback.
I am thinking just doing the in-place upgrade, which upload the .tgz and apply the upgrade/update as per checkpoint wizard.

Apart from policy install issue, is there any other major issue?

Alex
0 Kudos
Maarten_Sjouw
Champion
Champion
‎2020-04-07 02:54 AM
In response to Alex_Lam1

None that I have run into.

Did you do a clean install on the R80.20? If not you will be missing out on the new Filesystem, you can check the filesystem by:
[Expert@CPMDS-025:0]# df -hT
Filesystem                                         Type   Size Used Avail Use% Mounted on
/dev/mapper/vg_splat-lv_current  xfs     250G  11G  240G 5% /
/dev/sda1                                            ext3  291M 27M 249M 10% /boot
tmpfs                                                   tmpfs 32G 4.4M  3 2G 1% /dev/shm
/dev/mapper/vg_splat-lv_log          xfs      3.4T 6.8G   3.4T 1% /var/log
[Expert@CPMDS-025:0]# fw ver
This is Check Point's software version R80.40 - Build 038

Regards, Maarten
Alex_Lam1
Contributor
‎2020-04-07 02:34 PM
In response to Maarten_Sjouw

yes,
clean install R80.20 more than a year now 🙂
0 Kudos
Alex_Lam1
Contributor
‎2020-04-07 03:37 PM
In response to Vladimir

Yep its about MDS. Regardless, R80.40 is official release, its no longer GA.
I have been missing the versioning control ^^
feel like can't live without it 🙂
0 Kudos
Magnus-Holmberg
Advisor
Advisor
‎2020-05-30 12:01 AM
In response to Alex_Lam1

When it comes to 

Revert to Revision

The Security Management Server architecture supports built-in revisions. Each publish operation saves a new revision that contains only the delta from the previous revision allowing:

  • Safe recovery from a crisis, restore a Domain or a Management Server to a good known revision.
  • Improved policy verification process based on the difference between the current policy and the one contained in the revision database.

 

 

is this supported when running vsx within a MDS?

if so does it include changes made on routing, interfaces etc aswell?

https://www.youtube.com/c/MagnusHolmberg-NetSec

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top