Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Chris_Butler
Collaborator

SmartConsole version to choose when managing Endpoint and Gateway on same management server?

Jump to solution

I am using our Smart-1 410 management server to manage both our Security Policy (gateway) and our Endpoint clients.

The management server is currently running R80.30 Jumbo Hotfix Take 111 as is the Gateway.

I used to have a standalone Smart-1 205 handling our endpoint management, and the aforementioned Smart-1 410 handled only the Gateway security policy and Smarte Event etc.

The standalone Smart-1 205 was  running 77.30.03 and since it was standalone I had no issues with what the checkpoint endpoint procedure was for keeping the SmartEndpoint console consistent with the latest endpoint version I deploy. Since there was no consideration for what was required of the SmartConsole package for our gateway on the standalone box,  I followed the procedure on that box of going to the Endpoint Security Homepage, finding the latest stable version of the endpoint client, going to that product page, and downloading the suggested SmartConsole installer package, and installing it to support the latest features and policies available with the new endpoint clients 

We have since moved to using endpoint management on the aforementioned Smart-1 410. The one box now handles our entire on premise Checkpoint infrastructure.

We got there not by trying to migrate endpoint clients from the standalone box to the new one with any automated method, but doing the forklift / clean slate thing. 

Since we were replacing all our windows 7 PCs with new Windows 10 PCs we would just set them up to point at the new Smart-1 410 box  and developed a clean an concise deployment policy and blade policy using the old one as a guide to what worked and what did not. 

My question is this. 

if you go to an endpoint client downloads page like this one, entitled
Enterprise Endpoint Security E82.55 Windows Clients

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

You can follow the link to download both the package of choice for the E82.55 endpoint, as well as the SmartConsole package that must be installed to support the new features in E82.55

when you go to the download page for SmartConsole, entitled:
SmartConsole for Endpoint Security Server R80.30 / E82.40 and higher

https://supportcenter.checkpoint.com/supportcenter/portal/role/supportcenterUser/page/default.psml/m...

the package with the installer will include both the security management and endpoint management consoles and the build in this case is not the latest build of SmartConsole overall. Plus the installer package has a different name than if you had just gone to the SmartConsole releases page and downloaded the same build from there

The filename from this download page for what is a build 42 of SmartConsole is:

Check_Point_SmartConsole_R80_30_JHF_008_E82.40.exe

 

However if you go to the R80.30 main homepage

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

And you click on the download link for SmartConsole, it takes you to the latest build, which is 86 on a page entitled
R80.30 SmartConsole Build 86

https://supportcenter.checkpoint.com/supportcenter/portal/role/supportcenterUser/page/default.psml/m...

And the filename is:
Check_Point_SmartConsole_R80_30_jumbo_HF_B86_Win.exe

The root of my question:

If I wanted to upgrade my gateway to the latest GA hotfix, and wanted to have the latest SmartConsole package to go along with it, it is going to involve uninstalling the older SmartConsole and with it goes the SmartEndpoint console of build 42.

Are the builds of SmartConsole special ones for Endpoint Management, tied to the Endpoint Client release?

Or, if I download the latest SmartConsole for my major version overall (80.30 as opposed to 80.40) will it include everything I need to properly manage my gateway and the Endpoint Clients?

I can't seem to get a straight answer reading through the knowledge base and the download pages and product pages do not address this. 

 

Since I need to manage both Gateway and Endpoint from the same PC this is a question I would love to have a more concrete answer to. 

 

Thanks to all.

 

 

1 Solution

Accepted Solutions
Tal_Paz-Fridman
Employee
Employee

Hi 

So it is safe to say that I can just grab the latest build of SmartConsole from the main page and install it whenever a new Endpoint Client is released and be absolutely sure that it will properly support everything I have from Security Management to Gateway to Endpoint management? Yes

I am assuming that a newer SmartConsole package of the same minor version, say 80.30, is backwards compatible with gateways and management servers running older JHF takes of the same minor version? Yes 

When we release versions, the appropriate SmartConsole matches the Security Management Server and the Security Management is matched with the Security Gateways. So if you took the SmartConsole from JHF XXX and installed the relevant JHF XXX on the Security Management Server, they will work perfectly together and manage the gateways properly.

 

Another question / clarification: Since my gateway and management server are running R80.30 JHF take 111 that would mean that I can't use the R80.40 SmartConsole to manage them, correct? It would need to be the latest build of the R80.30 SmartConsole? Yes

Related to my previous comment. If using R80.30 JHF 111 use the matching SmartConsole for R80.30 JHF 111.

To use SmartConsole R80.40 with the many new feature it has, you will need to upgrade the Security Management Server as well to R80.40 + R80.40 JHF XXX

To sum up SmartConsole + Security Management Server / MDS must match 

Gateways could be of the same version or older.

 

View solution in original post

5 Replies
Tal_Paz-Fridman
Employee
Employee

Hi,

SmartConsole installation already includes the corresponding  SmartEndpoint (Endpoint Management Client) as well as other legacy clients such SmartDashboard, SmartProvisioning, SmartUpdate, SmartView Monitor etc.

When you use a SmartConsole build from a specific JHF it should have the exactly same build for all clients, for example from R80.40 JHF 48 the build for all clients is 396:

SmartConsole build.jpgSmartEndpoint build.jpg

It could be that the package names are different depending on where downloading from - the main version page or from the Endpoint pages - but the build should be identical.

Tal

Chris_Butler
Collaborator

That's great to hear, thanks Tal!

So it is safe to say that I can just grab the latest build of SmartConsole from the main page and install it whenever a new Endpoint Client is released and be absolutely sure that it will properly support everything I have from Security Management to Gateway to Endpoint management?

I am assuming that a newer SmartConsole package of the same minor version, say 80.30, is backwards compatible with gateways and management servers running older JHF takes of the same minor version?

Another question / clarification: Since my gateway and management server are running R80.30 JHF take 111 that would mean that I can't use the R80.40 SmartConsole to manage them, correct? It would need to be the latest build of the R80.30 SmartConsole?

Again, thanks for the help!

 

 

0 Kudos
Tal_Paz-Fridman
Employee
Employee

Hi 

So it is safe to say that I can just grab the latest build of SmartConsole from the main page and install it whenever a new Endpoint Client is released and be absolutely sure that it will properly support everything I have from Security Management to Gateway to Endpoint management? Yes

I am assuming that a newer SmartConsole package of the same minor version, say 80.30, is backwards compatible with gateways and management servers running older JHF takes of the same minor version? Yes 

When we release versions, the appropriate SmartConsole matches the Security Management Server and the Security Management is matched with the Security Gateways. So if you took the SmartConsole from JHF XXX and installed the relevant JHF XXX on the Security Management Server, they will work perfectly together and manage the gateways properly.

 

Another question / clarification: Since my gateway and management server are running R80.30 JHF take 111 that would mean that I can't use the R80.40 SmartConsole to manage them, correct? It would need to be the latest build of the R80.30 SmartConsole? Yes

Related to my previous comment. If using R80.30 JHF 111 use the matching SmartConsole for R80.30 JHF 111.

To use SmartConsole R80.40 with the many new feature it has, you will need to upgrade the Security Management Server as well to R80.40 + R80.40 JHF XXX

To sum up SmartConsole + Security Management Server / MDS must match 

Gateways could be of the same version or older.

 

View solution in original post

Chris_Butler
Collaborator
Thanks for your time and your patient and clear answers Tal, much appreciated. 🙂
0 Kudos
Tomer_Noy
Employee
Employee

Thank you very much Tal!

 

I want to clarify something regarding the version & take compatibility:

  1. It's important to have the same major & minor version on the Management server (SMC or MDS) and on the SmartConsole (as Tal stated).
  2. It's always recommended to use the latest JHF on the Management server, and use the latest SmartConsole on the client.
  3. It's not mandatory to use matching JHF and SmartConsole take numbers.
    1. For example, you can be on server JHF 90, but use a newer SmartConsole that was released after JHF 111.
    2. Also, don't worry about installing a newer JHF on the server without updating all the SmartConsole clients.
    3. In fact, we don't always release both JHF and SmartConsole at the same time. We make sure not to break compatibility between the JHF takes.
0 Kudos