cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

R80.20 Security Gateway with new Gaia based on kernel 3.10 is GA for CloudGuard and HP Gen10 !

Hi, all.

 

Great news for our Cloud Guard and Open Servers customers : R80.20 Security Gateway with new Gaia based on kernel 3.10 is a GO !

 

We have completed the certification of public cloud (AWS and Azure) and new HP Gen10 Open Servers platforms.

 

The image will be available in Azure and AWS in a few days.

 

Performance improvement on kernel 3.10 based CloudGuard environments is ~300% comparing to current CloudGuard numbers !

 

We now support latest Gen10 HP servers as R80.20 gateways – and we will be adding more open servers soon.

 

The SK for R80.20 kernel 3.10 gateway with all the information and list of limitations is ready here - sk141173.

 

Thanks,

Kim

;
TO READ THE FULL POST it's simple and free
33 Comments

What about regular appliances and open servers already supported with 2.6 kernel?

Performance improvement on kernel 3.10 based CloudGuard environments is ~300% comparing to current CloudGuard numbers !

That's impressive! Thought it is a bit vague, could you please let us know improvement in what exactly (bandwidth, connection/s, other)?

Also, can we expect the same improvement on CloudGuard IaaS when the new kernel is GA for this?

Vladimir
Pearl

WoW!

How about OpenServers on ESXi?

CloudGuard IaaS is part of this GA already.

Employee+
Employee+

All other plarforms will also be supported (CP appliances, legacy open servers, more new open servers and private cloud). 

It's a matter of certification in QA, and it takes time (few months at least). 

There is no technical reason not to support CP appliances, they are blocked intentionally in the iso until the end if certification. 

If there are business opportuninties with customers who need the new kernel on unsupported platforms we can dicsuss it offline without waiting for certification.

Employee+
Employee+

Not yet. As the headline says - this GA is for public cloud (AWS/Azure) and new open servers. Rest of the platforms will be added later (or can be discussed if there is an opportunity)

Employee+
Employee+

Official performance numbers of CloudGuard will be published once the image will be uploaded to AWS/Azure (few days from now)

Checkpoint branding is always so confusing Smiley Happy But I guess the full name of what I meant is "CloudGuard Private IaaS VE", basically a gateway on ESXi ...

Don_Paterson
Silver

Thank you. 

Gaia open server Hardware and VM Compatibility List (HCL) showing G10 servers but also shows a last updated date of 5th August 2018.

Compatible Hardware Archive | Check Point Software 

Employee+
Employee+

We had the option of 3.10 kernel for mgmt servers. Now we are adding the gateway too.

I will check the HCL site to make sure everything is stated as it should be

Bob_Delinsky
Nickel

For current upgrades from R77.30 to R80.20 on Appliances, as of today you are saying that the 3.10 kernel is not yet available and if a fresh install is done it will still be on 2.6 kernel? Do you know when the release for gateway appliances will be for the 3.10 kernel? This would be useful for planning purposes. Thank you

Employee+
Employee+

Bob,

We are working to certify all platforms including CP appliances and additional open servers during 2019. BTW, just so I could better understand the motivation - what feature/functionality is missing in legacy kernel Gaia (2.6.18) on CP appliances ?

Thanks...

Admin
Admin

Just to be clear, this is a specific release for:

  • Specific Open Servers that require the new kernel
  • CloudGuard IaaS (which didn't previously have an R80.20 gateway version)

It may work in other contexts, but it hasn't been certified yet.

It should also be noted that this release has a few limitations, namely no support for VSX and IPv6 (among others).

We do plan to address these limitations and certify Check Point appliances on this newer kernel in the near term.

Borut_Vozelj
Nickel

No IPv6 support? In 2019?

We bought Gen10 HP servers anticipating the 3.10 release. Did not expect missing IPv6 support.

Any ETA on IPv6 suport?

Employee+
Employee+

Hi, Borut.

IPv6 support is planned in a few months. 

Employee+
Employee+

A short video about 3.10 kernel Gaia - Introduction to GAiA 3.10 - YouTube 

When is Gaia 3.10 with VSX support planned?  This is a major hang up and we (like others) are ready to deploy G10s, but need to support VSX.

Admin
Admin

This quarter, to the best of my knowledge.

Since R80.30 is planned for this quarter (see: When will R80.30 GA be available?‌, and also: R80.30 Early Availability Program is started!), it would make sense that we would launch it with that release. 

Don_Paterson
Silver

Thanks AK,

I just got around to checking and I see the updates on the HCL page.

Interesting to see the Release Notes speech bubble and link that pops up when pointing to the major release text. It isn't obvious until moving the mouse cursor over the text but nice to know its there.

Link:

Compatible Hardware Archive | Check Point Software  

Screenshot:

Don

RickLin
Silver

Does anybody know this special version can support normal R80.20 Jumbo hotfix(Take 33 +) ?

Employee+
Employee+

There will be a JHF for this release aligned to R80.20 JHF - we will announce it here among other places once we release it

@Alexander Kim,

What is the current status on Appliance compatibility?

Will 12x00 and 13x00 appliances be supported?

How about the new 6x00 range?

When will the 5x00 series support the new kernel?

Admin
Admin

Technically it should work with other appliances, but full QA was not done yet.

Stay tuned Smiley Happy

Employee
Employee

Hi all,

More good news- 2 additional platforms were added to the HCL:

  • Dell PowerEdge R740/R740 XD
  • Dell PowerEdge R640

The link with the new ISO which supports these new additional platforms is available in the same sk- sk141173

Any ETA when appliancies will be rubber stamped with 3.10 kernel?

Any update on VSX support for r80.20 with 3.10 kernel on dell r740 servers? @Alexander_Kim @Linor_Leshem 

Employee
Employee

Hi, Martin.

VSX support with 3.10 kernel for Dell R740 servers should be ready during ~May.

This release will be based R80.30 (and not R80.20).

Employee
Employee

Martin,

Regarding your other question on 3.10 kernel for CP appliances - this should be available during 2019.

Aidan_Luby
Copper

Does the new 3.10 kernel support AES-NI on CheckPoint appliances? Apparently the new 6000 series appliances are showing AES-NI disabled in the kernel even though those CPUs support it.

Employee
Employee

Hi @Aidan_Luby ,

Kernel 3.10 support for 6000 series appliances, should be ready during 2019.
When it will be available, AES-NI will be supported. 

Right now we don't have 3.10 kernel support for 6000 series appliances.

 

 

 

Hello CheckMates.

 

I just visited a customer who is running an R77.30 standalone installation on "old" HP hardware. They have bought HP DL360 Gen10 to replace the old hardware (without checking the HCL).

Can anyone share an ETA for supporting R80.20/R80.30 Standalone on HP Gen10? Are we talking weeks or months?

 

Thanks in advance,

Peter

@Alexander_Kim , @kerenni, can you advise please?

Employee
Employee

Hi @Valeri_Loukine  @Peter_Janum_Sod ,

R80.20/R80.30 will not support Standalone for Gen10.

R80.40 will have this support for Gen10.