Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

R81.10 Jumbo Hotfix Accumulator - New Recommended Take #94 (formerly, General availability)

eranzo
Employee
Employee
2 24 3,165

eranzo_1-1680440653700.jpeg

Hi All,

 

R81.10 Jumbo HF Take #94 is now our Recommended Jumbo take (formerly, General availability) and is available for download to all via CPUSE (as recommended) and via Jumbo documentation R81.10

Full list of resolved issues can be found in the Jumbo documentation R81.10

New: Starting from R80.40, Central Deployment allows you to perform a batch deployment of Hotfixes on your Security Gateways and clusters from SmartConsole!!

For more information, see sk168597.

 

Thanks,

Release Operations group

24 Comments
the_rock
Legend
Legend

Installed it in R81.10 lab on both mgmt and cluster + single gateway, so far, no issues 🙂

Andy

cdelcarmen
Participant

new tabs in the smart console

- infinity services

cdelcarmen
Participant

can that infinity services tab can be removed ?

the_rock
Legend
Legend

@cdelcarmen That tab was there since initial R81.20 release, but you are right, it is new 🙂

the_rock
Legend
Legend

I dont believe it can be removed, at least that I know of, but let someone from CP confirm for you 100%.

PhoneBoy
Admin
Admin

@cdelcarmen what is your precise reason for wanting this removed?
As noted previously, this is built into R81.20 and is used for some current/future features (like Quantum SD-WAN).

cdelcarmen
Participant

the new infinity services tab should go after manage and settings tabs.

it is really annoying.

 

 

the_rock
Legend
Legend

@cdelcarmen Maybe its just me, but I dont find it annoying at all : - ). Its just an extra tab that I personally dont care about haha.

cdelcarmen
Participant

exactly my point, i dont use it, i dont need it there.

the_rock
Legend
Legend

Well, you are welcome to request RFE, but I am 99.99999999% sure it wont go anywhere : - ). 

Henrik_Noerr1
Advisor

I totally agree with @cdelcarmen - This feels like an advertisement for some cloud services which I certainly do not need.

the_rock
Legend
Legend

@Henrik_Noerr1 No disagreement there. In all fairness, EVERY vendor does it, its called marketing my friend ; - ). Its like when you see brand new car with heated steering wheel, do most people need it, of course NOT, but it sounds appealing lol

Henrik_Noerr1
Advisor

Except that the owner of the brand new car can choose to turn off this heated steering wheel 🙂

the_rock
Legend
Legend

@Henrik_Noerr1 Very true 🙂

Thomas_Eichelbu
Advisor

Hello, 

we had a couple of issues after installing Take 93/Take94 on a quite large environment.
or in better words we still have them, TAC is already involved.

Our issue is, when we run a policy install on the HQ FW all VPN tunnels do a pause for a couple of seconds ...
We encountered this after installing on take 93. Exactly is seems like a pause in the Link Selection probing mechanism which treats all links as "not responding" and therefor halting all/some VPN tunnels.

there is this SK: sk180437
"Unexpected traffic latency or outage on a Security Gateway / Cluster after policy installation""
https://support.checkpoint.com/results/sk/sk180437

And it describes a rather new thing "The Thread Blocker"
The explanation i got from TAC is, "it prevents soft lookups in some way"
And it should be disabled to counter this "Policy Install Traffic Outage Issue"
So cool thing, to enable a bad issue you have to disable a newly introduced feature???
It seemed to work for a couple of tests, but in the majority it makes no different if is this feature is turned on or off.

Question:
So what is this thing really doing?
Was it introduced with Take 93 or >87?
Why do i need to create a new manual config file on the FW i have to take care of "$FWDIR/conf/user.config"
What is "$FWDIR/conf/user.config" is this a new manual file for the next future parameters because fwkern.conf is no longer cool enough?

best regards
Thomas

PhoneBoy
Admin
Admin

It appears to be the equivalent to fwkern.conf for a Virtual System and appears to have been added in R81.10.

Magnus-Holmberg
Advisor

After upgrade to HFA94 the command cpinfo -y all no longer show any installed hotfixes.

the_rock
Legend
Legend

@Magnus-Holmberg Thats odd...does cpinfo -y fw1 show anything at all??

Magnus-Holmberg
Advisor

no hotfix.PNG

the_rock
Legend
Legend

That sucks...not sure what to say mate, sorry...never ever seen that before.

Daniel_
Advisor

Is it a MDS? If you are in a MDS environment (mdsenv <domain>) cpinfo don't show any HFA information.

I've already had a shock there, too 😱

Arik_Ovtracht
Employee
Employee

Hi @Magnus-Holmberg ,

This is indeed an issue with 'cpinfo -y all', it only works correctly when executed from the MDS context.

We are working to fix it in the next cpinfo release.

the_rock
Legend
Legend

Good to know @Arik_Ovtracht , thanks for confirming.

PhoneBoy
Admin
Admin

Hi @Thomas_Eichelbu the issue you're running into here should be fixed in an upcoming Jumbo.

cc @annika_rubinste @shais 

Labels