Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

R81 Jumbo Hotfix Accumulator - New GA Take #23

Yifat_Chen
Employee
Employee
1 11 1,226

Logo.png

Hi All

R81 Jumbo HF Take #23 is now our GA take and is available for download to all via CPUSE (as recommended) and via sk170114.

Release Highlight:

New! Starting from Take #23 , Blink image is supported for:

  • Security Management upgrade
  • Primary Multi-Domain Management (clean install)

**Blink image for the secondary Multi-Domain Management  and Multi-Domain Log Module (MLM) will be added in one of the upcoming Jumbo Takes

 

Full list of resolved issues can be found in sk170114.

11 Comments
the_rock
Leader
Leader

I wish Check Point was not releasing these jumbo fixes so fast...no wonder they keep breaking stuff. I have a gut feeling most of the time its probably not even tested to make sure it works the way it should.

PhoneBoy
Admin
Admin

We release JHFs approximately monthly @the_rock.
There are two types:

  • GA (General Availability): Generally recommended for everyone to install. These hotfixes will be offered in CPUSE by default.
  • Ongoing (Early Adopter): Should only be installed if you have one of the issues mentioned in the relevant SK. Almost all JHFs start out as this and, after a few weeks, if no critical issues are found, they are declared GA, otherwise we'll replace with a new Ongoing fix. To install Ongoing JHFs, you must manually enter a CPUSE identifier (i.e. they are not offered in CPUSE by default).

This is documented here: https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&eve... 
It should be noted this is the first GA JHF for R81.

the_rock
Leader
Leader

@PhoneBoy ...I thank you for the response, but this is the same old story, even before R77 if I recall. These things are not tested properly and it shows. I once had a customer update to latest jumbo hotfix back in R80.20 and things got so bad, that not even R&D could fix it on remote session. Needless to say, there were f bombs thrown on a call and escalation guy and Israel guy from R&D felt ashamed, it was so obvious. Sadly, this is not isolated case...

Tsahi_Etziony
Employee
Employee

Hi @the_rock.

My name is Tsahi Etziony and I lead the release of new main train versions and their jumbo fixes.

We are constantly learning and improving and indeed we have learned a lot since R77. The two release phases @PhoneBoy described are specifically for the goal of making sure no issues are released to everyone without making sure the jumbo is of high quality. Specifically - we do not declare a jumbo as GA before we see it was installed on many machines, and no severe problems were reported from the field. 

Of course, some times we do find issues at a later stage, and we try to minimize these cases, while offering a workaround and a new jumbo as soon as possible. 

I must say that the current adoption trends of new jumbos show a growing trust from the field and a good quality of our releases. 

If you have examples that I can learn from and improve the releases, please share with me at - tsahie@checkpoint.com. I'd also love to have a call and discuss your experience. 

 

the_rock
Leader
Leader

We had calls about it many times and absolutely nothing happened, so that customer switched to another vendor, which was expected outcome.

_Val_
Admin
Admin

@the_rock Part of the partner's responsibilities is to help customers maintaining a reasonable version management, according to their individual needs. In my 12 years working for a major international partner, I do not recall a single case when the vendor was pushing JHFs by force. 

You are welcome to express any feedback, positive or otherwise, in the community.

However, as our goal is helping each other out, we do appreciate details, when negative feedback is provided, so we could improve the processes and products in the future. Otherwise, it is just venting 🙂 That also can help, but only to the person venting, not to the community in whole.

Thanks for your understanding.  

the_rock
Leader
Leader

TAC will always push for latest jumbo, but usually without actual proof it will fix the issue. In my personal opinion, and witout any venting : )), that is certainly not good practise.

 

Again, just my personal opinion.

_Val_
Admin
Admin

@the_rock No problem, Andy 🙂

just to be clear, there are certain reasons for TAC to ask customers to upgrade to the latest HFA:

1. In many cases a particular issue in hands may be fixed  already with that HFA
2. It is easier to compile a private fix based on the latest GA Jumbo

Also, the customer can refuse going for the latest jumbo, with enough justification. That said, any personal opinion is welcome here.

Arne_Boettger
Contributor

From my point of view, the Jumbo HFAs have gotten more and more reliable. And I understand the problem that if nobody installs the Jumbo HFA, nobody is testing it, so errors cannot be found.

All hotfixes which are part of the Jumbo-HFA are there for a reason - they fixed issues the customers faced. I guess the challenge in bundling them is, that there can always be side effects from different hotfixes.

So I very much appreciate the current mode of releasing ongoing takes regularly, allowing us to check them for issues we might encounter, and installing them on an as needed basis. 

Regarding TAC, the push for installing a Jumbo before debugging has gotten softer. When TAC recommends a Jumbo-HFA, it has always been based on specific fixes. If not, being on a GA take was enough to get them to investigate our issues.

the_rock
Leader
Leader

Thats fair, I agree with points made here...I just personally wish there was a bit more thorough testing beforehand, thats all. I have not had much experience with jumbo fixes in R81, but I will admit that in R80 codes, they have gotten better, so lets hope it stays that way : )

yosefgher
Explorer

Recently we installed Jumbo fix 23 in our security management , after this our identity awareness  services stopped working properly ,pdp in gateways cannot retrieve group memberships  and access roles.(Access roles are not matched in FW rule)

Any advise  please

Labels