Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

R82 Public EA Program

Naor_Nassi
Employee
Employee
4 92 13.3K

R82 logo.png

 

Introducing Check Point Software Technologies' groundbreaking release, R82. This cutting-edge software marks a pivotal moment in cybersecurity with many innovative features. R82 ushers in a new era of web security, offering complete protection for HTTP/3 over QUIC, setting an industry precedent. Moreover, it presents the world's first firewall tailored for effortless HTTPS Inspection deployment while maintaining exceptional performance. Not stopping there, R82 delivers an enhanced operational experience with simplified cluster deployment through ElasticXL and a versatile new VSX mode. The software, in addition, boasts a new version of the operating system with superior networking and routing capabilities. Additionally, R82 takes automation to new heights, allowing full dynamic policy layer configuration through API calls directly to the Security Gateway.

Stay ahead of the curve with R82 and experience the future of cybersecurity management and protection.

 

Enrollment | Public EA Check Point Public EA is designed for lab and sandbox deployments only.

UserCenter:

Register to the Public EA release via - usercenter.checkpoint.com -> TRY OUR PRODUCTS -> Early Availability Programs -> CPEA-EVAL-R82

PartnerMAP:

Register to the Public EA release via - usercenter.checkpoint.com -> CUSTOMER ACQUISITIONS-> Early Availability Programs -> CPEA-EVAL-R82

or connect via this link https://usercenter.checkpoint.com/ucapps/ea-programs

IMPORTANT NOTE 

  • Check Point Public EA is designed for lab and sandbox deployments only.
  • Public EA version upgrade to GA is not supported

 

New in this release

 

 

Quantum Security Gateway and Gaia

Web Security

  • Added support of HTTP/3 protocol over QUIC transport (UDP) for Network Security, Threat Prevention and Sandboxing.

 

HTTPS Inspection

This release brings a significant milestone in performance, simplicity, and deployment of HTTPS Inspection. These capabilities allow customers to implement HTTPS Inspection without compromising performance and user experience.

 

  • Full Fail-open mode - A new capability that automatically detects a failure in the HTTPS Inspection process because of client-side issues such as pinned certificates. When detected, the connection is automatically added to an exception list, ensuring zero connectivity issues for end-users.
  • Deployment assessment - Allows customers to gradually deploy HTTPS to a portion of the traffic (up to 30%), predicts the performance, and automatically detects and resolves connectivity issues.
  • Bypass under load - Optionally bypass HTTPS Inspection in case of high CPU load.
  • HTTPS Inspection monitoring - Inspection status overview and detailed advanced HTTPS Inspection statistics.
  • Enhanced HTTPS Inspection policy - An improved HTTPS policy with a default recommended inspection policy, separate inbound and outbound rules, and multiple outbound certificate support.

 

Automatic Zero Phishing Configuration

Introducing a new addition to the Zero Phishing Software Blade - the Automatic mode.
The Automatic mode significantly simplifies the configuration process, providing a seamless experience. With the Automatic mode, the blade configuration is now effortless: simply enable the Software Blade, and you are ready to go

 

Improved Threat Prevention Capabilities

  • Added configuration granularity for advanced DNS protections in Threat Prevention.
  • Added Advanced DNS protection against NXNS Attack.
  • Added support for DNS over HTTPS Inspection.
  • New Zero-Day prevention engine integrated into the Anti-Bot Blade. This engine detects and blocks advanced malware Zero-Day variants by automatically analyzing and identifying communication patterns.
  • Added Advanced DNS capability to block DNS queries to newly created domains.
  • DNS Security statistics are now available in the SmartView Dashboard.
  • It is now possible to load SNORT rules file as Custom Intelligence Feed automatically with 5-minute intervals to enforce them as IPS protections.

New Clustering Technology

  • ElasticXL - a new clustering technology delivering simplified operations with a Single Management Object and automatic sync of configuration and software between all cluster members

Dynamic Policy Layer

  • Fully automated, API-controlled policy layer that allows dynamic policy changes to be implemented directly to the Security Gateway in seconds without involving Security Management.

Unified Configuration

  • Kernel parameters configuration is now performed in centralized database with Gaia Clish commands and Gaia REST API calls instead of fwkern.conf and simkern.conf files.

See:

Identity Awareness

  • Quantum Gateways can now use Identity Providers defined in the Check Point Infinity Portal, allowing customers to centrally manage identities across multiple Check Point products.
  • Introducing a new mode for Identity Awareness Blade - "PDP-Only", where the Security Gateway acts only as Policy Decision Point (PDP) for identity acquisition and distribution and does not enforce the identity-based policy. The new mode improves scalability for PDPs and Identity Broker. To enable the "PDP-Only" mode, see sk181605.
  • Introduced Identity Sharing cache mode to improve resiliency in case of connectivity loss with the PDP.

IPsec VPN

  • Automatically detect configuration changes in AWS, Azure, and GCP public clouds and adjust the VPN settings ensuring connection stability.
  • Introducing the Advanced VPN Monitoring tool that shows information on each VPN Tunnel and tracks its health and performance.
  • Enhanced Link Selection:
    • Interoperability:
      • Uses the endpoint IP addresses of the VPN tunnel to improve interoperability with other software vendors
      • Uses Dead Peer Detection (DPD) as the link probing protocol instead of the proprietary "Reliable Data Protocol" (RDP).
    • Redundancy:
      • Allows redundancy of VPN tunnels including third-party and native cloud VPN peers.
    • Granularity:
      • Ability to configure the Security Gateway to use different VPN interfaces in different VPN communities.

Remote Access VPN

Security Gateway now supports the IKEv2 protocol for connections from Remote Access VPN Clients (E87.70 and higher for Windows OS and E87.80 and higher for macOS).

Mobile Access

  • Mobile Access Policy and Capsule Workspace configurations are now available in SmartConsole.
  • SAML authentication support for Mobile Access clients that allows seamless integration with third-party Identity Providers.
  • New Management API calls for Capsule Workspace configuration.
    See the Local Management API Reference at "https:/<IP Address of Gaia Management Interface on Management Server>/api_docs/" > section "Mobile Access"

Gaia Operating System

This release boosts Gaia OS with a new OS kernel and multiple new configuration options for better security, enhanced networking and a simpler experience.

The new capabilities are:

  • Enhance Gaia OS with:
    • Support for VSX mode in Gaia Link Layer Discovery Protocol (LLDP).
    • DHCPv6 server, DHCPv6 client, and DHCPv6 client for prefix-delegation.
    • Ability to configure the order of the "AAA" authentication (TACACS, RADIUS, Local authentication) in Gaia Portal and Gaia Clish.
    • DNS Proxy forwarding domains, which allows configuring specific DNS servers per DNS suffix.
  • New Gaia Clish and Gaia Portal configuration items:
    • Two-Factor Authentication for Gaia OS login using time-based authenticator apps (Google Authenticator and Microsoft Authenticator).
    • NTP pools and a larger number of NTP servers.
    • NFSv4 configuration.
    • Keyboard layout.
  • Support for storing a Gaia OS backup in and restoring it from Amazon S3 and Microsoft Azure.

Dynamic Routing

Added support for new Dynamic Routing capabilities:

  • BGP Extended Communities (RFC 4360).
  • BGP Conditional Route Advertisement and Injection.
  • Routing Table Monitor for Event Triggers.
  • IPv4 and IPv6 Router Discovery on cluster members.
  • Router Preference and Route Information option.
  • IPv4 PIM-SSM with non-default prefixes.
  • IPv4 PIM with BFD.
  • IPv4 PIM neighbor filtering.
  • IPv6 Protocol Independent Multicast (PIM) and Multicast Listener Discovery (MLD).
  • REST API calls for BGP, PIM, Multicast Listener Discovery (MLD).
  • REST API calls for Route Redistribution, Inbound Route Filters, and NAT Pools.
  • REST API calls for IGMP.

See the Local Gaia API Reference at https://<IP Address of Gaia Management Interface>/gaia_docs/#introduction > section "Networking".

Performance and Infrastructure

  • HyperFlow acceleration of elephant flows for the SMB/CIFS service.
  • Quantum Security Gateway multi-core utilization for sending inspection logs, improving log output capacity by up to 100%.
  • SecureXL acceleration of traffic over VxLAN and GRE tunnels.

Maestro Hyperscale

This release features improvements in managing and monitoring Maestro Hyperscale clusters, which include:

  • Support for SNMP Queries on each Security Group Member.
  • REST API on Quantum Maestro Orchestrator and ElasticXL Cluster Members:
    • New Quantum Maestro Orchestrator API calls for configuration and monitoring of Security Groups, Gateways, Sites, and Ports.
    • Support Gaia REST APIs for Quantum Maestro Security Group Members and ElasticXL Cluster Members.

See the Local Gaia API Reference at https://<IP Address of Gaia Management Interface>/gaia_docs/#introduction > section "Maestro".

VSX

Check Point VSX is enhanced with a new mode, allowing simpler configuration, easier provisioning, and a similar experience to a physical Security Gateway.

The benefits of the new VSX mode are:

  • Unified management experience between Check Point physical Security Gateways and Virtual Gateways, including the capability to manage each Virtual Gateway from a different Management Server.
  • Improves VSX provisioning performance and provisioning experience - creating, modifying, and deleting Virtual Gateways and Virtual Switches in Gaia Portal, Gaia Clish, or with Gaia REST API.
  • Management feature and API parity between Virtual Gateways (VGW) and physical Security Gateways.

Tools and Utilities

  • ConnView - a new consolidated troubleshooting tool for viewing connections information on the Security Gateway that works in the User Space Firewall (USFW).
    See the Local Gaia API Reference at https://<IP Address of Gaia Management Interface>/gaia_docs/#introduction > section "Diagnostics" > section"Connections" > command "show-connections".
    In the Expert mode, run the "connview" command.
  • Improved policy advisory tool "fw up_execute" (in the Expert mode), which performs virtual Access / NAT Rule Base execution. Given inputs based on logs or connections, the execution provides detailed information such as matched rules and classification information.

Quantum Security Management

Security Management Server Enhancements

  • The LDAP Account Unit object now uses the LDAP server name and CA certificate for LDAP trust.
    The trust is automatically renewed if an administrator renews or replaces the LDAP server certificate. As a result, Check Point servers keep their connectivity to the LDAP server.
  • Support for Management API to run the "vsx_provisioning_tool" operations to configure VSX Gateway and VSX Cluster objects.
    See the Local Management API Reference at https://<IP Address of Gaia Management Interface on Management Server>/api_docs/ > section "VSX" > command "vsx-provisioning-tool".
  • Support for Management API to configure the "Data Type" objects for the Data Loss Prevention and Content Awareness Software Blades.
    See the Local Management API Reference at https://<IP Address of Gaia Management Interface on Management Server>/api_docs/ > section "Data Types".
  • Security Gateways can now be managed by a Security Management Server hosted behind a public cloud or third-party NAT device.

Central Deployment of Hotfixes and Version Upgrades in SmartConsole

Central Software Deployment through SmartConsole was enhanced and now supports:

  • Uninstall of Jumbo Hotfix Accumulators.
  • Installation of packages on ClusterXL High Availability mode in the "Switch to higher priority Cluster Member" configuration ("Primary Up").
  • Installation of packages on Secondary Management Servers.
  • Installation of packages on Dedicated Log Servers..
  • Installation of packages on Dedicated SmartEvent Servers.
  • Installation of packages on Clusters of Quantum Spark and Quantum Rugged Appliances.
  • Installation of packages from Standalone Servers.
  • Package Repository per Domain on a Multi-Domain Security Management Server.

SmartProvisioning

  • Star VPN Community now supports Quantum Maestro Security Groups, VSX Gateways, and VSX Clusters as Center Gateways (Corporate Office Gateway).

Multi-Domain Security Management Server

  • Ability to clone an existing Domain on the same Multi-Domain Security Management Server. See sk180631.
  • Improved upgrade time of large Multi-Domain Security Management Server environments by up to 50%.
  • New Management API for setting IPv6 address of Multi-Domain Security Management Server.

Compliance

  • Added support for Quantum Maestro and Quantum Spark Appliances:
    • Gaia OS Best Practice support for Maestro Security Groups by checking each Security Group Member individually and presenting a consolidated Best Practices status.
    • Applying relevant Gaia OS Best Practices on Quantum Spark Appliances.
  • Added Gaia OS Best Practice support for Log Servers.
  • Added new regulations:
    • Cyber Essentials v3.1 regulation
    • Israeli Cyber Defense Methodology 2.0

CloudGuard Network Security

CloudGuard Controller

  • CloudGuard Controller support for Identity Awareness PDP (Identity Sharing).
  • CloudGuard Controller for VMware NSX-T now uses Policy Mode APIs to import objects from an NSX-T Manager.
  • CloudGuard Controller for VMware NSX-T can import Virtual Machines and Tags from an NSX-T Manager.
  • Multi-Domain Security Management Server now supports Data Center objects and Data Center Query objects in the Global Policy.

CloudGuard Network

  • New Management API for CloudGuard Central License utility.

Harmony Endpoint

Harmony Endpoint Web Management enhancements:

  • Client optimization for Windows servers - Harmony Endpoint allows you to easily optimize the Endpoint Security clients for Windows servers, such as Exchange servers, Active Directory servers, Database servers, and so on, by manually assigning Windows server roles.
  • Run Diagnostics:
    • Runs performance checks on endpoint clients using Push Operation.
    • The performance report presents each client's CPU and RAM utilization, including the configurable threshold.
    • Harmony Endpoint presents suggested exclusion for performance improvements.
    • You can easily add an exclusion as part of "Global Exclusion" or "Exclusion per Rule":
      • Exclusion description - You can now add comments for new or existing exclusions.
      • Global Exclusion - You can now easily add global exclusion that applies to all rules.
  • Application Control for macOS - Control which applications can run or use networking.
  • New Asset Management view:
    • Filters - A brand new look and functionality for filters that enhances operation and productivity, while using the Asset Management view.
    • Asset Management Table - Bigger asset management table to see all relevant data easily.
    • Columns reorder - New Column reorder option to customize the asset management table based on their specific needs by changing columns location.
  • Linux Offline Package - Supports upload and export package for Linux OS clients.
  • Added Harmony Endpoint Management API to support on-premises Endpoint Security Management Server.

The API is disabled by default for on-premises deployments. See the Harmony Endpoint Management API article.

92 Comments
PhoneBoy
Admin
Admin

For those installing this in VMware, please pay important attention to the memory/disk space/cores requirements.
I believe you can use RHEL 8.x as the VM type.
Also you will need to disable the Secure Boot option to install from ISO:

image.png

Choose the VGA option for installation.

the_rock
Legend
Legend

Awesome!

Chris_Atkinson
Employee Employee
Employee

Exciting times!

the_rock
Legend
Legend

Super excited for this.

Andy

 

*****************************

 

HTTPS Inspection

This release brings a significant milestone in performance, simplicity, and deployment of HTTPS Inspection. These capabilities allow customers to implement HTTPS Inspection without compromising performance and user experience.

 

  • Full Fail-open mode - A new capability that automatically detects a failure in the HTTPS Inspection process because of client-side issues such as pinned certificates. When detected, the connection is automatically added to an exception list, ensuring zero connectivity issues for end-users.
  • Deployment assessment - Allows customers to gradually deploy HTTPS to a portion of the traffic (up to 30%), predicts the performance, and automatically detects and resolves connectivity issues.
  • Bypass under load - Optionally bypass HTTPS Inspection in case of high CPU load.
  • HTTPS Inspection monitoring - Inspection status overview and detailed advanced HTTPS Inspection statistics.
  • Enhanced HTTPS Inspection policy - An improved HTTPS policy with a default recommended inspection policy, separate inbound and outbound rules, and multiple outbound certificate support.
Daniel_
Advisor

Has R82 a modern Red Hat version in full 64 bit or have you just updated the kernel?

# fw ver
This is Check Point's software version R81.20 - Build 018
# file $(command -v ls)
/usr/bin/ls: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.6.16, dynamically linked (uses shared libs), for GNU/Linux 2.6.16, stripped

sharonab
Employee
Employee

R82 is based on 4.18.0-372.9.1cpx86_64 kernel , the OS load in 64 bit mode (this is not new and is true since R80.20).

Gaia contains many libraries and binaries , some are 64 bits and some are 32 bits.

in R82 some of this libraries and binaries have been upgrade or moved to 64 bits. 

 

G_W_Albrecht
Legend Legend
Legend

Registration is not available:

NoEA.png

 

Naor_Nassi
Employee
Employee

Hi @G_W_Albrecht  we are looking into it.

For now, you can connect via this link and register https://usercenter.checkpoint.com/ucapps/ea-programs 

the_rock
Legend
Legend

@Naor_Nassi ...I get exact same thing as @G_W_Albrecht . Let us know once fixed and we can check.

Best,

Andy

Naor_Nassi
Employee
Employee

@the_rock please use the following link - 

https://usercenter.checkpoint.com/ucapps/ea-programs

There is a known issue that user center shows a different view from time to time, working to fix it.

the_rock
Legend
Legend

Thank you @Naor_Nassi ! Got it and will upgrade one of my labs and probably make another post about it.

Best,

Andy

Bob_Zimmerman
Authority
Authority

Any chance of CloudGuard Network for Private Cloud images? All of my automated testing infrastructure is built around them.

the_rock
Legend
Legend

Excellent question @Bob_Zimmerman 

the_rock
Legend
Legend

@Naor_Nassi 

Would you mind confirm something please? See below post I made about R82 lab I set up and Tim Hall mentioned that R77.30 is not supported version for gateways as far as backward compatibility, but when I try add a fw object via smart console, it gives option all the way back to R70.

I downloaded all the docs from link you sent for EA registration, but am unable to locate anything about this there.

Thoughts?

Andy

https://community.checkpoint.com/t5/Security-Gateways/R82-feedback/m-p/218111#M41587

Norbert_Bohusch
Advisor

There is a difference between "supported" and "to be able to configure" I would say.

Naor_Nassi
Employee
Employee

Hi @the_rock,

For your question - We’ll not support BC on R77.30 and below BUT we didn’t actually block it as we don’t want legacy customers to be blocked on MGMT upgrade.

You can see it the RN under supported security gateway version

 

Picture.PNG

the_rock
Legend
Legend

Thank you @Naor_Nassi , also saw that last night after Tim Hall sent the right link, which is what I had from your previous post, but downloaded wrong zip file to read the guides.

Andy

cenes
Explorer

Hi there!

 

EA first-timer here, so how about the licensing - will I have to use an eval lic generated from my account or this works different? Planning to use R82 EA for a lab,

 

Thanks!

dokapp
Explorer

@cenes yes - you can use normal eval lics.

working fine for me.

the_rock
Legend
Legend

@cenes Thats what I always used in the past, works fine.

Andy

PhoneBoy
Admin
Admin

Hey @cenes in addition to standard "all-in-one" evals (which should work), we actually put an eval license in your UserCenter account with the SKU CPEA-EVAL-R82.
I believe it's for 90 days instead of 30.

cenes
Explorer

Thank you @the_rock and @PhoneBoy for answering,

I just check and there is a SKU for R82 in my account.

As it doesn't have an expiration date, I believe the 90 days countdown starts after activation, right?

Also, after thus 90 days license expires, is there any possibility to obtain another one or I must switch to a 30 days one?

Thanks.

the_rock
Legend
Legend

@cenes I always switch, no issues.

Andy

PhoneBoy
Admin
Admin

@cenes yes the 90 days is from activation.
You can either use additional 30 day evals as needed.
For longer-term evaluations, please reach out to your local Check Point office.

Naor_Nassi
Employee
Employee

Hi everyone,

A new JHF file was uploaded to Public EA files, take 40 (Check_Point_OPT_T633_EA_JHF_MAIN_Bundle_T40_FULL.tar)

This JHF includes several R82 EA fixes on the Management and GW sides and it is recommended to use it.

The JHF can be installed via CPUSE on top of the previous JHF - take 13 so NO need to un-install the previous JHF.

Thanks

the_rock
Legend
Legend

@Naor_Nassi 

I like the name, Jaguar, very cool 🙂

Just installed it, lets see how things are after 24 hours.

Andy

PhoneBoy
Admin
Admin

The name Jaguar gave me flashbacks to my Nokia days, as I believe this was a codename we used for an IPSO release. 🙂

the_rock
Legend
Legend

Jaguar, I really like that name...reminds me of guy giving me a test ride in 1953 Januar car ages ago in Manchester, some antique car show.

Well, regardless of the name, jumbo seems stable so far 🙂

Andy

RamGuy239
Advisor
Advisor

@PhoneBoy 

It's possible to select Red Hat Enterprise Linux 8 (64-bit) using Check Point Gaia R81.20 as well. It boots just fine using (U)EFI/GPT over BIOS/MBR. It also works splendedly with VMware Paravirtual (PVSCSI) controller.

Red Hat Enterprise Linux 8 (64-bit) is the obvious choise as it shares the same kernel version. R82 is basically based on Red Hat Enterprise Linux 8.

 

But in order for (U)EFI boot to work, you have to disable Secure Boot on the VM.

 

 

The big question is, is this supported by Check Point?!

 

When asking about R81.20, which also works just fine using EFI and PVSCSI, the answer was it was not fully tested and verified, thus considered "unsupported" by Check Point.

Has any of this changed with R82? Or will Check Point still insist on using BIOS and LSI controller as the only way to stay "supported by Check Point"?

PhoneBoy
Admin
Admin

R82 EA clean installs as UEFI and I had to disable Secure Boot on my VM @RamGuy239 
Until R82 is released, I can't say exactly what (virtual) hardware will be supported.

Don_Paterson
Advisor
Advisor

Is there or will there be a command similar to reset_gw in ElasticXL gateways?

https://support.checkpoint.com/results/sk/sk101690

 

I guess that reset_gw isn't going to be valid in VSNext, considering the changes in R82 VSX.

 

 

 

Arne_Boettger
Collaborator

I was also most curious about VSNext, but apparently the VSNext Admin Guide has not been released yet.

Don_Paterson
Advisor
Advisor

The R82 EA documentation package contains the VSX Admin Guide (CP_R82_VSX_AdminGuide.pdf)
It is in need of some updates I think.

But you should probably just go ahead and ask questions here and get the feedback in here.

The updates I think are needed include updated diagrams so that a management server appliance is used as a management server icon (image) in the topology maps, rather than a SG appliance.

There is reference to https://support.checkpoint.com/results/sk/sk100395 but that will change drastically since the VSs are now individual container based virtual SGs in the VSX gateway and no longer provisioned from the management side. It is only really SIC that is done from the management side, like in the traditional SGs since the VS is built in the VSX gateway (before SIC) and not a function of the provisioning.

The reason for me asking for a reset_gw type command was that I did an R82 CPUSE clean install on an existing R81.20 gateway (VM) and it kept the topology (IP addresses on the interfaces), and although that is not a show stopper (and the magg interface was there, which is good) I wanted to see a full clean install (without an ISO build) and if that was not possible then I wanted a reset_gw option to avoid manual changes and hopefully guarantee a 'clean' build (having done the CPUSE clean install and kept the interface configurations (IPs)), which was not the goal.

It may not be supported or recommended but if a customer moves from ClusterXL (HA) to EDIT ElasticXL cluster (AND NOT VSNext) R82 and does the CPUSE clean build procedure on a gateway then maybe there should be an option for clearing topology or similar (reset_gw).

Maybe that is complicated and there is already a more elegant solution in the pipeline. 

fabionfsc
Contributor

I'm testing R82 on VMware ESXi, so far, I'm not having any problems, but I'd like to mention a few points:

• R82/R81.20 works with UEFI/EFI & NVMe Controller | SCSI Controller (Paravirtualized), but R81.10 only works with BIOS with LSI Logic SAS | LSI Logic Parallel.

• When I set the Guest OS to RHEL 8, I received a warning from ESXi, saying that the correct option would be to use Other 4.x Linux (64-bit), but RHEL 8 uses this same kernel version, so everything is ok.

• It is a fact, and was mentioned previously, that Secure Boot must be disabled.

• The eth0 interface became Mgmt (and later a magg1 interface subordinates this) and eth1 became the Sync interface, assigned an automatic IP.

• I was able to install Jumbo Hotfix 40 on the Gateways just using clish commands, in GAiA, the CPUSE option is no longer available in EA.

• The DHCP Server option is no longer available in GAiA, but it may be included again in GA.

• After SMS/GW reboot, I'm having HealthCheck alerts on SmartConsole, which I don't know how to resolve:

"HealthCheck Point is not responding. Make sure it is running on device and sending status update. See sk171436 for more information."

Does anyone know how to resolve this alert on R82?

Naor_Nassi
Employee
Employee

Hi @Arne_Boettger and everyone, a new VSNext Admin Guide is now attached to Public EA documentation.

Naor_Nassi
Employee
Employee

Hi @fabionfsc, as for the issue with HCP SmartConsole,  we are aware of this issue and R&D is working to fix it by GA.

Note - you do have an option to disable HCP alerts in SmartConsole:

HCP.PNG

 

the_rock
Legend
Legend

@Naor_Nassi 

Yep, I did that in my R82 lab by right clicking on the object and I believe it was either under script or 2nd option, cant recall now, but can verify in demo version later, as I had to power those vm's off for now.

Andy

the_rock
Legend
Legend

@fabionfsc I took a short video of it.

Andy

 

 

Don_Paterson
Advisor
Advisor

Hi @Naor_Nassi 

I get an error trying to access the new VSNext doc.

https://downloads.checkpoint.com/dc/fileenterror.htm

Software Subscription Downloads
Insufficient Privileges for this File

Our apologies, you are not authorized to access the file you are attempting to download.
If you believe this is in error please contact customer service.

 

I did a sanity check and the Release Notes worked (the PDF downloaded) but the VSNext doc did not.

 

Thanks,

Don

 

 

fabionfsc
Contributor

Thanks for your help, guys, I managed to make the alert disappear, but for some reason, it only worked in Management, in Gateway, when I click, nothing happens, and the option still remains to be clicked as "Disable". It could be something in the SmartConsole R82 itself, I believe.

SMS:

MGMT.png

GW:

GW.png

However, I understand that it is an EA version and things like this are normal, no problems. I have a lab at home, where it has a public IP, and I'm using version R82. Everything working as expected, so far.

I was really pleased to know that the HTTPS Inspection options were migrated from SmartDashboard to SmartConsole, that's great!

It is also worth remembering that this is a laboratory environment, and I am at your disposal to run scripts and tests, as you guys request. I'm really looking forward to the GA version and would like to be part of the beta testing actively.

Lab: vpn.razorlab.cloud

the_rock
Legend
Legend

@fabionfsc You can also delete status.json file from /var/log/hcp, though that may only be temp solution.

Andy

fabionfsc
Contributor

Thank you, the_rock, for the advice, I've tried to rm this file from /var/log/hcp/status.json, and I have also rebooted the SMS/GW but the problem persists. 

But it's totally fine, really. I can for sure wait for the GA to get this working. 🙂

the_rock
Legend
Legend

Can you share what else is there in /var/log/hcp?

Andy

Naor_Nassi
Employee
Employee

@Don_Paterson we are working to fix this issue, will update here once the issue is resolved.

Naor_Nassi
Employee
Employee

Update - The downloading issue is fixed, you can now download VSNext Admin Guide (R82_VSNext_Procedure.Pdf)

fabionfsc
Contributor

/var/log/hcp

 

Management (SMS):

Management.png

Firewall (GW):

GW.png

the_rock
Legend
Legend

@fabionfsc Usually, I would compare whats in last folder and delete stuff from there and test.

Andy

Naor_Nassi
Employee
Employee

Hi everyone,

We greatly appreciate your participation in our R82 EA public program, and we are committed to continually improving our services. Your feedback is incredibly valuable to us, and we would like to hear about your experience.

We have created a short survey that should take no more than a few minutes to complete. Your insights will help us understand what we are doing well and where we can improve our product and methods of work

Please click the following link to take the survey - Online Survey R82 Public EA

Thank you in advance for your time and honest feedback. If you have any questions or need further assistance, please don't hesitate to contact us.

the_rock
Legend
Legend

Nice, just filled it out @Naor_Nassi 

fabionfsc
Contributor

Survey completed! @Naor_Nassi 

Labels