This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
melcu
Participant
Participant
2 weeks ago

R81.10 to R81.20 with MAB (SSLVPN)

Hi experts,

So one of my client is running a gateway in vsx mode  on Maestro  for  SSLVPN (for a huge amount of users - almost 6000). Right now it's stuck to R81.10 Take 30 (since it was originally installed). At one time I tried to upgrade it to Take 44  but everything from  $CVPNDIR/conf was gone after the upgrade. Good part is that configuration is Dual Site Dual MHO so I could easy failover to the other site where R81.10 T30 was still in place!

Right now it's working without issues but since R81.10 is going to be dust in July I was asking myself "why not to upgrade to R81.20 T76".
Well I have no idea what to expect from MAB. 

- portal with about 6000 users (concurrent connection  ranging from 1700 to 4500-500)

- SNX with Certificate authentication

- tons of apps published through portal and tons via SNX

I know that the first thing will be the SNX certificate. If the client presses "X" on the popup window it's game over! Basically you have to uninstall SNX, delete cert from Windows Key store and reinstall it from the gateway. Since they have no admin rights this is going to be FUN 🙂

 

So in our professional experience .. should I do it or should I shove something in my  ... power supply 🙂

 

0 Kudos
2 Replies
Lesley
Mentor Mentor
Mentor
2 weeks ago

Sounds a bit like this issue, pleas confirm:

https://support.checkpoint.com/results/sk/sk182965

Also what take you have active now? 30 or 44? At one point the version is so old that the difference is to big between version, many changes. I am 100% sure the SNX version will also change on the gw. The client by default will get the new one from the gateway when connecting. Without admin that would be difficult 

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
melcu
Participant
Participant
2 weeks ago
In response to Lesley

I know about that SK but the file was not corrupted. Whole folder was missing. So usually the way around was to transfer httpd folder from another functional gateway but the fastest way was to failover to DR and revert back to T30.

Just to confirm they are R81.10 Take 30 at the moment.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events