- CheckMates
- :
- Products
- :
- Quantum
- :
- Remote Access VPN
- :
- R81.10 to R81.20 with MAB (SSLVPN)
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
R81.10 to R81.20 with MAB (SSLVPN)
Hi experts,
So one of my client is running a gateway in vsx mode on Maestro for SSLVPN (for a huge amount of users - almost 6000). Right now it's stuck to R81.10 Take 30 (since it was originally installed). At one time I tried to upgrade it to Take 44 but everything from $CVPNDIR/conf was gone after the upgrade. Good part is that configuration is Dual Site Dual MHO so I could easy failover to the other site where R81.10 T30 was still in place!
Right now it's working without issues but since R81.10 is going to be dust in July I was asking myself "why not to upgrade to R81.20 T76".
Well I have no idea what to expect from MAB.
- portal with about 6000 users (concurrent connection ranging from 1700 to 4500-500)
- SNX with Certificate authentication
- tons of apps published through portal and tons via SNX
I know that the first thing will be the SNX certificate. If the client presses "X" on the popup window it's game over! Basically you have to uninstall SNX, delete cert from Windows Key store and reinstall it from the gateway. Since they have no admin rights this is going to be FUN 🙂
So in our professional experience .. should I do it or should I shove something in my ... power supply 🙂
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sounds a bit like this issue, pleas confirm:
https://support.checkpoint.com/results/sk/sk182965
Also what take you have active now? 30 or 44? At one point the version is so old that the difference is to big between version, many changes. I am 100% sure the SNX version will also change on the gw. The client by default will get the new one from the gateway when connecting. Without admin that would be difficult
If you like this post please give a thumbs up(kudo)! 🙂
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I know about that SK but the file was not corrupted. Whole folder was missing. So usually the way around was to transfer httpd folder from another functional gateway but the fastest way was to failover to DR and revert back to T30.
Just to confirm they are R81.10 Take 30 at the moment.
