- CheckMates
- :
- Products
- :
- Quantum
- :
- SMB Gateways (Spark)
- :
- Re: R81.10.00 for Quantum spark 1500\1600\1800 App...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
R81.10.00 for Quantum spark 1500\1600\1800 Appliances - GA
We are happy to announce the release of R81.10 for Quantum spark 1500\1600\1800 Appliances
With the release of our new Quantum Spark R81.10 version, Check Point introduces code alignment between our Quantum Spark product line with the Quantum R81.10 Security Gateway release.
This major Quantum Spark release adds many new capabilities, as well as a wide range of stability and performance improvements.
This release supports locally managed only (Local + SMP). Centrally managed is supported at EA level.
Enhancement and New Features (Locally Managed)
- Improve and Simplify SSL inspection operation
- Some network devices do not support installation of an SSL certificate, therefore making SSL inspection not possible.
- When you use the gateway capability to automatically sense and identify network elements, you can now select on which network element SSL inspection is enabled.
- Gateway administrators have full control on which network elements SSL inspection will operate:
- Desktops and laptop are automatically selected, and other network devices can be easily added.
- You can also select bypassing inspection on MacOS devices.
- Smart Accel – (EA level)
- Improves gateway performance by accelerating low risk traffic sources:
- Video streaming (Netflix, YouTube, Spotify)
- Well known corporate services (Microsoft, Google, Apple, Check Point Services)
- Social Media services (Facebook, Tiktok)
- Web Conferences (Skype, WebEx, Zoom)
- Password Complexity
- Set password complexity as high to harden the Gateway Admin Password
- Password length, number of different characters, Password history, Password Expiration
- Updatable objects and FQDN in the Rule Base
- Use fully qualified domain name (FQDN) object in the Access Policy.
- VoIP improvements
- Enable bidirectional traffic with the SIP provider service when SIP traffic inspection is disabled.
- VPN Monitoring
- New information was added to the VPN tunnels monitoring page
- Support Radius 2.0 server
- FTP AV - Inspect FTP protocol by Anti-Virus Software Blade
- ZScaler (VPN 3rd party) support
- Mirror port
- Allows duplicating all the traffic that goes through one or more LAN ports, into one of the other LAN ports.
- TCPDump via WebUI
- Additional capabilities for TCPdump tool. Includes additional filters, custom filter and RT output.
Notes:
- The Quantum Spark R81.10 release is supported only on the new 1500\1600\1800 Series Security Gateways.
- Embedded Gaia software inherits its code base from the R81.10 GA version of enterprise appliances. Therefore, although not specifically mentioned, the R81.10 Quantum Spark Gateways inherit all maintrain limitations (see sk170418).
- As the majority of R&D efforts will now shift to R81.10 code base, we encourage our customers to start evaluating and migrating to the new code base
- R80.20.xx code base for 1500\1600\1800 Series Security Gateways will continue to be supported, in the near future – with further releases, and in the medium term – with stability, performance and bug fixes only
For additional info, please refer to sk179004
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No identity collector support yet ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
First thing that I noticed was lack of Identity Collector support:-(
Something else that is also not clear is whether central management is supported for Spark 1500's running R81.10. Management release notes only mention 1600 and up.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Look above:
This release supports locally managed only (Local + SMP). Centrally managed is supported at EA level.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
1.Identity collector is supported for centrally managed appliances.
2.The firmware released support centrally managed, we just didn't have enough EA coverage , so it was released for the time being as EA.
To centrally managed R81.10.00 you will need MGMT R81.10 + JHF55 or R81.10 + JHF66, or R81.20
thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The feedback a bit confusing, release notes says locally managed SMBs. So i cant test the new gaia embedded if my SMBs are centrally managed say on SMS with R81.10 or better (with latest HFA)????
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, you can - write a personal note to @Amir_Ayalon !
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you tested this already?. Putting R81.10.10 on an SMB which is Centrally managed?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No - i only have one 1500, locally managed and in production, so no way...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What is R81.10 JHF 5 ? I only know of
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes,
sorry for the confusion.
you are correct.
you need MT R81.10 JHF take 66 that supports LSM+SMC
MT R81.10 JHF take 55 supports only SMC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Identity collector is supported for centrally managed appliances.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey @Amir_Ayalon,
we are trying to test R81.10.00 Centrally Managed and we are facing some issues.
Maybe you could help us out.
We have 2x1600 SMB Appliances and have set them up as a cluster with R80.20.35
We are trying to upgrade the cluster to R81.10.00 but we are unable to install the policy via the management afterwards.
we got the following error:
We run our security management server on R81.10 JHF66 and changed the version of our 1600 SMB Cluster Object to R1.10.
Another strange thing that we noticed during troubleshooting: We rebooted our appliances with R81.10.00 installed and after the reboot the version reverted to R80.20.35 again.
Are you or anyone here familiar with those issues? (Or can someone help with the EA deployment of centrally managed SMB Appliances?)
Help is much appreciated.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Typo?
Management should be R81.10 JHF T55 or higher to manage the 1600 upgraded to R81.10.00 (currently this is EA status)
Does the issue persists if you resolve the issue with the rules using time objects?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yes typo sorry my bad.
I meant R81.10 JHF66..
I am not sure what issue you are refering to with the time objects. Can xou clarify?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The error message you posted shows a warning about time objects amongst other things.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do I need another software package for the EA features? I only found the one from the official sk and assumed that it includes the EA features for the central management.
Please clarify.
Thanks in advance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
no, the same firmware (r81.10.00) that was released support both locally and centrally managed,
we simply decided to GA only locally as we didn't have enough EA coverage for centrally managed.
QA coverage is the same for both locally and centrally managed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Amir,
Do you have a feel for when R81.10 may be GA for centrally managed? is it likely to be days/weeks/months?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Depends on the number of customers that try this version and report any issue to CP. Kind of egg / hen problem 8)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
As i remember there was a bug in JHF 55 that you can't upgrade SMB cluster (R81.10.00). you need to manually upgrade each member.
this bug was resolved in JHF 66 .
if this is what you encounter in JHF 66 - please drop me an email. amiray@checkpoint.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
we have a similar issue with a single 1530 GW on 81.10.00, the installation fails with Error Code: 0-2-20000025.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Amir_Ayalon @Chris_Atkinson
Hey guys, we performed some additional troubleshooting with our policies.
And it turns out that Zone Objects are causing the troubles when installing the objects on the gateways.
So for example we are getting the error if we have a Zone Object in the Policy which is not defined on our 1600 Gateways. (Even tough the 1600 gateways are not defined as installation targets.
So we think somehow that during policy compilation installation targets are not being considered.
Our Policy is strongly depending on Zones and Inline Layers combined with Security Zones.
Unfortunately it seems like that exactly that is causing our policy installation problems on the SMB appliances.
I guess there are still some issues in the new codebase with inline layers and zones.
How should we proceed? Can we get some EA support? Or should we open a Support case?
What do you recommend?
Thanks in advance for the help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi cgubesch
thanks for the RS yesterday.
the way to proceed is to open an SR and say R&D ask for a Task.
in order to proceed we will need from you the management backup (we tried to replicate today you scenario , but it wasn't replicate)
please collect database backup from management server and include in the SR.
The steps are very simple,
For SMS deployments:
- Collect management server database:
# cd $FWDIR/bin/upgrade_tools
# ./migrate export <name of the file>
- Collect additional information:
# cpinfo -z -o /var/log/tmp/<name_of_the_file>.info
For MDS deployments:
- Collect MDS database:
# mds_backup -l -d /var/log/
- Collect additional info to have an idea about configuration, addresses, fixes etc.:
# cpinfo -y all
# mdsstat
# ifconfig
# df -h
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In general this is an issue I think. The same rings true for Identity Awareness for example. You can't install a policy with inline layers that use Access Roles, even if the gateway without the IA blade enabled is not in the install target for that inline layer.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Kindly share the R81.10.10 Gaia embedded firmware for customers who use the SMBs in a Centrally Managed setup. Seems the posts are more related to locally managed and not clear regarding Centrally managed
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Douglas_Chenjer is there a R81.10.10 version?
And if so? How can I get my hands on it 🙂
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That is a typo - current is R81.10.00
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Currently, only R81.10.00 Gaia embedded firmware is available. It works with SMBs managed locally, from SMP or Centrally.
