Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
phlrnnr
Advisor
Jump to solution

Will SP code ever get migrated into main R80.x code train?

As our environment grows, I become more and more interested in the different Scalable Platform / chassis options that Checkpoint offers.  The idea intrigues me a bit for quickly and easily growing as we need more processing power.  I love the idea of running VSX on a pair of chassis and just spinning up VSs for each FW use case I have in a datacenter.  However, one of the things that holds me back the most is that these platforms have their own code train that is completely separate from the standard R80.x (and even R77.30) code trains that all other appliances / open servers can run.

We are using R80.10 and will likely soon move to R80.20 now that it is GA as there are features there we want to use.  However, I'm concerned about the lack of feature parity between the different code bases.  Are there plans to integrate the SP code train into the standard code train?  If so, what is the timeline for that on the roadmap?

I'll bet Check Point could sell a lot more chassis if the code/features had parity.

1 Solution

Accepted Solutions
Oral_Mohan
Employee Alumnus
Employee Alumnus

R80SP.20 will be released in the coming weeks. In the near future, there will no longer be separate code trains for main train and Scalable Platforms.

View solution in original post

15 Replies
Oral_Mohan
Employee Alumnus
Employee Alumnus

R80SP.20 will be released in the coming weeks. In the near future, there will no longer be separate code trains for main train and Scalable Platforms.

phlrnnr
Advisor

Will R80SP.20 have feature parity with R80.20 GA?  Or will there be a list of differences/caveats between the two?  Thanks for the quick reply!

0 Kudos
Oral_Mohan
Employee Alumnus
Employee Alumnus

Eventually (in the short-medium term). There will be several features that will be incorporated immediately and the ones that are not will be added by JHF over the period into the common image release.

phlrnnr
Advisor

Can you point me to documentation for what will be in R80SP.20, and, more importantly, which features included in R80.20 GA will NOT be in the SP version?

If we were to move to a SP model, I'd need to make sure we wouldn't be losing functionality in the process.  For example, we use inline layers and dynamic objects (domain objects and eventually we will likely use the O365 dynamic objects as well).  I believe those require the R80.x gateway version today.

Thanks!

0 Kudos
Oral_Mohan
Employee Alumnus
Employee Alumnus

You will need to request a Roadmap presentation from your SE, under NDA as is common with future-looking information. I can tell you that dyamic objects are currently supported in R76SP.50 and have been supported for a long time. 0365 objects are not currently supported but as I recall should be supported in the first release of R80SP.20 or shortly thereafter.

Customers use the dynamic_objects function in SP today using custom scripts, some of which I have seen in other Check Mates threads.

Andreas_Mang
Contributor

Will the first release of R80.20SP support VSX?

Maor_Elharar
Employee
Employee

Yes, VSX is supported on the first release (R80.20SP)

Sean_Van_Loon
Contributor

Hi Oral,

Do you have an update on the release date of the R80.20SP?

And will it include the new kernel?

Thanks!

Sean_Van_Loon
Contributor

R80.20SP has been released as of yesterday -> Scalable Platform R80.20SP 

The download however is not publicly available, but you can request with via this email address: 

Quote: "Email to r8020sp_installation@checkpoint.com to receive the relevant download information. "

0 Kudos
crescentwire
Employee
Employee

For us, this news is too little, too late. Since purchasing two 41000 chassis and SGMs nearly 3 years ago, we've had so many significant issues that we've seriously considered leaving Check Point as a vendor and platform. The number of instabilities, bugs, and unexplainable issues that both TAC and Israel's R&D are unable to answer for us are really astonishing. Much of this instability has been from the custom "SP" code train that the 41000/61000 platform has run in the past. Perhaps it will be better with R80.x? Who can know... I suppose time will tell.

Internal Check Point resources have explained to me, off the record, that Check Point produced the 41000/61000 platforms originally with a broad install base in mind. Unfortunately, the platform didn't take off like they had hoped. At the end of the day, Check Point's revenue and bottom line are what drive engineering, so efforts were redirected away from the high-end chassis and toward other platforms that promised a greater return on their investments, both in time and money. This meant that issues that went all the way up to R&D were of much lower priority than others. Ultimately, this led to a sense of inaction, non-urgency, and general indifference to our issues from R&D. (TAC, on the other hand, did as best as they could, but the trouble oftentimes has been a profound lack of awareness on how to troubleshoot and understand the 41000/61000 platform. Couple this with a marginal focus from R&D and you have a platform that is both poorly supported and, frankly, a dead-end for non-carrier customers.) My understanding as well is that Check Point is quietly focusing on carriers for selling new chassis solutions and less toward the general enterprise customer.

Again, this perspective is my own only based on my own experience and from conversations I've had with internal Check Point resources. Your mileage may vary, but ours has been astonishingly poor.

I would strongly urge you NOT to consider the chassis platforms and stick with, instead, the higher-end appliances like the 23800/23900s. Their throughput is comparable nowadays anyway to what the 41000/61000 platforms can do.


Best of luck to you, either way.

Gera_Dorfman
Employee
Employee

Hello Michael

I am sorry to hear about the issues that you had with the platform. If possible, can you please email me SR numbers or general description of the issues.

In 2017 we released SP50 introducing improved distribution between SGMs, Image Cloning, usability, and quality improvements. SP50 was released alongside with the new generation of SP hardware - 44k/64k chasses. 

Lately we introduced multiple security groups feature to be released in SP50 train soon.

In parallel the team was working on platform alignment to the latest and greatest R80.20 release.

R80.20SP will be released in upcoming weeks and we plan working on the single image installation for main-train appliances and Scalable Platform in 2019. 

We have many future plans and the road map for the Scalable Platform so the statement about lowering priority from the Scalable Platform or redirecting resources to other platforms is inaccurate.

Thanks

Gera 

crescentwire
Employee
Employee

Hi Gera,

Thanks for your feedback. I'll be glad to email you details about our SRs, sure. I also appreciate you clarifying the statements I made above. Again, I'm speaking purely from the perception I and my management have had, as the customer, regarding Check Point's R&D focus and resources allocated. I can appreciate that that is not the case, but this was something shared with me off the record by internal Check Point personnel; I had no reason to doubt their claims as (1) I trusted them and (2) they appeared to explain very well the underlying causes for much of our frustration. Either way, I promise you that I would not make up such a statement in order to slander Check Point with libel.

I can also assure you I'm not trying to sow dissent among other customers (or prospective customers) who are using or considering the high-end platforms for their environment. But, if I could go back in time and tell myself--3 years ago--what I was in for, I would have decided against the 41k platform. I simply want to share my experience with others in case I can save them the pain I've gone through (or worse, Check Point losing them as a customer).

Thanks again for your time and attention. I hope you have a great weekend ahead.

Gera_Dorfman
Employee
Employee

Hi Michael,

I appreciate your feedback. I will contact support and will review the issues that you experienced, to make sure that all are already fixed in the newer versions. 

Thanks again, and have a great weekend!

Gera 

phlrnnr
Advisor

Michael,

Thank you for your honesty in your comments re: the scalable platforms.  As a customer, I appreciate any details and experiences other customers have had.  Sometimes it is hard to weed through sales/engineering FUD, and the opinion of others actually running the platform is very useful.  So, thank you for your insight!

I do believe we will be looking at the other high-end appliances and not SP at this time.  This is mostly because we need R80.20 features, and the SP code isn't there yet.  Your experience just strengthens my choice.  Maybe we will look back at SP and see where things are in 5 years when we have to lifecycle refresh again.  The idea of SP is still intriguing to me.  Unfortunately, the execution (so far) seems to be fairly poor.  Thanks again for your feedback!

Phil

crescentwire
Employee
Employee

Glad to have helped. Again, that was only our particular, distinct experience... but if I can save someone the nightmare we lived through over the past 2 1/2 years, I will do everything in my power to do just that.

(As a follow-up, we are migrating to a pair of 23900 appliances. These far exceed the performance of our existing 41000 platform and, running R80.10, we are hopeful they will solve many of our strange, one-off issues we had on the custom version of R76.SPxx.)

Best of luck to you in your search and implementation.