This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Alex-
Leader Leader
Leader
Wednesday

Patching a Force 19000 security gateway

The new 19000 Quantum Force are shipped with R81.20 Build 722.

When trying to patch them to Take 98, the verifier discourages us to do so as it might lead to system instability unless we go first to Take 24.

R81.20 Take 24 is not compatible with R81.20 build 722.

 

sk180520 seems to point out that Take 65 is the minimum supported for 19K and 29K series, so that could be the verifier not taking the build and platform into account.

Our understanding that we should patch to Take 65 then Take 98, but we have an SR open being checked internally to clear up any doubt and proceed the right way. The verifier specially states Take 24, not Take 24 or above.

For information for anyone facing the same scenario, or who already successfully upgraded these devices and could confirm.

7 Replies
Timothy_Hall
Legend Legend
Legend
Wednesday

You will need to wait for resolution for your SR.  There were a variety of problems with R81.20 Jumbo HFA Take 96/98 and Quantum Force appliances (9000/19000/29000) due to the fact they utilize UPPAK: sk183181: SecureXL in the User Mode (UPPAK) may have compatibility issues with R81.20 Jumbo Hotfix T...

Attend my Gateway Performance Optimization R81.20 course
CET Timezone Course Scheduled for July 1-2
Alex-
Leader Leader
Leader
Thursday
In response to Timothy_Hall

@the_rock @Timothy_Hall 

I will wait for TAC to confirm the approach for stability and performance. These are Maestro appliances and run KPPAK out of the box.

 

0 Kudos
the_rock
Legend
Legend
Thursday
In response to Alex-

Good idea @Alex- 

0 Kudos
Timothy_Hall
Legend Legend
Legend
Thursday
In response to Alex-

Ah Maestro would explain why these gateways are still in KPPAK mode although Maestro appliances are supposed to support UPPAK & Lightspeed cards starting in R81.20 Jumbo HFA 89+ and in R82+.

Attend my Gateway Performance Optimization R81.20 course
CET Timezone Course Scheduled for July 1-2
0 Kudos
AkosBakos
Mentor Mentor
Mentor
Friday
In response to Alex-

We have MAESTRO with R81.20 take 98 and a portfix on the top. (fw1_wrapper_HOTFIX_R81_20_JHF_T98_249_MAIN_GA_FULL.tar)

----------------
\m/_(>_<)_\m/
0 Kudos
the_rock
Legend
Legend
Wednesday

We had couple cases recently about VPN issues after jumbo 89 and 92 install and TAC recommended take 99, though not recommended, but appears lots of issues resolved in it. If you try verify jumbo 99, does it complain?

Andy

emmap
Employee
Employee
Thursday

The issue referred to by the verifier only occurs if you uninstall the JHF. If you're not planning on uninstalling it, you can ignore the warning. There is more information in the 'Important Notes' part of the JHF documentation.

Take 99 resolves the main issues with take 98 on Maestro as far as I know so it's probably better to go straight to that one.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events