- Products
- Learn
- Local User Groups
- Partners
- More
Firewall Uptime, Reimagined
How AIOps Simplifies Operations and Prevents Outages
Introduction to Lakera:
Securing the AI Frontier!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
Hey boys and girls,
Wanted to quickly share about R82 EA, as I ended up upgrading my R81.20 standalone lab to see what the process looked like. So far, not too bad, it took bit of time, as its standalone, so had to re-import the mgmt database.
I would say, make sure you have enough space in root dir, and also, something to keep in mind below.
Smart console looks literally the same, but I see there are way more options in legacy dashboard for mobile access blade.
Https inspection policy also looks more robust than before, so thats fantastic.
This is what came up after the upgrade, not sure if its expected. I will keep adding more things as I discover them.
[Expert@CP-STANDALONE:0]# cpinfo -y fw1
cp_get_kernel_version: ERROR: kernel version 4.18.0-372.9.1cpx86_64 is unknown. Perhaps 4.18.0-372.9.1cpx86_64 needs to be added as a version to cp_get_kernel_version and CpOsKernelVersion?
This is Check Point CPinfo Build 914000248 for GAIA
[FW1]
HOTFIX_WEBCONSOLE_AUTOUPDATE
HOTFIX_GOT_MGMT_AUTOUPDATE
HOTFIX_NGM_DOCTOR_AUTOUPDATE
HOTFIX_PUBLIC_CLOUD_CA_BUNDLE_AUTOUPDATE
HOTFIX_VCE_R81_20_AUTOUPDATE
HOTFIX_GOT_TPCONF_MGMT_AUTOUPDATE
HOTFIX_GOT_TPCONF_AUTOUPDATE
FW1 build number:
This is Check Point Security Management Server R82 - Build 690
This is Check Point's software version R82 - Build 760
kernel: R82 - Build 735
Best,
Andy
I really like below changes in dashboard...subtle, but nice 🙂
Andy
Here is something I find a bit ironic...shows its vulnerable to latest vpn CVE, but I suppose it might be as its not official release yet? Maybe someone from CP can comment and no, its NOT available to install.
Andy
Yep I noted the deprecation of the e1000 driver in my Gateway Performance Optimization Course on the page shown below. There will also be a major jump in all NIC driver versions due to the new 4.10.0-372.9 kernel that may cause behavioral changes at the network level.
Also a new R82 tool called connview that allows the easy viewing of connection attributes such as what processing path they are in, why they are slowpath, etc. This replaces the jumble of different commands used to determine this information in R81.20 and earlier such as fw ctl multik gconn, fwaccel conns, fw tab -t connections -z, fw_mux, fw_streaming, etc. I attached the relevant page for that too. A few other tidbits I'm excited about in R82:
1) The much more efficient Galois Counter Mode (GCM) AES algorithms are now available for IKE Phase 1, not just Phase 2/IPSec. Also a new enhanced VPN Monitoring Tool to replace the SmartView Monitor status screens.
2) Hyperflow/pipelining can boost CIFS/SMB connections
3) A new implementation of the gateway logging mechanism that is multi-threaded (no more legacy fwd log bottlenecks).
4) R77.30 is no longer supported for backward management compatibility with gateways!
Thanks Tim. I cant speak for compatibility, as I was unable to find reference to that fact, but, if you try create new fw, it lets you choose all the way back to R70. One cool thing is that when you do create new fw object, it enabled those 2 TP blades automatically, so if you dont need them, you can turn it off.
Andy
You are right, I was looking at the wrong table in the release notes. Backward compatibility does work back to R77.30 but apparently no earlier than that.
Of course Im right man, Im ALWAYS right 😉
Just kidding, Im usually way more wrong than right 🤣🤣🤣
Anyway, its just odd that when you try create fw object, it lets you go all the way back to R70...
Andy
Btw, where did you get release notes from? I looked on support site, also all the docs from other community link when you register for EA program and dont see release notes anywhere.
Andy
It's just one of the download links, here is how you get there:
K, got it, sorry, I downloaded documentation package today, totally missed that 3rd link. Anyway, dont really see any backwards compatibility list, so its possible not finalized yet?
Andy
Never mind, been long day today, I think this is it...
Andy
Management Server and Security Gateway
Versions
Note - For more information about Security Management Servers and supported
managed Security Gateways see sk113113.
R82 Management Servers can manage Security Gateways that run these versions:
Gateway Type Release Version
Security Gateway and VSX R82, R81.20, R81.10, R81,
R80.40, R80.30, R80.20, R80.10
Security Groups on Maestro R82, R81.20, R81.10, R81,
R80.30SP, R80.20SP
Security Groups on Scalable Chassis R82, R81.20, R81.10, R81,
R80.20SP
Quantum Spark, Quantum Rugged,
and SMB Appliances
R81.10.X,
R80.20.X,
R77.20.8X
Not sure if this could be just space issue in my lab, but ever since I upgraded, cant open log tab at all to get any data. I replaced httpd2-smartview.conf file from working environment (though R81.20), shut down, rebooted many times, cpstop; cpstart, installed policy, database, nothing.
Anyway, for now, Im just using old school tracker to check logs when needed.
Not a big deal, since its just a lab, but too coincidental it would happen right after upgrade to R82...before that, all worked fine.
Andy
Update on this...so I installed R82 console on different windows vm, logged in and when its brand new smart console install, logs tab shows by default fw logs, but if you hit plus sign to open new tab, its exact same issue.
I can only assume this is a bug, as smartview service is totally fine on my machine when I run cpwd_admin list.
Maybe someone from Check Point can confirm?
Best,
Andy
Hi,
we are not familiar with such an issue.
can you say which build/take of smartconsole you are using?
Yes, will check later...just having some licensing issues with the lab, so once thats resolved, will try again and see. In the meantime, will open demo smart console and send the version.
Andy
Hey @Ido_Shoshana
This is the one I downloaded...I assume thats probably the only version available.
Andy
Thanks Andy
Hi, we need to ask the smartconsole.log after turning on debug level.
Can we have it? 🙂
We need to apply new license to our eve-ng lab, so once done, I can access the server again 🙂
Andy
Great, much appreciated
On another note, any idea how to fix this?
I followed uninstall command from sk, but same issue : - (
Andy
Not really, as the issue needs to be investigated
K, let me work on it later, will update.
Andy
Sure
can you try and reboot one of the VMs?
this may be a WA until permanent solution
I probably rebooted it 20 times since last night lol
No change.
Andy
K, did fresh install, all good now!!
Andy
Great Andy…
I wonder what was the root cause for the original issue.
Any chance you reproduced the issue and collected the debug files before the issue resolved?
Definitely space lol. It had barely 2.5 GB left in / dir 😂😂😂
Thank you Andy 🙂
We've supported using vmxnet3 NICs for a while now, I believe, and they have much better performance 🙂
I personally did a fresh install versus an upgrade in my lab.
I used that now and doing fresh install...lets see what happens 🙂
Andy
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
18 | |
12 | |
6 | |
6 | |
6 | |
5 | |
4 | |
4 | |
4 | |
3 |
Tue 07 Oct 2025 @ 10:00 AM (CEST)
Cloud Architect Series: AI-Powered API Security with CloudGuard WAFThu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Thu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Wed 22 Oct 2025 @ 11:00 AM (EDT)
Firewall Uptime, Reimagined: How AIOps Simplifies Operations and Prevents OutagesAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY