Re: R82 feedback - Page 2

the_rock · ‎2024-06-19

Hey boys and girls,

Wanted to quickly share about R82 EA, as I ended up upgrading my R81.20 standalone lab to see what the process looked like. So far, not too bad, it took bit of time, as its standalone, so had to re-import the mgmt database.

I would say, make sure you have enough space in root dir, and also, something to keep in mind below.

Smart console looks literally the same, but I see there are way more options in legacy dashboard for mobile access blade.

Https inspection policy also looks more robust than before, so thats fantastic.

This is what came up after the upgrade, not sure if its expected. I will keep adding more things as I discover them.

[Expert@CP-STANDALONE:0]# cpinfo -y fw1
cp_get_kernel_version: ERROR: kernel version 4.18.0-372.9.1cpx86_64 is unknown. Perhaps 4.18.0-372.9.1cpx86_64 needs to be added as a version to cp_get_kernel_version and CpOsKernelVersion?

This is Check Point CPinfo Build 914000248 for GAIA
[FW1]
HOTFIX_WEBCONSOLE_AUTOUPDATE
HOTFIX_GOT_MGMT_AUTOUPDATE
HOTFIX_NGM_DOCTOR_AUTOUPDATE
HOTFIX_PUBLIC_CLOUD_CA_BUNDLE_AUTOUPDATE
HOTFIX_VCE_R81_20_AUTOUPDATE
HOTFIX_GOT_TPCONF_MGMT_AUTOUPDATE
HOTFIX_GOT_TPCONF_AUTOUPDATE

FW1 build number:
This is Check Point Security Management Server R82 - Build 690
This is Check Point's software version R82 - Build 760
kernel: R82 - Build 735

Best,

Andy

genisis__

Question - Is R82 Management solid for production upgrade, or should we go with R81.20?

Tal_Paz-Fridman

The official Check Point statement is that R81.20 is the current Recommended version:

R82 Release was released on October 21, 2024. For new deployments, Check Point recommends using R81.20 with its Recommended Jumbo Hotfix Accumulator Take. R82 version will become Check Point Recommended version following 1-2 Jumbo Hotfix releases.
R81.20 Titan Release was released on November 21, 2022. Scalable Platforms is part of R81.20.
This release (Take 634, updated on 3 June 2024), installed with its Recommended Jumbo Hotfix Take is considered as Check Point's Recommended version. Check Point recommends to always use the Recommended Jumbo Hotfix Accumulator Take, listed on R81.20 Jumbo Hotfix Accumulator page.

https://support.checkpoint.com/results/sk/sk95746

the_rock

Management, I would say absolutely yes. We have few customers on it and its super solid. I actually find its even better in Smart-1 cloud. As far as gateways, I would not do that yet, until it is officially recommended by Check Point.

Andy

genisis__

Thanks! We also have Smart-1 Cloud, and after some tuning by CP performance is almost the same as on-Prem now.

the_rock

S1C instance would be already on R82 then. They were all upgraded by end of last year.

Andy

the_rock · ‎2024-06-20

I ended up doing fresh install, great now! Smartview is operational and I love below things, took some screenshots for reference.

Andy

Duane_Toler · ‎2024-06-28

OOOO!!!! customizable Link Selection!!! YAAAAY! Many of us have begged and pleaded for this for so so so long. So yes, "nagging works!" 🤣

the_rock · ‎2024-06-28

I guess lol

Andy

the_rock · ‎2024-06-20

Hey @PhoneBoy ,

Not sure if this can be fixed, but I followed the sk, no joy. Maybe cause its R82, so cant tell if its appliacable?

Andy

the_rock · ‎2024-06-21

@Ido_Shoshana What do you think about this?

Andy

the_rock · ‎2024-06-24

@Ido_Shoshana

I also tried below sk, but same issue is still there. Not sure if sk that comes up, unless Im missing something, but followed it, no joy.

Andy

https://support.checkpoint.com/results/sk/sk129632

RafaelBedendo · ‎2024-06-21

Have you tested the automatic configuration of Zero Phishing?

the_rock · ‎2024-06-21

I did...so far, no issues.

Andy

the_rock · ‎2024-06-25

Im currently building brand new R82 mgmt server in Azure, will do clean install and report back soon.

Andy

the_rock · ‎2024-06-25

Update...upgrade package not compatible yet in Azure, so I will need to wait until our eve-ng server is rebuilt, so I can build brand new lab.

Andy

the_rock · ‎2024-06-26

Hey everyone,

My sincere apologies, we ended up rebuilding our eve-ng server to add more resources, so I had to also build my CP labs from scratch as well. Not a biggie, as they say : - )

I installed R82 again, will do some more testing and update.

Andy

the_rock · ‎2024-06-27

Finally got to rebuild the whole thing on new and improved eve-ng server, so far, fingers crossed, all is FANTASTIC 🙂

If any issues, will update.

Andy

the_rock · ‎2024-06-28

Maybe someone from CP can comment on it, but even after reinstall of R82, all was fine for 24 hours, but now I see below and not sure how to fix it. I followed the sk to uninstall the hcp, rebooted, shows its gone, but same issue.

For what its worth, not sure if below is correct or not.

Andy

[Expert@CP-R82:0]# hcp -v

HCP Take: 72

HCP RPM Build: hcp-1-592042.i386

[Expert@CP-R82:0]# rpm -qa | grep snmp_hcp

snmp_hcp-1-26.i386

[Expert@CP-R82:0]# cat /var/log/hcp/status.json

{"status": {"code": 2, "long": "Test Summary. Info: Local Address Port Usage, Warnings: SIC, Errors: SSD Health", "short": "Total Tests: Passed: 26, Info: 1, Warnings: 1, Errors: 1"}}[Expert@CP-R82:0]#

the_rock · ‎2024-06-28

Just an update. I fixed the issue by deleting status.json file from /var/log/hcp directory.

Thanks to @Liat_Cihan for the commands she gave me, thats how I was able to connect the dots, as they say. Lots of smart ladies in IT 👍

Andy

the_rock · ‎2024-07-02

One thing I wanted to share based on the fact I rebooted various R82 labs probably 50 times, I found it boots up way FASTER than R81.20 image and before, its very impressive.

Andy

the_rock · ‎2024-07-31

One thing I really like is below, I find it super convenient.

Andy

the_rock · ‎2024-08-16

One thing I also found super useful...below.

Andy

the_rock

I know I made this post last year, but was testing some compliance blade stuff and I have to say, HUGE difference in whats included out of the box with R82 when blade is enabled, compared to R81.20. Great job!

genisis__

Did a management layer update from R81.x to R82 on VMs (This was was in-place), my only negative observation was a message popped up about replacing E1000 drivers, which was fine, however once the VM rebooted it completely crashed, not a problem as I did do a snapshot...well then I could not get into maintenance mode to load the snapsnot because I needed to provide a grub2 password which was not created yet because the system did not get to point where I could create it.

Ended up doing a clean install and import of a backup, everything was good after that, so as always preferred update to R82 would be clean install and import.

If there is a default grub2 password, would be really good to know which SK this is in.

PhoneBoy

The need for setting a grub2 password to access Maintenance Mode was added in R81.20.
We treat the "default" grub2 password similar to the BIOS password and do not provide it.
See: https://support.checkpoint.com/results/sk/sk177687

genisis__

Pretty much what I thought, but the observation here is I did not even get to the point to allow me to set the password, so its more for information, if someone hits this issue, then keep in mind TAC will need to be called.

the_rock

Im fairly positive that option comes up now right away, during first time wizard.

Andy

the_rock

Hm...last time I did the upgrade, never saw that. I recall last year it did pop up once though. Mind you, now that I think about, I would always set driver as vmx type in eve-ng, but that one time it happened, I did not 🙂

Andy

genisis__

I did not have that option, but its was a little strange that 1 out of 4 VMs hit this issue; now I'm not sure if this issue would be experienced on a appliance, so I would view this as a one off issue.

the_rock

That I cant sadly confirm, sorry : - (

Andy

Are you a member of CheckMates?

R82 feedback