This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
orion_son30
Participant
‎2022-01-25 06:04 AM

Upgrade Recommendation

Hi,

We've an end customer with 1 Management, 1 cluster of 5400 and 1 cluster of 3100. All of these nodes are running R80.30 and we're planning an upgrade in the next few days.

For the management we'lll be using the widely recommended version R81.10, but we're not sure about the version to use on both of the gateways clusters. Do you think that we should have an approach more cautious and use R80.40, or it is fine to go with R81.10 on the gateways?

I'm a little bit worried with the hardware resources of the gateways to run R81.10. Any thought on this would be great.

Thanks in advance.

0 Kudos
5 Replies
Chris_Atkinson
Employee
Employee
‎2022-01-25 05:15 PM

R81.10 is proving to be a good release. Typically those that are most conservative are those running VSX but with a growing need for VTI (route based VPN support) I have VSX customers on R81 today.

With that said let's focus on your situation here. What are the enabled_blades on each cluster, do all gateways have only the default 8GB RAM?

CCSM R77/R80/ELITE
0 Kudos
orion_son30
Participant
‎2022-01-26 02:47 AM
In response to Chris_Atkinson

Hi Chris,

The 5400 cluster has enabled the following blades: Firewall, Site-to-Site VPN, Desktop Security, Mobile Access, App Control, URL Filtering, Identity Awareness, Monitoring, IPS, Anti-Bot e Anti-Virus.

On the 3100 cluster we'e enabled: Firewall Site-to-site VPN, App Control, URL Filtering, Identity Awareness and Monitoring.

 

All of the gateways have 8Gb of memory installed.

 

 

0 Kudos
Chris_Atkinson
Employee
Employee
‎2022-01-26 04:02 AM
In response to orion_son30

For longevity I'd investigate upgrading the RAM of the 5400 depending on your asset management cycle / strategy.

Cpsizeme / CPview metrics will help determine how critical this is as relevant to any future upgrades.

Anecdotally though R80.40 has been better at memory management than prior releases.

CCSM R77/R80/ELITE
0 Kudos
the_rock
Legend
Legend
‎2022-01-25 07:06 PM

Personally, as much as I love R81.10 management, I would not do that version on firewalls yet. I know its recommended version now, but I would give it some time for the firewalls. I do have it in the lab, if there is anything you are interested in testing beforehand.

0 Kudos
Dorit_Dor
Employee
Employee
‎2022-01-27 12:48 AM
In response to the_rock

Since announced recommended, now the number of GW upgrades to R81.10 is higher than the upgrade to R80.40 (but still R80.40 have obviously by far more GW install base). I welcome customers to try it as it has quality improvements. 

Also note that for Maestro and SP users, R81.10 was recommended for a while as its fully integrated with main train (and major jump in quality from the R80.20SP and R80.30SP) 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events