- Products
- Learn
- Local User Groups
- Partners
- More
CheckMates Fifth Birthday
Celebrate with Us!
days
hours
minutes
seconds
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Check Point Proactive support
Free trial available for 90 Days!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
The 2022 MITRE Engenuity ATT&CK®
Evaluations Results Are In!
Now Available: SmartAwareness Security Training
Training Built to Educate and Engage
MITRE ATT&CK
Inside Check Point products!
CheckFlix!
All Videos In One Space
Hi,
We've an end customer with 1 Management, 1 cluster of 5400 and 1 cluster of 3100. All of these nodes are running R80.30 and we're planning an upgrade in the next few days.
For the management we'lll be using the widely recommended version R81.10, but we're not sure about the version to use on both of the gateways clusters. Do you think that we should have an approach more cautious and use R80.40, or it is fine to go with R81.10 on the gateways?
I'm a little bit worried with the hardware resources of the gateways to run R81.10. Any thought on this would be great.
Thanks in advance.
R81.10 is proving to be a good release. Typically those that are most conservative are those running VSX but with a growing need for VTI (route based VPN support) I have VSX customers on R81 today.
With that said let's focus on your situation here. What are the enabled_blades on each cluster, do all gateways have only the default 8GB RAM?
Hi Chris,
The 5400 cluster has enabled the following blades: Firewall, Site-to-Site VPN, Desktop Security, Mobile Access, App Control, URL Filtering, Identity Awareness, Monitoring, IPS, Anti-Bot e Anti-Virus.
On the 3100 cluster we'e enabled: Firewall Site-to-site VPN, App Control, URL Filtering, Identity Awareness and Monitoring.
All of the gateways have 8Gb of memory installed.
For longevity I'd investigate upgrading the RAM of the 5400 depending on your asset management cycle / strategy.
Cpsizeme / CPview metrics will help determine how critical this is as relevant to any future upgrades.
Anecdotally though R80.40 has been better at memory management than prior releases.
Personally, as much as I love R81.10 management, I would not do that version on firewalls yet. I know its recommended version now, but I would give it some time for the firewalls. I do have it in the lab, if there is anything you are interested in testing beforehand.
Since announced recommended, now the number of GW upgrades to R81.10 is higher than the upgrade to R80.40 (but still R80.40 have obviously by far more GW install base). I welcome customers to try it as it has quality improvements.
Also note that for Maestro and SP users, R81.10 was recommended for a while as its fully integrated with main train (and major jump in quality from the R80.20SP and R80.30SP)
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY