Solved: Re: 80.10 Management Server - 80.20 gateways?

Trevor_Bruss · ‎2018-10-17

According to the Release Notes, support for using an 80.10 Management server managing 80.20 security gateways is possible. I don't see anything in the sk116380 jumob hotfix article about this though. So is it already doable, or do I need to wait for some particular Take?

You can maintain a R80.10 Security Management Server or Multi-Domain Security Management without upgrading and manage R80.20 Security Gateways:

Support for such a setup will be provided at a later stage via the R80.10 Jumbo Hotfix Accumulator (sk116380)

The reason I ask is because we just upgraded our management to 80.10 a month or two ago. We now have a new site that wants to upgrade their current 77.30 gateway, and I want to make an informed decision on whether to have them install 80.10 or 80.20 as a fresh install. I understand that we wouldn't get a number of 80.20 benefits while it is managed from an 80.10 but for future upgrading I'd rather not have to go back over all the gateways we have to get from 80.10 to 80.20. Make sense?

Dorit_Dor · ‎2018-10-18

It WILL be supported

We have to release a jumbo for R80.10 which after we release it, this R80.10 (using the jumbo) could manage the R80.20. As soon as this jumbo is released, the SK will be updated with the relevant jumbo number. The jiumbo is expected in few weeks.

STILL NOTE: Using R80.10 to manage R80.20 means that the functionality supported will be R80.10 and new features of R80.20 will not work.

View solution in original post

Kaspars_Zibarts · ‎2018-10-17

Very good question indeed! lets see if someone has wondered into this option already

Martin_Valenta · ‎2018-10-18

That doesn't make sense, when you had r77.30 mgmt you could not manage r80.10 gw, when you have r80.10 mgmt you cannot manage r80.20..

Maik · ‎2018-10-18

It is possible, as mentioned here by Ross Pember‌ but it does not give you the R80.20 features for the gateway.

Kaspars_Zibarts · ‎2018-10-18

I just wanted to hear some "real life" experiences from customers, not CP

Dorit_Dor · ‎2018-10-18

It WILL be supported

We have to release a jumbo for R80.10 which after we release it, this R80.10 (using the jumbo) could manage the R80.20. As soon as this jumbo is released, the SK will be updated with the relevant jumbo number. The jiumbo is expected in few weeks.

STILL NOTE: Using R80.10 to manage R80.20 means that the functionality supported will be R80.10 and new features of R80.20 will not work.

View solution in original post

Trevor_Bruss · ‎2018-10-18

One of the reasons I feel the need to stay at 80.10 on the management server side regardless of the feature limitation for the gateways is because we use a separate log server located in Azure, and Checkpoint recommends (or states) that the management versions should be the same. As there is no approved upgrade path for Checkpoint services in Azure we are stuck at 80.10 there. If that is not truly a limitation, I would be more inclined to upgrade the management server to 80.20 sooner.

Dorit_Dor · ‎2018-10-18

1. R80.20 on public cloud (like Azure) will be released on the new linux kernel (because we want one image and the gw in some cases of modern cpu in cloud needs the new linux). Though for management, its working, we want to simplify and have one version for all instance type in public cloud

2. The r80.20 with new linux kernel for public cloud is in early availability so you are welcome to join the EA and get it. The GA of this variant is expected in November

3. If you do not want EA, wait till around the end of the month, for the r80.10 jumbo... installing that jumbo on r80.10 will enable you to manage r80.20 gw’s going forward (we had to wait for the r80.20 gw ga to complete the r80.10 jumbo to manage r80.20)

I hope this helps understand the alternatives