TAC did the configuration in R81.10 with CEF and it worked, but it's broken since R81.20 even if I restart the SIEM export from the portal. I have a new SR open but I guess I have to raise an RFE to support CEF.

This feature seems broken for good since the customer's instance has been migrated to R81.20. I have a high-priority SR which is moving at a senator's pace.

Also, do you know why Smart-1 Cloud instances are upgraded to R81.20 when the R81.20 SK still shows that R81.10 with latest JHF is the widely recommended release? The customer is feeling that they're being used as test environment to get feedback from production networks.

Also, sk166312 - Smart-1 Cloud - What's New hasn't been updated in 2 years and stops at R81.

I believe the intention all along for Smart-1 Cloud was to always be on the latest release soon after release.
That didn't happen for R81.10 as up until the recent upgrades to R81.20, Smart-1 Cloud users were on R81.
Don't know the precise reason for that.

Hi

Indeed Smart-1 Cloud statement is to supply the latest and greatest security management. It took a while in the transition from 81 to 81.10, it's going way faster with 81.20 many happy customers already have an environment with 81.20, since the GA that was 7 weeks ago (new customers launched with 81.20 a week after GA).   

It's a gradual upgrade to 81.20 of  all customers environments,  within several weeks all customers will be upgraded to 81.20. Upgrades are done in off hours and customer receives a notification email several days before with the schedule range in which it will be performed.

Regarding the CEF format this is still being checked,  @Alex- please share the SR number in the private channel

Also, thank you @Alex-  for the comment regarding the What's New SK, we have What's New banners on S1C UI on infinity Portal for a while now, but leaving outdated SK was not the intention. Will be taken care of one way or another.

@TomerLev 

Thanks for the reply. Everything works except that CEF Log Exporter over TLS which was not completely carried over from R81.10 to R81.20. The customer really needs it for contractual reasons.

I'm sending you the SR in a private message.

The others have provided feedback but I will add some additional scenarios that warrant R81.20 for Smart-1 Cloud for tenants. 

- Select Identity Awareness use cases

- Management of Spark appliances with R81.10.x

Great. But it doesn't change the fact that a working feature which directed the customer to a paid service stopped working and no amount of high-priority ticket, reaching out here and there are enough to quickly restore the service, notwithstanding the fact that it shows that pre- and post-migration checks don't take the whole setup into account. As with any migration, when a loss of service is reported, there should be a way to rollback and take the issue off-production for further analysis.

As integrator with the paying, long-standing, customer's interests as first priority, this puts me in a difficult position.

But I will try to explain to them that other customers are happy and there are new features and see if it will help.