This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
D_TK
Advisor
‎2025-08-18 10:32 AM

forklifting 5xxx appliances -> 9100 UPPAK observations

Over the past few weeks i have forklifted (4) 5xxx clusters to 9100.  Spoiler alert - UPPAK has been disabled everywhere.

All 9100s have nothing special added to the order, just a LOM card, no interface bonding, no vlans.  All were installed with R81.20 with the latest recommended hotfix.

First cluster was a 5600 forklift.  This one has the most active connections (typically between 35,000 - 50,000 during the day) but the the bandwidth usage isn't anything exorbitant.  No issues with connectivity after the upgrade, but i noticed that TX-DRP were increasing at an alarming rate - a few hundred thousand per day.  On the 5600 cluster, netstat counters always remained pretty clean.  I found this checkmates thread, reverted to KPPAK and after a week, netstat counters are back to being clean - no other change but UPPAK -> KPPAK: https://community.checkpoint.com/t5/Security-Gateways/Packet-timeout-with-unknown-reason-in-Quantum-...

 

Second cluster was another 5600.  This is by far our largest location from a bandwidth usage perspective.  All of our sites are configured in a single vpn community and all locations are physical appliances except one cloudguard instance in azure.  When this site was forklifted to a 9100, all tunnels came up except the one to azure.  Tried all the normal vpn troubleshooting steps, nothing, nada, tunnel to azure remained down.  I then found this phoneboy podcast with tim hall which mentioned there could be weird vpn behavior with UPPAK - reverted to KPPAK and the tunnel came up immediately and no issues since.  For reference, here is the podcast i was referring to: https://community.checkpoint.com/t5/CheckMates-Go-Cyber-Security/S07E03-What-is-UPPAK/ba-p/245115

 

Last two sites are pretty vanilla - not much bandwidth usage, typical connections are around 8K.  No issues noted since forklifting from 5400s.  But considering the issues that i had with the first two sites, i changed both of these clusters to KPPAK after a few weeks.

 

Just wanted to provide my observations, not looking for any troubleshooting ideas as i won't be putting any of these sites back on UPPAK on R81.20.  WIll see what happens when we upgrade to either r82 or r82.10.

 

 

 

(1)
Who rated this post