Who rated this post

Hi Smorales,

This sounds like a problem that needs to be resolved with carefully planned discussions with the customer.

They are leaving themselves exposed in many ways with that solution.

If they are truly tightly controlled then they would be more open to adhering to best practices around the security solution.

They really have to appreciate the technical solutions and capitalise on the investment.

I can't see how some careful planning can't lead to a successful migration to the new hardware and a supported version.

I would not even try to use the older versions on the newer hardware because of Linux kernel versions.

There is also the possible performance issues that could be caused, IF it worked, and then the issue of being unsupported and various other issues that you might be exposed to. 

In https://support.checkpoint.com/results/sk/sk181698 (Quantum Force 9000 Appliances) you can see this note, which may be important in their case:

Important Notes:

• Effective 03 June 2024, the dedicated R81.20 image was replaced from Take 770 to Take 773 to protect against CVE-2024-24919 (see sk182336).

and also this note, which critical to be aware of:

Notes

• Quantum Force Appliances (9800, 9700, 9400, 9300, 9200, and 9100) do not support R81.20 Jumbo Hotfix Take 53 and lower.

Let us know if there is anything we can help with but Andy @the_rock is correct to point to the show configuration and interface configuration.

I would also look to document any other non-standard configurations, for example interface speeds, duplex and buffer settings, on both the appliance and switch side, and then plan the new appliance interface configuration around that.

In my experience it is better to plan as much as possible and then deal with any issues afterwards, hoping that they are minimally disruptive and with the support of the customer.

Hope that helps.