Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
RamGuy239
Advisor
Advisor

Check Point R81.20 "Titan" first release to allow for installation on UEFI and VMware Paravirtual

I did some testing using R81.20 ISO on VMware ESXi. R81.20 ISO does support installation on UEFI, and it does support the use of the VMware Paravirtual controller. I can't locate anything in the documentation mentioning this. The SK for recommendations regarding VMware ESXi installation is rather old (sk104848) and doesn't mention any of this.

Do we have any official feedback from Check Point on this one? Supporting UEFI is a significant improvement for both virtual and especially open server installations. VMware Paravirtual should make noticeable improvements to IOPS with less overhead on VMware installations. I can't see any reason not to opt for VMware Paravirtual unless some unknown issues should be mentioned by Check Point on this topic.

To make sure, I retested using R80.20, R80.30, R80.40, R81 and R81.10 ISO, and they don't allow for UEFI boot or installation, and they don't recognise hard drives using VMware Paravirtual, so this seems to be new with the R81.20 release.

 

But the fact that it works doesn't mean it's something Check Point considers "supported" or even "allowed". Some information from Check Point on this topic would be really helpful to get a better understanding of the changes provided with R81.20.

Certifications: CCSA, CCSE, CCSM, CCSM ELITE, CCTA, CCTE, CCVS, CCME
8 Replies
Chris_Atkinson
Employee Employee
Employee

R81.20 has a slightly newer kernel which helps.

Were still in the process of updating things like the HCL and SKs like you've mentioned with the relevant parts / info. Stay tuned - subscribe for updates!

 

CCSM R77/R80/ELITE
RamGuy239
Advisor
Advisor

Do we have any ETA on when sk104848 is going to be updated? Still nothing about R81.20 in the SK. Rather difficult to get an understanding of how Check Point is looking at the fact that R81.20 natively supports (U)EFI boot and PVSCSI. I just tested deploying R81.20 on Microsoft Hyper-V as well, and as a result of R81.20 supporting UEFI boot, it's now finally possible to deploy both Check Point Gateway and Management installations as Generation-2 virtual machines on Hyper-V.

sk106855 - Check Point Gaia OS support for Hyper-V does mention the existence of R81.20, but none of the other content has been changed or updated. This could mean that Check Point still looks at UEFI as not being supported, thus making Generation-2 virtual machines unsupported deployments. But considering sk104848 does not reflect anything R81.20 specific I have a feeling the details of sk106855 do not take any of these R81.20 changes and improvements into consideration either.

Certifications: CCSA, CCSE, CCSM, CCSM ELITE, CCTA, CCTE, CCVS, CCME
0 Kudos
PhoneBoy
Admin
Admin

One of the other things R81.20 fixed was how partitions are aligned on the disk.
This will definitely help performance on virtual machines as well.
See:
 https://community.checkpoint.com/t5/Management/Gaia-partition-misalignment/m-p/160677#M32878

Bob_Zimmerman
Authority
Authority

Just curious: what happens if you install R81.20 in a VM with UEFI boot ROM, then downgrade in-place with CPUSE to R81.10? Or even to R80.40? Do they remain able to boot? Or does the downgrade overwrite the bootloader?

0 Kudos
Vladimir
Champion
Champion

It is indeed a new feature and I have successfully installed R81.10 UEFI on VirtualBox. This said, I have another question to CP engineers- When using AMD-based hosts, I had to set paravirtualization to "None" to complete the installation and to have the resultant VMs perform adequately. Not doing that results in exceptionally long boot time. This, by the way, is happening regardless of whether UEFI is used or not.

I'd appreciate any insides into this issue.

PhoneBoy
Admin
Admin

It comes down to the fact that we don't sell appliances with AMD processors.
I don't believe we support any Open Server appliances with AMD either.
Therefore, we do not optimize (or account for) anything AMD specific. 

0 Kudos
Vladimir
Champion
Champion

That I know, but when we are running CP in the cloud environments, are the CSPs guaranteeing that those will be span-up on Intel hardware, or are they masking the underlying CPUs?

0 Kudos
PhoneBoy
Admin
Admin

It could be either, depending on the provider, I suspect.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events