Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
the_rock
Legend
Legend

R82 feedback

Hey boys and girls,

Wanted to quickly share about R82 EA, as I ended up upgrading my R81.20 standalone lab to see what the process looked like. So far, not too bad, it took bit of time, as its standalone, so had to re-import the mgmt database. 

I would say, make sure you have enough space in root dir, and also, something to keep in mind below.

Smart console looks literally the same, but I see there are way more options in legacy dashboard for mobile access blade.

Https inspection policy also looks more robust than before, so thats fantastic.

Screenshot_3.png

 

Screenshot_2.png

 

This is what came up after the upgrade, not sure if its expected. I will keep adding more things as I discover them.

 

[Expert@CP-STANDALONE:0]# cpinfo -y fw1
cp_get_kernel_version: ERROR: kernel version 4.18.0-372.9.1cpx86_64 is unknown. Perhaps 4.18.0-372.9.1cpx86_64 needs to be added as a version to cp_get_kernel_version and CpOsKernelVersion?

This is Check Point CPinfo Build 914000248 for GAIA
[FW1]
HOTFIX_WEBCONSOLE_AUTOUPDATE
HOTFIX_GOT_MGMT_AUTOUPDATE
HOTFIX_NGM_DOCTOR_AUTOUPDATE
HOTFIX_PUBLIC_CLOUD_CA_BUNDLE_AUTOUPDATE
HOTFIX_VCE_R81_20_AUTOUPDATE
HOTFIX_GOT_TPCONF_MGMT_AUTOUPDATE
HOTFIX_GOT_TPCONF_AUTOUPDATE

FW1 build number:
This is Check Point Security Management Server R82 - Build 690
This is Check Point's software version R82 - Build 760
kernel: R82 - Build 735

 

Best,

Andy

 

 

0 Kudos
44 Replies
the_rock
Legend
Legend

I really like below changes in dashboard...subtle, but nice 🙂

Andy

 

Screenshot_1.png

 

 

Screenshot_2.png

  

0 Kudos
the_rock
Legend
Legend

Here is something I find a bit ironic...shows its vulnerable to latest vpn CVE, but I suppose it might be as its not official release yet? Maybe someone from CP can comment and no, its NOT available to install.

Andy

 

Screenshot_2.png

 

 

Screenshot_1.png

  

0 Kudos
Timothy_Hall
Legend Legend
Legend

Yep I noted the deprecation of the e1000 driver in my Gateway Performance Optimization Course on the page shown below.  There will also be a major jump in all NIC driver versions due to the new 4.10.0-372.9 kernel that may cause behavioral changes at the network level.

Also a new R82 tool called connview that allows the easy viewing of connection attributes such as what processing path they are in, why they are slowpath, etc.  This replaces the jumble of different commands used to determine this information in R81.20 and earlier such as fw ctl multik gconn, fwaccel conns, fw tab -t connections -z, fw_mux, fw_streaming, etc.  I attached the relevant page for that too.  A few other tidbits I'm excited about in R82:

1) The much more efficient Galois Counter Mode (GCM) AES algorithms are now available for IKE Phase 1, not just Phase 2/IPSec.  Also a new enhanced VPN Monitoring Tool to replace the SmartView Monitor status screens.

2) Hyperflow/pipelining  can boost CIFS/SMB connections

3) A new implementation of the gateway logging mechanism that is multi-threaded (no more legacy fwd log bottlenecks).

4) R77.30 is no longer supported for backward management compatibility with gateways!

r821.pngr822.png

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
the_rock
Legend
Legend

Thanks Tim. I cant speak for compatibility, as I was unable to find reference to that fact, but, if you try create new fw, it lets you choose all the way back to R70. One cool thing is that when you do create new fw object, it enabled those 2 TP blades automatically, so if you dont need them, you can turn it off.

Andy

 

Screenshot_1.png

 

 

Screenshot_2.png

 

0 Kudos
Timothy_Hall
Legend Legend
Legend

You are right, I was looking at the wrong table in the release notes.  Backward compatibility does work back to R77.30 but apparently no earlier than that.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
the_rock
Legend
Legend

Of course Im right man, Im ALWAYS right 😉

Just kidding, Im usually way more wrong than right 🤣🤣🤣

Anyway, its just odd that when you try create fw object, it lets you go all the way back to R70...

Andy

0 Kudos
the_rock
Legend
Legend

Btw, where did you get release notes from? I looked on support site, also all the docs from other community link when you register for EA program and dont see release notes anywhere.

Andy

0 Kudos
Timothy_Hall
Legend Legend
Legend

It's just one of the download links, here is how you get there:

ea1.pngea2.pngea3.png

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
the_rock
Legend
Legend

K, got it, sorry, I downloaded documentation package today, totally missed that 3rd link. Anyway, dont really see any backwards compatibility list, so its possible not finalized yet?

Andy

0 Kudos
the_rock
Legend
Legend

Never mind, been long day today, I think this is it...

Andy

Management Server and Security Gateway
Versions
Note - For more information about Security Management Servers and supported
managed Security Gateways see sk113113.
R82 Management Servers can manage Security Gateways that run these versions:
Gateway Type Release Version
Security Gateway and VSX R82, R81.20, R81.10, R81,
R80.40, R80.30, R80.20, R80.10
Security Groups on Maestro R82, R81.20, R81.10, R81,
R80.30SP, R80.20SP
Security Groups on Scalable Chassis R82, R81.20, R81.10, R81,
R80.20SP
Quantum Spark, Quantum Rugged,
and SMB Appliances
R81.10.X,
R80.20.X,
R77.20.8X

0 Kudos
the_rock
Legend
Legend

Not sure if this could be just space issue in my lab, but ever since I upgraded, cant open log tab at all to get any data. I replaced httpd2-smartview.conf file from working environment (though R81.20), shut down, rebooted many times, cpstop; cpstart, installed policy, database, nothing.

Anyway, for now, Im just using old school tracker to check logs when needed.

Not a big deal, since its just a lab, but too coincidental it would happen right after upgrade to R82...before that, all worked fine.

Andy

 

Screenshot_1.png

0 Kudos
the_rock
Legend
Legend

Update on this...so I installed R82 console on different windows vm, logged in and when its brand new smart console install, logs tab shows by default fw logs, but if you hit plus sign to open new tab, its exact same issue.

I can only assume this is a bug, as smartview service is totally fine on my machine when I run cpwd_admin list.

Maybe someone from Check Point can confirm?

Best,

Andy

0 Kudos
Ido_Shoshana
Employee
Employee

Hi,

we are not familiar with such an issue.

can you say which build/take of smartconsole you are using?

0 Kudos
the_rock
Legend
Legend

Yes, will check later...just having some licensing issues with the lab, so once thats resolved, will try again and see. In the meantime, will open demo smart console and send the version.

Andy

0 Kudos
the_rock
Legend
Legend

Hey @Ido_Shoshana 

This is the one I downloaded...I assume thats probably the only version available.

Andy

 

Screenshot_1.png

0 Kudos
Ido_Shoshana
Employee
Employee

Thanks Andy

Hi, we need to ask the smartconsole.log after turning on debug level.

  1. run SCConfigManager as admin.  type: 1 → Debug → 2 → Full → 7
  2. Clear all log files (in /output folder)
  3. Go to SC and try again 
  4. send us the logs
  5. change again the debug level

 

Can we have it? 🙂

0 Kudos
the_rock
Legend
Legend

We need to apply new license to our eve-ng lab, so once done, I can access the server again 🙂

Andy

0 Kudos
Ido_Shoshana
Employee
Employee

Great, much appreciated

the_rock
Legend
Legend

On another note, any idea how to fix this?

I followed uninstall command from sk, but same issue : - (

Andy

 

Screenshot_1.png

0 Kudos
Ido_Shoshana
Employee
Employee

Not really, as the issue needs to be investigated

0 Kudos
the_rock
Legend
Legend

K, let me work on it later, will update.

Andy

0 Kudos
Ido_Shoshana
Employee
Employee

Sure

can you try and reboot one of the VMs?

this may be a WA until permanent solution 

0 Kudos
the_rock
Legend
Legend

I probably rebooted it 20 times since last night lol

No change.

Andy

0 Kudos
the_rock
Legend
Legend

K, did fresh install, all good now!!

Andy

0 Kudos
Ido_Shoshana
Employee
Employee

Great Andy…

I wonder what was the root cause for the original issue.

Any chance you reproduced the issue and collected the debug files before the issue resolved?

the_rock
Legend
Legend

Definitely space lol. It had barely 2.5 GB left in / dir 😂😂😂

0 Kudos
Ido_Shoshana
Employee
Employee

Thank you Andy 🙂

PhoneBoy
Admin
Admin

We've supported using vmxnet3 NICs for a while now, I believe, and they have much better performance 🙂

I personally did a fresh install versus an upgrade in my lab.

the_rock
Legend
Legend

I used that now and doing fresh install...lets see what happens 🙂

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events