 | ||
 Compatibility between server 6.5 and client 6.0 | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2007-08-26 | |||
| |||
 Compatibility between server 6.5 and client 6.0 Hi Guys, I am required to upgrade the existing Integrity server 6.0 to 6.5 due issues with 6.0 and wish to leave the clients at 6.0 version. Please share your experience on compatibility between 6.0 clients and Integrity server version 6.5. Regards Aussie_in  |
| 2007-08-27 | |||
| |||
| Re: Compatibility between server 6.5 and client 6.0 Greetings, All server code is QAed with previous versions of Integrity Client. This means that 6.0 clients are successfully tested with 6.5 server before going GA. It does not work the other way. 6.5 clients are not tested with 6.0 server. So you can run both clients with 6.5 server. This does not work with 5.x clients they use a different hb port. When you upgrade it may be wise to export your corp connected policy and deploy it as the disconnected policy. Reason: During the upgrade your IAS server will be done and clients will activate the disconnected/personal policy. I suppose you could also check enable corp policy all the time. Be sure to examine the Readme file sent with the Installation of 6.5 it warns about a conf file that does not retain settings when upgrading from 6.0. I have seen this occur even within 6.5 HFA upgrades in certain circumstances. YOu will have additional considerations if you are also migrating to a new IP, DNS host name, or if you doing HA. IN a cluster you would upgrade you master memeber and test. Following a successful test then do a new install & join for the rest of the member servers. hth |
| 2007-08-28 | |||
| |||
| Re: Compatibility between server 6.5 and client 6.0 Hi Csing, Many thanks for your inputs. In this environment all the policies are disconnected i.e. even if Integrity server is unavailable for some reasons, the agents use the corporate policies based on the IP subnet from which they operate. Regards Aussie |
| 2007-08-30 | |||
| |||
| Re: Compatibility between server 6.5 and client 6.0 Hi Csing, Not sure about that. It's been in there for ages. What is your argument for user catalogs ? Can you draw a contrast between them for me ? Thanks in advance for your help. Regards Aussie |
| 2007-08-31 | |||
| |||
| Re: Compatibility between server 6.5 and client 6.0 User catalogs provide more security simply due to the fact that the user credentials are verified on the Integrity server. Also it allows you to deploy a policy to a specific user or group regardless of what machine is logged into. It requires and additional step for IAS to communicate to your user directory but once done it remains very static. Nevertheless if the user credentials do not match the user will be prompted if proxy login is checked. After 3 failed login attempts the policy applied would be either IP based or as last resort default policy for the entity. It gives greater control, security and better reporting I believe. What some find imtimidating is setting up the user catalogs. But once this is done it usually doesn't have to be played with. Limitation is that only one catalog can have proxy login checked. Which may not be an issue. |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
