 | ||
 R60 vs R62 | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2006-11-24 | |||
| |||
 R60 vs R62 Hello I plan to upgrade from R55. But I wonder what would be better choice, R60 or R62? R60 IPSO packages are freely available for download, but R62 is available only on CD for extra cost. I wonder if this cost is justified? Using CP for VPN only.  |
| 2006-11-24 | |||
| |||
| Re: R60 vs R62 If you need only in VPN (without edge) and if you don't need in different SmartDefence settings for different modules, imho, better use R60. R62 is new release, better wait HFA for it. |
| 2006-11-24 | |||
| |||
| Re: R60 vs R62 I'm also wondering what's best ... R60 HFA04 or R62 ... As well as ... is it better to rely on IPSO 3.9 or 4.1 ? My current thought is to go 3.9 with R62 anyway but I'm open to any good suggestions :) |
| 2006-11-24 | |||
| |||
| Re: R60 vs R62 I would go IPSO 4.1 running R62. If you're going through the hassle of upgrading, what's the point in only upgrading one step, when there are two releases since? It won't be that long, and you'll be running the last supported version again. The way I see it, R62 includes all the fixes in R60 HFA 04, and R61 HFA 01, and it doesn't introduce many new features. Cost is like $25. In the context of your license/support costs, it's pretty much non-existent. Ask your CSP for the CDs, get them for free. R62 packages for IPSO ARE available for download, but you need the CDs for other platforms. IPSO 4.1 introduces some nice stuff around user admin, and it supports newer platforms - e.g. IP390, IP560. You can't run 3.9 on those. |
| 2006-11-25 | |||
| |||
| Re: R60 vs R62 Quote:
In any case version of CP depends on necessary network configuration. If R62 is available for download as R60, try on lab both versions. |
| 2006-11-25 | |||
| |||
| Re: R60 vs R62 I'm currently thinking of upgrading from R60 HF04 to R62, I rebuilt the entire environment at the lab and went successfully through the "full connectivity" upgrade. I also heard from CP that R62 is based on R60 HF04, als fixes included. kva.kva, do you have futher information which udpates are missing? Only voice? __________________ misery is optional |
| 2006-11-25 | |||
| |||
| Re: R60 vs R62 Quote:
CP Release version questions. VoIP Hotfix 2 |
| 2006-11-25 | |||
| |||
| Re: R60 vs R62 Ah yes, I'd forgotten they've been keeping the VoIP fixes separate. Pretty silly really, especially since when you talk to the resellers they go on about how great CP is at securing VoIP. It's getting a little like GX, with separate release systems. Very frustrating, why can't they just combine it all? There is an SK somewhere detailing that R60 HFA 04 == R60 HFA01 == R62 (at least in terms of fixes). |
| 2006-11-27 | |||
| |||
| Re: R60 vs R62 IPSO 3.9 will be EOL soon. Why waste time upgrading to it... Actually I would not upgrade at all if I could - got IPSO 3.7 and R55 working just fine. But IP265 boxes don't run IPSO 3.7, only 3.9 and up. And CP R55 is not officially supported on IPSO 3.9 (although it runs fine). That's why the goal is IPSO 4.1 and R60 HFA4 or R62. BTW, could you point me exactly, from where can I download R62 IPSO packages. That would save me fight with a bean counters... PS. If you ask me, then IPSO 4.1 web interface is resource hog. Also 4.1 is buggy - for example you can't add external flash from it, it writes that the card is 'unsupported'. Only if you boot into 3.9 you can add external flash to IP265 via CLI and then boot back to 4.1... |
| 2006-11-27 | |||
| |||
| Re: R60 vs R62 Quote:
download the package from CP Usercenter: https://usercenter.checkpoint.com __________________ misery is optional Last edited by Porter; 2006-11-27 at 01:03. |
| 2006-11-27 | |||
| |||
| Re: R60 vs R62 Hm, for some reason I could not find this place last time: https://downloads.checkpoint.com/dc/...s=1073&appID=4 Seems like CP R62 packages for IPSO are not even available on CD: https://www.checkpoint.com/GetSecure...R62_OrderStart But I still have to order the CD for Smartcenter server. |
| 2006-11-27 | |||
| |||
| Re: R60 vs R62 Quote:
But even if you do have 3.7/R55 working OK, you do need to keep up with the times, if only to support newer hardware, as you've found. FWIW, I'm not impressed with the 265 platforms. Too many issues with them. The IP390 and IP560 systems are much better if you want flash-based platforms. |
| 2006-11-27 | |||
| |||
| Re: R60 vs R62 Quote:
You can get free CD's if you have software subscription by using the Upgrade Kit link. I, too, haven't kept up with the times because NGX doesn't seem to buy me anything, except maybe some heartache post-upgrade. There's a whole lot of functionality it could break. In fact, I lose some things because they require a Web Application license for some features I now use for free in R55. I am going to do the R55 -> R62 jump within the next few months only so I don't get too far behind. It really doesn't have any features that benefit our business, though. Ray |
| 2006-11-28 | |||
| |||
| Re: R60 vs R62 Quote:
But more seriously, I do understand what you mean by not seeing any really compelling reasons to upgrade, particularly if it's going to cause some pain. There are some pretty nice improvements to the GUI though, which you do become rather partial to after a while - tooltips showing the IP, cloning ojects, ability to look at an object's detail while examining a group, etc. But it's not quite the same as the massive GUI improvement from 4.1 -> R55. I can see the SD profiles becoming useful, once places get a little more comfortable with turning on more inspections. Most of them are for MS services though, and aren't really all that relevant at the border. You do need to stay up with the times, if only for support. Hadn't realised it was so soon for 3.7 - there's a lot of places still running 3.7/R55, and it doesn't seem all that long ago I was deploying it. I'm going through an R55-R62 upgrade now. Unfortunately it won't be until early in the new year when I can actually roll it into production. Looking OK so far though. |
| 2006-11-28 | |||
| |||
| Re: R60 vs R62 The only place we use SNX is with Connectra. I put it in a year ago as R60 HFA01 and completely skipped R61 because it defaulted to Java instead of ActiveX. We require that the pre-logon ICS scan complete successfully before you can get to the logon page, and ICS is only ActiveX. It didn't make sense to me why I should go to the bloatware Java when we had to use ActiveX anyway. That and the fact that the Java SNX cannot minimize to the system tray made it a no-brainer to not touch anything. In preparation for this R62 upgrade, I wanted to get Connectra on the latest. The upgrade ended up breaking two of the three people that we bought Connectra for in the first place. For whatever reason, I had to put in an eval version of Connectra R60 and let them download it. Everyone else worked fine and the debugs didn't have any clues. Go figure. I wish there was some functionality in it that would add capability to the business. That would make any post-upgrade heartache easier to justify. Ray |
| 2007-07-12 | |||
| |||
| Re: R60 vs R62 My observations of Check Point (and indeed, most vendors) is that they support the latest release the best. R60 was supported heavily as evidenced by five HFAs and two VoIP hotfixes. HFA05 had about one hundred fixes. R61 has one HFA and is now supposed to be the hotfix equivalent of R60 HFA04, but without the VoIP hotfixes. R62 has no HFAs and is supposed to be the hotfix equivalent of R60 HFA04, but without the VoIP hotfixes. R65 is supposed to be the hotfix equivalent of R60 HFA05 with the VoIP hotfixes. In addition, R65 has a new "plug-in" architecture where features can be added without a full upgrade. If I was going from R55 or earlier today, I'd go straight to R65. I haven't heard much bad at all about it. If your company is very conservative, I'd go R60 HFA05 and then jump to R65 when you're comfortable. Ray |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
