PDA

View Full Version : R75 available for download..



simon
2010-12-22, 12:44
No announcement but R75 is available for download!

Checkout the Release Notes (http://downloads.checkpoint.com/dc/download.htm?ID=11647) and have fun! :)

alienbaby
2010-12-22, 12:59
I'm getting permission denied.



Insufficient Privileges for this File

ShadowPeak.com
2010-12-22, 13:58
I was able to get it, but my User Center account has partner access.

hotice_
2010-12-22, 15:39
The direct link works for me...

How did you find it via the search engine though?

pabouk
2010-12-22, 16:04
I get: "The System is currently undergoing system maintenance." :(

bmolnar
2010-12-22, 16:16
I was able to get to the release notes from your direct link, but can't locate the ISO download for R75

chillyjim
2010-12-22, 19:18
This usually means it will be released real soon.
They tend to set up the links and such just before posting the new product.

I'm sure there will be a nice big splash page when it's official.

PhoneBoy
2010-12-24, 14:48
Don't worry, you'll see an official announcement from me when R75 is available.

apachepro
2010-12-27, 07:43
I guess it is still Christmas back there at PhoneBoy latitudes so will update that
R75 was released officially !!!
Including DVD to download.


R75 DVD for SecurePlatform / RHEL 5.0 / RHEL 5.4
Details:
File Name: Check_Point_R75.Splat.iso
Product: Security Gateway, Security Management, SecurePlatform, SmartEvent, Management Portal, SecureXL, Mobile Access / SSL VPN, SmartReporter / Eventia Reporter
Version: R75
OS: SecurePlatform 2.6, Linux 5.0, Linux 5.4
MD5: 5fd786a0e7435c700785e344e2c5b424
Size: 1194.68 MB
Date Published: 2010-12-26

Barry J. Stiefel
2010-12-27, 12:12
Great. Let us know when R75 HFA-30 comes out and we'll consider trying it in our lab.

(Prediction: Check Point knows we won't trust any version with less than a few HFA's on it, so they'll oblige us by quickly rushing out a few HFA's on R75 in order to convince us to start using it.)

PhoneBoy
2010-12-27, 13:05
Yes, I was taking a long post-Christmas nap, but here's the official R75 release download link.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk58362

RayPesek
2010-12-27, 21:03
Hopefully it's a mistake that "sk59040: Check Point R75 Known Limitations" requires Advanced Access. Would you please check?

It's a major irritation that we have our support through a Check Point-approved company (CSP) and that WE are Check Point's customer yet Check Point treats us like we're leeches or something. If they don't like people having support through a CSP, then discontinue the program.

We haven't bought our support through a TomorrowNow clone; it's through a Check Point program. Why is everyone in the world given the same access to SecureKnowledge that we have?

Ray

Barry J. Stiefel
2010-12-27, 21:10
Let me get this straight: On the day R75 is released, Check Point already acknowledges there are bugs it's aware of but hasn't fixed, and they want to charge you extra for access to this list?

PhoneBoy
2010-12-27, 21:15
It appears you are correct that the R75 Known Limitations SK requires Advanced access. I suspect that was not intentional. I'm checking on it.

RayPesek
2010-12-27, 22:47
Thanks, PhoneBoy.


Let me get this straight: On the day R75 is released, Check Point already acknowledges there are bugs it's aware of but hasn't fixed, and they want to charge you extra for access to this list?

I consider that situation preferable to the fact that there are bugs they do not know of. :-)

I can get the list but I have to open a ticket with the CSP. Then they have to get it and put it in the ticket. Then I have to acknowledge it and tell them they can close the ticket. Then they close the ticket. I have to do that with each "advanced access" SK. What a waste of resources and time that adds no value whatsoever.

Ray

Thorpuse
2011-01-01, 09:55
I can get the list but I have to open a ticket with the CSP. Then they have to get it and put it in the ticket. Then I have to acknowledge it and tell them they can close the ticket. Then they close the ticket. I have to do that with each "advanced access" SK. What a waste of resources and time that adds no value whatsoever.



I must admit I've never really understood the point of restricting access like this. The more people can self-serve, the less they'll need to rely on support calls and other procedural stuff that isn't productove or profitable for anyone. Can your CSP nominate you as a support contact? May be worth asking them. Alternately if you're a CCSE (I'm sure you are or must have been at one stage!) perhaps they can tick the box for you to advanced access. No harm in asking!

Barry J. Stiefel
2011-01-01, 18:14
I must admit I've never really understood the point of restricting access like this. The more people can self-serve, the less they'll need to rely on support calls and other procedural stuff that isn't productove or profitable for anyone. Can your CSP nominate you as a support contact? May be worth asking them. Alternately if you're a CCSE (I'm sure you are or must have been at one stage!) perhaps they can tick the box for you to advanced access. No harm in asking!When Check Point considers making technical support more "self-serve" I think they have to weigh two opposing forces. On the one hand, yes, making more support information available easier will reduce their costs, but on the other hand, support contracts are where most of their revenue comes from.

So, yes, forcing you to call for technical support creates unnecessary work; very, very profitable unnecessary work.

RayPesek
2011-01-01, 19:25
So, yes, forcing you to call for technical support creates unnecessary work; very, very profitable unnecessary work.

Not really, because they can still require the same support contract costs. Letting CSP customers have more self-serve actually increases their profits because both CP and the CSP can stretch the same resources among even more customers. :-)

Ray

RayPesek
2011-01-01, 19:59
Alternately if you're a CCSE (I'm sure you are or must have been at one stage!) perhaps they can tick the box for you to advanced access. No harm in asking!

Yes, I had a CCSE for R55 NG AI. I was studying for R65 but then it got replaced by R70 and now R75. Sadly, the value of a Check Point certification in the local marketplace is very low so there isn't much incentive to spend that kind of cash for "just in case".

Ray

PhoneBoy
2011-01-02, 08:43
My understanding is that CSPs should have access to anything in the advanced partition, so they would not need to open a ticket to get the information.

RayPesek
2011-01-02, 22:15
I think that's correct. I meant I can see it in SK but can't open it. So:

1. I have to open a ticket with the CSP.
2. Then they have to respond to the ticket and assign it to someone.
3. Then they go get it.
4. Then they put it in their ticket.
5. Then I retrieve it from their ticketing system.
6. Then I tell them it's OK.
7. Then they close the ticket in their system.
8. Then they QA their response to the ticket.

Elapsed time: About one day and three people involved.

or

1. I click the article in SK and get it myself, the article that my company has paid for.

Elapsed time: About 1 second and just one person involved.

Ray

Barry J. Stiefel
2011-01-02, 23:10
I think that's correct. I meant I can see it in SK but can't open it. So:

1. I have to open a ticket with the CSP.
2. Then they have to respond to the ticket and assign it to someone.
3. Then they go get it.
4. Then they put it in their ticket.
5. Then I retrieve it from their ticketing system.
6. Then I tell them it's OK.
7. Then they close the ticket in their system.
8. Then they QA their response to the ticket.

Elapsed time: About one day and three people involved.

or

1. I click the article in SK and get it myself, the article that my company has paid for.

Elapsed time: About 1 second and just one person involved.

RayAre you trying to apply logic where it simply isn't welcome?

lammbo
2011-01-03, 08:41
I must admit I've never really understood the point of restricting access like this. The more people can self-serve, the less they'll need to rely on support calls and other procedural stuff that isn't productove or profitable for anyone. Can your CSP nominate you as a support contact? May be worth asking them. Alternately if you're a CCSE (I'm sure you are or must have been at one stage!) perhaps they can tick the box for you to advanced access. No harm in asking!

Agreed. Same support price is paid whether I call them or not. It's in their own best interest to let me have access.

One way I've gotten around this in the past is that all of my products are under VAR support except for a single 1 user SecureClient license, for which we have premium support directly from CP. So I have "Advanced" access rather than the more generic restricted flavor.

frienton
2011-01-03, 10:41
Any feedback on R75 yet?

melipla
2011-01-03, 12:20
Mmm just ran through the release notes, some random points of interest:

R75 = R70.40. "Endpoint Security VPN" [aka CPES, aka Discovery] is listed as being supported, even though it was not supported in R70.40 [without an additional patch]. Plus more fun getting those killer R70.40 based hot fixes ported...

IPS Blade got gutted for application control [a la skype], which is a shame as I had hoped to be able to use that. Most of my 5 blade containers are already full, which means another hefty bill for buying new Check Point licenses for something I already thought I had.

It appears that CP is trying to restrict what appliances / open servers support Performance Pack. Basic recommendation of a quad-core intel processor but not much detail beyond that. Disappointing for me, as I'm currently on older Dell models. Should be noted that IPv6 isn't supported with Performance Pack yet either.

"Traditional mode" policies are basically not being supported any more, nothing new there.

sk56800 referenced in the known issues is missing (http://supportcontent.checkpoint.com/solutions?id=sk56800)

R75 Documentation Package is missing (http://supportcontent.checkpoint.com/documentation_download?ID=11550).

It doesn't appear that Gaia is R75 as I had been told & hoped to be true. This would indicate that another major release will be happening this year [sooner rather than later?], which will probably supersede R75.

Happy New Year!

RayPesek
2011-01-03, 14:35
IPS-1 got gutted for application control [a la skype], which is a shame as I had hoped to be able to use that. Most of my 5 blade containers are already full, which means another hefty bill for buying new Check Point licenses for something I already thought I had.

IPS-1 or IPS lost application control? I thought IPS-1 was the separate IPS appliance that orignially replaced NFR.

Ray

RayPesek
2011-01-03, 14:48
Are you trying to apply logic where it simply isn't welcome?

I don't know that it isn't welcome as much as maybe it's something that was started years ago and made sense then but doesn't make sense in today's environment and should be re-evaluated.

The best example I know of is from the 1970's when I started driving. There was a car anti-theft product hawked not only in the newspapers but by local police departments. One variation engraved the Vehicle Identification Number on various car body parts and etched it into the glass on the windows. A competing product did the same thing but used the Sociual Security Number of the owner for rapid identification. Both methods were acceptable forty years ago when cars lasted well under 100,000 miles and before computers became mainstream. But if you tried to sell a product today that etched people's SSN on their car windows, you'd be arrested and charged with facilitating identity theft or something. .

I know that PhoneBoy has helped many people out here and I've been contacted privately by other Check Point employees on issues posted here, so maybe all it takes is the right person learning about it.

I mean, look at my posting over in the IPS forum. The lead from Check Point IPS solicited customer feedback in a public posting. No one wants to do something that wastes their time and that is a great example of them wanting to focus their efforts on what matters to the people actually using their product.

Ray

chillyjim
2011-01-03, 21:43
It doesn't appear that Gaia is R75 as I had been told & hoped to be true. This would indicate that another major release will be happening this year [sooner rather than later?], which will probably supersede R75.

Gaia was not suppose to be released as part of R75, it's a separate release.
AFAIK it has not been released yet, but it is close. Keep your eyes open.

PhoneBoy
2011-01-03, 23:04
sk56800 referenced in the known issues is missing (http://supportcontent.checkpoint.com/solutions?id=sk56800)

R75 Documentation Package is missing (Check Point Software Technologies: Download Center (http://supportcontent.checkpoint.com/documentation_download?ID=11550)).

sk56800 is there, but it's internal only for some reason,. The Doc package is, in fact, missing. I've reported both issues.

PhoneBoy
2011-01-03, 23:42
As far as I know, the standard "open server" blade containers still contain IPS for one year--not app control. At least that's what the pricelist says. In any case, App Control and IPS are both priced exactly the same--$1500 or $3000 per year based on gateway size.

Barry J. Stiefel
2011-01-04, 00:31
As far as I know, the standard "open server" blade containers still contain IPS for one year--not app control. At least that's what the pricelist says. In any case, App Control and IPS are both priced exactly the same--$1500 or $3000 per year based on gateway size.I propose we just call this "YABS": the "Yet Another Blade Syndrome".

Carsten
2011-01-04, 12:15
It doesn't appear that Gaia is R75 as I had been told & hoped to be true. This would indicate that another major release will be happening this year [sooner rather than later?], which will probably supersede R75.


Gaia was not suppose to be released as part of R75, it's a separate release.
AFAIK it has not been released yet, but it is close. Keep your eyes open.

Gaia has nothing to do with R75, it is only the operation system which supersedes both IPSO and SPLAT.
The first release should come out around the end of this year.

melipla
2011-01-04, 12:41
The only thing that doesn't work is the SSL-Login Portal of Mobile Access Software Blade.

I think that's what SK56800 is for, this portal page isn't working by default.

pabouk
2011-01-05, 06:41
Gaia ... The first release should come out around the end of this year.
So Check Point postponed the release so much? In September Check Point presented that first release of Gaia will be in 2010. Later I heard that it will be at the beginning of 2011...

chillyjim
2011-01-05, 15:12
So Check Point postponed the release so much? In September Check Point presented that first release of Gaia will be in 2010. Later I heard that it will be at the beginning of 2011...

Yes it should be this year (2011) not 2012. For that matter, last I knew it should be Q1 but I haven't seen a release update in a while.

As always, if you are in particular need talk to your SE directly.

PhoneBoy
2011-01-05, 16:24
Gaia will come out when it is ready to. Not before :)

I've been at least peripherally involved with Gaia throughout the development process. I've seen how it has evolved over time. While I can't really tell you anything specific at this point, I can say I think it will be worth the wait.

varera
2011-01-06, 12:26
My understanding is that CSPs should have access to anything in the advanced partition, so they would not need to open a ticket to get the information.

I concur this. But the download link says nothing about limiting CSP access. In fact, it states something completely different about Software Subscription being active.

I guess this is the point of failure for most. Although having valid CSP agreement bind to UC account should do the trick.

maddogx
2011-01-16, 11:21
mobile access portal just refuses to work, the url at:
https://cp/sslvpn serving the certificate and than just hangs and doesn't load the portal.

I have no idea why...

maddogx
2011-01-17, 12:55
alright i managed it out, if endpoint security installed within mobile access on same gateway then the sslvpn portal stops working. I reinstalled without endpoint security.

PhoneBoy
2011-01-17, 21:25
Do you actually need the Endpoint Security server? I'm sure there's a way to have both on there.