PDA

View Full Version : Check Point R75.10 is in Public EA



PhoneBoy
2011-04-06, 09:05
This release is available in User Center under Products > Early Availability. This version contains new features and resolves various issues for Check Point Software Blades.

What's New in R75.10:


Improved Clientless VPN features

Support for Secure Workspace and SNX (Application and Network Modes) on Windows 7 32/64-bit
Improved SNX application control by software vendor so you can easily choose to allow all applications from a specific vendor

SmartConsole

Multiple selection of applications in Application Control
Faster loading time and improved application performance

SmartEvent and SmartView Tracker

Faster query response and improved application performance



Also includes support for:


UTM-1 Edge 8.2 gateways
SecuRemote E75.10
Pre-shared secret authentication method
SNX on Mac 10.6 connecting to the Mobile Access
Check Point Mobile for iPhone and iPad

Access to Web applications
Access to email, calendar, and contacts
Two-factor authentication with client certificate and username/password

Detection of Skype traffic in the Application Control Software Blade
Customized client certificate authentication

PhoneBoy
2011-04-06, 11:20
Also of note is that this is the first release where Software Blade licenses are a hard requirement. The specific verbiage from the EA Release Notes says:

Check Point software versions R75.10 or higher require a valid Software Blades license. Users with NGX licenses will not be able to install the software.

RayPesek
2011-04-06, 20:12
Also of note is that this is the first release where Software Blade licenses are a hard requirement. The specific verbiage from the EA Release Notes says:

Check Point software versions R75.10 or higher require a valid Software Blades license. Users with NGX licenses will not be able to install the software.

"will not be able to install" or "will not be able to apply NGX licenses"?

The former implies that a new installation no longer has a 15-day full eval license.

Ray

PhoneBoy
2011-04-06, 23:09
An eval license by definition is a Software Blades license, including the built-in 15 day eval. What this says is if you have an R75 install with NGX licenses and you install R75.10 on it, it will fail.

pabouk
2011-04-07, 03:10
Do you know if upgrade from R71.30 to R75.10 (EA) is supported in some way?

The R75.10 EA RN say that upgrade from R71.30 is possible by upgrading first to R75 but R75 RN do not mention possibility of upgrading from R71.30 and indeed such upgrade did not work for us.

pmb1010
2011-04-07, 16:48
I installed R75 on a test system, did a quick CPCONFIG to set it up.
Let it use the default 15 day license.
Installed the R75.10 upgrade, that went OK.

Opened the SmartDashboard to configure some rules, and did a "get topology" to populate the 3 interfaces in use.
But they all show as "External". Changing to internal is not an option, therefore I can't set VPN domain..

Any idea where I went wrong?

northlandboy
2011-04-07, 17:34
Any idea where I went wrong?

Is your firewall configured as a host, not a gateway maybe? Try right clicking on the object in Dashboard, and going -> Convert to Gateway, or something like that

pmb1010
2011-04-07, 18:54
EDIT - Yes, that was it. Was defined as "Checkpoint Host" and not a gateway.
Did the "convert to gateway" and that let me change the interfaces. TU

2nd Edit --- The Secure Remote E75.10 client connects sucessfully to this version, using the 15 day trial license

================================================== =========

Will check that tomorrow.
What I do know, is that device knows its a SecurePlatform, and allowed me to checkmark IPSEC and push a policy to it.

Very strange. But your suggestion sounds logical. Sometimes the obvious... cannot be seen. Thanks!

adam65535
2011-06-06, 17:14
Does this also mean that upgrading an R75 management to R75.10 which is managing R65 gateways will break management of the R65 gateways(which don't support software blades)?

PhoneBoy
2011-06-06, 20:30
If you're managing an older gateway with your R75.10 management, it will still work (provided your management station has Software Blade licenses, of course).

adam65535
2011-06-06, 21:24
That is good news. I was worried based on that note that the r75.10 management wouldn't recognize the already existing r65 gateways as valid since they will still have the old non blade licenses. Thanks for the info.

PhoneBoy
2011-06-07, 01:20
The local gateway the license is installed on is responsible for enforcing the license. Your R65 licenses aren't installed on your R75.10 Management, so it shouldn't be an issue.

serlud
2011-06-07, 03:15
If you're managing an older gateway with your R75.10 management, it will still work (provided your management station has Software Blade licenses, of course).

Since when exist Software Blade migration programm for management LICs?

For some reason or other we could not use our existing manangement Lics. Could you clarify Why?

adam65535
2011-06-07, 06:20
Hmm... Upgrade went well but cant install smartconsole on the windows client on XP SP3 (32bit). (Solved... file corruption issue)

An error (-5005 : 0x80070002) has occurred while running the setup.

Please make sure you have finished any previous setup and closed other applications.
If the error sill occurs, please contact your vendor: Check Point (##ID_STRING4##).

Error Code: -5005 : 0x80070002
Error Information:
>Kernel\KernelMedia.cpp (95)
>SetupNew\setup.cpp (836)
PAPP:SmartConsole
PVENDOR:Check Point (##ID_STRING4##)
PGUID:3324E601-1618-497C-984B-66695352A3FB
$14.0.0.162PAK
@Windows XP Service Pack 3 (2600) Non IE/Netscape 61608.18

Anyone see this?

Update: Same result on win 7 64bit. Can anyone do an md5sum on Check_Point_SmartConsole_R75_10_Windows.exe for me? I get 8c18ea8957281ab59d86030ca136edb0 .

UPDATE 2: It was a file corruption issue. Problem solved.

serlud
2011-06-07, 07:14
Can anyone do an md5sum on Check_Point_SmartConsole_R75_10_Windows.exe for me? I get 8c18ea8957281ab59d86030ca136edb0 .

We have used following GUI:
804a6f00723fff0327787c69124d73be Check_Point_SmartConsole_R75_10_Windows.exe
Build 979001045 and it seems to be work on Windows XP SP3


We have redownloaded an original Check_Point_SmartConsole_R75_10_Windows.exe
MD5: 744128885dad422f0e57fa37e4f31f54
Size: 129.65 MB
Date Published: 2011-05-04
This seems to be working also and have the same Build 979001045..

PhoneBoy
2011-06-07, 10:09
There isn't a Software Blades migration plan "just for management." Software Blades migration happens all at once in User Center, but unless you have just a self-managed gateway, you rarely do the software upgrades all at once. There are also going to be gateways that for whatever reason can't be upgraded (e.g. legacy Nokia appliances). There's also VSX which is not yet Software Blades but will have to be managed by something that is to remain supported.

Bottom line: R75.10 managemebt gateways and above absolutely require Software Blades licenses installed on them. This does not prevent R75.10 and above management from managing gateways that do not have Software Blades licenses on them so long as the gateway has a valid license for the version of code installed.

serlud
2011-06-07, 14:11
There isn't a Software Blades migration plan "just for management." Software Blades migration happens all at once in User Center, but unless you have just a self-managed gateway, you rarely do the software upgrades all at once. There are also going to be gateways that for whatever reason can't be upgraded (e.g. legacy Nokia appliances). There's also VSX which is not yet Software Blades but will have to be managed by something that is to remain supported.

Bottom line: R75.10 managemebt gateways and above absolutely require Software Blades licenses installed on them. This does not prevent R75.10 and above management from managing gateways that do not have Software Blades licenses on them so long as the gateway has a valid license for the version of code installed.

1. We could not find any way to convert our current NGX Management Lics , Provider, SMS to just normal SB Management Lic . (Update at one in user center do not contain any Management Lics.)

2. We already (two weeks ago at least) ask our Major Account manager about how to use our current management lics with R75.1 , but till now work in progress...

3. It seems CP would like to prevent all old customers (since NGX at least) to use R75.1 for some reason or other.., correct me if I wrong.. (eval lic is not rigth way for using softwate under current support) .

PS: we just could not install R75.10 on Provider R75, or on Management R75.. that is our (and other customers) big problem...

PhoneBoy
2011-06-07, 21:01
There is no "automatic" conversion of Provider-1 licenses to Software Blades. You essentially have two options:

1. Request a free "enabler SKU" from Account Services. This essentially turns your NGX Provider-1 licenses into Software Blades without any other changes to the licensing needed. It also allows you to purchase additional licenses at the cheaper Multi-Domain prices.

2. Trade in your existing Provider-1 licenses for Multi-Domain Licenses, which are cheaper. However, our standard trade-in rules apply, which means it won't be a "free" upgrade.

serlud
2011-06-08, 03:40
There is no "automatic" conversion of Provider-1 licenses to Software Blades. You essentially have two options:

1. Request a free "enabler SKU" from Account Services. This essentially turns your NGX Provider-1 licenses into Software Blades without any other changes to the licensing needed. It also allows you to purchase additional licenses at the cheaper Multi-Domain prices.

2. Trade in your existing Provider-1 licenses for Multi-Domain Licenses, which are cheaper. However, our standard trade-in rules apply, which means it won't be a "free" upgrade.

1. CP Web does not contained any information about "enabler SKU":
Search results for: enabler SKU
There are no matching records for enabler SKU. Please try your search again.
Our SE also could not provide as with this SKU..

2. For some reason during SB migration we can convert ("free" upgrade) some management Lic , but not Provider.
CPVP-VCT-U-NG CPSG-P204U-CPSM-PU003-F

According to CP SB migration was to simplify lic model, now it seems that 2 models NGX for Provider and SB for all other product will be used in the future., please do not say it will simplify lic models..

PhoneBoy
2011-06-08, 19:01
You have to call or open a ticket with Account Services to obtain the Enabler SKU.

In one sense, maintaining the existing licenses with Provider-1 *is* simpler, especially if you have a large installation with tens of CMAs. This is the customer feedback I've received, at least.