CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it yet again - That's right, the 3rd edition is here!
You can read his announcement post here.
It's a massive upgrade focusing on current versions, and well worth checking out. -E

 

Results 1 to 17 of 17

Thread: Check Point R76

  1. #1
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,494
    Rep Power
    17

    Default Check Point R76

    There's a lot of stuff in this release. Especially around IPv6 :)

    https://supportcenter.checkpoint.com...tionid=sk91140
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

  2. #2
    Join Date
    2006-11-21
    Location
    Michigan
    Posts
    70
    Rep Power
    14

    Default Re: Check Point R76

    From the link:
    Monitoring: Netflow service support to collect data on traffic patterns and volume
    A quick look through the documentation package and release notes did not turn up anything about Netflow.

    Where might I find out more info??

  3. #3
    Join Date
    2008-05-26
    Location
    Osnabrück, Germany
    Posts
    119
    Rep Power
    12

    Default

    Actually it does say Netflow is supportet.

  4. #4
    Join Date
    2006-03-19
    Location
    Northern Ohio
    Posts
    1,386
    Rep Power
    15

    Default Re: Check Point R76

    Quote Originally Posted by PhoneBoy View Post
    There's a lot of stuff in this release. Especially around IPv6 :)

    https://supportcenter.checkpoint.com...tionid=sk91140
    Do you have any insight on how R76 compares to R75.46 patch-wise? Generally when they are released this close, the higher version one is further behind.

    Thanks,

    Ray

  5. #5
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,494
    Rep Power
    17

    Default

    Not all the R75.46 patches are in R76. I don't have an exact list. You also can't manage R75.46 from R76. This will be addressed in R76.10.
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

  6. #6
    Join Date
    2006-09-26
    Posts
    3,194
    Rep Power
    17

    Default Re: Check Point R76

    Quote Originally Posted by PhoneBoy View Post
    Not all the R75.46 patches are in R76. I don't have an exact list. You also can't manage R75.46 from R76. This will be addressed in R76.10.
    This is really messed up. According to the released notes:

    You can upgrade these Security Management Server and Security Gateway versions to R76:
    R71.50
    R75 , R75.10, R75.20, R75.30, R75.40, R75.45, R75.40VS

    In other words, you can NOT upgrade from R75.46 to R76.

    Nice works.

  7. #7
    Join Date
    2006-03-19
    Location
    Northern Ohio
    Posts
    1,386
    Rep Power
    15

    Default Re: Check Point R76

    Quote Originally Posted by cciesec2006 View Post
    In other words, you can NOT upgrade from R75.46 to R76.
    I'm sure you left off "yet" at the end of your response.

  8. #8
    Join Date
    2005-11-25
    Location
    United States, Southeast
    Posts
    857
    Rep Power
    15

    Default Re: Check Point R76

    Quote Originally Posted by RayPesek View Post
    I'm sure you left off "yet" at the end of your response.
    Nope. Thats the way it will remain. You'll likely be able to go from R75.46 to R76.10 or something like that..

  9. #9
    Join Date
    2006-03-19
    Location
    Northern Ohio
    Posts
    1,386
    Rep Power
    15

    Default Re: Check Point R76

    Sorry for my imprecise wording. That is what I meant. If R75.46 has some newer pieces-parts it would in some respects be a downgrade. I think this happened in a previous version as well and it certainly is not an uncommon practice. When I do my next Websense upgrade, I need to back out at least one patch before the upgrade can continue.

    I do like the way Imperva does their gateway upgrades, though. They seem to lay down the new version in its entirety using a temporary root folder name, migrate the configuration from the old to the new, delete the old and then rename the new. You can tell some of them came from Check Point: centralized and very capable management and 99.9% of the gateway's configuration is stored on the management server. Websense by contrast is a mess: must upgrade devices and software components in a very particular order, must big-bang the upgrade by upgrading 100% of the components or it doesn't work, different backup methods for each subsystem, and it seems to be fragile. At least the desktop agents only go into read-only mode if not upgraded instead of stopping working. You don't dare do a rapid upgrade to a new patch or release until you've let the more foolhardy people report the problems.

    Ray

  10. #10
    Join Date
    2013-02-26
    Posts
    3
    Rep Power
    0

    Default Re: Check Point R76

    Quote Originally Posted by David.Baldwin View Post
    From the link:


    A quick look through the documentation package and release notes did not turn up anything about Netflow.

    Where might I find out more info??
    On the Gaia web management UI there is Netflow support in R76... I threw up a VM running R76 at work just to play with it. I haven't pointed the gateway at my SIEM netflow collector yet to test, but I assure you netflow is in the web UI. You simply add netflow destinations and I'm assuming it'll start pushing out netflow data.

  11. #11
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,494
    Rep Power
    17

    Default Re: Check Point R76

    To correct and clarify a couple of things:

    1. R76 can manage R75.46 (this was verified and the release notes have been updated).
    2. The path from R75.46 is expected to be R76.10
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

  12. #12
    Join Date
    2006-09-26
    Posts
    3,194
    Rep Power
    17

    Default Re: Check Point R76

    Quote Originally Posted by PhoneBoy View Post
    To correct and clarify a couple of things:

    1. R76 can manage R75.46 (this was verified and the release notes have been updated).
    2. The path from R75.46 is expected to be R76.10
    Hi PhoneBoy,

    I just upgrade my box to R75.46 one day prior to Checkpoint release R76. Therefore, I can NOT upgrade my P-1 to R76 :-(

    When will checkpoint expect to release R76.10 for poor guy like me?

  13. #13
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,494
    Rep Power
    17

    Default Re: Check Point R76

    Work is already underway on R76.10 and the goal is to not let too much time go between R76 and R76.10. Beyond that, I can't get into specifics. :)
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

  14. #14
    Join Date
    2008-05-26
    Location
    Osnabrück, Germany
    Posts
    119
    Rep Power
    12

    Default

    I think most companies will not use any Rxx version without a following dot anyway.
    Even if there was a test period, every first release has bugs.
    The following releases will have bugs, too, but hopefully the worst will be fixed with the .10 releases.

    Personally I am most interested in what Check Point did regarding Identity Awareness, like if cross CMA identity sharing out of the box is possible now, or mixing users from different AD domains in one group.
    Last edited by Carsten; 2013-03-03 at 04:22.

  15. #15
    Join Date
    2005-11-25
    Location
    United States, Southeast
    Posts
    857
    Rep Power
    15

    Default Re: Check Point R76

    Awesome.. We're turning this thread into 'the feature we are most waiting for'..

    My Wishlist

    1. Inbound/outbound Zones; CheckPoint has dozens, if not hundreds of RFEs for this feature
    2. Merging of Application Control, Geo Protection, URL filtering etc into the Security Policy tab.
    3. Elimination of use_largest_subnet behavior in VPN topology
    4. Multiple Read/Write administrators in the same CMA/SCS at the same time; been asking for that one for a decade; Messagebus based architecture in my skull; somebody from CheckPoint just ask
    5. Make SecureClient/SecuRemote office mode functionality free.
    6. Anti-spoofing takes configuration from gateway's routing table; Refer to previous posts
    7. Allow colon character (IPv6) in object name; maybe R76 does this, haven't fired it up yet.
    8. Per gateway encryption domains for each VPN community
    9. Optional FPGA for IPS and/or Application Control and/or VPN offload and/or SecureXL and/or SSL decryption ..........
    10. Gateway transmits syslog to syslog server (maybe per rule), in additional to normal logging to CMA/CLM/SCS
    11. Control/configure routing table using Cluster/gateway object, instead of direct OS configuration
    12. Break up code and configuration into separate directory trees.
    13. CLI commands for listing/creating/deleting/changing objects
    14. Human readable debug for VPN.
    15. Merge VPN Tunnelutil functions into SmartView Monitor
    16. Sub-Policies.
    17. Limit specific Administrators to specific policies/tabs


    I've got dozens and dozens more..

  16. #16
    Join Date
    2013-03-05
    Posts
    58
    Rep Power
    7

    Default Re: Check Point R76

    For those who haven't noticed already, CP removed the last Solaris support with R76.

  17. #17
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,494
    Rep Power
    17

    Default Re: Check Point R76

    Solaris support was also not present in R75.40VS either. Then again, lack of Solaris support going forward was something we announced a bit ago, I believe.

    Meanwhile, the Gaia Admin Guide for R76 now contains proper documentation about Netflows (it did not previously): Check Point Software Technologies: Download Center
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

Similar Threads

  1. Replies: 3
    Last Post: 2012-05-17, 20:48
  2. Check Point Class
    By caldweel in forum Introductions
    Replies: 0
    Last Post: 2012-03-10, 03:42
  3. Congrats to Check Point !
    By Routerkid1 in forum Miscellaneous
    Replies: 8
    Last Post: 2010-04-01, 11:41
  4. Jobs at Check Point
    By chillyjim in forum Employment/Consulting Opportunities For Check Point Administrators
    Replies: 0
    Last Post: 2005-12-26, 03:59

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •