CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it yet again - That's right, the 3rd edition is here!
You can read his announcement post here.
It's a massive upgrade focusing on current versions, and well worth checking out. -E

 

Results 1 to 5 of 5

Thread: Current stable version

  1. #1
    Join Date
    2013-08-27
    Posts
    3
    Rep Power
    0

    Default Current stable version

    Hi,

    i am facing DHCP relay problem in my current R71.10 version, so i have planned to upgrade to R75.47 or latest R77.20.

    Could anyone suggest me a current stable version.


    -Senthil.

  2. #2
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,494
    Rep Power
    17

    Default Re: Current stable version

    Generally speaking, R77.20 is the recommended release.
    R77.20 has some fixes in it specifically related to DHCP relay, which makes it worth considering over R75.47.
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

  3. #3
    Join Date
    2012-11-25
    Location
    Paradise
    Posts
    78
    Rep Power
    8

    Default Re: Current stable version

    We have been running R75.47 with stable dhcp for some months with few customers.
    R77.20 would be current release to move to though with all the bunch of stability fixes included.

  4. #4
    Join Date
    2011-07-29
    Posts
    17
    Rep Power
    0

    Default Re: Current stable version

    Don't forget that to use all the new shiny DHCP relay fixes in R77.20 all gateways the management server manages must be R77.20 or higher, or you need to hotfix the lower versions.
    This is because R77.20 changes globally the way DHCP relay works.
    Also it requires a new object to be used in the DHCP relay firewall rules that disables SecureXL, so you need to place these rules at the bottom of the rulebase.

  5. #5
    Join Date
    2006-01-25
    Location
    Americas
    Posts
    1,535
    Rep Power
    16

    Default Re: Current stable version

    Quote Originally Posted by jonta View Post
    Don't forget that to use all the new shiny DHCP relay fixes in R77.20 all gateways the management server manages must be R77.20 or higher, or you need to hotfix the lower versions.
    Since this is the "stability thread"...The hotfix only applies to R77.x versions lower than R77.20. Installing the hotfix simply for new DHCP services is not an approach I would recommend given my previous experiences with retro-active compatibility hotfixes--if your entire environment is already on R77.x you might as well go to R77.20 with all the hotfixes and use the pure configuration instead of a one-off retro hotfix.

    Quote Originally Posted by jonta View Post
    This is because R77.20 changes globally the way DHCP relay works.
    Should note it's a manual change. Doesn't appear to be implemented even for new R77.20 environments and I would expect that in future releases for them not to implement the new DHCP services by default given the need to continue to support pre-R77 versions and the legacy method.

    Quote Originally Posted by jonta View Post
    Also it requires a new object to be used in the DHCP relay firewall rules that disables SecureXL, so you need to place these rules at the bottom of the rulebase.
    mmmm SecureXL is never disabled....but saying the new DHCP objects can impact the performance of SecureXL when using Accept Templates is more appropriate. It doesn't look like sk32578 was updated with the DHCP caveat, however a big warning against adding the new DHCP objects at the bottom given this note from sk98839:

    Code:
    "For the DHCP traffic to be processed by these new DHCP services, make sure that the DHCP traffic will not be matched on any other rules located above the specific DHCP security rules - this statement applies to both explicit and implied rules."
    From a stability stand point I'd argue that its better to stick with the legacy method of DHCP (tried and true), especially given the lack of risk(s) for continuing to use the legacy method.
    Last edited by melipla; 2014-09-12 at 14:37.
    Its all in the documentation.

Similar Threads

  1. Tapatalk is now updated to the current version (3.9.4)
    By Barry J. Stiefel in forum About This Discussion Board
    Replies: 0
    Last Post: 2012-04-13, 15:17
  2. Stable SmartCenter version to manage VSX System
    By mhernandez in forum VPN-1 VSX
    Replies: 2
    Last Post: 2011-10-20, 12:23
  3. stable - public - IP address
    By ppawlo in forum Miscellaneous
    Replies: 6
    Last Post: 2009-07-29, 15:40
  4. Stable version in Alteon
    By tech123 in forum Nortel ASF/NSF
    Replies: 2
    Last Post: 2007-11-13, 19:54
  5. The current version of GX
    By srirat in forum Firewall-1 GX
    Replies: 2
    Last Post: 2006-08-29, 23:16

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •