CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


** Announcing the #CPUGchallenge **

I'm very happy to announce that CPUG will be hosting "The CPUG Challenge" during CPX this year.
It promises to be a fun and interesting event that will test (and maybe even expand) your knowledge of Check Point.
Whether or not you plan to attend CPX, we have something for you. Please check out this post or the CPUGchallenge.com web site for more information. -E

 

Page 2 of 2 FirstFirst 12
Results 21 to 39 of 39

Thread: R80.10 Public Early Availability

  1. #21
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    840
    Rep Power
    12

    Default Re: R80.10 Public Early Availability

    Quote Originally Posted by PhoneBoy View Post
    As far as I know, it isn't planned to upgrade the kernel in R80.10.
    I expect it will happen in the future, future hardware support being one of many reasons.
    Contrary to that, my sources were talking about introducing new kernel with R80.10 GW. Someone told me there is a huge issue with new HW drivers. It would also be a good time
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  2. #22
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,206
    Rep Power
    14

    Default Re: R80.10 Public Early Availability

    I hope you're right and that we also get a new kernel with R80.10.
    http://phoneboy.com
    Unless otherwise noted, views expressed are my own

  3. #23
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    840
    Rep Power
    12

    Default Re: R80.10 Public Early Availability

    Quote Originally Posted by PhoneBoy View Post
    I hope you're right and that we also get a new kernel with R80.10.
    I am pretty sure those plans were abandoned. The latest EA is still running the old one
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  4. #24
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,206
    Rep Power
    14

    Default Re: R80.10 Public Early Availability

    Another public EA build has dropped, it's primarily bug fixes.
    One new feature I discovered is that you can now edit the logging on the Implicit rule at the end of the policy/layer.
    This makes for somewhat cleaner policies.
    http://phoneboy.com
    Unless otherwise noted, views expressed are my own

  5. #25
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    840
    Rep Power
    12

    Default Re: R80.10 Public Early Availability

    Quote Originally Posted by PhoneBoy View Post
    Another public EA build has dropped, it's primarily bug fixes.
    One new feature I discovered is that you can now edit the logging on the Implicit rule at the end of the policy/layer.
    This makes for somewhat cleaner policies.
    Added by my request, I believe :-)
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  6. #26
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,206
    Rep Power
    14

    Default Re: R80.10 Public Early Availability

    There were several internal requests to add that feature as well. :)
    http://phoneboy.com
    Unless otherwise noted, views expressed are my own

  7. #27
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    840
    Rep Power
    12

    Default Re: R80.10 Public Early Availability

    Quote Originally Posted by PhoneBoy View Post
    There were several internal requests to add that feature as well. :)
    I know, I know... just a moment to gloat please :-)
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  8. #28
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,206
    Rep Power
    14

    Default Re: R80.10 Public Early Availability

    Just to show it working.
    (Yes, I clearly love the policy layers, too)

    Click image for larger version. 

Name:	cleanup-rule.jpg 
Views:	105 
Size:	38.6 KB 
ID:	1211
    http://phoneboy.com
    Unless otherwise noted, views expressed are my own

  9. #29
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,206
    Rep Power
    14

    Default Re: R80.10 Public Early Availability

    Looks like another Public EA build has been released in the past couple days: EA363 T2.
    As there are no updated release notes, I'm assuming it's just more bugfixes.
    http://phoneboy.com
    Unless otherwise noted, views expressed are my own

  10. #30
    Join Date
    2005-11-25
    Location
    United States, Southeast
    Posts
    852
    Rep Power
    12

    Default Re: R80.10 Public Early Availability

    Updated kernel? or still 9 year old tech?

    Hows tcpdump? is it 5+ years out of date too?

    bash?

    The small stuff counts. It the biggest complaint many of my customers have. CheckPoint's inability to do the small stuff well that impacts everyday operations. TACACS, SNMP, Alerting (ClusterXL failover) etc.

    It blows peoples minds that checkpoint still doesn't sync user databases between the GAIA OS and the CheckPoint GUIs (admins).. or the getting SNMP stats from the CheckPoint kernel is so convoluted. I have to reboot after enabling SNMP? it wasn't already enabled?

    Seriously.. why doesn't CheckPoint Dev hired some linux kernel developers? They should have rolled their linux distro by now. Just open a shop in North Carolina and get it done.

    And don't get me started on how they do RPMs..

  11. #31
    Join Date
    2006-09-26
    Posts
    2,877
    Rep Power
    13

    Default Re: R80.10 Public Early Availability

    Quote Originally Posted by alienbaby View Post
    Updated kernel? or still 9 year old tech?

    Hows tcpdump? is it 5+ years out of date too?

    bash?

    The small stuff counts. It the biggest complaint many of my customers have. CheckPoint's inability to do the small stuff well that impacts everyday operations. TACACS, SNMP, Alerting (ClusterXL failover) etc.

    It blows peoples minds that checkpoint still doesn't sync user databases between the GAIA OS and the CheckPoint GUIs (admins).. or the getting SNMP stats from the CheckPoint kernel is so convoluted. I have to reboot after enabling SNMP? it wasn't already enabled?

    Seriously.. why doesn't CheckPoint Dev hired some linux kernel developers? They should have rolled their linux distro by now. Just open a shop in North Carolina and get it done.

    And don't get me started on how they do RPMs..

    Finally others people are bitching about checkpoint as well, not just me :-)

  12. #32
    Join Date
    2016-09-13
    Location
    Japan
    Posts
    53
    Rep Power
    1

    Default Re: R80.10 Public Early Availability

    Guys,

    Here we go again :) :p


    >>> R80.10_EA363

    APPI & URLF , IPS blades dont work.
    Logs are not shown in fw.log. (Logs and Monitor)
    Tried with both standalone and distributed topology/

    Click image for larger version. 

Name:	LOGS.jpg 
Views:	33 
Size:	338.9 KB 
ID:	1227


    >Gateway,management devices can access the internet.
    >Policies are written as the manual says.
    Click image for larger version. 

Name:	POLICY.jpg 
Views:	29 
Size:	56.3 KB 
ID:	1226

    > waited over one day since installation


    /* For URLF */
    Click image for larger version. 

Name:	URLF.jpg 
Views:	27 
Size:	75.5 KB 
ID:	1225

    Got the error "Contract entitlement check failed. Could not establish SSL connection to updates.chekpoint.com.Problem with local certificate."
    Check SK sk sk103839 and looks ok. (3 Secure Server CA - G4
    * SSL certificate verify ok.
    )

    ###
    enabled_blades
    ###
    fw urlf av appi ips anti_bot

    ###
    cpview
    ###
    Click image for larger version. 

Name:	CPVIEW.jpg 
Views:	24 
Size:	154.0 KB 
ID:	1228


    ###
    cpstat
    ###
    # cpstat -f subscription_status appi

    Subscription status: about-to-expire
    Subscription expiration date: Mon Apr 17 12:16:13 2017
    Subscription description: Associated with contract which will expire during the next 15 days

    [Expert@GATE82:0]# cpstat -f subscription_status urlf

    Subscription status: about-to-expire
    Subscription expiration date: Mon Apr 17 12:16:13 2017
    Subscription description: Associated with contract which will expire during the next 15 days


    ###
    License
    ###
    Click image for larger version. 

Name:	LICENSE.jpg 
Views:	24 
Size:	292.7 KB 
ID:	1229


    Any thoughts?

    Thanks .

  13. #33
    Join Date
    2016-09-13
    Location
    Japan
    Posts
    53
    Rep Power
    1

    Default Re: R80.10 Public Early Availability

    Same config works with Check_Point_R80.10_EA_276_T9_Gaia.iso.
    Hmm...

    Click image for larger version. 

Name:	EA276.jpg 
Views:	26 
Size:	151.6 KB 
ID:	1230

    Click image for larger version. 

Name:	EA2762.jpg 
Views:	18 
Size:	136.1 KB 
ID:	1231

    Thanks.

  14. #34
    Join Date
    2016-09-13
    Location
    Japan
    Posts
    53
    Rep Power
    1

    Default Re: R80.10 Public Early Availability

    New EA released.

    /* Check_Point_R80.10_EA380_T1_Gaia */

    @Phoneboy
    Any release dates for GA?

    Thank you.

  15. #35
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,206
    Rep Power
    14

    Default Re: R80.10 Public Early Availability

    The official story per sk95746 is Q2 2017.
    http://phoneboy.com
    Unless otherwise noted, views expressed are my own

  16. #36
    Join Date
    2016-09-13
    Location
    Japan
    Posts
    53
    Rep Power
    1

    Default Re: R80.10 Public Early Availability

    Quote Originally Posted by PhoneBoy View Post
    The official story per sk95746 is Q2 2017.
    Thanks.

    How about the unofficial story? :) :p

  17. #37
    Join Date
    2006-10-25
    Location
    Wisconsin
    Posts
    16
    Rep Power
    0

    Default Re: R80.10 Public Early Availability

    Sources tell me that we are on a release candidate here.

  18. #38
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,206
    Rep Power
    14

    Default Re: R80.10 Public Early Availability

    In this forum, I can only give you the official story. :)
    http://phoneboy.com
    Unless otherwise noted, views expressed are my own

  19. #39
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    840
    Rep Power
    12

    Default Re: R80.10 Public Early Availability

    rumors say this week. Will will see in a couple of days
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

Page 2 of 2 FirstFirst 12

Similar Threads

  1. Security Gateway VE - "Avatar" Early Availability Program
    By PhoneBoy in forum Check Point Release Notifications
    Replies: 4
    Last Post: 2010-08-20, 18:21
  2. VSX R65 HFA_20 Early Availability
    By PhoneBoy in forum VPN-1 VSX
    Replies: 4
    Last Post: 2010-04-26, 14:18
  3. NGx R65 HFA_70 Early Availability released notes
    By cciesec2006 in forum Installing And Upgrading
    Replies: 10
    Last Post: 2010-03-02, 18:26
  4. fw early SIP NAT (sipnat)
    By -=MrG=- in forum Services (TCP, UDP, ICMP, etc.)
    Replies: 2
    Last Post: 2008-11-12, 12:08
  5. Early Availability Vista client?
    By zoo-loo in forum Secure Access
    Replies: 1
    Last Post: 2007-10-12, 11:33

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •