CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


I'd like to thank everyone involved for making "The CPUG Challenge" a great success.
We helped a lot of people see and learn a bit more about R80.10, while having some fun.
We will be using this success to try and bring more events to more locations soon. -E

 

Results 1 to 15 of 15

Thread: Recommendations for upgrade

  1. #1
    Join Date
    2006-11-21
    Location
    Michigan
    Posts
    70
    Rep Power
    11

    Default Recommendations for upgrade

    Current environment

    Platform: GAIA, Open Systems (HP Servers)
    Management: r77.20 (Separate Log, Management, SmartEvent, SmartReporter and Management HA servers). No Provider 1 (or whatever they call it these days)
    Gateways: 2 x r77.10 clusters and 2 x r77.20
    Software: Firewall, IPS, Identity Awareness on all 4 clusters. Getting ready to run full Threat on the 2 Internet clusters.

    Senario 1:
    Upgrade all Checkpoint devices to r77.30 and wait for r80.x0 Gateway to be released (and stable)

    Senario 2:
    Upgrade all Checkpoint management servers to r80 (and appropriate HFAs). Upgrade all gateways to r77.30.

    I'd love to get the new reporting that R80.

    Is anyone running R80 management on r77.x gateways out there?
    If so what real world issues have you seen?

  2. #2
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    965
    Rep Power
    12

    Default Re: Recommendations for upgrade

    I personally would vote for option 1.
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  3. #3
    Join Date
    2014-11-14
    Location
    Ottawa Canada
    Posts
    364
    Rep Power
    3

    Default Re: Recommendations for upgrade

    Quote Originally Posted by David.Baldwin View Post
    Senario 1:
    Upgrade all Checkpoint devices to r77.30 and wait for r80.x0 Gateway to be released (and stable)
    I second a vote for this.

    Quote Originally Posted by David.Baldwin View Post
    Is anyone running R80 management on r77.x gateways out there?
    I have a customer running this setup... R80 SMS and R77.30 Gateways.

    Quote Originally Posted by David.Baldwin View Post
    If so what real world issues have you seen?
    In terms of operability between the R80 Management and the R77.30 Gateways, I have yet to see any REAL problems in these regards. Most problems with R80 are with R80 and Management products (other log servers, secondary servers, etc...). What kind of problems you ask? Well, a variety really... Just think of all the problems you could have when rolling out a whole new product.

    My 2c: Only upgrade to R80 if there is something that is ABSOLUTELY REQUIRED in R80 ONLY and not in R77.xx.

  4. #4
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    965
    Rep Power
    12

    Default Re: Recommendations for upgrade

    One important thing you should know about R80 Management: it requires more performance than before. It also is harder to troubleshoot.

    VL
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  5. #5
    Join Date
    2006-09-26
    Posts
    3,002
    Rep Power
    14

    Default Re: Recommendations for upgrade

    Quote Originally Posted by varera View Post
    One important thing you should know about R80 Management: it requires more performance than before. It also is harder to troubleshoot.
    VL
    Isn't that counter intuitive of Checkpoint products? I thought with new version of Checkpoint, it is supposed to be easier to troubleshoot in version R80 as compared to R77.x and lower, no?

  6. #6
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    965
    Rep Power
    12

    Default Re: Recommendations for upgrade

    Quote Originally Posted by cciesec2006 View Post
    Isn't that counter intuitive of Checkpoint products? I thought with new version of Checkpoint, it is supposed to be easier to troubleshoot in version R80 as compared to R77.x and lower, no?
    It is what it is. Check Point did a very bold move to change infrastructure completely on MGMT server. It is much more complex and also much more flexible than before. With new architecture come new challenges. My first RFE with it was to add troubleshooting tools. Not done yet.
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  7. #7
    Join Date
    2006-03-21
    Posts
    68
    Rep Power
    12

    Default Re: Recommendations for upgrade

    Hi David,

    I have a couple of customers running R80 SMS with R77.X gateways, no major issues on the gateway side so far.

    If I were you I would go for option 2, especially if you deployment has an Event Server. Apart from the lack of troubleshooting tools, I think that policy management on R80 is a bit confusing when you face it for the first time, mainly if you deployment has Threat Prevention Blades. This is due to the new policy layers management, so if you define them wrongly you'll get errors during the policy install.

    Few things that I have seen so far:


    • You cannot copy a whole policy package as it was possible in previous versions (apparently this feature is coming back in R80.10
      https://community.checkpoint.com/message/5636?commentID=5636#comment-5636
    • Web Visualization Tools are not supported under R80. (But you have the API)
    • LEA integration a bit problematic depending of the 3rd party vendor
    • The new version of SmartView Tracker is awful.... The old one is still reachable by browsing the installation folder
    • You still need to use the old SmartDashboard to manage the Mobile Blade... I wonder why they didn't include it as part of the new R80 client.


    I guess it's a matter of getting use to the new interface (at least for management).

    Regards

  8. #8
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    965
    Rep Power
    12

    Default Re: Recommendations for upgrade

    Quote Originally Posted by eduardoxmunoz View Post

    [*]The new version of SmartView Tracker is awful.... The old one is still reachable by browsing the installation folder

    Regards
    IF you know the new name of the file, LOL :-)
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  9. #9
    Join Date
    2016-10-19
    Posts
    14
    Rep Power
    0

    Default Re: Recommendations for upgrade

    Quote Originally Posted by varera View Post
    IF you know the new name of the file, LOL :-)
    Hi

    We have the same setup, Mgmt= R80, Gateways = R77.30. We are facing lot of issues with R80 as there are lot of bugs in the code and performance really is very slow. Logs are very slow. As said by some other member, there are no troubleshooting tools available or much support from Checkpoint.

    Thanks.

  10. #10
    Join Date
    2006-09-26
    Posts
    3,002
    Rep Power
    14

    Default Re: Recommendations for upgrade

    Quote Originally Posted by venkata View Post
    much support from Checkpoint.
    Wow. I thought I was a little bit hash on Checkpoint TAC support but look like you are in the same boat as I am

  11. #11
    Join Date
    2012-09-10
    Posts
    14
    Rep Power
    0

    Default Re: Recommendations for upgrade

    I've been very weary about moving to R80. I was about to initiate some moves on getting it started, but I may way until R80.10. The lack of support and LEA issues mentioned above have shunned me away.

    For those that did indeed upgrade to R80, how painful was the move?

  12. #12
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    965
    Rep Power
    12

    Default Re: Recommendations for upgrade

    Yaelle, three similar comments? By mistake, I guess?
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  13. #13
    Join Date
    2011-03-29
    Posts
    28
    Rep Power
    0

    Default Re: Recommendations for upgrade

    Actually not, I wanted to address the different issues that were raised in the responses in addition to the one raised in the original post. But something did go wrong in the layout of answers .

    I will be happy to get more information about the different issues that were raised in this thread.
    My email is: yaelleh@checkpoint.com, I'll be very happy to hear from you.


    Thank you

    Yaelle
    Last edited by yaelleh; 2017-03-09 at 08:14.

  14. #14
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    965
    Rep Power
    12

    Default Re: Recommendations for upgrade

    Quote Originally Posted by yaelleh View Post
    Actually not, I wanted to address the different issues that were raised in the responses in addition to the one raised in the original post. But something did go wrong in the layout of answers .

    I will be happy to get more information about the different issues that were raised in this thread.

    Thank you

    Yaelle
    It is easier to do when using "Reply with Quote" option. Just an advise
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  15. #15
    Join Date
    2011-03-29
    Posts
    28
    Rep Power
    0

    Default Re: Recommendations for upgrade

    Quote Originally Posted by varera View Post
    It is easier to do when using "Reply with Quote" option. Just an advise
    Thank you!

Similar Threads

  1. AAA Solution Recommendations?
    By mojorising in forum Check Point Firewall Administrator's Toolkit
    Replies: 4
    Last Post: 2015-05-31, 12:32
  2. Recommendations for producing a future-state rule set for review and documentation...
    By gusbrown in forum Firewall Policy Management Software
    Replies: 4
    Last Post: 2014-10-17, 20:24
  3. Disk Partition Recommendations on GAiA initial setup
    By sanhy85 in forum R75.40 (GAiA)
    Replies: 1
    Last Post: 2012-08-23, 14:01
  4. Power-1 5070 recommendations
    By ggts2008 in forum Check Point UTM-1 Appliances
    Replies: 6
    Last Post: 2009-08-19, 21:59
  5. Provider-1 MLM hardware recommendations
    By dys152 in forum Provider-1 (Multi-Domain Management)
    Replies: 2
    Last Post: 2008-04-09, 21:29

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •