CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


 

Results 1 to 10 of 10

Thread: Recommendations for upgrade

  1. #1
    Join Date
    2006-11-21
    Location
    Michigan
    Posts
    69
    Rep Power
    11

    Default Recommendations for upgrade

    Current environment

    Platform: GAIA, Open Systems (HP Servers)
    Management: r77.20 (Separate Log, Management, SmartEvent, SmartReporter and Management HA servers). No Provider 1 (or whatever they call it these days)
    Gateways: 2 x r77.10 clusters and 2 x r77.20
    Software: Firewall, IPS, Identity Awareness on all 4 clusters. Getting ready to run full Threat on the 2 Internet clusters.

    Senario 1:
    Upgrade all Checkpoint devices to r77.30 and wait for r80.x0 Gateway to be released (and stable)

    Senario 2:
    Upgrade all Checkpoint management servers to r80 (and appropriate HFAs). Upgrade all gateways to r77.30.

    I'd love to get the new reporting that R80.

    Is anyone running R80 management on r77.x gateways out there?
    If so what real world issues have you seen?

  2. #2
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    741
    Rep Power
    11

    Default Re: Recommendations for upgrade

    I personally would vote for option 1.
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  3. #3
    Join Date
    2014-11-14
    Location
    Ottawa Canada
    Posts
    364
    Rep Power
    3

    Default Re: Recommendations for upgrade

    Quote Originally Posted by David.Baldwin View Post
    Senario 1:
    Upgrade all Checkpoint devices to r77.30 and wait for r80.x0 Gateway to be released (and stable)
    I second a vote for this.

    Quote Originally Posted by David.Baldwin View Post
    Is anyone running R80 management on r77.x gateways out there?
    I have a customer running this setup... R80 SMS and R77.30 Gateways.

    Quote Originally Posted by David.Baldwin View Post
    If so what real world issues have you seen?
    In terms of operability between the R80 Management and the R77.30 Gateways, I have yet to see any REAL problems in these regards. Most problems with R80 are with R80 and Management products (other log servers, secondary servers, etc...). What kind of problems you ask? Well, a variety really... Just think of all the problems you could have when rolling out a whole new product.

    My 2c: Only upgrade to R80 if there is something that is ABSOLUTELY REQUIRED in R80 ONLY and not in R77.xx.

  4. #4
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    741
    Rep Power
    11

    Default Re: Recommendations for upgrade

    One important thing you should know about R80 Management: it requires more performance than before. It also is harder to troubleshoot.

    VL
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  5. #5
    Join Date
    2006-09-26
    Posts
    2,809
    Rep Power
    13

    Default Re: Recommendations for upgrade

    Quote Originally Posted by varera View Post
    One important thing you should know about R80 Management: it requires more performance than before. It also is harder to troubleshoot.
    VL
    Isn't that counter intuitive of Checkpoint products? I thought with new version of Checkpoint, it is supposed to be easier to troubleshoot in version R80 as compared to R77.x and lower, no?

  6. #6
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    741
    Rep Power
    11

    Default Re: Recommendations for upgrade

    Quote Originally Posted by cciesec2006 View Post
    Isn't that counter intuitive of Checkpoint products? I thought with new version of Checkpoint, it is supposed to be easier to troubleshoot in version R80 as compared to R77.x and lower, no?
    It is what it is. Check Point did a very bold move to change infrastructure completely on MGMT server. It is much more complex and also much more flexible than before. With new architecture come new challenges. My first RFE with it was to add troubleshooting tools. Not done yet.
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  7. #7
    Join Date
    2006-03-21
    Posts
    40
    Rep Power
    0

    Default Re: Recommendations for upgrade

    Hi David,

    I have a couple of customers running R80 SMS with R77.X gateways, no major issues on the gateway side so far.

    If I were you I would go for option 2, especially if you deployment has an Event Server. Apart from the lack of troubleshooting tools, I think that policy management on R80 is a bit confusing when you face it for the first time, mainly if you deployment has Threat Prevention Blades. This is due to the new policy layers management, so if you define them wrongly you'll get errors during the policy install.

    Few things that I have seen so far:


    • You cannot copy a whole policy package as it was possible in previous versions (apparently this feature is coming back in R80.10
      https://community.checkpoint.com/message/5636?commentID=5636#comment-5636
    • Web Visualization Tools are not supported under R80. (But you have the API)
    • LEA integration a bit problematic depending of the 3rd party vendor
    • The new version of SmartView Tracker is awful.... The old one is still reachable by browsing the installation folder
    • You still need to use the old SmartDashboard to manage the Mobile Blade... I wonder why they didn't include it as part of the new R80 client.


    I guess it's a matter of getting use to the new interface (at least for management).

    Regards

  8. #8
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    741
    Rep Power
    11

    Default Re: Recommendations for upgrade

    Quote Originally Posted by eduardoxmunoz View Post

    [*]The new version of SmartView Tracker is awful.... The old one is still reachable by browsing the installation folder

    Regards
    IF you know the new name of the file, LOL :-)
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  9. #9
    Join Date
    2016-10-19
    Posts
    6
    Rep Power
    0

    Default Re: Recommendations for upgrade

    Quote Originally Posted by varera View Post
    IF you know the new name of the file, LOL :-)
    Hi

    We have the same setup, Mgmt= R80, Gateways = R77.30. We are facing lot of issues with R80 as there are lot of bugs in the code and performance really is very slow. Logs are very slow. As said by some other member, there are no troubleshooting tools available or much support from Checkpoint.

    Thanks.

  10. #10
    Join Date
    2006-09-26
    Posts
    2,809
    Rep Power
    13

    Default Re: Recommendations for upgrade

    Quote Originally Posted by venkata View Post
    much support from Checkpoint.
    Wow. I thought I was a little bit hash on Checkpoint TAC support but look like you are in the same boat as I am

Similar Threads

  1. AAA Solution Recommendations?
    By mojorising in forum Check Point Firewall Administrator's Toolkit
    Replies: 4
    Last Post: 2015-05-31, 12:32
  2. Recommendations for producing a future-state rule set for review and documentation...
    By gusbrown in forum Firewall Policy Management Software
    Replies: 4
    Last Post: 2014-10-17, 20:24
  3. Disk Partition Recommendations on GAiA initial setup
    By sanhy85 in forum R75.40 (GAiA)
    Replies: 1
    Last Post: 2012-08-23, 14:01
  4. Power-1 5070 recommendations
    By ggts2008 in forum Check Point UTM-1 Appliances
    Replies: 6
    Last Post: 2009-08-19, 21:59
  5. Provider-1 MLM hardware recommendations
    By dys152 in forum Provider-1 (Multi-Domain Management)
    Replies: 2
    Last Post: 2008-04-09, 21:29

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •