CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 19 of 19

Thread: R80.20.M1 Management Release

  1. #1
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,485
    Rep Power
    16

    Default R80.20.M1 Management Release

    R80.20.M1 Management Release is now available.
    To be clear, this is for Management only (including Provider-1/Multi-Domain) and does not support installation as a gateway (with or without management).

    I would encourage you to check out the FAQ in the SK, which answers many questions related to this release.
    https://supportcenter.checkpoint.com...ionid=sk123473
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

  2. #2
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    264
    Rep Power
    12

    Default Re: R80.20.M1 Management Release

    Is this one expected to be upgradable to future versions like a normal release? The letters and the longer-than-normal version number make me nervous after R55P, R60A, R65.2.100, and others.
    Zimmie

  3. #3
    Join Date
    2016-06-10
    Posts
    22
    Rep Power
    0

    Default Re: R80.20.M1 Management Release

    I'm going to lurk in this thread for questions...
    What's New In SmartConsole: https://sc1.checkpoint.com/documents.../WhatsNew.html

    Is this one expected to be upgradable to future versions like a normal release? The letters and the longer-than-normal version number make me nervous after R55P, R60A, R65.2.100, and others.
    We are introducing a new release strategy. Management-only releases will be safely upgradable between one another. Users can still use the usual "no M suffix" model which includes Management and Gateway. The SK has the differences between the Management Feature Releases and the usual releases. Motivation is: you don't need to wait for a gateway version if the Management is already ready to be in GA for user experience enhancements and new API commands. Also, we already have engines that have faster release cycles - Sandblast Engine Updates and CloudGuard IaaS controller, and with this cycle we are bringing main-train Management supportability for these engines.

  4. #4
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    264
    Rep Power
    12

    Default Re: R80.20.M1 Management Release

    I see now in the New Release Methodology section, "When the next Major release is available (such as R80.20), you can upgrade to it from the Management Feature Release." That is good to know.

    So it sounds to me like there will be a rapid-release M branch which is periodically merged back into the GA trunk. In general, M versions can be upgraded to subsequent M versions or to GA versions released after the given M version. Is that accurate?
    Zimmie

  5. #5
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,485
    Rep Power
    16

    Default Re: R80.20.M1 Management Release

    Quote Originally Posted by Bob_Zimmerman View Post
    So it sounds to me like there will be a rapid-release M branch which is periodically merged back into the GA trunk. In general, M versions can be upgraded to subsequent M versions or to GA versions released after the given M version. Is that accurate?
    Correct.
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

  6. #6
    Join Date
    2016-06-10
    Posts
    22
    Rep Power
    0

    Default Re: R80.20.M1 Management Release

    Quote Originally Posted by Bob_Zimmerman View Post
    I see now in the New Release Methodology section, "When the next Major release is available (such as R80.20), you can upgrade to it from the Management Feature Release." That is good to know.

    So it sounds to me like there will be a rapid-release M branch which is periodically merged back into the GA trunk. In general, M versions can be upgraded to subsequent M versions or to GA versions released after the given M version. Is that accurate?
    Merged Back is not the correct term. We cut the R80.20 branch at a specific point and after good EA score, stabilize it (both in the R80.20 branch and in the M branch) and make it GA after it passes the usual criteria's of QA and good score from the EA program. You will never find a feature that is contained in an "M" release and not in a future Management-And-Gateway release. Actually one of its benefits is to greatly reduce the "customer hotfix" solutions and just deliver everything to everyone.

  7. #7
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,628
    Rep Power
    9

    Default Re: R80.20.M1 Management Release

    iotop.. nice. I helped a customer out with a large p1 install. Everyone was complaining about how slow policy installs were but no one noticed %100 iowait. Took a little trouble shooting to figure out what was causing it. iotop would have cleared that up.

  8. #8
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,229
    Rep Power
    13

    Default Re: R80.20.M1 Management Release

    Quote Originally Posted by jflemingeds View Post
    iotop.. nice. I helped a customer out with a large p1 install. Everyone was complaining about how slow policy installs were but no one noticed %100 iowait. Took a little trouble shooting to figure out what was causing it. iotop would have cleared that up.
    Yep there will be a raft of new native Linux tools available due to the kernel update to 3.5.
    Last edited by ShadowPeak.com; 2018-07-06 at 17:23.
    --
    Second Edition of my "Max Power" Firewall Book
    Now Available at http://www.maxpowerfirewalls.com

  9. #9
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    264
    Rep Power
    12

    Default Re: R80.20.M1 Management Release

    Quote Originally Posted by ShadowPeak.com View Post
    Yep there will be raft of new native Linux tools available due to the kernel update to 3.5.
    Hopefully these new tools don't include the tire-fire that is systemd.
    Zimmie

  10. #10
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,485
    Rep Power
    16

    Default Re: R80.20.M1 Management Release

    Quote Originally Posted by Bob_Zimmerman View Post
    Hopefully these new tools don't include the tire-fire that is systemd.
    Nope, we're not using systemd.
    We actually use our own process manager (pm).
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

  11. #11
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    264
    Rep Power
    12

    Default Re: R80.20.M1 Management Release

    Quote Originally Posted by PhoneBoy View Post
    Nope, we're not using systemd.
    We actually use our own process manager (pm).
    Ah! Thus the 'tellpm' commands in the script to manually update the installer agent. Good to know.
    Zimmie

  12. #12
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,628
    Rep Power
    9

    Default Re: R80.20.M1 Management Release

    Quote Originally Posted by ShadowPeak.com View Post
    Yep there will be a raft of new native Linux tools available due to the kernel update to 3.5.
    You sure about that version? :)

  13. #13
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,628
    Rep Power
    9

    Default Re: R80.20.M1 Management Release

    Quote Originally Posted by Bob_Zimmerman View Post
    Ah! Thus the 'tellpm' commands in the script to manually update the installer agent. Good to know.
    technically init is still pid 1.

  14. #14
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,628
    Rep Power
    9

    Default Re: R80.20.M1 Management Release

    hmm looks like network namespaces are now supported. I wonder if that means a big vsx update is on the way.

  15. #15
    Join Date
    2013-03-05
    Posts
    54
    Rep Power
    6

    Default Re: R80.20.M1 Management Release

    Quote Originally Posted by Bob_Zimmerman View Post
    Hopefully these new tools don't include the tire-fire that is systemd.
    The original idea of sytemd from svc from Solaris is great, the implementation is in Linux is a shame.

  16. #16
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    264
    Rep Power
    12

    Default Re: R80.20.M1 Management Release

    Quote Originally Posted by peter42 View Post
    The original idea of sytemd from svc from Solaris is great, the implementation is in Linux is a shame.
    There was no real reason not to use Solaris SMF, BSD launchd, runit, or openrc. All of them predate systemd and all of them have enormously more mindful developers working to a much higher standard of quality.

    This is why I specifically commented on systemd. At this point, it is an unacceptable liability on any system which needs to be predictable and available.
    Zimmie

  17. #17
    Join Date
    2013-03-05
    Posts
    54
    Rep Power
    6

    Default Re: R80.20.M1 Management Release

    Quote Originally Posted by Bob_Zimmerman View Post
    There was no real reason not to use Solaris SMF, BSD launchd, runit, or openrc. All of them predate systemd and all of them have enormously more mindful developers working to a much higher standard of quality.

    This is why I specifically commented on systemd. At this point, it is an unacceptable liability on any system which needs to be predictable and available.
    I fully agree - especially as the maintainer does not accept error reports, if they do not fit in his mindset...

  18. #18
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,485
    Rep Power
    16

    Default Re: R80.20.M1 Management Release

    Quote Originally Posted by jflemingeds View Post
    hmm looks like network namespaces are now supported. I wonder if that means a big vsx update is on the way.
    It's safe to say we'll be leveraging new kernel infrastructure for a lot of things in the gateway (including VSX).
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

  19. #19
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,628
    Rep Power
    9

    Default Re: R80.20.M1 Management Release

    yeah i'm poking around and finding interesting things.

    TYPE := { vlan | veth | vcan | dummy | ifb | macvlan | macvtap |
    bridge | bond | ipoib | ip6tnl | ipip | sit | vxlan |
    gre | gretap | ip6gre | ip6gretap | vti | nlmon |

    vxlan support?... hmmmm

    [Expert@gw-:0]# modprobe vxlan
    [Expert@gw-:0]# lsmod | grep vxlan
    vxlan 47359 0
    udp_tunnel 12737 1 vxlan
    ip6_udp_tunnel 12399 1 vxlan
    [Expert@gw-:0]#

Similar Threads

  1. R80.10 release on the way?
    By EricAnderson in forum R80
    Replies: 17
    Last Post: 2017-05-19, 17:29
  2. R77.30 Release is Now Available
    By PhoneBoy in forum R77.30
    Replies: 11
    Last Post: 2017-02-17, 22:04
  3. VSX R65 HFA_20 Release
    By PhoneBoy in forum Check Point Release Notifications
    Replies: 3
    Last Post: 2010-05-18, 23:00
  4. R65 Re-release
    By lammbo in forum Versions Of Firewall-1/VPN-1
    Replies: 7
    Last Post: 2010-04-19, 14:31
  5. Re-release of SPLAT R65 2.6
    By PhoneBoy in forum Check Point SecurePlatform (SPLAT)
    Replies: 10
    Last Post: 2009-10-13, 08:55

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •