One in particular is the “Non Compliant HTTP” which appears to no longer support HTTP 0.9.įor #3 – What this means is that GET requests without a version will may get blocked by default with the reason “illegal header format detected: Malformed HTTP protocol name in request” #3 – When you actually upgrade the Security Gateway, some of the IPS inspection rules change or act differently. This was a concern because R77 is past End of Support so I wanted to ensure IPS rules could still be downloaded and supported. #2 – When you have an R80.20 Management server pushing IPS updates to an R77.30 instances, the R80 instance translates the IPS rules since there were major changes. It appeared that the R80.20 Management server could manage as old as R65 SGs. I was concerned that upgrading the management server and leaving it as is for a while which would likely be the case for production would become a major issue but it is well supported by CheckPoint. #1 – Newer Management servers can manage much older Security Gateway. In going through this upgrade, I learned a few things being fairly new to CheckPoint. I was lucky enough to have a “lab” instance to run this through as we plan for production. I have been going through a CheckPoint R77.30 to R80.20 upgrade.
0 Comments
Leave a Reply. |