I have been working with Check Point Support on some issues for a client the past few weeks. Whenever I talk to a Support engineer that seems to know his/her stuff I ask them about what they are seeing for stability in the more popular builds. The impression that I have gotten lately is that R75.47 is the one to look at for anyone on R75. It has over 400 fixes included (one of which I could have used three months ago for a VPN pilot using the iOS client).
I even saw this in a Support engineer’s email signature:
Check Point R75.47 is now available.
This significant maintenance release for R75.40, R75.45 and R75.46 includes hundreds of important updates, performance improvements and fixes. In addition it includes also support for the new 13500 appliance.
For more about this recommended upgrade, see the R75.47 Home Page.
I have been running a pair of 21600s on R75.47 in HA using firewall, VPN, IA, and IPS without any issues. Something else worth noting, the release notes state that R75.47 can be managed by older versions: R75.40, R75.40vs, R75.45, and R75.46. In my case I have been using MDM on R75.45 to manage two gateways on R75.47 without any issues.
Hi,
I can confirm that. R75.47 seems to be a weapon of choice for next few years.
Thank you
Greetings
We have upgraded to R75.47 from R71.30. We are only using Firewall and IPSEC/VPN at present. One problem we are now facing that was not an issue in R71.30 is the utilization on them seems to hit 100% any time there is a scan from the internet. Checkpoints recommendation was to curtail our logging as this might be part of the issue. The other item I have noticed is that when we push policy to them (Cluster XL) the CPU goes to 100% as well. I am still waiting to hear back from CP on what the cause is. One thought was to upgrade our hardware, but I am at a loss as to justifying this as we are not using any of the new features. Has anyone notice an increase in utilization after upgrading to R75.47?
Joe, I have not personally seen any performance issues with R75.47 in my current builds. One customer I am working with has two MDSs and two MLMs on R75.45 SPlat. They have gateways on R75.47 SPlat and GAiA. I have them setup with FW, IPS, Mobility Blade, Dynamic Routing, App Control, and Identity Awareness. I have not had any performance issues, and this is across the follwing appliances: Smart-1 25, Smart-1 50, 4200, 4600, 12200, and 12600. One thing to take a look at is if you have SecureXL enabled. I have run into performance (and routing) issues with SecureXL in the R75.x builds (including R75.47). There are a lot of gotchas with SecureXL, and I believe it is enabled by default in R75.x (I could be wrong, but thought I remembered seeing this…PhoneBoy or someone may correct me).