Ray, We just recently had this type of deployment where the MDS is on R65 2.4 and the enforcement points are on 2.6. So far so good. I will inquire with the implementers as to whether there have been any caveats at this point. I did check directly with Checkpoint before upgrading the MDS to verify that having the enforcement points and MDS on different kernels was supported and they said it should not be a problem. The only thing I was informed about is that there is no direct supported upgrade path from 2.4 to 2.6. I'll keep you updated.
Jeremy Lieb CCSE+ NGX Security Engineer CBTS GE Global Infrastructure Services -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of cisco4ng Sent: Sunday, March 16, 2008 5:13 PM To: [email protected] Subject: [FW-1] NGx R65 with HFA_02 on IBM Servers 3650 I will try to keep this as simple as I can. - Management has shot down my idea of purchasing Firefly for NGx R65. Instead I have been instructed to run NGx R65 on IBM 3650 with dual quad-core processors, 3.16Ghz; 4 GB RAM, 18 interfaces (4 quad-NIC), 2 73GB HDD RAID-1, RSA-II slim line for remote management. We will be purchasing about 20+ of these servers for enforcement modules. These firewalls will be managed by a CMA inside Provider-1 NGx R65 with HFA_02 by Verizon business. The Provider-1 is running on Secureplatform NGx R65 with HFA_02 on a 2.4 linux kernel. - from what I've reading in this forum, there seems to be an issue with IBM 3650 running NGx R65 with 2.4 kernel. The issue seems to be resolved with 2.6 kernel. See the link below: http://www.cpug.org/forums/installing-upgrading/6749-hangs-starting-syst em.html#post24885 My primary concern is the Provider-1 NGx R65 with HFA_02 is running on the 2.4 kernel with the Enforcement modules are running at 2.6 kernel. I am not completely comfortable with this setup. I would like to hear from folks who are running NGx R65 with 2.6 kernel on IBM Servers 3650 as Enforcement Modules with either Provider-1 or SmartCenter on NGx R65 2.4 kernel. Are there any caveats that I should be aware of? Any issues that you've run into with this deployment? I will not be able to get my hand on the IBM 3650 for another 4 weeks so I will not be able to test this. In the meantime, if someone has gone through this excersice, please list your issues. You can contact me off-line, that would be OK too. Thanks in advance. --------------------------------- Never miss a thing. Make Yahoo your homepage. Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
