Checkpoint Firewall Upgrade from R67 VSX to R77.10 VS & CIFS Resources

I have some Crossbeam X80 hardware running R67 VSX for some virtual firewalls.  Life is good and everything worked fine.  I planned and executed an upgrade plan for these blades to move to Checkpoint R77.10 VS.  The policy upgrade process and software upgrade process went with zero errors.  When we tried to push the policy to the firewalls, it would fail.  The errors, during a debug, were ambiguous at best.

What was the eventual issue?  CIFS Resources with greater then 25 file shares.  It seems the IPS in R77 has a hard limit of 25 shares in CIFS resources.  We use CIFS resources as an extra level of protection when 3rd Parties access our Windows File Shares.

Most of our CIFS resources had less then 25 file shares, so they needed no change.  But, a single 3rd party accessed quite a few shares.  So, the revert back to a straight CIFS service group on these rules and removal of the CIFS resource in the firewall policy allowed a successful push of the policy to the gateway.

NOTE TO SELF: Keep that one in your back pocket.

18 thoughts on “Checkpoint Firewall Upgrade from R67 VSX to R77.10 VS & CIFS Resources”

  1. An outstanding share! I’ve just forwarded this onto a co-worker who had been doing a little homework on this.
    And he in fact bought me breakfast because I found it for him…
    lol. So let me reword this…. Thank YOU for the meal!!
    But yeah, thanx for spending some time to discuss this issue
    here on your web site.

  2. Thanks for the marvelous posting! I quite enjoyed
    reading it, you might be a great author.I will make certain to bookmark your blog and may come back
    later in life. I want to encourage yourself to continue your great writing,
    have a nice weekend!

  3. I do not even understand how I ended up right here, however
    I thought this submit used to be great. I don’t realize who you
    might be however definitely you are going to a well-known blogger if you happen to are not already.
    Cheers!

  4. Attractive portion of content. I just stumbled upon your website and in accession capital to say that I acquire in fact loved account your blog posts.
    Anyway I will be subscribing in your augment or even I success you get right
    of entry to constantly quickly.

  5. My coder is trying to convince me to move to .net from PHP.

    I have always disliked the idea because of the costs. But he’s tryiong none the less.
    I’ve been using Movable-type on a number of websites for about a year and am worried about switching to another platform.
    I have heard good things about blogengine.net. Is there a way I can import
    all my wordpress content into it? Any kind of help
    would be greatly appreciated!

  6. For most recent information you have to go to see internet and on internet I found this website as
    a most excellent site for most up-to-date updates.

  7. This is the perfect website for everyone who wishes to understand this topic.
    You understand so much its almost hard to argue with
    you (not that I personally would want to…HaHa). You certainly put a new spin on a
    subject which has been written about for decades. Great stuff,
    just great!

  8. certainly like your website however you have to test the
    spelling on several of your posts. Several of
    them are rife with spelling issues and I in finding it very troublesome to tell the truth however I will certainly come
    back again.

  9. I’d like to thank you for the efforts you’ve put in penning
    this site. I am hoping to check out the same high-grade content by you
    in the future as well. In truth, your creative writing abilities
    has encouraged me to get my very own website now 😉

Leave a Reply

Your email address will not be published.