Support Center > Search Results > SecureKnowledge Details
Endpoint Security Server support in R80
Solution

IMPORTANT: R77.30 Endpoint Security Server content is fully integrated into R80.10.  (R80.10 has completed certification.)


Known limitations in R80:

The following issues were fixed. The fix is included in:

Check Point recommends to always upgrade to the most recent version (Security Management Server).

If you do not wish to upgrade to R80.10, then the following workarounds are available.

Symptom Solution
  • Policy Server is not running after Endpoint Security blade activation
  • Endoint Clients cannot connect to a Policy Server
Run cpstart after activation on the Policy Server machine.
  • Endpoint Security Clients prior to E80.62 are not supported in R80 clean install

It is recommended to upgrade the clients to E80.62 or above.

There is an option to change the certificate encryption to SHA-1 after enabling Endpoint Security blade:

  1. cpca_client set_sign_hash sha1
  2. cp $CPDIR/conf/sic_cert.p12 $CPDIR/conf/sic_cert.p12.old
  3. cpca_client create_cert -n "cn=cp_mgmt" -f $CPDIR/conf/sic_cert.p12
  4. $UEPMDIR/system/install/postwrapper

Note: lowering the signing algorithm is insecure. 

  • Error when editing Firewall policy in SmartEndpoint

Contact Check Point Support to get a Hotfix for this issue.
A Support Engineer will make sure the Hotfix is compatible with your environment before providing the Hotfix.
For faster resolution and verification, please collect CPInfo file from the involved Endpoint Security Server.


  • "migrate import" fails for a database taken from R80 Management Server with enabled Endpoint Policy Management blade
On the target machine, activate Endpoint Policy Management blade through SmartConsole, and only then run migrate import.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment