Skip navigation
All Places > Management > Blog

Management

4 posts
Tomer Sole

Change in Position

Posted by Tomer Sole Expert Nov 11, 2018

Hi everyone, since I see you as my professional team I wanted to share this update with you,

 

Starting December 2nd I will leave the Security Management Area and move to a different department at Check Point R&D.

 

You will see a lot more of my friends in Security Management actively replying and posting at CheckMates.

 

I obviously see CheckMates as super-valuable. It is great to see everyone's best practices, opinions, beginner tips, pro tips, and solutions they've made with command-line and the API. This space is an advantage for all Check Point consumers.

 

And I will see you in different dedicated sub-forums at CheckMates some time in 2019...

 

Image result for bye bye

Compliance blade has a new ability to create new Gaia OS #best practices.

As you know, #compliance blade provides customers with security monitoring of other software blades against a built-in library of security best practices.

 

Examples of GAIA OS best practices create by check point expertise:

 

ID

Best Practice Blade

Security Best Practice

OS103

Gaia OS

Check that Network Access via Telnet is disabled

OS104

Gaia OS

Check that the IPv4 Static Routes contains a default route

OS108

Gaia OS

Check that the System Clock is set automatically using NTP

 

Now we allow our customers to define their own Gaia OS Best Practices.

 

How to create your own Best Practice for GAIA OS

If the user is accessing Compliance Blade for the first time: Click “LOGS & MONITOR”  => open a new tab by clicking  "+"  => Views => Compliance

Click "See All"

Click "New" => ‘Gaia OS Best Practice’

Enter Best Practice Name, Description, Action Item, Practice Script, Expected Output and click "OK".

 

Your new Gaia Best Practice will be added to the list of Best Practices And click "Publish".

 Navigate to MANAGE & SETTINGS => Blades => Select 'Compliance Settings'=> Select "Rescan"

After Rescan, click "OK".

Navigate to 'LOGS & MONITOR => Compliance'. The scan results for the new Gaia OS Best Practice are displayed.

 

FAQ

What is a “best practice”?

 A best practice is a specific recommendation developed by Check Point which defines the optimal way to configure Check Point security and management blades. Best practices receive a security status that helps you to understand how well the best practice is currently implemented in your own environment.

 

For which versions this feature is working?

This dashboard was created for R80.20 version and above.

 

Thanks,

Amir

Yesterday I hosted an internal session to communicate to our SE's, exchange thoughts, open a platform to ask questions and most of all to motivate people to join the EA program. Many people from R&D joined as a speaker to provide information and very valuable insights. Software development is a complex process and automatically gets exposed to opposing interests from time to time. For our customers it's real important they get the features they're looking for at the quality and granularity level they expect. While I have a VERY high opinion of our R&D department and their creative skill-set the final proof of the pudding is in the acceptance of customers.

In order to validate our software developments we have a lot of stages, one has to be finished before we can start the next. Before we start exposing any code to customers a lot of cycles have already passed internally. This brings me to what I wanted to highlight: How does the release of R80.20M1 benefit anyone and how does that connect to the EA cycle? For sure a topic that raised some questions internally and a reason for me to share what was helping me.

  • R80.20M1 is a management release that has a specific feature set oriented on management, what's new:
    • New file system (xfs)
    • Compressed snapshots
    • SmartProvisioning and SmartLSM support
    • Integration with Google Cloud Platform, Cisco ISE & Nuage Networks.
    • SandBlast Agent Anti-Bot, Threat Emulation and Anti-Exploit
    • SandBlast agent forensics and anti-ransomware
    • Log Exporter
    • Multiple simultaneous sessions in SmartConsole

      And many more enhancements

  • R80.20M1 is a GA release, people can install this release, get support on it etc
    • This is not the GA of R80.20, you will be able to upgrade to it once released via CPUSE
    • After GA of R80.20 more releases of R80.20Mx can be expected

 

It's important to realize that in the EA program, Check Point will invest a lot. R&D people are sent on site and they assist throughout the whole process from start to finish. That includes final migration to the GA version. There are quite a few benefits for a customer. Next to early exposure to new features they get into a direct relationship with R&D, feedback is always taken into account and sometimes even leads to changes of the direction. Internal guidelines say we won't ship new code until enough verification was done. This also means we need testing with live traffic (not the internet gateway perse, a subnet will do). Europe has a great reputation of contributing feedback in this program, a fact that makes me real proud. 

So in conclusion, don't be confused  as we released R80.20M1 as a GA release where the R80.20 is still awaiting release. We have to start at some point and this allows us to be much faster responding to market desires for specific features that focus on management. The plan is for Check Point to release a feature release for management every couple of months. 

EA is a separate cycle and you cannot mix and match between the management release and the EA cycle, the latter also includes the gateway for instance.

 

I hope you enjoyed reading and this can help you in your jobs. Keep those EA customers coming, they benefit all of us!

 

Peter !!

Dear All,

 

We are very happy to announce availability of Check Point’s Management Feature Release - R80.20.M1

 

The Management Feature Release is a new release train that offers frequent, faster delivery of Security Management capabilities.

It can be used for clean installations or upgrades of Management environments.

 

Who is this relevant for?

Management Feature Releases are recommended for customers who want to use the latest available Security management capabilities. 

Customers using this release should be prepared to frequently upgrade their management environment when a new release becomes available.

 

The release is now available for download from the Check Point Download Center.

 

We encourage you to visit our R80.20 Management Feature Release homepage for “What’s New”, Release Notes and other useful information.

 

Regards,

Check Point Release Management Group