This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Danny_Yang
Ambassador
Ambassador
‎2018-04-22 08:59 AM

更強大的R80.20版要來了! (預計2018 Q3)

Hello All,

剛好Mike問到有關ICAP Server是否會於R80.x版支援(R77.30已經有hotfix),在此將最新版R80.20預計的更新功能整理如下。而目前R80.20正進行到private EA階段,待正式public EA後應該就離GA不遠了(目前預估在第三季左右釋出)。

R80.20七大重要特色搶先看:

1) 會同步推出硬體加速卡(Acceleration card)-5000/15000/23000系列

2) 將同步推出新的GAiA OS

3) 將會通過EAL4+驗證(目前R77.30有)

4) 將支援SandBlast Appliance(目前只有R77.30)

5) 增加網路叢集/路由功能的支援

6) 可支援加密流量解密後mirror至外部

7) 預計支援Endpoint Security的整合管理(目前需要用R77.30.03版)

下列為R80.20計劃中的feature enhancement,但僅供參考之用,請以正式GA版的release note為準。

Acceleration
With Falcon Acceleration Cards:

• NGFW/NGTP/NGTX & HTTPS Inspection acceleration — supporting higher throughput with maximum security including inspection of HTTPS traffic.

• QoS acceleration.

• Firewall only acceleration — low-latency, high packet and session rates.

• VSX support.

Additional software enhancements:

• Session rate improvements on high-end appliances (including 2012 appliances and 13000 and above appliances).

• Acceleration is enabled during policy installation.

• HTTPS Inspection performance improvements.

 

Threat Prevention

Threat Prevention Indicators (IoC) API

• Management API support for Threat Prevention Indicators (IoC).

• Add, delete, and view indicators through the management API.

Threat Prevention Layers

• Support layer sharing within Threat Prevention policy.

• Support setting different administrator permissions per Threat Prevention layer.

 

MTA (Mail Transfer Agent)

MTA monitoring:

• E-mails history views and statistics, current e-mails queue status and actions performed on e-mails in queue.

MTA configuration enhancements:

• Setting a next-hop server by domain name.

• Stripping or neutralizing malicious links from e-mails.

• Adding a customized text to a malicious e-mail's body or subject.

• Malicious e-mail tagging using an X-header.

• Sending a copy of the malicious e-mail.

ICAP

• ICAP server support on a Security Gateway to consult with Threat Emulation and Anti-Virus Deep Scan whether a file is malicious.

 

Threat Emulation

• SmartConsole support for multiple Threat Emulation Private Cloud Appliances.

• SmartConsole support for Blocking files types in archives.

 

Clustering

• Sync redundancy support (over bond interface).

• Automatic CCP mode (either Unicast, Multicast or Broadcast mode).

• Unicast CCP mode.

• Enhanced state and failover monitoring capabilities.

• OSPFv3 (IPv6) clustering support.

• New cluster commands in Gaia Clish.

 

Advanced Routing

• Allow AS-in-count.

• IPv6 MD5 for BGP.

• IPv6 Dynamic Routing in ClusterXL.

• IPv4 and IPv6 OSPF multiple instances.

• Bidirectional Forwarding Detection (BFD) for gateways and VSX, including IP Reachability detection and BFD Multihop.

 

Identity Awareness

• Identity Tags support the use of tags defined by an external source to enforce users, groups or machines in Access Roles matching.

• Identity Collector support for Syslog Messages — ability to extract identities from syslog notifications.

• Identity Collector support for NetIQ eDirectory LDAP Servers.

• Transparent Kerberos SSO Authentication for Identity Agent.

• Two Factor Authentication for Browser-Based Authentication (support for RADIUS challenge/response in Captive Portal and RSA SecurID next Token/Next PIN mode).

• New configuration container for Terminal Servers Identity Agents.

• Ability to use an Identity Awareness Security Gateway as a proxy to connect to the Active Directory environment, if SmartConsole has no connectivity to the Active Directory environment and the gateway does.

• Active Directory cross-forest trust support for Identity Agent.

• Identity Agent automatic reconnection to prioritized PDP gateways.

 

Mirror and Decrypt

• Decryption and clone of HTTP and HTTPS traffic.
• Forwarding traffic to a designated interface for mirroring purposes.

 

Hardware Security Module (HSM)

• Enhancement of outbound HTTPS Inspection with a Gemalto SafeNet HSM Appliance.

• SSL keys are stored when using HTTPS Inspection.

 

Security Management

• Multiple simultaneous sessions in SmartConsole — One administrator can publish or discard several SmartConsole private sessions, independently of the other sessions.

• Integration with a Syslog server (previously supported in R77.30) — A Syslog server object can be configured in SmartConsole to send logs to a Syslog server.

 

SmartProvisioning

• Integration with SmartProvisioning (previously supported in R77.30).

• Support for the 1400 series appliances.

• Administrators can now use SmartProvisioning in parallel with SmartConsole

 

Access Policy

• New Wildcard Network object supported in Access Control policy.

• Simplified management of Network objects in a security policy.

• HTTPS Inspection now works in conjunction with HTTPS web sites categorization. HTTPS traffic that is bypassed will be categorized.

• Rule Base performance improvements, for enhanced rule base navigation and scrolling.

• Global VPN Communities. Previously supported in R77.30.

 

vSEC Controller Enhancements

• Integration with Google Cloud Platform.

• Integration with Cisco ISE.

• Automatic license management with the vSEC Central Licensing utility.

• Monitoring capabilities integrated into SmartView.

• vSEC Controller support for 41000, 44000, 61000, and 64000 Scalable Platforms.

 

Additional Enhancements

• HTTPS Inspection support for IPv6 traffic.

• Improvements in policy installation performance on R80.10 and higher gateways with IPS.

• Network defined by routes — gateway's topology is automatically configured based on routing.

• IPS Domain Purge on Security Management Server — IPS update packages are saved for 30 days, older packages are purged.

 

Endpoint Security Server

Managing features that are included in R77.30.03:

Management of new blades:

• SandBlast Agent Anti-Bot.

• SandBlast Agent Threat Emulation and Anti-Exploit.

• SandBlast Agent Forensics and Anti-Ransomware.

• Capsule Docs.

New features in existing blades:

• Full Disk Encryption.

• Offline Mode.

• Self Help Portal.

• XTS-AES Encryption.

• New options for the Trusted Platform Module (TPM).

• New options for managing Pre-Boot Users.

• Media Encryption and Port Protection.

• New options to configure encrypted container.

• Optical Media Scan.

Anti-Malware:

• Web Protection.

• Advanced Disinfection.

3 Replies
Danny_Yang
Ambassador
Ambassador
‎2018-04-22 09:01 AM

https://community.checkpoint.com/people/ricklf8e2d197-59c3-3a1d-9b28-93690f3bba52

期待Rick頭香,屆時搶先全球發表production的升級與上線經驗!

0 Kudos
Danny_Yang
Ambassador
Ambassador
‎2018-05-01 08:17 PM

目前R80.20已進行到Public EA階段, 可以到PartnerMap中註冊。

請注意,Public EA請於Lab或測試環境中執行,不建議運行於正式環境。

0 Kudos
Danny_Yang
Ambassador
Ambassador
‎2018-05-24 08:25 PM
In response to Danny_Yang

目前R80.20已經可以測試both Management & Gateway了!

0 Kudos
Upcoming Events

    Sort by:
    CheckMates Events