cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Employee+
Employee+

Exciting New Security Management Features in R80.40!

Hi everyone,

My name is Eran and I'm a Group Manager in the R&D of Check Point. My group is responsible for the core infrastructure of the Management Server and also for the Management API. As you probably know, R80.40 has just been released and we're very excited about over 100 new features, many of them are in the Security Management platform.

Eran_Habad_0-1580225383384.jpeg

I invite you all to explore the What's New of R80.40 and specifically the Security Management section. The following new features were developed by my amazing group of R&D engineers and I encourage you to try them out and share your feedback:

 

Revert to Revision

The Security Management Server architecture supports built-in revisions. Each publish operation saves a new revision that contains only the delta from the previous revision allowing now safe recovery from a crisis by restoring a Domain or a Management Server to a good known revision.

 

Multi-Domain 

  • Backup and restore an individual Domain Management Server on a Multi-Domain Server.
  • Migrate a Multi-Domain Security Management from one Multi-Domain Server to a different Multi-Domain Server.
  • Migrate a Security Management Server to become a Multi-Domain Security Management on a Multi-Domain Server.
  • Migrate a Domain Management Server to become a Security Management Server.

 

 Management API

  • DevOps teams can automate their security and transform it into DevSecOps workflows using Ansible and Terraform. Automate security responses to threats, provision both physical and virtualized next-generation firewalls and automate routine configuration tasks, saving time and reducing configuration errors.
  • Significant increase of performance for multiple set/edit/delete object commands with Batch API.
  • New Management API authentication method that uses an auto-generated API Key.
  • New Management API commands to create cluster objects.

 

SmartTasks

Configure automatic scripts or HTTPS requests triggered by administrator tasks, such as publishing a session or installing a policy.

 

Partial (infix) Search

Object search - support for partial word search using a wildcard, for example: a match is returned for searching *oba for an existing Host named: USGlobalHost.

 

Management Upgrade

Introducing a new Management Upgrade mechanism (under the hood) that includes:

  • New dynamic HTML upgrade report that shows the current status while upgrade is in progress and the final report once upgrade is done.  ** Will be available starting next DA release ** 
  • New updatable code mechanism for delivery of upgrade fixes and enhancements, automatically downloaded as upgrade packages from the Download Center for online environments. This is also available for offline environments and requires to download latest upgrade package from the Download Center.   

Note: the new Management Upgrade mechanism will be executed when upgrading from R80.20, R80.20.Mx and R80.30 to R80.40 (and to any future version).

 

Feel free to reply to this thread with comments or questions, or to reach me out privately. Also, you're welcome to stop by next week at the #CPX360 in Vienna and visit me in the Technology Innovation room, next to the Security Management table.

 

Enjoy R80.40!

Eran

15 Replies
Highlighted

Re: Exciting New Security Management Features in R80.40!

Can i just clarify that we also have

Migrate a Security Management Server (R80.10+) to become a Domain Management Server (R80.40) ?
This is what MSPs have been waiting for since R80. Please tell me it is included
0 Kudos
Highlighted
Silver

Re: Exciting New Security Management Features in R80.40!

Migrate a Security Management Server to become a Multi-Domain Security Management on a Multi-Domain Server.

 

I how I read that was for R80+

0 Kudos
Highlighted
Employee+
Employee+

Re: Exciting New Security Management Features in R80.40!

Hi Peter,
Please see my answer here: https://community.checkpoint.com/t5/General-Topics/R80-40-Early-Availability-Program-Check-Point-Upd...
Shortly, the Domain migration is available now starting R80.40. Very soon we will include those abilities in R80.20 and R80.30 via Jumbo Hotfix, but Domain migration in or from R80.10 will not be supported, unfortunately, due to technical limitations.
0 Kudos
Highlighted

Re: Exciting New Security Management Features in R80.40!

Does it matter if the SMS is running a VSX setup when you want to migrate that to a Domain Management Server?
Also I don't see anything about the report sharing feature nor the topology per VPN community?
Regards, Maarten
0 Kudos
Highlighted
Employee+
Employee+

Re: Exciting New Security Management Features in R80.40!

Hi @Maarten_Sjouw, when migrating from a Security Management Server to a Domain there is no limitation in regards to VSX - it is not an issue. 

Also, note the features I listed are not ALL the new features of R80.40, I only highlighted few features which were developed under my ownership. The full list can be found here (and also in my post):

 

0 Kudos
Highlighted

Re: Exciting New Security Management Features in R80.40!

Ok @Eran_Habad, that VSX is supported is a lifesaver.
On the SmartConsole updatable code, does it still allow me to leave the R80.30 installation on my machine?
Regards, Maarten
0 Kudos
Highlighted

Re: Exciting New Security Management Features in R80.40!

@Eran_Habad, Where can I find a proper upgrade manual, I looked at SK137677 and SK135172 but those are very unclear, the first only shows R80.20 but looking past that, in the export and import commands which version do you need to put there:
The version you are coming from?
Even the Installation and upgrade Guide only shows moving a R80.40 SMS/DMS to a R80.40 SMS/DMS or R80.10/R77.30 and lower, but nothing about R80.20/R80.30
Tried this API method but that just fails without a proper error message.
The version you going to?
Next to that If I want to import a SMS into a Domain on a MDS, the migrate_server import tells me to run it from MDS level??

So which SK is giving proper info on migrations?
Regards, Maarten
0 Kudos
Highlighted
Employee+
Employee+

Re: Exciting New Security Management Features in R80.40!

@Maarten_Sjouw I'm sorry for the confusion with the SKs, we're now uploading the updated SKs following the release of R80.40 and few hours from now it will be clearer. @Itai_Minuhin will reply here when the SKs are ready and uploaded. In any case, the R80.40 Installation and Upgrade Guide has all the info very clearly so you shouldn't wait for the SKs. Note that for advanced upgrade there are different instructions for upgrade from R80.20 and higher, and upgrade from R80.10 and lower (due to the new upgrade mechanism for R80.20 and higher - see my original post).

For migrating SmartCenter to a Domain on a Multi Domain Server, you can see the instructions as part of the R80.40 Admin Guide or simply refer to sk156072 for all the info. The migration is based on API commands, so you can also check out the Management API Reference for the syntax of the commands (although they are written clear as part of sk156072). You're also invited to explore the new APIs in v1.6 (the API version for R80.40).

Hope this helps.

0 Kudos
Highlighted

Re: Exciting New Security Management Features in R80.40!

Ok, SK156072 will only work for R80.40 and above, as it requires the API 1.6.
For R80.20/R80.30 we will wait for updated information.
Regards, Maarten
0 Kudos
Highlighted
Employee
Employee

Re: Exciting New Security Management Features in R80.40!

@Maarten_Sjouw SK135172 is now updated.
SK137677 will be updated soon as well.
Highlighted

Re: Exciting New Security Management Features in R80.40!

Thanks @Itai_Minuhin, I will check them out.
Regards, Maarten
0 Kudos
Highlighted

Re: Exciting New Security Management Features in R80.40!

There is no details about enhancements on Policy Install. It seems still no Delta Policy Install on Gateways 😞

Highlighted
Employee+
Employee+

Re: Exciting New Security Management Features in R80.40!

Hi @KennyManrique,  we actually made few performance enhancements in the policy installation of R80.40, mostly in the policy verification process, which already show performance improvements - also reported by many of our EA customers of R80.40. Also, the policy verification and "rule hiding rule" logic do rely on the delta that was changed - this is not new in R80.40. We have major plans in our roadmap to promote fast policy installation, not necessarily by installing only the delta - we explore other directions as well. Stay tuned 🙂

Highlighted
Platinum

Re: Exciting New Security Management Features in R80.40!

Is "new" feature Partial (infix) Search capable to find also IP ranges ? including IPv4 and IPv6 addresses?

Kind regards,
Jozko Mrkvicka
0 Kudos
Highlighted
Employee+
Employee+

Re: Exciting New Security Management Features in R80.40!

Hi @JozkoMrkvicka, the new partial search feature is aimed for finding an object by providing any sequence of characters from the object's name (could be in the middle of the name). Searching an IP in the objects bar and finding matches for ranges is supported today in R80.x already - try it out 🙂 

0 Kudos