Selected Q&A is below.
Will the release of R81.20 provide support for the Perc H750 storage controller?
Yes, R81.20 will support it. In general, requests for specific Open Server hardware should be made through your local Check Point office.
Is R81.20 going to support "Open Server" platforms? And are there plans to stop supporting open servers?
Yes, we will continue supporting Open Servers.
Do we have a release date for R81.20?
We expect R81.20 release to be during July 2022 (subject to change).
Will there be any choices for email filtering protection for dinosaurs like my company that are small enough where On Premises Exchange 2019 makes the most sense for our budget and needs?
Back in 2019, a white paper was published using the MTA capabilities of a Quantum Security Gateway for preventing attacks over email. See: https://community.checkpoint.com/t5/Security-Gateways/Infinity-preventing-known-and-unknown-Gen-V-at...
I am looking forward to the NSaaS in AWS, especially since it will include Appsec. When will that be GA?
We're in Early Availability currently. You're welcome to contact us and join. GA is planned for the next few months.
Will you have a new version (81.20.xx) for SMB appliances as well? Like we saw for R77.20xx and R80.20xx.
Yes, we will. We will release R81.10 based version for SMB in the coming weeks.
Will this new SMB version support more than 2 links for ISP Redundancy as a regular R81.10 does?
R80.20.xx can already support more than 2 ISPs. With R81.10 we plan to support more feature rich SD-WAN also on the SMB gateways as well.
When do you expect to add more features to Harmony Internet Access such as Updatable objects, the ability to send alerts and Geo Protection for example?
We expect to add a lot of these capabilities by end of Q2 2022. They will come as part of the ability to manage Harmony Connect from fully features SmartConsole.
Give me a spoiler, please: Will this new SMB version support more than 2 links for ISP Redundancy as a regular R81.10 does? haha, yes it will. R80.20.xx can already suppoer more than 2 ISPs. With R81.10 we plan to support more feature rich SD-WAN also on the SMB gateways
Are all these new features going to require extra licenses? SD-WAN, IOT Device, etc?
Yes, they will. However we hope to include a great promotion to allow our customer to try these. Exact details will be announced closer to release.
Does XDR have any plans to get logs from non-Check Point products?
Yes, as a part of our strategy. our very initial product is focused on Check Point products - were we bring a lot of value by itself!
Hi, what about SOAR? Any plan have it available?
We are looking at orchestration and response capabilities as a part of our roadmap. stay tuned and we'll share more in the next sessions. side by side with SOAR, we're offering a lot of APIs to take actions on Check Point Quantum, Cloud Guard (e.g. CloudBots) and Harmony.
With the new cloud regions, is it possible to migrate an existing service from one cloud region to another?
Please open a ticket with TAC if this is needed.
What will be the link between Check Point Harmony Endpoint and XDR Infinity? What's new about on-premise web clients and console?
Harmony Endpoint is an EPP/EDR solution. Infinity XDR looks at Harmony Endpoint, but also at Quantum, Harmony, Email and many more.
Please rebrand DNS SecurIty with specific module name
DNS security is a capability that was added to the ThreatCloud infrastructure. The gateway running Anti-Bot Blade is making use of it when sending Domain Names to the backend. It is not a product in itself.
SmartWorkflow will be part of next release?!
Yes, part of R81.20.
Are you offering certification?
Yes, see: https://training-certifications.checkpoint.com/#/
If this is not what you need I suggest you contact the local Sales Team
Will XDR support custom rules (and maybe reactions) across products and events? Will it support 3rd party (like AD integration...)?
XDR will include, at a later phase, ability to correlate events beyond Check Point products, like AD for example. Custom rules will also come. as a first step - through Infinity Events you'll be able to customize rules as views / queries.
Is there an Endpoint Solution?
For enterprise customers: https://www.checkpoint.com/harmony/advanced-endpoint-protection/
For consumers and unmanaged small business customers: https://www.zonealarm.com/
Why did you change the rulebase verification in R80.40?
In previous versions we gave warnings whenever a rule hid another, regardless of the action. In the latest versions, we changed it so that we only alert when the rule hiding has a different rule action. The main reason is to avoid giving many warnings when the resulting policy is actually the same when the same action is used. In addition, it allowed us to significantly reduce processing time and make policy installation faster.
Updatable objects update on the gateway automatically, but not on the management or log server. Does R81.20 fix this for Management?
By design, updatable objects are updating IP addresses and domain names content on the the gateway. The management server is giving the object to the gateway and the gateway then fetches the content from our backend services. See also: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Can R&D work better on making SmartConsole work well for laptop screens?
Check out Web SmartConsole we introduced in R81 and it is continuously improved (auto-updated content). Connect to an R81.10 management server https://<ip>/smartconsole/ and provide feedback to us.
Infinity Identity UI that was shown seem so different from CP, is it a new acquisition/OEM?
If you refer to the Identity screens at the Harmony Email - it's a Check Point solution and development. We are now looking at offering such capabilities as a part of Harmony Connect - as this is more relevant to Internet/SaaS and remote access rather than email security.
The replace that Tomer just showed, will that work with MDS?
You can't do the "replace" across domains, but we did add "Where Used" support cross domains in recent versions. You need to be logged into the System domain to use it.
Country information is not updated on management
See the following workaround? https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Are GRE tunnels supported?
Since R81.
What are the differences between general datacenter object and feed object?
Generic Datacenter objects support hierarchy. Also, they are updated by the gateway, through the management. Network feeds are "flat" and simpler to use. Also, the gateway updates them independently and with better scalability.
Do IPsec tunnels automatically fail over in R81.20?
The upcoming Quantum SD-WAN provides resilient IPSec VPN connectivity - named 'overlay' - check out the Quantum SD-WAN EA program contacting your local presales Check Point engineer.
Will the feed object now replace the introduced Datacenter Objects from R81?
No, both types of objects will be supported.
Can MFA be configured in SmartConsole and is it a free services?
SAML (SSO) support in R81.20 does not require an additional license. Using SAML with an IDP, you can get MFA via the IDP, as shown in Tomer's demo.
Will R81.20 have better integration and documentation with SAML SSO for VPN using Okta?
Available today. See the following for more details: https://community.checkpoint.com/t5/Remote-Access-VPN/SAML-Support-for-Remote-Access-VPN/m-p/117199#...
Can the environment be connected to the Infinity Portal if access to the Internet requires a proxy?
Yes, it should take your proxy configuration into account. This was something that was encountered during an EA and was explicitly fixed.
Is the Identity Awareness blade rebuild in R81.20? I mean in regards to performance, numbers of connected Agents...
In R81.20, the PDP instance is multi-threaded. Detailed scale improvements are under test. Keep in mind that we have today scale capabilities documented here https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Does R81.20 MDS/MLM support monitoring log rates of each individual domains in this MDS/MLM over SNMP?
No, this was not added for SNMP. Going forward, we plan to add REST APIs + ability to export cpview data via OpenTelemetry that should allow you to get some of this data into other systems.
Will all of these capabilities from the Infinity Portal be available as soon as R81.20 is GA or will they be released later?
Most will be available with R81.20. Some capabilities that are driven from the cloud might be released a bit later, but will not require another Management upgrade (for example SD-WAN). That is part of the power of the new cloud integration capabilities.
What is the quota to send log to infinity, is an additional license required?
We'll have a license to ingest and store events from on-prem enforcement points into Infinity. The exact packages and pricing will be announced later on.
I assume HTTPS Inspection needs to be enabled for the IoT policy to work?
All traffic that uses SSL encryption (https) needs https inspection to be enabled to be effectively inspected.
Next Generation Threat Prevention and Sandblast are the only services best from cybersecurity point of view or can we add more security Features to keep in mind before upgrading?
Have a look at Autonomous Threat Prevention here: https://community.checkpoint.com/t5/Threat-Prevention/Autonomous-Threat-Prevention-on-R80-40-Gateway...
When can we see a full demo of R81.20?
Feel free to reach out to your local CP office, or join our Early Availability program.
What is the hardware support for R81.20?
Any hardware that is not currently End of Engineering support is expected to support R81.20. However, the exact details will be documented at release time.
