Add Load sharing (Unicast mode) on R80.20 versions and above.

Make the firewall data available in PRO support options available in Smart Dashboard.  WITHOUT the need for an extra subscription cost.

1. MAC address filtering and MAC address based Rule.

2. Device detection. Detect Device OS, type etc... In future maybe we can create Policy by device type.

3. Web based Smart Console. As we know SmartView has the web access.

4. 3 more ISP support

Some of these enhancements have already been discussed multiple times in the community and I'm still stressing it. Hope I'm not repeating any of the existing feature.

** As @Danny suggested, Packet tracer feature with good visualization
** Packet capture (tcpdump) feature in Smartconsole
** MacOS and Android OS support for Threatemulation.
** Threat hunting or EPA can include Vulnerability assessment feature
** VPN-domain per VPN-community.
** Unified upgrade for firewalls in HA. For example, When we download OS/hotfix on primary, it can get sync'ed to other firewalls in the cluster. And then, the ability to install/upgrade HF/OS in the cluster environment with single/minimal clicks from primary firewall
** Logs can be enhanced with additional fields (destination interface - just to ensure routing is correct, TCP session end reason: How the TCP session was closed [because of timeout or TCP fin packet or RST packet or any other] as it helps to troubleshoot a lot]
** Live threatmap (Like in Palo Alto firewall, threatmap shows the source country of live threats hitting the corresponding firewall)
** Release notes can be made available in GUI as a link to see the new features & fixes as well as the known limitations before upgrading/installing version/hotfix.
** Importing objects in Smartconsole
** Smartconsole auto-update
** Considering the increased focus in automation, more scripts can be added to scripts repository by default. This way, we can avoid enforcing the customers to learn scripting to do tasks to a certain level.
** cpview in smartconsole
** backup & restore of mgmt server from smartconsole
** Enhancements for ClusterXL Load Sharing
** Simplify DHCP relay config (when we enable it, it should automatically create rules accordingly) as we need to configure rules manually now
** Simplified VPN configuration with wizard (Right now, we need to jump to multiple places to configure one VPN tunnel)
** Download option can be made available for the outputs of the task executed by the scripts in script repository as most of the available scripts now are show commands only.
** Support for SMTP authentication for Sendmail. This will help us to send mail alerts in the environments which doesn't support anonymous mail without authentication.
** One of the pain point for many customers is disk getting full with logs. To overcome this, log settings configuration in SmartConsole can be enhanced (such as retention duration based on days and scheduling logs transfer to remote repositories via SCP,SFTP or tftp) without having to write scripts / use cron by the user.
** DNS Security feature (I believe it's in the pipeline)

Give customers opportunity to "decouple" management server side even more (like it is the case with separate log server), especially for larger installations - give them option to install management database into separate DB machine and provide good tuning guide in order to make DB "fly". Maybe with this move also support some other popular DB's in the future like Oracle, MSSQL, etc? Usually larger enterprises have their own DB servers and dedicated DBA teams who can tweak DB machines - thats why this idea is proposed.

Get rid of "fat" smartconsole client finally and move it to web as the initative seems to be. This could also be provided as "tiered" installation for scalability like web frontend could be run on one machine and the logic behind it on the other machine.

Concurrent policy push capability in the same CMA.

In Azure:

It seems the best practice when going from, say 80.20 to 80.30 will be to completely redeploy gateways.  Why can't I just use CPUSE to upgrade VM's in place?

Make the Autoprovisioning stuff a lot less obnoxious.  It has been a real pain getting this stuff up to speed.

I wish to configure the network settings of a gateway from SmartConsole like it work in VSX.

You need a new interface... you have to configure the gateway in GAiA and too in SmartConsole.

Route entries are the same, why not set via SmartConsole?

Best way would be to configure a management interface on the gateway and all other via SmartConsole.

Wolfgang

I would like portal (from the box) for manual files check on TE Appliance.

Like Cloud SandBlast Analysis, but check files it locally 🙂

Concurrent policy instalation from R80.x management to r80.x gateways (https://community.checkpoint.com/t5/Multi-Domain-Management/Concurrent-policy-install-on-r80-x/m-p/5...)

The ability to be able to influence routing based on the policy. i.e.

Rule A matches src traffic to dst of office 365 and CDN, allow this to be routed to a different gateway rather than default route. 

PBR only allows based on IP address but routing based on the firewall policy, applications etc. In theory, could allow easier manipulation of the traffic based on traffic being matched.

Content-aware routing, is probably the best name i can suggest 

More routing capabilities are much welcome...

- PolicyBasedRouting in VSX ( in normal VS not in virtual router )

- full PBR Support in VSX ( not only IPs as source or destination )

- virtual router running on VSLS in VSX

- virtual router functionality under normal GAiA, not VSX

More and better proxy features:

- reverse proxy, full URL rewrite

- reverse proxy, not only on port 80 and 443

Wolfgang

Delta pushes within smart console policy installations

Allow Geo Protection exceptions to be a dynamic object to assist with automation

Improve overall speed of Smart Console

Give out more vendor swag 🙂

Dear Checkpoint;

Idea of the Year poposal:

Return to the core checkpoint values, IE: support the engineers in the operations departments of customers and SSP's.

By:

Stoping your release train from taking us on a rollercoaster rides from bug to fix to new bug. 

Limit yourselves to the stable realeases we know and love.

Thus only release new features once a fully stable-state has been achieved in the previous release.

Kind regards,

- Backup GAIA configurations from Gateways and Virtual Systems making them available for restore.  Right now everyone has to build their own solutions.

- Integrated web and/or pdf export (print to pdf is clunky and never works quite right) to create policy used in compliance.

Complete Gaia configuration from SmartConsole in a much more simpler way than Smart LSM. This could be great

I have many dreams and wish:

1) Web-based SmartConsole in html5.
2) A real-time console for analyzing VPN problems in the SmartConsole comparable to ikeview but in real time.
3) A way to change DNS and HTML entries in real time. For example, to overwrite the DNS entry test123.com in checkpoint.com or the same for HTTP ( http://test123.com to http://checkpoint.com).
4) WAF blade!😀I know you are working together with Radware. When can we expect a solution here?