Acceleration · With Falcon Acceleration Cards: · NGFW/NGTP/NGTX - supports higher throughput with maximum security by implementing Deep Inspection acceleration · HTTPS Inspection acceleration - supports higher throughput of HTTPS traffic · Firewall only acceleration - low-latency for Firewall only traffic, high packet and session rates · VSX and QoS support · Additional software enhancements: · HTTPS Inspection performance improvements · Session rate improvements on high-end appliances (including 2012 appliances and 13000 and above appliances) · Acceleration is enabled during policy installation Threat Prevention · Threat Prevention Indicators (IoC) API o Management API support for Threat Prevention Indicators (IoC) o Add, delete, and view indicators through the management API · Threat Prevention Layers o Support layer sharing within Threat Prevention policy o Support setting different administrator permissions per Threat Prevention layer · MTA (Mail Transfer Agent) o MTA monitoring: § E-mails history views and statistics, current e-mails queue status and actions performed on e-mails in queue · MTA configuration enhancements: § Setting a next-hop server by domain name § Stripping or neutralizing malicious links from e-mails § Adding a customized text to a malicious e-mail's body or subject § Malicious e-mail tagging using an X-header § Sending a copy of the malicious e-mail · ICAP · ICAP server support on a Security Gateway to consult with Threat Emulation and Anti-Virus Deep Scan whether a file is malicious · Threat Emulation o SmartConsole support for multiple Threat Emulation Private Cloud Appliances o SmartConsole support for Blocking files types in archives | Identity Awareness · Identity Tags support the use of tags defined by an external source to enforce users, groups or machines in Access Roles matching · Identity Collector support for Syslog Messages - ability to extract identities from syslog notifications · Identity Collector support for NetIQ eDirectory LDAP Servers · Improved Transparent Kerberos SSO Authentication for Identity Agent · Two Factor Authentication for Browser-Based Authentication (support for RADIUS challenge/response in Captive Portal and RSA SecurID next Token/Next PIN mode) · New configuration container for Terminal Servers Identity Agents · Ability to use an Identity Awareness Security Gateway as a proxy to connect to the Active Directory environment, if SmartConsole has no connectivity to the Active Directory environment and the gateway does · Active Directory cross-forest trust support for Identity Agent · Identity Agent automatic reconnection to prioritized PDP gateways · Additional filter options for identity collector - "FilterperSecurity Gateway" and "Filter by domain" · Improvements and stability fixes related to Identity Collector and Web-API Mirror and Decrypt · Decryption and clone of HTTP and HTTPS traffic · Forwarding traffic to a designated interface for mirroring purposes Hardware Security Module (HSM) · Enhancement of outbound HTTPS Inspection with a Gemalto SafeNet HSM Appliance · SSL keys are stored when using HTTPS Inspection Clustering · Sync redundancy support (over bond interface) · Automatic CCP mode (either Unicast, Multicast or Broadcast mode) · Unicast CCP mode · Enhanced state and failover monitoring capabilities · OSPFv3 (IPv6) clustering support · New cluster commands in Gaia Clish Advanced Routing · Allow AS-in-count · IPv6 MD5 for BGP · IPv6 Dynamic Routing in ClusterXL · IPv4 and IPv6 OSPF multiple instances · Bidirectional Forwarding Detection (BFD) for gateways and VSX, including IP Reachability detection and BFD Multihop Access Policy · New Wildcard Network object supported in Access Control policy · Simplified management of Network objects in a security policy · HTTPS Inspection now works in conjunction with HTTPS web sites categorization. HTTPS traffic that is bypassed will be categorized. · Rule Base performance improvements, for enhanced rule base navigation and scrolling · Global VPN Communities. Previously supported in R77.30. | Security Management · Upgraded Linux kernel (3.10) · Additional support for Open Servers hardware · New file system (xfs) o More than 2TB support per a single storage device o Enlarged systems storage (up to 48T tested) · I/O related performance improvements · Support of new system tools for debugging, monitoring and configuring the system o iotop (provides I/O runtime stats o lsusb (provides information about all devices connected to USB) o lshw (provides detailed information about all HW) o lsscsi (provides information about storage) o ps (new version, more counters) o top (new version, more counters) o iostat (new version, more counters) · Multiple simultaneous sessions in SmartConsole - One administrator can publish or discard several SmartConsole private sessions, independently of the other sessions. · Integration with a Syslog server (previously supported in R77.30) - A Syslog server object can be configured in SmartConsole to send logs to a Syslog server. SmartProvisioning · Integration with SmartProvisioning (previously supported in R77.30) · Support for the 1400 series appliances · Administrators can now use SmartProvisioning in parallel with SmartConsole vSEC Controller Enhancements · Integration with Google Cloud Platform · Integration with Cisco ISE · Automatic license management with the vSEC Central Licensing utility · Monitoring capabilities integrated into SmartView · vSEC Controller support for 41000, 44000, 61000, and 64000 Scalable Platforms Endpoint Security Server Managing features that are included in R77.30.03: · Management of new blades: o SandBlast Agent Anti-Bot o SandBlast Agent Threat Emulation and Anti-Exploit o SandBlast Agent Forensics and Anti-Ransomware o Capsule Docs · New features in existing blades: o Full Disk Encryption § Offline Mode § Self Help Portal § XTS-AES Encryption § New options for the Trusted Platform Module (TPM) § New options for managing Pre-Boot Users · Media Encryption and Port Protection § New options to configure encrypted container § Optical Media Scan · Anti-Malware § Web Protection § Advanced Disinfection Additional Enhancements · HTTPS Inspection support for IPv6 traffic · Additional cipher suites support for HTTPS inspection · Improvements in policy installation performance on R80.10 and higher gateways with IPS · Network defined by routes - gateway's topology is automatically configured based on routing · IPS Domain Purge on Security Management Server - IPS update packages are saved for 30 days, older packages are purged. · SmartConsole Extensions – an open API platform for extending Smart Console with third-party and in-house tools and features. · Compressed snapshots - reduced system snapshot size. |