- CheckMates
- :
- Products
- :
- General Topics
- :
- Re: R80.40 Early Availability Program @ Check Poin...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
R80.40 Early Availability Program @ Check Point Update
R80.40 EA ProgramR80.40 features centralized management control across all networks, on premise or in the cloud, lowering the complexity of managing your security and increasing operational efficiency. As part of the Check Point Infinity architecture, R80.40 provides customers with the best security management, utilizing the Industry’s largest integration of technologies from more than 160 technology partners. With Check Point R80.40 Cyber Security for Gateways and Management, businesses everywhere can easily step up to Gen V. |
|
|
|
• We are looking for R80.X / R77.X Production environment to evaluate the new version. • Start date: Started
Public EA (for Lab/Sandbox use) is now also available!
|
|
Additional questions? contact us@ EA_SUPPORT@checkpoint.com |
|
What's New |
|
IoT SecurityA new IoT security controller to:
TLS InspectionHTTP/2
TLS Inspection Layer This was formerly called HTTPS Inspection. Provides these new capabilities:
Threat Prevention
Access ControlIdentity Awareness
IPsec VPN
URL Filtering
|
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks @PhoneBoy Do you have access to anyone else within CP who could add more detail to this? The customer in question moves very slowly so E80.40 will be GA by the time they get to using it, but I need to have the conversations now to get them on board, so I could really do with knowing exactly what this will provide in terms of management of Bitlocker, and also crucially to this conversation, will it offer me an easy(!) route to migrating from Bitlocker to CP FDE?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've contacted the relevant owner and will update soon with details regarding your question.
Would you like to enrol the Production EA program? we can schedule a phone call and discuss the details if you are interested.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @David_Moss,
Thanks for your note. I look forward to your further update. At this stage I don't need to join the EA (the customer isn't interested in running on EA code) but more detail on what exactly it will do would be a great help 👍
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Check Point Endpoint Security (client) will have BitLocker Management as an option in the
Full Disk Encryption Blade policy.
As you know, BitLocker is an integrated part of Windows. The Check Point BitLocker Management feature uses
the Endpoint Security Server, Client Agent and Management UI to manage BitLocker. TPM is required for Managed BitLocker.
Existing BitLocker Encrypted machines can be "taken over" and put under Check Point Endpoint Security Management without being decrypted as long as the policy is using BitLocker Management. Recovery Keys and Data will then be uploaded to the Endpoint Management Server.
Switching from BitLocker to Check Point FDE is easy, once the machines have been put under BitLocker Management. At least from a management perspective, just change the policy to use Check Point Full Disk Encryption. Note however that this operation will trigger a BitLocker decryption followed by FDE encryption. This re-encryption is a fairly long process and also leaves parts of the disk in clear text during the operation.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks @FredrikG, that update is music to my ears 🙂 I will let the customer know and press ahead to get that deal.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hello -- will R80.40 include the long-awaited in-place upgrade option for SmartConsole client?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unfortunately no ... to be included, we needed to finish the development by by now
The good news is that the project is now under work and we have intention to include in R80.50
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @Dorit_Dor , thanks for the insight on in-place upgrade for SmartConsole and R80.50 target. Aren't we getting close to release of web-based policy mgmt (or is this R81)?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I second that.
We are living in a cloud world, so why we are forced to install the program on (and only on) Windows workstation in order to work with Check Point products. We need a web-based solution of management that can be placed into any Linux machine running Apache and accessed without the need to have a dedicated Windows machine where is installed only Check Point SmartConsole.
Jozko Mrkvicka
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
at least it's not using Java like Cisco's ASDM; .NET is kinda awful though
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You *really* don't want a web-based management. You think you do, but you don't. Look at Cisco's Firepower Management Center. It's web-based. It's awful. They tried, and keep trying. They got the right idea, but web-based is just awful (but it is "less bad" than ADSM). Look at PAN, same thing. Look at $OTHER_VENDOR, same thing. Web is awful. It's an intrinsically asynchronous service. It's not made for this. You can make an asynchronous transport into a synchronous transport. That pig won't stay on course when it's flying.
Meanwhile, Check Point gave out the APIs so you can roll your own $WHATEVER. The management client in-place upgrade will be nice (I'm exhausted on the many times I've had to uninstall/reinstall for Endpoint management and HFA updates), but it's still the right thing.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Duane_Toler thanks for your input. what specifically do you not like about PAN interface (specifically v8x or v9x)?
Personally, I would like CP to continue to expand on their SmartView work with web-enabling common mgmt interfaces. HTML5 FTW!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I acknowledge and understand there are two primary camps are far ends of divide: thick client and web-based mgmt.
Are the folks so enamored with thick client currently OK with fact no in-place client update is possible? I had customer last week asking legitimate questions along lines of "checkpoint is billion dollar company and the mgmt client for the foundation product (a) doesn't do in place upgrade, and (b) un-install of Smartconsole loses all saved preferences and tweaks". He had no other commercial mgmt tool that offered such a severe limitation. @Dorit_Dor did mention that in-place update currently planned for R80.50 but that's another year+ away.
It's unclear how current generation HTML5-based web interface would be any less functionality. In addition, the numerous security professional using MAC laptops would be able to freely mgmt CP platform without frustrating need for virtualization and/or jump hosts.
My preference is CP makes a decision and sticks to it (ie. not doing both). The current SmartView features bode well for HTML future...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The Management & SmartConsole are developed under my ownership, so I will try to answer:
1) It is definitely not OK that SmartConsole needs to be manually installed and uninstalled for getting fixes / updates. In the past when updates were infrequent, it may have been reasonable, but not today with the jumbo updates.
2) It is not OK that preferences are lost when updating SmartConsole.
3) We had some delays with the updatable SmartConsole development (mainly due to other high priorities that came in), so we are behind schedule for sharing it with the field during 2019. However, we are not waiting for the release of R80.50. The plan is to release another flavor of SmartConsole that will be auto-updatable during Q1. We will release it to versions that are already GA (such as R80.40 and R80.30). The new package will be available in parallel to the existing one, and customer will be able to choose the new flavor early if they wish.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sincere thanks @Tomer_Noy . we appreciate the insight.
- Tags:
- thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Tomer_Noy Hi, do you have any update on SmartConsole getting the update/hotfixes automatically ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hello @Xiaole_Chen . I recall @Dorit_Dor stated in another thread that in-place Smartconsole updates were target for R80.50.
while not an exact answer to your question, the R80.50 feature would address the most pressing customer complaint: "having to un-install/re-install SmartConsole with each new release -- AND -- losing your end-user preferences in the process".
I understand this new build will also notify end-user when new release is available.
Alternatively, if your question is along the lines of "instant updates" similar in form/function to local-install apps for Office 365, this would be wonderful (ie. no perceived installation events at all...). Office 365 apps includes "beta" toggle as well so you can see new features easily (and turn-off just as easily).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Any improvements on EPM? Dont see any.
Blason R
CCSA,CCSE,CCCS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is there any news on the Public EA release date?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
there is no official date yet, but we expect the Public EA program to start very soon. we will publish once it starts.
thanks, David
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does anyone know if CP are going to add a comments field on gateway properties for routes. It's available in GAIA, but not for VSX routes. This is something that would be really useful to keep track of routes.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Wondering if 80.40 has a backup VPN functionality? Or VPN redundancy with third-party vendors?
Blason R
CCSA,CCSE,CCCS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I had a customer asking for this "redundant remote access VPN" functionality as well. I perceive that MEP is a site-to-site functionality and not relevant for remote access VPN (don't know for sure).