Q&A and slides below the video.

When will R82.10 be released as GA?

Released on 29 December 2025 via https://support.checkpoint.com/results/sk/sk183506 

We run SecureXL in kernel mode on R81.20. How does that relate to “R82.10 release features an upgraded OS based on LINUX 5.14 and runs exclusively in UPPAK mode” to add on to this, when will DoS, QoS and all other features be ported to UPPAK?

PPAK (a.k.a. Performance Pack) is another name for SecureXL. Historically, this has run in kernel mode (KPPAK), though we started implementing this in userspace (UPPAK). In R82.10, UPPAK will be the only mode supported. All features not supported in UPPAK on earlier releases are expected to be supported in R82.10.

If we are running Legacy VSX and use virtual Switches, has throughput improved which the new kernel version update?

This issue should be addressed in R82 JHF and is expected to be in R82.10.

The new 39xx Appliance are ARM based and already come with R82.10. Will there still be separate installer for x86 and ARM based appliances or will everything be unified?

Separate installers, yes, however the underlying code is exactly the same. 

What is the false positive rate for Anti-Phishing?

There are very few FP in Zero Phishing, mainly because it’s not only uses reputation feeds to determine website’s maliciousness, but doing live rendering and emulation of the website as well, in addition to using Check Point’s multiple URLX prevention engines.

Does the antiphishing inspection without HTTPS confined to the email only, or any other communication channels, such as Slack and WhatsApp?

Zero Phishing blade works in the gateway for website browsing.
email anti phishing is done in HEC (Harmony Email and Collaboration)

SNI is not a reliable information, or?

We take additional steps to verify the SNI, as described in sk163594.

Isn't SNI dead? I thought more and more websites were no longer supporting it over privacy concerns.

SNI is still widely used. That said, we're are working on other methods that will not even need SNI.

Can you not use the same SNI inspection method to understand the APPs inspection?

We use multiple ways to fingerprint an application. SNI, DNS, known IPs, caching and many more. When we introduced SD-WAN we enahced application detection to be on the first SYN packet.

We have an environment running without https inspection. Is there an idiots guide on how to get https inspection up and running on R82?

Yes, under R82 Admin guide, there is a section for “Getting Started with HTTPS Inspection”
https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_SecurityManagement_AdminGuide/Cont...

See also our Deep Dive session on HTTPS Inspection: https://community.checkpoint.com/t5/CheckMates-Events/Americas-Deep-Dive-HTTPS-Inspection-Best-Pract... 

How about using JA4 fingerprinting to see if its malicious traffic ?

We are exploring multiple ways to detect malicious traffic without decrypting the content.

Does IPS insights require Infinity connectivity ? or just SmartConsole?

To activate it does require infinity services, however the day to day operation is via SmartConsole.

How is "anti-phishing" with SNI different to the existing SNI based https categorisation (which has a phishing category already)?

HTTPS Categorization uses the URL Filtering database, which is less threat focused. Anti-Phising using ThreatCloud AI as the backend.

What about ERM evidence? You can apply remediation directly or you need integration with Veriti?

ERM recommendations will appear in Threat Prevention Insights. Admins can chose to accept the recommendation. It will not be applied automatically.

Is VSNext with ElasticXL in the new 82.10 release for the new Check Point 3920 ARM?

Yes, VSnext and ElasticXL are supported on 3900 models with this release.

How policy insights will work for autonomous threat prevention?

As of now, Threat Prevention Insight is relevant for the traditional TP configuration, not for autonomous.

Will Policy Insights work when Mgmt is on r82.10 and gateways not at r82.10?

Threat Prevention Insight will work with MGMT on R82.10 and on all GW releases (that can be mangaed byR82.10 MGMT), there are some insights that are version depdent but most are relevant for all.

For TP insights- ERM tab: The customer needs to purchase Check Point ERM, correct?

Yes, that is correct

How do you know where the asset is exposed with the ERM integration (whitch firewall)?

The firewall is aware of the ERM scans and communicates back to the ERM system. We added special tagging to identify which firewall was the one protecting the asset that was scanned

Do you need an ERM license in order to integrate with R82.10 dashaboard?

Yes

How will adaptive IPS changes be audited?

Two main options, part of TP Insight or a dedicated dashboard created for Adaptive IPS.

What is the difference between adaptive IPS & bypass on load?

Adaptive IPS is per signature and also considers the actual traffic and policy. The bypass under load is more blunt -- it disables IPS all together on any signature.

Does DNS over TLS need HTTPS Inspection?

Yes, it requires HTTPS Inspection.

Will you be able to inspect prompts to copilot inline since copilot use websocket?

We are able to inspect Web Socket Secure with Gen AI Protect.

Regarding AI protection with JavaScript browser injection: Does it work only with browsers, or will it work with applications?

It will work with applications as well.

With Content Awareness with AI tools are protection too?

AI tools used via MCP are now being presented. We are adding visibility and control in R82.10

Will GenAI Protect for Quantum support genai desktop apps also?

Yes, we plan to support desktop applications as well?

Will GenAI Protect work with isolated browsers like Island.io?

Not for the Browser plug-in, but for GenAI protect on the gateway.

What about the visibility of GenAI Protect on Quantum gateways? We had good visibility on harmony browse- will we have similar views in SmartEvent?

Yes, we plan to have the same visibility when using GenAI Protect in Quantum as well.

I assume its UserCheck to generate the onscreen prompts that can be tailored?

If you are refering to GenAI Protect, yes it is via usercheck.

Will SD-WAN and ISP Redundancy co-exist in R82.10?

ISPR and SD-WAN ultimately do the same thing (steer traffic) and are not designed to operate together.

Do Identity scaling capabilities require only on PDP on R82.10 or also on the PEP GWs?

You can change PDP only

License requirements for mentioned features?