- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi everyone,
My name is Eran and I'm a Group Manager in the R&D of Check Point. My group is responsible for the core infrastructure of the Management Server and also for the Management API. As you probably know, R80.40 has just been released and we're very excited about over 100 new features, many of them are in the Security Management platform.
I invite you all to explore the What's New of R80.40 and specifically the Security Management section. The following new features were developed by my amazing group of R&D engineers and I encourage you to try them out and share your feedback:
The Security Management Server architecture supports built-in revisions. Each publish operation saves a new revision that contains only the delta from the previous revision allowing now safe recovery from a crisis by restoring a Domain or a Management Server to a good known revision.
Configure automatic scripts or HTTPS requests triggered by administrator tasks, such as publishing a session or installing a policy.
Object search - support for partial word search using a wildcard, for example: a match is returned for searching *oba for an existing Host named: USGlobalHost.
Introducing a new Management Upgrade mechanism (under the hood) that includes:
Note: the new Management Upgrade mechanism will be executed when upgrading from R80.20, R80.20.Mx and R80.30 to R80.40 (and to any future version).
Feel free to reply to this thread with comments or questions, or to reach me out privately. Also, you're welcome to stop by next week at the #CPX360 in Vienna and visit me in the Technology Innovation room, next to the Security Management table.
Enjoy R80.40!
Eran
Migrate a Security Management Server to become a Multi-Domain Security Management on a Multi-Domain Server.
I how I read that was for R80+
Hi @Maarten_Sjouw, when migrating from a Security Management Server to a Domain there is no limitation in regards to VSX - it is not an issue.
Also, note the features I listed are not ALL the new features of R80.40, I only highlighted few features which were developed under my ownership. The full list can be found here (and also in my post):
@Maarten_Sjouw I'm sorry for the confusion with the SKs, we're now uploading the updated SKs following the release of R80.40 and few hours from now it will be clearer. @Itai_Minuhin will reply here when the SKs are ready and uploaded. In any case, the R80.40 Installation and Upgrade Guide has all the info very clearly so you shouldn't wait for the SKs. Note that for advanced upgrade there are different instructions for upgrade from R80.20 and higher, and upgrade from R80.10 and lower (due to the new upgrade mechanism for R80.20 and higher - see my original post).
For migrating SmartCenter to a Domain on a Multi Domain Server, you can see the instructions as part of the R80.40 Admin Guide or simply refer to sk156072 for all the info. The migration is based on API commands, so you can also check out the Management API Reference for the syntax of the commands (although they are written clear as part of sk156072). You're also invited to explore the new APIs in v1.6 (the API version for R80.40).
Hope this helps.
There is no details about enhancements on Policy Install. It seems still no Delta Policy Install on Gateways 😞
Hi @KennyManrique, we actually made few performance enhancements in the policy installation of R80.40, mostly in the policy verification process, which already show performance improvements - also reported by many of our EA customers of R80.40. Also, the policy verification and "rule hiding rule" logic do rely on the delta that was changed - this is not new in R80.40. We have major plans in our roadmap to promote fast policy installation, not necessarily by installing only the delta - we explore other directions as well. Stay tuned 🙂
Is "new" feature Partial (infix) Search capable to find also IP ranges ? including IPv4 and IPv6 addresses?
Hi @JozkoMrkvicka, the new partial search feature is aimed for finding an object by providing any sequence of characters from the object's name (could be in the middle of the name). Searching an IP in the objects bar and finding matches for ranges is supported today in R80.x already - try it out 🙂
What is the difference in R80.40 then betwwen revisions and the policy installation history?
Or is policy installation history of any use? If there is a crisis and you need to rollback, rolling back to an old revision and installing is much better, no?
Although I have the impression now that they are both linked now and it is actually pretty much the same, isn't it?
SmartConsole, Management & Settings ->Sessions-> Revisions
SmartConsole, Security Policies -> Installation History
Please see my article here for the answer to your question (and many more):
https://community.checkpoint.com/t5/Policy-Management/R80-Change-Control-A-Visual-Guide/m-p/39702
Hi
Revisions are created when you Publish.
In the Revisions view, you will be able to compare two revisions or compare a revision to the current session.
And off course you can revert (rollback) to an older revision.
Installation History details the changes between two policies using the list of Audit Logs
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY