Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Vato_Chantladze
Contributor
Contributor

GAIA R80.20 Release Date And New Features?

Hi there,

The question I still have from latest CPX2018 is the exact date when R80.20 will be officially released or at list EA? 

We are waiting for some great features from R80.20 Including: 

- Gaia OS will be based on RHEL 7.x distribution what should give countless benefits and features. 

- R80.20 will support new ASIC's for 5000, 15000, 23000 Appliances.

- As I know from R&D guys during policy install SecureXL will remain enabled what will save CPU load during the policy installation process.

...

BR

Vato

12 Replies
PhoneBoy
Admin
Admin

A few things were shown off at CPX360 with respect to the upcoming R80.20, yes.

Release dates and the like are not yet finalized.

0 Kudos
Wilson_Wiley
Participant

Dameon, for someone who wasn't at CPX360 and would like to find out more about what's in the R80.20 release, where could I find it? Is it in one of the CPX360 presentations? If so, I can't tell from the titles on the posted presentations, could you link directly to the relevant presentation? Or was it something that you had to be at CPX360 to learn about it before the public announcement? Thanks!

0 Kudos
PhoneBoy
Admin
Admin

Unfortunately, there isn't a single presentation that covers this.

Some of the content was shown in the Tech Rooms.

There will be an EA program for R80.20 for sure.

I would recommend contacting your Check Point SE for details.

0 Kudos
AlekseiShelepov
Advisor

Dameon Welch Abernathy, could you please paste some new details about R80.20 now? I know that it is in EA program now and that there is a list of planned features. Maybe there are some documents or web-pages prepared?

I have information about the following list of planned features in R80.20 (and it is pretty impressive):

Acceleration
With Falcon Acceleration Cards:

• NGFW/NGTP/NGTX & HTTPS Inspection acceleration — supporting higher throughput with maximum security including inspection of HTTPS traffic.

• QoS acceleration.

• Firewall only acceleration — low-latency, high packet and session rates.

• VSX support.

Additional software enhancements:

• Session rate improvements on high-end appliances (including 2012 appliances and 13000 and above appliances).

• Acceleration is enabled during policy installation.

• HTTPS Inspection performance improvements.

Threat Prevention

Threat Prevention Indicators (IoC) API

• Management API support for Threat Prevention Indicators (IoC).

• Add, delete, and view indicators through the management API.

Threat Prevention Layers

• Support layer sharing within Threat Prevention policy.

• Support setting different administrator permissions per Threat Prevention layer.

MTA (Mail Transfer Agent)

MTA monitoring:

• E-mails history views and statistics, current e-mails queue status and actions performed on e-mails in queue.

MTA configuration enhancements:

• Setting a next-hop server by domain name.

• Stripping or neutralizing malicious links from e-mails.

• Adding a customized text to a malicious e-mail's body or subject.

• Malicious e-mail tagging using an X-header.

• Sending a copy of the malicious e-mail.

ICAP

• ICAP server support on a Security Gateway to consult with Threat Emulation and Anti-Virus Deep Scan whether a file is malicious.

Threat Emulation

• SmartConsole support for multiple Threat Emulation Private Cloud Appliances.

• SmartConsole support for Blocking files types in archives.

Clustering

• Sync redundancy support (over bond interface).

• Automatic CCP mode (either Unicast, Multicast or Broadcast mode).

• Unicast CCP mode.

• Enhanced state and failover monitoring capabilities.

• OSPFv3 (IPv6) clustering support.

• New cluster commands in Gaia Clish.

Advanced Routing

• Allow AS-in-count.

• IPv6 MD5 for BGP.

• IPv6 Dynamic Routing in ClusterXL.

• IPv4 and IPv6 OSPF multiple instances.

• Bidirectional Forwarding Detection (BFD) for gateways and VSX, including IP Reachability detection and BFD Multihop.

Identity Awareness

• Identity Tags support the use of tags defined by an external source to enforce users, groups or machines in Access Roles matching.

• Identity Collector support for Syslog Messages — ability to extract identities from syslog notifications.

• Identity Collector support for NetIQ eDirectory LDAP Servers.

• Transparent Kerberos SSO Authentication for Identity Agent.

• Two Factor Authentication for Browser-Based Authentication (support for RADIUS challenge/response in Captive Portal and RSA SecurID next Token/Next PIN mode).

• New configuration container for Terminal Servers Identity Agents.

• Ability to use an Identity Awareness Security Gateway as a proxy to connect to the Active Directory environment, if SmartConsole has no connectivity to the Active Directory environment and the gateway does.

• Active Directory cross-forest trust support for Identity Agent.

• Identity Agent automatic reconnection to prioritized PDP gateways.

Mirror and Decrypt

• Decryption and clone of HTTP and HTTPS traffic.
• Forwarding traffic to a designated interface for mirroring purposes.

Hardware Security Module (HSM)

• Enhancement of outbound HTTPS Inspection with a Gemalto SafeNet HSM Appliance.

• SSL keys are stored when using HTTPS Inspection.

Security Management

• Multiple simultaneous sessions in SmartConsole — One administrator can publish or discard several SmartConsole private sessions, independently of the other sessions.

• Integration with a Syslog server (previously supported in R77.30) — A Syslog server object can be configured in SmartConsole to send logs to a Syslog server.

SmartProvisioning

• Integration with SmartProvisioning (previously supported in R77.30).

• Support for the 1400 series appliances.

• Administrators can now use SmartProvisioning in parallel with SmartConsole

Access Policy

• New Wildcard Network object supported in Access Control policy.

• Simplified management of Network objects in a security policy.

• HTTPS Inspection now works in conjunction with HTTPS web sites categorization. HTTPS traffic that is bypassed will be categorized.

• Rule Base performance improvements, for enhanced rule base navigation and scrolling.

• Global VPN Communities. Previously supported in R77.30.

vSEC Controller Enhancements

• Integration with Google Cloud Platform.

• Integration with Cisco ISE.

• Automatic license management with the vSEC Central Licensing utility.

• Monitoring capabilities integrated into SmartView.

• vSEC Controller support for 41000, 44000, 61000, and 64000 Scalable Platforms.

Additional Enhancements

• HTTPS Inspection support for IPv6 traffic.

• Improvements in policy installation performance on R80.10 and higher gateways with IPS.

• Network defined by routes — gateway's topology is automatically configured based on routing.

• IPS Domain Purge on Security Management Server — IPS update packages are saved for 30 days, older packages are purged.

Endpoint Security Server

Managing features that are included in R77.30.03:

Management of new blades:

• SandBlast Agent Anti-Bot.

• SandBlast Agent Threat Emulation and Anti-Exploit.

• SandBlast Agent Forensics and Anti-Ransomware.

• Capsule Docs.

New features in existing blades:

• Full Disk Encryption.

• Offline Mode.

• Self Help Portal.

• XTS-AES Encryption.

• New options for the Trusted Platform Module (TPM).

• New options for managing Pre-Boot Users.

• Media Encryption and Port Protection.

• New options to configure encrypted container.

• Optical Media Scan.

Anti-Malware:

• Web Protection.

• Advanced Disinfection.

Vato_Chantladze
Contributor
Contributor

Great post Aleksei, Thanks!

BR

Vato

0 Kudos
PhoneBoy
Admin
Admin

While that list is what's planned in the EA, the final feature list (and timing) is subject to change. Smiley Happy

0 Kudos
Vincent_Bacher
Advisor
Advisor

What's about integration of legacy Dashboard features like https inspection policy into R80.* Console? 

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
Hugo_vd_Kooij
Advisor

Keep an eye out and get the public EA once it is there.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
Jeff_Engel
Employee
Employee

Please note that the Public EA is intended for lab use.  Using it in production is not recommended as there may not be official support to get up to GA code.

0 Kudos
Mario_Sierra
Explorer

Correct me if I'm wrong, I heard/Read somewhere that 80.20 would be able to manage all previous management versions. I mean 80.20 would had an unified management console.

0 Kudos
Jaspreet_Singh_
Employee Alumnus
Employee Alumnus

Yes, Checkpoint's R80.20 is capable of managing older Gaia Versions as well.

0 Kudos
Jaspreet_Singh_
Employee Alumnus
Employee Alumnus

Vato Chantladze‌ Checkpoint's R80.20 GA has been released and is being widely accepted and appreciated by the end customers.

Best of all is the integration of Endpoint Management and Firewall management in a single Management Server.

Please refer to the following link for downloads and release notes: Check Point R80.20 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events