This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

[Announcement] R80.20 Gateway with new Linux kernel is GA in Azure & AWS

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
CloudGuard_IaaS
Employee Alumnus
Employee Alumnus
5 5 4,856
‎2019-01-03 12:54 AM

Hi Everyone,

 

We are glad to announce that R80.20 Gateway with new Linux kernel is now generally available in Azure & AWS.

 

The new image offers significant improvements:

 

Important

  • R77.30 based solutions will be removed soon from the marketplace.
  • For specific exceptional cases where R77.30 is needed, please contact Check Point TAC.
  • Only standard deployment is supported for single R80.20 gateway. Standalone and custom configuration modes are not supported.
  • In order to manage R80.20 gateways using R80.10 Management Server JHF take 177 or later must be installed.
    See sk116380 for more information.

 

 

Performance

 

AWS

For R80.20 gateway:

 Maximum Throughput (Mbps)Maximum Throughput (Mbps)Maximum Throughput (Mbps)
AWS Instance Typec5.largec5.xlargec5.2xlarge
Number of cores248
CPEnt - NGFW260040554065
CPEnt - NGTP104018903400
  • Tested with Cloud-Certified leading testing equipment
  • Used AWS on-demand instances environment
  • Actual performance results may vary depending on cloud infrastructure resources availability, region, topology, and other factors
  • These results are based on actual performances measurements by Check Point performance lab using real-world traffic simulation with out-of-the-box configuration

 

Azure

For R80.20 gateways:

 Maximum ThroughputMaximum ThroughputMaximum Throughput
Azure VM sizeD2_v2 (2 core)D3_v2 (4 core)D4_v2 (8 core)
CPEnt - FW + IPS132025404890
CPEnt - NGFW132025354790
CPEnt - NGTP123525303985
  • Tested using default deployment and Check Point configurations.
  • Tested with Cloud-Certified leading testing equipment
  • Actual performance results may vary depending on cloud infrastructure resources availability, region, topology, and other factors
  • These results are based on actual performances measurements by Check Point performance lab using real-world traffic simulation with out-of-the-box configuration

 

Notes:

-          For different VM sizes see: https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-linux-sizes/ 

-          Performance can be limited by the network bandwidth allocated by Azure to the VM

-          NGFW:  FW + IPS (Recommended - out of the box) + APCL

-          NGTP: NGTP : FW + IPS (Recommended - out of the box) + APCL + URLF + AV + AB

 

AWS Solution templates update

All deployment options (Single Gateway, Cluster, Auto Scaling Group and Transit VPC) are supported and can be deployed using our CloudFormation templates.

 

 

Azure Solution templates update

 

The following marketplace offers have been renamed:

  • Check Point CloudGuard IaaS R80.10 Scale Set à Check Point CloudGuard IaaS Scale Set (as it supports both R80.10 & R80.20).
  • Check Point CloudGuard IaaS R80.10 High Availability à Check Point CloudGuard IaaS High Availability (as it supports both R80.10 & R80.20).
  • Check Point CloudGuard IaaS Cluster à Check Point CloudGuard IaaS R77.30 & R80.10 Cluster (as it supports only R77.30 & R80.10).

 

 

The new image is supported by the following solutions:

  • Check Point CloudGuard IaaS Single Gateway
  • Check Point CloudGuard IaaS High Availability
  • Check Point CloudGuard IaaS Scale Set

 

This version will be available on OCI & GCP Marketplace, soon.

As always we are here for your comments and suggestions.

CloudGuard IaaS R&D 

5 Comments
Martin_Valenta
Advisor
‎2019-01-03 01:32 AM

Nice! Great progress with performance..

Dawei_Ye
Collaborator
‎2019-01-10 09:58 AM

We are using Multi-queue features with the Azure Accelarated Networking .

As documented ,Multi-queue is only supported igbe,ixgbe and mlx5_core.

But we got Azure Accelarated Networking as mlx4_core,do you guys ever test this driver on the new version?

0 Kudos
CloudGuard_IaaS
Employee Alumnus
Employee Alumnus
‎2019-01-11 11:28 PM

Hello Dawei,

We added it specifically for Azure (mix4_core) EN. 

It is fully supported on Azure as you can configure it with cpmq. 

Constantin_Pop
Contributor
‎2019-01-23 02:17 PM

Hi,

  it think it would have been a good idea to keep the image name starting with "Check Point" as for other images and not just "CloudGuard IaaS High Availability". I didn't find the image at first and the "Fresh install" comment in the download section here wasn't very helpful as this isn't something possible in Azure - it's a redeployment.

 Also, can you post some VPN performance test results? With R80.10 I would only get up to 500Mbps throughput for Site2Site. Will try to get the new version deployed tomorrow and run the same tests.

Thank you!

Constantin

Yonatan_Philip
Employee Alumnus
Employee Alumnus
‎2019-01-24 11:56 PM

Hi Constantin,

I'll take this up with the relevant parties and see what can be done to improve this. I know that the decision was debated back and forth - there is a character limit on the image names and this was the compromise that was eventually reached.

Based on your feedback we'll have to reevaluate the decision and see if it might make more sense to rename the image.

Regarding the question about VPN numbers - that info is still pending. 

We'll release the info as soon as we have the numbers.

HTH 

 Yonatan 

Labels