Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Check Point Quantum R82 has been released !

Hen_Hertz
Employee
Employee
16 29 9,613

Hen_Hertz_0-1729496289323.png

We are happy to announce Check Point Quantum R82 has been released TODAY!

R82 is Check Point's major software release for Quantum products and Cloud Guard Network Security.
The version introduces 50 innovative capabilities to strengthen threat prevention, greatly streamline operations and provisioning, and troubleshoot network connections with integrated diagnostics tools.
In addition the version introduces new AI-powered threat prevention engines, enhancing the defence against zero-day threats. brand spoofing, malware, and more.
R82 also adds DNS protection against NXNSAttack, offers DNS configuration granularity, and supports DNS-over-HTTPS Inspection.

Check Point offers the industry's first complete protection for HTTP/3 over QUIC.
R82 also enables effortless and automated HTTPS Inspection deployment with granular controls and exceptional performance.
Check Point's VSX has a new versatile mode (VSNext) that unifies management features and APIs across Virtual Systems and physical Security Gateways.
Furthermore, cluster management is greatly simplified with a new page in Gaia Portal and a new mode (ElasticXL) that enables Security Gateway clustering without the need for physical Orchestrators.

In addition, R82 introduces a new version of Check Point's operating system with superior networking and routing capabilities.
For automation, users and DevOps teams can now execute API calls directly to security gateways through a new dynamic policy layer.
For future-proofing, R82 enables NIST-approved Kyber (ML-KEM) encryption to protect VPN traffic against future quantum computing-based hacking.

  • For the full “What’s New”, Release Notes and more information, please refer to R82 Home Page  [sk181127]

This release is available for customers who are interested in implementing the new features.

We will make it the recommended version after significant adoption. It will then be available in the 'Showing Recommended Packages' section in the CPUSE tab in Gaia portal. 

Check Point will be monitoring the adoption of the release closely as well as any issues that may arise.

Please feel free to reach out to us with any feedback or questions

Best Regards

Release Operations Group

29 Comments
the_rock
Legend
Legend

Great news!

PhoneBoy
Admin
Admin

We’ll probably be doing some R82 events in the near future…stay tuned!

the_rock
Legend
Legend

@PhoneBoy Im specially interested in https inspection, so many new cool features.

Andy

Wil_S
Contributor

Great news !!!!!

Danny
Champion Champion
Champion

Time to test and advance our ccc script for R82:
ccc - Common Check Point Commands - Check Point CheckMates

sarshar
Contributor

Awesome, the R82 is a game changer for Check Point firewalls. Hopefully the SMB series get the firmware update sooner than later, they're stuck with R81.10.

PhoneBoy
Admin
Admin

@sarshar We do plan to release an R82-based version of the SMB firmware.
I don't believe the timeline has been finalized, though.

the_rock
Legend
Legend

@Danny Will test it as soon as I build R82 standalone. I had distributed lab before, but had to do some PAN and Fortinet labs, so had to be wiped out : - (

Andy

Magnus-Holmberg
Advisor

Been waiting for a long time, guess its time to make a few new videos 🙂

the_rock
Legend
Legend

@Magnus-Holmberg Yes sir!

the_rock
Legend
Legend

Just something to keep in mind. I saw in my lab I had old smart console for R82 (from EA days) and it was build 850 and when trying to open the logs, it would show smartlog is not active, though smartlog_settings file looked exactly like in R81.20, just R82 code. So I decided to uninstall R82 EA console, install new one from web UI and all worked fine. Btw @Hen_Hertz , any clue when first jumbo hotfix might be available?

Best,

Andy

 

Screenshot_2.png

Hen_Hertz
Employee
Employee

Hi @the_rock,


Thank you for your feedbacks ! very appreciated.  
About first jumbo hotfix - we still don't have ETA, we'll keep you posted. 

Best Regards,

Hen. 

 

the_rock
Legend
Legend

@Hen_Hertz Thank you!

Andy

RamGuy239
Advisor
Advisor

Wonderful news! Any ETA on the CloudGuard for Private Cloud images? sk158292.

EDIT: These have been released now and are available within sk158292.

 

EDIT2:

I just deployed the VMware ESXi R82 OVA images from sk158292.

The OVA images now use VMware Paravirtual Controller (PVSCSI), yet the documentation acts like this is not supported by saying "VMware specific controllers, like the VMware Paravirtualised (Paravirtual) SCSI Controller are not supported or seen by the Gaia operating system.". ref sk104848.

 

sk104848 also claims us to use "RedHat Enterprise Linux version 7 (64-bit)" when deploying on VMware ESXi. The images from sk158292 are also using RedHat Enterprise Linux version 7 (64-bit). But according to Red Hat, the only version using 4.18 kernel is RedHat Enterprise Linux version 8 (64-bit). The correct version to choose should be RedHat Enterprise Linux version 8(64-bit), and not RedHat Enterprise Linux version 7 (64-bit)?

UEFI is working, but still no word if this is considered "supported" by Check Point. ISOmorphic even has an option for using UEFI when deploying on appliances. Can't see why UEFI wouldn't be supported on virtual machines running on VMware ESXi or Windows Hyper-V.

 

I suspect this is simply the documentation being out-of-date?

the_rock
Legend
Legend

Im glad to see this is now default bypass rule, as other vendors have had this for a long time, because it makes total sense these things should be exempted from ssl inspection.

Andy

 

Screenshot_1.png

JozkoMrkvicka
Authority
Authority

According to Support Life Cycle Policy, there is no R82 release mentioned and none of devices support R82.

RamGuy239
Advisor
Advisor

Also wondering if Check Point is going to make a statement regarding UEFI support on vSEC/VEN/CloudGuard Network for Private Cloud? This worked perfectly fine with R81.20, but none of the SKs regarding VMware mentions support for UEFI. The SK regarding Hyper-V still mentions Gen.2 as "unsupported" even though this is also working just fine since R81.20 as the only thing that made Gen.2 impossible was the UEFI requirement, but as UEFI is working since R81.20, you are now able to utilise Gen.2 on Hyper-V perfectly fine.

Will Check Point re-evaluate and re-update all these various vSEC/VEN/CloudGuard Network for Private Cloud documentations? VMware Paravirtual Controller (PVSCSI) has also been working for some time now. Yet the documentation for VMware optimisation still claims "Paravirtual Controller are not supported or seen by the operating system.".

 

With the release of R82, I hope all of this can get re-evaluated and updated. I cant see any reason why Check Point should keep recommending the user of LSI Parallel over VMware PVSCSI, when PVSCSI is working. Same with recommending Gen.1 on Hyper-V over Gen.2, when Gen.2 is working. Judging by how the documentation still claims the use of VMware Paravirtual Controller will result in the disk not being viewable by the operating system, and how this is simply false and out-of-date information, it looks like the information being provided is simply out-of-date, and not basing the information provided on R81.20/R82?

the_rock
Legend
Legend

One thing I also find really impressive is time it takes to install the policy...Ok, I know its just my lab and I only have about 15 rules, but still, 10 seconds is blazing fast 🙂

Andy

 

Screenshot_1.png

MeravAlon
Employee
Employee

Hi @JozkoMrkvicka 

R82 will be supported for 4 years. The Support life cycle SK will be updated during next week with all relevant info.

Thanks

Merav Alon

Don_Paterson
Advisor
Advisor

I just checked the HCL and there are no Open Servers that are supported for R82.

Same for Virtual Machines.

What is the plan for those, including Public Cloud (Azure, AWS and GCP)?

https://www.checkpoint.com/support-services/hcl/

 

[EDIT]

CloudGuard images uploaded last night. 

https://aws.amazon.com/marketplace/pp/prodview-eqq52wje3qy5e

[END]

 

Thanks,

Don

 

genisis__
Leader Leader
Leader

Do we know when Smart-1 Cloud will be updated, especially hoping the limitation of only a single Smartconsole application session from a single IP is resolved, big issue from my view.

It has no issue when you stream Smartconsole b.t.w.

genisis__
Leader Leader
Leader

If R82 will be supported for 4 years, can we expect to see certification of R82 extended for the same period as that would make a huge difference to companies and individuals that need certifications.

Tal_Paz-Fridman
Employee
Employee

Hi @Don_Paterson 

Regarding the HCL - thank you or pointing this. 

I've sent this to the relevant owners. 

 

tjoll
Participant
Participant

@the_rock  Ahh that was my Smartlog issue. I was troubleshooting but could not find the issue until I spotted your post. Forgot I also had the EA version of Smartconsole installed. Good to know!

Thanks.

the_rock
Legend
Legend

@tjoll Glad we can help mate.

Andy

Eran_Habad
Employee
Employee

Hi @genisis__ 

Regarding upgrading Smart-1 Cloud to R82: it's work in progress. This is a gradual process and we will complete upgrading all tenants in the upcoming weeks 🙂

Regarding the single SmartConsole - this is actually not related to a specific version, currently I don't have ETA for that and hopefully we will be able to address it in the future. I do want to emphasize, however, that it's possible to make many types of changes (but not all) to the policy and objects directly from the browser within the Smart-1 Cloud application (under the Security Policy tabs). This feature actually embeds the web SmartConsole into the Portal, which gives a slick, fast and cool experience. Another option is to use the "Streamed SmartConsole" (can be found under the Settings tab).

 

genisis__
Leader Leader
Leader

Thanks for the update Eran,  things can only get better!

Arne_Boettger
Collaborator

Hello,

are there any plans you could share about an updated VSX Specialist R82 (CCVS) including VSNext?

I will need to do some additional certification to renew my old ones in Q2/2025 and figured it might be worth waiting for this.

Kind regards, Arne

Don_Paterson
Advisor
Advisor

Hi @Arne_Boettger 

 

In April I asked the Training and Education department about CCVS because of the significant changes in VSX (and also the R81.10 EOS date of July 2025. The current CCVS is based on R81.10).

They are prioritising the CCVS R82 course development.

Normally CCSA and CCSE are the highest priority and the first courses to be updated after a new major release goes GA.

That is the same case here but CCVS R82 is scheduled to be updated at the same time, with more or less the same priority by the sounds of it.

So it is a priority this time. And it should be a good one.

I think that Q2 2025 is a good time frame for that exam (I would say toward the end of Q2 (is my guess)).

Q1 would be worrying because you never know about course development time and also exams are always released after the courses are released. At least a couple of weeks but can be up to 2 months in some cases.

I know that there has already been a lot of work put into the R82 CCSA and CCSE development before the R82 GA date came around.

Keep an eye out for announcements in early 2025 (again, my guess).

You can subscribe to here: https://community.checkpoint.com/t5/Training-and-Certification/bd-p/training-and-certification and it will all probably be announced there.

As always you can check here: https://training-certifications.checkpoint.com/#/

and here: https://www.pearsonvue.com/us/en/checkpoint.html 

for the latest courses, exams, news and specials.

 

If you are looking for another extension Specialist exam (learning experience), and it is relevant, then I would highly recommend the CTPS course and exam (Threat Prevention Specialist R81.20 (CTPS)).

https://training-certifications.checkpoint.com/#/courses/Threat%20Prevention%20Specialist%20R81.20%2...

 

Regards,

Don

Labels