Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

R81.20 Public EA Program

Naor_Nassi
Employee
Employee
7 32 9,329

Public1.png

Check Point Quantum R81.20 is packed with new features. that offer elasticity, efficiency, and innovative security enhancements


Quantum IoT Protect offers enterprise IoT device discovery embedded into Quantum Gateways and applies autonomous zero-trust policies that are automatically updated based on device type, risk level, and industry best practice, This makes it easy to secure IP cams, smart TVs, Wi-Fi printers, and much more.

Zero-Day Phishing Prevention, powered by patented technologies and AI engines, prevents access to the most sophisticated phishing websites, both known and completely unknown, without the need to install and maintain clients on end-user devices.

Continuing to innovate Maestro, including several new features that improve efficiency, elasticity, and compatibility with public clouds. The new Autoscaling feature in Maestro Hyper-scale lets you automatically allocate resources across Security Groups (based on your priorities), bringing cloud-like scale and agility to your prem-based security (for example, to accommodate peak traffic hours). To support high-speed, high-volume transaction environments (e.g. digital trading), Maestro now offers accelerated data paths for higher throughput and lower latency based on predefined rules (“Fast Forwarding”).

Enhancing the gold standard in Security Management: Quantum R81.20 lets you leverage the new Management API to integrate security from the ground up and efficiently manage access policies with support for dynamic policy objects taken from external sources. A new workflow now supports policy change management to minimize errors, allowing verification for new policies before they are applied and enforced throughout (“4 Eyes Principle”). By automating VPN connections to public clouds, R81.20 makes it easy to connect your Quantum Gateways with data centers hosted in the public cloud. Offering simplified user authentication with third party SAML Identity Providers, authentication is modernized and improved for administrators to log-in to SmartConsole as well as remote users accessing corporate assets. This enables SSO, MFA, and compliance checks, and complements current support for third-party Identity Providers with the Identity Awareness blade.

Enrollment | Public EA Check Point Public EA is design for lab and sandbox deployments only.

UserCenter:

Register to the Public EA release via - usercenter.checkpoint.com -> TRY OUR PRODUCTS -> Early Availability Programs -> CPEA-EVAL-R81.20 

PartnerMAP:

Register to the Public EA release via - usercenter.checkpoint.com -> CUSTOMER ACQUISITIONS-> Early Availability Programs -> CPEA-EVAL-R81.20

IMPORTANT NOTE 

  • Check Point Public EA is design for lab and sandbox deployments only.
  • Public EA version upgrade to GA is not supported

Enrollment | Quantum IoT Protect EA

In order to enroll, please reach out to IoT-Protect@checkpoint.com with your account ID on the Infinity Portal 

(portal.checkpoint.com -> Global Setting -> Account ID) 

 

New in this release

Quantum Security Gateway and Gaia

Threat Prevention

  • Prevent browsing to Zero-Day phishing websites
    • Check Point Quantum Security Gateway enhances its web browsing protection to further prevent users from accessing phishing websites.
    • Powered by patented technologies and AI engines, the Security Gateway now uses Clientless In-Browser protection to prevent access to the most sophisticated phishing websites, both known and completely unknown (zero-day phishing websites).
    • The enhanced solution is available through the Security Gateway network flow, introducing dynamic security components that run within the browser with no need to install any client.
    • Delivered as part of your existing NGTX license.
    • Works out of the box for Security Gateways with Autonomous Threat Prevention enabled.
  • Up to 50% performance enhancement to IPS CIFS protections.
  • IOC feeds now support a significantly increased capacity in the number of observables for URLs, Domains, IP addresses, and Hashes - 2 million and up to hardware limit.


Maestro Hyperscale

Maestro Auto-Scaling - Automatically assigns Security Appliances (scale units) to a Security Group when the configured conditions are met.

Maestro Fastforward -Significantly Improved throughput and latency for trusted connections. Maestro Fastforward offloads accept or drop policy rules to the Maestro Hyperscale Orchestrator for hardware acceleration.

  • Sub microseconds latency.
  • Port line-rate throughput for single connection.
  • Support for Accelerated policy installation on Maestro Security Gateways. For more information see sk169096 .
  • Support gradual upgrade with Multi Version Cluster (MVC)
  • Based on the current traffic load, the Security Gateway automatically changes the number of CoreXL SNDs, Firewall instances and the Multi-Queue configuration for zero traffic impact.
  • Management Data Plane Separation (MDPS) support for Scalable Platforms.

 

IoT Protect

Leverage Quantum Security Gateway and Infinity to instantly discover IoT devices and enforce independent Zero-Trust policies.

  • Only allow what's needed for the device to operate.
  • Automatic grouping based on device type.

 

IPsec VPN

  • Seamless site-to-site tunnel establishment with AWS native cloud VPN. Setup a route-based VPN tunnel with a virtual Gateway with just a few simple steps.
  • Major performance and stability improvement for Remote Access and Site to Site VPN that delivers a much higher capacity for VPN tunnels.
  • Extended Security Gateway certificate validation capabilities for faster authentication.
  • Scalable VPN – Multi process architecture to process IKE negotiation (IKED)

 

Access Control

  • Network Feed Object - Use a Network Feed object to get dynamic IPs or domains of a specific external service that is not included in the Updatable Objects options. In addition, the user can create its own service containing a list of IPs or domains and have them in his policy. The object is automatically updated in Security Gateway without the need to install the policy.
  • Performance improvements - support for Updatable Objects, Domain objects, and Dynamic objects with the Optimized Drop feature (drop templates).

 

Advanced Routing

  • Support for Intermediate System (IS-IS) routing protocol.
  • DHCP Relay Agent Information Option 82 that addresses several scaling and security issues arising in public DHCP use.
  • OSPFv3 NSSA support.
  • IPv6 Static MFC Cache to enable forwarding of multicast data without PIM configuration.
  • Support for Routed control scripts to allow ClusterXL fail-over and tear down of BGP connections.
  • Routing Protocol History for BFD to improve troubleshooting capabilities.
  • Netflow Live connections and Firewall rule ID UUID.

 

 

 

 

 

 

 

 

 

 

 

 

 Gaia Operating System

  • Configure a retention policy for Gaia scheduled backups and snapshots.
  • Using the CLI, monitor the module temperature, module supply voltage, TX Bais voltage, Rx optical Power, and TX optical power for a single transceiver or all transceivers on an appliance.
  • Automatic update to the NIC firmware during the ISO installation process for appliances that have 40GbE, 100/25GbE, and/or NVIDIA ConnectX 100G Cards.

 

CoreXL

  • HyperFlow

·         Increases throughput of elephant connections.

·         Automatically detects and dynamically allocates CPU cores between main tasks on a Security Gateway.

·         Improves CoreXL FWK processes response time.

  • In UserSpace Firewall (USFW), the number of IPv6 instances can equal the number of IPv4 instances, this allows the gateway to process a more significant amount of IPv6 traffic

 

Identity Awareness

  • The Identity Awareness Gateway automatically identifies and excludes Service Account sessions acquired by the Identity Collector. For more details, see sk174266.
  • Improved resiliency, scalability, and stability for PDPs and Identity Brokers. Additional threads handle authentication and authorization flows.
  • Automatic tuning of nested LDAP groups - The Identity Awareness Gateway automatically chooses the optimal way to query the LDAP server for users and groups.
  • During a PDP failure, a PEP Identity Awareness Gateway can recover its identity database from connected PDP Gateways.
  • Identity Collector is now supported with Quantum Spark Appliances.

 

Mobile Access

Oauth 2.0 support for Capsule Workspace and Office 365.

 

Quantum Security Management

General

Performance improvements to IPS updates and utilization.

SmartConsole

Administrators can use SAML 2.0 to configure SmartConsole users to authenticate with an Identity Provider.

SmartWorkflow

Send policy and configuration changes for peer review and approval before publishing.

Management REST API

Management API support for:

  • Identity Awareness configuration on gateways and clusters.
  • HTTPS Inspection outbound certificate configuration.
  • Creation of LSM Gateways.
  • Creation of LSM Gateways VPN configuration.

 

Upgrades

  • Central Deployment- Use SmartConsole to Gradually upgrade Quantum Cluster Members.
    • Upgrade Quantum Spark and Quantum Edge Appliances.
  • Pre-Upgrade Verifier results are now presented in the upgrade report.
  • Significant performance improvement by importing Domain Management Servers concurrently instead of sequentially.

 

CloudGuard Network Security

  • CloudGuard Controller support for:
    • Oracle Cloud Infrastructure (OCI)
    • Nutanix
    • New Azure resources – Application Security Groups, Private Endpoints
    • New AWS resources – Load Balancer tags
  • Nutanix Flow support for CloudGuard Network Security Gateways.
  • Amazon Web Services (AWS):
    • Security Gateway, Single, High Availability Cluster, Auto Scaling Group (ASG), Gateway Load Balancer Auto Scaling Group (ASG), Transit Gateway with ASG.
    • AWS Gateway Load Balancer support.

 

Harmony Endpoint

Endpoint Policy Management

Use SSO to connect to the Endpoint Web Management Console.

Remote Access VPN

  • Exclude SAAS applications (such as Office 365) from the remote-access VPN Domain.
  • Authenticate Remote Access VPN users with SAML.
32 Comments
RamGuy239
Advisor
Advisor

I'm only met with:

Our apologies, the Early Availability Program you are attempting to access does
not exist in the system or you are not entitled to access it.
To access an Early Availability Program, please register at the User Center.

 

After registering and trying to download from https://downloads.checkpoint.com/.


Best regards,
Thomas Teige

Naor_Nassi
Employee
Employee

Hi @RamGuy239, please make sure you are logged in with your account and have an administrator user configured.

Thanks  

RamGuy239
Advisor
Advisor

@Naor_Nassi 

My account is an admin on both of the tenants which I've used to apply for public EA. I've also used another admin account and it's the same result using both. Tried incognito mode as well for good measure, but no dice.

Best regards,
Thomas Teige

Timothy_Hall
Legend Legend
Legend

Same issue here, after accepting terms & conditions I'm unable to download:

 
 
 

 

 

 

 Early Availability Program Download Section      
 
 

 

 

Our apologies, the Early Availability Program you are attempting to access does
not exist in the system or you are not entitled to access it.
To access an Early Availability Program, please register at the User Center.

Raven
Participant
Participant

Same issue here.

Naor_Nassi
Employee
Employee

Hi all,

Sorry for the inconvenience, we are working to fix this issue and will update here once done.

Thanks

the_rock
Legend
Legend

Its definitely broken, I get same thing as everyone else.

Naor_Nassi
Employee
Employee

Hi all,

Issue is fixed and you should have access now.

Thanks

Raven
Participant
Participant

I can confirm that I can access and download all files.

Bob_Zimmerman
Authority
Authority

Is there EA API documentation?

RamGuy239
Advisor
Advisor

It's working for me as well now.

Hrvoje_Brlek
Collaborator

VSX not supported in EA?
We were planning on testing 81.20 on Maestro with a VSX gateway also on 81.20.

Naor_Nassi
Employee
Employee

Hi @Bob_Zimmerman,

API documentations can be found in the following link: https://sc1.checkpoint.com/documents/latest/api_reference/index.html# 

the_rock
Legend
Legend

Works now, thank you!

Bob_Zimmerman
Authority
Authority

@Naor_Nassi For the GA API versions, sure. R81.20's management API is version 1.9, which isn't listed in any documentation I've found.

Naor_Nassi
Employee
Employee

@Bob_Zimmerman make sure to use incognito mode in case this link doesn't work for you https://sc1.checkpoint.com/documents/latest/APIs/index.html#introduction~v1.9%20 

Grant_Hays
Explorer

I joined the public EA for R81.20 because we ordered Dell servers for an open hardware gateway, not knowing that the RAID card that ships with Dell now (PERC H750) isn't supported in all versions except R81.20. Got it installed and configured. This is for a DR site and we need to be able to manage it independently from our on-prem MDS, so we are purchasing a SMART-1 Cloud license.

 

Unfortunately, SMART-1 Cloud only goes to R81.10 and it will not manage or install policy for R81.20. Though our EA site is not fully production, we have vendors coming in a week to install load balancers and I really need this working before then.

 

Is there ANY chance there is an EA R81.20 SMART-1 instance? or That it will be updated to R81.20 soon? I really can't afford a setback without leadership forcing a different firewall platform.

Raven
Participant
Participant

What happened with R81.20 EA program? Why we could not access the files if we already registered for R81.20 Public EA?

2022-10-02_13-47-15.png

Chris_Atkinson
Employee Employee
Employee

@Grant_Hays Hopefully you've discussed this with your local CP SE.

@Raven Is there a typo in your post or are you really chasing R81.10 EA files?

Raven
Participant
Participant

Ups its a Typo (I already corrected it)... I looking for any new builds of R81.20 Public EA.

 

Naor_Nassi
Employee
Employee

Hi @Raven .

We re-opened the program, you can check again,

please let us know if anything else is needed.

Raven
Participant
Participant

Well, site is pretty slow. After several attempts I finally get list for file downloads. ☹️

I wonder if there is a newer R81.20 EA Take than R81.20 EA T437 or R81.20 EA JHF (dated 4th Jul 2022) available so we can play with it in our labs. 🤔

 

 

Naor_Nassi
Employee
Employee

@Raven site slowness is a known issue that we will fix in the near future.

As for the new take, we will upload a newer take by EOD and will make sure to update later.

Raven
Participant
Participant

Is there already a final release date planned? Will it be in Q4 2022 or Q1 2023?

Naor_Nassi
Employee
Employee

@Raven there is no official date for the final release however it will be somewhere in Q4

Grant_Hays
Explorer

@Chris_Atkinson Of course I talked to my SE about it. No luck. I'm afraid leadership is going to force through a competitor firewall solution.

Dorit_Dor
Employee
Employee

We have release candidate and we have 10’s of customers that use it in production. So you can get it today and can even get personal escorting it with with r&d and qa personnel 

As of calling it ga, we took serious steps / criteria's in recent few years in favor of quality and we didnt release because we didnt yet met 100% of criteria.  we prefer full criteria over date of release. so we were planning to release in Sep but we pushed the date as we miss small part for release criteria’s. In order to release we need few more production successful proofs and by then we can meet the criteria and release it. 

So its win-win… if you volunteer to use the product now, you get release candidate, personal escort of r&d and qa, and you help us meet release criteria and we release soon 🙂 

I hope this answers the question
Dorit 

RamGuy239
Advisor
Advisor

@Dorit_Dor 

Seems like R81.20 EA has been removed from the public EA program. I'm just met with:

Our apologies, the Early Availability Program you are attempting to access does not exist in the system.

When using a direct link for the R81.20 download page. And when checking the user centre for available EA programs I'm met with:

There are no Early Availability Programs currently open.

 

Does this mean R81.20 GA release is imminent?

G_W_Albrecht
Legend Legend
Legend

What else to expect when the EA has been available for 5 months ? No use installing such an old version. Should be released as a Xmas present...

RamGuy239
Advisor
Advisor

@G_W_Albrecht To be fair, we got the new R81.20 T570 build that replaced R81.20 T437, and we got a JHF on top of T570 as well. All those were released late-Sept/Early-October. But R81.20 EA has been taking quite some time. Hopefully, this all results in a fairly stable release once it finally goes to GA.

Haven't had many issues so far. Been running it on two different environments, one with a single HA cluster and another with a VSX cluster.

ofirta
Employee
Employee

Hi @RamGuy239

R81.20 EA program registration is available, please try again. 

Labels