R82.10 delivers stronger threat prevention, enhanced scalability, and seamless operations.
Threat Prevention
R82.10 offers protection against encrypted threats with new Zero Phishing and DNS protocols
that block threats without the need for decryption. Additionally, new HTTPS Inspection now
supports Hardware Security Module (HSM) for TLS 1.3, improving decryption to prevent
threats and making it considerably more difficult for attackers to compromise encrypted traffic.
Unified Identity Management
Customers now have unprecedented scale of endpoints and identity providers due to gateway
integration with Infinity Identity, which allows identity awareness across the enterprise.
Centralized identity-based policy enforcement is seamlessly integrated with Microsoft Intune,
Microsoft Defender, and Harmony Endpoint. Users can now scale up to 300 enforcement point
gateways across multiple domains, with up to 1 million identities.
Streamlined Operations
Redesigned Drop Optimization feature in Access policy. Drop templates have been extended
to support hardware based acceleration and can sustain a much higher volume of denial of
service attacks.
Support for SD-WAN in Maestro Security Groups enables unprecedented scalability of
branch office networks while providing reliability and redundancy.
New Access Policy Log Generation Modes: Standard and Aggregated. The Aggregated
mode greatly reduces daily log volume and can lower the cloud storage costs by up to 70%.
|
Enrollment | Production EA
Early Availability Production Programs let you experience and participate in shaping Check Point products by test driving pre-release versions and providing detailed feedback.
|
|
Following the enrollment survey submission, we will contact you in order to review the details, answer questions and agree on the process.
Enroll Now
For more EA program you can visit our new SK here: Check Point Early Availability (EA) Programs - [sk183058]
This page provides comprehensive information about Check Point ‘Ongoing’ and ‘Upcoming’ EA programs, as well as the onboarding and support process.
Additional questions? contact us@ EA_SUPPORT@checkpoint.com
|
|
Threat Prevention
Zero Phishing
- Zero Phishing Software Blade provides prevention for customers without HTTPS Inspection, utilizing Server Name Indication (SNI) in TLS handshake.
DNS Security
- Introducing DoT (DNS over TLS) - Threat Prevention capabilities for malicious DNS activity over the TLS protocol.
HTTPS Inspection
- HTTPS Inspection now supports Hardware Security Module (HSM) for TLS 1.3 decryption, which enables secure, high-performance decryption and inspection of encrypted traffic.
IPS
- New capability that automatically detects and remediates CPU-intensive IPS protections with a dedicated SmartView dashboard displaying IPS bypass statistics and CPUintensive protection insights.
Quantum Security Gateway
Identity Awareness
- Introducing Scalable Identity Sharing, which allows a single Policy Decision Point (PDP) gateway to distribute identities to up to 300 Policy Enforcement Point (PEP) gateways. This new capability allows to seamlessly scale identity-based policies across multiple management domains, ensuring a more streamlined and efficient operation.
- Improved PDP Performance - Policy Decision Point (PDP) gateways can now handle up to 1 million identities each, leveraging a new multi-process architecture that optimizes hardware utilization and boosts overall performance.
- Quantum Security Gateway integration with Infinity Identity - Seamless integration with Infinity Identity, delivering centralized and unified Identity Awareness policy enforcement throughout the entire network infrastructure, and supports new identity integrations such as Microsoft Intune, Microsoft Defender, and Harmony Endpoint.
Site to Site VPN
- Simplified Route-based VPN - Automatically configures route-based VPNs on Check Point Security Gateways based on network topology, providing easy, one-click setup and saving configuration time. It also includes support for dynamic routing using BGP.
SD-WAN
Security Gateway Enhancement
- Redesigned the Drop Optimization feature in Access Control policy. The new design supports more acceleration use cases, such as rules with Dynamic Objects and offloads the traffic to ASIC-powered network cards.
Dynamic Routing
- Added support for these Dynamic Routing features:
- Support for up to 256 PIM interfaces, which allows greater flexibility and scalability in network configurations.
- Support for up to 1000 BGP peers, ensuring robust and efficient routing capabilities.
- Support for BGP Large Communities, which provides enhanced control and management of routing policies across multiple networks.
Cluster and Scalability
- The ElasticXL clustering and Maestro Security Group now support SecureXL in the User Mode (UPPAK).
Internal CA
- Increased RSA Key Size for Internal CA – Default RSA key size increased from 2048 bits to 3072 bits, enhancing cryptographic security for Internal CA, SIC, Site to Site VPN, Remote Access VPN clients, user certificates, and Multi-Portal certificates.
|
Quantum Security Management
Logging and Monitoring
- New Access Policy Log Generation Modes: Standard and Aggregated. The Aggregated mode significantly reduces the daily log volume and can lower the cloud storage costs by up to 70%.
- The Log Forwarding feature now supports forwarding locally stored logs to the configured primary Log Server without requiring selection of a specific Log Server.
- Additional logging enhancements in SmartConsole:
- View the rules log level by hovering over the Track column in the Access Control rule.
- Added the ability to customize the default Track value for new Access Control rules.
- Added statistics for Top Matched Access Rules and Top Log Types in the SmartConsole Logs view and the "show logs" API to identify high-logging rules.
- Enhanced the session log content with additional fields, including NAT details.
- Introducing the per-session log level control for Implied Rules.
CloudGuard Network Security
CloudGuard Controller
- New CloudGuard Controller scanner for Proxmox Virtual Environment data center.
Software Changes in R82.10
Note - To see the list of changes starting from R80.40, see sk180180
This section describes behavior changes in R82.10 comparing to the previous versionm R82.
Gaia Operating System
- Updated the Gaia OS Linux kernel version to "5.14".
- Updated the OpenSSL version to "3.5".
- Updated the network interface driver "mlx" version to "24.10-0.7.0".
- Updated the Data Plane Development Kit (DPDK) version to "22.11".
- These Check Point Appliance models do not support R82.10:
- 23500, 23800, 23900
- 15400, 15600
- 6500, 6800
- 5100, 5200, 5400, 5600, 5800, 5900
- 3100, 3200
- Smart-1 5150, Smart-1 5050, Smart-1 625, Smart-1 405, Smart-1 410
- Scalable Chassis 44000 / 64000
Security Gateway
- On Check Point Appliances, Virtual Machines, and Open Servers:
- Firewall runs only in the User Space Firewall mode (USFW). The Kernel Space Firewall mode (KSFW) does not exist anymore. See sk167052
- SecureXL runs only in the User Mode (UPPAK). The Kernel Mode (KPPAK) does not exist anymore.
- Updated the Data Plane Development Kit (DPDK) version to 22.11.
- Added support for SecureXL in the User Mode (UPPAK) in CloudGuard Network Security Gateways in all cloud environments.
- Log Forwarding is now enabled by default in new Security Gateway / Cluster objects. At midnight, locally stored logs are sent to the primary Log Server.
In the new Security Gateway / Cluster object, navigate to Logs > Additional Logging and refer to the section Log Forwarding Settings.
Threat Prevention
- The Zero Phishing Software Blade and the Threat Emulation Software Blade are now activated by default in newly created Security Gateway and Cluster objects.
This feature requires a valid license be installed on a Security Gateway and Cluster Members.
This feature helps to enhance our security measures and protect your systems from potential phishing attacks and malware attacks.
Management Server
- Updated the PostreSQL version to 16.4.
|
