This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

R82.10 EA Program | Production

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Naor_Nassi
Employee
Employee
5 20 4,666
‎2025-06-29 12:18 PM

8210_Release_option2.jpg

 

R82.10 delivers stronger threat prevention, enhanced scalability, and seamless operations.

Threat Prevention

R82.10 offers protection against encrypted threats with new Zero Phishing and DNS protocols
that block threats without the need for decryption. Additionally, new HTTPS Inspection now
supports Hardware Security Module (HSM) for TLS 1.3, improving decryption to prevent
threats and making it considerably more difficult for attackers to compromise encrypted traffic.

Unified Identity Management

Customers now have unprecedented scale of endpoints and identity providers due to gateway
integration with Infinity Identity, which allows identity awareness across the enterprise.
Centralized identity-based policy enforcement is seamlessly integrated with Microsoft Intune,
Microsoft Defender, and Harmony Endpoint. Users can now scale up to 300 enforcement point
gateways across multiple domains, with up to 1 million identities.

Streamlined Operations

Redesigned Drop Optimization feature in Access policy. Drop templates have been extended
to support hardware based acceleration and can sustain a much higher volume of denial of
service attacks.

Support for SD-WAN in Maestro Security Groups enables unprecedented scalability of
branch office networks while providing reliability and redundancy.

New Access Policy Log Generation Modes: Standard and Aggregated. The Aggregated
mode greatly reduces daily log volume and can lower the cloud storage costs by up to 70%.

 

 

Enrollment | Production EA

Early Availability Production Programs let you experience and participate in shaping Check Point products by test driving pre-release versions and providing detailed feedback.

Following the enrollment survey submission, we will contact you in order to review the details, answer questions and agree on the process.

Enroll Now

For more EA program you can visit our new SK here: Check Point Early Availability (EA) Programs - [sk183058]

This page provides comprehensive information about Check Point ‘Ongoing’ and ‘Upcoming’ EA programs, as well as the onboarding and support process.

Additional questions? contact us@ EA_SUPPORT@checkpoint.com 

 

 

Threat Prevention

Zero Phishing

  • Zero Phishing Software Blade provides prevention for customers without HTTPS Inspection, utilizing Server Name Indication (SNI) in TLS handshake.

DNS Security

  • Introducing DoT (DNS over TLS) - Threat Prevention capabilities for malicious DNS activity over the TLS protocol.

HTTPS Inspection

  • HTTPS Inspection now supports Hardware Security Module (HSM) for TLS 1.3 decryption, which enables secure, high-performance decryption and inspection of encrypted traffic.

IPS

  • New capability that automatically detects and remediates CPU-intensive IPS protections with a dedicated SmartView dashboard displaying IPS bypass statistics and CPUintensive protection insights.

 

Quantum Security Gateway

Identity Awareness

  • Introducing Scalable Identity Sharing, which allows a single Policy Decision Point (PDP) gateway to distribute identities to up to 300 Policy Enforcement Point (PEP) gateways. This new capability allows to seamlessly scale identity-based policies across multiple management domains, ensuring a more streamlined and efficient operation.

 

  • Improved PDP Performance - Policy Decision Point (PDP) gateways can now handle up to 1 million identities each, leveraging a new multi-process architecture that optimizes hardware utilization and boosts overall performance.

 

  • Quantum Security Gateway integration with Infinity Identity - Seamless integration with Infinity Identity, delivering centralized and unified Identity Awareness policy enforcement throughout the entire network infrastructure, and supports new identity integrations such as Microsoft Intune, Microsoft Defender, and Harmony Endpoint.

Site to Site VPN

  • Simplified Route-based VPN - Automatically configures route-based VPNs on Check Point Security Gateways based on network topology, providing easy, one-click setup and saving configuration time. It also includes support for dynamic routing using BGP.

SD-WAN

Security Gateway Enhancement

  • Redesigned the Drop Optimization feature in Access Control policy. The new design supports more acceleration use cases, such as rules with Dynamic Objects and offloads the traffic to ASIC-powered network cards.

Dynamic Routing

  • Added support for these Dynamic Routing features:
    • Support for up to 256 PIM interfaces, which allows greater flexibility and scalability in network configurations.
    • Support for up to 1000 BGP peers, ensuring robust and efficient routing capabilities.
    • Support for BGP Large Communities, which provides enhanced control and management of routing policies across multiple networks.

Cluster and Scalability

  • The ElasticXL clustering and Maestro Security Group now support SecureXL in the User Mode (UPPAK).

Internal CA

  • Increased RSA Key Size for Internal CA – Default RSA key size increased from 2048 bits to 3072 bits, enhancing cryptographic security for Internal CA, SIC, Site to Site VPN, Remote Access VPN clients, user certificates, and Multi-Portal certificates.

Quantum Security Management

Logging and Monitoring

  • New Access Policy Log Generation Modes: Standard and Aggregated. The Aggregated mode significantly reduces the daily log volume and can lower the cloud storage costs by up to 70%.
  • The Log Forwarding feature now supports forwarding locally stored logs to the configured primary Log Server without requiring selection of a specific Log Server.
  • Additional logging enhancements in SmartConsole:
    • View the rules log level by hovering over the Track column in the Access Control rule.
    • Added the ability to customize the default Track value for new Access Control rules.
    • Added statistics for Top Matched Access Rules and Top Log Types in the SmartConsole Logs view and the "show logs" API to identify high-logging rules.
    • Enhanced the session log content with additional fields, including NAT details.
    • Introducing the per-session log level control for Implied Rules.

CloudGuard Network Security

CloudGuard Controller

  • New CloudGuard Controller scanner for Proxmox Virtual Environment data center.

Software Changes in R82.10

Note - To see the list of changes starting from R80.40, see sk180180

This section describes behavior changes in R82.10 comparing to the previous versionm R82.

Gaia Operating System

  • Updated the Gaia OS Linux kernel version to "5.14".
  • Updated the OpenSSL version to "3.5".
  • Updated the network interface driver "mlx" version to "24.10-0.7.0".
  • Updated the Data Plane Development Kit (DPDK) version to "22.11".
  • These Check Point Appliance models do not support R82.10:
    • 23500, 23800, 23900
    • 15400, 15600
    • 6500, 6800
    • 5100, 5200, 5400, 5600, 5800, 5900
    • 3100, 3200
    • Smart-1 5150, Smart-1 5050, Smart-1 625, Smart-1 405, Smart-1 410
    • Scalable Chassis 44000 / 64000

Security Gateway

  • On Check Point Appliances, Virtual Machines, and Open Servers:
    • Firewall runs only in the User Space Firewall mode (USFW). The Kernel Space Firewall mode (KSFW) does not exist anymore. See sk167052
    • SecureXL runs only in the User Mode (UPPAK). The Kernel Mode (KPPAK) does not exist anymore.
  • Updated the Data Plane Development Kit (DPDK) version to 22.11.
  • Added support for SecureXL in the User Mode (UPPAK) in CloudGuard Network Security Gateways in all cloud environments.
  • Log Forwarding is now enabled by default in new Security Gateway / Cluster objects. At midnight, locally stored logs are sent to the primary Log Server.

In the new Security Gateway / Cluster object, navigate to Logs > Additional Logging and refer to the section Log Forwarding Settings.

Threat Prevention

  • The Zero Phishing Software Blade and the Threat Emulation Software Blade are now activated by default in newly created Security Gateway and Cluster objects.

This feature requires a valid license be installed on a Security Gateway and Cluster Members.

This feature helps to enhance our security measures and protect your systems from potential phishing attacks and malware attacks.

Management Server

  • Updated the PostreSQL version to 16.4.
Labels
20 Comments
the_rock
Legend
Legend
‎2025-06-29 12:33 PM

Hey @Naor_Nassi 

Any idea when it will be GA?

Andy

 

0 Kudos
Naor_Nassi
Employee
Employee
‎2025-06-30 12:49 AM

Hi @the_rock 

GA will be in Q4, we don't have an exact date as for now.

Magnus-Holmberg
Advisor
Advisor
‎2025-06-30 01:33 AM


Based on the new Kernel will this mean that you adding additional support for open servers?
Really missing support for HPE DL360 G11 (and yes we have reqested for years via sales)

"
Updated the Gaia OS Linux kernel version to "5.14".
"

Regards
Magnus

Daniel_
Advisor
‎2025-06-30 02:16 AM

@Magnus-Holmberg we are waiting for HPE DL380 G11 support (as MDS). We have opened a RFE more then a half year ago for R81.20 (as it's the recommend version). 

IMHO CP need a complete new underlaying OS based on latest RedHat.

the_rock
Legend
Legend
‎2025-06-30 05:01 AM

Thanks @Naor_Nassi . I guess if I wantesd to install it in the lab or upgrade from R82, would need to enroll and download the file?

Andy

0 Kudos
Naor_Nassi
Employee
Employee
‎2025-06-30 06:01 AM

@the_rockAt this time, enrollment is not available for lab environments. The program is currently open only for production environments.

We plan to launch a Public EA program later on, which will include the option to test R82.10 in lab environments.

0 Kudos
the_rock
Legend
Legend
‎2025-06-30 06:23 AM

Thanks @Naor_Nassi 

Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2025-06-30 07:41 AM

Generally speaking, an updated kernel version means we can support newer hardware (both Check Point-branded and Open Servers).
@Magnus-Holmberg @Daniel_ make sure you're in contact with your local office about the RFEs you've filed for the specific Open Server models you're interested in using. 

0 Kudos
SomAustrianCity
Participant
‎2025-07-01 01:00 AM

Hi

> Quantum Maestro Orchestrator and Security Group Versions
> R82.10 Quantum Maestro Orchestrator can manage Maestro Security Groups that run these versions:
> .) R82.10
> .) R81.20 (see sk177624)
> .) R81.10 (see sk173363)

Uh, what? I can't run a R82 SG on an R82.10 MHO?!?

0 Kudos
PhoneBoy
Admin
Admin
‎2025-07-01 11:21 AM

That doesn't necessarily mean it will be a limitation at GA @SomAustrianCity 
However, it appears it's a current limitation.

0 Kudos
JozkoMrkvicka
Authority
Authority
‎2025-07-01 10:09 PM

Why is there always Production EA before Public EA ? Many big companies simply cannot install officially not released and tested software in production. Companies should have LAB setup which should copy production environment. There, they can install and play with everything without causing outages for production environment. Having extensive R&D support for Production EA is nice, but not relevant for corporates with strict software policies.

Naor_Nassi
Employee
Employee
‎2025-07-02 03:30 AM

Hi @JozkoMrkvicka 

Each stage serves a different purpose, based on the organization's focus and flexibility.

We understand that many organizations prioritize lab validation due to strict policies. That’s why the Public EA follows after, allowing wider testing in non-production setups.

0 Kudos
the_rock
Legend
Legend
‎2025-07-02 04:41 AM

@Naor_Nassi 

I totally get the logic, but I have to agree with @JozkoMrkvicka . It would be nice to have that.

Andy

Duane_Toler
Advisor
‎2025-07-08 07:37 AM

@Daniel_  Could you not use MDS as a VM?  I'm sure you have your reasons, tho, but many people use the VM deployment quite successfully.

 

greg42
Explorer
‎2025-07-08 08:10 AM

@Naor_Nassi 

Are the new 3900 appliances also only supported by the EA program, as they are supplied with R82.10? Or do they have full support?

0 Kudos
PhoneBoy
Admin
Admin
‎2025-07-08 11:17 AM

The 3900s as shipped are running a version of R82.10 that is basically "R82 with ARM support."
This is considered GA and supported through the normal channels.

The R82.10 discussed here is for all platforms and includes a few new features, including addressing a few of the limitations that currently exist for the 3900s (e.g. lack of ElasticXL support).

0 Kudos
CaseyB
Advisor
‎2025-07-22 11:33 AM

@Naor_Nassi am I able to get into the EA with 3920 appliances? Just running into stuff configuring R82.10.

0 Kudos
Naor_Nassi
Employee
Employee
‎2025-07-23 01:19 AM

Hi @CaseyB 

Yes, R82.10 EA will be supported on top of Quantum Force 3920 appliances

0 Kudos
Bonnie_Self
Participant
a month ago

What version does management need to be to manage an R82.10 3900 appliance? 

0 Kudos
Naor_Nassi
Employee
Employee
a month ago

@Bonnie_Self 

To manage R82.10 Security Gateways / Security Groups, an R82 Management
Server requires:

1. The R82 Jumbo Hotfix Accumulator Take 19 or higher (see PRJ-61143).
2. The R82 SmartConsole Releases, Build 1053 or higher.
n Management Servers R81.20 and lower cannot manage R82.10 Security
Gateways / Security Groups / Clusters.

Labels