Create a Post

Product Announcements

cancel
Showing results for 
Search instead for 
Did you mean: 
Product Announcements

When Check Point announces a new version of product or a new jumbo hotfix, we'll announce it here.

Naor_Nassi
Employee
Employee

R82 logo.png

 

Introducing Check Point Software Technologies' groundbreaking release, R82. This cutting-edge software marks a pivotal moment in cybersecurity with many innovative features. R82 ushers in a new era of web security, offering complete protection for HTTP/3 over QUIC, setting an industry precedent. Moreover, it presents the world's first firewall tailored for effortless HTTPS Inspection deployment while maintaining exceptional performance. Not stopping there, R82 delivers an enhanced operational experience with simplified cluster deployment through ElasticXL and a versatile new VSX mode. The software, in addition, boasts a new version of the operating system with superior networking and routing capabilities. Additionally, R82 takes automation to new heights, allowing full dynamic policy layer configuration through API calls directly to the Security Gateway.

Stay ahead of the curve with R82 and experience the future of cybersecurity management and protection.

 

Enrollment | Public EA Check Point Public EA is designed for lab and sandbox deployments only.

UserCenter:

Register to the Public EA release via - usercenter.checkpoint.com -> TRY OUR PRODUCTS -> Early Availability Programs -> CPEA-EVAL-R82

PartnerMAP:

Register to the Public EA release via - usercenter.checkpoint.com -> CUSTOMER ACQUISITIONS-> Early Availability Programs -> CPEA-EVAL-R82

or connect via this link https://usercenter.checkpoint.com/ucapps/ea-programs

IMPORTANT NOTE 

  • Check Point Public EA is designed for lab and sandbox deployments only.
  • Public EA version upgrade to GA is not supported

 

New in this release

 

 

Quantum Security Gateway and Gaia

Web Security

  • Added support of HTTP/3 protocol over QUIC transport (UDP) for Network Security, Threat Prevention and Sandboxing.

 

HTTPS Inspection

This release brings a significant milestone in performance, simplicity, and deployment of HTTPS Inspection. These capabilities allow customers to implement HTTPS Inspection without compromising performance and user experience.

 

  • Full Fail-open mode - A new capability that automatically detects a failure in the HTTPS Inspection process because of client-side issues such as pinned certificates. When detected, the connection is automatically added to an exception list, ensuring zero connectivity issues for end-users.
  • Deployment assessment - Allows customers to gradually deploy HTTPS to a portion of the traffic (up to 30%), predicts the performance, and automatically detects and resolves connectivity issues.
  • Bypass under load - Optionally bypass HTTPS Inspection in case of high CPU load.
  • HTTPS Inspection monitoring - Inspection status overview and detailed advanced HTTPS Inspection statistics.
  • Enhanced HTTPS Inspection policy - An improved HTTPS policy with a default recommended inspection policy, separate inbound and outbound rules, and multiple outbound certificate support.

 

Automatic Zero Phishing Configuration

Introducing a new addition to the Zero Phishing Software Blade - the Automatic mode.
The Automatic mode significantly simplifies the configuration process, providing a seamless experience. With the Automatic mode, the blade configuration is now effortless: simply enable the Software Blade, and you are ready to go

 

Improved Threat Prevention Capabilities

  • Added configuration granularity for advanced DNS protections in Threat Prevention.
  • Added Advanced DNS protection against NXNS Attack.
  • Added support for DNS over HTTPS Inspection.
  • New Zero-Day prevention engine integrated into the Anti-Bot Blade. This engine detects and blocks advanced malware Zero-Day variants by automatically analyzing and identifying communication patterns.
  • Added Advanced DNS capability to block DNS queries to newly created domains.
  • DNS Security statistics are now available in the SmartView Dashboard.
  • It is now possible to load SNORT rules file as Custom Intelligence Feed automatically with 5-minute intervals to enforce them as IPS protections.

New Clustering Technology

  • ElasticXL - a new clustering technology delivering simplified operations with a Single Management Object and automatic sync of configuration and software between all cluster members

Dynamic Policy Layer

  • Fully automated, API-controlled policy layer that allows dynamic policy changes to be implemented directly to the Security Gateway in seconds without involving Security Management.

Unified Configuration

  • Kernel parameters configuration is now performed in centralized database with Gaia Clish commands and Gaia REST API calls instead of fwkern.conf and simkern.conf files.

See:

Identity Awareness

  • Quantum Gateways can now use Identity Providers defined in the Check Point Infinity Portal, allowing customers to centrally manage identities across multiple Check Point products.
  • Introducing a new mode for Identity Awareness Blade - "PDP-Only", where the Security Gateway acts only as Policy Decision Point (PDP) for identity acquisition and distribution and does not enforce the identity-based policy. The new mode improves scalability for PDPs and Identity Broker. To enable the "PDP-Only" mode, see sk181605.
  • Introduced Identity Sharing cache mode to improve resiliency in case of connectivity loss with the PDP.

IPsec VPN

  • Automatically detect configuration changes in AWS, Azure, and GCP public clouds and adjust the VPN settings ensuring connection stability.
  • Introducing the Advanced VPN Monitoring tool that shows information on each VPN Tunnel and tracks its health and performance.
  • Enhanced Link Selection:
    • Interoperability:
      • Uses the endpoint IP addresses of the VPN tunnel to improve interoperability with other software vendors
      • Uses Dead Peer Detection (DPD) as the link probing protocol instead of the proprietary "Reliable Data Protocol" (RDP).
    • Redundancy:
      • Allows redundancy of VPN tunnels including third-party and native cloud VPN peers.
    • Granularity:
      • Ability to configure the Security Gateway to use different VPN interfaces in different VPN communities.

Remote Access VPN

Security Gateway now supports the IKEv2 protocol for connections from Remote Access VPN Clients (E87.70 and higher for Windows OS and E87.80 and higher for macOS).

Mobile Access

  • Mobile Access Policy and Capsule Workspace configurations are now available in SmartConsole.
  • SAML authentication support for Mobile Access clients that allows seamless integration with third-party Identity Providers.
  • New Management API calls for Capsule Workspace configuration.
    See the Local Management API Reference at "https:/<IP Address of Gaia Management Interface on Management Server>/api_docs/" > section "Mobile Access"

Gaia Operating System

This release boosts Gaia OS with a new OS kernel and multiple new configuration options for better security, enhanced networking and a simpler experience.

The new capabilities are:

  • Enhance Gaia OS with:
    • Support for VSX mode in Gaia Link Layer Discovery Protocol (LLDP).
    • DHCPv6 server, DHCPv6 client, and DHCPv6 client for prefix-delegation.
    • Ability to configure the order of the "AAA" authentication (TACACS, RADIUS, Local authentication) in Gaia Portal and Gaia Clish.
    • DNS Proxy forwarding domains, which allows configuring specific DNS servers per DNS suffix.
  • New Gaia Clish and Gaia Portal configuration items:
    • Two-Factor Authentication for Gaia OS login using time-based authenticator apps (Google Authenticator and Microsoft Authenticator).
    • NTP pools and a larger number of NTP servers.
    • NFSv4 configuration.
    • Keyboard layout.
  • Support for storing a Gaia OS backup in and restoring it from Amazon S3 and Microsoft Azure.

Dynamic Routing

Added support for new Dynamic Routing capabilities:

  • BGP Extended Communities (RFC 4360).
  • BGP Conditional Route Advertisement and Injection.
  • Routing Table Monitor for Event Triggers.
  • IPv4 and IPv6 Router Discovery on cluster members.
  • Router Preference and Route Information option.
  • IPv4 PIM-SSM with non-default prefixes.
  • IPv4 PIM with BFD.
  • IPv4 PIM neighbor filtering.
  • IPv6 Protocol Independent Multicast (PIM) and Multicast Listener Discovery (MLD).
  • REST API calls for BGP, PIM, Multicast Listener Discovery (MLD).
  • REST API calls for Route Redistribution, Inbound Route Filters, and NAT Pools.
  • REST API calls for IGMP.

See the Local Gaia API Reference at https://<IP Address of Gaia Management Interface>/gaia_docs/#introduction > section "Networking".

Performance and Infrastructure

  • HyperFlow acceleration of elephant flows for the SMB/CIFS service.
  • Quantum Security Gateway multi-core utilization for sending inspection logs, improving log output capacity by up to 100%.
  • SecureXL acceleration of traffic over VxLAN and GRE tunnels.

Maestro Hyperscale

This release features improvements in managing and monitoring Maestro Hyperscale clusters, which include:

  • Support for SNMP Queries on each Security Group Member.
  • REST API on Quantum Maestro Orchestrator and ElasticXL Cluster Members:
    • New Quantum Maestro Orchestrator API calls for configuration and monitoring of Security Groups, Gateways, Sites, and Ports.
    • Support Gaia REST APIs for Quantum Maestro Security Group Members and ElasticXL Cluster Members.

See the Local Gaia API Reference at https://<IP Address of Gaia Management Interface>/gaia_docs/#introduction > section "Maestro".

VSX

Check Point VSX is enhanced with a new mode, allowing simpler configuration, easier provisioning, and a similar experience to a physical Security Gateway.

The benefits of the new VSX mode are:

  • Unified management experience between Check Point physical Security Gateways and Virtual Gateways, including the capability to manage each Virtual Gateway from a different Management Server.
  • Improves VSX provisioning performance and provisioning experience - creating, modifying, and deleting Virtual Gateways and Virtual Switches in Gaia Portal, Gaia Clish, or with Gaia REST API.
  • Management feature and API parity between Virtual Gateways (VGW) and physical Security Gateways.

Tools and Utilities

  • ConnView - a new consolidated troubleshooting tool for viewing connections information on the Security Gateway that works in the User Space Firewall (USFW).
    See the Local Gaia API Reference at https://<IP Address of Gaia Management Interface>/gaia_docs/#introduction > section "Diagnostics" > section"Connections" > command "show-connections".
    In the Expert mode, run the "connview" command.
  • Improved policy advisory tool "fw up_execute" (in the Expert mode), which performs virtual Access / NAT Rule Base execution. Given inputs based on logs or connections, the execution provides detailed information such as matched rules and classification information.

Quantum Security Management

Security Management Server Enhancements

  • The LDAP Account Unit object now uses the LDAP server name and CA certificate for LDAP trust.
    The trust is automatically renewed if an administrator renews or replaces the LDAP server certificate. As a result, Check Point servers keep their connectivity to the LDAP server.
  • Support for Management API to run the "vsx_provisioning_tool" operations to configure VSX Gateway and VSX Cluster objects.
    See the Local Management API Reference at https://<IP Address of Gaia Management Interface on Management Server>/api_docs/ > section "VSX" > command "vsx-provisioning-tool".
  • Support for Management API to configure the "Data Type" objects for the Data Loss Prevention and Content Awareness Software Blades.
    See the Local Management API Reference at https://<IP Address of Gaia Management Interface on Management Server>/api_docs/ > section "Data Types".
  • Security Gateways can now be managed by a Security Management Server hosted behind a public cloud or third-party NAT device.

Central Deployment of Hotfixes and Version Upgrades in SmartConsole

Central Software Deployment through SmartConsole was enhanced and now supports:

  • Uninstall of Jumbo Hotfix Accumulators.
  • Installation of packages on ClusterXL High Availability mode in the "Switch to higher priority Cluster Member" configuration ("Primary Up").
  • Installation of packages on Secondary Management Servers.
  • Installation of packages on Dedicated Log Servers..
  • Installation of packages on Dedicated SmartEvent Servers.
  • Installation of packages on Clusters of Quantum Spark and Quantum Rugged Appliances.
  • Installation of packages from Standalone Servers.
  • Package Repository per Domain on a Multi-Domain Security Management Server.

SmartProvisioning

  • Star VPN Community now supports Quantum Maestro Security Groups, VSX Gateways, and VSX Clusters as Center Gateways (Corporate Office Gateway).

Multi-Domain Security Management Server

  • Ability to clone an existing Domain on the same Multi-Domain Security Management Server. See sk180631.
  • Improved upgrade time of large Multi-Domain Security Management Server environments by up to 50%.
  • New Management API for setting IPv6 address of Multi-Domain Security Management Server.

Compliance

  • Added support for Quantum Maestro and Quantum Spark Appliances:
    • Gaia OS Best Practice support for Maestro Security Groups by checking each Security Group Member individually and presenting a consolidated Best Practices status.
    • Applying relevant Gaia OS Best Practices on Quantum Spark Appliances.
  • Added Gaia OS Best Practice support for Log Servers.
  • Added new regulations:
    • Cyber Essentials v3.1 regulation
    • Israeli Cyber Defense Methodology 2.0

CloudGuard Network Security

CloudGuard Controller

  • CloudGuard Controller support for Identity Awareness PDP (Identity Sharing).
  • CloudGuard Controller for VMware NSX-T now uses Policy Mode APIs to import objects from an NSX-T Manager.
  • CloudGuard Controller for VMware NSX-T can import Virtual Machines and Tags from an NSX-T Manager.
  • Multi-Domain Security Management Server now supports Data Center objects and Data Center Query objects in the Global Policy.

CloudGuard Network

  • New Management API for CloudGuard Central License utility.

Harmony Endpoint

Harmony Endpoint Web Management enhancements:

  • Client optimization for Windows servers - Harmony Endpoint allows you to easily optimize the Endpoint Security clients for Windows servers, such as Exchange servers, Active Directory servers, Database servers, and so on, by manually assigning Windows server roles.
  • Run Diagnostics:
    • Runs performance checks on endpoint clients using Push Operation.
    • The performance report presents each client's CPU and RAM utilization, including the configurable threshold.
    • Harmony Endpoint presents suggested exclusion for performance improvements.
    • You can easily add an exclusion as part of "Global Exclusion" or "Exclusion per Rule":
      • Exclusion description - You can now add comments for new or existing exclusions.
      • Global Exclusion - You can now easily add global exclusion that applies to all rules.
  • Application Control for macOS - Control which applications can run or use networking.
  • New Asset Management view:
    • Filters - A brand new look and functionality for filters that enhances operation and productivity, while using the Asset Management view.
    • Asset Management Table - Bigger asset management table to see all relevant data easily.
    • Columns reorder - New Column reorder option to customize the asset management table based on their specific needs by changing columns location.
  • Linux Offline Package - Supports upload and export package for Linux OS clients.
  • Added Harmony Endpoint Management API to support on-premises Endpoint Security Management Server.

The API is disabled by default for on-premises deployments. See the Harmony Endpoint Management API article.

Read more
4 92 12.9K
Naor_Nassi
Employee
Employee

R82 EA Banner RRL.png

 

Introducing Check Point Software Technologies' groundbreaking release, R82. This cutting-edge

software marks a pivotal moment in cybersecurity with many innovative features. R82 ushers in a new era of web security, offering complete protection for HTTP/3 over QUIC, setting an industry precedent. Moreover, it presents the world's first firewall tailored for effortless HTTPS Inspection deployment while maintaining exceptional performance. Not stopping there, R82 delivers an enhanced operational experience with simplified cluster deployment through ElasticXL and a versatile new VSX mode. The software, in addition, boasts a new version of the operating system with superior networking and routing capabilities. Additionally, R82 takes automation to new heights, allowing full dynamic policy layer configuration through API calls directly to the Security Gateway.

Stay ahead of the curve with R82 and experience the future of cybersecurity management and

protection.

Read more...

Read more
21 34 26.4K
Hen_Hertz
Employee
Employee

 
 

Hen_Hertz_8-1678197118653.jpeg

Hi All

R81.20 Jumbo Hotfix Accumulator take #8 has been released today (formerly, Ongoing), and is available for download.

Please note the following:

  •        Availability:
    • Available to download the via Jumbo documentation R81.20
    • Available for download via CPUSE by using package identifier.
    • Can be provided by customer support
  • Release Highlight:
    • Skyline, a solution which provides an OpenTelemetry CPView Agent service to monitor your Check Point Servers and export health metrics from the CPView tool to an external location. Refer to sk178566.
    • Central Deployment of Hotfixes and Version Upgrades in SmartConsole now supports a Cluster of Centrally Managed Quantum Spark Appliances that run R81.10.XX firmware versions
  • List of resolved issue in this take can be found in the Jumbo documentation R81.20

New: Starting from R80.40, Central Deployment allows you to perform a batch deployment of Hotfixes on your Security Gateways and clusters from SmartConsole!!

For more information, see sk168597.

 

Thanks,

Release Operations group

 

 

 

 

Read more
0 4 4,132
Naor_Nassi
Employee
Employee

Capture.PNG

 

Check Point Quantum R81.20 is packed with new features. that offer elasticity, efficiency, and innovative security enhancements


Quantum IoT Protect offers enterprise IoT device discovery embedded into Quantum Gateways and applies autonomous zero-trust policies that are automatically updated based on device type, risk level, and industry best practice, making it easy to secure IP cams, smart TVs, wi-fi printers and much more.

Zero-Day Phishing Prevention, powered by patented technologies and AI engines, prevents access to the most sophisticated phishing websites, both known and completely unknown, without the need to install and maintain clients on end-user devices.

Continuing to innovate Maestro, several new features improve efficiency, elasticity, and compatibility with public clouds. The new Autoscaling feature in Maestro Hyper-scale lets you automatically allocate resources across security groups (based on your priorities), bringing cloud-like scale and agility to your prem-based security (for example, to accommodate peak traffic hours). To support high-speed, high-volume transaction environments (e.g. digital trading), Maestro now offers accelerated data paths for higher throughput and lower latency based on predefined rules (“Fast Forwarding”).

Enhancing the gold standard in Security Management: Quantum R81.20 lets you leverage the new Management API to integrate security from the ground up and efficiently manage access policies with support for dynamic policy objects taken from external sources. A new workflow now supports policy change management to minimize errors, allowing verification for new policies before they are applied and enforced throughout (“4 Eyes Principle”). And automating VPN connections to public clouds, R81.20 makes it easy to connect your Quantum Gateways with data centers hosted in the public cloud. Offering simplified user authentication with third party SAML Identity Providers, authentication is modernized and improved for administrators log-in to SmartConsole as well as remote users accessing corporate assets. This enables SSO, MFA, and compliance checks, and complements current support for third-party Identity Providers by the Identity Awareness blade.

 

Enrollment | Production EA

Early Availability Production Programs let you experience and participate in shaping Check Point products by test driving pre-release versions and providing detailed feedback.

Following the enrollment survey submission, we will contact you in order to review the details, answer questions and agree on the process.

Enroll Now 

 Additional questions? contact us@ EA_SUPPORT@checkpoint.com 

 

New in this release

 

Quantum Security Gateway and Gaia

Threat Prevention

  • Prevent browsing to Zero-Day phishing websites
    • Check Point Quantum Security Gateway enhances its web browsing protection to further prevent users from accessing phishing websites.
    • Powered by patented technologies and AI engines, the Security Gateway now uses Clientless In-Browser protection to prevent access to the most sophisticated phishing websites, both known and completely unknown (zero-day phishing websites).
    • The enhanced solution is available through the Security Gateway network flow, introducing dynamic security components that run within the browser with no need to install any client.
    • Delivered as part of your existing NGTX license.
    • Works out of the box for Security Gateways with Autonomous Threat Prevention enabled.
  • Up to 50% performance enhancement to IPS CIFS protections.
  • IOC feeds now support a significantly increased capacity in the number of observables for URLs, Domains, IP addresses, and Hashes - 2 million and up to hardware limit.
  • Support for inspection of FTPS by Content Awareness, Anti-Virus and Threat Extraction blades.


Maestro Hyperscale

Maestro Fastforward -Significantly Improved throughput and latency for trusted connections. Maestro Fastforward offloads accept or drop policy rules to the Maestro Hyperscale Orchestrator for hardware acceleration.

  • Sub microseconds latency.
  • Port line-rate throughput for single connection.
  • Support for Accelerated policy installation on Maestro Security Gateways. For more information see sk169096 .
  • Support gradual upgrade with Multi Version Cluster (MVC)
  • Based on the current traffic load, the Security Gateway automatically changes the number of CoreXL SNDs, Firewall instances and the Multi-Queue configuration for zero traffic impact.
  • Management Data Plane Separation (MDPS) support for Scalable Platforms.

 

IoT Protect

Leverage Quantum Security Gateway and Infinity to instantly discover IoT devices and enforce independent Zero-Trust policies.

  • Only allow what's needed for the device to operate.
  • Automatic grouping based on device type.

 

IPsec VPN

  • Seamless site-to-site tunnel establishment with AWS native cloud VPN. Setup a route-based VPN tunnel with a virtual Gateway with just a few simple steps.
  • Major performance and stability improvement for Remote Access and Site to Site VPN that delivers a much higher capacity for VPN tunnels.
  • Extended Security Gateway certificate validation capabilities for faster authentication.

 

Access Control

  • Network Feed Object - Use a Network Feed object to get dynamic IPs or domains of a specific external service that is not included in the Updatable Objects options. In addition, the user can create its own service containing a list of IPs or domains and have them in his policy. The object is automatically updated in Security Gateway without the need to install the policy.
  • Performance improvements - support for Updatable Objects, Domain objects, and Dynamic objects with the Optimized Drop feature (drop templates).

 

Advanced Routing

  • Support for Intermediate System (IS-IS) routing protocol.
  • DHCP Relay Agent Information Option 82 that addresses several scaling and security issues arising in public DHCP use.
  • OSPFv3 NSSA support.
  • IPv6 Static MFC Cache to enable forwarding of multicast data without PIM configuration.
  • Support for Routed control scripts to allow ClusterXL fail-over and tear down of BGP connections.
  • Routing Protocol History for BFD to improve troubleshooting capabilities.
  • Netflow Live connections and Firewall rule ID UUID.

 

 

Gaia Operating System

  • Configure a retention policy for Gaia scheduled backups and snapshots.
  • Using the CLI, monitor the module temperature, module supply voltage, TX Bais voltage, Rx optical Power, and TX optical power for a single transceiver or all transceivers on an appliance.
  • Automatic update to the NIC firmware during the ISO installation process for appliances that have 40GbE, 100/25GbE, and/or SmartNIC acceleration cards.

 

CoreXL

In UserSpace Firewall (USFW), the number of IPv6 instances can equal the number of IPv4 instances, allowing the configuration of the gateway to process a more significant amount of IPv6 traffic.

Identity Awareness

  • The Identity Awareness Gateway automatically identifies and excludes Service Account sessions acquired by the Identity Collector. For more details, see sk174266.
  • Improved resiliency, scalability, and stability for PDPs and Identity Brokers. Additional threads handle authentication and authorization flows.
  • Automatic tuning of nested LDAP groups - The Identity Awareness Gateway automatically chooses the optimal way to query the LDAP server for users and groups.
  • During a PDP failure, a PEP Identity Awareness Gateway can recover its identity database from connected PDP Gateways.
  • Identity Collector is now supported with Quantum Spark Appliances.

 

Mobile Access

Oauth 2.0 support for Capsule Workspace and Office 365.

 

Quantum Security Management

General

Performance improvements to IPS updates and utilization.

SmartConsole

Administrators can use SAML 2.0 to configure SmartConsole users to authenticate with an Identity Provider.

SmartWorkflow

Send policy and configuration changes for peer review and approval before publishing.

Management REST API

Management API support for:

  • Identity Awareness configuration on gateways and clusters.
  • HTTPS Inspection outbound certificate configuration.
  • Creation of LSM Gateways.
  • Creation of LSM Gateways VPN configuration.

 

Upgrades

  • Central Deployment- Use SmartConsole to:
    • Gradually upgrade Quantum Cluster Members.
    • Upgrade Quantum Spark and Quantum Edge Appliances.
  • Pre-Upgrade Verifier results are now presented in the upgrade report.
  • Significant performance improvement by importing Domain Management Servers concurrently instead of sequentially.

 

CloudGuard Network Security

  • CloudGuard Controller support for:
    • Oracle Cloud Infrastructure (OCI)
    • Nutanix
    • New Azure resources – Application Security Groups, Private Endpoints
    • New AWS resources – Load Balancer tags
  • Nutanix Flow support for CloudGuard Network Security Gateways.
  • Amazon Web Services (AWS):
    • Security Gateway, Single, High Availability Cluster, Auto Scaling Group (ASG), Gateway Load Balancer Auto Scaling Group (ASG), Transit Gateway with ASG.
    • AWS Gateway Load Balancer support.

 

Harmony Endpoint

Endpoint Policy Management

Use SSO to connect to the Endpoint Web Management Console.

Remote Access VPN

Authenticate Remote Access VPN users with SAML.

 

Read more
2 2 2,196
Naor_Nassi
Employee
Employee

Public1.png

Check Point Quantum R81.20 is packed with new features. that offer elasticity, efficiency, and innovative security enhancements


Quantum IoT Protect offers enterprise IoT device discovery embedded into Quantum Gateways and applies autonomous zero-trust policies that are automatically updated based on device type, risk level, and industry best practice, This makes it easy to secure IP cams, smart TVs, Wi-Fi printers, and much more.

Zero-Day Phishing Prevention, powered by patented technologies and AI engines, prevents access to the most sophisticated phishing websites, both known and completely unknown, without the need to install and maintain clients on end-user devices.

Continuing to innovate Maestro, including several new features that improve efficiency, elasticity, and compatibility with public clouds. The new Autoscaling feature in Maestro Hyper-scale lets you automatically allocate resources across Security Groups (based on your priorities), bringing cloud-like scale and agility to your prem-based security (for example, to accommodate peak traffic hours). To support high-speed, high-volume transaction environments (e.g. digital trading), Maestro now offers accelerated data paths for higher throughput and lower latency based on predefined rules (“Fast Forwarding”).

Enhancing the gold standard in Security Management: Quantum R81.20 lets you leverage the new Management API to integrate security from the ground up and efficiently manage access policies with support for dynamic policy objects taken from external sources. A new workflow now supports policy change management to minimize errors, allowing verification for new policies before they are applied and enforced throughout (“4 Eyes Principle”). By automating VPN connections to public clouds, R81.20 makes it easy to connect your Quantum Gateways with data centers hosted in the public cloud. Offering simplified user authentication with third party SAML Identity Providers, authentication is modernized and improved for administrators to log-in to SmartConsole as well as remote users accessing corporate assets. This enables SSO, MFA, and compliance checks, and complements current support for third-party Identity Providers with the Identity Awareness blade.

Enrollment | Public EA Check Point Public EA is design for lab and sandbox deployments only.

UserCenter:

Register to the Public EA release via - usercenter.checkpoint.com -> TRY OUR PRODUCTS -> Early Availability Programs -> CPEA-EVAL-R81.20 

PartnerMAP:

Register to the Public EA release via - usercenter.checkpoint.com -> CUSTOMER ACQUISITIONS-> Early Availability Programs -> CPEA-EVAL-R81.20

IMPORTANT NOTE 

  • Check Point Public EA is design for lab and sandbox deployments only.
  • Public EA version upgrade to GA is not supported

Enrollment | Quantum IoT Protect EA

In order to enroll, please reach out to IoT-Protect@checkpoint.com with your account ID on the Infinity Portal 

(portal.checkpoint.com -> Global Setting -> Account ID) 

 

New in this release

Quantum Security Gateway and Gaia

Threat Prevention

  • Prevent browsing to Zero-Day phishing websites
    • Check Point Quantum Security Gateway enhances its web browsing protection to further prevent users from accessing phishing websites.
    • Powered by patented technologies and AI engines, the Security Gateway now uses Clientless In-Browser protection to prevent access to the most sophisticated phishing websites, both known and completely unknown (zero-day phishing websites).
    • The enhanced solution is available through the Security Gateway network flow, introducing dynamic security components that run within the browser with no need to install any client.
    • Delivered as part of your existing NGTX license.
    • Works out of the box for Security Gateways with Autonomous Threat Prevention enabled.
  • Up to 50% performance enhancement to IPS CIFS protections.
  • IOC feeds now support a significantly increased capacity in the number of observables for URLs, Domains, IP addresses, and Hashes - 2 million and up to hardware limit.


Maestro Hyperscale

Maestro Auto-Scaling - Automatically assigns Security Appliances (scale units) to a Security Group when the configured conditions are met.

Maestro Fastforward -Significantly Improved throughput and latency for trusted connections. Maestro Fastforward offloads accept or drop policy rules to the Maestro Hyperscale Orchestrator for hardware acceleration.

  • Sub microseconds latency.
  • Port line-rate throughput for single connection.
  • Support for Accelerated policy installation on Maestro Security Gateways. For more information see sk169096 .
  • Support gradual upgrade with Multi Version Cluster (MVC)
  • Based on the current traffic load, the Security Gateway automatically changes the number of CoreXL SNDs, Firewall instances and the Multi-Queue configuration for zero traffic impact.
  • Management Data Plane Separation (MDPS) support for Scalable Platforms.

 

IoT Protect

Leverage Quantum Security Gateway and Infinity to instantly discover IoT devices and enforce independent Zero-Trust policies.

  • Only allow what's needed for the device to operate.
  • Automatic grouping based on device type.

 

IPsec VPN

  • Seamless site-to-site tunnel establishment with AWS native cloud VPN. Setup a route-based VPN tunnel with a virtual Gateway with just a few simple steps.
  • Major performance and stability improvement for Remote Access and Site to Site VPN that delivers a much higher capacity for VPN tunnels.
  • Extended Security Gateway certificate validation capabilities for faster authentication.
  • Scalable VPN – Multi process architecture to process IKE negotiation (IKED)

 

Access Control

  • Network Feed Object - Use a Network Feed object to get dynamic IPs or domains of a specific external service that is not included in the Updatable Objects options. In addition, the user can create its own service containing a list of IPs or domains and have them in his policy. The object is automatically updated in Security Gateway without the need to install the policy.
  • Performance improvements - support for Updatable Objects, Domain objects, and Dynamic objects with the Optimized Drop feature (drop templates).

 

Advanced Routing

  • Support for Intermediate System (IS-IS) routing protocol.
  • DHCP Relay Agent Information Option 82 that addresses several scaling and security issues arising in public DHCP use.
  • OSPFv3 NSSA support.
  • IPv6 Static MFC Cache to enable forwarding of multicast data without PIM configuration.
  • Support for Routed control scripts to allow ClusterXL fail-over and tear down of BGP connections.
  • Routing Protocol History for BFD to improve troubleshooting capabilities.
  • Netflow Live connections and Firewall rule ID UUID.

 

 

 

 

 

 

 

 

 

 

 

 

 Gaia Operating System

  • Configure a retention policy for Gaia scheduled backups and snapshots.
  • Using the CLI, monitor the module temperature, module supply voltage, TX Bais voltage, Rx optical Power, and TX optical power for a single transceiver or all transceivers on an appliance.
  • Automatic update to the NIC firmware during the ISO installation process for appliances that have 40GbE, 100/25GbE, and/or NVIDIA ConnectX 100G Cards.

 

CoreXL

  • HyperFlow

·         Increases throughput of elephant connections.

·         Automatically detects and dynamically allocates CPU cores between main tasks on a Security Gateway.

·         Improves CoreXL FWK processes response time.

  • In UserSpace Firewall (USFW), the number of IPv6 instances can equal the number of IPv4 instances, this allows the gateway to process a more significant amount of IPv6 traffic

 

Identity Awareness

  • The Identity Awareness Gateway automatically identifies and excludes Service Account sessions acquired by the Identity Collector. For more details, see sk174266.
  • Improved resiliency, scalability, and stability for PDPs and Identity Brokers. Additional threads handle authentication and authorization flows.
  • Automatic tuning of nested LDAP groups - The Identity Awareness Gateway automatically chooses the optimal way to query the LDAP server for users and groups.
  • During a PDP failure, a PEP Identity Awareness Gateway can recover its identity database from connected PDP Gateways.
  • Identity Collector is now supported with Quantum Spark Appliances.

 

Mobile Access

Oauth 2.0 support for Capsule Workspace and Office 365.

 

Quantum Security Management

General

Performance improvements to IPS updates and utilization.

SmartConsole

Administrators can use SAML 2.0 to configure SmartConsole users to authenticate with an Identity Provider.

SmartWorkflow

Send policy and configuration changes for peer review and approval before publishing.

Management REST API

Management API support for:

  • Identity Awareness configuration on gateways and clusters.
  • HTTPS Inspection outbound certificate configuration.
  • Creation of LSM Gateways.
  • Creation of LSM Gateways VPN configuration.

 

Upgrades

  • Central Deployment- Use SmartConsole to Gradually upgrade Quantum Cluster Members.
    • Upgrade Quantum Spark and Quantum Edge Appliances.
  • Pre-Upgrade Verifier results are now presented in the upgrade report.
  • Significant performance improvement by importing Domain Management Servers concurrently instead of sequentially.

 

CloudGuard Network Security

  • CloudGuard Controller support for:
    • Oracle Cloud Infrastructure (OCI)
    • Nutanix
    • New Azure resources – Application Security Groups, Private Endpoints
    • New AWS resources – Load Balancer tags
  • Nutanix Flow support for CloudGuard Network Security Gateways.
  • Amazon Web Services (AWS):
    • Security Gateway, Single, High Availability Cluster, Auto Scaling Group (ASG), Gateway Load Balancer Auto Scaling Group (ASG), Transit Gateway with ASG.
    • AWS Gateway Load Balancer support.

 

Harmony Endpoint

Endpoint Policy Management

Use SSO to connect to the Endpoint Web Management Console.

Remote Access VPN

  • Exclude SAAS applications (such as Office 365) from the remote-access VPN Domain.
  • Authenticate Remote Access VPN users with SAML.

Read more
7 32 9,264
PhoneBoy
Admin
Admin

Want to highlight, this is currently Early Availability.
More details and downloads available here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

New Features

  • Support for Macs with M1 chip.
    • Rosetta 2 translator must be installed.
    • Media Encryption blade internally uses FUSE, which is a 3rd party kernel extension. Apple is gradually introducing new alternatives to kernel extensions but in macOS BigSur, Apple recognizes FUSE as a supported kernel extension type. On Apple M1, to allow FUSE (just like any other 3rd party kernel extensions), the Security Policy needs to be “Reduced Security”. A Managed Mac purchased via Apple business or school manager programs, does not require “Reduced Security”. See Change Startup Disk Security Settings and Deployment Reference in macOS.
  • Firefox on MAC extension now supports the URL-Filtering capabilities. The admin can define URL categories to block and the users are blocked when they try to access URLs that belong to these categories.
  • Anti-Malware now reduces the performance impact on the machine when the Mac is actively in use. As soon as the user touches the keyboard, mouse or trackpad, any scheduled scan runs at a reduced speed. 
  • The Self-Protection feature prevents the deletion of Check Point files and the termination of Check Point processes by end-users. In this release, the self-protection feature is disabled by default. See sk171012 for more details.

Enhancements

  • This release includes stability, quality and performance fixes.

 

Read more
0 0 916
PhoneBoy
Admin
Admin

What's New in E84.30 for macOS

New Features

  • Support for the Endpoint Security Clients on macOS Big Sur (11).
  • Machine Authentication for the VPN client. It allows to perform VPN authentication with a machine certificate from the system keychain of the macOS. Machine Authentication works in user and machine authentication mode, which is a combination of a machine certificate and the selected user authentication method.

Enhancements

  • This release includes stability, quality and performance fixes.

More details and download from sk170513.

Read more
0 0 1,448
Shay_Levin
Admin
Admin

Hi All,

I’m thrilled to announce that our SandBlast Agent Cloud management platform support our new SandBlast agent for Linux, and it’s already in public EA Stage and would become  GA very soon.

The SandBlast Agent for Linux has two strong engines

The first one will protect your machine with Check Point Anti Malware engine.

The second one is our Threat Hunting engine, which will let you investigate, drill-down, and dig into the details.

You can now join this EA for free.

Just drop an email to Guy.

Watch the below video to see it in action

Read more
7 6 5,697
Tsvika_Akerman
Employee
Employee

Early Availability Production Programs let you experience and participate in shaping Check Point products by test driving pre-release versions and providing detailed feedback. 

R81 is the industry’s most advanced threat prevention and security management software for the data center, cloud, mobile, endpoint and IoT environment. R81 is equipped with every Quantum Security GatewayTM and features the highest level of security from SandBlast Zero-day protection to extend coverage for all products and protocols.  ...

Read more...

Read more
25 40 29.8K