Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Amir_Ayalon
Employee
Employee

R81.10.00 for Quantum spark 1500\1600\1800 Appliances - GA

We are happy to announce the release of R81.10 for Quantum spark 1500\1600\1800 Appliances

 

With the release of our new Quantum Spark R81.10 version, Check Point introduces code alignment between our Quantum Spark product line with the Quantum R81.10 Security Gateway release.

This major Quantum Spark release adds many new capabilities, as well as a wide range of stability and performance improvements.

This release supports locally managed only (Local + SMP). Centrally managed is supported at EA level.

 

Enhancement and New Features (Locally Managed)

  • Improve and Simplify SSL inspection operation
    • Some network devices do not support installation of an SSL certificate, therefore making SSL inspection not possible.
    • When you use the gateway capability to automatically sense and identify network elements, you can now select on which network element SSL inspection is enabled.
    • Gateway administrators have full control on which network elements SSL inspection will operate:
      • Desktops and laptop are automatically selected, and other network devices can be easily added.
      • You can also select bypassing inspection on MacOS devices.
  • Smart Accel – (EA level)
    • Improves gateway performance by accelerating low risk traffic sources:
      • Video streaming (Netflix, YouTube, Spotify)
      • Well known corporate services (Microsoft, Google, Apple, Check Point Services)
      • Social Media services (Facebook, Tiktok)
      • Web Conferences (Skype, WebEx, Zoom)
  • Password Complexity
    • Set password complexity as high to harden the Gateway Admin Password
    • Password length, number of different characters, Password history, Password Expiration
  • Updatable objects and FQDN in the Rule Base
    • Use fully qualified domain name (FQDN) object in the Access Policy.
  • VoIP improvements
    • Enable bidirectional traffic with the SIP provider service when SIP traffic inspection is disabled.
  • VPN Monitoring
    • New information was added to the VPN tunnels monitoring page
  • Support Radius 2.0 server
  • FTP AV - Inspect FTP protocol by Anti-Virus Software Blade
  • ZScaler (VPN 3rd party) support
  • Mirror port
    • Allows duplicating all the traffic that goes through one or more LAN ports, into one of the other LAN ports.
  • TCPDump via WebUI
    • Additional capabilities for TCPdump tool. Includes additional filters, custom filter and RT output.

Notes:

  • The Quantum Spark R81.10 release is supported only on the new 1500\1600\1800 Series Security Gateways.
  • Embedded Gaia software inherits its code base from the R81.10 GA version of enterprise appliances. Therefore, although not specifically mentioned, the R81.10 Quantum Spark Gateways inherit all maintrain limitations (see sk170418).
  • As the majority of R&D efforts will now shift to R81.10 code base, we encourage our customers to start evaluating and migrating to the new code base
  • R80.20.xx code base for 1500\1600\1800 Series Security Gateways will continue to be supported, in the near future – with further releases, and in the medium term – with stability, performance and bug fixes only

 

For additional info, please refer to sk179004

58 Replies
Amir_Ayalon
Employee
Employee

0 Kudos
Guru_N_Training
Participant

Seems there are a lot of issues with this build and centrally managed gateways. I was also unable to push or fetch policy when I installed this version in the SK.

If the problem persists contact Check Point support (Error code: 0-2-2000245)

So the solution is an SR at this time? 

0 Kudos
Amir_Ayalon
Employee
Employee

Hi Guys

There are a few important fix for centrally manage 

you can use the firmware below

Please use this firmware for 1500 series (R81.10.00 Jumbo HF B540):
ftp://rndftp:tO8WHLqu@ftp.checkpoint.com/outgoing/Noaal/fw1_vx_dep_R81_10_00_996000540.img
(Download using Internet Explorer)

Or, if you need the firmware for 1600/1800:
ftp://rndftp:tO8WHLqu@ftp.checkpoint.com/outgoing/Noaal/fw1_vt_dep_R81_10_00_996000540.img

G_W_Albrecht
Legend Legend
Legend

Download using Internet Explorer is impossible as it has restricted rights only ! Any hint how to hack Win 10 to be able to download this firmware ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Amir_Ayalon
Employee
Employee

no other way that i know of.

(you can try IE mode in Chrome)

 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

The website explicitly loads IE - using IE Tab in Chrome or Edge does not help. Either IE is started with limited rights and no download happens, or the loading of the link is cancelled. I had been able to download beta firmware 2-3 years ago in a complicated procedure, but current (company) restrictions make that impossible today. I would appreciate very much if R & D could change to a more contemporary and accessible download procedure 😎

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Nik_Bloemers
Advisor
Advisor

If it's only EA level for Centrally Managed appliances, why is it being shown as a recommended version on centrally managed 1500 series appliances? That doesn't seem right?

0 Kudos
leonarit
Contributor

We have some appliances deployed and noticed that the model 1570 doesn't have access to the R81.10, but the 1800 has. 

Do you plan to provide the R81.10 to the 1570 model?

Regards.

0 Kudos
Chris_Atkinson
Employee Employee
Employee

It's already available from sk179004 if you need to get it manually.

Are both appliance types locally managed?

CCSM R77/R80/ELITE
(1)
leonarit
Contributor

Thanks, they are locally managed, I've manualy upload the firmware and the update went ok.

0 Kudos
Nik_Bloemers
Advisor
Advisor

Can the features and limitations SK article be updated for what will work/is added in Centrally Managed mode? Then we can make an informed decision if it makes sense for us to try it in EA or not. Perhaps that would help in getting more customers to try the centrally managed EA.
I am specifically interested in Identity Collector support (which I can gather from this forum thread that it will work) but also the option to use Domain and Updateable objects in the HTTPS inspection policy, which I can't clearly tell if it is available in Centrally managed or not. I would assume it is since the codebase is R81.10, but prefer to know for sure.

0 Kudos
Guru_N_Training
Participant

Anyone else had a problem with the 1500 SMB centrally managed build 996000540 and the appliance starting in a boot menu if the device reboots?  Appliance power light has a solid red and blue light and you have to console in to select boot normally.

0 Kudos
Amir_Ayalon
Employee
Employee

Hi

was a USB Stick Plugged into the appliance during the boot ?

was a USB / Terminal cable  ?

 

 

0 Kudos
Guru_N_Training
Participant

Neither.  Upon subsequent testing I did have the USB console cable connected but prior to that I issued the reboot command remotely and then had to travel onsite to find out what was wrong.  Found the appliance in the state mentioned above and was able to replicate the problem every time I powercycled or issued reboot command in CLI.

0 Kudos
Amir_Ayalon
Employee
Employee

thanks for checking.

let's continue the discussion over email.

0 Kudos
Dale_Lobb
Advisor

Since it has been 3 months since release, any idea when Centrally Managed might go GA?

0 Kudos
PhoneBoy
Admin
Admin

R81.10.05 is currently in EA, which I believe includes GA support for central management.

0 Kudos
Nik_Bloemers
Advisor
Advisor

How can we participate in the EA for R81.10.05? It's not listed under the EA programs.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Send a message to @Amir_Ayalon 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Amir_Ayalon
Employee
Employee

please notice - 

  • 24 November 2022: R81.10.00 Build 996000575 image has been released for 1500 / 1600 / 1800 appliances, replacing Build 996000558

it support also centrally management as GA

RamGuy239
Advisor
Advisor

What is the rationale behind the naming of Gaia Embedded / SMB releases? This is seemingly the fifth build of R81.10.00 and these builds don't seem to get announced anywhere. Neither here on Check Mates in the Quantum Spark section, not in the Product Announcement thread nor in the What's new header on the support centre.

Why make it this confusing? Especially considering R81.10.00 launched without being GA for centrally managed deployments. Why wouldn't this release be named something like R81.10.01 or something to make things less confusing? As of right now, we have to refresh sk179004 and scroll all the way down to see if the image has somehow been refreshed with a new build.

Certifications: CCSA, CCSE, CCSM, CCSM ELITE, CCTA, CCTE, CCVS, CCME
Amir_Ayalon
Employee
Employee

Hi

Thanks for the feedback. we will evaluate and reconsider the naming scheme on the next firmware release.

The reason why the firmware number does not change and only the build number is changing is because we are changing firmware name only when we add significant content (new features).

If we are only improving stability / security fixes / bug fixes, we only change the build number.

thanks

 

0 Kudos
Chris_Atkinson
Employee Employee
Employee

We used to document some of these different builds as "Jumbos" but the feedback then was this was confusing compared with the Enterprise appliance concept of what a JHF is/works.

With the recent terminology change there (see sk95746) this may provide a further opportunity to improve this. 

CCSM R77/R80/ELITE
0 Kudos
RamGuy239
Advisor
Advisor

I've upgraded a few CPAP-SG1530 appliances from R80.20.50 to R81.10.10 (996000575), and everything is looking good so far. They had issues with IPsec VPN tunnels running IKEv2 and AES-GCM on R80.20.50 that seem to be fully fixed with R81.10.00.

Certifications: CCSA, CCSE, CCSM, CCSM ELITE, CCTA, CCTE, CCVS, CCME
0 Kudos
Amir_Erman
Employee
Employee

Thanks for the effort and for encouraging feedback; Looking for more feedback , hopefully positive:)

0 Kudos
RamGuy239
Advisor
Advisor

Do you have any information on when R81.10.XX is going to be available for Quantum Edge installations? I have some running on VMware ESXi, and they are all stuck on R80.20.35.

https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&eve...

Certifications: CCSA, CCSE, CCSM, CCSM ELITE, CCTA, CCTE, CCVS, CCME
0 Kudos
Greg_Harbers
Collaborator

Hi Amir,

Is there an upgrade guide to take a centrally managed cluster from R80.20.50 to R81.10? is it simply a matter of upload  the new image via the web interface, and once  the reboot has completed, the existing policy will be there? update the version details in smartconsole and push policy?

Thanks

0 Kudos
RamGuy239
Advisor
Advisor

@Greg_Harbers 

You must do the regular thing of changing the version in Smart Console and pushing the policy. The Quantum Spark appliances will boot up with "Outgoing Policy" after moving from R80.20.XX to R81.10.XX.

The rest is straight forwards. Use the built-in software manager to have R81.10.XX downloaded, or upload the image manually and click next a few times until it uploads and reboots.

Certifications: CCSA, CCSE, CCSM, CCSM ELITE, CCTA, CCTE, CCVS, CCME
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events