Hi and thanks to all who joined our "SMB Masters #2 - EMEA and APAC" session today.
Here is the video recording of the session:
The slides we used, and also the latest SMB flyer are also attached.
Edited Q&A transcript is below.
What happened in SMB Masters #1 Is there a video? 😊
Yes, see: https://community.checkpoint.com/t5/SMB-Gateways-Spark/Quantum-Spark-Masters-Sept-2022-Video-Slides-...
Is this SmartAccel on the latest version of firmware?
Hi, yes it's in the R81.10.05 firmware which can be downloaded now.
Any plans to make HTTPS Inspection and SmartAccel don't work together?
We are investigating this for a future release.
How does it determine Device Type in SSL inspection? What happens if Randomization is activated?
We have a device recognition feature that know to classify devices according to MAC address and other characteristics.
Is the "SSL Inspection by Device Type" feature available in Central Management?
Not at this time
HTTPS Inspection for inbound connection?
Not supported yet
Are we able to add custom services under SmartAccel in the future?
....
Will there also be SAML Authentication for Quantum Spark?
Currently no concrete plans. Please reach out to your Check Point office if this feature is required.
SMS authentication for VPN: What are conditions for SMS providers / is it managed by Check Point, is there special subscription?
It is a Check Point managed service. As of R81.10.05, it is available for all countries.
Cluster - is the passive node accessible?
Hi Martin, yes the passive node is accessible for management purposes. Access would be via the IP address configured on the interface not the VIP.
Is Identity Awareness (with Identity Collector) supported on centrally managed appliances?
Yes
Cluster Scope local already available in R81.10.05 ?
Yes
live answered
Any roadmap for advance access policy configuration for power user? Current way of creating access policy is cumbersome where we need to travel back and forth to create group for services/objects.
live answered
Did I see SD-WAN only for Centrally Managed? Is locally managed coming soon?
Locally managed SDWAN capabilities is expected as part of R81.10.10.
Is IoT Protect available on Spark?
Yes, currently only Centrally Managed. We're working on SMP and Locally Managed.
What is the maximum number of tunnels that can be configured on SD-WAN?
live answered
Who should we contact to join EA for PAYG?
You can contact me at avig@checkpoint.com
PaYG...no minimum user, but is there minimum duration? 1 day? week? month? year?
live answered
For two factor authentication is only available for sms and email or can we use mfa app?
We are adding support for Google Authenticator in R81.10.10.
What is FONIC?
Fail Open NIC. When there is an hardware problem, or a software freeze, or even power failure, the WAN port and LAN port will be connected (like short wired), which will keep the connectivity up.
Would like to check if the limitation on SG1800 (1x 1GbE copper/fiber WAN2 (*future) & 1x 1GbE Management port (*future)) has been lifted?
Second WAN limitation on the 1600/1800 is still valid. You do, however, can use the LAN ports as WAN ports using the Flexiport feature.
Please tell me the supported IPV6 Method
live answered.
MAP-E method for IPv6 is on the roadmap
Does IoT include IIoT and OT devices?
The devices that would be discovered are devices that you can find in offices and enterprises.
When is R81.10.10 expected to be available?
EA is expected end of April 2023, with release expected in Q3 2023. If you're interested in participating in the EA, please contact amiray@checkpoint.com
Is Active/Active for cluster in roadmap?
Not currently planned.
Any plan to use Gaia on SMB devices instead using Embedded Gaia?
Not planned at the moment. However, we are planning to unify some of the functionality differences between the two. If you have specific requests, please work with your local Check Point office.
SD-WAN supports VPN tunnels? With 3rd party peers?
Yes, but not with third parties at this time.
Any API for local managed devices on the roadmap?
Yes.
live answered
SMS Managed vs SMP Managed - Spark Appliance, which supports more features?
SMS/Smart-1 cloud provides a number of options for policy configuration, Identity Awareness etc. that isn't available in SMP. However SMP provides templates and cloud based appliance backup. I don't think its as easy as one is better than the other, but more of which is most appropriate for the use case.
Do you have any future plans with Quantum Edge?
At the moment, we are not planning future Quantum Edge releases. However, we are interested in specific use cases for it.
Is there roadmap to have Reverse Proxy for the SMB appliances?
live answered
Can we save Logs on Spark Entry Appliances for 6 months?
The 1800 includes 256gb SSD storage. On other models, you can add an MicroSD card (if supported).
Infinity SMP managed - is it require license per gateway on top of Security Licenses?
No.