Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Admin
Admin

What's New in R81 Security Management: Video, Slides, and Q&A

Content available to CheckMates members:

We will add a video demonstrating the new Web-based SmartConsole shortly.
Selected Q&A is below.

Do we still need migrate export/import when upgrading from R80.30 to either R80.40 or R81?

We use a different upgrade infrastructure since R80.20 and use a different command to perform the migration: migrate_server
It works similarly to "migrate export" and is used when doing advanced upgrades.

Is upgrading from R80.10 or earlier to R81 supported scenario?

R80.20 and above can upgrade directly to R81.
For earlier releases, it is a two-step process (upgrade to R80.40, then upgrade to R81).
This is listed in the R81 Installation and Upgrade Guide .

What appliances support R81?

In general, any non-SMB appliance from the 2016 line on up. The complete list of supported appliances is in the R81 Release Notes. Older appliances will be blocked from installing R81.

When will the old SmartDashboard completely go away?

While there is no specific timeframe for completely eliminating SmartDashboard, we remove more and more items from it in subsequent releases.

Do All Gateways have to use the Infinity Threat Prevention profile?

No, gateways can either use the class Threat Prevention profiles or the Infinity Threat Prevention profile.
They cannot use both profiles.

Do Hit Counts on NAT Rules require R81+ Gateways?

Yes.

I'm still missing a "shared policy" feature. We currently set generic rules in each policy for firewall mgmt/monitoring (e.g. NTP, DNS, SNMP, TACACS rules to/from firewalls). The idea is that you can include this shared policy to each firewall policy. Is this feature being thought of?

You already have this with policy layers that can be shared/included in a policy package.

Is there now the R77 feature "object seach accross multiple domains" on MDS?

Yes.

HTTPS Inspection is now per policy package?

From R80.40, the HTTPS Inspection policy as a layer that can be either reused or unique for a given policy package.

Is Openshift supported for Data Center Query?

OpenStack is, Openshift is not directly. You can use it with Generic Data Center object, as described during the session.

Is Data Center Query evaluated at enforcement time or only at policy installation time?

At enforcement time. It’s using the same infrastructure as Identity Awareness.

In the newer versions, does SmartConsole seamlessly update itself?

We have an auto-updatable SmartConsole in EA for R81.

When upgrading R80.20-30 will this convert to kernel 3.10 and update the filesystem to xfs or does this need to be a clean build?

Changing the file system requires a new install from scratch. Upgrade in place will keep the “old” file system. The kernel will upgrade with the new version.

Is there a way to Export Logs via API for automation of events/reactions?

Logs can be queried via API in R81. For a continuous stream, we have Log Exporter (exports via syslog).

The accelerated policy installation for R81 gateways is based on delta changes only?

We have improved the processes on both the gateway and management, which is why this requires R81_ on both the gateway and management.

Is R81 Management the officially recommended release (I see this only for 80.40)?

R80.40 is still considered the "widely recommended" release at this time. R81 is GA quality and can be upgraded to if you need specific functionality. Release recommendation is generally based on customer adoption/feedback as well as jumbo hotfix availability.

Has SmartUpdate been fixed?

The majority of the functionality in the legacy SmartUpdate client is now in R81 SmartConsole for both license and package deployment. Contract deployment in offline environments will be added in later releases.

Does R81 management support R77 gateways?

SMB appliances running R77.20 and regular appliances running R77.30 can be managed from R81. Refer to the R81 Release Notes for the complete list.

Does the licensing management functionality work with GWs below R81?

Yes, this should work with pre-R81 gateways.

Can R81 Gateway be in clusterXL with R77.30?

Yes

API for R81 includes operations for upgrading jumbo hotfix?

Yes, JHF installation is available both from SmartConsole and via APIs

Can we change color sections for access-rule?

No. if you need it, please work with your local office.

Does cluster nodes upgraded simultaneously when upgrade process launched from console?

No, one by one, standby node is done first.

VPN Tunnel and User Monitoring in SmartConsole?

Not currently.

Is R81 available for the Maestro environment?

It is available in EA form.
Please check with your local Check Point office.

For the concurrent policy installation, what if 2 concurrent admins launch 5 policy installations?

The limit is per management domain, regardless of the number of admins.

If you have a policy structure that dates all the way back to R77.x and has been migrate exported all the way to R81, will accelerated policy installation work against those policies?

Subject to the limitations of the Accelerated Policy Installation, yes.

Will the Web-based SmartConsole support on-prem deployment?

Yes.

Will the Web-based SmartConsole support Multi-Domain?

Not initially, but we plan to add support for it in the first R81 JHF.

Is it possible to use custom scenarios, like currently in central deployment tool, during gateway upgrade?

SmartConsole only supports simpler scenarios. For more complex scenarios, it is better to use CDT.

The WebSmartConsole is using the new modular Gaia infrastructure?

Yes, it is leveraging the same auto-updating infrastructure as other parts of our product.

Does the https port for the Gaia Portal need to be changed to use Web-based SmartConsole?

No, this leverages the same multi-portal infrastructure that is used in the product to allow multiple portals to use the same IP on different URLs.

Will there be a list of summary features posted anywhere?

Refer to the R81 Release SK.

Will more colors for objects be added to SmartConsole anytime soon? This is very helpful with differentiating the objects that belong to specific sites.

Not in the immediate plans.
Please raise this requirement with your local office.

Will the Web-based SmartConsole allow complete management of policy?

Initially, it will be supported as a read-only client, but we will add read-write support soon.
Note that features available on the web-based SmartConsole will be limited by API support, so a handful of features will not be available.
We will address these gaps over time.

Would you please share the link for those R81 previously sessions?

https://community.checkpoint.com/t5/General-Topics/Delivering-Security-Consolidation-Across-the-Ente...

Aren't Contracts already Synced with UC automatically?

In environments with Internet access, yes.
Some environments are airgapped from the Internet and those are not automatically updated.

Any update about support VPN for Linux?

Support for Strongswan was added as part of R81.

0 Kudos
Reply
2 Replies

is the performance impacted on the mgmt server when using a web browser instead of the smartconsole?
how much of the task is actually done locally on the machine running the smartconsole today?

Regards
magnus 

https://www.youtube.com/c/MagnusHolmberg-NetSec
0 Kudos
Reply
Admin
Admin

In the old days, some work was done on the client side.
This may still be the case with a few legacy items in SmartConsole, but most of the work done client-side in R8x is rendering the data and querying the API.
This should also apply to the web-based SmartConsole.

0 Kudos
Reply