剛好Mike問到有關ICAP Server是否會於R80.x版支援(R77.30已經有hotfix)，在此將最新版R80.20預計的更新功能整理如下。而目前R80.20正進行到private EA階段，待正式public EA後應該就離GA不遠了(目前預估在第三季左右釋出)。
1) 會同步推出硬體加速卡(Acceleration card)-5000/15000/23000系列
2) 將同步推出新的GAiA OS
4) 將支援SandBlast Appliance(目前只有R77.30)
7) 預計支援Endpoint Security的整合管理(目前需要用R77.30.03版)
下列為R80.20計劃中的feature enhancement，但僅供參考之用，請以正式GA版的release note為準。
With Falcon Acceleration Cards:
• NGFW/NGTP/NGTX & HTTPS Inspection acceleration — supporting higher throughput with maximum security including inspection of HTTPS traffic.
• QoS acceleration.
• Firewall only acceleration — low-latency, high packet and session rates.
• VSX support.
Additional software enhancements:
• Session rate improvements on high-end appliances (including 2012 appliances and 13000 and above appliances).
• Acceleration is enabled during policy installation.
• HTTPS Inspection performance improvements.
Threat Prevention Indicators (IoC) API
• Management API support for Threat Prevention Indicators (IoC).
• Add, delete, and view indicators through the management API.
Threat Prevention Layers
• Support layer sharing within Threat Prevention policy.
• Support setting different administrator permissions per Threat Prevention layer.
MTA (Mail Transfer Agent)
• E-mails history views and statistics, current e-mails queue status and actions performed on e-mails in queue.
MTA configuration enhancements:
• Setting a next-hop server by domain name.
• Stripping or neutralizing malicious links from e-mails.
• Adding a customized text to a malicious e-mail's body or subject.
• Malicious e-mail tagging using an X-header.
• Sending a copy of the malicious e-mail.
• ICAP server support on a Security Gateway to consult with Threat Emulation and Anti-Virus Deep Scan whether a file is malicious.
• SmartConsole support for multiple Threat Emulation Private Cloud Appliances.
• SmartConsole support for Blocking files types in archives.
• Sync redundancy support (over bond interface).
• Automatic CCP mode (either Unicast, Multicast or Broadcast mode).
• Unicast CCP mode.
• Enhanced state and failover monitoring capabilities.
• OSPFv3 (IPv6) clustering support.
• New cluster commands in Gaia Clish.
• Allow AS-in-count.
• IPv6 MD5 for BGP.
• IPv6 Dynamic Routing in ClusterXL.
• IPv4 and IPv6 OSPF multiple instances.
• Bidirectional Forwarding Detection (BFD) for gateways and VSX, including IP Reachability detection and BFD Multihop.
• Identity Tags support the use of tags defined by an external source to enforce users, groups or machines in Access Roles matching.
• Identity Collector support for Syslog Messages — ability to extract identities from syslog notifications.
• Identity Collector support for NetIQ eDirectory LDAP Servers.
• Transparent Kerberos SSO Authentication for Identity Agent.
• Two Factor Authentication for Browser-Based Authentication (support for RADIUS challenge/response in Captive Portal and RSA SecurID next Token/Next PIN mode).
• New configuration container for Terminal Servers Identity Agents.
• Ability to use an Identity Awareness Security Gateway as a proxy to connect to the Active Directory environment, if SmartConsole has no connectivity to the Active Directory environment and the gateway does.
• Active Directory cross-forest trust support for Identity Agent.
• Identity Agent automatic reconnection to prioritized PDP gateways.
Mirror and Decrypt
• Decryption and clone of HTTP and HTTPS traffic.
• Forwarding traffic to a designated interface for mirroring purposes.
Hardware Security Module (HSM)
• Enhancement of outbound HTTPS Inspection with a Gemalto SafeNet HSM Appliance.
• SSL keys are stored when using HTTPS Inspection.
• Multiple simultaneous sessions in SmartConsole — One administrator can publish or discard several SmartConsole private sessions, independently of the other sessions.
• Integration with a Syslog server (previously supported in R77.30) — A Syslog server object can be configured in SmartConsole to send logs to a Syslog server.
• Integration with SmartProvisioning (previously supported in R77.30).
• Support for the 1400 series appliances.
• Administrators can now use SmartProvisioning in parallel with SmartConsole
• New Wildcard Network object supported in Access Control policy.
• Simplified management of Network objects in a security policy.
• HTTPS Inspection now works in conjunction with HTTPS web sites categorization. HTTPS traffic that is bypassed will be categorized.
• Rule Base performance improvements, for enhanced rule base navigation and scrolling.
• Global VPN Communities. Previously supported in R77.30.
vSEC Controller Enhancements
• Integration with Google Cloud Platform.
• Integration with Cisco ISE.
• Automatic license management with the vSEC Central Licensing utility.
• Monitoring capabilities integrated into SmartView.
• vSEC Controller support for 41000, 44000, 61000, and 64000 Scalable Platforms.
• HTTPS Inspection support for IPv6 traffic.
• Improvements in policy installation performance on R80.10 and higher gateways with IPS.
• Network defined by routes — gateway's topology is automatically configured based on routing.
• IPS Domain Purge on Security Management Server — IPS update packages are saved for 30 days, older packages are purged.
Endpoint Security Server
Managing features that are included in R77.30.03:
Management of new blades:
• SandBlast Agent Anti-Bot.
• SandBlast Agent Threat Emulation and Anti-Exploit.
• SandBlast Agent Forensics and Anti-Ransomware.
• Capsule Docs.
New features in existing blades:
• Full Disk Encryption.
• Offline Mode.
• Self Help Portal.
• XTS-AES Encryption.
• New options for the Trusted Platform Module (TPM).
• New options for managing Pre-Boot Users.
• Media Encryption and Port Protection.
• New options to configure encrypted container.
• Optical Media Scan.
• Web Protection.
• Advanced Disinfection.