Danny Yang

R80.20 M1管理版本正式Released!

Discussion created by Danny Yang Employee on Jun 27, 2018

Hi Mates,

 

在R80.20開放公測(Public EA)的階段之後,專屬SMS的R80.20 M1版本已經可以下載!

這個版本預計是客戶在正式升級R80.20之前的管理機體驗版。

 

請參考下列kb, 請特別注意相關限制與支援的版本。

sk123473 R80.20 Management Feature Release

 

建議適用客戶:

1) 欲搶先體驗R80.20最新功能者

2) 正在等待某些特定功能支援希望能開始進行測試者

3) 能夠較常進行管理主機版本更新者

 

下列為主要的功能

Threat Prevention

  • Threat Prevention Indicators (IoC) API
    • Management API support for Threat Prevention Indicators (IoC)
    • Add, delete, and view indicators through the Management API
  • Threat Prevention Layers
    • Support layer sharing within Threat Prevention policy
    • Support setting different administrator permissions per Threat Prevention layer

Gaia OS

  • Upgraded Linux kernel (3.10)
  • New file system (xfs)
    • More than 2TB support per a single storage device
    • Enlarged systems storage (up to 48T tested)
  • I/O related performance improvements
  • Support of new system tools for debugging, monitoring and configuring the system
    • iotop (provides I/O runtime stats)
    • lsusb (provides information about all devices connected to USB)
    • lshw (provides detailed information about all hardware)
    • lsscsi (provides information about storage)
    • ps (new version, more counters)
    • top (new version, more counters)
    • iostat (new version, more counters)
  • Compressed snapshots - reduced system snapshot size

Access Policy

  • Rule Base performance improvements, for enhanced Rule Base navigation and scrolling
  • Global VPN Communities (previously supported in R77.30)
  • Access Control visibility for NAT46 and NAT64
  • Identify Tags: Access Role objects can manage identities that originated from Cisco ISE Security Groups or Check Point Identity Awareness API
  • Ability to use an Identity Awareness Security Gateway as a proxy to connect to the Active Directory environment, if the Security Management Server has no connectivity to the Active Directory environment and the gateway does (requires R80.20 Security Gateway)

Logging and Monitoring

  • SmartView (web) enhancements:
    • Auto-refresh views
    • Improved log-viewer with cards, profiles, statistics and filters
    • Export logs with custom or all fields
  • Keyboard-navigation
  • Ability to define an external Syslog server object and configure Security Gateway to send all its logs to it (previously supported in R77.30)
  • Log Exporter - an easy and secure method to export Check Point logs over syslog that utilizes standard protocols and formats

SmartProvisioning

  • Integration with SmartProvisioning (previously supported in R77.30)
  • Support for the 1400 series appliances
  • Administrators can now use SmartProvisioning in parallel with SmartConsole

SmartConsole

  • Multiple simultaneous sessions in SmartConsole. One administrator can publish or discard several SmartConsole private sessions, independently of the other sessions

CloudGuard IaaS Enhancements

  • Integration with Google Cloud Platform
  • Integration with Cisco ISE
  • Integration with Nuage Networks
  • Automatic license management with the CloudGuard IaaS Central Licensing utility
  • Monitoring capabilities integrated into SmartView
  • CloudGuard IaaS support for 41000, 44000, 61000, and 64000 Scalable Platforms

Endpoint Security Server

Managing features that are included in R77.30.03:

Management of new Software Blades:

  • SandBlast Agent Anti-Bot
  • SandBlast Agent Threat Emulation and Anti-Exploit
  • SandBlast Agent Forensics and Anti-Ransomware
  • Capsule Docs

• New features in existing blades:

  • Full Disk Encryption
    • Offline Mode
    • Self Help Portal
    • XTS-AES Encryption
    • New options for the Trusted Platform Module (TPM).
    • New options for managing Pre-Boot Users
  • Media Encryption and Port Protection
    • New options to configure encrypted container
    • Optical Media Scan
  • Anti-Malware
    • Web Protection
    • Advanced Disinfection

Additional Enhancements

  • Improvements in policy installation performance on R80.10 and higher gateways with IPS
  • Compliance:
    • User can create custom best practices based on scripts
    • Support for 35 regulations including General Data Protection Regulation (GDPR)

Outcomes