SmartConsole applications are unified in R80, enabling administrators to control system aspects - including gateway configuration and monitoring and all log and event aspects.
The Gateways & Servers tab enables the administrator to see a full view of the managed gateways, monitor their status and conduct maintenance operations.
The Logs & Monitor tab enables the administrator to view and act on logs or events from the same console in which the security policies are configured.
Unified Security Policies
R80 offers unified policies for Access Control and Threat Prevention, enabling administrators to control several security aspects in a single policy.
Access Control policy unifies the Firewall, Application Control & URL Filtering, Data Awareness, and Mobile Access Software Blades policies. Note: Supported only with R80.10 gateways; requires a Management Hotfix.
Threat Prevention policy unifies the IPS, Anti-Virus, Anti-Bot, and Threat Emulation Software Blade policies. Protections can be activated according to tags, enabling customers to activate relevant protections, such as protections related to a specific component (for example, Apache) or vulnerability type.
Policy Layers & Sub Policies
R80 introduces Policy Layers, enabling flexible control over the security policy behavior, and Sub Policies which enable seamless network segmentation within the security policy.
Note: Supported only with R80.10 gateways; requires a Management Hotfix.
The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence. If an "Accept" action was done in a layer, inspection will continue in the next layer.
Sub Policies are sets of rules that can be created and attached to specific rules. If the rule is matched, inspection will continue in the sub policy attached to it rather than in the next rule. For example, a sub policy can manage a network segment or branch office.
Sub Policies can be managed by specific administrators, according to their permissions profile, allowing easy responsibility delegation within the team.
Multi-Domain Security Management Enhancements
Global policy and settings for blades.
Unified architecture and unified client with single Domain Security Management.
New and improved views for Domain provisioning and Global configuration.
R80 enables several administrators to work in parallel on the same security policy, while offering a very granular and flexible privilege delegation to each administrator
Multiple administrators can log-in and work in read-write mode on the same security policy without interrupting each others work.
A new advanced locking mechanism is introduced, enabling concurrent administration.
Objects that one administrator manages can be locked from overwrites or conflicts by other administrators.
Rich administrator profiles can determine the exact privileges each administrator will have, including management of specific policies or network segments, viewing specific logs, and conducting security operations, such as installing policy.
Secured Automation and Orchestration (CLI & API)
A complete CLI & API interface for security management enables full integration with 3rd party systems and automation of daily operations. Automation and SmartConsole management operations are allowed based on the same privilege profile.
Faster Day to Day Operations
R80 introduces multiple features that improve the work efficiency of administrators, such as:
Integrated logging enables the administrator to view all logs related to a rule in the same screen.
Detailed rule information is stored, providing visibility as to who created the rule and when, hit counts, and any other user defined information, such as ticket numbers.
Enhanced search capabilities allow the administrator to immediately find any rule or object in the system.
Management High Availability is enhanced to only sync changes between servers, significantly improving efficiency.