Support Center > Search Results > SecureKnowledge Details
Check Point R80
Solution
Click Here to Show the Entire Article


Important: We recommend that users upgrade their Security Management Server to Check Point R80.10

R80 Downloads | What's New in R80 | Documentation | R80 Released Hotfixes | Tools | Revision History




R80 Upgrade Verification Service

Check Point Community Exchange Point

Upgrade/Download Wizard


R80 Downloads

SmartConsole

GUI client

Clean Install / Advanced Upgrade for Gaia OS

Complete Management server installation
including all features

Demo version

Fully working demo version,
with all management components

See sk103431

Note:

Effective December 26th, 2016, R80 image has been replaced. By installing the new image, R80 machine will automatically install R80 Jumbo Hotfix Take 76.

Effective November 20th, 2016, SmartConsole package has been updated with additional support for SHA-256. See sk114579.


For FAQ regarding the image replacement, see sk110980 - R80 image updates FAQ.

R80 File Revision HistoryRelease map | Upgrade map | Backward Compatibility map | Releases plan


What's New in R80

  Unified Policy   More

Unified Console

SmartConsole applications are unified in R80, enabling administrators to control system aspects - including gateway configuration and monitoring and all log and event aspects.

  • The Gateways & Servers tab enables the administrator to see a full view of the managed gateways, monitor their status and conduct maintenance operations.
  • The Logs & Monitor tab enables the administrator to view and act on logs or events from the same console in which the security policies are configured.

Unified Security Policies

R80 offers unified policies for Access Control and Threat Prevention, enabling administrators to control several security aspects in a single policy.

  • Access Control policy unifies the Firewall, Application Control & URL Filtering, Data Awareness, and Mobile Access Software Blades policies.
    Note: Supported only with R80.10 Security Gateways and Management.
  • Threat Prevention policy unifies the IPS, Anti-Virus, Anti-Bot, and Threat Emulation Software Blade policies.
    Protections can be activated according to tags, enabling customers to activate relevant protections, such as protections related to a specific component (for example, Apache) or vulnerability type.

Policy Layers & Sub Policies

R80 introduces Policy Layers, enabling flexible control over the security policy behavior, and Sub Policies which enable seamless network segmentation within the security policy.

Note: Supported only with R80.10 Security Gateways and Management.

  • The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence. If an "Accept" action was done in a layer, inspection will continue in the next layer.

  • Sub Policies are sets of rules that can be created and attached to specific rules. If the rule is matched, inspection will continue in the sub policy attached to it rather than in the next rule.
    For example, a sub policy can manage a network segment or branch office.

  • Sub Policies can be managed by specific administrators, according to their permissions profile, allowing easy responsibility delegation within the team.

Multi-Domain Security Management Enhancements

  • Global policy and settings for blades.
  • Unified architecture and unified client with single Domain Security Management.
  • New and improved views for Domain provisioning and Global configuration.

  Efficient, automated operation   More

Role-based & Concurrent Administration

R80 enables several administrators to work in parallel on the same security policy, while offering a very granular and flexible privilege delegation to each administrator

  • Multiple administrators can log-in and work in read-write mode on the same security policy without interrupting each other’s work.
  • A new advanced locking mechanism is introduced, enabling concurrent administration.
  • Objects that one administrator manages can be locked from overwrites or conflicts by other administrators.
  • Rich administrator profiles can determine the exact privileges each administrator will have, including management of specific policies or network segments, viewing specific logs, and conducting security operations, such as installing policy.


Secured Automation and Orchestration (CLI & API)

A complete CLI & API interface for security management enables full integration with 3rd party systems and automation of daily operations. Automation and SmartConsole management operations are allowed based on the same privilege profile.


Faster Day to Day Operations

R80 introduces multiple features that improve the work efficiency of administrators, such as:

  • Integrated logging enables the administrator to view all logs related to a rule in the same screen.
  • Detailed rule information is stored, providing visibility as to who created the rule and when, hit counts, and any other user defined information, such as ticket numbers.
  • Enhanced search capabilities allow the administrator to immediately find any rule or object in the system.
  • Management High Availability is enhanced to only sync changes between servers, significantly improving efficiency.

  Integrated Threat Management   More

Next Generation Logs, Events and Reports

  • Manage and monitor your security environment from a single, visual dashboard.
  • Analyze hundreds of millions of logs per day.
  • Rich graphical views and reports for security needs.
  • Ability to customize views and reports to address specific requirements.
  • Logging, monitoring, and report aspects of R80 SmartConsole are available via web based interface.
  • Free-text search of logs and events with auto-suggest and favorites - results in seconds.

New Licensing Experience

New license visibility and synchronization improve user experience.

  • Visibility mechanism:
    • Improved visibility of Check Point's Software Blade license status, alerts and User Center detailed information.
    • Consolidated license status reports.
  • Synchronizing mechanism:
    • Automatic activation for licenses on appliances.
    • Seamless product license synchronization with Check Point’s User Center.
    • Proxy configuration, enabling indirect User Center license synchronization for Check Point's Gateways and Management Servers.

Improved Security for SIC and VPN certificates

SHA-256-based certificates are issued by default. For details, see sk103840



Documentation


R80 Release Notes


R80 Documentation Package


R80 Known Limitations

More


R80 Released Hotfixes

Released Hotfixes Comments

sk111536 - Jumbo Hotfix Accumulator for R80 (Take 76)

(This fix is a part of R80 image Take 132, effective Dec 26th, 2016) 

Download the latest recommended Hotfix from sk111536

sk111536 - Jumbo Hotfix Accumulator for R80 (Take 29)

(This fix is a part of R80 image Take 113, effective July 3rd, 2016)

sk111055 - R80 Security and stability enhancements for Security Management server (Hotfix #1)

(This fix is a part of R80 image Take 109, effective April 25, 2016)

 


Tools

Management Tools Gaia
R80 Migration
Gaia
Pre-R80 Migration
SecurePlatform
and Linux
Windows Solaris
Management Server Migration Tool (TGZ) (TGZ) (TGZ) (TGZ) (TGZ)
Multi-Domain Server Export Tool - - - - (ISO)
ISOMorphic Tool (EXE) - -

Note: Effective January 9th, 2017, Management Server Migration Tools have been updated.


Revision History

Show / Hide

Date Description
9 Jan 2017 Management Server Migration Tools have been updated.
26 Dec 2016 R80 image was updated. Take 132 was published. 
20 Nov 2016 SmartConsole package was updated. See sk103839
22 Sep 2016 Added Jumbo Hotfix Accumulator Take 76 for R80. See sk111536
03 July 2016 R80 image was updated. Take 113 was published.
09 June 2016 Added Jumbo Hotfix Accumulator Take 29 for R80. See sk111536.
25 April 2016 R80 image was updated. See sk111055.
31 March 2016 First release of this document.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment