Support Center > Search Results > SecureKnowledge Details
Check Point R80.10
Solution
Click Here to Show the Entire Article

What's New in R80.10 | Documentation | Downloads | Released Hotfixes | Additional Downloads and Products | Revision History

What's New in R80.10

  Security Policy New Architecture   More

Policy Layers and Sub-Policies enable flexible control over the security policy behavior.

  • Build a rule base with layers, each with a set of the security rules. Layers are inspected in the order in which they are defined, giving control over the rule base flow and precedence of security functionality. If an "Accept" action is done in a layer, inspection continues in the next layer.
  • Sub-Policies are sets of rules that you attach to specific rules. If the rule is matched, inspection continues in the sub-policy attached to the rule. If the rule is not matched, the sub-policy is skipped.
    For example, a sub-policy can manage a network segment or branch office.
  • Policy Layers and Sub-Policies can be managed by specific administrators, according to their permission profile, allowing easy responsibility delegation in the team.

Unified Security Policies

  • Access Control policy unifies the Firewall, Application Control & URL Filtering, Content Awareness, and Mobile Access Software Blade policies.
  • Threat Prevention policy unifies the IPS, Anti-Virus, Anti-Bot, Threat Extraction, and Threat Emulation Software Blade policies.

Access Control Policy

  • New Content Awareness Software Blade adds visibility and control over data transfers in the network traffic, using data types based on content, file types, and direction.
  • Application Control enhancements:
    • Added Recommended Services to Applications for easier configuration of the unified policy.
    • Applications matched on Recommended Services, customized set of services, or Any service.
    • New Protocol Signature added to Service object, to enhance policy matching security and granularity.
  • Mobile Access policy rules can be defined in the main, unified Access Control Policy:
    • Unified rules can define access from different client types to the same resources.
    • Explicit rules can block specified Mobile Access traffic.
    • Ability to define access to resources from specified client types only.
  • Security Zones: Group interfaces of gateways into Security Zones for new Source and Destination definitions.
  • Fully Qualified Domain Names (FQDN): Additional mode for Domain objects, to match fully qualified domain names with forward DNS lookup.
  • Acceleration of Domain Objects, Dynamic Objects, and Time Objects.
  • New tracking options in Unified Rule Base.
  • Improvement of policy installation time duration.

Threat Prevention Policy

  • Multiple profiles for each Security Gateway, to enforce granular Threat Prevention policies.
  • Faster Threat Prevention policy installation.
  • IPS is integrated into the Threat Prevention policy Rule Base and policy installation.
  • Threat Prevention profiles support IPS protection activation based on property tags.

  Significant Improvements and New Features   More
The new Check Point Labs lets you experience new features and send feedback to Check Point. The first Check Point Labs feature lets you see information on Session changes before you publish.

VPN and Mobile Access Enhancements:

  • VPN multicore performance with CoreXL multicore scalability for VPN traffic inspected by Next Generation Firewall, Next Generation Threat Prevention, and Next Generation Threat Extraction Software Blades.
  • NAT-T support for Site-to-Site VPN.
  • TLS 1.2 support for Mobile Access and portals.
  • Multiple login options with multi-factor authentication schemes for users of different clients and portals.
  • A Mobile Access transparent Reverse Proxy, allowing external users to access internal resources, without the Mobile Access Portal.

Identity Awareness Enhancements:

  • Up to 200,000 Identity sessions per gateway.
  • Gateway REST API to manage identities from 3rd party or customized system.
  • Identity Collector - New agent that collects identity information from different sources (AD and ISE), for large environment scalability.
  • New RADIUS Accounting attribute parsing and IPv6 support.
  • Enhanced handling of nested user groups for AD LDAP using LDAPv3.
  • Enforce remote access client type in access role.
  • Detect users located behind HTTP proxy using X-Forward-For header granularity per Access Control Policy Layer.

Threat Prevention Enhancements:

  • Threat Emulation MTA (Mail Transfer Agent) support in VSX. You can run MTA for each VS instance.
  • Threat Extraction support for VSX Gateways.
  • Snort rules can be imported from SmartConsole.
  • Importing Custom Indicators (IoC) is supported from SmartConsole.

NAT Enhancements :

  • Improved scalability of hide NAT on high end multicore gateways, allowing maximum usage of available hide ports by dynamically assigning available ports to the cores. See sk103656.
  • IP Pool NAT performance enhancement: CoreXL multicore scalability for IP Pool NAT connections.

Gaia Enhancements:

  • Netflow support for IPFIX (with NAT and IPv6 flow records).
  • IPv6 DHCP relay with ClusterXL (Security Gateway and VSX modes).

Dynamic Routing Enhancements:

  • RIPng with VRRPv2.
  • SNMP enhancements for routing.
  • BGP 4-Byte AS and Local AS.

VSX Enhancements:

  • 64-bit support for VSX Gateways, increasing concurrent connections capacity.
  • Content Awareness for VSX Gateways.

ClusterXL Enhancements:

  • The MAC Magic value is acquired automatically and is backward compatible with gateways that were configured manually in earlier versions.
  • For VSX Clusters in Load Sharing environments (VSLS), Backup members can communicate with external networks and receive updates, in addition to Active and Standby members.
  • Connectivity Upgrades now support synchronization of Dynamic Routing.

  Management Enhancements   More

These enhancements were first introduced in R80:

Multi-Domain Security Management:

  • Unified architecture and management console for Security Management and Multi Domain Security Management.
  • New and improved views for Domain Management and Global Assignment.

Role-based & Concurrent Administration - Several administrators can work in parallel on the same security policy, with granular and flexible privilege delegation to each administrator.

  • A new advanced locking mechanism ensures administrators do not overwrite each others' work.
  • Rich administrator profiles for exact privileges each administrator will have, including managing specific policies or network segments, viewing specific logs, and conducting security operations, such as installing policy.

Secured Automation and Orchestration - CLI and API for Security Management enables full integration with 3rd party systems and automation of daily operations. Automation and SmartConsole management operations are allowed based on the same privilege profile.

Faster Day to Day Operations

  • Integrated logging to see all logs related to a rule in the same screen.
  • Detailed rule information of who created the rule and when, hit counts, and user-defined data, such as ticket numbers.
  • Enhanced search capabilities to quickly find any rule or object in the system.
  • Enhanced Management High Availability synchronizes only changes between servers, significantly improving efficiency.

Next Generation Logs, Events and Reports

  • Analyze hundreds of millions of logs per day with graphical views and reports, customized to address specific requirements.
  • Logging, monitoring, and report aspects also available in the Web-based interface.
  • Free-text search of logs and events with auto-suggest and favorites, with results in seconds.

New and Enhanced Revision Management Capabilities

  • Built-in database revision control.
  • Install a specific version of policies.
  • Change to a specific version of IPS package.

Cloud Demo: Experience R80.10 management scenarios on any computer. See sk103431.

vSEC Controller: Natively integrates with the leading private and public cloud platforms, such as VMware vCenter & NSX, CISCO ACI, AWS, Azure, OpenStack, and more. vSEC Controller provides dynamic security policy and visibility, which automatically adapts to changes in the cloud environments. This provides simple automated security across physical, virtual, and cloud environments, from a single Unified Management solution.



Documentation


R80.10 Release Notes

R80.10 Documentation Package

R80.10 Quick Start Guide

R80.10 Known Limitations
More


Downloads

SmartConsole

R80.10 CPUSE Upgrade

Clean Install

R80.10 File Revision History | Release map | Upgrade map | Backward Compatibility map | Releases plan

Released Hotfixes


Released Hotfixes
sk116380 - Jumbo Hotfix Accumulator for R80.10 (Take 42)
Effective August 10th, 2017, SmartConsole package has been updated (Build 005). See sk119612.

 


Additional Downloads and Products

Product Download
SmartConsole SmartConsole Demo (sk103431)
Portable SmartConsole (sk116158)
Management Server Migration Tool Gaia R80.10 Tool (TGZ)
Gaia Pre-R80 Tool (TGZ)
SecurePlatform and Linux Tool (TGZ)
Windows Tool (TGZ)
Smart-1 405 / 410 Appliances
R80.10 / R77.30 Dual Image for Smart-1 405 / 410 Appliances (ISO)
Upgrade package from R77.30 to R80.10 for Smart-1 405 / 410 Appliances (TGZ)
vSEC vSEC for AWS
vSEC for Microsoft Azure
vSEC for Google Cloud Platform
R80.10 vSEC OVF Template for ESXi (TGZ)
 R80.10 vSEC Image for Open Stack (IMG)
Central Deployment Tool (CDT) For Gaia, see sk111158
ISOMorphic Tool
For Gaia, SecurePlatform and Linux, see sk65205
DLP Exchange Agent For Windows (TGZ)

Note: Effective October 8th, 2017, Management Server Migration Tools have been updated.

 






R80.x Upgrade Verification Service

Check Point CheckMates Community

Upgrade/Download Wizard

Revision History

Show / Hide

Date Description
07 Dec 2017  Additional Downloads and Products table was redesigned
08 Nov 2017 Added R80.10 VoIP Administration Guide
24 Oct 2017 Added link to vSEC for Google Cloud Platform 
16 Oct 2017 Added R80.10 vSEC Image for Open Stack 
08 Oct 2017  Management Server Migration Tools have been updated
28 Sep 2017 Added Management API Reference Guide
18 Sep 2017 Added Jumbo Hotfix Accumulator Take 42 for R80.10. See sk116380
12 Sep 2017 Added Jumbo Hotfix Accumulator Take 40 for R80.10. See sk116380
03 Sep 2017 Added link to R80.10 VoIP Administration Guide.
22 Aug 2017 Added Jumbo Hotfix Accumulator Take 35 for R80.10. See sk116380.
10 Aug 2017 Added SmartConsole Build 005
09 Aug 2017 Replaced Dual Image and upgrade package for Smart-1 405 / 410 Appliances
01 Aug 2017 Added Jumbo Hotfix Accumulator Take 24 for R80.10. See sk116380.
25 July 2017
  • Added vSEC for Microsoft Azure downloads.
  • Added Jumbo Hotfix Accumulator Take 18 for R80.10. See sk116380.
11 July 2017 Added Jumbo Hotfix Accumulator Take 15 for R80.10. See sk116380.
09 July 2017
  • Added Smart-1 405 / 410 Appliances and vSEC downloads
  • Design change
28 June 2017 Added Jumbo Hotfix Accumulator Take 10 for R80.10. See sk116380.
08 June 2017 Added Jumbo Hotfix Accumulator Take 3 for R80.10. See sk116380.
05 June 2017 Management Server Migration Tools have been updated
17 May 2017 First release of this document.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment