Support Center > Search Results > SecureKnowledge Details
Check Point R80.20 Technical Level
Click Here to Show the Entire Article

R80.20 reached its End of Support

If you are using this version (or lower), we strongly recommend you to upgrade your environments.

Check Point Recommended version for all deployments is R81.10 Take 335 with its Recommended Jumbo Hotfix Accumulator Take. For Scalable Platforms, see sk176388.

For more info about all Check Point releases, refer to Release map and Release Terminology articles.

| What's New | Documentation | Downloads | Released Hotfixes | Additional Downloads and Products | Revision History


R80.20, part of the Check Point Infinity architecture, delivers the most innovative and effective security that keeps our customers protected against large scale, fifth generation cyber threats.

The release contains innovations and significant improvements in:

  • Gateway performance
  • Advanced Threat Prevention
  • Cloud Security 
  • Access policy 
  • Consolidated network and endpoint management capabilities
  • And much more 

What's New in R80.20

  Performance Enhancements   More

    Performance Enhancements

    • HTTPS Inspection performance improvements
    • Session rate improvements on high-end appliances (13000, 15000, 21000 & 23000 Security Gateway models)
    • Acceleration remains active during policy installation, no impact on Security Gateway performance

    VSX Gateways

    • Significant boost to Virtual Systems performance, utilizing up to 32 CoreXL FW instances per VS
    • Dynamic dispatcher - Packets are processed by different FW worker (FWK) instances based on the instance load
    • SecureXL Penalty Box supports the contexts of each Virtual System, see sk74520 

      Significant Improvements & New Features     More

    Advanced Threat Prevention

    • Enhanced configuration and monitor abilities for Mail Transfer Agent (MTA) in SmartConsole for handling malicious mails
    • Configuration of ICAP Server with Threat Emulation and Anti-Virus Deep Scan in SmartConsole
    • Automatic download of IPS updates by the Security Gateway
    • SmartConsole support for multiple Threat Emulation Private Cloud Appliances
    • SmartConsole support for blocking archives containing prohibited file types
    • Threat Extraction
      • Full ClusterXL HA synchronization, access to the original files is available after a failover
      • Support for external storage
    • Threat Prevention Indicators (IoC) API
      • Management API support for Threat Prevention Indicators (IoC)
      • Add, delete, and view indicators through the management API
    • Threat Prevention Layers
      • Support layer sharing within Threat Prevention policy
      • Support setting different administrator permissions per Threat Prevention layer
    • MTA (Mail Transfer Agent)
      • MTA monitoring, e-mails history views and statistics, current e-mails queue status and actions performed on e-mails in queue
    • MTA configuration enhancements
      • Setting a domain object as next hop
      • Ability to create an access rule to allow SMTP traffic to a Security Gateway
      • Create a dedicated Threat Prevention rule for MTA
    • MTA enforcement enhancements
      • Replacing malicious links in an email with a configurable template
      • Configurable format for textual attachments replacement
      • Ability to add a customized text to malicious e-mails' body or subject
      • Tagging malicious-mails using X-header
      • Sending a copy of the malicious e-mail to a predefined recipients list
    • Improvements in policy installation performance on R80.10 and above Security Gateways with IPS
    • Performance impact of "Suspicious Mail Activity" protection in Anti-Bot was changed to "High" and is now off by default

    CloudGuard IaaS Enhancements

    • Automated Security Transit VPC in Amazon Web Services (AWS) - Automatically deploy and maintain secured scalable architecture in Amazon Web Services
    • Integration with Google Cloud Platform
    • Integration with Cisco ISE
    • Integration with Nuage Networks
    • Automatic license management with the CloudGuard IaaS Central Licensing utility
    • Monitoring capabilities integrated into SmartView
    • Data center objects can now be used in access policy rules installed on 41000, 44000, 61000 and 64000 Scalable Platforms

    Access Policy

    • Updatable Objects - a new type of network objects that represent an external service such as Office 365, Amazon Web Services, Azure GEO locations and more, and can be used in the Source and Destination columns of an Access Control policy. These objects are dynamically updated and kept up-to-date by the Security Gateway without the need to install a policy
    • Wildcard network object in Access Control that represents a series of IP addresses that are not sequential
    • Only for Multi-Domain Server: Support for scheduled policy installation with cross-Domain installation targets (Security Gateways or Policy Packages)
    • Rule Base performance improvements, for enhanced Rule Base navigation and scrolling
    • Global VPN Communities (previously supported in R77.30)
    • Support for using NAT64 and NAT46 objects in Access Control
    • Security Management Server can securely connect to Active Directory via a Security Gateway if the Security Management Server has no connectivity to the Active Directory environment and the Security Gateway does

    Identity Awareness

    • Identity Tags support the use of tags defined by an external source to enforce users, groups or machines in Access Roles matching
    • Improved SSO Transparent Kerberos Authentication for Identity Agent, LDAP groups are extracted from the Kerberos ticket
    • Two Factor Authentication for Browser-Based Authentication (support for RADIUS challenge/response in Captive Portal and RSA SecurID next Token/Next PIN mode)
    • Identity Collector
      • Support for Syslog Messages - ability to extract identities from syslog notifications
      • Support for NetIQ eDirectory LDAP Servers
      • Additional filter options - "Filter per Security Gateway" and "Filter by domain"
      • Improvements and stability fixes related to Identity Collector and Web API
    • New configuration container for Terminal Servers Identity Agents.
    • Active Directory cross-forest trust support for Terminal Servers Agent
    • Identity Agent automatic reconnection to prioritized PDP gateways

    HTTPS Inspection

    • Hardware Security Module (HSM) support – outbound HTTPS Inspection stores the SSL keys and certificates on a third party dedicated appliance
    • Additional ciphers supports for HTTPS Inspection (for more information, see sk104562)

    Mirror and Decrypt

    • Decryption and clone of HTTP and HTTPS traffic
    • Forwarding traffic to a designated interface for mirroring purposes


      • New CCP Unicast - a new mode in which a cluster member sends the CCP packets to the unicast address of a peer member
      • New Automatic CCP mode - CCP mode is adaptive to network changes, Unicast, Multicast or Broadcast modes are automatically applied according to network state
      • Enhanced cluster monitoring capabilities
      • Enhanced cluster statistics and debugging capabilities
      • Enhanced Active/Backup Bond
      • Support for more topologies for Synchronization Network over Bond interfaces
      • Improved cluster synchronization and policy installation mechanism
      • New grace mechanism for cluster failover for improved stability
      • New cluster commands in Gaia Clish
      • Improved clustering infrastructure for RouteD (Dynamic Routing) communication

      Gaia OS

      Upgraded Linux kernel (3.10) - applies to Security Management Server only
      • New file system (xfs)
        • More than 2TB support per a single storage device
        • Enlarged systems storage (up to 48TB)
      • I/O related performance improvements
      • Support of new system tools for debugging, monitoring and configuring the system
        • iotop (provides I/O runtime statistics)
        • lsusb (provides information about all devices connected to USB)
        • lshw (provides detailed information about all hardware)
        • lsscsi (provides information about storage)
        • ps (new version, more counters)
        • top (new version, more counters)
        • iostat (new version, more counters)

      Advanced Routing:

      • Allow AS-in-count
      • IPv6 MD5 for BGP
      • IPv4 and IPv6 OSPF multiple instances
      • Bidirectional Forwarding Detection (BFD) for gateways and VSX, including IP Reachability detection and BFD Multihop
      • OSPFv2 HMAC-SHA authentication (replaces OSPFv2 MD5 authentication)

      ICAP Client

      • Integrated ICAP Client functionality


          Security Management Enhancements    More


        • Multiple simultaneous sessions in SmartConsole - One administrator can publish or discard several SmartConsole private sessions, independently of the other sessions
        • SmartConsole Accessibility features
          • Keyboard navigation - ability to use the keyboard alone to navigate between the different SmartConsole fields
          • Improved experience for the visually impaired, color invert for all SmartConsole windows
          • Required fields are highlighted

        Logging and Monitoring

        • Log Exporter - an easy and secure method to export Check Point logs over Syslog to any SIEM vendor using standard protocols and formats
        • Ability to export logs directly from a Security Gateway (previously supported in R77.30)
        • Unified logs for Security Gateway, SandBlast Agent and SandBlast Mobile for simplified log investigation
        • Enhanced SmartView in browser:
          • Log viewer with log card, column profile and statistics
          • Export logs with custom or all fields
          • Automatic-refresh for views
          • Relative time frame support
          • Improved log viewer with cards, profiles, statistics and filters
          • I18N support for 6 languages (English, French, Spanish, Japanese, Chinese, Russian)
        • Accessibility support - keyboard navigation and high contrast theme


        • Integration with SmartProvisioning (previously supported in R77.30)
        • Support for the 1400 series appliances
        • Administrators can now use SmartProvisioning in parallel with SmartConsole

        Mobile Access

        • Support for reCaptcha, keep abusive automated software activities from interfering with regular portal operations
        • Support for One Time Password (OTP) without any hardware tokens

        Endpoint Security Management Server

        Endpoint Security Server is now part of the main train.
        • Support for SandBlast Agent, Anti-Exploit and Behavioral Guard policies
        • SandBlast Agent push operation to move/restore files from quarantine
        • Directory Scanner initial scan and full rescan takes significantly less time
        • Stability and performance enhancements for Online Automatic Synchronization (High Availability)

        Endpoint Security Management features that are included in R77.30.03:

        • Management of new Software Blades:
          • SandBlast Agent Anti-Bot
          • SandBlast Agent Threat Emulation and Anti-Exploit
          • SandBlast Agent Forensics and Anti-Ransomware
          • Capsule Docs
        • New features in existing Software Blades:
          • Full Disk Encryption
            • Offline Mode
            • Self Help Portal
            • XTS-AES Encryption
            • New options for the Trusted Platform Module (TPM)
            • New options for managing Pre-Boot Users
          • Media Encryption & Port Protection
            • New options to configure encrypted container
            • Optical Media Scan
          • Anti-Malware:
            • Web Protection
            • Advanced Disinfection


        • User can create custom best practices based on scripts
        • Support for 35 regulations including General Data Protection Regulation (GDPR)


        R80.20 Release Notes

        Administration Guides

        Resolved Issues

        Known Limitations



        Security Gateway / Standalone

        Security Management

        Effective April 30th, 2019, the CPUSE Upgrade packages have been replaced. See sk140395sk141232 and sk145612.

        R80.20 File Revision History | Release map | Upgrade and Backward Compatibility maps | Releases Terminology

        Effective July 10th, 2019, R80.20 Security Management image has been replaced. See sk151513 for further details.

        Released Hotfixes

        Released Hotfixes
        Jumbo Hotfix Accumulator for R80.20 (Check Point recommends to always install the latest Jumbo Hotfix GA Take)
        For the latest Blink image (GA Take including Jumbo HF Take), see Jumbo Hotfix Accumulator for R80.20
        R80.20 SmartConsole Releases


        Additional Downloads and Products

        Product Download
        SmartConsole  Check Point R80.x Cloud Demo (sk103431)
         Portable SmartConsole for R80.x (sk116158)
        Blink - Gaia Fast Deployment  For Gaia Security Gateway and Management, see sk120193
        R80.20 Management Server Migration Tool  All Gaia versions and SecurePlatform versions above R75.40 (TGZ)
         SecurePlatform R75.40 and below (TGZ)
         All Windows versions (TGZ)
        CloudGuard  See sk158292
        Central Deployment Tool (CDT)  For Gaia, see sk111158 
        ISOMorphic Tool
         For Gaia, SecurePlatform and Linux, see sk65205
        DLP Exchange Server  For Windows (TGZ)
        R80.20 with Gaia 3.10  For CloudGuard and Open Server Security Gateways, see sk141173
        6000 Enterprise Appliances   See sk139932

        Effective September 24th, 2019, the Blink Security Gateway image have been replaced


        Check Point CheckMates Community

        Upgrade/Download Wizard

        Revision History

        Show / Hide

        Date Description
        04 Sep 2022 Updated the SmartConsole package to Build 130
        30 Jun 2022 Updated the SmartConsole package to Build 129
        23 Mar 2022 Updated the SmartConsole package to Build 127
        11 Nov 2021 Updated the SmartConsole package to Build 126
        20 Oct 2021 Updated the SmartConsole package to Build 124
        30 May 2021 Updated the SmartConsole package to Build 122
        17 Nov 2020 Updated the SmartConsole package to Build 119
        23 July 2020 Updated the SmartConsole package to Build 116
        01 Apr 2020 Updated the SmartConsole package to Build 114 
        13 Feb 2020 Updated the SmartConsole package to Build 100
        11 Dec 2019 Updated the SmartConsole package to Build 088
        23 Oct 2019 Updated the SmartConsole package to Build 081
        15 Sep 2019 Added an Important Note at the top of this article
        29 Aug 2019 Updated the SmartConsole package to Build 067
        15 July 2019 Link to Release map was replaced 
        10 July 2019
        • R80.20 Management image has been replaced
        • Updated the SmartConsole package to Build 055
        13 June 2019
        • Released a new R80.20 image with Management upgrade fixes (Take 117)
        • Updated the SmartConsole package to Build 053
        30 Apr 2019 CPUSE Upgrade packages for Security Management and Security Gateway / Standalone have been updated
        08 Apr 2019 Updated the SmartConsole package to Build 046
        24 Jan 2019 Added link to 6000 Enterprise Appliances to the Additional Downloads and Products table
        15 Jan 2019
        • R80.20 Take 101 with Take 17 of Jumbo Hotfix Accumulator becomes the default version
        • Updated the SmartConsole package to Build 025. 
        20 Dec 2018 CPUSE Upgrade packages for Security Management and Security Gateway / Standalone have been updated.
        18 Dec 2018 Added Blink image for R80.20
        06 Dec 2018
        • Added an image for Security Gateway with Gaia 3.10 for CloudGuard & Gen10 Open Servers. See sk141173 
        • Updated the SmartConsole package to Build 011.
        27 Nov 2018 Added CloudGuard image for Open Stack
        14 Nov 2018 Management Server Migration Tools have been updated 
        07 Nov 2018 Updated the SmartConsole package to Build 004.
        01 Nov 2018 Added Jumbo Hotfix Accumulator Take 10 for R80.20. See sk137592
        08 Oct 2018 Management Server Migration Tools have been updated
        26 Sept 2018 First release of this document

        Give us Feedback
        Please rate this document