Introduction | What's New | FAQ | Documentation | Downloads | Revision History
Introduction
R80.20 Management Feature Release is a new release train that offers frequent, faster delivery of Security Management capabilities. The Management Feature Release train was created to enable customers to use the latest Management features, by leveraging shorter release cycles.
As we are targeting for higher frequency of the main versions that include our most updated Management features, the Management Releases are currently suspended (unless specific need raises).
Check Point further enhances its Security Management with new features, stability fixes and more frequent releases. These enhancements are delivered using a new release path called "Management Feature Release."
Management Feature Releases are designed for customers who want to access and use the latest available Security Management capabilities. Ongoing performance and stability fixes will be provided via future R80.20.Mx versions. As these versions will be released frequently, Check Point does not plan to release dedicated Jumbo Hotfixes for R80.20.Mx. Customers should install the latest R80.20.Mx release and be prepared to frequently upgrade their management environment to the latest version.
Upgrading to this version is supported from all previous versions. Upgrading from Management Feature Release to future Major releases will be supported.
Key Differences from Major Release
Management Feature Release
Major Release
Release Frequency
Frequent releases
According to Major Release Schedule
Supported Products
Security Management of all deployment types,SmartConsole GUI application, Security Management Server, Multi-Domain Management Server, Multi-Domain Log Server SmartEvent and SmartLog
Security Gateway of all deployment types, SmartConsole GUI application, Security Management Server, Multi-Domain Management Server, Standalone deployment
Jumbo Hotfix Accumulator and fixes methodology
Updates are shipped within the next Management Feature Release
Jumbo Hotfixes will continue to be released on regular basis
Managed Gateways
Starting from R80.20 GA and R80.20.M2, it is possible to manage R80.20 and below Security Gateways.
Manages Security gateways of this release as well as previous ones
The below list shows the R80.20 GA newest Security Management features and enhancements
R80.20 GA Security Management Features
Threat Prevention
Enhanced configuration and monitor abilities for Mail Transfer Agent (MTA) in SmartConsole for handling malicious mails
Configuration of ICAP Server with Threat Emulation and Anti-Virus Deep Scan in SmartConsole
Automatic download of IPS updates by the Security Gateway
SmartConsole support for multiple Threat Emulation Private Cloud Appliances
SmartConsole support for blocking archives containing prohibited file types
CloudGuard IaaS Enhancements
Automated Security Transit VPC in Amazon Web Services (AWS) - Automatically deploy and maintain secured scalable architecture in Amazon Web Services
Access Policy
Updatable Objects – a new type of network objects that represent an external service such as Office 365, Amazon Web Services, Azure GEO locations and more, and can be used in the Source and Destination columns of an Access Control policy. These objects are dynamically updated and kept up-to-date by the Security Gateway without the need to install a policy
Wildcard network object in Access Control that represents a series of IP addresses that are not sequential
Only for Multi-Domain Server: Support for scheduled policy installation with cross-Domain installation targets (Security Gateways or Policy Packages)
Security Management Server can securely connect to Active Directory via a Security Gateway if the Security Management Server has no connectivity to the Active Directory environment and the Security Gateway does
SmartConsole
SmartConsole Accessibility features
Keyboard navigation - ability to use the keyboard alone to navigate between the different SmartConsole fields
Improved experience for the visually impaired, color invert for all SmartConsole windows
Required fields are highlighted
Logging and Monitoring
Log Exporter - an easy and secure method to export Check Point logs over Syslog to any SIEM vendor using standard protocols and formats
Unified logs for Security Gateway, SandBlast Agent and SandBlast Mobile for simplified log investigation
Enhanced SmartView in browser:
Relative time frame support
I18N support for 6 languages (English, French, Spanish, Japanese, Chinese, Russian)
Mobile Access
Support for reCaptcha, keep abusive automated software activities from interfering with regular portal operations
Support for One Time Password (OTP) without any hardware tokens
Management API support for Threat Prevention Indicators (IoC)
Add, delete, and view indicators through the Management API
Threat Prevention Layers
Support layer sharing within Threat Prevention policy
Support setting different administrator permissions per Threat Prevention layer
Gaia OS
Upgraded Linux kernel (3.10)
New file system (xfs)
More than 2TB support per a single storage device
Enlarged systems storage (up to 48T tested)
I/O related performance improvements
Support of new system tools for debugging, monitoring and configuring the system
iotop (provides I/O runtime stats)
lsusb (provides information about all devices connected to USB)
lshw (provides detailed information about all hardware)
lsscsi (provides information about storage)
ps (new version, more counters)
top (new version, more counters)
iostat (new version, more counters)
Compressed snapshots - reduced system snapshot size
Access Policy
Rule Base performance improvements, for enhanced Rule Base navigation and scrolling
Global VPN Communities (previously supported in R77.30)
Access Control visibility for NAT46 and NAT64
Identify Tags: Access Role objects can manage identities that originated from Cisco ISE Security Groups or Check Point Identity Awareness API
Logging and Monitoring
SmartView (web) enhancements:
Auto-refresh views
Improved log-viewer with cards, profiles, statistics and filters
Export logs with custom or all fields
Keyboard-navigation
Ability to define an external Syslog server object and configure Security Gateway to send all its logs to it (previously supported in R77.30)
Log Exporter - an easy and secure method to export Check Point logs over syslog that utilizes standard protocols and formats
SmartProvisioning
Integration with SmartProvisioning (previously supported in R77.30)
Support for the 1400 series appliances
Administrators can now use SmartProvisioning in parallel with SmartConsole
SmartConsole
Multiple simultaneous sessions in SmartConsole. One administrator can publish or discard several SmartConsole private sessions, independently of the other sessions
CloudGuard IaaS Enhancements
Integration with Google Cloud Platform
Integration with Cisco ISE
Integration with Nuage Networks
Automatic license management with the CloudGuard IaaS Central Licensing utility
Monitoring capabilities integrated into SmartView
CloudGuard IaaS support for 41000, 44000, 61000, and 64000 Scalable Platforms
Endpoint Security Server
Managing features that are included in R77.30.03: • Management of new Software Blades:
SandBlast Agent Anti-Bot
SandBlast Agent Threat Emulation and Anti-Exploit
SandBlast Agent Forensics and Anti-Ransomware
Capsule Docs
• New features in existing blades:
Full Disk Encryption
Offline Mode
Self Help Portal
XTS-AES Encryption
New options for the Trusted Platform Module (TPM).
New options for managing Pre-Boot Users
Media Encryption and Port Protection
New options to configure encrypted container
Optical Media Scan
Anti-Malware
Web Protection
Advanced Disinfection
Additional Enhancements
Improvements in policy installation performance on R80.10 and higher gateways with IPS
Compliance:
User can create custom best practices based on scripts
Support for 35 regulations including General Data Protection Regulation (GDPR)
Check Point plans on releasing Jumbo Hotfixes only for the main R80.20 Major Release. For the R80.20.Mx, Jumbo Hotfix and stability fixes will be included in the next R80.20.Mx version. An exception to this release plan might be made for critical or stability fixes. Note: R80.20 GA Jumbo Hotfix Accumulator cannot be installed on top of R80.20.Mx release.
Security Management configurations: Security Management Server, Multi-Domain Management Server, Multi-Domain Log Server, SmartEvent and SmartLog Server are supported. Standalone & Security Gateway configurations are not supported with R80.20.Mx release.