Support Center > Search Results > SecureKnowledge Details
Check Point R80.20 with Gaia 3.10 for Security Gateways
Solution

Table of Contents:

  • Introduction
  • Supported Platforms
  • What's New
  • Configuration
  • Downloads
  • Documentation
  • Known Limitations

Introduction

R80.20 with Gaia 3.10 is now available for Security Gateways.

Supported Platforms

What's New

  • Upgraded Linux kernel (based on RHEL 7.x kernel 3.10)
  • Support for HP Gen10 Servers
  • New partitioning system (gpt)
    • Supports more than 2TB physical/logical drivers
  • New, faster file system (xfs)
    • Supporting larger system storage (up to 48T tested)
  • I/O related performance improvements
  • SMB v2/3 mount support in Mobile Access blade (see details below)
  • Support of new system tools for debugging, monitoring and configuring the system:
    • iotop (provides I/O runtime stats)
    • lshw (provides detailed information about all HW) 
    • lsusb (provides information about all devices connected to USB) 
    • lsscsi (provides information about storage) 
    • ps (new version, more counters) 
    • psmisc (new version, more counters) 
    • top (new version, more counters) 
    • iostat (new version, more counters)
  • New glibc: glibc-2.17-157
  • New ethtool: ethtool-4.8-7
  • New Bash: bash-4.2.46-29
  • lbzip2 support (free, multi-threaded compression utility)
  • xz support
  • rsync support

New SMB v2/3 Mount Support for Mobile Access Blade

SMB v2/3 support adds two attributes in $CVPNDIR/conf/cvpnd.C file:

Attribute Name
Default Value
Description 
:FileShareDefaultSmbVersion
("2.0")
 The default SMB version.
:FileShareAppNameToSmbVersion () List of File Share application names and the SMB version to use. The default version indicated in FileShareDefaultSmbVersion is used for File Share apps that are not listed here. 

 

Configuration instructions for SMB v2/3 Mount Support for Mobile Access Blade:

  1. Back up the $CVPNDIR/conf/cvpnd.C file. 
  2. To change the default SMB version, run: cvpnd_settings $CVPNDIR/conf/cvpnd.C set FileShareDefaultSmbVersion "<version>"
  3. To change the SMB version for a specific File Share application, run: cvpnd_settings $CVPNDIR/conf/cvpnd.C listAdd FileShareAppNameToSmbVersion "<FileShare app name> : <version>" 
  4. For the changes to take effect, run: cvpnrestart


Downloads

Download Package Link
Check Point R80.20 with new kernel 3.10 image for AWS, Azure, and Gen10 open servers
 


Documentation

Related Documentation & SecureKnowledge Articles
Check Point R80.20
sk65205: How to install SecurePlatform / Gaia from a USB device on Check Point appliance and Open Servers using ISOmorphic Tool


Known Limitations

ID Description
GAIA-3369
IPv6 is not supported. 
GAIA-3295  VSX is not supported. 
GAIA-3372
This version only supports the Security Gateway. Security Management and Standalone are not supported. 
GAIA-415
Loopback is not supported. As a result, the following features are limited:

BGP

  • Peering to loopback IPs will not be supported in SGW mode (at any rate, clustering mode does not work).
  • Redistribution of networks using loopback will not be supported. 

OSPF

  • No support for loopback IPs.
  • Redistribution of networks using loopback will not be supported.

RIP

  • No support for loopback IPs.
  • Redistribution of networks using loopback will not be supported.
GAIA-3380
The "raid_diagnostic" utility does not work for Gen10 open servers. 
GAIA-3085
'Emergendisk' is not supported.
GAIA-2619
VRRP is not supported.
GAIA-2649
On CloudGuard for AWS, the "ethtool -G" command is not supported.
GAIA-2648
On CloudGuard for Azure, the "ethtool -G" command is not supported. 
GAIA-3431 The number of FW instances is reported incorrectly in the output for "fw ctl affinity -l" (but correctly in the output for "fw ctl affinity -l -r").  
GAIA-2650 On CloudGuard for AWS, speed and duplex information is not available when using the ethtool. 
GAIA-3427 The bond interface is always up after reboot. You can disable the bond interface permanently by disabling its interfaces.
GAIA-3366
Process affinity cannot be modified.
GAIA-3316
"cpmq get -v" is missing output.
GAIA-3205
Cannot change interface link speed to 1000MB after it is changed to 100MB.
GAIA-3179
When the slave bridge interface is brought down, the state of the bridge in Gaia remains up.
GAIA-3345
Changing the MTU on the directly connected switches may cause drops of fragmented traffic due to a MTU mismatch. 
GAIA-3058
PBR is supported, but the feature that supports 'PBR route lookup' in topologies with a loop is not supported.
ACCL-417 The following were removed: CPView Network -> Top-Protocols and Network -> Top-Connections tabs.
VSECC-784 An R80.20 Security Gateway based on Check Point OS Kernel 3.10 does not support Data Center Objects.
  • In R80.10, this issue was resolved in Jumbo Hotfix Accumulator Take_177 installed on the Security Management Server.
  • In R80.20, this issue was resolved in Jumbo Hotfix Accumulator Take_33 installed on the Security Management Server.
GAIA-1795

The machine may freeze when deleting the Bridge/Bond/VLAN interface under traffic.

Workaround: Bring the Bridge/Bond/VLAN interface to the DOWN state, save the configuration, reboot, remove the interface, and save the configuration. 

GAIA-3463 Upgrade is not supported. 

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment