Support Center > Search Results > SecureKnowledge Details
Check Point R80.20 with Gaia 3.10 for CloudGuard and Open Server Security Gateways
Solution

Table of Contents:

  • Introduction
  • New 3.10 Kernel Capabilities
  • Supported Platforms
  • What's New
  • Availability
  • Known Limitations
  • Documentation
  • Advanced Configuration for SMB v2/3
  • Frequently Asked Questions
  • Revision History

Introduction

R80.20, part of the Check Point Infinity architecture, delivers the most innovative and effective security, keeping our customers protected against large-scale, fifth-generation cyber threats. For more information about Check Point R80.20, refer to sk122585

This release introduces the R80.20 3.10 kernel version for Security Gateways. It extends support for new Open Server platforms and cloud environments.

Check Point also offers an Early Availability program for the new 3.10 kernel based on the R80.30 release, which offers support for additional Security Gateways and appliances. For more details, contact ea_support@checkpoint.com.

For Security Management Servers, the 3.10 kernel is already part of Check Point Main-Train release starting in R80.20, and is supported on all Security Management platforms (see R80.20 Release Notes).

New 3.10 Kernel Capabilities

  • Upgraded Linux kernel (based on RHEL 7.x kernel 3.10)
  • New partitioning system (gpt)
    • Supports more than 2TB physical/logical drivers
  • New, faster file system (xfs)
  • Supporting larger system storage (up to 48T tested)
  • I/O related performance improvements
  • SMB v2/3 mount support in Mobile Access blade (see details below)
  • Added NFSv4 (client) support (NFS v4.2 is the default NFS version used)
  • Support of new system tools for debugging, monitoring and configuring the system:
    • iotop (provides I/O runtime stats)
    • lshw (provides detailed information about all HW)
    • lsusb (provides information about all devices connected to USB)
    • lsscsi (provides information about storage)
    • ps (new version, more counters)
    • psmisc (new version, more counters)
    • top (new version, more counters)
    • iostat (new version, more counters
  • New glibc: glibc-2.17-157
  • New ethtool: ethtool-4.8-7
  • New Bash: bash-4.2.46-29
  • lbzip2 support (free, multi-threaded compression utility)
  • xz support  
  • rsync support

Supported Platforms

CloudGuard:

  • AWS
  • Azure
  • Google Cloud Platform

Open Servers:

What's New

Take # What's New
Take 11

Additional support for:

Open Servers: HP DL380 Gen9, HP DL360 Gen9
Take 8

1. Additional support for:

  1. CloudGuard: Google Cloud Platform
  2. Open Servers: Dell PowerEdge R740/R740 XD, Dell PowerEdge R640

2. Support installation on storage with capacity of exact multiplies of 2TiB (2TiB, 4TiB, 6TiB, 8TiB, etc).

3. Performance enhancement: prevent Intel processors from entering sleep states.

4. Upgrade of hwdata package from 0.252-8.6 to 0.252-9.1

5. Upgrade of gdisk package from 0.8.6-5 to 0.8.10-2

Take 5

1. First release of Check Point R80.20 with Gaia 3.10

2. Support for:

  1. CloudGuard: AWS, Azure
  2. Open Servers: HP DL380 Gen10HP DL360 Gen10

 

Availability

Take # Date Link
Take 11 18 March 2019
Take 8 03 March 2019
Take 5 06 Dec 2018

Important Notes:

  • This R80.20 3.10 gateway version is not part of Check Point R80.20 Main-Train Release and is supported on Open Servers and Cloud-based environments. Check Point Main-Train Appliances are not supported in this release. 
  • Each take is an accumulation of the previous Take's content.
  • For more information, refer to the FAQs section below.

Known Limitations

ID Description
GAIA-3369
IPv6 is not supported. 
GAIA-3295  VSX is not supported. 
GAIA-3372
This version only supports the Security Gateway. Security Management and Standalone are not supported. 
GAIA-415
Loopback is not supported. As a result, the following features are limited:

BGP
  • Peering to loopback IPs will not be supported in SGW mode (at any rate, clustering mode does not work).
  • Redistribution of networks using loopback will not be supported. 
OSPF
  • No support for loopback IPs.
  • Redistribution of networks using loopback will not be supported.
RIP
  • No support for loopback IPs.
  • Redistribution of networks using loopback will not be supported.
GAIA-3380
The 'raid_diagnostic' utility does not work for Gen10 open servers. 
GAIA-3085
'Emergendisk' is not supported.
GAIA-2619
VRRP is not supported.
GAIA-2649
On CloudGuard for AWS, the 'ethtool -G' command is not supported.
GAIA-2648
On CloudGuard for Azure, the 'ethtool -G' command is not supported. 
GAIA-3431 The number of FW instances is reported incorrectly in the output of 'fw ctl affinity -l' (but correctly in the output of 'fw ctl affinity -l -r').  
GAIA-2650 On CloudGuard for AWS, speed and duplex information is not available when using the ethtool. 
GAIA-3427 The bond interface is always up after reboot. You can disable the bond interface permanently by disabling its interfaces.
GAIA-3366
Process affinity cannot be modified.
GAIA-3316
'cpmq get -v' is missing output.
GAIA-3205
Cannot change interface link speed to 1000MB after it is changed to 100MB.
GAIA-3179
When the slave bridge interface is brought down, the state of the bridge in Gaia remains up.
GAIA-3345
Changing the MTU on the directly connected switches may cause drops of fragmented traffic due to a MTU mismatch. 
GAIA-3058
PBR is supported, but the feature that supports 'PBR route lookup' in topologies with a loop is not supported.
ACCL-417 The following were removed: CPView Network -> Top-Protocols and Network -> Top-Connections tabs.
VSECC-784 An R80.20 Security Gateway based on Check Point OS Kernel 3.10 does not support Data Center Objects.
  • In R80.10, this issue was resolved in Jumbo Hotfix Accumulator Take_177 installed on the Security Management Server.
  • In R80.20, this issue was resolved in Jumbo Hotfix Accumulator Take_33 installed on the Security Management Server.
GAIA-1795
The machine may freeze when deleting the Bridge/Bond/VLAN interface under traffic. As a workaround: Bring the Bridge/Bond/VLAN interface to the DOWN state, save the configuration, reboot, remove the interface, and save the configuration. 
GAIA-3463 Upgrading between takes and versions is not supported. To upgrade between takes and versions, you will need to do a clean install.

 

Related Documentation 

Show / Hide this section

Advanced Configuration for SMB v2/3

Show / Hide this section

SMB v2/3 support adds two attributes in $CVPNDIR/conf/cvpnd.C file:

Attribute Name
Default Value
Description 
:FileShareDefaultSmbVersion
("2.0")
 The default SMB version.
:FileShareAppNameToSmbVersion () List of File Share application names and the SMB version to use. The default version indicated in FileShareDefaultSmbVersion is used for File Share apps that are not listed here. 


Configuration instructions for SMB v2/3 Mount Support for Mobile Access Blade:

  1. Back up the $CVPNDIR/conf/cvpnd.C file. 
  2. To change the default SMB version, run: cvpnd_settings $CVPNDIR/conf/cvpnd.C set FileShareDefaultSmbVersion "<version>"
  3. To change the SMB version for a specific File Share application, run: cvpnd_settings $CVPNDIR/conf/cvpnd.C listAdd FileShareAppNameToSmbVersion "<FileShare app name> : <version>" 
  4. For the changes to take effect, run: cvpnrestart

Frequently Asked Questions

Show / Hide this section
  • Can I upgrade between takes and versions?

    No. Upgrading between takes and versions is not supported. You will need to do a clean install.

  • R80.20 3.10 is already installed on the server. Is an upgrade to the new image required now?

    No. Users who installed the previously released R80.20 3.10 image (Take 5) are not required to install this new image (Take 9). Install the new image if you want the latest content.

  • What Jumbo HFA Take can be installed on top of the R80.20 3.10 image?

    Currently, none.

  • Can different R80.20 3.10 images be used on different cluster members?

    Yes. Note that it is recommended to align the members with the same version.

  • How do I find out which take is installed on the machine?

    From clish, run the show version all or ver command, which will display the take number as it appears in the ¬ďAvailability¬Ē section above.

  •  

    Revision History

    Show / Hide this section
    Date Description
    18 March 2019 Release of Take 11
    03 March 2019 Release of Take 8
    06 Dec 2018 Release of Take 5

    Give us Feedback
    Please rate this document
    [1=Worst,5=Best]
    Comment