Support Center > Search Results > SecureKnowledge Details
Check Point R80.20 with Gaia 3.10 for CloudGuard and Open Server Security Gateways Technical Level

Important: For information about the Check Point default version widely recommended for all deployments, refer to sk95746.

Table of Contents:

  1. Introduction
  2. New 3.10 Kernel Capabilities
  3. What's New
  4. Supported Platforms
  5. Availability
  6. Released Hotfixes
  7. Known Limitations
  8. Documentation
  9. Advanced Configuration for SMB v2/3
  10. Frequently Asked Questions
  11. Revision History

[1] Introduction

R80.20, part of the Check Point Infinity architecture, delivers the most innovative and effective security, keeping our customers protected against large-scale, fifth-generation cyber threats. For more information about Check Point R80.20, refer to sk122585.

This release introduces the new 3.10 kernel for Security Gateways. It extends support for new platforms and offers a significant performance improvement in cloud environments.

Check Point R80.30 with Gaia 3.10 is now available. For more information, refer to sk152652

For Security Management Server, the new 3.10 kernel is already part of Check Point Main-Train release starting from R80.20, and is supported on all Security Management platforms (see R80.20 Release Notes).

[2] New 3.10 Kernel Capabilities

  • Upgraded Linux kernel (based on RHEL 7.x kernel 3.10)
  • New partitioning system (gpt)
    • Supports more than 2 TB physical/logical drivers
  • New, faster file system (XFS, see sk141432)
  • Supporting larger system storage (up to 48 TB tested)
  • I/O related performance improvements
  • SMB v2/3 mount support in Mobile Access blade (see details below)
  • Added NFSv4 (client) support (NFS v4.2 is the default NFS version used)
  • Support of new system tools for debugging, monitoring and configuring the system:
    • iotop (provides I/O runtime stats)
    • lshw (provides detailed information about all HW)
    • lsusb (provides information about all devices connected to USB)
    • lsscsi (provides information about storage)
    • ps (new version, more counters)
    • psmisc (new version, more counters)
    • top (new version, more counters)
    • iostat (new version, more counters
  • New glibc: glibc-2.17-157
  • New ethtool: ethtool-4.8-7
  • New Bash: bash-4.2.46-29
  • lbzip2 support (free, multi-threaded compression utility)
  • xz support (compression utility)
  • rsync support

[3] What's New

    Take # What's New
    Take 12

    Additional support for:

    Open ServersDell PowerEdge R330

    Take 11

    Additional support for:

    Open Servers: HP DL380 Gen9, HP DL360 Gen9
      Take 8

      1. Additional support for:

      1. CloudGuard: Google Cloud Platform
      2. Open Servers: Dell PowerEdge R740/R740 XD, Dell PowerEdge R640

      2. Support installation on storage with capacity of exact multiplies of 2TiB (2TiB, 4TiB, 6TiB, 8TiB, etc).

      3. Performance enhancement: prevent Intel processors from entering sleep states.

      4. Upgrade of hwdata package from 0.252-8.6 to 0.252-9.1

      5. Upgrade of gdisk package from 0.8.6-5 to 0.8.10-2

        Take 5

        1. First release of Check Point R80.20 with Gaia 3.10

        2. Support for:

        1. CloudGuard: AWS, Azure
        2. Open Servers: HP DL380 Gen10HP DL360 Gen10

        [4] Supported Platforms

        Product Details
        • AWS
        • Azure
        • Google Cloud Platform
          Open Servers  Refer to the Hardware Compatibility List

            [5] Availability

            Take # Date Link
            Take 12 12 June 2019

            Important Notes:

            • This R80.20 3.10 gateway version is not part of Check Point Main Train Release R80.20 (sk122485 - Check Point R80.20), and is supported on Open Servers and Cloud-based environments. Check Point Main Train Appliances are not supported in this release. 
            • Each take is an accumulation of the previous Take's content.
            • For more information, refer to the FAQs section below.

            [6] Released Hotfixes

            Released Hotfixes
            sk146212 - Jumbo Hotfix Accumulator for R80.20 3.10

            [7] Known Limitations

            ID Description
            GAIA-3369 IPv6 is not supported. 
            GAIA-3295  VSX is not supported. 
            GAIA-3372 This version only supports the Security Gateway. Security Management and Standalone are not supported. 
            GAIA-415 Loopback is not supported. As a result, the following features are limited:

            • Peering to loopback IPs will not be supported in SGW mode (at any rate, clustering mode does not work).
            • Redistribution of networks using loopback will not be supported. 
            • No support for loopback IPs.
            • Redistribution of networks using loopback will not be supported.
            • No support for loopback IPs.
            • Redistribution of networks using loopback will not be supported.
            GAIA-3380 The 'raid_diagnostic' utility does not work for open servers. 
            GAIA-3085 'Emergendisk' is not supported.
            GAIA-2619 VRRP is not supported.
            GAIA-2649 On CloudGuard for AWS, the 'ethtool -G' command is not supported.
            GAIA-2648 On CloudGuard for Azure, the 'ethtool -G' command is not supported. 
            GAIA-3431 The number of FW instances is reported incorrectly in the output of 'fw ctl affinity -l' (but correctly in the output of 'fw ctl affinity -l -r').  
            GAIA-2650 On CloudGuard for AWS, speed and duplex information is not available when using the ethtool. 
            GAIA-3427 The bond interface is always up after reboot. You can disable the bond interface permanently by disabling its interfaces.
            GAIA-3366 Process affinity cannot be modified.
            GAIA-3316 'cpmq get -v' is missing output.
            GAIA-3205 Cannot change interface link speed to 1000MB after it is changed to 100MB.
            GAIA-3179 When the slave bridge interface is brought down, the state of the bridge in Gaia remains up.
            GAIA-3345 Changing the MTU on the directly connected switches may cause drops of fragmented traffic due to a MTU mismatch. 
            GAIA-3058 PBR is supported, but the feature that supports 'PBR route lookup' in topologies with a loop is not supported.
            ACCL-417 The following were removed: CPView Network -> Top-Protocols and Network -> Top-Connections tabs.
            VSECC-784 An R80.20 Security Gateway based on Check Point OS Kernel 3.10 does not support Data Center Objects.
            • In R80.10, this issue was resolved in Jumbo Hotfix Accumulator Take_177 installed on the Security Management Server.
            • In R80.20, this issue was resolved in Jumbo Hotfix Accumulator Take_33 installed on the Security Management Server.
            GAIA-1795 The machine may freeze when deleting the Bridge/Bond/VLAN interface under traffic. As a workaround: Bring the Bridge/Bond/VLAN interface to the DOWN state, save the configuration, reboot, remove the interface, and save the configuration. 
            GAIA-3463 In-place upgrades between takes and versions is not supported. To upgrade between takes and versions, you will need to do a clean install. As per sk107042, Connectivity Upgrade is supported.

            [8] Related Documentation 

            Show / Hide this section

            [9] Advanced Configuration for SMB v2/3

            Show / Hide this section

            SMB v2/3 support adds two attributes in $CVPNDIR/conf/cvpnd.C file:

            Attribute Name Default Value Description 
            :FileShareDefaultSmbVersion ("1.0")  The default SMB version.
            :FileShareAppNameToSmbVersion () List of File Share application names and the SMB version to use. The default version indicated in FileShareDefaultSmbVersion is used for File Share apps that are not listed here. 

            Configuration instructions for SMB v2/3 Mount Support for Mobile Access Blade:

            1. Back up the $CVPNDIR/conf/cvpnd.C file. 
            2. To change the default SMB version, run: cvpnd_settings $CVPNDIR/conf/cvpnd.C set FileShareDefaultSmbVersion "<version>"
            3. To change the SMB version for a specific File Share application, run: cvpnd_settings $CVPNDIR/conf/cvpnd.C listAdd FileShareAppNameToSmbVersion "<FileShare app name> : <version>" 
            4. For the changes to take effect, run: cvpnrestart
            5. In case of a cluster setup, repeat the procedure above for all cluster members.

            [10] Frequently Asked Questions

            Show / Hide this section

            [11] Revision History

            Show / Hide this section
            Date Description
            12 June 2019 Release of Take 12
            28 May 2019 Added link to Jumbo HFA for R80.20 3.10
            18 March 2019 Release of Take 11
            03 March 2019 Release of Take 8
            6 Dec 2018 Release of Take 5

            Give us Feedback
            Please rate this document