Support Center > Search Results > SecureKnowledge Details
Check Point R80.20 with Gaia 3.10 for CloudGuard and Open Server Security Gateways

Important: The Check Point default version widely recommended for all deployments is R80.30 with Gaia 3.10 Take 300 with Jumbo Hotfix Accumulator latest GA Take. For more information on all Check Point releases, refer to the Release map and Release Terminology articles.

Table of Contents:

  1. Introduction
  2. New 3.10 Kernel Capabilities
  3. What's New
  4. Supported Platforms
  5. Availability
  6. Released Hotfixes
  7. Known Limitations
  8. Documentation
  9. Advanced Configuration for SMB v2/3
  10. Frequently Asked Questions
  11. Revision History

[1] Introduction

R80.20, part of the Check Point Infinity architecture, delivers the most innovative and effective security, keeping our customers protected against large-scale, fifth-generation cyber threats. For more information about Check Point R80.20, refer to sk122585.

This release introduces the new 3.10 kernel for Security Gateways. It extends support for new platforms and offers a significant performance improvement in cloud environments.

Check Point R80.30 with Gaia 3.10 is now available. For more information, refer to sk152652

For Security Management Server, the new 3.10 kernel is already part of Check Point Main-Train release starting from R80.20, and is supported on all Security Management platforms (see R80.20 Release Notes).

[2] New 3.10 Kernel Capabilities

  • Upgraded Linux kernel (based on RHEL 7.x kernel 3.10)
  • New partitioning system (gpt)
    • Supports more than 2TB physical/logical drivers
  • New, faster file system (xfs)
  • Supporting larger system storage (up to 48T tested)
  • I/O related performance improvements
  • SMB v2/3 mount support in Mobile Access blade (see details below)
  • Added NFSv4 (client) support (NFS v4.2 is the default NFS version used)
  • Support of new system tools for debugging, monitoring and configuring the system:
    • iotop (provides I/O runtime stats)
    • lshw (provides detailed information about all HW)
    • lsusb (provides information about all devices connected to USB)
    • lsscsi (provides information about storage)
    • ps (new version, more counters)
    • psmisc (new version, more counters)
    • top (new version, more counters)
    • iostat (new version, more counters
  • New glibc: glibc-2.17-157
  • New ethtool: ethtool-4.8-7
  • New Bash: bash-4.2.46-29
  • lbzip2 support (free, multi-threaded compression utility)
  • xz support  
  • rsync support

[3] What's New

Take # What's New
Take 12

Additional support for:

Open ServersDell PowerEdge R330

Take 11

Additional support for:

Open Servers: HP DL380 Gen9, HP DL360 Gen9
Take 8

1. Additional support for:

  1. CloudGuard: Google Cloud Platform
  2. Open Servers: Dell PowerEdge R740/R740 XD, Dell PowerEdge R640

2. Support installation on storage with capacity of exact multiplies of 2TiB (2TiB, 4TiB, 6TiB, 8TiB, etc).

3. Performance enhancement: prevent Intel processors from entering sleep states.

4. Upgrade of hwdata package from 0.252-8.6 to 0.252-9.1

5. Upgrade of gdisk package from 0.8.6-5 to 0.8.10-2

Take 5

1. First release of Check Point R80.20 with Gaia 3.10

2. Support for:

  1. CloudGuard: AWS, Azure
  2. Open Servers: HP DL380 Gen10HP DL360 Gen10

[4] Supported Platforms

Product Details
  • AWS
  • Azure
  • Google Cloud Platform
Open Servers  Refer to the Hardware Compatibility List.

[5] Availability

Take # Date Link
Take 12 12 June 2019

Important Notes:

  • This R80.20 3.10 gateway version is not part of Check Point Main Train Release R80.20 (sk122485 - Check Point R80.20), and is supported on Open Servers and Cloud-based environments. Check Point Main Train Appliances are not supported in this release. 
  • Each take is an accumulation of the previous Take's content.
  • For more information, refer to the FAQs section below.

[6] Released Hotfixes

Released Hotfixes
sk146212 - Jumbo Hotfix Accumulator for R80.20 3.10

[7] Known Limitations

ID Description
IPv6 is not supported. 
GAIA-3295  VSX is not supported. 
This version only supports the Security Gateway. Security Management and Standalone are not supported. 
Loopback is not supported. As a result, the following features are limited:

  • Peering to loopback IPs will not be supported in SGW mode (at any rate, clustering mode does not work).
  • Redistribution of networks using loopback will not be supported. 
  • No support for loopback IPs.
  • Redistribution of networks using loopback will not be supported.
  • No support for loopback IPs.
  • Redistribution of networks using loopback will not be supported.
The 'raid_diagnostic' utility does not work for open servers. 
'Emergendisk' is not supported.
VRRP is not supported.
On CloudGuard for AWS, the 'ethtool -G' command is not supported.
On CloudGuard for Azure, the 'ethtool -G' command is not supported. 
GAIA-3431 The number of FW instances is reported incorrectly in the output of 'fw ctl affinity -l' (but correctly in the output of 'fw ctl affinity -l -r').  
GAIA-2650 On CloudGuard for AWS, speed and duplex information is not available when using the ethtool. 
GAIA-3427 The bond interface is always up after reboot. You can disable the bond interface permanently by disabling its interfaces.
Process affinity cannot be modified.
'cpmq get -v' is missing output.
Cannot change interface link speed to 1000MB after it is changed to 100MB.
When the slave bridge interface is brought down, the state of the bridge in Gaia remains up.
Changing the MTU on the directly connected switches may cause drops of fragmented traffic due to a MTU mismatch. 
PBR is supported, but the feature that supports 'PBR route lookup' in topologies with a loop is not supported.
ACCL-417 The following were removed: CPView Network -> Top-Protocols and Network -> Top-Connections tabs.
VSECC-784 An R80.20 Security Gateway based on Check Point OS Kernel 3.10 does not support Data Center Objects.
  • In R80.10, this issue was resolved in Jumbo Hotfix Accumulator Take_177 installed on the Security Management Server.
  • In R80.20, this issue was resolved in Jumbo Hotfix Accumulator Take_33 installed on the Security Management Server.
The machine may freeze when deleting the Bridge/Bond/VLAN interface under traffic. As a workaround: Bring the Bridge/Bond/VLAN interface to the DOWN state, save the configuration, reboot, remove the interface, and save the configuration. 
GAIA-3463 In-place upgrades between takes and versions is not supported. To upgrade between takes and versions, you will need to do a clean install. As per sk107042, Connectivity Upgrade is supported.

[8] Related Documentation 

Show / Hide this section

[9] Advanced Configuration for SMB v2/3

Show / Hide this section

SMB v2/3 support adds two attributes in $CVPNDIR/conf/cvpnd.C file:

Attribute Name
Default Value
 The default SMB version.
:FileShareAppNameToSmbVersion () List of File Share application names and the SMB version to use. The default version indicated in FileShareDefaultSmbVersion is used for File Share apps that are not listed here. 

Configuration instructions for SMB v2/3 Mount Support for Mobile Access Blade:

  1. Back up the $CVPNDIR/conf/cvpnd.C file. 
  2. To change the default SMB version, run: cvpnd_settings $CVPNDIR/conf/cvpnd.C set FileShareDefaultSmbVersion "<version>"
  3. To change the SMB version for a specific File Share application, run: cvpnd_settings $CVPNDIR/conf/cvpnd.C listAdd FileShareAppNameToSmbVersion "<FileShare app name> : <version>" 
  4. For the changes to take effect, run: cvpnrestart

[10] Frequently Asked Questions

Show / Hide this section
  • Can I upgrade between takes and versions?

    No. Upgrading between takes and versions is not supported. You will need to do a clean install.

  • R80.20 3.10 is already installed on the server. Is an upgrade to the new image required now?

    No. Users who installed the previously released R80.20 3.10 image (Take 5) are not required to install this new image (Take 9). Install the new image if you want the latest content.

  • What Jumbo HFA Take can be installed on top of the R80.20 3.10 image?
  • Can different R80.20 3.10 images be used on different cluster members?

    Yes. Note that it is recommended to align the members with the same version.

  • How do I find out which take is installed on the machine?

    From clish, run the show version all or ver command, which will display the take number as it appears in the ¬ďAvailability¬Ē section above.

  • [11] Revision History

    Show / Hide this section
    Date Description
    12 June 2019 Release of Take 12
    28 May 2019 Added link to Jumbo HFA for R80.20 3.10
    18 March 2019 Release of Take 11
    03 March 2019 Release of Take 8
    6 Dec 2018 Release of Take 5

    Give us Feedback
    Please rate this document