Support Center > Search Results > SecureKnowledge Details
Comparison between R80.20 and R80.20SP Technical Level
Solution

This is a features comparison between R80.20 and R80.20SP.

For more information, see sk173183 - Scalable Platforms (Maestro and Chassis) comparison between versions.

Table of Contents:

  • Firewall and Security Policy
  • VSX
  • Gaia
  • Installation and Upgrade
  • Logging
  • Cluster
  • VPN
  • Remote Access VPN
  • Network Management
  • Next Generation Security Gateway
  • System Management and Monitoring
  • Rate Limiting and DoS Mitigation
  • Performance Tuning
  • Threat Prevention
  • CloudGuard
  • Mobile Access
  • Identity Awareness
  • Compliance Blade
  • HTTPS Inspection
  • CPDiag
  • Access Control
  • Data Loss Prevention / CA
  • Dynamic Routing

Firewall and Security Policy

Feature R80.20 R80.20SP Comments
L3 Firewall      
L2 Firewall (Bridge mode)      
QoS      
ISP Redundancy     Supported from R80.20SP Jumbo Hotfix Take 305
Multicast      
Identity Awareness Captive Portal      
NAT IPv4      
NAT IPv6      
NAT 64     Supported from R80.20SP Jumbo Hotfix Take 295
Dynamic Anti-Spoofing       

 

VSX

Feature R80.20 R80.20SP Comments
VSX L3 Firewall       
VSX L2 Firewall     No Support for VSX Multi-Bridge.
Virtual Switches     Supported on Maestro with R80.20SP Jumbo Hotfix Take 178
Virtual Routers      
Identity Awareness Captive Portal      
VSX Multicast      
NAT IPv4      
NAT IPv6      
NAT 64     Supported from R80.20SP Jumbo Hotfix Take 295
VSX QoS, Light Weight (CPQoS) (12)     SP limitation.
QoS (Floodgate-1)      
Dynamic Anti-Spoofing      
"vsx_util reconfigure"      After performing "vsx_util reconfigure", it is necessary to install policy on all Virtual Systems.

 

Installation and Upgrade

Feature R80.20 R80.20SP Comments
CPUSE     To be used via global CLISH (gclish) shell only
Hotfix Uninstall     Via CPUse
Licensing in SmartUpdate     Central Licensing is not supported in Maestro

 

Gaia OS

Feature R80.20 R80.20SP Comments
Gaia CLI clish gclish  
Gaia Portal    
First Time Configuration Wizard (Portal + CLI)      
Snapshot     Restore snapshots only on the same chassis type and SGM model on which it was collected.
Backup / Restore      
NTP Client      
RADIUS / TACACS Users      
Alias Interfaces     Supported on Security Gateway from R80.20SP Jumbo Hotfix Take 279.

 

Logging

Feature R80.20 R80.20SP Comments
Firewall and Software Blade logs     Logs for session connections generated by Software Blades on Scalable Platforms R80.20SP do not show the SGM ID.
Syslog      
Fetch Logs      
UserCheck      

 

Cluster

Feature R80.20 R80.20SP Comments
Cluster HA     Chassis only, no unicast CCP
Cluster LS    
Cluster VSX HA  
Cluster VSX VSLS   Maestro from R80.20SP JHF take 163

* Multi-site features are planned for Maestro.

 

VPN

Feature R80.20 R80.20SP Comments
IKEv1      
IKEv2      
Multicore VPN      
Link Selection      
Route-Based Probing for link selection     Limitation in R80.20SP
Tunnel Sharing modes (per host, subnet, Gateway)      
Wire Mode     Limitation in R80.20SP
NAT Traversal      
"orig_route_params" (magic button)      
Peer configured as DAIP (with Dynamically IP address)      
Tunnel Test     Limitation in R80.20SP
VPN Routing configurations: 
1. Gateway as satellite w/ peers through
2. Client to Site Traffic over Site to Site VPN Tunnel 
    Limitation in R80.20SP
Traditional VPN mode     Limitation in R80.20SP
Virtual Tunnel Interfaces (VTIs)     Limitation in R80.20SP
Corporate Enforcement     Limitation in R80.20SP


Remote Access VPN

Feature R80.20 R80.20SP Comments
Office Mode      DHCP, Radius
Visitor Mode (TCPT)    
Change of a Client IP address    
SNX    
Endpoint Security    
Simultaneous Login Prevention (SLP)     Limitation in R80.20SP
Hub Mode    
Location Awareness    
User certificate enrollment    
Desktop Security    
SCV Support    


Network Management

Feature R80.20 R80.20SP Comments
Multi Bridge    
DHCP Server    
DHCP Relay    
DHCP Client    
Netflow IPFIX    
Management Data Plane Separation (MDPS, sk138672)     Supported on Chassis with R80.20SP Jumbo Hotfix Take 194

 

Next Generation Security Gateway

Feature R80.20 R80.20SP Comments
Mirror and Decrypt     See the Security Gateway Administration Guide for changes in the configuration procedure
ICAP Client     See the Security Gateway Administration Guide for changes in the configuration procedure
ICAP Server    
Hardware Security Module (HSM)     See the Security Gateway Administration Guide for changes in the configuration procedure
Private ThreatCloud (PTC)     For details on how to enable PTC in R80.20SP, see sk161534

 

System Management and Monitoring

Feature R80.20 R80.20SP Comments
SNMP    
Alerts    

See Scalable Platforms Administration Guide for configuration procedure.

For Maestro, there are no alerts on Orchestrator.

Job Scheduler    
CPView     Only per SGM, statistics are not aggregated.

 

Rate Limiting and DoS Mitigation

Feature R80.20 R80.20SP Comments
Penalty Box    
Rate Limiting rules- "fw samp" / "fw samp_policy"     SGW only. Supported with VSX starting with Jumbo Hotfix Take 266.
Suspicious Activity Monitoring Rules - "fw sam"    
Accelerated SYN Defender - "fwaccel synatk"     Supported only from Scalable Platform CLI with the "g_fwaccel synatk" command (it is not supported to configure the IPS "SYN Attack" (SYN Defender) protection in SmartConsole)

 

Performance Tuning

Feature R80.20 R80.20SP Comments
Dynamic Dispatcher      
Priority Queues    

 

Threat Prevention

Feature R80.20 R80.20SP Comment
IPS    
Anti-Bot    
Anti-Virus    
Anti-Malware    
Anti-Spam     SGW only
Cloud Threat Emulation    
Remote Threat Emulation (Dedicated appliance)    
Threat Extraction     For known limitations, refer to sk140396

 

CloudGuard

Feature R80.20 R80.20SP Comments
CloudGuard Controller    

 

Mobile Access

Feature R80.20 R80.20SP Comments
Mobile Access    

 

Identity Awareness

Feature R80.20 R80.20SP Comments
Identity Awareness    

 

Compliance

Feature R80.20 R80.20SP Comments
Compliance    

 

HTTPS Inspection

Feature R80.20 R80.20SP Comments
SSL inspection    

 

CPDiag

Feature R80.20 R80.20SP Comments
CPDiag    

 

Access Control

Feature R80.20 R80.20SP Comments
Application Control    
URL Filtering    
Content Awareness    
Updatable Objects    

 

Data Loss Prevention / Certificate Authority

Feature R80.20 R80.20SP Comments
DLP     SGW only. VSX mode not supported. 
CA    

 

Dynamic Routing

Feature R80.20 R80.20SP Comment
RIP (IPv4)    
RIPng (IPv6)    
PIM     For more information please refer to sk169762.
OSPFv2 (IPv4)    
OSPFv3 (IPv6)     Supported from R80.20SP Jumbo Hotfix Take 258.
BGP     Supports IPv4/IPv6

Note:
BGP for IPv6 is supported from R80.20SP Jumbo Hotfix Take 258.
BFD     Supports IPv4/IPv6 from R80.20SP Jumbo Hotfix Take 258.
PBR    
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment