This is a features comparison between R80.20 and R80.20SP.
For more information, see sk173183 - Scalable Platforms (Maestro and Chassis) comparison between versions.
Table of Contents:
-
Firewall and Security Policy
-
VSX
-
Gaia
-
Installation and Upgrade
-
Logging
-
Cluster
-
VPN
-
Remote Access VPN
-
Network Management
-
Next Generation Security Gateway
-
System Management and Monitoring
-
Rate Limiting and DoS Mitigation
-
Performance Tuning
-
Threat Prevention
-
CloudGuard
-
Mobile Access
-
Identity Awareness
-
Compliance Blade
-
HTTPS Inspection
-
CPDiag
-
Access Control
-
Data Loss Prevention / CA
-
Dynamic Routing
Firewall and Security Policy
VSX
| Feature |
R80.20 |
R80.20SP |
Comments |
| VSX L3 Firewall |
 |
|
 |
| VSX L2 Firewall |
|
|
No Support for VSX Multi-Bridge. |
| Virtual Switches |
|
 |
Supported on Maestro with R80.20SP Jumbo Hotfix Take 178. |
| Virtual Routers |
|
 |
|
| Identity Awareness Captive Portal |
|
|
|
| VSX Multicast |
|
|
|
| NAT IPv4 |
|
|
|
| NAT IPv6 |
|
|
|
| NAT 64 |
|
|
Supported from R80.20SP Jumbo Hotfix Take 295 |
| VSX QoS, Light Weight (CPQoS) (12) |
|
|
SP limitation. |
| QoS (Floodgate-1) |
|
|
|
| Dynamic Anti-Spoofing |
|
|
|
| "vsx_util reconfigure" |
|
|
After performing "vsx_util reconfigure", it is necessary to install policy on all Virtual Systems. |
Installation and Upgrade
| Feature |
R80.20 |
R80.20SP |
Comments |
| CPUSE |
|
|
To be used via global CLISH (gclish) shell only |
| Hotfix Uninstall |
|
|
Via CPUse |
| Licensing in SmartUpdate |
|
|
Central Licensing is not supported in Maestro |
Gaia OS
| Feature |
R80.20 |
R80.20SP |
Comments |
| Gaia CLI |
clish |
gclish |
|
| Gaia Portal |
|
|
|
| First Time Configuration Wizard (Portal + CLI) |
|
|
|
| Snapshot |
|
|
Restore snapshots only on the same chassis type and SGM model on which it was collected. |
| Backup / Restore |
|
|
|
| NTP Client |
|
|
|
| RADIUS / TACACS Users |
|
|
|
| Alias Interfaces |
|
|
Supported on Security Gateway from R80.20SP Jumbo Hotfix Take 279. |
Logging
| Feature |
R80.20 |
R80.20SP |
Comments |
| Firewall and Software Blade logs |
|
|
Logs for session connections generated by Software Blades on Scalable Platforms R80.20SP do not show the SGM ID. |
| Syslog |
|
|
|
| Fetch Logs |
|
|
|
| UserCheck |
|
|
|
Cluster
| Feature |
R80.20 |
R80.20SP |
Comments |
| Cluster HA |
|
|
Chassis only, no unicast CCP |
| Cluster LS |
|
|
|
| Cluster VSX HA |
|
|
|
| Cluster VSX VSLS |
|
|
Maestro from R80.20SP JHF take 163 |
* Multi-site features are planned for Maestro.
VPN
| Feature |
R80.20 |
R80.20SP |
Comments |
| IKEv1 |
|
|
|
| IKEv2 |
|
|
|
| Multicore VPN |
|
|
|
| Link Selection |
|
|
|
| Route-Based Probing for link selection |
|
|
Limitation in R80.20SP |
| Tunnel Sharing modes (per host, subnet, Gateway) |
|
|
|
| Wire Mode |
|
|
Limitation in R80.20SP |
| NAT Traversal |
|
|
|
| "orig_route_params" (magic button) |
|
|
|
| Peer configured as DAIP (with Dynamically IP address) |
|
|
|
| Tunnel Test |
|
|
Limitation in R80.20SP |
VPN Routing configurations:
1. Gateway as satellite w/ peers through
2. Client to Site Traffic over Site to Site VPN Tunnel |
|
|
Limitation in R80.20SP |
| Traditional VPN mode |
|
|
Limitation in R80.20SP |
| Virtual Tunnel Interfaces (VTIs) |
|
|
Limitation in R80.20SP |
| Corporate Enforcement |
|
|
Limitation in R80.20SP |
Remote Access VPN
| Feature |
R80.20 |
R80.20SP |
Comments |
| Office Mode |
|
|
DHCP, RADIUS |
| Visitor Mode (TCPT) |
|
|
|
| Change of a Client IP address |
|
|
|
| SNX |
|
|
|
| Endpoint Security |
|
|
|
| Simultaneous Login Prevention (SLP) |
|
|
Limitation in R80.20SP |
| Hub Mode |
|
|
|
| Location Awareness |
|
|
|
| User certificate enrollment |
|
|
|
| Desktop Security |
|
|
|
| SCV Support |
|
|
|
Network Management
| Feature |
R80.20 |
R80.20SP |
Comments |
| Multi Bridge |
|
|
|
| DHCP Server |
|
|
|
| DHCP Relay |
|
|
|
| DHCP Client |
|
|
|
| Netflow IPFIX |
|
|
|
| Management Data Plane Separation (MDPS, sk138672) |
|
|
Supported on Chassis with R80.20SP Jumbo Hotfix Take 194 |
Next Generation Security Gateway
| Feature |
R80.20 |
R80.20SP |
Comments |
| Mirror and Decrypt |
|
|
See the Security Gateway Administration Guide for changes in the configuration procedure |
| ICAP Client |
|
|
See the Security Gateway Administration Guide for changes in the configuration procedure |
| ICAP Server |
|
|
|
| Hardware Security Module (HSM) |
|
|
See the Security Gateway Administration Guide for changes in the configuration procedure |
| Private ThreatCloud (PTC) |
|
|
For details on how to enable PTC in R80.20SP, see sk161534 |
System Management and Monitoring
Rate Limiting and DoS Mitigation
| Feature |
R80.20 |
R80.20SP |
Comments |
| Penalty Box |
|
|
|
| Rate Limiting rules- "fw samp" / "fw samp_policy" |
|
|
SGW only. Supported with VSX starting with Jumbo Hotfix Take 266. |
| Suspicious Activity Monitoring Rules - "fw sam" |
|
|
|
| Accelerated SYN Defender - "fwaccel synatk" |
|
|
Supported only from Scalable Platform CLI with the "g_fwaccel synatk" command (it is not supported to configure the IPS "SYN Attack" (SYN Defender) protection in SmartConsole) |
| Feature |
R80.20 |
R80.20SP |
Comments |
| Dynamic Dispatcher |
|
|
|
| Priority Queues |
|
|
|
Threat Prevention
| Feature |
R80.20 |
R80.20SP |
Comment |
| IPS |
|
|
|
| Anti-Bot |
|
|
|
| Anti-Virus |
|
|
|
| Anti-Malware |
|
|
|
| Anti-Spam |
|
|
SGW only |
| Cloud Threat Emulation |
|
|
|
| Remote Threat Emulation (Dedicated appliance) |
|
|
|
| Threat Extraction |
|
|
For known limitations, refer to sk140396. |
CloudGuard
| Feature |
R80.20 |
R80.20SP |
Comments |
| CloudGuard Controller |
|
|
|
Mobile Access
| Feature |
R80.20 |
R80.20SP |
Comments |
| Mobile Access |
|
|
|
Identity Awareness
| Feature |
R80.20 |
R80.20SP |
Comments |
| Identity Awareness |
|
|
|
Compliance
| Feature |
R80.20 |
R80.20SP |
Comments |
| Compliance |
|
|
|
HTTPS Inspection
| Feature |
R80.20 |
R80.20SP |
Comments |
| SSL inspection |
|
|
|
CPDiag
| Feature |
R80.20 |
R80.20SP |
Comments |
| CPDiag |
|
|
|
Access Control
| Feature |
R80.20 |
R80.20SP |
Comments |
| Application Control |
|
|
|
| URL Filtering |
|
|
|
| Content Awareness |
|
|
|
| Updatable Objects |
|
|
|
Data Loss Prevention / Certificate Authority
| Feature |
R80.20 |
R80.20SP |
Comments |
| DLP |
|
|
SGW only. VSX mode not supported. |
| CA |
|
|
|
Dynamic Routing
| Feature |
R80.20 |
R80.20SP |
Comment |
| RIP (IPv4) |
|
|
|
| RIPng (IPv6) |
|
|
|
| PIM |
|
|
For more information please refer to sk169762. |
| OSPFv2 (IPv4) |
|
|
|
| OSPFv3 (IPv6) |
|
|
Supported from R80.20SP Jumbo Hotfix Take 258. |
| BGP |
|
|
Supports IPv4/IPv6
Note: BGP for IPv6 is supported from R80.20SP Jumbo Hotfix Take 258. |
| BFD |
|
|
Supports IPv4/IPv6 from R80.20SP Jumbo Hotfix Take 258. |
| PBR |
|
|
|
|
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.
|
