Support Center > Search Results > SecureKnowledge Details
Comparison between R80.20 and R80.20SP
Solution

This is a features comparison between R80.20 and R80.20SP.

Table of Contents:

  • FW and Security Policy
  • VSX
  • Gaia
  • Installation and Upgrade
  • Logging
  • Cluster
  • VPN
  • Network Management
  • Next Generation Security Gateway
  • System Management and Monitoring
  • Rate Limiting and DoS Mitigation
  • Performance Tuning
  • Threat Prevention
  • CloudGuard
  • MAB / Mobile Access Blade
  • IDA / Identity Awareness
  • Compliance Blade
  • HTTPS Inspection
  • CPDiag
  • Access Control
  • DLP / CA
  • PBR (Policy-based routing)
  • Dynamic Routing

FW and Security Policy

Feature R80.20 R80.20SP Comments
L3 FW      
L2 FW (Bridge mode)      
QoS      
ISP redundancy      
Multicast      
Captive portal      
NAT IPv4      
NAT IPv6      
NAT 64      
Dynamic Anti-Spoofing       

 

VSX

Feature R80.20 R80.20SP Comments
VSX L3 FW       
VSX L2 FW     No Support for VSX Multi-Bridge.
Virtual Switches     Supported on Chassis ONLY! Not supported on Maestro!
Virtual Routers      
Captive portal      
VSX Multicast      
NAT IPv4      
NAT IPv6      
NAT 64      
VSX QoS, Light Weight (CPQoS) (12)     SP limitation.
Floodgate / QoS      
Dynamic Anti-Spoofing      
vsx_util reconfigure      After performing vsx_util reconfigure, it is necessary to install policy on all VSs.

 

Installation and Upgrade

Feature R80.20 R80.20SP Comments
CPUse     To be used via global CLISH (gclish) shell only
HF Uninstall     Via CPUse
Licensing- SmartUpdate     Installation of a Central license with SmartUpdate requires a policy installation on the Security Gateway / VSX Gateway (context of the VS0) in order to propagate the license to all members.

 

Gaia

Feature R80.20 R80.20SP Comments
Gaia CLI clish gclish  
Gaia Portal    
First Time Configuration Wizard (Portal + CLI)      
Snapshot     Restore snapshots only on the same chassis type and SGM model on which it was collected.
Backup / Restore      
NTP Client      
Radius / TACACS Users      
Alias Interfaces      

 

Logging

Feature R80.20 R80.20SP Comments
FW and Software blade logs     Logs for session connections generated by Software Blades on Scalable Platforms R80.20SP do not show the SGM ID.
Syslog      
Fetch Logs      
UserCheck      

 

Cluster

Feature R80.20 R80.20SP Comments
Cluster HA     Chassis only, no unicast CCP
Cluster LS    
Cluster VSX HA   Chassis only
Cluster VSX VSLS   Chassis only

* Multi-site features are planned for Maestro.

 

VPN

Feature R80.20 R80.20SP Comments
S2S VPN    
Remote Access VPN
     
Link Selection
    Support: Main IP, IP from topology and Static NAT

 

Network Management

Feature R80.20 R80.20SP Comments
Multi Bridge
   
DHCP server    
DHCP relay    
DHCP client    
Netflow IPFIX    

 

Next Generation Security Gateway

Feature R80.20 R80.20SP Comments
Mirror and Decrypt     See administration guide for changes in configuration procedure.
ICAP client     See administration guide for changes in configuration procedure.
ICAP Server    
Hardware Security Module (HSM)     See administration guide for changes in configuration procedure.

 

System Management and Monitoring

Feature R80.20 R80.20SP Comments
SNMP
   
Alerts    

See Scalable Platforms Administration Guide for configuration procedure.

For Maestro, there are no alerts on Orchestrator.

Job Scheduler    
CPView     Only per SGM, statistics are not aggregated.

 

Rate Limiting and DoS Mitigation

Feature R80.20 R80.20SP Comments
Penalty Box
   
Rate Limiting rules- fw samp/samp_policy
    SGW only
Suspicious Activity Monitoring Rules- fw sam
   
Accelerated SYN Defender- fwaccel synatk
   

 

Performance Tuning

Feature R80.20 R80.20SP Comments
Dynamic Dispatcher
   
Priority Queue
   

 

Threat Prevention

Feature R80.20 R80.20SP Comment
IPS    
Anti-Bot    
Anti-Virus    
Anti-Malware    
Anti-Spam     SGW only
Cloud Threat Emulation    
Threat Extraction      

 

CloudGuard

Feature R80.20 R80.20SP Comments
CloudGuard controller
   

 

MAB / Mobile Access Blade

Feature R80.20 R80.20SP Comments
MAB    

 

IDA / Identity Awareness

Feature R80.20 R80.20SP Comments
IDA    

 

Compliance Blade

Feature R80.20 R80.20SP Comments
Compliance Blade    

 

HTTPS Inspection

Feature R80.20 R80.20SP Comments
SSL inspection    

 

CPDiag

Feature R80.20 R80.20SP Comments
CPDiag    

 

Access Control

Feature R80.20 R80.20SP Comments
Application Control
   
URL Filtering
   
Content Awareness
   

 

DLP / CA

Feature R80.20 R80.20SP Comments
DLP     SGW only
CA    

 

PBR (Policy-based routing)

Feature R80.20 R80.20SP Comments
Policy Based Routing (PBR) on Virtual Router
   

 

Dynamic Routing

Feature R80.20 R80.20SP Comment
RIP     No support for RIPng.
OSPF     No OSPFv3 on IPv6.
BGP    
  • No support for RR & Confederations.
  • No BGP on IPv6, No BFD Support.
  • R80.20SP supports BGP AS 4 bytes. 
PIM     No support for PIM SSM mode & Chassis as RP in sparse mode.
BFD    
PBR    


This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment