Support Center > Search Results > SecureKnowledge Details
Comparison between R80.20 and R80.20SP

This is a features comparison between R80.20 and R80.20SP.

Table of Contents:

  • FW and Security Policy
  • VSX
  • Gaia
  • Installation and Upgrade
  • Logging
  • Cluster
  • VPN
  • Network Management
  • Next Generation Security Gateway
  • System Management and Monitoring
  • Rate Limiting and DoS Mitigation
  • Performance Tuning
  • Threat Prevention
  • CloudGuard
  • MAB / Mobile Access Blade
  • IDA / Identity Awareness
  • Compliance Blade
  • HTTPS Inspection
  • CPDiag
  • Access Control
  • DLP / CA
  • PBR (Policy-based routing)
  • Dynamic Routing

FW and Security Policy

Feature R80.20 R80.20SP Comments
L3 FW      
L2 FW (Bridge mode)      
ISP redundancy      
Captive portal      
NAT IPv4      
NAT IPv6      
NAT 64      
Dynamic Anti-Spoofing       



Feature R80.20 R80.20SP Comments
VSX L3 FW       
VSX L2 FW     No Support for VSX Multi-Bridge.
Virtual Switches     Supported on Chassis ONLY! Not supported on Maestro!
Virtual Routers      
Captive portal      
VSX Multicast      
NAT IPv4      
NAT IPv6      
NAT 64      
VSX QoS, Light Weight (CPQoS) (12)     SP limitation.
Floodgate / QoS      
Dynamic Anti-Spoofing      
vsx_util reconfigure      After performing vsx_util reconfigure, it is necessary to install policy on all VSs.


Installation and Upgrade

Feature R80.20 R80.20SP Comments
CPUse     To be used via global CLISH (gclish) shell only
HF Uninstall     Via CPUse
Licensing- SmartUpdate     Installation of a Central license with SmartUpdate requires a policy installation on the Security Gateway / VSX Gateway (context of the VS0) in order to propagate the license to all members.


Gaia OS

Feature R80.20 R80.20SP Comments
Gaia CLI clish gclish  
Gaia Portal    
First Time Configuration Wizard (Portal + CLI)      
Snapshot     Restore snapshots only on the same chassis type and SGM model on which it was collected.
Backup / Restore      
NTP Client      
Radius / TACACS Users      
Alias Interfaces      



Feature R80.20 R80.20SP Comments
FW and Software blade logs     Logs for session connections generated by Software Blades on Scalable Platforms R80.20SP do not show the SGM ID.
Fetch Logs      



Feature R80.20 R80.20SP Comments
Cluster HA     Chassis only, no unicast CCP
Cluster LS    
Cluster VSX HA   Chassis only
Cluster VSX VSLS   Chassis only

* Multi-site features are planned for Maestro.



Feature R80.20 R80.20SP Comments
S2S VPN    
Remote Access VPN
Link Selection
    Support: Main IP, IP from topology and Static NAT


Network Management

Feature R80.20 R80.20SP Comments
Multi Bridge
DHCP server    
DHCP relay    
DHCP client    
Netflow IPFIX    


Next Generation Security Gateway

Feature R80.20 R80.20SP Comments
Mirror and Decrypt     See administration guide for changes in configuration procedure.
ICAP client     See administration guide for changes in configuration procedure.
ICAP Server    
Hardware Security Module (HSM)     See administration guide for changes in configuration procedure.
Private ThreatCloud (PTC)     For details on how to enable PTC in R80.20SP, see sk161534.


System Management and Monitoring

Feature R80.20 R80.20SP Comments

See Scalable Platforms Administration Guide for configuration procedure.

For Maestro, there are no alerts on Orchestrator.

Job Scheduler    
CPView     Only per SGM, statistics are not aggregated.


Rate Limiting and DoS Mitigation

Feature R80.20 R80.20SP Comments
Penalty Box    
Rate Limiting rules- fw samp/samp_policy
    SGW only
Suspicious Activity Monitoring Rules- fw sam
Accelerated SYN Defender- fwaccel synatk
    Supported from cli only using g_ prefix (not supported via SMC)


Performance Tuning

Feature R80.20 R80.20SP Comments
Dynamic Dispatcher      
Priority Queue    


Threat Prevention

Feature R80.20 R80.20SP Comment
Anti-Spam     SGW only
Cloud Threat Emulation    
Threat Extraction      



Feature R80.20 R80.20SP Comments
CloudGuard controller    


MAB / Mobile Access Blade

Feature R80.20 R80.20SP Comments


IDA / Identity Awareness

Feature R80.20 R80.20SP Comments


Compliance Blade

Feature R80.20 R80.20SP Comments
Compliance Blade    


HTTPS Inspection

Feature R80.20 R80.20SP Comments
SSL inspection    



Feature R80.20 R80.20SP Comments


Access Control

Feature R80.20 R80.20SP Comments
Application Control
URL Filtering
Content Awareness



Feature R80.20 R80.20SP Comments
DLP     SGW only


PBR (Policy-Based routing)

Feature R80.20 R80.20SP Comments
Policy Based Routing (PBR) on Virtual Router


Dynamic Routing

Feature R80.20 R80.20SP Comment
RIP     No support for RIPng.
OSPF     No OSPFv3 on IPv6.
  • No support for RR & Confederations.
  • No BGP on IPv6, No BFD Support.
  • R80.20SP supports BGP AS 4 bytes. 
PIM     No support for PIM SSM mode & Chassis as RP in sparse mode.
PBR     For SGW only

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document