Support Center > Search Results > SecureKnowledge Details
Comparison between R80.20 and R80.20SP Technical Level
Solution

This is a features comparison between R80.20 and R80.20SP.

Table of Contents:

  • FW and Security Policy
  • VSX
  • Gaia
  • Installation and Upgrade
  • Logging
  • Cluster
  • VPN
  • Remote Access VPN
  • Network Management
  • Next Generation Security Gateway
  • System Management and Monitoring
  • Rate Limiting and DoS Mitigation
  • Performance Tuning
  • Threat Prevention
  • CloudGuard
  • MAB / Mobile Access Blade
  • IDA / Identity Awareness
  • Compliance Blade
  • HTTPS Inspection
  • CPDiag
  • Access Control
  • DLP / CA
  • Dynamic Routing

FW and Security Policy

Feature R80.20 R80.20SP Comments
L3 FW      
L2 FW (Bridge mode)      
QoS      
ISP redundancy      
Multicast      
Captive portal      
NAT IPv4      
NAT IPv6      
NAT 64     Supported from R80.20SP Jumbo Hotfix Take 295
Dynamic Anti-Spoofing       

 

VSX

Feature R80.20 R80.20SP Comments
VSX L3 FW       
VSX L2 FW     No Support for VSX Multi-Bridge.
Virtual Switches     Supported on Maestro with R80.20SP Jumbo Hotfix Take 178
Virtual Routers      
Captive portal      
VSX Multicast      
NAT IPv4      
NAT IPv6      
NAT 64     Supported from R80.20SP Jumbo Hotfix Take 295
VSX QoS, Light Weight (CPQoS) (12)     SP limitation.
Floodgate / QoS      
Dynamic Anti-Spoofing      
vsx_util reconfigure      After performing vsx_util reconfigure, it is necessary to install policy on all VSs.

 

Installation and Upgrade

Feature R80.20 R80.20SP Comments
CPUse     To be used via global CLISH (gclish) shell only
HF Uninstall     Via CPUse
Licensing- SmartUpdate     Installation of a Central license with SmartUpdate requires a policy installation on the Security Gateway / VSX Gateway (context of the VS0) in order to propagate the license to all members.

 

Gaia OS

Feature R80.20 R80.20SP Comments
Gaia CLI clish gclish  
Gaia Portal    
First Time Configuration Wizard (Portal + CLI)      
Snapshot     Restore snapshots only on the same chassis type and SGM model on which it was collected.
Backup / Restore      
NTP Client      
Radius / TACACS Users      
Alias Interfaces     Supported on Security Gateway from R80.20SP Jumbo Hotfix Take 279.

 

Logging

Feature R80.20 R80.20SP Comments
FW and Software blade logs     Logs for session connections generated by Software Blades on Scalable Platforms R80.20SP do not show the SGM ID.
Syslog      
Fetch Logs      
UserCheck      

 

Cluster

Feature R80.20 R80.20SP Comments
Cluster HA     Chassis only, no unicast CCP
Cluster LS    
Cluster VSX HA  
Cluster VSX VSLS   Maestro from R80.20SP JHF take 163

* Multi-site features are planned for Maestro.

 

VPN

Feature R80.20 R80.20SP Comments
IKEv1      
IKEv2      
Multicore VPN      
Link Selection      
Route-Based Probing for link selection     Limitation in R80.20SP
Tunnel Sharing modes (per host, subnet, Gateway)      
Wire Mode     Limitation in R80.20SP
NAT Traversal      
orig_route_params (magic button)      
peer configured as DAIP (dynamic IP)      
Tunnel Test     Limitation in R80.20SP
VPN Routing configurations: 
1. Gateway as satellite w/ peers through
2. Client to Site Traffic over Site to Site VPN Tunnel 
    Limitation in R80.20SP
Traditional mode     Limitation in R80.20SP
Virtual Tunnel Interfaces (VTIs)     Limitation in R80.20SP
Corporate Enforcement     Limitation in R80.20SP


Remote Access VPN

Feature R80.20 R80.20SP Comments
Office Mode      DHCP, Radius
Visitor Mode (TCPT)    
Client IP change    
SNX    
Endpoint    
SLP     Limitation in R80.20SP
Hub Mode    
Location Awareness    
User certificate enrollment    
Desktop Security    
SCV Support    


Network Management

Feature R80.20 R80.20SP Comments
Multi Bridge    
DHCP server    
DHCP relay    
DHCP client    
Netflow IPFIX    
Management Data Plane Separation     Supported on Chassis with R80.20SP Jumbo Hotfix Take 194. 

 

Next Generation Security Gateway

Feature R80.20 R80.20SP Comments
Mirror and Decrypt     See administration guide for changes in configuration procedure.
ICAP client     See administration guide for changes in configuration procedure.
ICAP Server    
Hardware Security Module (HSM)     See administration guide for changes in configuration procedure.
Private ThreatCloud (PTC)     For details on how to enable PTC in R80.20SP, see sk161534.

 

System Management and Monitoring

Feature R80.20 R80.20SP Comments
SNMP    
Alerts    

See Scalable Platforms Administration Guide for configuration procedure.

For Maestro, there are no alerts on Orchestrator.

Job Scheduler    
CPView     Only per SGM, statistics are not aggregated.

 

Rate Limiting and DoS Mitigation

Feature R80.20 R80.20SP Comments
Penalty Box    
Rate Limiting rules- fw samp/samp_policy     SGW only. Supported with VSX starting with Jumbo Hotfix Take 266.
Suspicious Activity Monitoring Rules- fw sam    
Accelerated SYN Defender- fwaccel synatk     Supported from cli only using g_ prefix (not supported via SMC)

 

Performance Tuning

Feature R80.20 R80.20SP Comments
Dynamic Dispatcher      
Priority Queue    

 

Threat Prevention

Feature R80.20 R80.20SP Comment
IPS    
Anti-Bot    
Anti-Virus    
Anti-Malware    
Anti-Spam     SGW only
Cloud Threat Emulation    
Remote Threat Emulation (Dedicated appliance)    
Threat Extraction     For known limitations, refer to sk140396

 

CloudGuard

Feature R80.20 R80.20SP Comments
CloudGuard controller    

 

MAB / Mobile Access Blade

Feature R80.20 R80.20SP Comments
MAB    

 

IDA / Identity Awareness

Feature R80.20 R80.20SP Comments
IDA    

 

Compliance Blade

Feature R80.20 R80.20SP Comments
Compliance Blade    

 

HTTPS Inspection

Feature R80.20 R80.20SP Comments
SSL inspection    

 

CPDiag

Feature R80.20 R80.20SP Comments
CPDiag    

 

Access Control

Feature R80.20 R80.20SP Comments
Application Control    
URL Filtering    
Content Awareness    
Updateable Objects    

 

DLP / CA

Feature R80.20 R80.20SP Comments
DLP     SGW only. VSX mode not supported. 
CA    

 

Dynamic Routing

Feature R80.20 R80.20SP Comment
RIP    
RIPng    
OSPFv2    
OSPFv3     Supported from R80.20SP Jumbo Hotfix Take 258.
BGP     Supports IPv4/IPv6

Note:
BGP for IPv6 is supported from R80.20SP Jumbo Hotfix Take 258.
PIM    
BFD     Supports IPv4/IPv6 from R80.20SP Jumbo Hotfix Take 258.
PBR    

 

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment