Support Center > Search Results > SecureKnowledge Details
Comparison between R80.20 and R80.20SP Technical Level

This is a features comparison between R80.20 and R80.20SP.

For more information, see sk173183 - Scalable Platforms (Maestro and Chassis) comparison between versions.

Table of Contents:

  • Firewall and Security Policy
  • VSX
  • Gaia
  • Installation and Upgrade
  • Logging
  • Cluster
  • VPN
  • Remote Access VPN
  • Network Management
  • Next Generation Security Gateway
  • System Management and Monitoring
  • Rate Limiting and DoS Mitigation
  • Performance Tuning
  • Threat Prevention
  • CloudGuard
  • Mobile Access
  • Identity Awareness
  • Compliance Blade
  • HTTPS Inspection
  • CPDiag
  • Access Control
  • Data Loss Prevention / CA
  • Dynamic Routing

Firewall and Security Policy

Feature R80.20 R80.20SP Comments
L3 Firewall
L2 Firewall (Bridge mode)
ISP Redundancy Supported from R80.20SP Jumbo Hotfix Take 305
Identity Awareness Captive Portal
NAT 64 Supported from R80.20SP Jumbo Hotfix Take 295
Dynamic Anti-Spoofing 



Feature R80.20 R80.20SP Comments
VSX L3 Firewall
VSX L2 Firewall No Support for VSX Multi-Bridge.
Virtual Switches Supported on Maestro with R80.20SP Jumbo Hotfix Take 178
Virtual Routers
Identity Awareness Captive Portal
VSX Multicast
NAT 64 Supported from R80.20SP Jumbo Hotfix Take 295
VSX QoS, Light Weight (CPQoS) (12) SP limitation.
QoS (Floodgate-1)
Dynamic Anti-Spoofing
"vsx_util reconfigure"   After performing "vsx_util reconfigure", it is necessary to install policy on all Virtual Systems.


Installation and Upgrade

Feature R80.20 R80.20SP Comments
CPUSE To be used via global CLISH (gclish) shell only
Hotfix Uninstall Via CPUse
Licensing in SmartUpdate Central Licensing is not supported in Maestro


Gaia OS

Feature R80.20 R80.20SP Comments
Gaia CLI clish gclish
Gaia Portal
First Time Configuration Wizard (Portal + CLI)
Snapshot Restore snapshots only on the same chassis type and SGM model on which it was collected.
Backup / Restore
NTP Client
Alias Interfaces Supported on Security Gateway from R80.20SP Jumbo Hotfix Take 279.



Feature R80.20 R80.20SP Comments
Firewall and Software Blade logs Logs for session connections generated by Software Blades on Scalable Platforms R80.20SP do not show the SGM ID.
Fetch Logs



Feature R80.20 R80.20SP Comments
Cluster HA Chassis only, no unicast CCP
Cluster LS
Cluster VSX HA
Cluster VSX VSLS Maestro from R80.20SP JHF take 163

* Multi-site features are planned for Maestro.



Feature R80.20 R80.20SP Comments
Multicore VPN
Link Selection
Route-Based Probing for link selection Limitation in R80.20SP
Tunnel Sharing modes (per host, subnet, Gateway)
Wire Mode Limitation in R80.20SP
NAT Traversal
"orig_route_params" (magic button)
Peer configured as DAIP (with Dynamically IP address)
Tunnel Test Limitation in R80.20SP
VPN Routing configurations: 
1. Gateway as satellite w/ peers through
2. Client to Site Traffic over Site to Site VPN Tunnel 
Limitation in R80.20SP
Traditional VPN mode Limitation in R80.20SP
Virtual Tunnel Interfaces (VTIs) Limitation in R80.20SP
Corporate Enforcement Limitation in R80.20SP

Remote Access VPN

Feature R80.20 R80.20SP Comments
Office Mode DHCP, RADIUS
Visitor Mode (TCPT)
Change of a Client IP address
Endpoint Security
Simultaneous Login Prevention (SLP) Limitation in R80.20SP
Hub Mode
Location Awareness
User certificate enrollment
Desktop Security
SCV Support

Network Management

Feature R80.20 R80.20SP Comments
Multi Bridge
DHCP Server
DHCP Relay
DHCP Client
Netflow IPFIX
Management Data Plane Separation (MDPS, sk138672) Supported on Chassis with R80.20SP Jumbo Hotfix Take 194


Next Generation Security Gateway

Feature R80.20 R80.20SP Comments
Mirror and Decrypt See the Security Gateway Administration Guide for changes in the configuration procedure
ICAP Client See the Security Gateway Administration Guide for changes in the configuration procedure
ICAP Server
Hardware Security Module (HSM) See the Security Gateway Administration Guide for changes in the configuration procedure
Private ThreatCloud (PTC) For details on how to enable PTC in R80.20SP, see sk161534


System Management and Monitoring

Feature R80.20 R80.20SP Comments

See Scalable Platforms Administration Guide for configuration procedure.

For Maestro, there are no alerts on Orchestrator.

Job Scheduler
CPView Only per SGM, statistics are not aggregated.


Rate Limiting and DoS Mitigation

Feature R80.20 R80.20SP Comments
Penalty Box
Rate Limiting rules- "fw samp" / "fw samp_policy" SGW only. Supported with VSX starting with Jumbo Hotfix Take 266.
Suspicious Activity Monitoring Rules - "fw sam"
Accelerated SYN Defender - "fwaccel synatk" Supported only from Scalable Platform CLI with the "g_fwaccel synatk" command (it is not supported to configure the IPS "SYN Attack" (SYN Defender) protection in SmartConsole)


Performance Tuning

Feature R80.20 R80.20SP Comments
Dynamic Dispatcher
Priority Queues


Threat Prevention

Feature R80.20 R80.20SP Comment
Anti-Spam SGW only
Cloud Threat Emulation
Remote Threat Emulation (Dedicated appliance)
Threat Extraction For known limitations, refer to sk140396



Feature R80.20 R80.20SP Comments
CloudGuard Controller


Mobile Access

Feature R80.20 R80.20SP Comments
Mobile Access


Identity Awareness

Feature R80.20 R80.20SP Comments
Identity Awareness



Feature R80.20 R80.20SP Comments


HTTPS Inspection

Feature R80.20 R80.20SP Comments
SSL inspection



Feature R80.20 R80.20SP Comments


Access Control

Feature R80.20 R80.20SP Comments
Application Control
URL Filtering
Content Awareness
Updatable Objects


Data Loss Prevention / Certificate Authority

Feature R80.20 R80.20SP Comments
DLP SGW only. VSX mode not supported. 


Dynamic Routing

Feature R80.20 R80.20SP Comment
RIP (IPv4)
RIPng (IPv6)
PIM For more information please refer to sk169762.
OSPFv2 (IPv4)
OSPFv3 (IPv6) Supported from R80.20SP Jumbo Hotfix Take 258.
BGP Supports IPv4/IPv6

BGP for IPv6 is supported from R80.20SP Jumbo Hotfix Take 258.
BFD Supports IPv4/IPv6 from R80.20SP Jumbo Hotfix Take 258.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document