Support Center > Search Results > SecureKnowledge Details
Check Point R80.30 with Gaia 3.10
Solution

Table of Contents:

  • Introduction
  • What's New
  • Supported Platforms
  • Downloads
  • Known Limitations
  • Documentation

Introduction

R80.30, part of the Check Point Infinity architecture, delivers the most innovative and effective security that keeps our customers protected against large scale, fifth generation cyber threats.

This release introduces R80.30 3.10 for Security Gateway and VSX, with major enhancements in firewall resiliency and Clustering mechanism.

This release is considered as a Main Train release, however it is not part of the Check Point R80.30 Release and requires a dedicated image. Note it can be managed by a Check Point R80.30 Security Management Server, which already supports the 3.10 kernel.

Starting August 2019 this release will be supported by a Jumbo Hotfix Accumulator release for both R80.30 3.10 and standard R80.30 versions.


R80.30 3.10 can be managed by the following Security Management Server releases:

Contact Check Point Support to obtain a special Hotfix for R80.10 and R80.20 based on your current Jumbo Hotfix Take.


What's New

  • Improved firewall resiliency
  • Support for IPv6 (resolving R80.20 3.10 limitations)
  • Support for Dynamic CLI - Enhancing Gaia Clish with new Expert mode commands. See sk144112.
  • Clustering and VSX capabilities:
    • Unicast support for Cluster Control Protocol eliminating the need for CCP using Broadcast or Multicast modes
    • MAC magic configuration is no longer needed
    • CCP encryption is enables by default
  • New kernel capabilities:
    • Upgraded Linux kernel
    • New partitioning system (gpt):
      • Supports more than 2TB physical/logical drives
    • Faster file system (xfs)
    • Supporting larger system storage (up to 48TB tested)
    • I/O related performance improvements
    • Multi-Queue (see sk153373):
      • Full Gaia Clish support for Multi-Queue commands
      • Automatic "on by default" configuration
    • SMB v2/3 mount support in Mobile Access blade
    • Added NFSv4 (client) support (NFS v4.2 is the default NFS version used)
    • Support of new system tools for debugging, monitoring and configuring the system:
      • iotop (provides I/O runtime stats)
      • lshw (provides detailed information about all HW)
      • lsusb (provides information about all devices connected to USB)
      • lsscsi (provides information about storage)
      • ps (new version, more counters)
      • psmisc (new version, more counters)
      • top (new version, more counters)
      • iostat (new version, more counters
  • New glibc: glibc-2.17-157
  • New ethtool: ethtool-4.8-7
  • New Bash: bash-4.2.46-29
  • lbzip2 support (free, multi-threaded compression utility)
  • xz support  
  • rsync support 

 

Supported Platforms


Downloads

Take # Date Clean install Link CPUSE upgrade
Take 273 04 July 2019  (ISO)  (TGZ)

 

Known Limitations

ID Description
- Stand-Alone deployment is not supported.
- Connеctivity upgrade is not supported.
GAIA-3380 The 'raid_diagnostic' utility does not work for Gen10 Open servers. 
GAIA-2649 On CloudGuard for AWS, the 'ethtool -G' command is not supported.
GAIA-2648 On CloudGuard for Azure, the 'ethtool -G' command is not supported. 
GAIA-2650 On CloudGuard for AWS, speed and duplex information is not available when using the ethtool. 
GAIA-3205 Cannot change interface link speed to 1000MB after it is changed to 100MB.
GAIA-3180 On HP Open servers with onboard NIC, Interface status in the switch might show as "Connected" even though the state in Gaia is "off"
GAIA-3345 Changing the MTU on the directly connected switches may cause drops of fragmented traffic due to a MTU mismatch. 
ACCL-417 The following were removed: CPView Network -> Top-Protocols and Network -> Top-Connections tabs.
GAIA-3957, GAIA-3944 When running the Hardware Diagnostic options of the RMA tool, "ipsctl_get_family_id:received error" messages may appear. These error messages can be safely ignored.
GAIA-3490 10GbE i40e NICs determine their link-speed based on the type of connected transceiver (1G ot 10G) and cannot be changed manually. 
GAIA-4937 Installing R80.20, R80.20.M2 and R80.30 Security Management Server with CPUSE or Blink on a machine previously installed as a R80.30 Security Gateway that uses the Linux Kernel version 3.10 is not supported.
Instead, it is possible to perform a clean install using an ISO file. 
GAIA-4849 OSPF is not supported with unnumbered VTIs. 
GAIA-5914 Drop templates are not disabled for USFW (User space Firewall mode).
GAIA-6184 "Error while stopping check point processes" error when installing packages on a VSX environment. 
GAIA-4573 Upgrade is only supported between kernel 3.10 versions (R80.20 3.10 and R80.30 3.10)
GAIA-5737 Duplicate ping messages may appear when configuring bonding groups (~30 sec), one over the X722 based network interfaces and the other on Intel X710 Based network interfaces. 

 

Documentation

Administration Guides
R80.30 3.10 Release Notes 
Related Solutions
sk144112 - Gaia Dynamic CLI         

 

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment