Support Center > Search Results > SecureKnowledge Details
Check Point R80.30 with Gaia 3.10
Solution

Table of Contents:

  • Introduction
  • Key Features
  • Supported Platforms
  • Downloads
  • Resolved Issues
  • Known Limitations
  • Documentation

Introduction

R80.30, part of the Check Point Infinity architecture, delivers the most innovative and effective security that keeps our customers protected against large scale, fifth generation cyber threats.

This release introduces R80.30 3.10 for Security Gateway and VSX, with major enhancements in firewall resiliency and Clustering mechanism.

This release is considered as a Main Train release, however it is not part of the Check Point R80.30 Release and requires a dedicated image. Note it can be managed by a Check Point R80.30 Security Management Server, which already supports the 3.10 kernel.

Starting August 2019 this release will be supported by a Jumbo Hotfix Accumulator release for both R80.30 3.10 and standard R80.30 versions.


R80.30 3.10 can be managed by the following Security Management Server releases:

Contact Check Point Support to obtain a special Hotfix for R80.10 and R80.20 based on your current Jumbo Hotfix Take.


Key Features

  • Improved firewall resiliency
  • Support for IPv6 (resolving R80.20 3.10 limitations)
  • Support for Dynamic CLI - Enhancing Gaia Clish with new Expert mode commands. See sk144112.
  • Clustering and VSX capabilities:
    • Unicast support for Cluster Control Protocol eliminating the need for CCP using Broadcast or Multicast modes
    • MAC magic configuration is no longer needed
    • CCP encryption is enables by default
  • New kernel capabilities:
    • Upgraded Linux kernel
    • New partitioning system (gpt):
      • Supports more than 2TB physical/logical drives
    • Faster file system (xfs)
    • Supporting larger system storage (up to 48TB tested)
    • I/O related performance improvements
    • Multi-Queue (see sk153373):
      • Full Gaia Clish support for Multi-Queue commands
      • Automatic "on by default" configuration
    • SMB v2/3 mount support in Mobile Access blade
    • Added NFSv4 (client) support (NFS v4.2 is the default NFS version used)
    • Support of new system tools for debugging, monitoring and configuring the system:
      • iotop (provides I/O runtime stats)
      • lshw (provides detailed information about all HW)
      • lsusb (provides information about all devices connected to USB)
      • lsscsi (provides information about storage)
      • ps (new version, more counters)
      • psmisc (new version, more counters)
      • top (new version, more counters)
      • iostat (new version, more counters
  • New glibc: glibc-2.17-157
  • New ethtool: ethtool-4.8-7
  • New Bash: bash-4.2.46-29
  • lbzip2 support (free, multi-threaded compression utility)
  • xz support  
  • rsync support 

 

Supported Platforms

Product Details
16000 and 26000 appliances 26000/26000T, 16000/16000T
CloudGuard
  • VMWare
  • KVM
  • Hyper-V
  • AHV
Open Servers 


Downloads

Take # Date Clean Install CPUSE Upgrade
Take 273 04 July 2019  (ISO)  (TGZ)
Take 300 23 September 2019    (ISO)  (TGZ)

 

Also see sk153152 - Jumbo Hotfix Accumulator for R80.30 (R80_30_jumbo_hf)

Note: Starting from Take 50 of R80.30 Jumbo Hotfix Accumulator:

 

Resolved Issues

R80.30 with Gaia 3.10 Take 300
ID Description
GAIA-6457 In a rare scenario, memory leak appears when sending fragmented Multicast traffic
GAIA-5914 Drop templates are not disabled for USFW (User space Firewall mode).
GAIA-6172 In some scenarios, a new hotfix installation via CPUSE fails on VSX. Refer to sk159713
GAIA-5883 In rare scenario, when configured as a proxy/ICAP client, a Security gateway may crash when using HTTPS Policy Categorization. 
GAIA-6397 In some scenarios, traffic does not pass in VSX setup with VS-VSW-VS topology and some Threat prevention blades enabled on VSs. 
GAIA-6324 In some scenarios, sending IP fragmented traffic through a Virtual Switch or Virtual Router fails with "Virtual defragmentation error".
GAIA-6325,
PMTR-39660
In a rare scenario, when SecureXL is enabled, a VSX gateway may crash. Refer to sk160912.
GAIA-6260,
STRM-149
In some scenarios, a remote client disconnects after one hour although the session is not idle. Refer to sk160213.
GAIA-6383 Improved scalability and resiliency of URL Filtering service. 
PRHF-4499,
PRHF-3608
On cluster, Drop templates are disabled on reboot. Refer to sk153412

 

 

Known Limitations

ID Description
- Stand-Alone deployment is not supported.
- Connеctivity upgrade is not supported.
GAIA-3380 The 'raid_diagnostic' utility does not work for Gen10 Open servers. 
GAIA-2649 On CloudGuard for AWS, the 'ethtool -G' command is not supported.
GAIA-2648 On CloudGuard for Azure, the 'ethtool -G' command is not supported. 
GAIA-2650 On CloudGuard for AWS, speed and duplex information is not available when using the ethtool. 
GAIA-3205 Cannot change interface link speed to 1000MB after it is changed to 100MB.
GAIA-3180 On HP Open servers with onboard NIC, Interface status in the switch might show as "Connected" even though the state in Gaia is "off"
GAIA-3345 Changing the MTU on the directly connected switches may cause drops of fragmented traffic due to a MTU mismatch. 
ACCL-417 The following were removed: CPView Network -> Top-Protocols and Network -> Top-Connections tabs.
GAIA-3957, GAIA-3944 When running the Hardware Diagnostic options of the RMA tool, "ipsctl_get_family_id:received error" messages may appear. These error messages can be safely ignored.
GAIA-3490 10GbE i40e NICs determine their link-speed based on the type of connected transceiver (1G ot 10G) and cannot be changed manually. 
GAIA-4937 Installing R80.20, R80.20.M2 and R80.30 Security Management Server with CPUSE or Blink on a machine previously installed as a R80.30 Security Gateway that uses the Linux Kernel version 3.10 is not supported.
Instead, it is possible to perform a clean install using an ISO file. 
GAIA-4849 OSPF is not supported with unnumbered VTIs. 
GAIA-5914

Drop templates are not disabled for USFW (User space Firewall mode).

  • Fixed in Take 300
GAIA-6184 "Error while stopping check point processes" error when installing packages on a VSX environment. 
GAIA-4573 Upgrade is only supported between kernel 3.10 versions (R80.20 3.10 and R80.30 3.10)
GAIA-5737 Duplicate ping messages may appear when configuring bonding groups (~30 sec), one over the X722 based network interfaces and the other on Intel X710 Based network interfaces. 
GAIA-5732,
PRJ-2583
The fw ctl multik utilize command is not supported in the User Mode Firewall (USFW). 

 

Documentation

Administration Guides
R80.30 3.10 Release Notes 
Related Solutions
sk144112 - Gaia Dynamic CLI         

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment