Support Center > Search Results > SecureKnowledge Details
Check Point R80.20 for Small and Medium Business Appliances
Solution

Table of Contents

  • Introduction
  • What's New in R80.20 for SMB Appliances
  • Downloads
  • Known Limitations
  • Documentation
  • Revision History 

Introduction

The next family of our Small and Medium Business appliances is based on R80 code.

Check Point's R80.20 release for Small and Medium Business Appliances is supported only on the new 1500 Series Security Gateways. For more information about the 1500 Series, refer to sk157412: 1500 Series Security Gateways.

Check Point is committed to providing the best and most up-to-date security for all deployments including small businesses, medium businesses, and branch offices. The existing 700, 900, 1200R, and 1400 appliance lines will continue to be supported with our R77.20.xx code base.

What's New in R80.20 for SMB Appliances

SMB Next Generation Appliances are R80 code aligned, increasing performance and bringing cutting-edge enterprise grade security to your small and medium size business.

Centrally and locally managed enhancements

  • Application Control and Threat Prevention blades use security packages aligned to enterprise grade appliances to enable comprehensive security.
  • Automatic Device recognition and discovery.
  • Multicore VPN and VPN hardware enabled acceleration.
  • Additional ciphers support for HTTPS Inspection (see sk104562).
  • WatchTower application enhanced features.

Centrally managed enhancements (will be available in the R80.30 Jumbo Hotfix Accumulator and R80.40 Security Management Server releases)

  • Policy layers and sub-policy support for centrally managed mode.
  • Unified access policy support for centrally managed mode (Firewall, Application Control, and URL Filtering).
  • Unified Threat Prevention policy (IPS, Anti-Virus, Anti-Bot, and Threat Emulation Software Blade policies).
  • Acceleration of Domain Objects, Dynamic Objects, and Time Objects for centrally managed mode. 
  • Wildcard network object in Access Control that represents a series of IP addresses that are not sequential.

Locally managed enhancements

  • New Threat Prevention blade control: Unified Threat Prevention policy, easy and intuitive to set and control.
  • New SSL inspection enforcement: Simultaneously support light SSL and Full SSL inspection.
  • Improved High Availability mechanism.
  • WiFi Monitoring - wireless active devices: Track connected devices, signal strength, channel used, and more.
  • WiFi Monitoring - Access point: Monitor your WiFi environment to identify congested channels, frequency used, and signal strength.
  • Audit logs - Log Admin Activities was added to System logs.

Downloads

Note: To download this package you will need to have a Software Subscription or Active Support plan.

Download Package Link
R80.20.00 Build 992000668 for 1500 Appliances 

Known Limitations

The following R77.20.87 features are not yet supported:

  • IMAPS
  • Private Threat Emulation
  • MAC filtering and ARP spoofing
  • FTP is not inspected by Anti-Virus.
  • IPv6
  • VoIP H323 is partially supported. For more information, refer to SMB-10136 in sk159772
  • Centrally managed support (will be supported in R80.30 Jumbo Hotfix Accumulator and R80.40 Security Management Server releases).
  • LSM support (will be supported in R80.30 Jumbo Hotfix Accumulator and R80.40 Security Management Server release).

The following R77.20.87 Known Limitations still apply to R80.20:

Unsupported features:

  • Mobile Access
  • Monitoring
  • Data Loss Prevention (DLP)
  • Threat Extraction
  • Mail Transfer Agent (MTA)
  • Anti-Virus (scans the files only in their compressed form) 
  • Content Awareness
  • Cluster: only HA is supported (load sharing is not supported)

R80.20 Known Limitations (gaps between Gaia Embedded and Gaia):

See sk159772: Check Point R80.20.xx for 1550 / 1590 Appliance Features and Known Limitations
ID Description
General 
SMB-10301
IPv6 packet inspection is not supported and therefore IPv6 traffic will be dropped.

To allow IPv6 traffic:

  1. Go to Device > Advanced Settings > Stateful Inspection - Allow IPv6 packets.
  2. Set the parameter to "true".
Unified Access
SMB-8464 When a QoS rule is configured to be applied to a specific time/day/date, it is not limited to those specifications.
SMB-7992 In locally managed appliances, H.323 is not supported in the hide NAT configuration.
- Identity awareness AD query functionality is supported when the domain controller server is part of one of the internal networks.
Threat Prevention
SMB-9351 Threat emulation is not supported with remote emulation appliances.
SMB-9808 FTP traffic is not inspected by the Anti-Virus blade.
SMB-10233 IMAPS is not supported in the Threat Prevention Software Blades.
SMB-9988
The "Import IPS protections" option fails if done via the WebUI. Offline updates can be installed via CLI.
SMB-10433 In Centrally Managed Gateways, you can not fetch the IPS package from Management.

Workaround:

To install the package:

  1. Enter expert mode. 
  2. Copy $FWDIR/state/local/AMW/local.sd_updates to /storage partition. 
  3. Run: online_update_cmd -b IPS -o offlineUpdate -f storage/local.sd_updates
VPN and Remote Access
SMB-9846 When changing the configuration of an existing VPN Tunnel interface (VTI) from numbered to unnumbered or vice versa, routes which contain the VTI interface as a destination must be redefined.
SMB-10127  In the Logs & Monitoring tab, the "Decrypt" action does not appear on some configurations (for example, PPPoE) but the functionality still works.
SMB-10115
In locally managed mode: When configuring a VPN tunnel with PSK/certificate authentication methods in IKEv2 mode, and a peer in the community is configured with dynamic IP, the tunnel fails to establish.

Workaround:

  1. Go to the VPN tab > Site > Encryption settings.
  2. Select a specific encryption method instead of the default suites.
SMB-10431 During a cluster failover, connected Remote Access users may be disconnected.
Embedded Gaia
SMB-10086 Certain CLISH commands allow configuration of a DMZ interface even though there is no DMZ port on the appliance (relevant to v0 only). 
SMB-10169 Protected devices with names in a non-English language are not displayed properly in the WebUI or on a mobile device due to database restrictions.
SMB-10266 Audit Logs will not be displayed for the following operations:
  • Operations that are done before the First Time Configuration Wizard has finished.
  • Operations that are done from SmartProvisioning.
  • Dynamic routing, fw, cpwd_admin, upgrade and restore CLI commands.
  • For some operations, the audit log will be "admin executed <command_name> command". The log will be written even if the command failed.

 

Documentation

User Guides
1500 Appliance R80.20 Release Notes
1550 Appliance R80.20 Getting Started Guide
1590 Appliance R80.20 Getting Started Guide
1500 Appliance Series R80.20 Locally Managed Administration Guide
1500 Appliance Series R80.20 Centrally Managed Administration Guide
SMB 1500 Appliance CLI Guide R80.20 Reference Guide
Related SecureKnowledge Articles
sk157412: 1500 Series Security Gateways
sk159772: Check Point R80.20 for 1500 Appliances Features and Known Limitations
Related Datasheet
1500 Security Gateways Datasheet


Revision History

Show / Hide this section
Date Description
17 Oct 2019 First Release of this document.

 

Check Point CheckMates Community

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment