Support Center > Search Results > SecureKnowledge Details
Check Point R80.40 Technical Level
Solution
Click Here to Show the Entire Article


Important: Check Point Default version widely recommended for all deployment is R80.40 Take 294 with Jumbo Hotfix Accumulator Take 48.
For more info on all Check Point releases, refer to Release map and Release Terminology articles.

Introduction | What's New | Documentation | Downloads | Released Hotfixes | Additional Downloads and Products | Revision History

Introduction

As our networks continue to increase and the threat landscape continues to evolve, customers need security solutions that allow endless scalability and simple operations. With over 100 new features, R80.40, is imperative for putting our network security on the fast track. Providing unified management for both physical and virtual networks, on premise, and cloud enforcement points. By consolidating all aspects of your security environment seamlessly, it allows you to deploy protections across your organization without impeding business innovation. It also allows full visibility into security across your network in a customizable visual dashboard, helping you monitor and focus on what matters to you. With its scalable, extensible architecture, you can manage the most complex environments easily and efficiently.

The release contains innovations and significant improvements such as:
  • SmartTasks - automates daily work with pre-defined or customizable actions
  • Dedicated HTTPS policy layer - preventing encrypted traffic from Gen V attacks
  • Zero-touch deployment from hours to minutes for installing new gateways
  • IoT Security Manager - identify IoT devices and seamlessly turn their attributes into IoT security policy

 

What's New in R80.40

  IoT Security
A new IoT security controller to:
  • Collect IoT devices and traffic attributes from certified IoT discovery engines (currently supports Medigate, CyberMDX, Cynerio, Claroty, Indegy, SAM and Armis).
  • Configure a new IoT dedicated Policy Layer in policy management.
  • Configure and manage security rules that are based on the IoT devices attributes.
To learn more about configuration, refer to R80.40 Security Management Administration Guide.

  HTTPS Inspection

HTTP/2 

HTTP/2 is an update to the HTTP protocol. The update provides improvements to speed, efficiency and security and results with a better user experience.
  • Check Point's Security Gateway now supports HTTP/2 and benefits better speed and efficiency while getting full security, with all Threat Prevention and Access Control blades, as well as new protections for the HTTP/2 protocol.
  • Support is for both clear and SSL encrypted traffic and is fully integrated with HTTPS Inspection capabilities.

HTTPS Inspection Layer

Provides these new capabilities:
  • A new Policy Layer in SmartConsole dedicated to HTTPS Inspection.
  • Different HTTPS Inspection layers can be used in different policy packages.
  • Sharing of a HTTPS Inspection layer across multiple policy packages.
  • API for HTTPS Inspection operations.

   Threat Prevention
Optimized Security and Productivity for the Different Modes – Threat Extraction works with Threat Emulation to provide users with more productivity without compromising security
  • Background Mode is now called Rapid Delivery to prevent many more malicious files within the emulation window of 3 seconds.
  • Hold Mode is now called Maximum Prevention and provides improved productivity to ensure that all Threat Extraction cleaned documents deliver quickly to end users. Maximum Security minimizes the time users wait without a compromise on security.

Threat Extraction

Automatic Engine Updates – Like the automatic updates to the Threat Emulation engines, you can now receive Threat Extraction updates automatically on your gateways. There is no need to update to a hotfix or a major version. Security improvements, new features and more do not require intervention.
To learn more, refer to the Advanced Threat Emulation Settings Chapter in the R80.40 Threat Prevention Administration Guide.

Anti-Virus and SandBlast Threat Emulation

  • MITRE ATT&CKTM Reporting - Threat Emulation Forensics Reports now include a detailed MITRE ATT&CK Matrix with the detected adversary tactics and techniques for every malicious executable file.

  • Enhanced Support for Archive Files - this engine release includes significant improvements inhandling archive files:
    • Support for password protection for all supported file types, including .7z and .rar. For more details, please refer to sk112821.
    • An improved mechanism to "guess" passwords automatically when it opens password protected archives for emulation.
    • Added support for password-protected archives when the password includes Unicode characters.
    • Stability improvements.
  • Faster delivery of an emulation verdict for documents with embedded files.
  • Enhanced Support for Password-Protected Documents:
    • Admins can now configure a default action for password-protected documents. If such a file is emulated, the file is allowed or blocked by default. To configure a default action, follow the instructions in sk132492.
  • New File Types and Protocols:
    • Attachments from Nested MSG Files - Threat Emulation now supports emulation for files that attach to MSG files that attach to other MSG files.
    • Support for new Archive Formats - WIM, CHM, CramFS, DMG, EXT, FAT, GPT, HFS, IHEX, MBR, MSI, NSIS, NTFS, QCOW2, RPM, SquashFS, UDF, UEFI, VDI, VHD, VMDK, LZH, ARJ, CPIO, AR.
    • SCP and SFTP file transfers can be scanned using SSH Deep Packet Inspection.
    • SMBV3 Multi-Channel Connections – Multi-channel file transfer is on by default on all Windows operating systems. The Check Point Gateway is now the only one in the market that inspects large file transfers through SMBv3 (3.0, 3.0.2, 3.1.1) over multi-channel connections.
  • Enhanced Logging for Emulated Archive Files:
    • The archive file log includes the names of all the files inside.
    • A new log generates for every extracted file from the archive with its emulation results. This log contains the name of the archive file. Logs correlate easily between the archive file and those of the files it contains.
  • Importing SHA-256 IOCs - Anti-Virus now supports SHA-256 hashes as Indicators of Compromise (IOCs). Administrators can import SHA-256 IOCs manually or connect the gateway to a live feed of SHA-256 IOCs. For more information, refer to sk132193.
  • Replacing the Threat Emulation API Certificate - Administrators can now upload their own certificate to use for Threat Emulation API calls to their Threat Emulation appliance. For more information, refer to sk160693.

Email Security

  • Enhanced Support for POP3 and IMAP protocols - Anti-Virus and SandBlast Threat Emulation now support inspection of e-mail over the POP3 protocol and improve inspection of e-mail over the IMAP protocol.
  • Enhanced Protection against BaseStriker - MTA Gateways now protect against malicious emails with URLs that use the BaseStriker technique.
  • Bounce Messages Behavior Change - Modifies the configuration of the MTA so that it tries to send bounce messages only once whether it reaches its destination or not.
  • Enhanced Threat Emulation inspection for files behind shortened links - The body of an email sometimes includes customized Bitly links that point to files. With this release, Threat Emulation scans the files behind these links to detect zero-day attacks. This capability requires Threat Emulation and Anti-Virus to be enabled and MTA must be configure for the Security Gateway.
  • [Early Availability] Click-Time URL Protection - The MTA gateway can now re-write links in incoming emails. When users click on them, the resources (web sites or files) behind the links have inspections again. This prevents delayed attacks where attackers replace the resource behind the link after the email delivery
  • [Early Availability] Anti-Phishing Engine - The MTA gateway introduces a new State of the Art Anti- Phishing engine. This design alerts against and prevents sophisticated phishing, spear phishing, and targeted phishing attacks.

    Want to join the beta and hear more? Contact us at email_security@checkpoint.com.

Other Enhancements

Dynamic, Domain and Updatable Objects can be used in Threat Prevention and HTTPS Inspection Policies.

  Access Control

Identity Awareness

  • Support for Captive Portal integration with SAML 2.0 and third party Identity Providers.
  • Support for Identity Broker for scalable and granular sharing of identity information between PDPs, as well as cross-domain sharing.
  • Enhancements to Terminal Servers Agent for better scaling and compatibility.

IPsec VPN

  • Configure different VPN encryption domains on a Security Gateway that is a member of multiple VPN communities. This provides:
    • Improved privacy - Internal networks are not disclosed in IKE protocol negotiations.
    • Improved security and granularity - Specify which networks are accessible in a specified VPN community.
    • Improved interoperability - Simplified route-based VPN definitions (recommended when you work with an empty VPN encryption domain).
  • Large Scale VPN (LSV) environment - using LSV profiles provides the ability to connect Externally Managed and Third Party VPN peers seamlessly by simply providing them with the same CA certificate used by central Security Gateway.

URL Filtering

  • Improved scalability and resilience.
  • Extended troubleshooting capabilities.

Application Control

  • Improved performance, diagnostics and monitoring tools.

NAT

  • Enhanced NAT port allocation mechanism - on Security Gateways with 6 or more CoreXL Firewall instances, all instances use the same pool of NAT ports, which optimizes the port utilization and reuse.
  • NAT port utilization monitoring in CPView and with SNMP.

Voice over IP (VoIP)

  • Multiple CoreXL Firewall instances handle the SIP protocol to enhance performance.

Remote Access VPN

  • Machine Certificate Authentication - use machine certificate to distinguish between corporate and non-corporate assets adding the ability to restrict access to corporate assets only. Enforcement can be pre-logon (device authentication only) or post-logon (device and user authentication).

Mobile Access Portal Agent

  • Enhanced Endpoint Security on Demand within the Mobile Access Portal Agent to support all major web browsers. For more information, see sk113410.

Mobile Access

  • SMB v2/3 mount support in Mobile Access blade.

  Security Gateway and Gaia

CoreXL and Multi-Queue

  • Security Gateway automatically changes the number of CoreXL SNDs and Firewall instances and the Multi-Queue configuration based on the current traffic load. To learn more, refer to R80.40 Performance Tuning Administration Guide.
  • Priority Queues are enabled by default. For more information see sk105762.

Clustering

  • Multi-Version Clustering (MVC) – ClusterXL acts like a standard cluster running cluster members with different software versions during upgrade scenarios supporting redundancy between members and state synchronization.
  • New ClusterXL mode: Active-Active ,supports running several cluster members in ACTIVE state, each member is a part of a separated routing domain and handles its own traffic, redundancy is kept during failover.
  • Geo-Clustering in Active-Active mode – Supports the configuration of the cluster Sync interface on different subnets while allowing L3 communication between the members on the sync interface. making the requirement for L2 connectivity and a trusted network between the cluster members (while working in Active-Active mode) obsolete.
  • Support for Cluster Control Protocol (CCP) in Unicast mode for any number of cluster members eliminating the need for CCP Broadcast, Multicast or Automatic modes.
  • Configuring VMAC does not require changing the NIC to promiscuous mode.
  • Eliminated the need for MAC Magic configuration when several clusters are connected to the same subnet.
  • Cluster Control Protocol encryption is now enabled by default.

VSX

  • Support for VSX upgrade with CPUSE in Gaia Portal.
  • Support for Active Up mode in VSLS.
  • Support for CPView statistical reports for each Virtual System.

Zero Touch

  • A simple Plug & Play setup process for installing an appliance - eliminating the need for technical expertise and having to connect to the appliance for initial configuration.

Gaia REST API

  • Gaia REST API provides a new way to read and send information to servers that run Gaia Operating System. See sk143612.

CloudGuard IaaS

AWS Data Center enhancements:
  • Load Balancer (ALB and NLB) objects are supported.
  • Security Groups support the use of tags.
  • Subnet objects include IP addresses from all associated Network Interfaces.
Azure Data Center improvements:
  • Load Balancer (Public and Internal) objects are supported.
  • Load Balancers, Virtual Networks, and Network Security Groups support the use of tags.
  • Subnet objects include Front end IP addresses of the Internal Load Balancers.

Advanced Routing

  • Enhancements to OSPF and BGP allow to reset and restart OSPF neighboring for each CoreXL Firewall instance without the need to restart the routed daemon.
  • Enhancing route refresh for improved handling of BGP routing inconsistencies.

New kernel capabilities

  • Upgraded Linux kernel
  • New partitioning system (gpt):
    • Supports more than 2TB physical/logical drives.
  • Faster file system (xfs).
  • Supporting larger system storage (up to 48TB tested).
  • I/O related performance improvements.
  • Multi-Queue - Full Gaia Clish support for Multi-Queue commands.
  • SMB v2/3 mount support in Mobile Access blade.
  • Added NFSv4 (client) support (NFS v4.2 is the default NFS version used). 
  • Support of new system tools for debugging, monitoring and configuring the system.

  Security Management

SMB

1500 appliance series can be managed with R80.40 Security Management Server and R80.40 SmartProvisioning.

Upgrade

A new report for Management Servers upgrades is available. The report shows the current status and progress and is located on the target machine under $MDS_FWDIR/log/upgrade_report-<timestamp>.html. For CPUSE upgrades, the report is available in the CPUSE section of Gaia's WebUI.

Revert to Revision

The Security Management Server architecture supports built-in revisions. Each publish operation saves a new revision that contains only the delta from the previous revision allowing:
  • Safe recovery from a crisis, restore a Domain or a Management Server to a good known revision.
  • Improved policy verification process based on the difference between the current policy and the one contained in the revision database.

Multi-Domain Server

  • Back up and restore an individual Domain Management Server on a Multi-Domain Server.
  • Migrate a Multi-Domain Security Management from one Multi-Domain Server to a different Multi-Domain Server.
  • Migrate a Security Management Server to become a Multi-Domain Security Management on a Multi-Domain Server.
  • Migrate a Domain Management Server to become a Security Management Server.

SmartTasks and API

  • DevOps teams can automate their security and transform it into DevSecOps workflows using Ansible and Terraform. Automate security responses to threats, provision both physical and virtualized next-generation firewalls and automate routine configuration tasks, saving time and reducing configuration errors.
  • New Management API authentication method that uses an auto-generated API Key.
  • New Management API commands to create cluster objects.
  • SmartTasks - Configure automatic scripts or HTTPS requests triggered by administrator tasks, such as publishing a session or installing a policy.
  • Significant increase of performance for multiple set/edit/delete object commands with Batch API.

CloudGuard Controller

  • Generate Events and Automatic Reactions based on CloudGuard Controller logs and events.
  • Performance enhancements for connections to external Data Centers.
  • Integration with VMware NSX-T.
  • Support for additional API commands to create and edit Data Center Server objects.

SmartConsole

  • Central Deployment of Jumbo Hotfix Accumulator and Hotfixes from SmartConsole or via API allowing multiple Security Gateways and Cluster installations in parallel.
  • Object search - support for partial word search using a wildcard, for example: a match is returned for searching *oba for an existing Host named: USGlobalHost

SmartEvent

  • Share SmartView views and reports with other administrators.

Log Exporter

  • Export logs filtered according to field values.
  • Generate SIEM compatible Threat Emulation and Forensics reports.

  Endpoint Security
  • Collect Logs push operations - upload logs and debug information automatically to an FTP server.
  • Support for BitLocker encryption with Full Disk Encryption.
  • Support for external Certificate Authority certificates for Endpoint Security client authentication and communication with the Endpoint Security Management Server.
  • Support for dynamic size of Endpoint Security Client packages based on the selected features for deployment.
  • Policy can now control the level of notifications to end users.
  • Randomize the Malware scan time to make sure that not all computers do a scan at the same time. This makes sure that network performance is not affected by many simultaneous scans.
  • Uninstall Endpoint Security clients using a Challenge-Response process.
  • Gaia Backup includes Endpoint Management components.
  • All client-server communication use HTTPS.
  • Endpoint Security Clients can connect to the Endpoint Security Management Server using FQDN in addition to the IP Address.


Documentation


R80.40 Release Notes

Administration Guides

Resolved Issues

Known Limitations


Downloads

SmartConsole Security Gateway / Standalone / Security Management
   

To upgrade directly to the new default version (GA Take 294 + latest GA Jumbo Hotfix Take) with Blink images, refer to sk165456.
For more information about Blink, see sk120193.

Release map | Upgrade map | Backward Compatibility map | Releases Terminology


Released Hotfixes


Released Hotfixes
sk165456 - Jumbo Hotfix Accumulator for R80.40
For the latest Blink image, see sk165456 - Jumbo Hotfix Accumulator for R80.40
Effective June 15th 2020, SmartConsole package has been updated (Build 398). See sk165473.

Note: R80.40 Security Gateway can now be managed by R80.30 Jumbo HotFix Take 166 and above, R80.20 Jumbo HotFix Take 149 and above,
or R80.10 Jumbo HotFix Take 272 and above


Additional Downloads and Products


Product Download
SmartConsole  Check Point R80.x Cloud Demo (sk103431)
 Portable SmartConsole for R80.x (sk116158)
Blink - Gaia Fast Deployment  For Gaia Security Gateway and Management, see sk120193 
R80.40 Migration Tool for upgrade from R80.10 and below  All Gaia versions and SecurePlatform versions above R75.40 (TGZ) 
 All Windows versions (TGZ)
Upgrade Tools package for upgrade from R80.20 and above    See sk135172
CloudGuard  See sk158292 
ISOMorphic Tool
 For Gaia, SecurePlatform and Linux, see sk65205
DLP Exchange Server  For Windows (TGZ)

 






Check Point CheckMates Community

Education and Training

Upgrade/Download Wizard

Revision History

Show / Hide


Date Description
15 Jun 2020 Updated SmartConsole package to Build 398
10 May 2020 Updated SmartConsole package to Build 396
26 Apr 2020 Updated SmartConsole package to Build 40
16 Mar 2020
  • Updated SmartConsole package to Build 19
  • Added the Released Hotfixes section
10 Feb 2020 Updated the Security Management section in What's New
29 Jan 2020 Added R80.40 Documentation Package
28 Jan 2020 First release of this document

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment