The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Check Point R81.10
Click Here to Show the Entire Article
Introduction | What's New | Documentation | Installation | Additional Downloads and Products | Revision History
Welcome to Check Point Quantum R81.10, the industry's most advanced Threat Prevention and security management software for network security that delivers uncompromising simplicity and consolidation. R81 introduced the first Autonomous Threat Prevention system that provides fast, self-driven policy creation and one-click security profiles, keeping policies always up to date. Policies install in seconds, upgrades require only one click, and the gateways can simultaneously upgrade in minutes. R81.10 brings a major improvement in operational security efficiency across the management server's reliability, performance, and scale. Critical operations such as APIs, High Availability synchronization, and login are more reliable and faster than ever. In addition, the SmartConsole is automatically updated with the latest fixes and improvements. R81.10 adds new dynamic log distribution to add log server capacity on demand. And as part of Scalable Platforms, R81.10 brings a unique mix and match ability to leverage different Quantum security gateways within a single Quantum Maestro security group.
Maestro as a center in Star community - Satellite peers can communicate with each other through the Center.
Client-to-Site Traffic over a Site to Site VPN Tunnel (Client -> Maestro Gateway -> VPN Peer Gateway -> resource)
Client to Site to Client through a Maestro Gateway (Client -> Maestro -> Client)
VPN local connections that originate from Maestro Security Group Members
Initiate a connection from an Security Group Member if the connection's destination requires encryption
Identity Awareness via VPN - The Identity Source (users database) can be located across a VPN tunnel (especially in the cloud)
Configure Bridge and Multi-Bridge interfaces on a regular Virtual Systems not in Bridge Mode to use features that require an IP address to work, such as Identity Awareness, Threat Emulation, UserCheck Web Portal and Captive Portal.
VPN performance enhancements - Site to Site VPN and Remote Access clients are now handled by two different processes.
Use a loopback interface with Dynamic Routing in ClusterXL environments.
Tighten your policy and reduce the risk of human error through Access Control Rule Base settings and defaults. Watch the video. Note: The new defaults apply only to new R81.10 installations. Upgraded environments can use this feature. However the default behavior from previous versions is kept.
IPv4 PIM enhancements and stability fixes.
Ability to reset OSPFv2 counters.
Ability to configure a Source-Specific Multicast (SSM) source for an IGMPv3 Group.
Support for ECMP algorithms to provide traffic load balancing:
Based on the 2-tuple hash of Source and Destination
Based on the 5-tuple hash of Source, Destination, Source Port, Destination Port, and Protocol
Gaia Operating System
Ability to configure (only in Gaia Clish) the Ciphers and Message. Authentication Codes (MAC) for the built-in OpenSSH Server.
Ability to configure the access to Gaia REST API for specific users.
Added the SNMP OID that returns the current number of entries in the ARP table (.188.8.131.52.4.1.26184.108.40.206.1, or .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.ar pTableInfo.arpTableSize).
Administrator use of CLI to configure the TLS version of the Gaia portal.
Gaia API updated to the latest released version (version 1.5) including new API calls for:
Extended supports for up to 10 ISP links.
Automatic Threat Extraction, Threat Extraction security improvements, and new features are automatically downloaded and applied without the need for human intervention.
AES encryption type configuration for Kerberos Ticket Encryption Methods is now available through Smart Console. For more information, see sk111945.
Significant improvements for the stability and performance of the Management Server, especially for large Management environments under high load:
Faster Administrator operations to the Management Server such as backup and restore, and revisions purge are drastically faster.
Faster execution of Management API functions.
Search and navigate in SmartConsole works more smoothly when concurrent SmartConsole administrators are connected.
Improved stability of the login process to the Management Server using SmartConsole or Management API, when the Management Server is under a heavy load.
Management REST API
New export, import, and upgrade Management APIs for primary Security Management Servers or Multi-Domain Servers.
Unified Management API commands for:
Domain export and backup
Domain import and restore
SmartLSM - REST API commands to simplify the creation of ROBO Gateways.
Automatic updates - SmartConsole detects and installs client updates for the same major version. For more information, see sk171315.
Logging and Monitoring
IPS and Anti-Bot logs now include a MITRE ATT&CK section that details the different techniques for malicious attack attempts. This section provides an easier way to understand an attack by looking at the log card and to export the data to external SIEM systems, and an easy search and filter for attack events based on MITRE techniques.
Dynamic logs distribution - Configure the Security Gateway to distribute logs between multiple active Log Servers to support a better rate of Logs and Log Servers redundancy.
Enhancements to logging services stability.
Management High Availability
Synchronization and stability enhancements.
Significant Full sync duration improvement.
IoT Controller support for Multi-Domain Security Management.
Use group object, Multiple IP addresses and IP ranges in LSM profiles.