Support Center > Search Results > SecureKnowledge Details
Check Point R81.10 Technical Level
Solution

Click Here to Show the Entire Article

Introduction  |  What's New  Documentation Installation Additional Downloads and Products Revision History

  Introduction

Welcome to Check Point Quantum R81.10, the industry's most advanced Threat Prevention and security management software for network security that delivers uncompromising simplicity and consolidation. R81 introduced the first Autonomous Threat Prevention system that provides fast, self-driven policy creation and one-click security profiles, keeping policies always up to date. Policies install in seconds, upgrades require only one click, and the gateways can simultaneously upgrade in minutes. R81.10 brings a major improvement in operational security efficiency across the management server's reliability, performance, and scale. Critical operations such as APIs, High Availability synchronization, and login are more reliable and faster than ever. In addition, the SmartConsole is automatically updated with the latest fixes and improvements. R81.10 adds new dynamic log distribution to add log server capacity on demand. And as part of Scalable Platforms, R81.10 brings a unique mix and match ability to leverage different Quantum security gateways within a single Quantum Maestro security group.

  What's New in R81.10


     Quantum Security Gateway and Gaia

Maestro Hyperscale

  • Maestro Orchestrator is aligned with the latest version R81.10 as part of the main-train release and includes the latest Gaia fixes and improvements.
  • Ability to upgrade Security Groups and Orchestrators to the latest R81.10 version. For the list of supported versions see "Supported Upgrade Paths" on page 17 of Release Notes.
  • Mix appliances - The ability to include different appliance models in the same Security Group.
  • Alignment with standard Security Gateway features: 
    • VPN Tunnel Interface (VTI)
      • Route Based VPN
      • Enable BGP and OSPF Dynamic Routing Protocols on VTIs
    • Tunnel Management - Permanent Tunnels
      • Tunnel Testing for Permanent Tunnels
      • Dead Peer Detection (DPD)
    • Link Selection
      • Service Based Link Selection (sk56384)
      • IP Selection by Remote Peer
        • High Availability
        • Load Sharing
      • Outgoing Route Selection
      • Route-based probing
    • Back-to-back tunnels (hub and spokes)
      • Maestro as a center in Star community - Satellite peers can communicate with each other through the Center.
      • Client-to-Site Traffic over a Site to Site VPN Tunnel (Client -> Maestro Gateway -> VPN Peer Gateway -> resource)
      • Client to Site to Client through a Maestro Gateway (Client -> Maestro -> Client)
    • VPN local connections that originate from Maestro Security Group Members
      • Initiate a connection from an Security Group Member if the connection's destination requires encryption
      • Identity Awareness via VPN - The Identity Source (users database) can be located across a VPN tunnel (especially in the cloud)

VSX

  • Configure Bridge and Multi-Bridge interfaces on a regular Virtual Systems not in Bridge Mode to use features that require an IP address to work, such as  Identity Awareness, Threat Emulation, UserCheck Web Portal and Captive Portal.

IPsec VPN

  • VPN performance enhancements - Site to Site VPN and Remote Access clients are now handled by two different processes.

Clustering

  • Use a loopback interface with Dynamic Routing in ClusterXL environments.

Access Control

  • Tighten your policy and reduce the risk of human error through Access Control Rule Base settings and defaults. Watch the video.
    Note: The new defaults apply only to new R81.10 installations. Upgraded environments can use this feature. However the default behavior from previous
    versions is kept.

Advanced Routing

  • IPv4 PIM enhancements and stability fixes.
  • Ability to reset OSPFv2 counters.
  • Ability to configure a Source-Specific Multicast (SSM) source for an IGMPv3 Group.
  • Support for ECMP algorithms to provide traffic load balancing:
    • Based on the 2-tuple hash of Source and Destination
    • Based on the 5-tuple hash of Source, Destination, Source Port, Destination Port, and Protocol

Gaia Operating System

  • Ability to configure (only in Gaia Clish) the Ciphers and Message. Authentication Codes (MAC) for the built-in OpenSSH Server.
  • Ability to configure the access to Gaia REST API for specific users.
  • Added the SNMP OID that returns the current number of entries in the ARP table
    (.1.3.6.1.4.1.2620.1.6.22.1, or
    .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.ar
    pTableInfo.arpTableSize).
  • Administrator use of CLI to configure the TLS version of the Gaia portal.
  • Gaia API updated to the latest released version (version 1.5) including new API calls for:
    • SNMP
    • GRE
    • VXLAN
    • Static route
    • Scheduled snapshots

ISP Redundancy

  • Extended supports for up to 10 ISP links.

Threat Extraction

  • Automatic Threat Extraction, Threat Extraction security improvements, and new features are automatically downloaded and applied without the need for human intervention.

Identity Awareness

  • AES encryption type configuration for Kerberos Ticket Encryption Methods is now available through Smart Console. For more information, see sk111945.


     Quantum Security Management

Security Management Servers Enhancements

  • Significant improvements for the stability and performance of the Management Server, especially for large Management environments under high load:
    • Faster Administrator operations to the Management Server such as backup and restore, and revisions purge are drastically faster.
    • Faster execution of Management API functions.
    • Search and navigate in SmartConsole works more smoothly when concurrent SmartConsole administrators are connected.
  • Improved stability of the login process to the Management Server using SmartConsole or Management API, when the Management Server is under a heavy load.

Management REST API

  • New export, import, and upgrade Management APIs for primary Security Management Servers or Multi-Domain Servers.
  • Unified Management API commands for:
    • Domain export and backup
    • Domain import and restore
  • SmartLSM - REST API commands to simplify the creation of ROBO Gateways.

SmartConsole

  • Automatic updates - SmartConsole detects and installs client updates for the same major version. For more information, see sk171315.

Logging and Monitoring

  • IPS and Anti-Bot logs now include a MITRE ATT&CK section that details the different techniques for malicious attack attempts. This section provides an easier way to understand an attack by looking at the log card and to export the data to external SIEM systems, and an easy search and filter for attack events based on MITRE techniques.
  • Dynamic logs distribution - Configure the Security Gateway to distribute logs between multiple active Log Servers to support a better rate of Logs and Log Servers redundancy.
  • Enhancements to logging services stability.

Management High Availability

  • Synchronization and stability enhancements.
  • Significant Full sync duration improvement.

Multi-Domain Server

  • IoT Controller support for Multi-Domain Security Management.

SmartLSM

  • Use group object, Multiple IP addresses and IP ranges in LSM profiles.


     CloudGuard Network Security
  • Use AWS Security Token Service (STS) Assume Role to simplify the access to AWS Data Centers.
  • Create Azure Data Centers on different Azure cloud environments in parallel including Azure Global, Azure Government, and Azure China.


     Harmony Endpoint
Harmony Endpoint Web Management enhancements to allow these configurations:
  • Media Encryption & Port Protection policy
  • Firewall policy
  • Application Control policy
  • Developer protection policy
  • Push Operation for Host Isolation and Client Uninstall


  Documentation


Release Notes


Administration Guides


Resolved Issues


Known Limitations

  Installation


   Quantum Security Gateway

Clean install

Upgrade

 

 


For instructions for Scalable Platforms, refer to sk173363.
For Gaia Fast Deployment (Blink), refer to sk120193. Check Point recommends to upgrade using SmartConsole or CDT.

 


   Quantum Security Management and Multi-Domain Server

Clean install

Upgrade

 

 

For Gaia Fast Deployment (Blink), refer to sk120193. Check Point recommends to upgrade using SmartConsole or CDT.         


   SmartConsole
                            

                         For Web SmartConsole, see sk170314


Release map | Upgrade map | Backward Compatibility map | Releases Terminology



  Additional Downloads and Products



Product Download
SmartConsole  Portable SmartConsole for R80.x (sk116158)
 Check Point R80.x Cloud Demo (sk103431)
Upgrade Tools package (Migration Tool) for upgrade from R80.20 and above  See sk135172
Gaia Fast Deployment (Blink)  See sk120193
ISOMorphic Tool
 For Gaia, SecurePlatform and Linux, see sk65205
DLP Exchange Server  For Windows (TGZ)








Check Point CheckMates Community

Education and Training

Upgrade/Download Wizard

  Revision History


Show / Hide


Date Description
06 Jul 2021  First release of this document

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment