Support Center > Search Results > SecureKnowledge Details
Comparison between R81 and R81 for Scalable Platforms Technical Level
Solution

This is a features comparison between R81 and R81 for Scalable Platforms.

For more information, see sk173183 - Scalable Platforms (Maestro and Chassis) comparison between versions.

Table of Contents:

  • Firewall and Security Policy
  • VSX
  • Gaia
  • Installation and Upgrade
  • Logging
  • Cluster
  • VPN
  • Remote Access VPN
  • Network Management
  • Next Generation Security Gateway
  • System Management and Monitoring
  • Rate Limiting and DoS Mitigation
  • Performance Tuning
  • Threat Prevention
  • CloudGuard
  • Mobile Access
  • Identity Awareness
  • Compliance
  • HTTPS Inspection
  • CPDiag
  • Access Control
  • Data Loss Prevention / Certificate Authority
  • Advanced Routing
  • Dynamic Routing

Firewall and Security Policy

Feature R81 R81 for SP Comments
L3 Firewall      
L2 Firewall (Bridge mode)      
QoS      
ISP Redundancy      
Multicast      
Identity Awareness Captive Portal      
NAT IPv4 / NAT IPv6      
NAT 64      
Dynamic Anti-Spoofing       
Support for Domain objects, Updatable objects, Security Zones, Access Roles and Data Center objects    
Hit Count for NAT rules    
NAT Enhanced policy    
Accelerated Policy Installation      

 

VSX

Feature R81 R81 for SP Comments
VSX L3 Firewall       
VSX L2 Firewall     No Support for VSX Multi-Bridge.
Virtual Switches    
Virtual Routers      
Identity Awareness Captive Portal      
VSX Multicast      
NAT IPv4 / NAT IPv6      
NAT 64      
VSX QoS, Light Weight (CPQoS) (12)     SP limitation.
QoS (Floodgate-1)      
Dynamic Anti-Spoofing      
"vsx_util reconfigure"      After running the "vsx_util reconfigure" command, you must install policy on all Virtual Systems.
Downgrade VSX management objects to earlier versions using the "vsx_util"    
Support for Domain objects, Updatable objects, Security Zones, Access Roles and Data Center objects    
NAT Enhanced policy    

 

Installation and Upgrade

Feature R81 R81 for SP Comments
CPUSE     To be used via Global Clish (gclish) shell only
Hotfix Uninstall     Using the CPUSE
Licensing in SmartUpdate     Installation of a Central license with SmartUpdate requires a policy installation on the Security Gateway / VSX Gateway (context of the VS0) in order to propagate the license to all members.

 

Gaia OS

Feature R81 R81 for SP Comments
Gaia CLI clish gclish  
Gaia Portal    
First Time Configuration Wizard (Portal + CLI)      
Snapshot     Restore snapshots only on the same chassis type and SGM model on which it was collected.
Backup / Restore      
NTP Client      
RADIUS / TACACS Users      
Alias Interfaces     
The Google Compute Engine Virtual Network Interface (gVNIC)    
Virtual Extensible LAN (VXLAN)    
Generic Routing Encapsulation (GRE)    
Link Layer Discovery Protocol (LLDP) configuration trough CLISH and the Gaia Portal    
IP address conflict detection    
Multi-Queue for Gaia Management interfaces    
Gaia REST API    

 

Logging

Feature R81 R81 for SP Comments
Firewall and Software Blade logs     Logs for session connections generated by Software Blades on R81 for Scalable Platforms do not show the SGM ID.
Syslog      
Fetch Logs      
UserCheck      

 

Cluster

Feature R81 R81 for SP Comments
Cluster HA     Chassis only, no unicast CCP
Cluster LS    
Cluster VSX HA  
Cluster VSX VSLS  

* More than two sites are planned for Maestro.

 

VPN

Feature R81 R81 for SP Comments
IKEv1      
IKEv2      
Multicore VPN      
Dynamic Routing VPN through Virtual Tunnel Interface (VTI)     Solved in R81 Jumbo HF Take_34 and R81.10
Link Selection      
Route-Based Probing for link selection     Limitation from R80.20SP
Tunnel Sharing modes (per host, subnet, Gateway)      
Wire Mode     Limitation from R80.20SP
NAT Traversal      
"orig_route_params" (magic button)      
Peer configured as DAIP (with Dynamic IP address)      
Tunnel Test     Limitation from R80.20SP
VPN Routing configurations: 
1. Gateway as satellite w/ peers through
2. Client to Site Traffic over Site to Site VPN Tunnel 
    Limitation from R80.20SP
Traditional VPN mode     Limitation from R80.20SP
Virtual Tunnel Interfaces (VTIs)     Limitation from R80.20SP
Corporate Enforcement     Limitation from R80.20SP
Multiple ciphers for external Security Gateways in a single VPN community    
SHA-512    


Remote Access VPN

Feature R81 R81 for SP Comments
Office Mode      DHCP, Radius
Visitor Mode (TCPT)    
Client IP change    
SNX    
Endpoint Security    
Simultaneous Login Prevention (SLP)     Limitation from R80.20SP
Hub Mode    
Location Awareness    
User certificate enrollment    
Desktop Security    
SCV Support    


Network Management

Feature R81 R81 for SP Comments
Multi Bridge    
DHCP Server    
DHCP Relay    
DHCP Client    
Netflow IPFIX    
Management Data Plane Separation (MDPS, sk138672)    

 

Next Generation Security Gateway

Feature R81 R81 for SP Comments
Mirror and Decrypt     See the Security Gateway Administration Guide for changes in the configuration procedure
ICAP client     See the Security Gateway Administration Guide for changes in the configuration procedure
ICAP Server    
Hardware Security Module (HSM)     See the Security Gateway Administration Guide for changes in the configuration procedure
Private ThreatCloud (PTC)     For details on how to enable PTC in R81 for Scalable Platforms, see sk161534

 

System Management and Monitoring

Feature R81 R81 for SP Comments
SNMP    
Alerts    

See Scalable Platforms Administration Guide for configuration procedure.

For Maestro, there are no alerts on Orchestrator.

Job Scheduler    
CPView     Only per SGM, statistics are not aggregated.

 

Rate Limiting and DoS Mitigation

Feature R81 R81 for SP Comments
Penalty Box    
Rate Limiting rules - "fw samp" / "fw samp_policy"     Replaced by the "fwaccel dos" commands
Suspicious Activity Monitoring Rules - "fw sam"     Replaced by the "fwaccel dos" commands
Accelerated SYN Defender - "fwaccel synatk"     Supported only from Scalable Platform CLI with the "g_fwaccel synatk" command (it is not supported to configure the IPS "SYN Attack" (SYN Defender) protection in SmartConsole)

 

Performance Tuning

Feature R81 R81 for SP Comments
Dynamic Dispatcher      
Priority Queues    

 

Threat Prevention

Feature R81 R81 for SP Comment
IPS    
Anti-Bot    
Anti-Virus    
Anti-Malware    
Anti-Spam     Security Gateway only
Cloud Threat Emulation    
Remote Threat Emulation (Dedicated appliance)    
Threat Extraction     For known limitations, refer to sk148074

 

CloudGuard

Feature R81 R81 for SP Comments
CloudGuard Controller    

 

Mobile Access Blade

Feature R81 R81 for SP Comments
Mobile Access Blade    

 

Identity Awareness

Feature R81 R81 for SP Comments
Identity Awareness    
Azure Active Directory support    
Identity Awareness nested groups    
Security ID (SID) support    

 

Compliance

Feature R81 R81 for SP Comments
Compliance    

 

HTTPS Inspection

Feature R81 R81 for SP Comments
SSL inspection    
FutureX Hardware Security Module (HSM)      Not supported with TLS 1.3
TLS 1.3     TLS 1.3 is off by default and is only applicable if User Space Firewall (USFW) is active.

 

CPDiag

Feature R81 R81 for SP Comments
CPDiag    

 

Access Control

Feature R81 R81 for SP Comments
Application Control    
URL Filtering    
Content Awareness    
Updatable Objects    

 

Data Loss Prevention / Certificate Authority

Feature R81 R81 for SP Comments
DLP     Security gateway only.
VSX mode not supported. 
CA    

Advanced Routing

Feature R81 R81 for SP
OSPFv3 AH authentication for OSPFv3 protocol security    
IPv6 route aggregation    
IPv4/IPv6 NAT-pool routes    
Routing Information Protocol (RIP) route sync    
PIM restart capability    


Dynamic Routing

Feature R81 R81 for SP Comment
RIP (IPv4)    
RIPng (IPv6)    
PIM    
OSPFv2 (IPv4)    
OSPFv3 (IPv6)    
BGP     Supports IPv4/IPv6
BFD     Supports IPv4/IPv6
PBR    
BGP support for VxLAN interfaces    
Dynamic Routing support for GRE interfaces    

 

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment