Support Center > Search Results > SecureKnowledge Details
Scalable Platforms (Maestro and Chassis) comparison between versions Technical Level
Solution

Table of Contents:

  • Firewall and Security Policy
  • VSX
  • Installation and Upgrade
  • Gaia OS
  • Logging
  • Cluster
  • VPN
  • Remote Access VPN
  • Network Management
  • Quantum Security Gateway
  • System Management and Monitoring
  • Rate Limiting and DoS Mitigation
  • Performance Tuning
  • Threat Prevention
  • CloudGuard Controller
  • Mobile Access
  • Mail Transfer Agent
  • Identity Awareness
  • Compliance
  • HTTPS Inspection
  • CPDiag
  • Access Control
  • Data Loss Prevention / Certificate Authority
  • Dynamic Routing
  • Maestro Hyperscale Orchestrator
  • Related Articles

Firewall and Security Policy

Enter the string to filter this table:

Feature R80.20SP R80.30SP R81 R81.10 R81.20 Comment
L3 Firewall
L2 Firewall (Bridge mode)
  • R80.30SP, R81, R81.10: Not supported in Dual Site
  • R81.10: Supported from R81.10 JHF Take 14
QoS R81: Supported from JHF Take 51
ISP Redundancy R80.20SP: Supported from JHF Take 305

R80.30SP: Supported from JHF Take 73
Multicast
Identity Awareness Captive Portal
NAT IPv4
NAT IPv6
NAT 64
NAT Enhanced Policy
Dynamic Anti-Spoofing
IP Block feature R80.30SP: Supported from JHF Take 56
CGNAT R80.20SP: Requires a special Management Server based on R80.30 (sk169415)
GTP inspection
HTTP / HTTPS proxy
Point-to-Point Protocol over Ethernet (PPPoE) 
Management-as-a-Service (MaaS)
Fast Policy installation sk169096


VSX

Enter the string to filter this table:

Feature R80.20SP R80.30SP R81 R81.10 R81.20 Comment
VSX L3 Firewall
VSX L2 Firewall No Support for VSX Multi-Bridge.
Virtual Switches R80.20SP: Supported from JHF Take 178

R80.30SP: Supported from JHF Take 73
Virtual Routers
Identity Awareness Captive Portal
VSX Multicast
NAT IPv4
NAT IPv6
NAT 64
VSX QoS, Light Weight (CPQoS)
QoS Software Blade (Floodgate-1)
"vsx_util reconfigure" After running the "vsx_util reconfigure" command, you must install policy on all Virtual Systems


Installation and Upgrade

Enter the string to filter this table:

Feature R80.20SP R80.30SP R81 R81.10 R81.20 Comment
Upgrade N/A Upgrade is supported only to R81.10 and up (see the Release Notes)
CPUSE To be used in the Global Clish (gclish) shell only
Hotfix Installation / Uninstall To be used in the Global Clish (gclish) shell only
Licensing in SmartUpdate Central Licensing is not supported on Maestro


Gaia OS

Enter the string to filter this table:

Feature R80.20SP R80.30SP R81 R81.10 R81.20 Comment
Gaia CLI gclish gclish gclish gclish gclish
Gaia Portal
First Time Configuration Wizard (Portal + CLI)
Snapshot R81: Does not support Scheduled Snapshots

R81.20 - does not support Snapshot from gClish when using mixed appliances
Backup / Restore R80.30SP: Scheduled Backup is supported from JHF Take 56

R81: Gaia Backup is fully supported from JHF Take 13 (Gaia Snapshots are fully supported)
NTP Client PMTR-74933:
NTP connections from the Security Group to an NTP server are supported only through the data interfaces (not supported through the Mgmt / MAGG interface of the Security Group).
RADIUS / TACACS Users R80.30SP: Remote authentication for Expert mode using RADIUS / TACACS+ servers is not supported.
Alias Interfaces R80.20SP: Supported from JHF Take 279

R80.30SP: Supported from JHF Take 49


Logging

Enter the string to filter this table:

Feature R80.20SP R80.30SP R81 R81.10 R81.20 Comment
Firewall and Software Blade logs Logs for session connections generated by Software Blades on Scalable Platforms R80.20SP do not show the SGM ID / Security Group Member ID.
Syslog
Fetch Logs
UserCheck
Log Server Distribution R80.20SP: Supported from JHF Take 105

R81.10: New feature - Log Server Clustering


Cluster

Enter the string to filter this table:

Feature R80.20SP R80.30SP R81 R81.10 R81.20 Comment
Cluster HA Scalable Chassis only

No unicast CCP
Cluster LS
Cluster VSX HA
Cluster VSX VSLS Maestro R80.20SP: Supported from JHF Take 163
Same VMAC R80.20SP:
Supported from JHF Take 258

R81:
Early Availability

See:
sk165674 
Cluster Control Protocol (CCP) encryption
Interface Active Check feature
Unique IP per Chassis / Site IPv4 only
Multi-Version Cluster (MVC) New feature in R81.20


VPN

Enter the string to filter this table:

Feature R80.20SP R80.30SP R81 R81.10 R81.20 Comment
IKEv1
IKEv2
Multicore VPN
Link Selection
Route-Based Probing for Link Selection
Tunnel Sharing modes (per Host, per Subnet, per Gateway)
Wire Mode
NAT Traversal
"orig_route_params" (magic button)
peer configured as DAIP (dynamic IP)
Tunnel Test
VPN Routing configuration:
1. Gateway as a Satellite with peers
2. Client-to-Site Traffic over a Site-to-Site VPN Tunnel
Traditional VPN mode
Virtual Tunnel Interfaces (VTIs)
Corporate Enforcement
Multiple ciphers for external Gateways in a single VPN community
SHA-512
Machine Certificate Authentication
SmartLSM


Remote Access VPN

Enter the string to filter this table:

Feature R80.20SP R80.30SP R81 R81.10 R81.20 Comment
Office Mode DHCP, RADIUS
Visitor Mode (TCPT)
Change of a Client IP Address
SSL Network Extender (SNX)
Endpoint Security Client
Simultaneous Login Prevention (SLP)
Hub Mode
Location Awareness
User certificate enrollment
Desktop Security
Secure Configuration Verification (SCV) Support


Network Management

Enter the string to filter this table:

Feature R80.20SP R80.30SP R81 R81.10 R81.20 Comment
DHCP Server
DHCP Relay
DHCP Client
Netflow IPFIX
Management Data Plane Separation (MDPS, sk138672) R80.20SP: Supported only on Scalable Chassis from JHF Take 210

R80.30SP: Supported from JHF Take 73
Proxy ARP


Quantum Security Gateway

Enter the string to filter this table:

Feature R80.20SP R80.30SP R81 R81.10 R81.20 Comment
Mirror and Decrypt See the Security Gateway Administration Guide for the configuration procedure
ICAP Client See the Security Gateway Administration Guide for the configuration procedure
ICAP Server
Hardware Security Module (HSM) See the Security Gateway Administration Guide for the configuration procedure
Private ThreatCloud (PTC) R80.20SP: For details on how to enable PTC, see sk161534


System Management and Monitoring

Enter the string to filter this table:

Feature R80.20SP R80.30SP R81 R81.10 R81.20 Comment
SNMP For supported SNMP MIBs and OIDs, see sk168878
Alerts See the Maestro Administration Guide / Scalable Platforms Administration Guide for the configuration procedure
Job Scheduler
CPView Only per SGM / Security Group Member.

Statistics are not aggregated.
Monitoring Software Blade (SmartView Monitor)


Rate Limiting and DoS Mitigation

Enter the string to filter this table:

Feature R80.20SP R80.30SP R81 R81.10 R81.20 Comment
Penalty Box
Rate Limiting rules- "fw samp" / "fw samp_policy" g_fwaccel dos rate g_fwaccel dos rate g_fwaccel dos rate R80.20SP: Supported in SGW mode only. Supported in VSX mode from JHF Take 266.

R81: See sk112454.
Suspicious Activity Monitoring Rules- "fw sam" This feature has been discontinued
Accelerated SYN Defender- "fwaccel synatk" Supported only from the Scalable Platform CLI with the "g_fwaccel synatk" command (not supported to use the "fwaccel synatk" command on a Management Server)


Performance Tuning

Enter the string to filter this table:

Feature R80.20SP R80.30SP R81 R81.10 R81.20 Comment
CoreXL Dynamic Dispatcher See sk105261
Firewall Priority Queues See sk105762 
Dynamic Balancing for CoreXL sk164155


Threat Prevention

Enter the string to filter this table:

Feature R80.20SP R80.30SP R81 R81.10 R81.20 Comment
IPS Software Blade
Anti-Bot Software Blade
Anti-Virus Software Blade
Anti-Malware
Anti-Spam Software Blade Supported in SGW mode only
Cloud Threat Emulation
Remote Threat Emulation (Dedicated appliance)
Threat Extraction Software Blade R80.20SP: Supported in SGW mode from JHF Take 279. Supported in VSX mode from JHF Take 304.

For known limitations, see sk140396.

R80.30SP: Supported from JHF Take 73
Custom Intelligence Feeds R80.20SP: Supported from JHF Take 283 (see sk132193)


CloudGuard

Enter the string to filter this table:

Feature R80.20SP R80.30SP R81 R81.10 R81.20 Comment
CloudGuard Controller


Mobile Access Software Blade

Enter the string to filter this table:

Feature R80.20SP R80.30SP R81 R81.10 R81.20 Comment
Mobile Access Software Blade
Mobile Access Portal Agent


Mail Transfer Agent

Enter the string to filter this table:

Feature R80.20SP R80.30SP R81 R81.10 R81.20 Comment
MTA


Identity Awareness Software Blade

Enter the string to filter this table:

Feature R80.20SP R80.30SP R81 R81.10 R81.20 Comment
Identity Awareness Software Blade
Azure Active Directory support
Identity Awareness nested groups
Security ID (SID) support
Identity Broker
SAML


Compliance Software Blade

Enter the string to filter this table:

Feature R80.20SP R80.30SP R81 R81.10 R81.20 Comment
Compliance Software Blade


HTTPS Inspection

Enter the string to filter this table:

Feature R80.20SP R80.30SP R81 R81.10 R81.20 Comment
SSL inspection
FutureX Hardware Security Module (HSM)
  • R81-R81.10: Only available when the User Space Firewall (USFW) is enabled
  • R81: Disabled by default
TLS 1.3 TLS 1.3 is disabled by default and is only applicable if the User Space Firewall (USFW) is enabled


CPDiag

Enter the string to filter this table:

Feature R80.20SP R80.30SP R81 R81.10 R81.20 Comment
CPDiag


Access Control

Enter the string to filter this table:

Feature R80.20SP R80.30SP R81 R81.10 R81.20 Comment
Application Control Software Blade
URL Filtering Software Blade
Content Awareness Software Blade
Updatable Objects


Data Loss Prevention / Certificate Authority

Enter the string to filter this table:

Feature R80.20SP R80.30SP R81 R81.10 R81.20 Comment
Data Loss Prevention (DLP) Software Blade Supported in SGW mode only. VSX mode is not supported.

Fingerprint and "Ask" action are not supported.
Certificate Authority


Dynamic Routing

Enter the string to filter this table:

Feature R80.20SP R80.30SP R81 R81.10 R81.20 Comment
RIP (IPv4)
RIPng (IPv6)
PIM R80.20SP: For more information, see sk169762

R81.10: PIM is supported starting in Take 61 
OSPFv2 (IPv4)
OSPFv3 (IPv6) R80.20SP: Supported from JHF Take 258

R80.30SP:
Supported from JHF Take 97
BGP (IPv4)
BGP (IPv6) R80.20SP: Supported from JHF Take 258

R80.30SP: Supported from JHF Take 97
BFD R80.20SP: Supports IPv4/IPv6 from JHF Take 258

R80.30SP: Supported from JHF Take 97
PBR R80.20SP: Supported in VSX mode from JHF take 178 (sk137232)

R80.30SP: Supported in VSX mode from JHF Take 73
IPv6 R80.20SP: Supported from JHF Take 240

R80.30SP:
Supported from JHF Take 97
BGP support for VxLAN interfaces
Dynamic Routing support for GRE interfaces
IS-IS


Maestro Hyperscale Orchestrator

Enter the string to filter this table:

Feature R80.20SP R81.10 R81.20 Comment
Mix and Match
Shared Uplinks
Fast Forward (MXL) new feature in R81.20
Auto Scale new feature in R81.20

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment