Support Center > Search Results > SecureKnowledge Details
R80.20.30 for Quantum Spark Appliances Technical Level
Solution

Table of Contents

  • What's New
  • Supported Appliances
  • Downloads
  • Known Limitations and Resolved Issues
  • Enhancements
  • Documentation
  • Revision History

Important Note: This may not be the latest firmware release. To see the latest firmware release, refer to sk97766.

What's New

IPv6

  • Support for IPv6 local network and internet connections.

  • Support for IPv6 internet connections on internal LTE.

  • DSLite (Dual Stack Lite)

    • Allows tunneling IPv4 traffic over IPv6 networks.

  • IPv6 Prefix Delegation
    For a list of detailed IPv6 features and limitations, see sk174348

VoIP Wizard

New VoIP wizard which simplifies configuration of the five most common VoIP topologies (see sk113573 for more details):

  • IP-Phones (only) behind the firewall that register to an external [cloud] PBX/VoIP Provider.

  • IP-Phones and an Internal PBX that register/use an external [cloud] PBX/VoIP Provider.

  • IP-Phones and Internal PBX(s) behind multiple sites connected through VPN.

  • Soft-Phones and Internal PBX behind multiple sites connected through Client-to-Site VPN.

  • External IP-Phones that register to an internal PBX.

MAC Based Filtering

  • Allow list -EA level

  • Deny list - Add a deny list mode to MAC filtering that can block access to any MAC address that exists in the MAC filtering table.

  • Allow/Deny list is supported on 1500 appliances and applicable only to LAN ports.

LTE enhancements (EA level)

Auto APN based on SIM identifier

  • Automatically set an APN based on SIM MCC/MNC (Mobile Country Code/Mobile Network Code).

    The following carriers are supported (all other carriers can set APN manually). For more information, see sk157412

    • Verizon

    • TELUS

    • Rogers

SMP Access Policy

  • SMP Access Policy Rule Base was enhanced to support the following objects:

    • Applications and custom URLs

    • Domains

    • Geolocation

    • IPv6

Supporting Block page on bridged VLAN

  • New advanced parameter which allow redirect to blocking page on tagged VLAN over bridge

Internet probing for long-term statistics

  • CLI command to enable a user to get statistics about the internet connection quality (latency, packet loss, etc.) during the last 24 hours.

  • Resolution of 1 minute for the last hour and 1 hour resolution for the rest.

Reach My Device (RMD) on demand

  • RMD tunnel to the Security Gateway now only opens on demand. This should increase stability and scalability of RMD services

Secure backup through FTP

  • Ability to save backup files to remote server through SCP, SFTP, FTPS and other protocols in addition to FTP.

Supported Appliances

  • 1500 Series: 1530, 1550, 1570, 1570R, and 1590 appliances.
  • 1600 appliances.
  • 1800 appliances.

Downloads

  • Check the MD5 of the downloaded package before you install it.
  • To download these packages, you need a Software Subscription or Active Support Plan.
Download Package 1500 Appliance 1600/1800 Appliance
R80.20.30 Build 992002285
R80.20.30 Build 992002285 for R80.20 SmartUpdate

Known Limitations and Resolved Issues

  • To view the Known Limitations and Resolved Issues for this release, see sk159772. This is a master list of all issues, arranged according to features.

    In the filter field above each table, enter the string to search for desired results. All rows with relevant information are shown.

    Example:

  • For Known Limitations involving IPv6, see sk174348.

Enhancements

ID Description
- Support for SmartProvisioning scripts on Quantum Spark Appliances (EA level). Running the SmartProvisioning configuration scripts continues when errors are encountered (does not terminate the configuration script).
See the configuration sk174425.
- Support for Block page on bridged VLAN. The new advanced parameter allows to redirect users to a blocking page on a tagged VLAN over a bridge.
See the configuration sk123035.
SMB-15429 Starting in R80.20.30, in setups where all traffic is routed via a VPN peer, it is possible to exclude the connections that originated from the Security Gateway, so they are routed without VPN.
The new global kernel parameter which controls this functionality is "accept_outgoing_without_vpn". By default, its value is 0.
To exclude these connections, set the value of this parameter to 1.
For instructions, see sk26202.
SMB-15153 Added a 'blocklist' mode to MAC filtering (supported on all 1500 series appliances, LAN ports only) to block access for listed MAC addresses.
This is configured only through CLI commands, not in the WebUI.
SMB-15012 Support for sending a backup file to an SFTP server, in addition to a TFTP  server and a USB device.

Documentation

User Guides
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.30 Release Notes
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.30 Locally Managed Administration Guide (English)
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.30 Centrally Managed Administration Guide (English)
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.30 CLI Guide
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.X Dynamic Routing CLI Guide
Related Solutions
sk97766: Check Point 600 / 700 / 910 / 1100 / 1200R / 1400 / 1500 / 1600 / 1800 Quantum Spark Appliance Releases
sk159173: Check Point R80.20 for Small and Medium Business Appliances
sk157412: 1500 Series Security Gateways
sk166654: Check Point 1570R Ruggedized Appliances
sk159772: Check Point SMB R80.20 Appliances Features and Known Limitations
sk168880: 1600 and 1800 Series Security Gateways

Revision History

Show / Hide this section
Date Description
20 July 2021 Added links to the CLI Guides.
13 July 2021 Improved the article layout.
12 July 2021 First release of this document.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment