Support Center > Search Results > SecureKnowledge Details
Check Point R81.20 (Titan) Resolved Issues and Enhancements Technical Level
Solution

This article lists all new features and issues that have been resolved in Check Point Quantum R81.20 (Titan) Release.



Installation and Upgrade  |   Gaia OS  |   License  |   Security Management  |   SmartConsole  |   SmartProvisioning  |   Compliance  |
  Security Gateway  |   IPS  |   Threat Prevention  |   Cluster |   VPN |   VSX |   CloudGuard ControllerScalable Platforms


List of Resolved issues, New Features and Enhancements in Quantum R81.20 (Titan) Release


Enter the string to filter the below table:

ID Symptoms
Installation and Upgrade
VSECPC-1341 Added ability to perform an in-place upgrade to Security Management Server or Multi-Domain Security Management Server that runs in CloudGuard for Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), or any other cloud providers.
Gaia OS
PMTR-74256 Scheduled snapshots and backups can now be scheduled hourly (every hour of the day or in specific hour/s) or at intervals (every x minutes).
License
PMTR-83038 When selecting an SMB appliance in the SmartConsole License tab, SmartConsole shows the error "Security Gateway not found" or "This action is not supported for Quantum Spark appliances with Gaia Embedded OS".
Quantum Security Management
PMTR-73021 Enhancement: R81.20 Security Management Server can manage R81.10 Gaia Embedded appliances.
PMTR-85292 Enhancement: Improved the flow of migration from a Standalone environment to a distributed environment located in Smart-1 Cloud or on-premises. Refer to sk179444.
PMTR-68323 SmartConsole shows the error "Publish failed due to session validation errors. Resolve the errors shown in the validation pane and publish again." when publishing a session after editing more than one interface in a cluster object and clicking OK.
However, no errors or messages appear in the Validation Pane.
SmartConsole / Management Console
PMTR-83170 Enhancement: Added the option to open SmartConsole with the parameter file that opens the Identity Provider to authenticate without indicating the IP address or the Authentication method.
PMTR-79733 UPDATE: The location of the operation progress bar on the final page of the VSX Gateway creation wizard was changed.
PMTR-32595 "Take over failed" error appears when canceling an administrator session takeover.
PMTR-65106 In SmartConsole, the sorting in table columns with numeric values is alphabetical and not numerical.
PMTR-82536 In some scenarios, editing the Threat Profile without any change creates a duplication of the profile.
SmartProvisioning
PMTR-69874,
PMTR-71387
NEW: Added support for:
  • QoS blade in R80.20 Quantum Spark Appliances (15xx/1600/1800) LSM Profile.
  • "Pending" policy installation state specific to Quantum Spark Appliances on QoS policy installation on R80.20 Security Gateways (15xx/1600/1800).
PMTR-53925 After you upgrade a Security Gateway (or Cluster) managed with SmartProvisioning, you must enable the SmartProvisioning again.
PMTR-66989 In SmartProvisioning, the Push Policy operation fails on SmartLSM objects R81.10 and lower, in which the selected SmartLSM Security Profile has any of the Threat Prevention Software Blades enabled.
Compliance
PMTR-73605 Enhancements: Best Practices were improved:
  • Added New Best Practice to check if URL Filtering & Application Control are enabled in Access Policy
  • URL Filtering & Application Control Best Practices show "N/A" when URL Filtering & Application Control disabled in Access Policy
  • Some IPS Best Practices  moved to FireWall Best Practice 
Quantum Security Gateway
PMTR-61444 Enhancement: Added support for IPv6 static routes via a logical interface. Users can specify a logical interface as the next hop gateway for an IPv6 static route, on which matching traffic will be forwarded.
PMTR-74261 Enhancement: Added destination filtering to the "show route bgp" command and its derivatives.
Examples:
show route bgp aspath destination 2.2.2.2
show route bgp communities destination 2.2.2.2
show route bgp detailed destination 2.2.2.2 
PMTR-86820 UPDATE: Decreased the default value of core dump files, which are created when the Security Gateway crashes.
IPS
PMTR-61444 Enhancement: Starting from R81.20, IPS Update packages are stored in the new location: the /var/log/IPS directory. Refer to sk176665.
Threat Prevention
PMTR-74908 Enhancement: You can block or allow sites that the Check Point Cloud Service is unable to classify as Phishing or Benign.

To block unclassified sites, run this command on the Security Gateway CLI:
zph att set inbrowser_block_unclassified_sites 1

To allow unclassified sites (default), run this command on the Security Gateway CLI: 
zph att set inbrowser_block_unclassified_sites 0
Cluster
PMTR-60458,
PROV-2306
Changing the ClusterXL mode to Load Sharing Multicast with the Management REST API is not supported.
VPN
PMTR-78188 Enhancement: Added more detailed information for SSL clients in "vpn tu tlist" command.
PMTR-17565,
PMTR-17557
Client Setting "Calculate IP based on topology" breaks when using host. Refer to sk120121.
VSX
PMTR-84467 Enhancement: Anti-Spoofing for virtual devices can now be configured via vsx_provisioning_tool.
CloudGuard Controller
PRHF-20096,
PMTR-78173
NEW: Added support for CloudGuard Controller on Active/Active cluster (Geo cluster) in AWS. Refer to sk175904.
VSECC-1075 NEW: Added support for VMware NSX Object - IP Set Objects with ranges or CIDR block notations.
PMTR-69263 Policy Verification fails in this specific scenario:
  1. There are two specific rules in the policy - one below the other (not necessarily adjacent)
  2. The lower rule of the two:
    Contains one or more Data Center objects in the Source or Destination column
  3. The upper rule of the two:
    1. Contains the "Negate" condition in the same column where the Data Center objects are used in the lower rule
    2. Contains the same objects in the "Services & Applications" column as the lower rule
Scalable Platforms
PMTR-82967,
MBS-14962
Enhancement: The Maestro Orchestrator will read the IP address range for CIN interfaces from the smodb.json database.
PMTR-83089,
MBS-14167
The BMAC address on Scalable Chassis is not updated after moving an SGM from one slot to a different slot. (The issue applies to Security Gateway only, not to VSX.)
PMTR-74253 The asg if command fails displaying "missing close-brace" error details. 

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment