Support Center > Search Results > SecureKnowledge Details
Check Point R81.20 (Titan) Resolved Issues and Enhancements Technical Level

This article lists all new features and issues that have been resolved in Check Point Quantum R81.20 (Titan) Release.

Installation and Upgrade  |   Gaia OS  |   License  |   Security Management  |   SmartConsole  |   SmartProvisioning  |   Compliance  |
  Security Gateway  |   IPS  |   Threat Prevention  |   Cluster |   Routing |   VPN |   VSX |   CloudGuard ControllerScalable Platforms

List of Resolved issues, New Features and Enhancements in Quantum R81.20 (Titan) Release

Enter the string to filter the below table:

ID Symptoms
Installation and Upgrade
VSECPC-1341 Added ability to perform an in-place upgrade to Security Management Server or Multi-Domain Security Management Server that runs in CloudGuard for Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), or any other cloud providers.
Gaia OS
PMTR-71544 Enhancement: Changed SNMP custom trap name restrictions:
  • name can contain only letters, numbers and underscore "_"
  • name length is a maximum of 128 characters.
PMTR-73867 Enhancement: 
  • When adding a new SNMP custom trap in Clish, when choosing the operator "Changed", the threshold will suggest auto-complete to "change"
  • When changing in Clish the operator of a custom trap to "Changed", the threshold will automatically change to "change"
PMTR-71547 UPDATE: The "delete snmp traps polling-frequency" command is deprecated and changed to "set snmp traps polling-frequency default".
PMTR-74256 Scheduled snapshots and backups can now be scheduled hourly (every hour of the day or in specific hour/s) or at intervals (every x minutes).
PMTR-83038 When selecting an SMB appliance in the SmartConsole License tab, SmartConsole shows the error "Security Gateway not found" or "This action is not supported for Quantum Spark appliances with Gaia Embedded OS".
Quantum Security Management
PMTR-73021 Enhancement: R81.20 Security Management Server can manage R81.10 Gaia Embedded appliances.
PMTR-85292 Enhancement: Improved the flow of migration from a Standalone environment to a distributed environment located in Smart-1 Cloud or on-premises. Refer to sk179444.
PMTR-68323 SmartConsole shows the error "Publish failed due to session validation errors. Resolve the errors shown in the validation pane and publish again." when publishing a session after editing more than one interface in a cluster object and clicking OK.
However, no errors or messages appear in the Validation Pane.
SmartConsole / Management Console
PMTR-83170 Enhancement: Added the option to open SmartConsole with the parameter file that opens the Identity Provider to authenticate without indicating the IP address or the Authentication method.
PMTR-78883 Enhancement: SmartConsole will show a warning about deleted Data Center objects in the "Validation" tab.
PMTR-79733 UPDATE: The location of the operation progress bar on the final page of the VSX Gateway creation wizard was changed.
PMTR-69996 UPDATE: The "Apply" button in custom traps is changed to be "disabled" before changes and after applying the relevant changes. 
PMTR-32595 "Take over failed" error appears when canceling an administrator session takeover.
PMTR-65106 In SmartConsole, the sorting in table columns with numeric values is alphabetical and not numerical.
PMTR-82536 In some scenarios, editing the Threat Profile without any change creates a duplication of the profile.
NEW: Added support for:
  • QoS blade in R80.20 Quantum Spark Appliances (15xx/1600/1800) LSM Profile.
  • "Pending" policy installation state specific to Quantum Spark Appliances on QoS policy installation on R80.20 Security Gateways (15xx/1600/1800).
PMTR-53925 After you upgrade a Security Gateway (or Cluster) managed with SmartProvisioning, you must enable the SmartProvisioning again.
PMTR-66989 In SmartProvisioning, the Push Policy operation fails on SmartLSM objects R81.10 and lower, in which the selected SmartLSM Security Profile has any of the Threat Prevention Software Blades enabled.
PMTR-73605 Enhancement: Best Practices were improved:
  • Added New Best Practice to check if URL Filtering & Application Control are enabled in Access Policy
  • URL Filtering & Application Control Best Practices show "N/A" when URL Filtering & Application Control disabled in Access Policy
  • Some IPS Best Practices  moved to FireWall Best Practice 
PMTR-81675 Enhancement: Added new regulations:
  • ISO 27001:2013
  • SAMA Cybersecurity framework
Quantum Security Gateway
PMTR-61444 Enhancement: Added support for IPv6 static routes via a logical interface. Users can specify a logical interface as the next hop gateway for an IPv6 static route, on which matching traffic will be forwarded.
PMTR-74261 Enhancement: Added destination filtering to the "show route bgp" command and its derivatives.
show route bgp aspath destination
show route bgp communities destination
show route bgp detailed destination 
PMTR-83158 Enhancement: Added Support for Remote Access VPN group policies.
Note: login options (authentication methods) are shared between all group policies.
PMTR-86820 UPDATE: Decreased the default value of core dump files, which are created when the Security Gateway crashes.
PMTR-61444 Enhancement: Starting from R81.20, IPS Update packages are stored in the new location: the /var/log/IPS directory. Refer to sk176665.
Threat Prevention
PMTR-74908 Enhancement: You can block or allow sites that the Check Point Cloud Service is unable to classify as Phishing or Benign.

To block unclassified sites, run this command on the Security Gateway CLI:
zph att set inbrowser_block_unclassified_sites 1

To allow unclassified sites (default), run this command on the Security Gateway CLI: 
zph att set inbrowser_block_unclassified_sites 0
Changing the ClusterXL mode to Load Sharing Multicast with the Management REST API is not supported.
Connections do not survive failover in a ClusterXL configured in the Active/Standby Bridge mode. As a result, a cluster failover may take longer than it should.
PMTR-52550 Enhancement: Added commands to view policy-based routing information per individual action tables: "show pbr table TABLENAME" and "show pbr rule PRIORITY".
PMTR-55424 Enhancement: Added IPv4/IPv6 address filtering to "show bgp peers adj-rib-in/out" command using "af" flag.
PMTR-78188 Enhancement: Added more detailed information for SSL clients in "vpn tu tlist" command.
Client Setting "Calculate IP based on topology" breaks when using host. Refer to sk120121.
PMTR-84467 Enhancement: Anti-Spoofing for virtual devices can now be configured via vsx_provisioning_tool.
CloudGuard Controller
NEW: Added support for CloudGuard Controller on Active/Active cluster (Geo cluster) in AWS. Refer to sk175904.
VSECC-1075 NEW: Added support for VMware NSX Object - IP Set Objects with ranges or CIDR block notations.
PMTR-69263 Policy Verification fails in this specific scenario:
  1. There are two specific rules in the policy - one below the other (not necessarily adjacent)
  2. The lower rule of the two:
    Contains one or more Data Center objects in the Source or Destination column
  3. The upper rule of the two:
    1. Contains the "Negate" condition in the same column where the Data Center objects are used in the lower rule
    2. Contains the same objects in the "Services & Applications" column as the lower rule
Scalable Platforms
Enhancement: The Maestro Orchestrator will read the IP address range for CIN interfaces from the smodb.json database.
PMTR-67805 Enhancement:  Added support for user authentication with SAML in Maestro Security Groups for:
  • Remote Access VPN
  • Mobile Access
  • Identity Awareness
The BMAC address on Scalable Chassis is not updated after moving an SGM from one slot to a different slot. (The issue applies to Security Gateway only, not to VSX.)
PMTR-74253 The asg if command fails displaying "missing close-brace" error details. 

Give us Feedback
Please rate this document