List of Resolved issues, New Features and Enhancements in Quantum R81.20 (Titan) Release
Enter the string to filter the below table:
Installation and Upgrade
Added ability to perform an in-place upgrade to Security Management Server or Multi-Domain Security Management Server that runs in CloudGuard for Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), or any other cloud providers.
Enhancement: Changed SNMP custom trap name restrictions:
name can contain only letters, numbers and underscore "_"
name length is a maximum of 128 characters.
When adding a new SNMP custom trap in Clish, when choosing the operator "Changed", the threshold will suggest auto-complete to "change"
When changing in Clish the operator of a custom trap to "Changed", the threshold will automatically change to "change"
UPDATE: The "delete snmp traps polling-frequency" command is deprecated and changed to "set snmp traps polling-frequency default".
Scheduled snapshots and backups can now be scheduled hourly (every hour of the day or in specific hour/s) or at intervals (every x minutes).
When selecting an SMB appliance in the SmartConsole License tab, SmartConsole shows the error "Security Gateway not found" or "This action is not supported for Quantum Spark appliances with Gaia Embedded OS".
Quantum Security Management
Enhancement: R81.20 Security Management Server can manage R81.10 Gaia Embedded appliances.
Enhancement: Improved the flow of migration from a Standalone environment to a distributed environment located in Smart-1 Cloud or on-premises. Refer to sk179444.
SmartConsole shows the error "Publish failed due to session validation errors. Resolve the errors shown in the validation pane and publish again." when publishing a session after editing more than one interface in a cluster object and clicking OK. However, no errors or messages appear in the Validation Pane.
SmartConsole / Management Console
Enhancement: Added the option to open SmartConsole with the parameter file that opens the Identity Provider to authenticate without indicating the IP address or the Authentication method.
Enhancement: SmartConsole will show a warning about deleted Data Center objects in the "Validation" tab.
UPDATE: The location of the operation progress bar on the final page of the VSX Gateway creation wizard was changed.
UPDATE: The"Apply" button in custom traps is changed to be "disabled" before changes and after applying the relevant changes.
"Take over failed" error appears when canceling an administrator session takeover.
In SmartConsole, the sorting in table columns with numeric values is alphabetical and not numerical.
In some scenarios, editing the Threat Profile without any change creates a duplication of the profile.
NEW: Added support for:
QoS blade in R80.20 Quantum Spark Appliances (15xx/1600/1800) LSM Profile.
"Pending" policy installation state specific to Quantum Spark Appliances on QoS policy installation on R80.20 Security Gateways (15xx/1600/1800).
After you upgrade a Security Gateway (or Cluster) managed with SmartProvisioning, you must enable the SmartProvisioning again.
In SmartProvisioning, the Push Policy operation fails on SmartLSM objects R81.10 and lower, in which the selected SmartLSM Security Profile has any of the Threat Prevention Software Blades enabled.
Enhancement: Best Practices were improved:
Added New Best Practice to check if URL Filtering & Application Control are enabled in Access Policy
URL Filtering & Application Control Best Practices show "N/A" when URL Filtering & Application Control disabled in Access Policy
Some IPS Best Practices moved to FireWall Best Practice
Enhancement: Added new regulations:
SAMA Cybersecurity framework
Quantum Security Gateway
Enhancement: Added support for IPv6 static routes via a logical interface. Users can specify a logical interface as the next hop gateway for an IPv6 static route, on which matching traffic will be forwarded.
Enhancement: Added destination filtering to the "show route bgp" command and its derivatives. Examples: show route bgp aspath destination 126.96.36.199 show route bgp communities destination 188.8.131.52 show route bgp detailed destination 184.108.40.206
Enhancement: Added Support for Remote Access VPN group policies. Note: login options (authentication methods) are shared between all group policies.
UPDATE: Decreased the default value of core dump files, which are created when the Security Gateway crashes.
Enhancement: Starting from R81.20, IPS Update packages are stored in the new location: the /var/log/IPS directory. Refer to sk176665.
Enhancement: You can block or allow sites that the Check Point Cloud Service is unable to classify as Phishing or Benign.
To block unclassified sites, run this command on the Security Gateway CLI: zph att set inbrowser_block_unclassified_sites 1
To allow unclassified sites (default), run this command on the Security Gateway CLI: zph att set inbrowser_block_unclassified_sites 0
Changing the ClusterXL mode to Load Sharing Multicast with the Management REST API is not supported.
Connections do not survive failover in a ClusterXL configured in the Active/Standby Bridge mode. As a result, a cluster failover may take longer than it should.
Enhancement: Added commands to view policy-based routing information per individual action tables: "show pbr table TABLENAME" and "show pbr rule PRIORITY".
Enhancement: Added IPv4/IPv6 address filtering to "show bgp peers adj-rib-in/out" command using "af" flag.
Enhancement: Added more detailed information for SSL clients in "vpn tu tlist" command.
Client Setting "Calculate IP based on topology" breaks when using host. Refer to sk120121.
Enhancement: Anti-Spoofing for virtual devices can now be configured via vsx_provisioning_tool.
NEW: Added support for CloudGuard Controller on Active/Active cluster (Geo cluster) in AWS. Refer to sk175904.
NEW: Added support for VMware NSX Object - IP Set Objects with ranges or CIDR block notations.
Policy Verification fails in this specific scenario:
There are two specific rules in the policy - one below the other (not necessarily adjacent)
The lower rule of the two: Contains one or more Data Center objects in the Source or Destination column
The upper rule of the two:
Contains the "Negate" condition in the same column where the Data Center objects are used in the lower rule
Contains the same objects in the "Services & Applications" column as the lower rule
Enhancement: The Maestro Orchestrator will read the IP address range for CIN interfaces from the smodb.json database.
Enhancement: Added support for user authentication with SAML in Maestro Security Groups for:
Remote Access VPN
The BMAC address on Scalable Chassis is not updated after moving an SGM from one slot to a different slot. (The issue applies to Security Gateway only, not to VSX.)
The asg if command fails displaying "missing close-brace" error details.
Give us Feedback
Thanks for your feedback!
Are you sure you want to rate this stars?