Gaia is Check Point's next generation operating system for security applications. In Greek mythology, Gaia is the mother of all, representing closely integrated parts to form a single, efficient system. The Gaia Operating System supports the full portfolio of Check Point Software Blades, Gateway and Security Management products. Gaia is a single, unified network security OS that combines the best of Check Point's SecurePlatform operating system, and IPSO, the operating system from the appliance security products. Gaia is available for all Check Point security appliances and open servers.
Designed from the ground up for modern high-end deployments, Gaia includes support for:
IPv4 and IPv6 - fully integrated into the Operating System.
High Connection Capacity - 64bit support.
Load Sharing - ClusterXL and Interface bonding.
High Availability - ClusterXL, VRRP, Interface bonding.
Dynamic and Multicast Routing - BGP, OSPF, RIP, and PIM-SM, PIM-DM, IGMP.
Easy to use Command Line Interface - Commands are structured using the same syntactic rules. An enhanced help system and auto-completion further simplifies user operation.
Role Based Administration- Enables Gaia administrators to create different roles. Administrators can allow users to access features by adding those functions to the user's role definition. Each role can include a combination of administrative (read/write) access to some features, monitoring (read-only) access to other features, and no access to other features.
Simple and Easy upgrade - from IPSO and SecurePlatform.
Gaia Software Updates
Get updates for licensed Check Point products directly through the Operating System.
Download and install the updates more quickly. Download automatically, manually, or periodically. Install manually or periodically.
Get email notifications for new available updates and for downloads and installations.
Easy rollback from new update.
Gaia Web User Interface
The Gaia Portal is an advanced, web-based interface for configuring Gaia platforms. Almost all system configuration tasks can be done through this Web-based interface.
Easy Access - Simply go to https://<Device_IP_Address>.
Browser Support - Internet Explorer, Firefox, Chrome and Safari.
Powerful Search Engine - makes it easy to find features or functionality to configure.
Easy Operation - two operating modes: 1. Simplified mode shows only basic configuration options. 2. Advanced mode shows all configuration options. You can easily change modes.
Web-Based Access to Command Line - Clientless access to the Gaia CLI directly from your browser.
R75.40 Gaia Feature Release (Gaia+)
The following features are available in R75.40 Gaia Feature Release (Gaia+) fresh install. They are not available when upgrading to R75.40 Gaia:
Support for PPPoE interfaces. See sk79880 for information about SecureXL known limitations with regards to PPPoE.
SNMP Traps can be configured to be sent if RAID issues occur.
TACACS+ authentication.
e1000 driver has been updated to version 7.6.15.
Monitor mode now works on 10GbE ports, effectively implementing sk73180. In addition, "one legged" bridge is created automatically, when enabling monitor mode, effectively implementing sk70900.
2012 appliances now have the ability to automatically fetch a license during the First Time Wizard.
Note: all former Check Point appliance series (UTM-1/Smart-1/Power-1) are supported with R75.40, for further information please refer to R75.40 Release Notes.
Anti-Bot
Check Point Anti-Bot prevents damage and blocks bot communication between infected hosts and a remote operator.
The Anti-Bot Software Blade:
Uses the multi-layered ThreatSpect engine to analyze network traffic and identify bot infected machines in the organization.
The ThreatCloud repository receives updates and allows for classification of unidentified IP, URL, and DNS resources.
Uses different views and reports to provide threat visibility for the organization and help assess damages and decide on corrective actions.
Integrates with other Software Blades for a unique Anti-Bot and Anti-Malware solution on a Security Gateway.
New Anti-Virus
Check Point Anti-Virus provides superior Anti-Virus protection against modern malware multiple attack vectors and threats.
The Anti-Virus Software Blade:
Offers powerful security coverage by supporting millions of signatures.
Leverages the Check Point ThreatCloud repository to identify and block incoming malicious files (such as exe, doc, xls, pdf) from entering the organization.
Prevents web-based malware download from sites known to contain malware.
Uses different views and reports to provide threat visibility for the organization and help assess damages and decide on corrective actions.
Consolidated Anti-Bot and Anti-Virus approach for dealing with malware threats (including policy setting, event analysis, and malware reports).
Uses a separate policy installation (together with the Anti-Bot Software Blade) to minimize risk and operational impact.
IPS
Significant reduction (about 90%) of false positives of non-compliant HTTP and TCP-streaming protections and of redundant logs.
Increase pattern granularity - Header rejection, Http worm catcher and Cifs worm catcher patterns were converted into separate protections, giving more granularity in their settings. This feature is installed during the first IPS update process (online update, offline update or scheduled update).
Implied exceptions - Built-in exceptions to allow Check Point products trusted traffic.
New tool to control IPS functionality from the gateway through CLI.
Improved TCP streaming infrastructure.
Enhanced HTTP and Web Sockets protection.
Improved TAP mode support.
Granular TCP logging.
New GEO database and additional countries and significantly improved accuracy.
Application Control and URL Filtering
Use the Limit action in rules to limit the bandwidth permitted for a rule.
Add a Time object to a rule to make the rule active only during specified times.
The UserCheck client adds the option to send notifications for applications that are not in a web browser, such as Skype or iTunes.
New UserCheck features: Cancel button on messages and UserCheck Frequency.
If traffic is not detected by other applications, it is declared an unknown application. This lets you block all unknown traffic and better handle known traffic.
Data Loss Prevention
Watermarking: Add visible and hidden marks to Microsoft Office documents when they are sent as email attachments (outgoing and internal emails).
Visible Watermarks alert users to sensitive document content when viewed or printed. Examples:
Add customized text footer to Power Point slides: "Highly Restricted, sent by John Smith on 7/7/11".
Add a large diagonal "Classified" visible watermark on the first page of Word documents that match a DLP rule.
Hidden Watermarks are encrypted and let DLP tag documents without affecting format.
Does not change the visible document layout.
The tag can be identified in DLP scans.
The tag can be used for forensic analysis to track leaked documents.
Improved Privacy Options:
Can choose to not store original messages with the DLP incident.
Send the original email to the data owner.
Easy to view HTML-based messages include highlighted matched content and masked credit card numbers.
Time Object:
Limit rules to certain times of the day, day of week or day of month.
Stop DLP rules on set date, when the data is no longer sensitive (for example, after financial data is publicly released).
Improved Compliance and Matching:
Easily view and quickly apply multiple compliance-related rules.
Improved template matching identifies files by text and by embedded images (for example, upload company logo to match documents using the company template with that logo embedded).
New Message Attributes data type to match based on overall message size, number of attachments, and number of words.
UserCheck
In Application and URL Filtering, UserCheck Frequency lets you set the number of times that users get UserCheck messages for accessing applications that are not permitted by the policy. You can also set the notifications to be based on accessing the rule, application category, or the application itself.
UserCheck Scoping enhances notifications to match not only by rule, but also by category and site in the Application Control rulebase.
A dedicated UserCheck agent on the endpoint gives users notifications and options, according to your rules, when their user actions match DLP or Application and URL Filtering rules.
If you don't need users to enter their reason for wanting to do an action that is caught by DLP or Application and URL Filtering rules, you can disable this requirement. See the UserCheck Interaction window > Conditions.
Cancel button added to the Inform and Ask web pages, to stop loading a requested page or to stop an email in progress.
UserCheck Revoke Page lets you delete (revoke) all UserCheck entries when you access the Revoke Page (https:///RevokePage).
Identity Awareness
New Identity acquisition methods:
Terminal Servers / Citrix communicate with the gateway through one IP address, but are used to host multiple users. The gateway identifies the originating user behind connections from these multi-user hosts.
Transparent Portal Authentication redirects an unauthenticated user to a URL, for authentication (using Kerberos SSO) and then redirects the user back to the originally requested URL. If the transparent authentication fails, the user is redirected to the Captive Portal for manual authentication. The new Browser-Based Authentication lets you configure Captive Portal and Transparent Portal Authentication for Identity Awareness.
SSO with Remote Access Clients integrates the Mobile Access blade with the Identity Awareness blade. It adds identity data for VPN client users (coming from E75.x clients, E80.x clients, SecureClient, SSL Network Extender, and so on).
Identity Agent for MAC OS (10.6 and 10.7). It can be downloaded from the Identity Awareness Captive Portal.
Nested Groups are enforced by the Identity Awareness blade. You can set a parent group as an Access Role in a rule, and it applies to all users in the sub groups.
SmartEvent
Reports:
New Reports tab, for richer management functionality of SmartEvent reports and ease of use.
Output reports to PDF.
New layout for Anti-Malware reports.
Anti-Bot and Anti-Virus X 5:
Enhanced overall support for Anti-Bot and Anti-Virus X 5.
SmartEvent Intro for Anti-Bot and Anti-Virus X 5.
Usability and Performance Enhancements:
Summary view of grouped Events tab supported in Application Control and Anti-Malware events.
Easy to activate SmartEvent on a standalone environment - no configuration needed, just activate the Software Blade on the Security Management Server properties.
Enhanced SmartEvent performance: support for 2 Million events per day (8,000 to 15,000 users behind Application Control and URL Filtering).
HTTPS Inspection
Support for HTTPS Inspection on inbound traffic.
Automatic update for Trusted CA list.
HTTPS Proxy
You can configure a Security Gateway to be an HTTP/HTTPS web proxy, in transparent or non-transparent mode.
IPsec
Support for Suite-B GCM encryption. See RFC 6379 for more information.
SmartLog
SmartLog is a next generation solution for managing logs generated by Check Point Security Gateways. This solution is designed to answer the challenges of storing, searching and filtering logs in modern environments with continually increasing log volume. SmartLog has full-text, ultra-fast search capability, and can search huge quantities of log files in seconds.
Enhancements
General
New SmartLog for full-text, ultra-fast search over billions of log records.
Configure Multi Portal access through VPN clients (connected with Office Mode), to protect your portals from external network exposure. This new option applies to all portals: Mobile Access Portal, UserCenter Portal, Identity Awareness Captive Portal, Platform Portal, and DLP Portal.
Name in R75.20 - SmartDirectory (LDAP) Name in R75.40 - User Directory
Name in R75.20 - Check Point Abra Name in R75.40 - Check Point GO
Operating System - Gaia
Gaia is Check Point's next generation operating system for security applications. In Greek mythology, Gaia is the mother of all, representing closely integrated parts to form a single, efficient system. The Gaia Operating System supports the full portfolio of Check Point Software Blades, Gateway and Security Management products. Gaia is a single, unified network security OS that combines the best of Check Point's SecurePlatform operating system, and IPSO, the operating system from the appliance security products. Gaia is available for all Check Point security appliances and open servers.
Designed from the ground up for modern high-end deployments, Gaia includes support for:
IPv4 and IPv6 - fully integrated into the Operating System.
High Connection Capacity - 64bit support.
Load Sharing - ClusterXL and Interface bonding.
High Availability - ClusterXL, VRRP, Interface bonding.
Dynamic and Multicast Routing - BGP, OSPF, RIP, and PIM-SM, PIM-DM, IGMP.
Easy to use Command Line Interface - Commands are structured using the same syntactic rules. An enhanced help system and auto-completion further simplifies user operation.
Role Based Administration- Enables Gaia administrators to create different roles. Administrators can allow users to access features by adding those functions to the user's role definition. Each role can include a combination of administrative (read/write) access to some features, monitoring (read-only) access to other features, and no access to other features.
Simple and Easy upgrade - from IPSO and SecurePlatform.
Gaia Software Updates
Get updates for licensed Check Point products directly through the Operating System.
Download and install the updates more quickly. Download automatically, manually, or periodically. Install manually or periodically.
Get email notifications for new available updates and for downloads and installations.
Easy rollback from new update.
Gaia Web User Interface
The Gaia Portal is an advanced, web-based interface for configuring Gaia platforms. Almost all system configuration tasks can be done through this Web-based interface.
Easy Access - Simply go to https://<Device_IP_Address>.
Browser Support - Internet Explorer, Firefox, Chrome and Safari.
Powerful Search Engine - makes it easy to find features or functionality to configure.
Easy Operation - two operating modes: 1. Simplified mode shows only basic configuration options. 2. Advanced mode shows all configuration options. You can easily change modes.
Web-Based Access to Command Line - Clientless access to the Gaia CLI directly from your browser.
R75.40 Gaia Feature Release (Gaia+)
The following features are available in R75.40 Gaia Feature Release (Gaia+) fresh install. They are not available when upgrading to R75.40 Gaia:
* Ability to configure 6in4 tunnels.
* Backup and restore, including scheduled backups.
* Support for PPPoE interfaces. See sk79880 for information about SecureXL known limitations with regards to PPPoE.
* SNMP Traps can be configured to be sent if RAID issues occur.
* TACACS+ authentication.
* e1000 driver has been updated to version 7.6.15, effectively implementing sk37503.
* Monitor mode now works on 10GbE ports, effectively implementing sk73180. In addition, "one legged" bridge is created automatically, when enabling monitor mode, effectively implementing sk70900.
* 2012 appliances now have the ability to automatically fetch a license during the First Time Wizard.
Note: all former Check Point appliance series (UTM-1/Smart-1/Power-1) are supported with R75.40, for further information please refer to R75.40 Release Notes.
Anti-Bot
Check Point Anti-Bot prevents damage and blocks bot communication between infected hosts and a remote operator.
The Anti-Bot Software Blade:
Uses the multi-layered ThreatSpect engine to analyze network traffic and identify bot infected machines in the organization.
The ThreatCloud repository receives updates and allows for classification of unidentified IP, URL, and DNS resources.
Uses different views and reports to provide threat visibility for the organization and help assess damages and decide on corrective actions.
Integrates with other Software Blades for a unique Anti-Bot and Anti-Malware solution on a Security Gateway.
New Anti-Virus
Check Point Anti-Virus provides superior Anti-Virus protection against modern malware multiple attack vectors and threats.
The Anti-Virus Software Blade:
Offers powerful security coverage by supporting millions of signatures.
Leverages the Check Point ThreatCloud repository to identify and block incoming malicious files (such as exe, doc, xls, pdf) from entering the organization.
Prevents web-based malware download from sites known to contain malware.
Uses different views and reports to provide threat visibility for the organization and help assess damages and decide on corrective actions.
Consolidated Anti-Bot and Anti-Virus approach for dealing with malware threats (including policy setting, event analysis, and malware reports).
Uses a separate policy installation (together with the Anti-Bot Software Blade) to minimize risk and operational impact.
IPS
Significant reduction (about 90%) of false positives of non-compliant HTTP and TCP-streaming protections and of redundant logs.
Increase pattern granularity - Header rejection, Http worm catcher and Cifs worm catcher patterns were converted into separate protections, giving more granularity in their settings. This feature is installed during the first IPS update process (online update, offline update or scheduled update).
Implied exceptions - Built-in exceptions to allow Check Point products trusted traffic.
New tool to control IPS functionality from the gateway through CLI.
Improved TCP streaming infrastructure.
Enhanced HTTP and Web Sockets protection.
Improved TAP mode support.
Granular TCP logging.
New GEO database and additional countries and significantly improved accuracy.
Application Control and URL Filtering
Use the Limit action in rules to limit the bandwidth permitted for a rule.
Add a Time object to a rule to make the rule active only during specified times.
The UserCheck client adds the option to send notifications for applications that are not in a web browser, such as Skype or iTunes.
New UserCheck features: Cancel button on messages and UserCheck Frequency.
If traffic is not detected by other applications, it is declared an unknown application. This lets you block all unknown traffic and better handle known traffic.
Data Loss Prevention
Watermarking: Add visible and hidden marks to Microsoft Office documents when they are sent as email attachments (outgoing and internal emails).
Visible Watermarks alert users to sensitive document content when viewed or printed. Examples:
Add customized text footer to Power Point slides: "Highly Restricted, sent by John Smith on 7/7/11".
Add a large diagonal "Classified" visible watermark on the first page of Word documents that match a DLP rule.
Hidden Watermarks are encrypted and let DLP tag documents without affecting format.
Does not change the visible document layout.
The tag can be identified in DLP scans.
The tag can be used for forensic analysis to track leaked documents.
Improved Privacy Options:
Can choose to not store original messages with the DLP incident.
Send the original email to the data owner.
Easy to view HTML-based messages include highlighted matched content and masked credit card numbers.
Time Object:
Limit rules to certain times of the day, day of week or day of month.
Stop DLP rules on set date, when the data is no longer sensitive (for example, after financial data is publicly released).
Improved Compliance and Matching:
Easily view and quickly apply multiple compliance-related rules.
Improved template matching identifies files by text and by embedded images (for example, upload company logo to match documents using the company template with that logo embedded).
New Message Attributes data type to match based on overall message size, number of attachments, and number of words.
UserCheck
In Application and URL Filtering, UserCheck Frequency lets you set the number of times that users get UserCheck messages for accessing applications that are not permitted by the policy. You can also set the notifications to be based on accessing the rule, application category, or the application itself.
UserCheck Scoping enhances notifications to match not only by rule, but also by category and site in the Application Control rulebase.
A dedicated UserCheck agent on the endpoint gives users notifications and options, according to your rules, when their user actions match DLP or Application and URL Filtering rules.
If you don't need users to enter their reason for wanting to do an action that is caught by DLP or Application and URL Filtering rules, you can disable this requirement. See the UserCheck Interaction window > Conditions.
Cancel button added to the Inform and Ask web pages, to stop loading a requested page or to stop an email in progress.
UserCheck Revoke Page lets you delete (revoke) all UserCheck entries when you access the Revoke Page (https:///RevokePage).
Identity Awareness
New Identity acquisition methods:
Terminal Servers / Citrix communicate with the gateway through one IP address, but are used to host multiple users. The gateway identifies the originating user behind connections from these multi-user hosts.
Transparent Portal Authentication redirects an unauthenticated user to a URL, for authentication (using Kerberos SSO) and then redirects the user back to the originally requested URL. If the transparent authentication fails, the user is redirected to the Captive Portal for manual authentication. The new Browser-Based Authentication lets you configure Captive Portal and Transparent Portal Authentication for Identity Awareness.
SSO with Remote Access Clients integrates the Mobile Access blade with the Identity Awareness blade. It adds identity data for VPN client users (coming from E75.x clients, E80.x clients, SecureClient, SSL Network Extender, and so on).
Identity Agent for MAC OS (10.6 and 10.7). It can be downloaded from the Identity Awareness Captive Portal.
Nested Groups are enforced by the Identity Awareness blade. You can set a parent group as an Access Role in a rule, and it applies to all users in the sub groups.
SmartEvent
Reports:
New Reports tab, for richer management functionality of SmartEvent reports and ease of use.
Output reports to PDF.
New layout for Anti-Malware reports.
Anti-Bot and Anti-Virus X 5:
Enhanced overall support for Anti-Bot and Anti-Virus X 5.
SmartEvent Intro for Anti-Bot and Anti-Virus X 5.
Usability and Performance Enhancements:
Summary view of grouped Events tab supported in Application Control and Anti-Malware events.
Easy to activate SmartEvent on a standalone environment - no configuration needed, just activate the Software Blade on the Security Management Server properties.
Enhanced SmartEvent performance: support for 2 Million events per day (8,000 to 15,000 users behind Application Control and URL Filtering).
HTTPS Inspection
Support for HTTPS Inspection on inbound traffic.
Automatic update for Trusted CA list.
HTTPS Proxy
You can configure a Security Gateway to be an HTTP/HTTPS web proxy, in transparent or non-transparent mode.
IPsec
Support for Suite-B GCM encryption. See RFC 6379 for more information.
SmartLog
SmartLog is a next generation solution for managing logs generated by Check Point Security Gateways. This solution is designed to answer the challenges of storing, searching and filtering logs in modern environments with continually increasing log volume. SmartLog has full-text, ultra-fast search capability, and can search huge quantities of log files in seconds.
Enhancements
General
New SmartLog for full-text, ultra-fast search over billions of log records.
Configure Multi Portal access through VPN clients (connected with Office Mode), to protect your portals from external network exposure. This new option applies to all portals: Mobile Access Portal, UserCenter Portal, Identity Awareness Captive Portal, Platform Portal, and DLP Portal.
