|
The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
|
|
 |
|
|
| Solution ID: |
|
sk91140 |
| Product: |
|
Security Gateway, Security Management, Multi-Domain Management / Provider-1, UTM-1, Power-1, 2012 Models Security Appliances, Smart-1, Edge, ClusterXL, IPS / Web Intelligence, VSX, Anti-Bot, DLP, Identity Awareness, SmartReporter / Eventia Reporter, SmartEvent / Eventia Analyzer, IPSec VPN |
| Version: |
|
R76 |
| Date Created: |
|
23-Oct-2013
|
| Last Modified: |
|
19-Feb-2015
|
|
|
|
|
| Solution |
|
Table of Contents
-
What's New in R76
-
R76 Downloads
-
R76 Tools
-
R76 Released Hotfixes
-
R76 Documentation
What's New in R76
IPv6 Support
R76 extended support for IPv6 includes:
- Gaia operating system:
- Interface configuration
- SNMP
- RADIUS.
- First Time Configuration Wizard.
- OSPFv3
- BGP
- VRRP
- Access Policy:
- Firewall support, including dynamic objects and time objects
- Full Stateful Inspection for IPv6 connections
- NAT66
- Central Management:
- IPv6 support for all communications between Security Gateways, Security Management Servers, and SmartDashboard
- Dual-stack definition support for all network objects
- IPv6 address support in all IP containers
- Multiple IPv6 range support for objects
- IPv4 and IPv6 support in Get Topology
- Management Software Blade IPv6 Support:
- Network Policy Management
- SmartView Monitor
- SmartEvent
- SmartLog
- Security Gateway Software Blade IPv6 Support:
- Security Gateway
- Identity Awareness
- IPS Application and URL Filtering, Acceleration & Clustering HA
- Anti-Bot, Anti-Virus, and Anti-Malware
- Virtual System (VSX) IPv6 support
- Support for IPv6-only Security Gateway and IPv6-only Security Management Server
- Site-to-Site IPSec VPN
- Authentication - RADIUS and LDAP
- UserCheck (for all Software Blades that support IPv6)
Note: Every fw command has a corresponding fw6 command for CLI control in IPv6.
Check Point Mobile for iOS
- Secure container for mail, calendar, contacts, documents, and web applications
- Protects business data while providing an easy end-user experience on managed and unmanaged devices (BYOD)
- Seamless access to Document Security protected documents in the secure container
- Passcode for the secure container protects access to your organizational resources without requiring a device passcode
- More supported authentication methods: User/Password, personal certificate, RSA, RADIUS, DynamicID SMS
- Online only option - Prevents storing any business data on the device
- Offline mode option - Encrypts business data stored on the device
Mobile Access Enhancements
- New SmartDashboard windows for internal certificate management:
- Easier search.
- Batch key generation for groups and OUs.
- Certificate management.
- Mass distribution of client applications to users with UserCheck Email templates.
- Unified, easy-to-read, comprehensive remote access login logs.
- Mobile Access wizard for easy connection to Exchange server.
DLP Enhancements
- Fingerprinting: Protect files residing in network repositories. The gateway scans repositories and prevents files or parts of files from leaving the organization.
- Whitelist policy: easily define files that will not be matched by the DLP engine.
- Upload specific files to the Security Management server, or create a network repository.
- DLP is now fully user aware for all protocols.
- Use Access Roles in DLP rule base.
- DLP email notifications to end-users for violations on all protocols.
- UserCheck client single sign on.
- UserCheck notification configuration and multi-language support.
- SMTP Mirror mode for easy DLP Proof of Concept.
New Appliance and Hardware Support
- New 21600 appliances.
- New 21700 appliances.
- Support for DDoS Protector appliances.
- Security Acceleration Module (supported for IPv4 and Gateway Mode only)
- Support for Bypass Card (FONIC) on 4000 and 12000 appliances. See sk85560 for more information.
Endpoint Security Blade
The Endpoint Policy Management Blade lets you manage and enforce Endpoint Security policies on Windows and Mac computers. Endpoint Security Software Blades include:
- Media Encryption
- Full Disk Encryption
- Firewall
- Compliance
- WebCheck
- Application Control
When the Endpoint Policy Management blade is enabled, the Security Management Server also becomes an E80.40 Endpoint Security Management Server that manages E80.40 and earlier Endpoint Security clients, with R76 SmartEndpoint.
Application and URL Filtering Enhancements
- Enhanced options to filter HTTPS without SSL inspection
- Enhanced options for search engine results:
- Enforce search engine safe-search
- Filter cached and translated pages from search engine results
- Enhanced reporting:
- Detailed user activity reports.
- Filter reports by user group
- Web browsing time shown in logs, events, and reports.
- Dedicated permission to generate SmartEvent reports
SmartLog and SmartEvent
- New Timeline view in SmartLog for better understanding and orientation of search results.
- Reporting enhancements for Application and URL Filtering
- SmartEvent tripled scale. See the SmartEvent Sizing Guide sk87263.
Anti-Bot and Anti-Virus
- Improved scanning and recognition of bots and viruses.
- UserCheck support.
- Rulebase exceptions can be based on URLs.
VPN
- AES performance enhancements for high end appliances (12400, 12600, and 21000 series): Increased Site-to-Site VPN and Remote Access throughput.
- HTTPS Inspection black-list automatic updates.
- Increased session rate for Identity Awareness Captive Portal.
DDoS/DoS Performance Enhancements
During a DoS or DDoS attack, these SecureXL features can be activated to mitigate the attack:
- Penalty box - Early drop of packets arriving from suspected sources, for better performance under heavy load, such as caused by a DDoS attack. See sk74520.
- Optimized drops under heavy load - Dropped traffic is accelerated by SecureXL, reducing gateway resource consumption during heavy load. See sk90861 and sk90941 for advanced configurations.
- Rate Limiting for DoS Mitigation - Policy limits traffic from specific sources and services. See the R76 Security Gateway Technical Administration Guide.
More Software Blade Enhancements
- Identity Awareness: new, rich logon logs.
- IPS:
- Monitoring: Netflow service support to collect data on traffic patterns and volume.
Gaia Enhancements
- WebUI and CLI configuration for Multi-Queue and CoreXL. See R76 Performance Tuning Administration Guide.
- WebUI and CLI support for IPv6 addresses.
- RADIUS, SNMP, NTP and Proxy support for IPv6.
- Dynamic Routing protocol support for IPv6: OSPFv3 and BGPv4.
- VRRPv3 support with IPv6.
- Database engine optimization that improves administrative command performance by 80%.
- Extended support for maximum physical memory for open servers running Multi-Domain Security Management up to 128GB.
- Manage Proxy ARP entries.
- Manage the behavior of Core Dumps.
R76 Downloads
Note: In order to download some of the packages you will need to have a Software Subscription or Active Support plan.
Software Download Matrix
Note: Solaris is a legacy platform, unsupported for new installations. You can migrate the Solaris database to Windows, SecurePlatform, and Gaia, from Check Point versions in the Supported Upgrade Paths listed below.
You can upgrade these Security Management Server and Security Gateway versions to R76:
- R71.50
- R75, R75.10, R75.20, R75.30, R75.40, R75.45, R75.40VS
Fresh Installation
* Important: Fresh Installation on IPSO 6.2 (both for Disk Based and for Flash Based) requires IPSO 6.2 MR4. See IPSO 6.2 MR4 Release Notes.
CPUSE Offline Packages
You can use Gaia Offline Packages for R76 CPUSE upgrade, for Security Gateways and Management Servers that do not have Internet connectivity.
Download and install the latest build of Gaia Software Updates Agent.
Upgrade
* Important:
Upgrade on IPSO 6.2 (both for Disk Based and for Flash Based) requires IPSO 6.2 MR4 or later IPSO release. For information, including memory size limitations, please see sk92306 (Check Point IPSO 6.2 MR4 and MR4a).
Upgrade on IPSO 6.2 is not supported from the R75.40VS version.
GUI
Tools
Agent
R76 Released Hotfixes
The following hotfixes are available on top of R76:
R76 Documentation
Table of Contents
-
What's New in R76
-
R76 Downloads
-
R76 Tools
-
R76 Released Hotfixes
-
R76 Documentation
What's New in R76
IPv6 Support
R76 extended support for IPv6 includes:
- Gaia operating system:
- Interface configuration
- SNMP
- RADIUS.
- First Time Configuration Wizard.
- OSPFv3
- BGP
- VRRP
- Access Policy:
- Firewall support, including dynamic objects and time objects
- Full Stateful Inspection for IPv6 connections
- NAT66
- Central Management:
- IPv6 support for all communications between Security Gateways, Security Management Servers, and SmartDashboard
- Dual-stack definition support for all network objects
- IPv6 address support in all IP containers
- Multiple IPv6 range support for objects
- IPv4 and IPv6 support in Get Topology
- Management Software Blade IPv6 Support:
- Network Policy Management
- SmartView Monitor
- SmartEvent
- SmartLog
- Security Gateway Software Blade IPv6 Support:
- Security Gateway
- Identity Awareness
- IPS Application and URL Filtering, Acceleration & Clustering HA
- Anti-Bot, Anti-Virus, and Anti-Malware
- Virtual System (VSX) IPv6 support
- Support for IPv6-only Security Gateway and IPv6-only Security Management Server
- Site-to-Site IPSec VPN
- Authentication - RADIUS and LDAP
- UserCheck (for all Software Blades that support IPv6)
Note: Every fw command has a corresponding fw6 command for CLI control in IPv6.
Check Point Mobile for iOS
- Secure container for mail, calendar, contacts, documents, and web applications
- Protects business data while providing an easy end-user experience on managed and unmanaged devices (BYOD)
- Seamless access to Document Security protected documents in the secure container
- Passcode for the secure container protects access to your organizational resources without requiring a device passcode
- More supported authentication methods: User/Password, personal certificate, RSA, RADIUS, DynamicID SMS
- Online only option - Prevents storing any business data on the device
- Offline mode option - Encrypts business data stored on the device
Mobile Access Enhancements
- New SmartDashboard windows for internal certificate management:
- Easier search.
- Batch key generation for groups and OUs.
- Certificate management.
- Mass distribution of client applications to users with UserCheck Email templates.
- Unified, easy-to-read, comprehensive remote access login logs.
- Mobile Access wizard for easy connection to Exchange server.
DLP Enhancements
- Fingerprinting: Protect files residing in network repositories. The gateway scans repositories and prevents files or parts of files from leaving the organization.
- Whitelist policy: easily define files that will not be matched by the DLP engine.
- Upload specific files to the Security Management server, or create a network repository.
- DLP is now fully user aware for all protocols.
- Use Access Roles in DLP rule base.
- DLP email notifications to end-users for violations on all protocols.
- UserCheck client single sign on.
- UserCheck notification configuration and multi-language support.
- SMTP Mirror mode for easy DLP Proof of Concept.
New Appliance and Hardware Support
- New 21600 appliances.
- New 21700 appliances.
- Support for DDoS Protector appliances.
- Security Acceleration Module (supported for IPv4 and Gateway Mode only)
- Support for Bypass Card (FONIC) on 4000 and 12000 appliances. See sk85560 for more information.
Endpoint Security Blade
The Endpoint Policy Management Blade lets you manage and enforce Endpoint Security policies on Windows and Mac computers. Endpoint Security Software Blades include:
- Media Encryption
- Full Disk Encryption
- Firewall
- Compliance
- WebCheck
- Application Control
When the Endpoint Policy Management blade is enabled, the Security Management Server also becomes an E80.40 Endpoint Security Management Server that manages E80.40 and earlier Endpoint Security clients, with R76 SmartEndpoint.
Application and URL Filtering Enhancements
- Enhanced options to filter HTTPS without SSL inspection
- Enhanced options for search engine results:
- Enforce search engine safe-search
- Filter cached and translated pages from search engine results
- Enhanced reporting:
- Detailed user activity reports.
- Filter reports by user group
- Web browsing time shown in logs, events, and reports.
- Dedicated permission to generate SmartEvent reports
SmartLog and SmartEvent
- New Timeline view in SmartLog for better understanding and orientation of search results.
- Reporting enhancements for Application and URL Filtering
- SmartEvent tripled scale. See the SmartEvent Sizing Guide sk87263.
Anti-Bot and Anti-Virus
- Improved scanning and recognition of bots and viruses.
- UserCheck support.
- Rulebase exceptions can be based on URLs.
VPN
- AES performance enhancements for high end appliances (12400, 12600, and 21000 series): Increased Site-to-Site VPN and Remote Access throughput.
- HTTPS Inspection black-list automatic updates.
- Increased session rate for Identity Awareness Captive Portal.
DDoS/DoS Performance Enhancements
During a DoS or DDoS attack, these SecureXL features can be activated to mitigate the attack:
- Penalty box - Early drop of packets arriving from suspected sources, for better performance under heavy load, such as caused by a DDoS attack. See sk74520.
- Optimized drops under heavy load - Dropped traffic is accelerated by SecureXL, reducing gateway resource consumption during heavy load. See sk90861 and sk90941 for advanced configurations.
- Rate Limiting for DoS Mitigation - Policy limits traffic from specific sources and services. See the R76 Security Gateway Technical Administration Guide.
More Software Blade Enhancements
- Identity Awareness: new, rich logon logs.
- IPS:
- Monitoring: Netflow service support to collect data on traffic patterns and volume.
Gaia Enhancements
- WebUI and CLI configuration for Multi-Queue and CoreXL. See R76 Performance Tuning Administration Guide.
- WebUI and CLI support for IPv6 addresses.
- RADIUS, SNMP, NTP and Proxy support for IPv6.
- Dynamic Routing protocol support for IPv6: OSPFv3 and BGPv4.
- VRRPv3 support with IPv6.
- Database engine optimization that improves administrative command performance by 80%.
- Extended support for maximum physical memory for open servers running Multi-Domain Security Management up to 128GB.
- Manage Proxy ARP entries.
- Manage the behavior of Core Dumps.
R76 Downloads
Note: In order to download some of the packages you will need to have a Software Subscription or Active Support plan.
Software Download Matrix
Note: Solaris is a legacy platform, unsupported for new installations. You can migrate the Solaris database to Windows, SecurePlatform, and Gaia, from Check Point versions in the Supported Upgrade Paths listed below.
You can upgrade these Security Management Server and Security Gateway versions to R76:
- R71.50
- R75, R75.10, R75.20, R75.30, R75.40, R75.45, R75.40VS
Fresh Installation
* Important: Fresh Installation on IPSO 6.2 (both for Disk Based and for Flash Based) requires IPSO 6.2 MR4. See IPSO 6.2 MR4 Release Notes.
Upgrade
* Important:
Upgrade on IPSO 6.2 (both for Disk Based and for Flash Based) requires IPSO 6.2 MR4 or later IPSO release. For information, including memory size limitations, please see sk92306 (Check Point IPSO 6.2 MR4 and MR4a).
Upgrade on IPSO 6.2 is not supported from the R75.40VS version.
GUI
 Windows - SmartConsole and SmartDomain Manager
Tools
Agent
DLP Exchange agent
R76 Released Hotfixes
The following hotfixes are available on top of R76:
R76 Documentation
|
|
|
|
|
|
Print
Email
