Support Center > Search Results > SecureKnowledge Details
Check Point R76 Technical Level
Solution

Table of Contents

  • What's New in R76
  • R76 Downloads
  • R76 Tools
  • R76 Released Hotfixes
  • R76 Documentation

 

For more information on Check Point releases see: release map, upgrade map, backward compatibility map.
For more information on R76, see the R76 Release Notes, R76 Known Limitations, and R76 Resolved Issues. You can also visit our Firewall and VPN Blades forum or any other Check Point discussion forum to ask questions and get answers from technical peers and Support experts.

 

What's New in R76

IPv6 Support

R76 extended support for IPv6 includes:

  • Gaia operating system:
    • Interface configuration
    • SNMP
    • RADIUS.
    • First Time Configuration Wizard.
    • OSPFv3
    • BGP
    • VRRP
  • Access Policy:
    • Firewall support, including dynamic objects and time objects
    • Full Stateful Inspection for IPv6 connections
    • NAT66
  • Central Management:
    • IPv6 support for all communications between Security Gateways, Security Management Servers, and SmartDashboard
    • Dual-stack definition support for all network objects
    • IPv6 address support in all IP containers
    • Multiple IPv6 range support for objects
    • IPv4 and IPv6 support in Get Topology
  • Management Software Blade IPv6 Support:
    • Network Policy Management
    • SmartView Monitor
    • SmartEvent
    • SmartLog
  • Security Gateway Software Blade IPv6 Support:
    • Security Gateway
    • Identity Awareness
    • IPS Application and URL Filtering, Acceleration & Clustering HA
    • Anti-Bot, Anti-Virus, and Anti-Malware
  • Virtual System (VSX) IPv6 support
  • Support for IPv6-only Security Gateway and IPv6-only Security Management Server
  • Site-to-Site IPSec VPN
  • Authentication - RADIUS and LDAP
  • UserCheck (for all Software Blades that support IPv6)


Note: Every fw command has a corresponding fw6 command for CLI control in IPv6.

Check Point Mobile for iOS

  • Secure container for mail, calendar, contacts, documents, and web applications
  • Protects business data while providing an easy end-user experience on managed and unmanaged devices (BYOD)
  • Seamless access to Document Security protected documents in the secure container
  • Passcode for the secure container protects access to your organizational resources without requiring a device passcode
  • More supported authentication methods: User/Password, personal certificate, RSA, RADIUS, DynamicID SMS
  • Online only option - Prevents storing any business data on the device
  • Offline mode option - Encrypts business data stored on the device

Mobile Access Enhancements

  • New SmartDashboard windows for internal certificate management:
    • Easier search.
    • Batch key generation for groups and OUs.
  • Certificate management.
  • Mass distribution of client applications to users with UserCheck Email templates.
  • Unified, easy-to-read, comprehensive remote access login logs.
  • Mobile Access wizard for easy connection to Exchange server.

DLP Enhancements

  • Fingerprinting: Protect files residing in network repositories. The gateway scans repositories and prevents files or parts of files from leaving the organization.
  • Whitelist policy: easily define files that will not be matched by the DLP engine.
    • Upload specific files to the Security Management server, or create a network repository.
  • DLP is now fully user aware for all protocols.
    • Use Access Roles in DLP rule base.
    • DLP email notifications to end-users for violations on all protocols.
  • UserCheck client single sign on.
  • UserCheck notification configuration and multi-language support.
  • SMTP Mirror mode for easy DLP Proof of Concept.

New Appliance and Hardware Support

  • New 21600 appliances.
  • New 21700 appliances.
  • Support for DDoS Protector appliances.
  • Security Acceleration Module (supported for IPv4 and Gateway Mode only)
  • Support for Bypass Card (FONIC) on 4000 and 12000 appliances. See sk85560 for more information.

Endpoint Security Blade

The Endpoint Policy Management Blade lets you manage and enforce Endpoint Security policies on Windows and Mac computers. Endpoint Security Software Blades include:

  • Media Encryption
  • Full Disk Encryption
  • Firewall
  • Compliance
  • WebCheck
  • Application Control

When the Endpoint Policy Management blade is enabled, the Security Management Server also becomes an E80.40 Endpoint Security Management Server that manages E80.40 and earlier Endpoint Security clients, with R76 SmartEndpoint.

Application and URL Filtering Enhancements

  • Enhanced options to filter HTTPS without SSL inspection
  • Enhanced options for search engine results:
    • Enforce search engine safe-search
    • Filter cached and translated pages from search engine results
  • Enhanced reporting:
    • Detailed user activity reports.
    • Filter reports by user group
    • Web browsing time shown in logs, events, and reports.
    • Dedicated permission to generate SmartEvent reports

SmartLog and SmartEvent

  • New Timeline view in SmartLog for better understanding and orientation of search results.
  • Reporting enhancements for Application and URL Filtering
  • SmartEvent tripled scale. See the SmartEvent Sizing Guide sk87263.

Anti-Bot and Anti-Virus

  • Improved scanning and recognition of bots and viruses.
  • UserCheck support.
  • Rulebase exceptions can be based on URLs.

VPN

  • AES performance enhancements for high end appliances (12400, 12600, and 21000 series): Increased Site-to-Site VPN and Remote Access throughput.
  • HTTPS Inspection black-list automatic updates.
  • Increased session rate for Identity Awareness Captive Portal.

DDoS/DoS Performance Enhancements

During a DoS or DDoS attack, these SecureXL features can be activated to mitigate the attack:

  • Penalty box - Early drop of packets arriving from suspected sources, for better performance under heavy load, such as caused by a DDoS attack. See sk74520.
  • Optimized drops under heavy load - Dropped traffic is accelerated by SecureXL, reducing gateway resource consumption during heavy load. See sk90861 and sk90941 for advanced configurations.
  • Rate Limiting for DoS Mitigation - Policy limits traffic from specific sources and services. See the R76 Security Gateway Technical Administration Guide.

More Software Blade Enhancements

  • Identity Awareness: new, rich logon logs.
  • IPS:
  • Monitoring: Netflow service support to collect data on traffic patterns and volume.

Gaia Enhancements

  • WebUI and CLI configuration for Multi-Queue and CoreXL. See R76 Performance Tuning Administration Guide.
  • WebUI and CLI support for IPv6 addresses.
  • RADIUS, SNMP, NTP and Proxy support for IPv6.
  • Dynamic Routing protocol support for IPv6: OSPFv3 and BGPv4.
  • VRRPv3 support with IPv6.
  • Database engine optimization that improves administrative command performance by 80%.
  • Extended support for maximum physical memory for open servers running Multi-Domain Security Management up to 128GB.
  • Manage Proxy ARP entries.
  • Manage the behavior of Core Dumps.

 

R76 Downloads

Note: In order to download some of the packages you will need to have a Software Subscription or Active Support plan.

Software Download Matrix

Note: Solaris is a legacy platform, unsupported for new installations. You can migrate the Solaris database to Windows, SecurePlatform, and Gaia, from Check Point versions in the Supported Upgrade Paths listed below.

You can upgrade these Security Management Server and Security Gateway versions to R76:

  • R71.50
  • R75, R75.10, R75.20, R75.30, R75.40, R75.45, R75.40VS

Fresh Installation

Platform Hardware \ Appliance Gateway with Integrated Management (Standalone) Security Management Server Security Gateway VSX Gateway Multi-Domain Security Management
Gaia 2012 Models Appliances

- -
UTM-1 Appliances -
(3070)
-
Power-1 Appliances - -
(9070, 11000)
-
IP Appliances Disk Based -
(1280, 2450)
-
Smart-1 Appliances -
(5, 25, 50)
- -
(50, 150)
Open Servers
SecurePlatform

2012 Models Appliances and UTM-1 Appliances

- - -
Power-1 Appliances - - - -
Smart-1 Appliances -
(5, 25, 50)
- -
(50, 150)
Open Servers -
RHEL 5.0/ RHEL 5.4 Open Servers - - -
IPSO 6.2 Disk Based * IP150, IP280, IP290, IP390, IP560, IP690, IP1280, IP2450 and and and - -
IPSO 6.2 Flash Based * IP290, IP390, IP560, IP690, IP1280, IP2450 - - and - -
Windows   (ISO)
(ZIP)
(ISO)
(ZIP)
(ISO)
(ZIP)
- -

* Important: Fresh Installation on IPSO 6.2 (both for Disk Based and for Flash Based) requires IPSO 6.2 MR4. See IPSO 6.2 MR4 Release Notes.

 

CPUSE Offline Packages

You can use R76 Gaia Offline Packages for CPUSE upgrade, on Security Gateways and Management Servers that are not connected to the Internet.

Download and install the latest build of Gaia Software Updates Agent.

Hardware / Appliance, Gaia OS R76 Fresh Install
All Check Point Appliances, Disk-Based IP Appliances and Open Servers

 

Upgrade

Target Platform Hardware \ Appliance Gateway with Integrated Management (Standalone) Security Management Server Security Gateway VSX Gateway Multi-Domain Security Management
Gaia 2012 Models Appliances (ISO)
(TGZ)
- (ISO)
(TGZ)
-
UTM-1 Appliances (ISO)
(TGZ)
- (ISO)
(TGZ)
-
Power-1 Appliances - - (ISO)
(TGZ)
-

IP Appliances

and
or
and
- and
or
and
and
or
and
-
Smart-1 Appliances - (ISO)
(5, 25, 50)

(TGZ)
(5, 25, 50)
- - (ISO)
(50, 150)
Open Server (ISO)
(TGZ)
(ISO)
(TGZ)
(ISO)
(TGZ)
(ISO)
(TGZ)
(ISO)
SecurePlatform

2012 Models Appliances and UTM-1 Appliances

- - -
Power-1 Appliances - - - -
Smart-1 Appliances -
(5, 25, 50)
- -
(50, 150)
Open Servers (ISO)
(TGZ)
(ISO)
(TGZ)
(ISO)
(TGZ)
-
RHEL 5.0/ RHEL 5.4 Open Servers - (ISO) - -

IPSO 6.2 Disk Based *

IP150, IP280, IP290, IP390, IP560, IP690, IP1280, IP2450 and and and - -

IPSO 6.2 Flash Based *

IP690, IP1280, IP2450 - - and - -
Windows   (ISO)
(ZIP)
(ISO)
(ZIP)
(ISO)
(ZIP)
- -

* Important:

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment