Table of Contents

• What's New in R76
• R76 Downloads
• R76 Tools
• R76 Released Hotfixes
• R76 Documentation

	For more information on Check Point releases see: release map, upgrade map, backward compatibility map.
	For more information on R76, see the R76 Release Notes, R76 Known Limitations, and R76 Resolved Issues. You can also visit our Firewall and VPN Blades forum or any other Check Point discussion forum to ask questions and get answers from technical peers and Support experts.

What's New in R76

IPv6 Support

R76 extended support for IPv6 includes:

• Gaia operating system:
  
  • Interface configuration
  • SNMP
  • RADIUS.
  • First Time Configuration Wizard.
  • OSPFv3
  • BGP
  • VRRP
• Access Policy:
  
  • Firewall support, including dynamic objects and time objects
  • Full Stateful Inspection for IPv6 connections
  • NAT66
• Central Management:
  
  • IPv6 support for all communications between Security Gateways, Security Management Servers, and SmartDashboard
  • Dual-stack definition support for all network objects
  • IPv6 address support in all IP containers
  • Multiple IPv6 range support for objects
  • IPv4 and IPv6 support in Get Topology
• Management Software Blade IPv6 Support:
  
  • Network Policy Management
  • SmartView Monitor
  • SmartEvent
  • SmartLog
• Security Gateway Software Blade IPv6 Support:
  
  • Security Gateway
  • Identity Awareness
  • IPS Application and URL Filtering, Acceleration & Clustering HA
  • Anti-Bot, Anti-Virus, and Anti-Malware
• Virtual System (VSX) IPv6 support
• Support for IPv6-only Security Gateway and IPv6-only Security Management Server
• Site-to-Site IPSec VPN
• Authentication - RADIUS and LDAP
• UserCheck (for all Software Blades that support IPv6)

Note: Every fw command has a corresponding fw6 command for CLI control in IPv6.

Check Point Mobile for iOS

• Secure container for mail, calendar, contacts, documents, and web applications
• Protects business data while providing an easy end-user experience on managed and unmanaged devices (BYOD)
• Seamless access to Document Security protected documents in the secure container
• Passcode for the secure container protects access to your organizational resources without requiring a device passcode
• More supported authentication methods: User/Password, personal certificate, RSA, RADIUS, DynamicID SMS
• Online only option - Prevents storing any business data on the device
• Offline mode option - Encrypts business data stored on the device

Mobile Access Enhancements

• New SmartDashboard windows for internal certificate management:
  
  • Easier search.
  • Batch key generation for groups and OUs.
• Certificate management.
• Mass distribution of client applications to users with UserCheck Email templates.
• Unified, easy-to-read, comprehensive remote access login logs.
• Mobile Access wizard for easy connection to Exchange server.

DLP Enhancements

• Fingerprinting: Protect files residing in network repositories. The gateway scans repositories and prevents files or parts of files from leaving the organization.
• Whitelist policy: easily define files that will not be matched by the DLP engine.
  
  • Upload specific files to the Security Management server, or create a network repository.
• DLP is now fully user aware for all protocols.
  
  • Use Access Roles in DLP rule base.
  • DLP email notifications to end-users for violations on all protocols.
• UserCheck client single sign on.
• UserCheck notification configuration and multi-language support.
• SMTP Mirror mode for easy DLP Proof of Concept.

New Appliance and Hardware Support

• New 21600 appliances.
• New 21700 appliances.
• Support for DDoS Protector appliances.
• Security Acceleration Module (supported for IPv4 and Gateway Mode only)
• Support for Bypass Card (FONIC) on 4000 and 12000 appliances. See sk85560 for more information.

Endpoint Security Blade

The Endpoint Policy Management Blade lets you manage and enforce Endpoint Security policies on Windows and Mac computers. Endpoint Security Software Blades include:

• Media Encryption
• Full Disk Encryption
• Firewall
• Compliance
• WebCheck
• Application Control

When the Endpoint Policy Management blade is enabled, the Security Management Server also becomes an E80.40 Endpoint Security Management Server that manages E80.40 and earlier Endpoint Security clients, with R76 SmartEndpoint.

Application and URL Filtering Enhancements

• Enhanced options to filter HTTPS without SSL inspection
• Enhanced options for search engine results:
  
  • Enforce search engine safe-search
  • Filter cached and translated pages from search engine results
• Enhanced reporting:
  
  • Detailed user activity reports.
  • Filter reports by user group
  • Web browsing time shown in logs, events, and reports.
  • Dedicated permission to generate SmartEvent reports

SmartLog and SmartEvent

• New Timeline view in SmartLog for better understanding and orientation of search results.
• Reporting enhancements for Application and URL Filtering
• SmartEvent tripled scale. See the SmartEvent Sizing Guide sk87263.

Anti-Bot and Anti-Virus

• Improved scanning and recognition of bots and viruses.
• UserCheck support.
• Rulebase exceptions can be based on URLs.

VPN

• AES performance enhancements for high end appliances (12400, 12600, and 21000 series): Increased Site-to-Site VPN and Remote Access throughput.
• HTTPS Inspection black-list automatic updates.
• Increased session rate for Identity Awareness Captive Portal.

DDoS/DoS Performance Enhancements

During a DoS or DDoS attack, these SecureXL features can be activated to mitigate the attack:

• Penalty box - Early drop of packets arriving from suspected sources, for better performance under heavy load, such as caused by a DDoS attack. See sk74520.
• Optimized drops under heavy load - Dropped traffic is accelerated by SecureXL, reducing gateway resource consumption during heavy load. See sk90861 and sk90941 for advanced configurations.
• Rate Limiting for DoS Mitigation - Policy limits traffic from specific sources and services. See the R76 Security Gateway Technical Administration Guide.

More Software Blade Enhancements

• Identity Awareness: new, rich logon logs.
• IPS:
  
  • Automatic updates through an authenticated proxy.
  • Major improvements of Snort conversion tool. (See the R76 IPS Administration Guide.)
• Monitoring: Netflow service support to collect data on traffic patterns and volume.

Gaia Enhancements

• WebUI and CLI configuration for Multi-Queue and CoreXL. See R76 Performance Tuning Administration Guide.
• WebUI and CLI support for IPv6 addresses.
• RADIUS, SNMP, NTP and Proxy support for IPv6.
• Dynamic Routing protocol support for IPv6: OSPFv3 and BGPv4.
• VRRPv3 support with IPv6.
• Database engine optimization that improves administrative command performance by 80%.
• Extended support for maximum physical memory for open servers running Multi-Domain Security Management up to 128GB.
• Manage Proxy ARP entries.
• Manage the behavior of Core Dumps.

R76 Downloads

Note: In order to download some of the packages you will need to have a Software Subscription or Active Support plan.

Software Download Matrix

Note: Solaris is a legacy platform, unsupported for new installations. You can migrate the Solaris database to Windows, SecurePlatform, and Gaia, from Check Point versions in the Supported Upgrade Paths listed below.

You can upgrade these Security Management Server and Security Gateway versions to R76:

• R71.50
• R75, R75.10, R75.20, R75.30, R75.40, R75.45, R75.40VS

Fresh Installation

Platform	Hardware \ Appliance	Gateway with Integrated Management (Standalone)	Security Management Server	Security Gateway	VSX Gateway	Multi-Domain Security Management
Gaia	2012 Models Appliances		-			-
	UTM-1 Appliances		-		(3070)	-
	Power-1 Appliances	-	-		(9070, 11000)	-
	IP Appliances Disk Based		-		(1280, 2450)	-
	Smart-1 Appliances	-	(5, 25, 50)	-	-	(50, 150)
	Open Servers
SecurePlatform	2012 Models Appliances and UTM-1 Appliances		-		-	-
	Power-1 Appliances	-	-		-	-
	Smart-1 Appliances	-	(5, 25, 50)	-	-	(50, 150)
	Open Servers				-
RHEL 5.0/ RHEL 5.4	Open Servers	-		-	-
IPSO 6.2 Disk Based *	IP150, IP280, IP290, IP390, IP560, IP690, IP1280, IP2450	and	and	and	-	-
IPSO 6.2 Flash Based *	IP290, IP390, IP560, IP690, IP1280, IP2450	-	-	and	-	-
Windows		(ISO) (ZIP)	(ISO) (ZIP)	(ISO) (ZIP)	-	-

* Important: Fresh Installation on IPSO 6.2 (both for Disk Based and for Flash Based) requires IPSO 6.2 MR4. See IPSO 6.2 MR4 Release Notes.

CPUSE Offline Packages

You can use R76 Gaia Offline Packages for CPUSE upgrade, on Security Gateways and Management Servers that are not connected to the Internet.

Download and install the latest build of Gaia Software Updates Agent.

Hardware / Appliance, Gaia OS	R76 Fresh Install
All Check Point Appliances, Disk-Based IP Appliances and Open Servers

Upgrade

Target Platform	Hardware \ Appliance	Gateway with Integrated Management (Standalone)	Security Management Server	Security Gateway	VSX Gateway	Multi-Domain Security Management
Gaia	2012 Models Appliances	(ISO) (TGZ)	-	(ISO) (TGZ)		-
	UTM-1 Appliances	(ISO) (TGZ)	-	(ISO) (TGZ)		-
	Power-1 Appliances	-	-	(ISO) (TGZ)		-
	IP Appliances	and or and	-	and or and	and or and	-
	Smart-1 Appliances	-	(ISO) (5, 25, 50) (TGZ) (5, 25, 50)	-	-	(ISO) (50, 150)
	Open Server	(ISO) (TGZ)	(ISO) (TGZ)	(ISO) (TGZ)	(ISO) (TGZ)	(ISO)
SecurePlatform	2012 Models Appliances and UTM-1 Appliances		-		-	-
	Power-1 Appliances	-	-		-	-
	Smart-1 Appliances	-	(5, 25, 50)	-	-	(50, 150)
	Open Servers	(ISO) (TGZ)	(ISO) (TGZ)	(ISO) (TGZ)	-
RHEL 5.0/ RHEL 5.4	Open Servers	-	(ISO)	-	-
IPSO 6.2 Disk Based *	IP150, IP280, IP290, IP390, IP560, IP690, IP1280, IP2450	and	and	and	-	-
IPSO 6.2 Flash Based *	IP690, IP1280, IP2450	-	-	and	-	-
Windows		(ISO) (ZIP)	(ISO) (ZIP)	(ISO) (ZIP)	-	-

* Important:

• Upgrade on IPSO 6.2 (both for Disk Based and for Flash Based) requires IPSO 6.2 MR4 or later IPSO release. For information, including memory size limitations, please see sk92306 (Check Point IPSO 6.2 MR4 and MR4a).
• Upgrade on IPSO 6.2 is not supported from the R75.40VS version.

   

  R76 Tools

  GUI

  Platform	GUI
  Windows - SmartConsole and SmartDomain Manager	(EXE)

   

  Tools

  Management Tools	Gaia	SecurePlatform & Linux	IPSO	Windows	Solaris
  Management Server Migration Tool	(TGZ)	(TGZ)	(TGZ)	(TGZ)	(TGZ) See R76 Release Notes
  Multi-Domain Server Export Tool	-	-	-	-	(ISO) See R76 Release Notes
  IP Series Boot Manager	(SH)	-	(SH)	-	-
  Gaia Upgrade Verifier from IPSO	-	-	(SH)	-	-
  Gaia Upgrade Package for IPSO 6.2 IP Appliances	-	-	(TGZ) (TGZ)	-	-

   

  Agent

  Agent	Windows
  DLP Exchange agent	(MSI)

   

  R76 Released Hotfixes

  The following hotfixes are available on top of R76:

  Released Hotfixes

  sk103839 - Check Point update and online services migration to SHA-256 based certificates

  sk100195 - Potential Denial of Service (DoS) which might be triggered by a certain traffic condition on Security Gateways when Anti-Virus or Anti-Bot blades are enabled

  sk92475 - Using 'Block List' / 'Allow List' feature in Anti-Spam Blade causes policy installation failure

  sk92464 - Anti-Virus / Anti-Bot policy enforcement issue on VSX gateways

  sk91320 - Traffic that should be blocked by Application Control might pass when two custom applications get the same UID in SmartDashboard

  sk111293 - Scenario 3 "Issue with R76 SmartEvent Server managed by a lower version Security Management Server"

  sk92766 - SmartEvent stops getting new events

  sk92786 - 'Failed to update VSX cluster_private_network object' error when running 'vsx_util upgrade' command and upgrading a Crossbeam VSX object to R76

  sk92812 - VSX Virtual System might be left without 'Default Policy' if installation of policy fails

  sk92623 - 'No valid license found on Security Management Server' error when trying to connect with SmartUpdate GUI to R76 Security Management Server

  sk92592 - IPv6 support enhancement Hotfix

  sk92638 - Migrating IP-Series Appliances to Gaia Running on 2012 Appliances

  sk94490 - Check Point response to OSPF LSA spoofing vulnerability (CVE-2013-0149)

  sk94847 - Date format in SmartEvent timeline is not changeable

  sk97987 - Some SSL VPN functionality breaks as a result of a Java update to version 7 update 51 (7u51) and higher

  sk98814 - Some protections may not work for specific HTTP evasions in R77.10 / R77 / R76

  sk100431 - Important security and stability enhancements for Security Gateway

  sk101186 - SSL/TLS MITM vulnerability (CVE-2014-0224)

   

  R76 Documentation

  R76 Documentation

  Release Notes and Upgrade Guides

  R76 Release Notes

  R76 Documentation Package

  R76 Installation and Upgrade Guide

  Administration Guides

  R76 Gaia Administration Guide

  R76 SecurePlatform Administration Guide

  R76 Application Control & URL Filtering Administration Guide

  R76 Anti-Bot & Anti-Virus Administration Guide

  R76 ClusterXL Administration Guide

  R76 Data Loss Prevention Administration Guide

  Endpoint Security E80.40 Administration Guide

  R76 Firewall Administration Guide

  R76 Gaia Advanced Routing Administration Guide

  R76 Identity Awareness Administration Guide

  R76 IPS Administration Guide

  R76 Mobile Access Administration Guide

  R76 Multi-Domain Security Management Administration Guide

  R76 Performance Tuning Administration Guide

  R76 QoS Administration Guide

  R76 Security Gateway Technical Administration Guide

  R76 Security Management Administration Guide

  R76 SmartEvent Administration Guide

  R76 SmartEvent Intro Administration Guide

  R76 SmartLog Administration Guide

  R76 SmartProvisioning Administration Guide

  R76 SmartReporter Administration Guide

  R76 SmartView Monitor Administration Guide

  R76 SmartView Tracker Administration Guide

  R76 SmartWorkflow Administration Guide

  R75.40VS UTM-1 Edge Administration Guide

  R76 VoIP Administration Guide

  R76 VPN Administration Guide

  R76 VSX Administration Guide

  Additional/Reference Guides

  sk74300 - Optimal Service Upgrade (OSU) from R67.10 / R75.40VS to R75.40VS / R76 / R77 / R77.10 / R77.20 / R77.30

  R76 CLI Reference Guide

  Endpoint Security E80.40 Client User Guide

  R76 CPcode DLP Reference Guide

  R76 SecurePlatform Advanced Routing Suite CLI Reference Guide

  IPSO 6.2 MR4 Release Notes