Support Center > Search Results > SecureKnowledge Details
Support Center
The information you are about to copy is INTERNAL! DO NOT share it with anyone outside Check Point.
 Print    Email
Check Point R76

Solution ID: sk91140
Product: Security Gateway, Security Management, Multi-Domain Management / Provider-1, UTM-1, Power-1, 2012 Models Security Appliances, Smart-1, Edge, ClusterXL, IPS / Web Intelligence, VSX, Anti-Bot, DLP, Identity Awareness, SmartReporter / Eventia Reporter, SmartEvent / Eventia Analyzer, IPSec VPN
Version: R76
Date Created: 23-Oct-2013
Last Modified: 19-Feb-2015
Rate this document
[1=Worst,5=Best]
Solution

Table of Contents

  • What's New in R76
  • R76 Downloads
  • R76 Tools
  • R76 Released Hotfixes
  • R76 Documentation

 

For more information on Check Point releases see: release map, upgrade map, backward compatibility map.
For more information on R76, see the R76 Release Notes, R76 Known Limitations, and R76 Resolved Issues. You can also visit our Firewall and VPN Blades forum or any other Check Point discussion forum to ask questions and get answers from technical peers and Support experts.

 

What's New in R76

IPv6 Support

R76 extended support for IPv6 includes:

  • Gaia operating system:

    • Interface configuration
    • SNMP
    • RADIUS.
    • First Time Configuration Wizard.
    • OSPFv3
    • BGP
    • VRRP
  • Access Policy:

    • Firewall support, including dynamic objects and time objects
    • Full Stateful Inspection for IPv6 connections
    • NAT66
  • Central Management:

    • IPv6 support for all communications between Security Gateways, Security Management Servers, and SmartDashboard
    • Dual-stack definition support for all network objects
    • IPv6 address support in all IP containers
    • Multiple IPv6 range support for objects
    • IPv4 and IPv6 support in Get Topology
  • Management Software Blade IPv6 Support:

    • Network Policy Management
    • SmartView Monitor
    • SmartEvent
    • SmartLog
  • Security Gateway Software Blade IPv6 Support:

    • Security Gateway
    • Identity Awareness
    • IPS Application and URL Filtering, Acceleration & Clustering HA
    • Anti-Bot, Anti-Virus, and Anti-Malware
  • Virtual System (VSX) IPv6 support
  • Support for IPv6-only Security Gateway and IPv6-only Security Management Server
  • Site-to-Site IPSec VPN
  • Authentication - RADIUS and LDAP
  • UserCheck (for all Software Blades that support IPv6)


Note: Every fw command has a corresponding fw6 command for CLI control in IPv6.

Check Point Mobile for iOS

  • Secure container for mail, calendar, contacts, documents, and web applications
  • Protects business data while providing an easy end-user experience on managed and unmanaged devices (BYOD)
  • Seamless access to Document Security protected documents in the secure container
  • Passcode for the secure container protects access to your organizational resources without requiring a device passcode
  • More supported authentication methods: User/Password, personal certificate, RSA, RADIUS, DynamicID SMS
  • Online only option - Prevents storing any business data on the device
  • Offline mode option - Encrypts business data stored on the device

Mobile Access Enhancements

  • New SmartDashboard windows for internal certificate management:
    • Easier search.
    • Batch key generation for groups and OUs.
  • Certificate management.
  • Mass distribution of client applications to users with UserCheck Email templates.
  • Unified, easy-to-read, comprehensive remote access login logs.
  • Mobile Access wizard for easy connection to Exchange server.

DLP Enhancements

  • Fingerprinting: Protect files residing in network repositories. The gateway scans repositories and prevents files or parts of files from leaving the organization.
  • Whitelist policy: easily define files that will not be matched by the DLP engine.
    • Upload specific files to the Security Management server, or create a network repository.
  • DLP is now fully user aware for all protocols.
    • Use Access Roles in DLP rule base.
    • DLP email notifications to end-users for violations on all protocols.
  • UserCheck client single sign on.
  • UserCheck notification configuration and multi-language support.
  • SMTP Mirror mode for easy DLP Proof of Concept.

New Appliance and Hardware Support

  • New 21600 appliances.
  • New 21700 appliances.
  • Support for DDoS Protector appliances.
  • Security Acceleration Module (supported for IPv4 and Gateway Mode only)
  • Support for Bypass Card (FONIC) on 4000 and 12000 appliances. See sk85560 for more information.

Endpoint Security Blade

The Endpoint Policy Management Blade lets you manage and enforce Endpoint Security policies on Windows and Mac computers. Endpoint Security Software Blades include:

  • Media Encryption
  • Full Disk Encryption
  • Firewall
  • Compliance
  • WebCheck
  • Application Control

When the Endpoint Policy Management blade is enabled, the Security Management Server also becomes an E80.40 Endpoint Security Management Server that manages E80.40 and earlier Endpoint Security clients, with R76 SmartEndpoint.

Application and URL Filtering Enhancements

  • Enhanced options to filter HTTPS without SSL inspection
  • Enhanced options for search engine results:
    • Enforce search engine safe-search
    • Filter cached and translated pages from search engine results
  • Enhanced reporting:
    • Detailed user activity reports.
    • Filter reports by user group
    • Web browsing time shown in logs, events, and reports.
    • Dedicated permission to generate SmartEvent reports

SmartLog and SmartEvent

  • New Timeline view in SmartLog for better understanding and orientation of search results.
  • Reporting enhancements for Application and URL Filtering
  • SmartEvent tripled scale. See the SmartEvent Sizing Guide sk87263.

Anti-Bot and Anti-Virus

  • Improved scanning and recognition of bots and viruses.
  • UserCheck support.
  • Rulebase exceptions can be based on URLs.

VPN

  • AES performance enhancements for high end appliances (12400, 12600, and 21000 series): Increased Site-to-Site VPN and Remote Access throughput.
  • HTTPS Inspection black-list automatic updates.
  • Increased session rate for Identity Awareness Captive Portal.

DDoS/DoS Performance Enhancements

During a DoS or DDoS attack, these SecureXL features can be activated to mitigate the attack:

  • Penalty box - Early drop of packets arriving from suspected sources, for better performance under heavy load, such as caused by a DDoS attack. See sk74520.
  • Optimized drops under heavy load - Dropped traffic is accelerated by SecureXL, reducing gateway resource consumption during heavy load. See sk90861 and sk90941 for advanced configurations.
  • Rate Limiting for DoS Mitigation - Policy limits traffic from specific sources and services. See the R76 Security Gateway Technical Administration Guide.

More Software Blade Enhancements

  • Identity Awareness: new, rich logon logs.
  • IPS:


  • Monitoring: Netflow service support to collect data on traffic patterns and volume.

Gaia Enhancements

  • WebUI and CLI configuration for Multi-Queue and CoreXL. See R76 Performance Tuning Administration Guide.
  • WebUI and CLI support for IPv6 addresses.
  • RADIUS, SNMP, NTP and Proxy support for IPv6.
  • Dynamic Routing protocol support for IPv6: OSPFv3 and BGPv4.
  • VRRPv3 support with IPv6.
  • Database engine optimization that improves administrative command performance by 80%.
  • Extended support for maximum physical memory for open servers running Multi-Domain Security Management up to 128GB.
  • Manage Proxy ARP entries.
  • Manage the behavior of Core Dumps.

 

R76 Downloads

Note: In order to download some of the packages you will need to have a Software Subscription or Active Support plan.

Software Download Matrix

Note: Solaris is a legacy platform, unsupported for new installations. You can migrate the Solaris database to Windows, SecurePlatform, and Gaia, from Check Point versions in the Supported Upgrade Paths listed below.

You can upgrade these Security Management Server and Security Gateway versions to R76:

  • R71.50
  • R75, R75.10, R75.20, R75.30, R75.40, R75.45, R75.40VS

Fresh Installation

Platform Hardware \ Appliance Gateway with Integrated Management (Standalone) Security Management Server Security Gateway VSX Gateway Multi-Domain Security Management
Gaia 2012 Models Appliances

-
-
UTM-1 Appliances -
(3070)
-
Power-1 Appliances - -
(9070, 11000)
-
IP Appliances Disk Based -
(1280, 2450)
-
Smart-1 Appliances -
(5, 25, 50)
- -
(50, 150)
Open Servers
SecurePlatform

2012 Models Appliances and UTM-1 Appliances

- - -
Power-1 Appliances - - - -
Smart-1 Appliances
-
(5, 25, 50)
- -
(50, 150)
Open Servers -
RHEL 5.0/ RHEL 5.4 Open Servers - - -
IPSO 6.2 Disk Based * IP150, IP280, IP290, IP390, IP560, IP690, IP1280, IP2450 and and and - -
IPSO 6.2 Flash Based * IP290, IP390, IP560, IP690, IP1280, IP2450 - - and - -
Windows   (ISO)
(ZIP)
(ISO)
(ZIP)
(ISO)
(ZIP)
- -

* Important: Fresh Installation on IPSO 6.2 (both for Disk Based and for Flash Based) requires IPSO 6.2 MR4. See IPSO 6.2 MR4 Release Notes.

 

CPUSE Offline Packages

You can use Gaia Offline Packages for R76 CPUSE upgrade, for Security Gateways and Management Servers that do not have Internet connectivity.

Download and install the latest build of Gaia Software Updates Agent.

Hardware / Appliance, Gaia OS R76 Fresh Install
All Check Point Appliances, Disk-Based IP Appliances and Open Servers

 

Upgrade

Target Platform Hardware \ Appliance Gateway with Integrated Management (Standalone) Security Management Server Security Gateway VSX Gateway Multi-Domain Security Management
Gaia 2012 Models Appliances
(ISO)
(TGZ)
- (ISO)
(TGZ)
-
UTM-1 Appliances
(ISO)
(TGZ)
- (ISO)
(TGZ)
-
Power-1 Appliances
- - (ISO)
(TGZ)
-

IP Appliances

and
or
and
- and
or
and
and
or
and
-
Smart-1 Appliances - (ISO)
(5, 25, 50)

(TGZ)
(5, 25, 50)
- - (ISO)
(50, 150)
Open Server (ISO)
(TGZ)
(ISO)
(TGZ)
(ISO)
(TGZ)
(ISO)
(TGZ)
(ISO)
SecurePlatform

2012 Models Appliances and UTM-1 Appliances

- - -
Power-1 Appliances
- - - -
Smart-1 Appliances -
(5, 25, 50)
- -
(50, 150)
Open Servers (ISO)
(TGZ)
(ISO)
(TGZ)
(ISO)
(TGZ)
-
RHEL 5.0/ RHEL 5.4 Open Servers - (ISO) - -

IPSO 6.2 Disk Based *

IP150, IP280, IP290, IP390, IP560, IP690, IP1280, IP2450 and and and - -

IPSO 6.2 Flash Based *

IP690, IP1280, IP2450 - - and - -
Windows   (ISO)
(ZIP)
(ISO)
(ZIP)
(ISO)
(ZIP)
- -

* Important:

  • Upgrade on IPSO 6.2 (both for Disk Based and for Flash Based) requires IPSO 6.2 MR4 or later IPSO release. For information, including memory size limitations, please see sk92306 (Check Point IPSO 6.2 MR4 and MR4a).
  • Upgrade on IPSO 6.2 is not supported from the R75.40VS version.

     

    R76 Tools

    GUI

    Platform GUI
    Windows - SmartConsole and SmartDomain Manager (EXE)

     

    Tools

    Management Tools Gaia SecurePlatform & Linux IPSO Windows Solaris
    Management Server Migration Tool (TGZ) (TGZ) (TGZ) (TGZ) (TGZ)
    See R76 Release Notes
    Multi-Domain Server Export Tool - - - - (ISO)
    See R76 Release Notes
    IP Series Boot Manager (SH) - (SH) - -
    Gaia Upgrade Verifier from IPSO - - (SH) - -
    Gaia Upgrade Package for IPSO 6.2 IP Appliances - - (TGZ)
    (TGZ)
    - -

     

    Agent

    Agent Windows
    DLP Exchange agent (MSI)

     

    R76 Released Hotfixes

    The following hotfixes are available on top of R76:

    Released Hotfixes
    sk100195 - Potential Denial of Service (DoS) which might be triggered by a certain traffic condition on Security Gateways when Anti-Virus or Anti-Bot blades are enabled
    sk92475: Using 'Block List' / 'Allow List' feature in Anti-Spam Blade causes policy installation failure
    sk92464: Anti-Virus / Anti-Bot policy enforcement issue on VSX gateways
    sk91320: Traffic that should be blocked by Application Control might pass when two custom applications get the same UID in SmartDashboard
    sk92626: Cannot login to SmartEvent R76 connected to R75.40 management or older
    sk92766: SmartEvent stops getting new events
    sk92786: 'Failed to update VSX cluster_private_network object' error when running 'vsx_util upgrade' command and upgrading a Crossbeam VSX object to R76
    sk92812: VSX Virtual System might be left without 'Default Policy' if installation of policy fails
    sk92623: 'No valid license found on Security Management Server' error when trying to connect with SmartUpdate GUI to R76 Security Management Server
    sk92592: IPv6 support enhancement Hotfix
    sk92638: Migrating IP-Series Appliances to Gaia Running on 2012 Appliances
    sk94490: Check Point response to OSPF LSA spoofing vulnerability (CVE-2013-0149)
    sk94847: Date format in SmartEvent timeline is not changeable
    sk97987: Some SSL VPN functionality breaks as a result of a Java update to version 7 update 51 (7u51) and above
    sk98814: Some protections may not work for specific HTTP evasions in R77.10 / R77 / R76
    sk100431 - Important security and stability enhancements for Security Gateway
    sk101186 - SSL/TLS MITM vulnerability (CVE-2014-0224)

     

    R76 Documentation

    R76 Documentation
    Release Notes and Upgrade Guides
    R76 Release Notes
    R76 Documentation Package
    R76 Installation and Upgrade Guide
    Administration Guides
    R76 Gaia Administration Guide
    R76 SecurePlatform Administration Guide
    R76 Application Control & URL Filtering Administration Guide
    R76 Anti-Bot & Anti-Virus Administration Guide
    R76 ClusterXL Administration Guide
    R76 Data Loss Prevention Administration Guide
    Endpoint Security E80.40 Administration Guide
    R76 Firewall Administration Guide
    R76 Gaia Advanced Routing Administration Guide
    R76 Identity Awareness Administration Guide
    R76 IPS Administration Guide
    R76 Mobile Access Administration Guide
    R76 Multi-Domain Security Management Administration Guide
    R76 Performance Tuning Administration Guide
    R76 QoS Administration Guide
    R76 Security Gateway Technical Administration Guide
    R76 Security Management Administration Guide
    R76 SmartEvent Administration Guide
    R76 SmartEvent Intro Administration Guide
    R76 SmartLog Administration Guide
    R76 SmartProvisioning Administration Guide
    R76 SmartReporter Administration Guide
    R76 SmartView Monitor Administration Guide
    R76 SmartView Tracker Administration Guide
    R76 SmartWorkflow Administration Guide
    R75.40VS UTM-1 Edge Administration Guide
    R76 VoIP Administration Guide
    R76 VPN Administration Guide
    R76 VSX Administration Guide
    Additional/Reference Guides
    sk74300 (Optimal Service Upgrade (OSU) from R67.10 to R75.40VS and R76)
    R76 CLI Reference Guide
    Endpoint Security E80.40 Client User Guide
    R76 CPcode DLP Reference Guide
    R76 SecurePlatform Advanced Routing Suite CLI Reference Guide
    IPSO 6.2 MR4 Release Notes

  • Give us Feedback
    Rate this document
    [1=Worst,5=Best]
    Additional comments...(Max 2000 characters allowed)
    Characters left: 2000