Check Point R80.20. What will be new?
Not all had time to switch to R80.10, as Check Point announced the imminent release of a new version of the OS - Gaia R80.20 . Of course this is good news. Estimated date of official release - the end of the second quarter of 2018 (ie, in the summer). Moreover, the EA (early access) program is launched, i.e. R80.20 already can try! If interested, you can write to us . Below we consider the main innovations and how they will be useful.
What's new?
There is an official list of improvements and new features. Go through the list.
')
What's new in R80.20?
Threat Prevention Indicators (IoC) API
Threat Prevention Layers
MTA monitoring:
MTA configuration enhancements:
Managing features that are included in R77.30.03:
Management of new blades:
New features in existing blades:
Anti-Malware:
Acceleration
With Falcon Acceleration Cards:
- NGFW / NGTP / NGTX & HTTPS Inspection Acceleration Supporting.
- QoS acceleration.
- Firewall only acceleration - low-latency, high packet and session rates.
- VSX support.
Additional software enhancements:
- Session rate improvements on high-end appliances (including 2012 appliances and 13000 and above appliances).
- Acceleration is enabled during policy installation.
- HTTPS Inspection performance improvements.
Threat prevention
Threat Prevention Indicators (IoC) API
- Management API support for Threat Prevention Indicators (IoC).
- Add, delete, and view indicators through the management API.
Threat Prevention Layers
- Support layer sharing.
- Support setting.
MTA (Mail Transfer Agent)
MTA monitoring:
- E-mails e-mails in queue.
MTA configuration enhancements:
- Setting a next-hop server by domain name.
- Stripping or neutralizing malicious links from e-mails.
- Adding a customized text to a malicious e-mail's body or subject.
- Malicious e-mail tagging using an X-header.
- Sending a copy of the malicious e-mail.
- Anti-Virus Security Gateway.
Threat emulation
- SmartConsole support for multiple Threat Emulation Private Cloud Appliances.
- SmartConsole support for Blocking files types in archives.
Clustering
- Sync redundancy support (over bond interface).
- Automatic CCP mode (either Unicast, Multicast or Broadcast mode).
- Unicast CCP mode.
- Enhanced state and failover monitoring capabilities.
- OSPFv3 (IPv6) clustering support.
- New cluster commands in Gaia Clish.
Advanced routing
- Allow AS-in-count.
- IPv6 MD5 for BGP.
- IPv6 Dynamic Routing in ClusterXL.
- IPv4 and IPv6 OSPF multiple instances.
- Bidirectional Forwarding Detection (BFD) for gateways and VSX, including IP Reachability detection and BFD Multihop.
Identity Awareness
- Access Roles matching.
- Identity Collector support for Syslog Messages - ability to extract identities from syslog notifications.
- Identity Collector support for NetIQ eDirectory LDAP Servers.
- Transparent Kerberos SSO Authentication for Identity Agent.
- Two Factor Authentication for Browser-Based Authentication (Support for RADIUS Challenge / RSA SecurID next Token / Next PIN mode).
- New configuration container for Terminal Servers Identity Agents.
- It doesn’t need to connect to the Active Directory environment.
- Active Directory cross-forest trust support for Identity Agent.
- Identity Agent automatic reconnection to prioritized PDP gateways.
Mirror and Decrypt
- Decryption and clone of HTTP and HTTPS traffic.
- Forwarding traffic for mirroring purposes.
Hardware Security Module (HSM)
- Enhancement of outbound HTTPS Inspection with a Gemalto SafeNet HSM Appliance.
- SSL keys are stored when using HTTPS Inspection.
Security management
- Multiple simultaneous sessions in several SmartConsole sessions.
- Syslog server (previously supported in R77.30) - Syslog server can be configured.
SmartProvisioning
- Integration with SmartProvisioning (previously supported in R77.30).
- Support for the 1400 series appliances.
- Administrators can now use SmartProvisioning in parallel with SmartConsole
Access policy
- New Wildcard Network object supported in Access Control policy.
- Simplified management of network objects in a security policy.
- HTTPS Inspection now works in conjunction with HTTPS web sites categorization. HTTPS traffic that is bypassed will be categorized.
- Rule Base navigation and scrolling.
- Global VPN Communities. Previously supported in R77.30.
vSEC Controller Enhancements
- Integration with Google Cloud Platform.
- Integration with Cisco ISE.
- Automatic license management with the vSEC Central Licensing utility.
- Monitoring capabilities integrated into SmartView.
- vSEC Controller support for 41000, 44000, 61000, and 64000 Scalable Platforms.
Additional Enhancements
- HTTPS Inspection support for IPv6 traffic.
- Improvements for IPS and higher gateways with IPS.
- Network defined by routes - gateway's topology is automatically configured based on routing.
- Update packages are saved for 30 days, older packages are purged.
Endpoint Security Server
Managing features that are included in R77.30.03:
Management of new blades:
- SandBlast Agent Anti-Bot.
- SandBlast Agent Threat Emulation and Anti-Exploit.
- SandBlast Agent Forensics and Anti-Ransomware.
- Capsule Docs.
New features in existing blades:
- Full Disk Encryption.
- Offline Mode.
- Self Help Portal.
- XTS-AES Encryption.
- New options for the Trusted Platform Module (TPM).
- New options for managing Pre-Boot Users.
- Media Encryption and Port Protection.
- New options to configure encrypted container.
- Optical Media Scan.
Anti-Malware:
- Web Protection.
- Advanced Disinfection.
With your permission, I will not translate. As you can see, a lot of improvements. We will not discuss the entire list. I'd better tell you what features in our opinion are the most interesting and why you should definitely think about updating.
Hardware Acceleration Card
In addition to various improvements in HTTPS inspection, you can see that one of the new features of the R80.20 is support for the Acceleration Card. These cards are supposed to be used to decrypt HTTPS traffic in order to unload the Check Point gateway itself. Also, these cards can be used not only to decrypt SSL, but also simply to process packets, if the gateway itself does not cope with the peak load. Physical modules can be inserted into all devices from the 5000th series. This is great news, given the trend to increase the share of SSL traffic. We talked about the importance of HTTPS inspection and the configuration process earlier .
Endpoint improvements
For some reason, many people forget that Check Point is not only perimeter protection. They have excellent endpoint agents, which include almost all the necessary protection functions. These are antivirus, firewall, anti-bot, disk encryption, control of USB-carriers, sandbox mechanisms, anti-phishing, fornsica module and much more. I think we will devote a separate article to Check Point agents. In R80.20, agent management has become even better with a large number of blades.
Threat prevention
The API was first introduced in the R80 version. It was a long-awaited feature and it is nice that Check Point continues to improve it. We wrote about the API earlier , and very soon there will be a webinar on the topic of API and integration with Splunk. In addition, the function of the ICAP server, which will allow sending files from outside for review (automatically or manually), can be very useful. Also a very welcome feature was the ability to block specific file types (.doc, .exe, .pdf, etc.) contained in the archives.
Identity Awareness
Practically everyone who has Check Point uses this blade. A lot of improvements will surely please many. For us, as integrators, the expected feature was two-factor authentication for Captive Portal. Syslog support (for user identification) will also be a huge plus.
Conclusion
Just tomorrow, our free course Check Point R80.10 Getting Started will be held. If you do not want to miss future similar events, then subscribe to our group VK or Telegram channel.
PS We express our thanks to Aleksey Beloglazov (Check Point company) for the material provided.
Source: https://habr.com/ru/post/351968/
All Articles