In This Section: |
Thank you for installing Check Point R80.10 - The cyber security platform of the future. This release integrates R80 management features with new Security Gateway features and enhancements.
Effective 16 October 2018:
The R80.10 image for installation and upgrade has been replaced.
The new R80.10 image includes:
Upgrade stability enhancements:
For the full list of resolved issues in the new image refer to sk120981.
Effective 07 October 2018:
The R80.10 image for installation and upgrade has been replaced.
The new R80.10 image includes:
Upgrade stability enhancements:
For the full list of resolved issues in the new image refer to sk120981.
Effective 18 January 2018:
The R80.10 image for installation and upgrade has been replaced.
The new R80.10 image includes:
For more about R80.10, and to download the software, see the R80.10 Home Page: sk111841
Visit the Check Point CheckMates Community
Visit to learn more about Infinity R80.10.
R80.10 creates a breakthrough in Check Point Security Gateway, matching the R80 security management innovations.
R80.10 is part of Check Point Infinity, a consolidated cyber security architecture that spans networks, cloud, and mobile. It provides the highest level of Threat Prevention against both known and unknown targeted attacks to keep you protected now and in the future.
Enable flexible control over the security policy behavior.
These enhancements were first introduced in R80.
mdsstop
and mdsstart
commands on the Multi-Domain Server are the only way to start and stop Domain Management Servers function. Most Domain Management Server components are handled in one process. This reduces memory consumption and CPU usage.Note - You can do an upgrade simulation using the R80.10 Upgrade Verification and Environment Simulation Service. The service notifies you about possible policy verification failure.
For all licenses issues contact Account Services.
CPUSE is the installation and upgrade method supported for this release. To learn more about CPUSE, see sk92449.
Upgrade with the Supported Methods for your current installation.
From R80 to R80.10:
Component |
Supported Methods |
---|---|
Security Management Server |
|
Multi-Domain Server |
From R75.40, R75.45, R75.46, R75.47, R75.40VS, R76, R77, R77.10, R77.20, R77.30 to R80.10:
Component |
Supported Methods |
---|---|
Security Management Server |
|
Multi-Domain Server |
|
Security Gateway |
|
VSX |
CPUSE Upgrade (from R77 only) Earlier versions: Use instructions in sk101518 |
CloudGuard Controller |
CPUSE Upgrade (from R77.30 only) |
To upgrade from R77.20 or R77.30 with the Add-on: It is not necessary to uninstall the Add-on. Remove these unsupported features: Modbus support with the Application Control Software Blade, "SAML" Cloud Connector for web based single sign on.
Note: User Defined reports will be migrated during the upgrade to the SmartConsole reports. Report Scheduling and email server definitions will not be migrated and need to be defined.
Required Disk Space for Security Management Server, Security Gateway, or Standalone:
Before installation or upgrade, CPUSE verifies that enough free disk space is available. If the space available is not sufficient, a message shows what is required.
This table shows the disk space required for some packages.
Installation or Upgrade Type |
Management Server or Standalone, Security Gateway or Cluster Member |
---|---|
R80.10 Clean Install or R80.10 Major Upgrade |
The minimum required unpartitioned disk space is the highest value of one of these:
|
R80.10 Minor Upgrade from R80 |
3.3GB in root partition, and 2.2GB in log partition Not relevant for Security Gateway |
If you do not have enough disk space, you can use the Logical Volume Manager (lvm) to increase the disk space of logical volumes on Gaia.
This space is taken from the unallocated disk space, which is usually used for snapshots and upgrades. See sk95566
Required Disk Space for Multi-Domain Server:
Before you run a clean install of R80.10 on Multi-Domain Servers, make sure that at least 10 GB of free disk space in the root partition is available. For an environment with many Domain Management Servers, more than 10 GB of free disk space is often required.
Standalone and Management Servers boot by default with 64-bit on clean install and upgrade to R80.10.
Note - If you revert an R80.10 upgrade, the appliance will still boot with 64-bit, even if it was originally 32-bit.
Management Servers
Component |
Smart-1 |
Smart-1 |
---|---|---|
Security Management Server |
ü |
ü |
Log Server |
ü |
ü |
SmartEvent Server |
ü |
ü |
Multi-Domain Server |
|
ü |
Multi-Domain Log Server |
|
ü |
Smart-1 Appliances
Appliance |
Management |
Management + |
Management + |
Gen V Smart-1 |
ü |
ü |
ü |
Smart-1 225, 3050, 3150 |
ü |
ü |
ü |
Smart-1 210 (16GB RAM) |
ü |
ü |
ü |
Smart-1 210 (8GB RAM) |
ü |
ü |
|
Smart-1 205 (16GB RAM)* |
ü |
ü |
ü |
Smart-1 205 (4GB RAM)* |
ü |
|
|
Smart-1 150 (16GB / 32GB RAM) |
ü |
ü |
ü |
Smart-1 150 (8GB RAM)* |
ü |
ü |
|
Smart-1 50 (16GB / 32GB RAM) |
ü |
ü |
ü |
Smart-1 50 (4GB)* |
ü |
|
|
Smart-1 25B* |
ü |
|
|
* These Smart-1 appliances with default memory can run Security Management OR Log Server OR SmartEvent.
Security Gateway and Standalone (Gateway + Management)
The model numbers in this table are for the series of appliances that support R80.10.
Appliance Series |
Security Gateway |
Standalone (Gateway + Management) |
2200 |
ü |
|
3000 |
ü |
ü |
4000 |
ü |
* |
5000 |
ü |
ü |
12000 |
ü |
12600* |
13000 |
ü |
ü |
15000 |
ü |
ü |
21000 |
ü |
ü |
23000 |
ü |
ü |
* The 4200 appliance does not support a Standalone deployment.
These appliance models do not support a Standalone deployment with their default RAM (4GB): 4400, 4600, 4800, 12200, and 12400.
Upgrade these models to at least 8 GB RAM to support a Standalone deployment.
Threat Emulation
TEX100x, TEX250x, TEX1000X and TEX2000x appliances are fully supported with R80.10 Jumbo Hotfix Accumulator Take 154 and higher.
R80.10 servers are designed to utilize available hardware resources efficiently to maximize performance and scalability. We recommend that you leverage this advantage and use the most powerful hardware available to get the best performance.
Component |
Security Gateway |
VSX Gateway |
Security Management Server / Standalone |
Multi-Domain Server |
---|---|---|---|---|
Processor |
Intel Pentium IV, |
Intel Pentium IV, |
Intel Pentium IV, |
Dual Socket 2x |
Total CPU Cores |
2 |
2 |
2 |
8 |
Memory |
4 GB RAM |
4 GB RAM |
6 GB RAM |
32 GB RAM |
Free Disk Space |
15 GB |
12 GB + |
500 GB (Installation includes OS) |
1 TB (Installation includes OS) |
Check Point Product |
Physical RAM Limit |
---|---|
Security Management Server, or Multi-Domain Security Management |
512 GB |
Security Gateway, or Cluster Member |
256 GB |
Component |
Red Hat Enterprise Linux* |
VMware ESXi |
Microsoft Hyper-V |
---|---|---|---|
Security Management Server |
5.5, 6.8, 7.3 |
5.x, 6.x |
Windows 2012 R2 |
Multi-Domain Server |
5.5, 6.8, 7.3 |
5.x, 6.x |
Windows 2012 R2 |
Security Gateway |
Not supported |
5.x, 6.x *** |
Not certified** Certified for *** |
* To install R80.10 on Linux, contact Check Point Support.
** For the most updated information about Microsoft Hyper-V, see the Virtual Machines section of the Hardware Compatibility List.
*** Check Point CloudGuard IaaS Virtual Edition (VE) is supported with 1 core systems and 4G RAM for a Security Gateway on ESXi, Hyper-V and KVM with Firewall and NGTP.
Software Blade / Product |
Build Number |
Verifying Build Number |
---|---|---|
Gaia |
479 |
|
Security Gateway |
439 |
|
Security Management |
192 |
|
Multi-Domain Server |
237 |
|
SmartConsole |
991140073 |
Menu > About Check Point SmartConsole |
R80.10 Management Servers can manage Security Gateways of these versions:
Gateway Type |
Release Version |
---|---|
Security Gateway |
R75.20, R75.30, R75.40, R75.45, R75.40VS, R75.46, R75.47, |
VSX Gateway |
R75.40VS and higher |
R80.10 Management Servers can manage appliance Security Gateways of these versions:
Appliance |
Release Version |
---|---|
Security Gateway 80 |
R75.20.x |
UTM-1 Edge N |
8.1 and higher |
1100 Appliances |
R75.20.x, R77.20.x |
1200R Appliances |
R77.20.x |
1400 Appliances |
R77.20.x |
60000/40000 Scalable Platforms |
R76SP, R76SP.10, R76SP.20, R76SP.30, R76SP.40 for 61000/41000 R76SP.50 for 61000/41000 and 64000/44000 |
The maximum number of interfaces supported (physical and virtual) is shown in this table.
Mode |
Max # of Interfaces |
Notes |
---|---|---|
Security Gateway |
1024 |
Non-VSX |
VSX Gateway |
4096 |
Includes VLANs and Warp Interfaces |
|
|
|
Note - This table applies to Check Point Appliances and Open Servers.
Cluster Type |
Maximum Supported Number |
---|---|
ClusterXL |
5 |
Virtual System Load Sharing |
13 |
R80.10 supports these Hardware Health Monitoring features for Gaia Check Point appliances:
Check Point Appliances |
Smart-1 |
SNMP Hardware sensor monitoring (polling and traps) |
ü |
Gaia Portal hardware sensor monitoring |
ü |
RAID monitoring with SNMP |
ü |
Open Servers:
Hardware Sensors: Use the Gaia Portal or SNMP to monitor fan speed, motherboard voltages, power supply health, and temperatures. Some open servers are supported with an IPMI interface card that requires an IPMI card.
Note - IPMI is an open standard. We cannot guarantee the Hardware Health Monitoring performance on all systems and configurations. |
Logs can be stored on:
A dedicated Log Server has greater capacity and performance than a Security Management Server with an activated logging service. On dedicated Log Servers, the Log Server must be the same version as the Management Server.
You can install a SmartEvent Server on a Security Management Server or on a different, dedicated server. SmartEvent R80.10 can connect to a different version of Log Server - R77.xx or earlier.
Usually SmartEvent and a SmartEvent Correlation Unit are installed on the same server. You can also install them on separate servers, for example, to balance the load in large logging environments. The Correlation unit must be the same version as SmartEvent.
To deploy SmartEvent and to generate reports, a valid license or contract is required.
This table shows the minimum hardware requirements for SmartConsole applications:
Component |
Minimal Requirement |
---|---|
CPU |
Intel Pentium Processor E2140, or 2 GHz equivalent processor |
Memory |
4 GB |
Available Disk Space |
2 GB |
Video Adapter |
Minimum resolution: 1024 x 768 |
SmartConsole is supported on:
The Gaia Portal supports these web browsers:
Browser |
Supported Versions |
---|---|
Google Chrome |
14 and higher |
Microsoft Internet Explorer |
8 and higher |
Microsoft Edge |
Any |
Mozilla Firefox |
6 and higher |
Apple Safari |
5 and higher |
The Threat Emulation requirements are different based on the emulation location:
OS Compatibility
Endpoint OS Compatibility |
Windows |
Linux |
Mac |
iOS |
Android |
---|---|---|---|---|---|
Mobile Access Portal |
ü |
ü |
ü |
ü |
ü |
Clientless access to web applications (Link Translation) |
ü |
ü |
ü |
ü |
ü |
Compliance Scanner |
ü |
ü |
ü |
|
|
Secure Workspace |
ü |
|
|
|
|
SSL Network Extender - Network Mode |
ü |
ü |
ü |
|
|
SSL Network Extender - Application Mode |
ü |
|
|
|
|
Downloaded from Mobile Access applications |
ü |
ü |
ü |
|
|
Clientless Citrix |
ü |
ü |
ü |
|
|
File Shares - Web-based file viewer (HTML) |
ü |
ü |
ü |
ü |
ü |
Web mail |
ü |
ü |
ü |
ü |
ü |
Browser Compatibility
Endpoint Browser Compatibility |
Microsoft |
Microsoft |
Google |
Mozilla |
Apple |
Opera |
---|---|---|---|---|---|---|
Mobile Access Portal |
ü |
ü |
ü |
ü |
ü |
ü |
Clientless access to web applications (Link Translation) |
ü |
|
ü |
ü |
ü |
ü |
Compliance Scanner |
ü |
|
*ü |
ü |
ü |
|
Secure Workspace |
ü |
|
*ü |
ü |
|
|
SSL Network Extender - Network Mode |
ü |
|
*ü |
ü |
ü |
|
SSL Network Extender - Application Mode |
ü |
ü |
*ü |
ü |
|
|
Downloaded from Mobile Access applications |
ü |
|
ü |
ü |
ü |
|
Clientless Citrix |
ü |
|
|
ü |
|
|
File Shares - Web- based file viewer (HTML) |
ü |
ü |
ü |
ü |
ü |
ü |
Web mail |
ü |
|
ü |
ü |
ü |
ü |
* Google Chrome support for Mobile Access Portal on-demand clients, such as SSL Network Extender, Secure Workspace, and Endpoint Security on Demand, requires Java JRE 32-bit installed on the end-user's computer.
See Clients and Agents Support by Windows Platform and Clients and Agents Support by Mac Platform for:
Active Directory for AD Query is supported on:
Microsoft Windows Server 2003, 2008, 2008 R2, 2012.
These are the minimum requirements to enable Endpoint Policy Management on a Security Management Server:
Component |
Requirement on all Supported Operating Systems |
---|---|
Number of CPU Cores |
4 |
Memory |
8GB RAM |
Disk Space |
100GB |
For more information, see the R80.10 Endpoint Security Administration Guide and Endpoint Security Client User Guides for your version.
This release adds multiple login options per Security Gateway with multi-factor authentication schemes, for users of different clients and the Mobile Access portal. For example, configure an option to authenticate with Personal Certificate and Password, or Password and DynamicID for SMS or email.
These features are supported when connected with to an R80.10 gateway that has IPsec VPN or Mobile Access enabled.
Supported Client or Portal |
Lowest Supported Version |
---|---|
Mobile Access Portal |
R80.10 |
Capsule Workspace for iOS |
1002.2 |
Capsule Workspace for Android |
7.1 |
Remote Access Clients - Standalone clients |
E80.65 |
Remote Access VPN Blade of the Endpoint Security Suite |
E80.65 |
See the R80.10 Mobile Access Administration Guide or the R80.10 Remote Access VPN Administration Guide for details.
Microsoft Windows 7 higher
In this table, Windows 7 support is true for Ultimate, Professional, and Enterprise editions. Windows 8 support is true for Professional and Enterprise editions. All the marked consoles and clients support 32-bit and 64-bit, unless the table shows 32-bit only.
Check Point Product |
Windows 7 |
Windows 8 |
Windows 8.1 |
Windows 10* |
---|---|---|---|---|
Remote Access clients E75.x/E80.x |
ü |
ü |
ü |
ü |
Capsule VPN Plug-in |
|
|
ü |
ü |
SSL Network Extender |
ü |
ü |
ü |
ü |
UserCheck Client |
ü |
ü |
|
ü |
Identity Agent (Light and Full) |
ü |
ü |
ü |
ü |
Identity Agent for Terminal Servers |
ü |
ü |
ü |
ü |
SecureClient |
ü |
|
|
|
*For supported Windows 10 builds, see Windows 10 Support.
Note - Identity Agent for Terminal Servers is also supported on Citrix version 6. |
Microsoft Windows XP and Vista
Check Point Product |
XP Home (SP3) 32-bit |
XP Pro (SP3) 32-bit |
Vista (SP2) 32-bit |
Vista (SP1) 64-bit |
---|---|---|---|---|
Remote Access clients E75.x |
ü |
ü |
ü |
ü |
SSL Network Extender |
ü |
ü |
ü |
ü |
UserCheck Client |
|
ü |
ü |
|
Identity Agent (Light and Full) |
ü |
ü |
ü |
ü |
Identity Agent for Terminal Servers |
|
|
|
ü |
SecureClient |
ü |
ü |
ü |
|
Microsoft Windows Server
Check Point Product |
Server 2003 |
Server 2008 |
Server |
Server |
Server |
---|---|---|---|---|---|
UserCheck Client |
ü |
ü |
|
|
|
DLP Exchange Agent |
ü |
ü |
ü |
ü |
|
Identity Agent for Terminal Servers |
ü |
ü |
ü |
ü |
ü |
Note: DLP Exchange Agent supports Microsoft Exchange Server 2007 and 2010 on Windows Servers 64-bit. A 32-bit version is available for demonstration or educational purposes. DLP Exchange Agent supports Microsoft Exchange Server 2013 on Windows Server 2012 64-bit.
Check Point Product |
Mac OS X 10.6 |
Mac OS X 10.7 |
Mac OS X 10.8 |
Identity Agent (Light and Full) |
32-bit / 64-bit |
32-bit / 64-bit |
64-bit |
Endpoint Security VPN E75 or higher |
32-bit / 64-bit |
32-bit / 64-bit |
64-bit |
Endpoint Security Client E80.40 or higher |
32-bit / 64-bit |
32-bit / 64-bit |
64-bit |
SecureClient |
32-bit |
32-bit |
No |
The R80.10 DLP Exchange Agent is supported on:
Windows Server |
Exchange Server |
---|---|
2012 R2 64-bit |
2010, 2013 |
2016 64-bit |
2016 |
For earlier server versions, use the R77.30 DLP Exchange Agent.