Introduction

In This Section:

Thank you for installing Check Point R80.10 - The cyber security platform of the future. This release integrates R80 management features with new Security Gateway features and enhancements.

Important Notes

Effective 16 October 2018:

The R80.10 image for installation and upgrade has been replaced.

The new R80.10 image includes:

Integrated support for 23900 Data Center Appliances. Refer to sk107516.
Check Point response to SegmentSmack (CVE-2018-5390) & FragmentSmack (CVE-2018-5391). Refer to sk134253.

Upgrade stability enhancements:

Upgrade of Security Management Server.
Upgrade of Multi-Domain Server.
SNORT protections enforcement issues after upgrade from R77.x to R80.10.

For the full list of resolved issues in the new image refer to sk120981.

Effective 07 October 2018:

The R80.10 image for installation and upgrade has been replaced.

The new R80.10 image includes:

Integrated support for 23900 Data Center Appliances. Refer to sk107516.
Check Point response to SegmentSmack (CVE-2018-5390) & FragmentSmack (CVE-2018-5391). Refer to sk134253.

Upgrade stability enhancements:

Upgrade of Security Management Server.
Upgrade of Multi-Domain Server.
SNORT protections enforcement issues after upgrade from R77.x to R80.10.

For the full list of resolved issues in the new image refer to sk120981.

Effective 18 January 2018:

The R80.10 image for installation and upgrade has been replaced.

The new R80.10 image includes:

Reduced running time for the First Time Configuration Wizard during Security Management Server installation.
Replacement of Kaspersky Anti-Virus components in accordance with security orders from the United States Department of Homeland Security. Refer to www.checkpoint.com/kaspersky and sk118539.
Integrated support for Smart-1 405 and Smart-1 410 appliances. Refer to sk117578.
Upgrade stability enhancements:
- Upgrade of secondary R80 Security Management Server
- Upgrade of Multi-Domain Server
- Upgrade of R77.x Multi-Domain Log Server using NGX license
- Import of R80.10 Multi-Domain Server using mds_import
Upgrade option from R77.30 with CloudGuard Controller to R80.10 is available in CPUSE.
Resolved CloudGuard Controller for AWS connectivity issues due to CA change. Refer to sk121885.
Gaia Fast Deployment Tool. Refer to sk120193.
Integrated R80.10 Jumbo Hotfix Accumulator Take 42. Refer to sk116380.

Important Links

For more about R80.10, and to download the software, see the R80.10 Home Page: sk111841

R80.10 image replacement, for more information see sk120981
Before you upgrade, see the latest upgrade tools on the Home Page
Read the Known Limitations: sk110519
See issues resolved in this release: sk110518

Visit the Check Point CheckMates Community

Start discussions
Get answers from experts
Join the API community to get code samples and share yours

Visit to learn more about Infinity R80.10.

What's New

R80.10 creates a breakthrough in Check Point Security Gateway, matching the R80 security management innovations.

R80.10 is part of Check Point Infinity, a consolidated cyber security architecture that spans networks, cloud, and mobile. It provides the highest level of Threat Prevention against both known and unknown targeted attacks to keep you protected now and in the future.

Security Policy New Architecture

Policy Layers and Sub-Policies:
Enable flexible control over the security policy behavior.
- Build a rule base with layers, each with a set of the security rules. Layers are inspected in the order in which they are defined, giving control over the rule base flow and precedence of security functionality. If an "Accept" action is done in a layer, inspection continues in the next layer.
- Sub-Policies (Inline Layers) are sets of rules that you attach to specific rules. If the rule is matched, inspection continues in the sub-policy attached to the rule. If the rule is not matched, the sub-policy is skipped.
  For example, a sub policy can manage a network segment or branch office.
- Policy Layers and Sub-Policies can be managed by specific administrators, according to their permission profile, allowing easy responsibility delegation in the team.
Unified Security Policies:
- Access Control policy unifies the Firewall, Application Control & URL Filtering, Content Awareness, and Mobile Access Software Blades policies.
- Threat Prevention policy unifies the IPS, Anti-Virus, Anti-Bot, Threat Extraction, and Threat Emulation Software Blades policies.

Access Control Policy

New Content Awareness Software Blade adds visibility and control over data transfers in the network traffic, using data types based on content, file types, and direction.
Application Control enhancements:
- Added Recommended Services to Applications for easier configuration of the unified policy.
- Applications matched on Recommended Services, customized set of services, or Any service.
- New Protocol Signature added to Service object, to enhance policy matching security and granularity.
Mobile Access policy rules can be defined in the main, unified Access Control Policy:
- Unified rules can define access from different client types to the same resources.
- Explicit rules can block specified Mobile Access traffic.
- Ability to define access to resources from specified client types only.
Security Zones: Group interfaces of Security Gateways into Security Zones for new Source and Destination definitions.
Fully Qualified Domain Names (FQDN): Additional mode for Domain objects, to match fully qualified domain names with forward DNS lookup.
Acceleration of Domain Objects, Dynamic Objects, and Time Objects.
New tracking options in Unified Rule Base.
Improvement of policy installation time duration.

Threat Prevention Policy

Multiple profiles for each Security Gateway, to enforce granular Threat Prevention policies.
Faster Threat Prevention policy installation.
IPS is integrated into the Threat Prevention policy Rule Base and policy installation.
Threat Prevention profiles support IPS protection activation based on property tags.

Significant Improvements and New Features

The new Check Point Labs lets you experience new features and send feedback to Check Point. The first Check Point Labs feature lets you see information on Session changes before you publish.
VPN and Mobile Access Enhancements
- VPN multicore performance with CoreXL multicore scalability for VPN traffic inspected by Next Generation Firewall, Next Generation Threat Prevention, and Next Generation Threat Extraction Software Blades.
- NAT-T support for Site-to-Site VPN.
- TLS 1.2 support for Mobile Access and portals.
- Multiple login options with multi-factor authentication schemes for users of different clients and portals. See Multiple Login Option Support.
- A Mobile Access transparent Reverse Proxy, allowing external users to access internal resources, without the Mobile Access Portal.
Identity Awareness Enhancements
- Up to 200,000 Identity sessions per Security Gateway.
- Gateway REST API to manage identities from 3rd party or customized system.
- Identity Collector - New agent that collects identity information from different sources (AD and ISE), for large environment scalability.
- New RADIUS Accounting attribute parsing and IPv6 support.
- Enhanced handling of nested user groups for AD LDAP using LDAPv3.
- Enforce remote access client type in access role.
- Detect users located behind HTTP proxy using X-Forward-For header granularity per Access Control Policy Layer.
Threat Prevention Enhancements
- Threat Emulation MTA (Mail Transfer Agent) support in VSX. You can run MTA for each Virtual System.
- Threat Extraction support for VSX Gateways.
- Snort rules can be imported from SmartConsole.
- Importing Custom Indicators (IoC) is supported from SmartConsole
NAT Enhancements
- Improved scalability of Hide NAT on high-end multicore gateways
- IP Pool NAT performance enhancement - CoreXL multicore scalability for IP Pool NAT connections.
Gaia Enhancements
- Netflow support for IPFIX (with NAT and IPv6 flow records).
- IPv6 DHCP relay with ClusterXL (Gateway and VSX modes).
Dynamic Routing Enhancements
- RIPng with VRRPv2.
- SNMP enhancements for routing.
- BGP 4-Byte AS and Local AS.
VSX Enhancements
- 64-bit support for VSX Gateways, increasing concurrent connections capacity.
- Content Awareness for VSX Gateways.
ClusterXL Enhancements
- The MAC Magic value is acquired automatically and is backward compatible with gateways that were configured manually in earlier versions.
- For VSX Clusters in Virtual System Load Sharing (VSLS), Backup members can communicate with external networks and receive updates, in addition to Active and Standby members.
- Connectivity Upgrades now support synchronization of Dynamic Routing.

Management Enhancements

These enhancements were first introduced in R80.

Multi-Domain Security Management
- Unified architecture and management console for Security Management and Multi Domain Security Management.
- New and improved views for Domain management and Global Assignment.
Role-based & Concurrent Administration - Several administrators can work in parallel on the same security policy, with granular and flexible privilege delegation to each administrator.
- A new advanced locking mechanism ensures administrators do not overwrite each other's work.
- Rich administrator profiles for exact privileges each administrator will have, including managing specific policies or network segments, viewing specific logs, and conducting security operations, such as installing policy.
Secured Automation and Orchestration - CLI and API for security management enables full integration with 3rd party systems and automation of daily operations. Automation and SmartConsole management operations are allowed based on the same privilege profile.
Faster Day to Day Operations
- Integrated logging to see all logs related to a rule in the same screen.
- Detailed rule information of who created the rule and when, hit counts, and user-defined data, such as ticket numbers.
- Enhanced search capabilities to quickly find any rule or object in the system.
- Enhanced Management High Availability synchronizes only changes between servers, significantly improving efficiency.
Next Generation Logs, Events and Reports
- Analyze hundreds of millions of logs per day with graphical views and reports, customized to address specific requirements.
- Logging, monitoring, and report aspects also available in the Web-based interface.
- Free-text search of logs and events with auto-suggest and favorites, with results in seconds.
New and Enhanced Revision Management Capabilities
- Built-in automatic policy revision.
- Install a specific version of policies.
- Change to a specific version of IPS package.
Cloud Demo - Experience R80.10 management scenarios on any computer. See sk103431.
CloudGuard Controller - Natively integrates with the leading private and public cloud platforms: VMware vCenter & NSX, CISCO ACI, Amazon Web Services (AWS), Microsoft Azure, and OpenStack.
CloudGuard Controller provides dynamic security policy and visibility, which automatically adapts to changes in the cloud environments. This provides simple automated security across physical, virtual, and cloud environments, from a single unified management solution.

Behavior Changes

Management
- Management API commands and the SmartView Web-based interface replace the Management Portal. Use the API commands to install a policy and show a list of Gateways & Servers. Use SmartView to see logs.
- The new tags for objects replace the renaming of object colors. You can name a tag according to a color. The tags make it easier to manage objects in SmartConsole.
- New and improved management abilities replace the Database Revision function. To learn about the enhanced Revisions Management in R80 and higher, see sk113615.
- The mdsstop and mdsstart commands on the Multi-Domain Server are the only way to start and stop Domain Management Servers function. Most Domain Management Server components are handled in one process. This reduces memory consumption and CPU usage.
- Improved verification process of the Rule Base when installing a policy. Therefore, Security Policies, which passed the verification process before the upgrade, may fail after the upgrade. If you get a verification error message after the upgrade, fix the rules manually.
  Note - You can do an upgrade simulation using the R80.10 Upgrade Verification and Environment Simulation Service. The service notifies you about possible policy verification failure.
Logs, Events, and Reports
- The Logs tab of the SmartConsole Logs & Monitor view replaces SmartLog and SmartView Tracker. The Logs tab allows you to search through logs with simple and fast searches. Search results are fast and immediately show the log records.
- SmartEvent replaces SmartReporter and SmartEvent Intro.
- Scheduled reports have been integrated to SmartConsole, and are no longer available from SmartEvent legacy GUI.
Threat Prevention and IPS
- The new IPS Optimized Profile replaces the Recommended Profile with excellent security and improved Security Gateway performance. When upgrading with the Recommended Profile, we recommend that you change to the Optimized Profile.
- Additional granularity in Threat Prevention permission profiles - Set permissions for IPS Updates.
- User Center authentication is synchronized with Management Servers to allow IPS and Threat Prevention updates without explicit login to the User Center. This applies only to users with permissions to run updates.
- New IPS Protections are marked as "Staging" by default. The Staging configuration can be changed from the Threat Prevention profile > IPS. You can search and filter Staging protections from the Protections view, and see corresponding logs. This replaces the follow up flag.
Software Blades
- Session Authentication and UserAuthority are replaced by Identity Awareness.
- Overviews, which were part of the Threat Prevention and Application Control tabs in R77 versions, are now shown in the Logging and Monitoring view. This requires SmartEvent activation and license.
- VPN Traditional Mode is replaced by VPN Simplified Mode.

Licensing

For all licenses issues contact Account Services.

Supported Upgrade Paths

CPUSE is the installation and upgrade method supported for this release. To learn more about CPUSE, see sk92449.

Upgrade with the Supported Methods for your current installation.

From R80 to R80.10:

Component	Supported Methods
Security Management Server	CPUSE Upgrade CPUSE Clean Install
Multi-Domain Server	CPUSE Upgrade CPUSE Clean Install

From R75.40, R75.45, R75.46, R75.47, R75.40VS, R76, R77, R77.10, R77.20, R77.30 to R80.10:

Component	Supported Methods
Security Management Server	CPUSE Upgrade CPUSE Clean Install Advanced Database Migration
Multi-Domain Server
Security Gateway	CPUSE Upgrade CPUSE Clean Install
VSX	CPUSE Upgrade (from R77 only) Earlier versions: Use instructions in sk101518
CloudGuard Controller	CPUSE Upgrade (from R77.30 only)

To upgrade from R77.20 or R77.30 with the Add-on: It is not necessary to uninstall the Add-on. Remove these unsupported features: Modbus support with the Application Control Software Blade, "SAML" Cloud Connector for web based single sign on.

Note: User Defined reports will be migrated during the upgrade to the SmartConsole reports. Report Scheduling and email server definitions will not be migrated and need to be defined.

Required Disk Space

Required Disk Space for Security Management Server, Security Gateway, or Standalone:

Before installation or upgrade, CPUSE verifies that enough free disk space is available. If the space available is not sufficient, a message shows what is required.

This table shows the disk space required for some packages.

Installation or Upgrade Type	Management Server or Standalone, Security Gateway or Cluster Member
R80.10 Clean Install or R80.10 Major Upgrade	The minimum required unpartitioned disk space is the highest value of one of these: Size of the current partition. The used space in the current root partition. If the used space is more than 90% of the root partition, then 110% of the size of the current root partition.
R80.10 Minor Upgrade from R80	3.3GB in root partition, and 2.2GB in log partition Not relevant for Security Gateway

Installation or Upgrade Type

Management Server or Standalone, Security Gateway or Cluster Member

R80.10 Clean Install

R80.10 Major Upgrade

The minimum required unpartitioned disk space is the highest value of one of these:

Size of the current partition.
The used space in the current root partition.
If the used space is more than 90% of the root partition, then 110% of the size of the current root partition.

R80.10 Minor Upgrade from R80

3.3GB in root partition, and 2.2GB in log partition

Not relevant for Security Gateway

If you do not have enough disk space, you can use the Logical Volume Manager (lvm) to increase the disk space of logical volumes on Gaia.

This space is taken from the unallocated disk space, which is usually used for snapshots and upgrades. See sk95566

Required Disk Space for Multi-Domain Server:

Before you run a clean install of R80.10 on Multi-Domain Servers, make sure that at least 10 GB of free disk space in the root partition is available. For an environment with many Domain Management Servers, more than 10 GB of free disk space is often required.

Check Point Appliances

Standalone and Management Servers boot by default with 64-bit on clean install and upgrade to R80.10.

Note - If you revert an R80.10 upgrade, the appliance will still boot with 64-bit, even if it was originally 32-bit.

Management Servers

Component	Smart-1 25b, 205, 210, 225, 405, 410	Smart-1 50, 150, 3050, 3150
Security Management Server	ü	ü
Log Server	ü	ü
SmartEvent Server	ü	ü
Multi-Domain Server		ü
Multi-Domain Log Server		ü

Smart-1 Appliances

Appliance	Management	Management + Log Server	Management + Log Server + SmartEvent
Gen V Smart-1 (405, 410, 525)	ü	ü	ü
Smart-1 225, 3050, 3150	ü	ü	ü
Smart-1 210 (16GB RAM)	ü	ü	ü
Smart-1 210 (8GB RAM)	ü	ü
Smart-1 205 (16GB RAM)*	ü	ü	ü
Smart-1 205 (4GB RAM)*	ü
Smart-1 150 (16GB / 32GB RAM)	ü	ü	ü
Smart-1 150 (8GB RAM)*	ü	ü
Smart-1 50 (16GB / 32GB RAM)	ü	ü	ü
Smart-1 50 (4GB)*	ü
Smart-1 25B*	ü

* These Smart-1 appliances with default memory can run Security Management OR Log Server OR SmartEvent.

Security Gateway and Standalone (Gateway + Management)

The model numbers in this table are for the series of appliances that support R80.10.

Appliance Series	Security Gateway	Standalone (Gateway + Management)
2200	ü
3000	ü	ü
4000	ü	*
5000	ü	ü
12000	ü	12600*
13000	ü	ü
15000	ü	ü
21000	ü	ü
23000	ü	ü

* The 4200 appliance does not support a Standalone deployment.
These appliance models do not support a Standalone deployment with their default RAM (4GB): 4400, 4600, 4800, 12200, and 12400.
Upgrade these models to at least 8 GB RAM to support a Standalone deployment.

Threat Emulation

TEX100x, TEX250x, TEX1000X and TEX2000x appliances are fully supported with R80.10 Jumbo Hotfix Accumulator Take 154 and higher.

Open Server Hardware Recommendations

R80.10 servers are designed to utilize available hardware resources efficiently to maximize performance and scalability. We recommend that you leverage this advantage and use the most powerful hardware available to get the best performance.

Component	Security Gateway	VSX Gateway	Security Management Server / Standalone	Multi-Domain Server
Processor	Intel Pentium IV, 2 GHz or equivalent	Intel Pentium IV, 2 GHz or equivalent	Intel Pentium IV, 2.6 GHz or equivalent	Dual Socket 2x Xeon E5-2609v2 4 cores, 2.5 GHz or equivalent
Total CPU Cores	2	2	2	8
Memory	4 GB RAM	4 GB RAM	6 GB RAM	32 GB RAM
Free Disk Space	15 GB	12 GB + 1 GB per VS	500 GB (Installation includes OS)	1 TB (Installation includes OS)

Maximum Supported Physical Memory

Check Point Product	Physical RAM Limit
Security Management Server, or Multi-Domain Security Management	512 GB
Security Gateway, or Cluster Member	256 GB

Supported Platforms

Component	Red Hat Enterprise Linux*	VMware ESXi	Microsoft Hyper-V
Security Management Server	5.5, 6.8, 7.3	5.x, 6.x	Windows 2012 R2
Multi-Domain Server	5.5, 6.8, 7.3	5.x, 6.x	Windows 2012 R2
Security Gateway	Not supported	5.x, 6.x ***	Not certified Certified for *

Component

Red Hat Enterprise Linux*

VMware ESXi

Microsoft Hyper-V

Security Management Server

5.5, 6.8, 7.3

5.x, 6.x

Windows 2012 R2

Multi-Domain Server

5.5, 6.8, 7.3

5.x, 6.x

Windows 2012 R2

Security Gateway

Not supported

5.x, 6.x

***

Not certified**

Certified for ***

* To install R80.10 on Linux, contact Check Point Support.

** For the most updated information about Microsoft Hyper-V, see the Virtual Machines section of the Hardware Compatibility List.

*** Check Point CloudGuard IaaS Virtual Edition (VE) is supported with 1 core systems and 4G RAM for a Security Gateway on ESXi, Hyper-V and KVM with Firewall and NGTP.

Build Numbers

Software Blade / Product	Build Number	Verifying Build Number
Gaia	479	`show version all`
Security Gateway	439	`fw ver`
Security Management	192	`fwm ver`
Multi-Domain Server	237	`fwm mds ver`
SmartConsole	991140073	Menu > About Check Point SmartConsole

Supported Backward Compatibility Gateways

R80.10 Management Servers can manage Security Gateways of these versions:

Gateway Type	Release Version
Security Gateway	R75.20, R75.30, R75.40, R75.45, R75.40VS, R75.46, R75.47, R76 R77, R77.10, R77.20, R77.30
VSX Gateway	R75.40VS and higher

R80.10 Management Servers can manage appliance Security Gateways of these versions:

Appliance	Release Version
Security Gateway 80	R75.20.x
UTM-1 Edge N	8.1 and higher
1100 Appliances	R75.20.x, R77.20.x
1200R Appliances	R77.20.x
1400 Appliances	R77.20.x
60000/40000 Scalable Platforms	R76SP, R76SP.10, R76SP.20, R76SP.30, R76SP.40 for 61000/41000 R76SP.50 for 61000/41000 and 64000/44000

Maximum Supported Number of Interfaces on Security Gateway

The maximum number of interfaces supported (physical and virtual) is shown in this table.

Mode	Max # of Interfaces	Notes
Security Gateway	1024	Non-VSX
VSX Gateway	4096	Includes VLANs and Warp Interfaces

Note - This table applies to Check Point Appliances and Open Servers.

Maximum Supported Number of Cluster Members

Cluster Type	Maximum Supported Number of Cluster Members
ClusterXL	5
Virtual System Load Sharing	13

Hardware Health Monitoring

R80.10 supports these Hardware Health Monitoring features for Gaia Check Point appliances:

RAID Health: Use SNMP to monitor the health of the disks in the RAID array, and be notified of volume and disk states.
Hardware Sensors: Use the Gaia Portal or SNMP to monitor fan speed, motherboard voltages, power supply health, and temperatures. Some open servers are supported with an IPMI interface card that requires an IPMI card.

Check Point Appliances

Smart-1

SNMP Hardware sensor monitoring (polling and traps)

ü

Gaia Portal hardware sensor monitoring

ü

RAID monitoring with SNMP

ü

Open Servers:

Hardware Sensors: Use the Gaia Portal or SNMP to monitor fan speed, motherboard voltages, power supply health, and temperatures. Some open servers are supported with an IPMI interface card that requires an IPMI card.

Note - IPMI is an open standard. We cannot guarantee the Hardware Health Monitoring performance on all systems and configurations.

Logging Requirements

Storing Logs

Logs can be stored on:

A Security Management Server that collects logs from the Security Gateways. This is the default.
A Log Server on a dedicated machine. This is recommended for organizations that generate many logs.

A dedicated Log Server has greater capacity and performance than a Security Management Server with an activated logging service. On dedicated Log Servers, the Log Server must be the same version as the Management Server.

SmartEvent Requirements

You can install a SmartEvent Server on a Security Management Server or on a different, dedicated server. SmartEvent R80.10 can connect to a different version of Log Server - R77.xx or earlier.

Usually SmartEvent and a SmartEvent Correlation Unit are installed on the same server. You can also install them on separate servers, for example, to balance the load in large logging environments. The Correlation unit must be the same version as SmartEvent.

To deploy SmartEvent and to generate reports, a valid license or contract is required.

SmartConsole Requirements

Hardware Requirements

This table shows the minimum hardware requirements for SmartConsole applications:

Component	Minimal Requirement
CPU	Intel Pentium Processor E2140, or 2 GHz equivalent processor
Memory	4 GB
Available Disk Space	2 GB
Video Adapter	Minimum resolution: 1024 x 768

Software Requirements

SmartConsole is supported on:

Windows 10 (all editions), Windows 8.1 (Pro), and Windows 7 (SP1, Ultimate, Professional, and Enterprise)
Windows Server 2016, 2012, 2008 (SP2), and 2008 R2 (SP1)

Gaia Portal Requirements

The Gaia Portal supports these web browsers:

Browser	Supported Versions
Google Chrome	14 and higher
Microsoft Internet Explorer	8 and higher (If you use Internet Explorer 8, file uploads through the Gaia Portal are limited to 2 GB)
Microsoft Edge	Any
Mozilla Firefox	6 and higher
Apple Safari	5 and higher

Threat Emulation Requirements

The Threat Emulation requirements are different based on the emulation location:

ThreatCloud - Gaia operating system (64 or 32-bit)
Local or Remote emulation - Threat Emulation Private Cloud Appliance on the Gaia operating system (64-bit only)

Mobile Access Requirements

OS Compatibility

Endpoint OS Compatibility	Windows	Linux	Mac	iOS	Android
Mobile Access Portal	ü	ü	ü	ü	ü
Clientless access to web applications (Link Translation)	ü	ü	ü	ü	ü
Compliance Scanner	ü	ü	ü
Secure Workspace	ü
SSL Network Extender - Network Mode	ü	ü	ü
SSL Network Extender - Application Mode	ü
Downloaded from Mobile Access applications	ü	ü	ü
Clientless Citrix	ü	ü	ü
File Shares - Web-based file viewer (HTML)	ü	ü	ü	ü	ü
Web mail	ü	ü	ü	ü	ü

Browser Compatibility

Endpoint Browser Compatibility	Microsoft Internet Explorer	Microsoft Edge	Google Chrome	Mozilla Firefox	Apple Safari	Opera for Windows
Mobile Access Portal	ü	ü	ü	ü	ü	ü
Clientless access to web applications (Link Translation)	ü		ü	ü	ü	ü
Compliance Scanner	ü		*ü	ü	ü
Secure Workspace	ü		*ü	ü
SSL Network Extender - Network Mode	ü		*ü	ü	ü
SSL Network Extender - Application Mode	ü	ü	*ü	ü
Downloaded from Mobile Access applications	ü		ü	ü	ü
Clientless Citrix	ü			ü
File Shares - Web- based file viewer (HTML)	ü	ü	ü	ü	ü	ü
Web mail	ü		ü	ü	ü	ü

* Google Chrome support for Mobile Access Portal on-demand clients, such as SSL Network Extender, Secure Workspace, and Endpoint Security on Demand, requires Java JRE 32-bit installed on the end-user's computer.

Identity Awareness Requirements

Identity Agents
See Clients and Agents Support by Windows Platform and Clients and Agents Support by Mac Platform for:
- Identity Agent (Light and Full)
- Identity Agent for Terminal Servers
AD Query
Active Directory for AD Query is supported on:
Microsoft Windows Server 2003, 2008, 2008 R2, 2012.

Endpoint Security Requirements

These are the minimum requirements to enable Endpoint Policy Management on a Security Management Server:

Component	Requirement on all Supported Operating Systems
Number of CPU Cores	4
Memory	8GB RAM
Disk Space	100GB

Endpoint Security Management Servers are supported on management-only computers or appliances. Standalone (Security Gateway + Management) deployment is not supported.
Endpoint Security Management Servers are not supported on Red Hat Enterprise Linux releases.
R80.10 Endpoint Security Management Servers can manage E80.62, E80.64, E80.65, E80.70 and E80.71 Endpoint Security Clients for Windows, and E80.64 Endpoint Security Client for Mac.

For more information, see the R80.10 Endpoint Security Administration Guide and Endpoint Security Client User Guides for your version.

Check Point Clients and Agents Support

Multiple Login Option Support

This release adds multiple login options per Security Gateway with multi-factor authentication schemes, for users of different clients and the Mobile Access portal. For example, configure an option to authenticate with Personal Certificate and Password, or Password and DynamicID for SMS or email.

These features are supported when connected with to an R80.10 gateway that has IPsec VPN or Mobile Access enabled.

Supported Client or Portal	Lowest Supported Version
Mobile Access Portal	R80.10
Capsule Workspace for iOS	1002.2
Capsule Workspace for Android	7.1
Remote Access Clients - Standalone clients	E80.65
Remote Access VPN Blade of the Endpoint Security Suite	E80.65

See the R80.10 Mobile Access Administration Guide or the R80.10 Remote Access VPN Administration Guide for details.

Clients and Agents Support by Windows Platform

Microsoft Windows 7 higher

In this table, Windows 7 support is true for Ultimate, Professional, and Enterprise editions. Windows 8 support is true for Professional and Enterprise editions. All the marked consoles and clients support 32-bit and 64-bit, unless the table shows 32-bit only.

Check Point Product	Windows 7 (+SP1)	Windows 8	Windows 8.1	Windows 10*
Remote Access clients E75.x/E80.x	ü	ü	ü	ü (E80.62 and higher)
Capsule VPN Plug-in			ü	ü
SSL Network Extender	ü	ü	ü	ü
UserCheck Client	ü	ü		ü
Identity Agent (Light and Full)	ü	ü	ü	ü
Identity Agent for Terminal Servers	ü	ü	ü	ü
SecureClient	ü (32-bit only)

*For supported Windows 10 builds, see Windows 10 Support.

Note - Identity Agent for Terminal Servers is also supported on Citrix version 6.

Microsoft Windows XP and Vista

Check Point Product	XP Home (SP3) 32-bit	XP Pro (SP3) 32-bit	Vista (SP2) 32-bit	Vista (SP1) 64-bit
Remote Access clients E75.x	ü	ü	ü	ü
SSL Network Extender	ü	ü	ü	ü
UserCheck Client		ü	ü
Identity Agent (Light and Full)	ü	ü	ü	ü
Identity Agent for Terminal Servers				ü
SecureClient	ü	ü	ü

Microsoft Windows Server

Check Point Product	Server 2003 (SP2) 32-bit	Server 2008 (SP1 / SP2) 32 / 64 bit	Server 2008 R2 (+SP1)	Server 2012	Server 2012 R2 64-bit
UserCheck Client	ü	ü
DLP Exchange Agent	ü	ü	ü	ü
Identity Agent for Terminal Servers	ü	ü	ü	ü	ü

Note: DLP Exchange Agent supports Microsoft Exchange Server 2007 and 2010 on Windows Servers 64-bit. A 32-bit version is available for demonstration or educational purposes. DLP Exchange Agent supports Microsoft Exchange Server 2013 on Windows Server 2012 64-bit.

Clients and Agents Support by Mac Platform

Check Point Product	Mac OS X 10.6	Mac OS X 10.7	Mac OS X 10.8
Identity Agent (Light and Full)	32-bit / 64-bit	32-bit / 64-bit	64-bit
Endpoint Security VPN E75 or higher	32-bit / 64-bit	32-bit / 64-bit	64-bit
Endpoint Security Client E80.40 or higher	32-bit / 64-bit	32-bit / 64-bit	64-bit
SecureClient	32-bit	32-bit	No

DLP Exchange Agent Support

The R80.10 DLP Exchange Agent is supported on:

Windows Server	Exchange Server
2012 R2 64-bit	2010, 2013
2016 64-bit	2016

For earlier server versions, use the R77.30 DLP Exchange Agent.

Check Point Appliances	Smart-1
SNMP Hardware sensor monitoring (polling and traps)	ü
Gaia Portal hardware sensor monitoring	ü
RAID monitoring with SNMP	ü