What's New

Introduction

Welcome to Check Point Quantum R81.10, the industry's most advanced Threat Prevention and Security Management software for network security that delivers uncompromising simplicity and consolidation. R81 introduced the first Autonomous Threat Prevention system that provides fast, self-driven policy creation and one-click security profiles, keeping policies always up to date. Policies install in seconds, upgrades require only one click, and the gateways can simultaneously upgrade in minutes. R81.10 brings a major improvement in operational security efficiency across the Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server.'s reliability, performance, and scale. Critical operations such as APIs, High AvailabilityClosed A redundant cluster mode, where only one Cluster Member (Active member) processes all the traffic, while other Cluster Members (Standby members) are ready to be promoted to Active state if the current Active member fails. In the High Availability mode, the Cluster Virtual IP address (that represents the cluster on that network) is associated: (1) With physical MAC Address of Active member (2) With virtual MAC Address (see sk50840). Synonym: Active/Standby. Acronym: HA. synchronization, and login are more reliable and faster than ever. In addition, the SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. is automatically updated with the latest fixes and improvements. R81.10 adds new dynamic log distribution to add Log ServerClosed Dedicated Check Point server that runs Check Point software to store and process logs. capacity on demand. And as part of Scalable Platforms, R81.10 brings a unique mix and match ability to leverage different Quantum Security Gateways within a single Quantum Maestro orchestration.

Quantum Security Gateway and Gaia

Maestro Hyperscale
VSX

Configure bridge and multi-bridge interfaces on a regular Virtual Systems (VS) not in Bridge ModeClosed Security Gateway or Virtual System that works as a Layer 2 bridge device for easy deployment in an existing topology.. Now you can use features that require an IP address to work, such as Identity Awareness, Threat EmulationClosed Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE., UserCheckClosed Functionality in your Security Gateway or Cluster and endpoint clients that gives users a warning when there is a potential risk of data loss or security violation. This helps users to prevent security incidents and to learn about the organizational security policy. Web Portal and Captive PortalClosed A Check Point Identity Awareness web portal, to which users connect with their web browser to log in and authenticate, when using Browser-Based Authentication..

IPsec VPN

VPN performance enhancements - Site to Site VPN and Remote Access clients are now handled by two different processes.

Clustering

Use a loopback interface with Dynamic Routing in ClusterXLClosed Cluster of Check Point Security Gateways that work together in a redundant configuration. The ClusterXL both handles the traffic and performs State Synchronization. These Check Point Security Gateways are installed on Gaia OS: (1) ClusterXL supports up to 5 Cluster Members, (2) VRRP Cluster supports up to 2 Cluster Members, (3) VSX VSLS cluster supports up to 13 Cluster Members. Note: In ClusterXL Load Sharing mode, configuring more than 4 Cluster Members significantly decreases the cluster performance due to amount of Delta Sync traffic. environments.

Access Control

Tighten your policy and reduce the risk of human error through Access Control Rule BaseClosed All rules configured in a given Security Policy. Synonym: Rulebase. settings and defaults. Watch the video.

Note - The new defaults apply only to new R81.10 installations. Upgraded environments can use this feature but the default behavior from previous versions is kept.

Advanced Routing
Gaia Operating System
ISP Redundancy

Extended support for a maximum of 10 ISP links.

Threat Extraction

Automatic Threat ExtractionClosed Check Point Software Blade on a Security Gateway that removes malicious content from files. Acronym: TEX., Threat Extraction security improvements, and new features are automatically downloaded and applied without the need for human intervention.

Identity Awareness

AES encryption type configuration for Kerberos Ticket Encryption Methods is now available through SmartConsole. For more information see sk111945.

Quantum Security Management

Security Management Servers enhancements
Management REST API
  • New export, import, and upgrade Management APIs for primary Security Management Servers or Multi-Domain Servers.

  • Unified Management API commands for:

    • Domain export and backup

    • Domain import and restore

  • SmartLSM - REST API commands to simplify the creation of SmartLSM Gateways.

SmartConsole

Automatic updates - SmartConsole detects and installs client updates for the same major version. For more information, see sk171315.

Logging and Monitoring
Management High Availability
Multi-Domain Server

IoT Controller support for Multi-Domain Security Management.

SmartLSM

Use group object, Multiple IP addresses and IP ranges in LSM profiles

CloudGuard Network Security

Harmony Endpoint

Harmony Endpoint Web Management enhancements to allow these configurations:

Licensing

For all licenses issues contact Check Point Account Services.