Supported Environments

Management Servers boot by default with 64-bit GaiaClosed Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. kernel after a clean installation or upgrade to R81.20.

Notes:

  • If you revert from the R81.20 upgrade, the appliance boots with the 64-bit Gaia kernel, even if it was originally 32-bit.

  • For documentation about Check Point Appliances appliances, see sk96246.

  • Refer to the Support Life Cycle Policy page for more information and announcements.

Management Server and Log Server

These platforms support R81.20 in the Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. and Log ServerClosed Dedicated Check Point server that runs Check Point software to store and process logs. configurations:

Product and Supported Platforms

Check Point Product

Smart-1 5050, 5150,

6000-L, 6000-XL

Smart-1 405, 410, 525,

625, 600-S, 600-M

Open Servers

Virtual Machines (*)

Security Management Server

Endpoint Security Management Server

Log Server

SmartEvent Server

Multi-Domain Security Management Server

Multi-Domain Log Server

(*) Applies to Public Cloud and to Private Cloud. See the Hardware Compatibility List > Section Virtual Machines.

Platforms and Supported Products

Platforms

SK

Management

Management +

Log Server

Management +

Log Server +

SmartEvent

Smart-1 6000-L, Smart-1 6000-XL

sk171903

Smart-1 600-S, Smart-1 600-M

sk171903

Smart-1 5050, Smart-1 5150

sk120453

Smart-1 625

sk157153

Smart-1 525

sk120453

Smart-1 405, Smart-1 410

sk117578

Open Servers

N / A

Virtual Machines (*)

N / A

(*) Applies to Public Cloud and to Private Cloud. See the Hardware Compatibility List > Section Virtual Machines.

Management High Availability:

You can configure Check Point Management High AvailabilityClosed Deployment and configuration mode of two Check Point Management Servers, in which they automatically synchronize the management databases with each other. In this mode, one Management Server is Active, and the other is Standby. Acronyms: Management HA, MGMT HA. between on-premises Management Servers and Management Servers in a cloud.

You must make sure the required Check Point traffic can flow between the on-premises servers and the servers in the cloud.

For Management High Availability restrictions, see sk39345.

Security Gateway or Cluster

These platforms support R81.20 in the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. or ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. configuration:

Platforms

SK

Security Gateway,

Cluster

MLS200, MLS400 (1)

sk176466

QLS250, QLS450, QLS650, QLS800 (1)

sk176466

29100, 29200 (2)

sk180520

28600HS

sk152733

26000, 26000T

sk152733

23500, 23800, 23900

sk107516

19100, 19200 (2)

sk180520

16000, 16200, 16600HS, 16600T

sk152733

15400, 15600

sk107516

9100, 9200, 9300, 9400, 9700, 9800 (3)

sk181698

7000

sk139932

6200, 6400, 6500, 6600, 6700, 6800, 6900

sk139932

5100, 5200, 5400, 5600, 5800, 5900

sk110053

3100, 3200, 3600, 3800

sk110052

64000, 44000 (4)

sk65305

Open Servers

N / A

Virtual Machines (5)

N / A

  1. R81.20 does not support the Hardware Acceleration on these appliance models. See sk179432 and sk176466.

  2. The 19000 and 29000 appliances require a dedicated R81.20 image.

    See the Downloads section in sk180520.

  3. The 9000 appliances require a dedicated R81.20 image.

    See the Downloads section in sk181698.

  4. R81.20 supports only SSM440 and SGM400 in Scalable ChassisClosed The container that contains the all the components of a 60000 / 40000 Appliance. Synonym: Chassis..

  5. Applies to Public Cloud and to Private Cloud. See the Hardware Compatibility List > Section Virtual Machines.

Standalone and Full High Availability

Only these platforms support R81.20 in the StandaloneClosed Configuration in which the Security Gateway and the Security Management Server products are installed and configured on the same server. (Gateway + Management Server) configuration or Full High Availability Cluster configuration:

Platforms

SK

Standalone

23500, 23800, 23900

sk107516

(1)

16000, 16200, 16600T

The model 16600HS does not support Standalone

sk152733

15400, 15600

sk107516

(1)

9100, 9200, 9300, 9400, 9700, 9800 (2)

sk181698

7000

sk139932

6200, 6400, 6600, 6700, 6900

The models 6500, 6800 do not support Standalone

sk139932

5900

sk110053

5100, 5200, 5400, 5600, 5800

sk110053

(1)

3100, 3200, 3600, 3800

sk110052

Open Servers

N / A

Virtual Machines (3)

N / A

  1. These appliance models support Standalone only with the HDD storage.

    These appliance models do not support Standalone with the SSD storage.

    1. Connect to the command line.

    2. Log in to the Expert mode.

    3. Get the list of disk device names:

      fdisk -l | grep '/dev/'

      In the output, refer to the name of the disk device (sda, sdb, and so on).

    4. Run this command for your disk device (sda, sdb, and so on):

      cat /sys/block/<DISK_DEVICE_NAME>/queue/rotational

      Example:

      cat /sys/block/sda/queue/rotational

    5. The returned value:

      • 1 - means this disk is HDD

      • 0 - means this disk is SSD

  2. The 9000 appliances require a dedicated R81.20 image.

    See the Downloads section in sk181698.

  3. Applies to Public Cloud and to Private Cloud. See the Hardware Compatibility List > Section Virtual Machines.

  4. It is not supported to enable the SmartEvent Software BladeClosed Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. on any cluster memberClosed Security Gateway that is part of a cluster. in Full High Availability Cluster configuration.

Threat Emulation Appliances

Platform

SK

Security Gateway,

Cluster

TE2000XN

sk173494

TE2000X

sk106210

TE1000X

sk106210

TE250XN (*)

sk173494

TE250X

sk106210

TE100X

sk106210

(*) This appliance model does not support R81.20. See sk173494.

Quantum Maestro

Quantum Maestro OrchestratorClosed A scalable Network Security System that connects multiple Check Point Security Appliances into a unified system. Synonyms: Orchestrator, Quantum Maestro Orchestrator, Maestro Hyperscale Orchestrator. Acronym: MHO. models MHO-140, MHO-170, and MHO-175 fully support the R81.20 release. See sk177624.

For the list of supported Security Appliances in a Maestro Security GroupClosed A logical group of Security Appliances (in Maestro) / Security Gateway Modules (on Scalable Chassis) that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances / Security Gateway Modules. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. In Maestro, each Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected., see sk162373.

User Space Firewall (USFW)

Security Gateways on these platforms run in the User Space Firewall mode by default:

Platform

SK

USFW

MLS200, MLS400

sk176466

QLS250, QLS450, QLS650, QLS800

sk176466

29100, 29200 (1)

sk180520

28000, 28600HS

sk152733

26000, 26000T

sk152733

23900

sk107516

19100, 19200 (1)

sk180520

16000, 16000T, 16200, 16600HS

sk152733

9100, 9200, 9300, 9400, 9700, 9800 (2)

sk181698

7000

sk139932

6200B, 6200P, 6200T, 6400, 6600, 6700, 6900

sk139932

3600, 3600T, 3800

sk110052

Open Servers (3)

N / A

Virtual Machines (4)

N / A

CloudGuard Network Security for Public Cloud (5)

N / A

CloudGuard Network Security for Private Cloud (5)

N / A

  1. The 19000 and 29000 appliances require a dedicated R81.20 image.

    See the Downloads section in sk180520.

  2. The 9000 appliances require a dedicated R81.20 image.

    See the Downloads section in sk181698.

  3. Open ServerClosed Physical computer manufactured and distributed by a company, other than Check Point. must have 40 or more CPU cores.

  4. Virtual Machine must have 40 or more virtual CPU cores. Applies to Public Cloud and to Private Cloud.

  5. CloudGuard Network Virtual Machines support USFW regardless of the number of available CPU cores.

Notes:

  • Security Gateways on all other Check Point appliance models run in the Kernel Space Firewall (KSFW) mode by default.

  • You can change the configuration from the Kernel Space Firewall (KSFW) mode to the User Space Firewall mode on these Check Point appliance models (see sk167052):

    • 23800

    • 15400, 15600

    • 6500, 6800

    • 5400, 5600, 5800, 5900

Virtualization Platforms

For the most up-to-date information about the supported Linux versions and virtualization platforms, see the Hardware Compatibility List > Section Virtual Machines.

Cloud Platforms

Supported setups for cloud solutions: