What's New

Introduction

Welcome to Check Point’s Cyber Security Platform. R81 is the industry’s most advanced Threat Prevention and security management software that delivers uncompromising simplicity and consolidation across the enterprise. Whether it is deploying the latest technologies and security to protect the organization or expertly crafting security policies Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection., R81 new features include: Infinity Threat Prevention, the industry’s first autonomous Threat Prevention system that provides fast, self-driven policy creation and one-click security profiles keeping policies always up to date. Policies are installed in seconds, upgrades require only one click, and gateways can be simultaneously upgraded in minutes. R81 further features secure connectivity for encrypted traffic utilizing the latest standards including TLS 1.3 and HTTP/2. In addition, the Scalable Platform software is now aligned with the R81 Cyber Security Platform bringing feature parity to Check Point Maestro.

Infinity Threat Prevention

Infinity Threat Prevention is an innovative management model that:

• Provides zero-maintenance protection from zero-day threats, and continuously and autonomously ensures that your protection is up-to-date with the latest cyber threats and prevention technologies.

• Empowers administrators with out-of-the-box policy profiles based on business and IT security needs.

• Streamlines the configuration and deployment of policy profiles across gateways.

• Provides simple and powerful customization to best serve your organization’s needs.

Threat Prevention

• Manage your custom intelligence feeds through SmartConsole. Add, delete or modify IoC Indicator of Compromise. Artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Typical IoCs are virus signatures and IP addresses, MD5 hashes of Malware files, or URLs or domain names of botnet command and control servers. Identified through a process of incident response and computer forensics, intrusion detection systems and anti-virus software can use IoC's to detect future attacks. feeds fetched by the Security Gateways as well as import files in a CSV or STIX Structured Threat Information eXpression™. A language that describes cyber threat information in a standardized and structured way. 1.x formats.

• Threat Extraction Check Point Software Blade on a Security Gateway that removes malicious content from files. Acronym: TEX. is now supported on ICAP server mode, in addition to Threat Emulation Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE. and Anti-Virus Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV..

• Improved use of IoC feeds based on source IPv4 and IPv6 addresses.

Security Gateway and Gaia

Scalable Platforms are aligned with R81 General Availability and Jumbo Hotfix Software package installed on top of the current software version to fix a wrong or undesired behavior, and to add a new behavior. Accumulators to deliver the latest enhancements and bug fixes and supports most of the new features introduced in R81. See sk169954 for more information.

HTTPS Inspection

• HTTPS Inspection Feature on a Security Gateway that inspects traffic encrypted by the Secure Sockets Layer (SSL) protocol for malware or suspicious patterns. Synonym: SSL Inspection. Acronyms: HTTPSI, HTTPSi. supports the FutureX Hardware Security Module (HSM) by storing outbound HTTPS Inspection cryptographic keys and certificates on the HSM server.

• Implementation of TLS 1.3 for SSL inspection.

  Notes: TLS 1.3 is off by default and is only applicable with User Space Firewall (USFW) is active State of a Cluster Member that is fully operational: (1) In ClusterXL, this applies to the state of the Security Gateway component (2) In 3rd-party / OPSEC cluster, this applies to the state of the cluster State Synchronization mechanism.. For the list of appliances that support USFW, see User Space Firewall (USFW) Hardware Security Module (HSM) is not supported with TLS 1.3

Access Control

• Generic Data Center - Use Generic Data Center Virtual centralized repository, or a group of physical networked hosts, Virtual Machines, and datastores. They are collected in a group for secured remote storage, management, and distribution of data. Objects in the Source and Destination columns of Access Control, NAT, Threat Prevention and HTTPS Inspection rules to enforce access to or from IP addresses defined on external web servers. IP addresses defined in the object are automatically updated without the need for policy installation.

• Support an unlimited number of languages in UserCheck Functionality in your Security Gateway or Cluster and endpoint clients that gives users a warning when there is a potential risk of data loss or security violation. This helps users to prevent security incidents and to learn about the organizational security policy. objects.

Policy Installation

• Accelerated Policy Installation – A new Access Control policy installation flow that optimizes common use-cases and drastically speeds up the installation. The Policy installation is accelerated based on the changes made to the Access Control policy since the last installation. To learn more about Accelerated Policy Installation, see the R81 Security Management Administration Guide.

• Concurrent Security Policy installation - One or more administrators can run multiple installation tasks of different policies on multiple Security Gateways at the same time.

NAT Rule Base

• Support for Domain objects, Updatable objects, Security Zones, Access Roles, and Data Center objects.

• Hit Count in NAT rules.

Identity Awareness

• Azure Active Directory support for Identity Awareness Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. - Use the Identity Awareness Access Role Access Role objects let you configure network access according to: Networks, Users and user groups, Computers and computer groups, Remote Access Clients. After you activate the Identity Awareness Software Blade, you can create Access Role objects and use them in the Source and Destination columns of Access Control Policy rules. picker to authenticate and authorize Azure AD users and groups.

• Identity Awareness nested groups - Discovers all the groups a user belongs to from the branch specified in the LDAP account unit in one query.

• Security ID (SID) support for Identity Awareness - Move users and groups to different LDAP Organizational Units without the need to modify the Access Role Policy.

  Note - Security ID (SID) feature is off by default. Refer to the Security ID topic for more information.

IPsec VPN

• Ability to configure multiple ciphers for external Gateways in a single VPN community. Use granular encryption methods between two specific VPN peers.

• Support for SHA-512 encryption method.

Clustering

Geo-Cluster in HA mode for cloud environments – Supports the configuration of the cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Sync interface An interface on a Cluster Member, whose Network Type was set as Sync or Cluster+Sync in SmartConsole in cluster object. This interface is monitored by cluster, and failure on this interface will cause cluster failover. This interface is used for State Synchronization between Cluster Members. The use of more than one Sync Interfaces for redundancy is not supported because the CPU load will increase significantly due to duplicate tasks performed by all configured Synchronization Networks. Synonyms: Secured Interface, Trusted Interface. on different subnets while allowing L3 communication between the members on the sync interface. L2 connectivity and a trusted network between the cluster members (although still available) is not mandatory anymore.

VSX

• Support for Virtual Routers in VSLS mode.

• Configure Multi-Bridge in VSLS mode.

• Configure bridge interfaces on a regular (non-bridge) Virtual System Virtual Device on a VSX Gateway or VSX Cluster Member that implements the functionality of a Security Gateway. Acronym: VS..

• Use Threat Emulation and Identity Awareness Software Blades on Virtual Systems with a Bridge Interface.

• Configure VSX Gateway Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0. and VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. Cluster objects using Management REST APIs.

• Configure Dynamic Routing VPN through Virtual Tunnel Interface (VTI) in VSX.

• Independent QoS Check Point Software Blade on a Security Gateway that provides policy-based traffic bandwidth management to prioritize business-critical traffic and guarantee bandwidth and control latency., DNS and Proxy server configuration for each Virtual System.

• The vsx_util tool supports a downgrade of VSX objects to earlier versions.

Acceleration

• Enhanced Multi-Queue An acceleration feature on Security Gateway that configures more than one traffic queue for each network interface. Multi-Queue assigns more than one receive packet queue (RX Queue) and more than one transmit packet queue (TX Queue) to an interface. Multi-Queue is applicable only if SecureXL is enabled (this is the default). Acronym: MQ. distribution of IPsec VPN Check Point Software Blade on a Security Gateway that provides a Site to Site VPN and Remote Access VPN access. traffic.

Remote Access VPN

• Significant performance improvements for Remote Access VPN An encrypted tunnel between remote access clients (such as Endpoint Security VPN) and a Security Gateway. clients in Visitor Mode.

• Support for strongSwan IPsec clients on different Linux distributions.

Gaia OS

• Scheduled Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. Snapshots - Use Gaia Scheduled Snapshot to automatically back up and export configuration settings.

• Added support for:

  • The Google Compute Engine virtual Network Interface (gVNIC):

  • Additional tunneling protocols:

    • Virtual Extensible LAN (VXLAN).

    • Generic Routing Encapsulation (GRE).

  • Link Layer Discovery Protocol (LLDP) configuration in Gaia Clish The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell). and Gaia Portal Web interface for the Check Point Gaia operating system..

  • IP conflict detection - Monitor and detect duplicate IP addresses located in the network.

  • Multi-Queue for Management and Sync interfaces.

Gaia REST API

• API to set your device as a Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. / Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. / Multi-Domain Server Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS. / Log Server Dedicated Check Point server that runs Check Point software to store and process logs. in the Gaia First Time Configuration Wizard.

• Control IPv6 status.

Advanced Routing

• Enhancements for additional Dynamic Routing features:

  • OSPFv3 AH authentication for OSPFv3 protocol security.

  • IPv6 route aggregation - Reduces the number of prefixes advertised to neighbor routers to improve performance and scaling.

  • IPv4/IPv6 NAT-pool routes - Configure and redistribute NAT-pool routes to routing protocols.

  • Routing Information Protocol (RIP) route sync.

  • PIM restart capability.

  • BGP support for VxLAN interfaces.

  • Dynamic Routing support for GRE interfaces.

CloudGuard IaaS

CloudGuard Controller

• Data Center Query Objects - Use Data Center Objects to represent multiple Data Centers in the Security Policy when you build queries. This provides easier and more efficient division of the responsibilities to manage Data Centers.

• New Data Centers support:

  • Kubernetes Data Center – Added CloudGuard Controller Provisions SDDC services as Virtual Data Centers that provide virtualized computer networking, storage, and security. support for Kubernetes Clusters. Administrators can now create a Kubernetes-aware security policy for Kubernetes North-South traffic.

  • VMware vCenter version 7.

• CloudGuard Controller can use the system proxy for connections to all Data Centers.

• A new object category in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on.'s object explorer called "Cloud" aggregates all Data Centers, Data Center objects and Data Center queries into one.

CloudGuard Data Centers

Integration of CloudGuard IaaS for East-West deployments using VMware NSX-T.

Security Management

Central Deployment

• Use SmartConsole to:

  • Upgrade Security Gateways and Clusters to a major version.

  • Upgrade VSX Gateways and VSX Clusters.

  • Install offline packages - The Security Gateway does not need to be connected to the Internet - import the installation packages to the Security Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. and distribute them to Security Gateways.

Multi-Domain Server

• Cross-Domain Management Server Search to search for objects across multiple Domain Management Server Virtual Security Management Server that manages Security Gateways for one Domain, as part of a Multi-Domain Security Management environment. Acronym: DMS. databases.

• High Availability for Domain Management Server with the Security Management Server. A Security Management Server can operate as a standby State of a Cluster Member that is ready to be promoted to Active state (if the current Active Cluster Member fails). Applies only to ClusterXL High Availability Mode. or an active Security Management in a Management High Availability Deployment and configuration mode of two Check Point Management Servers, in which they automatically synchronize the management databases with each other. In this mode, one Management Server is Active, and the other is Standby. Acronyms: Management HA, MGMT HA. setup

• Configure a dedicated Log Server and a dedicated SmartEvent server for an individual Domain in a Multi-Domain environment.

Management REST API

• General performance improvement to Management REST API.

• API throttling for login commands, to prevent load on the Security Management Server.

• New API commands for: User Management, Identity Tags, Multi Domain Server, High Availability A redundant cluster mode, where only one Cluster Member (Active member) processes all the traffic, while other Cluster Members (Standby members) are ready to be promoted to Active state if the current Active member fails. In the High Availability mode, the Cluster Virtual IP address (that represents the cluster on that network) is associated: (1) With physical MAC Address of Active member (2) With virtual MAC Address. Synonym: Active/Standby. Acronym: HA., Automatic Purge, and much more. See the Check Point Management API Reference for more information.

• Use the Security Management Server to run REST API commands on a gateway.

SmartConsole

• Support for multiple TACACS servers to utilize redundancy when administrators authenticate to SmartConsole.

• Changes Report – Generate a report Summary of network activity and Security Policy enforcement that is generated by Check Point products, such as SmartEvent. that lists the changes between two revisions or lists the changes performed during a private session.

• License Management - Administrators can now view, add and delete licenses through SmartConsole.

• Support for CloudGuard Edge configuration in SmartConsole.

SmartEvent

A new MITRE ATT&CK view to investigate security issues according to the MITRE defense models, and extract immediate action items based on the mitigation flow.

Management Server Upgrade

Significant performance improvement in the upgrade process of Security Management Servers from R80.20 (and higher) to R81.

Logging and Monitoring

• New API for log queries to fetch logs through API. Use a single API management command to query for logs or statistics.

• Significant improvement in log indexing, queries and SmartEvent views and reports.

• Export logs with a timestamp of milliseconds, to construct a chain of events more easily and efficiently.

• Log attachment API to automatically fetch log attachments with Log Exporter, or API for logs.

Endpoint Security

• SandBlast Agent Web Management - A new Web-based management interface for Endpoint Threat Prevention components.

  Note - For the best user experience it is recommended to use SandBlast Agent Web Management with Google Chrome.

• Communication with management services remains on the TCP port 443 instead of the TCP port 4434, when you enable the Endpoint Policy Management Check Point Software Blade on a Management Server to manage an on-premises Harmony Endpoint Security environment. Software Blade Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. on the Management Server.

• Anti-Malware support for shared signature locations to support non-persistent VDI environments.

• Manage URL Filtering Check Point Software Blade on a Security Gateway that allows granular control over which web sites can be accessed by a given group of users, computers or networks. Acronym: URLF. capabilities of SandBlast Agent Browser Extension

• Application Control Check Point Software Blade on a Security Gateway that allows granular control over specific web-enabled applications by using deep packet inspection. Acronym: APPI. policy changes - Support multiple versions per product, terminate application and block WSL (Windows Subsystem for Linux).

• New set of Developer Protections for developers computers.

• Compliance Check Point Software Blade on a Management Server to view and apply the Security Best Practices to the managed Security Gateways. This Software Blade includes a library of Check Point-defined Security Best Practices to use as a baseline for good Security Gateway and Policy configuration. integration with Windows Server Update Services (WSUS).

• TACACS authentication for Web Remote Help (WebRH).

• Media Encryption & Port Protection - Import device overrides from a file.