Supported Environments

Management Servers boot by default with the 64-bit Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. kernel after a clean installation or upgrade to R82.

Notes:

If after the upgrade to R82 you revert to the previous version, then Gaia OS boots with the 64-bit Gaia kernel, even if in the previous version the Gaia kernel was 32-bit.
For documentation about Check Point Appliances, see sk96246.
Refer to the Support Life Cycle Policy page for more information and announcements.

Management Server and Log Server

These platforms support R82 in the Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. and Log Server Dedicated Check Point server that runs Check Point software to store and process logs. configurations:

Check Point Product	Smart-1 6000-XL, Smart-1 6000-L, Smart-1 5150, Smart-1 5050	Smart-1 625, Smart-1 600-M, Smart-1 600-S, Smart-1 410, Smart-1 405	Open Servers	Virtual Machines
Security Management Server, Endpoint Security Management Server
Log Server
SmartEvent Server
Multi-Domain Security Management Server
Multi-Domain Log Server

For information about Smart-1 6000-L and Smart-1 6000-XL, see sk171903.
For information about Smart-1 600-S and Smart-1 600-M, see sk171903.
For information about Smart-1 5050 and Smart-1 5150, see sk120453.
For information about Smart-1 625, see sk157153.
For information about Smart-1 405 and Smart-1 410, see sk117578.
"Virtual Machines" apply to Public Cloud and to Private Cloud. See the Hardware Compatibility List > Section Virtual Machines.
Each of these Smart-1 models and platforms can run any combination of these products:
- Management Server and Log Server on the same server
- Management Server and SmartEvent Server Dedicated Check Point server with the enabled SmartEvent Software Blade that hosts the events database. on the same server
- Log Server and SmartEvent Server on the same server
- Management Server and Log Server and SmartEvent Server on the same server

Management High Availability:

You can configure Check Point Management High Availability Deployment and configuration mode of two Check Point Management Servers, in which they automatically synchronize the management databases with each other. In this mode, one Management Server is Active, and the other is Standby. Acronyms: Management HA, MGMT HA. between on-premises Management Servers and Management Servers in a cloud.

You must make sure the required Check Point traffic can flow between the on-premises servers and the servers in the cloud.

For Management High Availability restrictions, see sk39345.

Security Gateway or Cluster

Only these platforms support R82 in the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. or Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. configuration:

Platforms	SK	Security Gateway, Cluster ⁽³⁾	ElasticXL Cluster ^(4,5)
MLS200, MLS400	sk176466
QLS250, QLS450, QLS650, QLS800	sk176466
29100, 29200	sk180520
28000, 28600HS	sk152733
26000, 26000T	sk152733
23500, 23800, 23900	sk107516
19100, 19200	sk180520
16000, 16200, 16600HS, 16600T	sk152733
15400, 15600	sk107516
9100, 9200, 9300, 9400, 9700, 9800	sk181698
7000	sk139932
6200, 6400, 6500, 6600, 6700, 6800, 6900	sk139932
5100, 5200, 5400, 5600, 5800, 5900 The models 5100, 5200 do not support ElasticXL	sk110053
3100, 3200, 3600, 3800	sk110052
64000, 44000 ⁽¹⁾	sk65305
Open Servers	N / A
Virtual Machines ⁽²⁾	N / A

R82 supports only SSM440 and SGM400 in Scalable Chassis The container that contains the all the components of a 60000 / 40000 Appliance. Synonym: Chassis..
Applies to Public Cloud and to Private Cloud. See the Hardware Compatibility List > Section Virtual Machines.
"Cluster" refers to ClusterXL (Active-Active, High Availability, Load Sharing) and VRRP Cluster on Gaia OS.
ElasticXL Cluster supports only Check Point appliances that have the dedicated ports called "Mgmt" and "Sync".
ElasticXL Cluster requires the supported Check Point appliance to run SecureXL Check Point product on a Security Gateway that accelerates IPv4 and IPv6 traffic that passes through a Security Gateway. in the Kernel Mode (KPPAK).

The Gaia First Time Configuration Wizard changes the SecureXL mode automatically to KPPAK.

Standalone and Full High Availability

Only these platforms support R82 in the Standalone Configuration in which the Security Gateway and the Security Management Server products are installed and configured on the same server. (Gateway + Management Server) configuration or the Full High Availability Cluster configuration:

Platforms	SK	Standalone ⁽¹⁾
23500, 23800, 23900	sk107516	⁽²⁾
16000, 16200, 16600T The model 16600HS does not support Standalone	sk152733
15400, 15600	sk107516	⁽²⁾
9100, 9200, 9300, 9400, 9700, 9800 (must change the SecureXL mode from UPPAK to KPPAK)	sk181698	⁽¹⁾
7000	sk139932
6200, 6400, 6600, 6700, 6900 The models 6500, 6800 do not support Standalone	sk139932
5900	sk110053
5100, 5200, 5400, 5600, 5800	sk110053	⁽²⁾
3100, 3200, 3600, 3800	sk110052
Open Servers	N / A
Virtual Machines ⁽³⁾	N / A

Standalone configuration requires SecureXL to run in the Kernel Mode (KPPAK).

As a result, the Firewall can run only as the Kernel Space Firewall (KSFW).

To change the SecureXL mode, run the cpconfig command > select "Check Point SecureXL" > select "Change SecureXL Mode" > reboot.
These appliance models support Standalone only with the HDD storage.

These appliance models do not support Standalone with the SSD storage.
Applies to Public Cloud and to Private Cloud. See the Hardware Compatibility List > Section Virtual Machines.
It is not supported to enable the SmartEvent Software Blade Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. on any Management Server in the Full High Availability Cluster configuration.

VSNext and Legacy VSX

This table shows the support for VSNext and Legacy VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. in R82:

Platforms	VSNext ⁽¹⁾	Legacy VSX
ElasticXL Cluster ⁽²⁾	⁽³⁾
Security Group - Maestro	⁽⁴⁾	⁽⁵⁾
Security Group - Scalable Chassis		⁽⁶⁾
Open Servers		⁽⁶⁾
Virtual Machines		⁽⁶⁾

Support for IPv6 in VSNext configuration is planned for the R82 Jumbo Hotfix Accumulator Collection of hotfixes combined into a single package. Acronyms: JHA, JHF, JHFA. (PMTR-108043).
ElasticXL Cluster requires the supported Check Point appliance to run SecureXL in the Kernel Mode (KPPAK).

The Gaia First Time Configuration Wizard changes the SecureXL mode automatically to KPPAK.
The Security Appliances must be after a clean install, or restored to factory defaults.

In the First Time Configuration Wizard, you must select ElasticXL and Install as VSNext.

Converting to VSNext after the First Time Configuration Wizard is not supported.
Create a new Maestro Security Group A logical group of Security Appliances (in Maestro) / Security Gateway Modules (on Scalable Chassis) that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances / Security Gateway Modules. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. In Maestro, each Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected. and in the First Time Wizard settings section, select Install as VSNext / VSX.

Converting an existing Maestro Security Group to VSNext is not supported.

Maestro Orchestrator See "Maestro Orchestrator". that runs the R82 version, automatically configures these modes:
- VSNext mode in a Maestro Security Group that runs the R82 version.
  
  For each Virtual Gateway you configure in this Maestro Security Group, in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. you configure a regular Security Gateway object.
- Legacy VSX mode in a Maestro Security Group that runs the version R81.20 or lower.
  
  In SmartConsole, you configure a VSX Gateway Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0. object and the required Virtual System Virtual Device on a VSX Gateway or VSX Cluster Member that implements the functionality of a Security Gateway. Acronym: VS. / Virtual Switch Virtual Device on a VSX Gateway or VSX Cluster Member that functions as a physical switch. Acronym: VSW. objects.
To configure a Maestro Security Group that runs the R82 version in the Legacy VSX mode:
1. Create a new Maestro Security Group and in the First Time Wizard settings section, do not select Install as VSNext / VSX.
2. In SmartConsole, configure a VSX Gateway object and the required Virtual System / Virtual Switch objects.
The Gaia Operating System must be after a clean install, or restored to factory defaults.

In SmartConsole, you configure a VSX Gateway object and the required Virtual System / Virtual Switch objects.

Threat Emulation Appliances

Platform	SK	Security Gateway, ClusterXL
TE2000XN	sk173494
TE2000X	sk106210
TE1000X	sk106210
TE250XN	sk173494
TE250X	sk106210
TE100X	sk106210

Quantum Maestro

Quantum Maestro Orchestrator A scalable Network Security System that connects multiple Check Point Security Appliances into a unified system. Synonyms: Orchestrator, Quantum Maestro Orchestrator, Maestro Hyperscale Orchestrator. Acronym: MHO. models MHO-140, MHO-170, and MHO-175 fully support the R82 release. See sk181127.

For the list of supported Maestro Security Group versions, see Quantum Maestro Orchestrator and Security Group Versions.

For the list of supported Security Appliances in a Maestro Security Group, see sk162373.

User Space Firewall (USFW)

Security Gateways on these platforms run in the User Space Firewall (USFW) mode by default (see sk167052):

Platform	SK	USFW
All supported Check Point Appliances ^(*)	sk96246
Open Servers	N / A
Virtual Machines	N / A
CloudGuard Network Security for Public Cloud	N / A
CloudGuard Network Security for Private Cloud	N / A

Notes:

For the list of the supported appliances, see the section Security Gateway or Cluster.
These appliances do not support USFW:
- Threat Emulation Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE. Appliances
- Check Point Appliances in the Standalone configuration

SecureXL User Mode (UPPAK)

Only these Check Point appliances support SecureXL in the User Mode (UPPAK):

Platforms	SK	UPPAK ⁽¹⁾
QLS250, QLS450, QLS650, QLS800 ⁽²⁾	sk176466
29100, 29200	sk180520
19100, 19200	sk180520
9100, 9200, 9300, 9400, 9700, 9800	sk181698

Notes:

On the supported Check Point appliances, the default SecureXL mode is the User Mode (UPPAK).

On all other supported Check Point appliances (see the section Security Gateway or Cluster), SecureXL runs only in the Kernel Mode (KPPAK).
Support for the SecureXL User Mode (UPPAK) in Maestro configuration is planned for the R82 Jumbo Hotfix Software package installed on top of the current software version to fix a wrong or undesired behavior, and to add a new behavior. Accumulator. See sk179432.
For more information about SecureXL modes, see:
- sk153832 - Chapter "SecureXL Modes - KPPAK and UPPAK"
- sk179432
- LightSpeed 10/25/40/100G QSFP28 Ports Administration Guide:
  - Chapter "Configuring SecureXL"
  - Chapter "Known Limitations" > Section "SecureXL"
SecureXL UPPAK Mode is not supported when the Firewall works in the Kernel Mode (KSFW). See sk167052.

Virtualization Platforms

For the most up-to-date information about the supported Linux versions and virtualization platforms, see the Hardware Compatibility List > Section Virtual Machines.

Cloud Platforms

Supported setups for cloud solutions:

Amazon Web Services:
- Security Gateway
- Single Zone High Availability Cluster
- Cross Availability Zone Cluster (Cross AZ Cluster)
- Security Gateway Auto Scaling Group
- Gateway Load Balancer Virtual Machine Scale Sets
- Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server.
- Multi-Domain Server Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS.
- Standalone
Microsoft Azure:
- Security Gateway
- High Availability Cluster
- Virtual Machine Scale Sets
- Gateway Load Balancer Virtual Machine Scale Sets
- Security Management Server
- Multi-Domain Server
- Standalone
- Virtual WAN
Google Cloud Platform (GCP):
- Security Gateway
- High Availability Cluster
- Managed Instance Group (MIG)
- Security Management Server
- Multi-Domain Server
- Standalone
Oracle Cloud Infrastructure (OCI):
- Security Gateway
- High Availability Cluster
- Security Management Server
- Multi-Domain Server
- Standalone
Huawei Cloud:
- Security Gateway
- High Availability Cluster
- Security Management Server
- Standalone
Tencent Cloud:
- Security Gateway
- High Availability Cluster
- Security Management Server
- Standalone