Supported Environments

Management Servers boot by default with the 64-bit GaiaClosed Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. kernel after a clean installation or upgrade to R82.

Notes:

  • If after the upgrade to R82 you revert to the previous version, then Gaia OS boots with the 64-bit Gaia kernel, even if in the previous version the Gaia kernel was 32-bit.

  • For documentation about Check Point Appliances, see sk96246.

  • Refer to the Support Life Cycle Policy page for more information and announcements.

Management Server and Log Server

These platforms support R82 in the Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. and Log ServerClosed Dedicated Check Point server that runs Check Point software to store and process logs. configurations:

Check Point Product

Smart-1 6000-XL,

Smart-1 6000-L,

Smart-1 5150,

Smart-1 5050

Smart-1 625,

Smart-1 600-M,

Smart-1 600-S,

Smart-1 410,

Smart-1 405

Open Servers

Virtual Machines

Security Management Server,

Endpoint Security Management Server

Yes

Yes

Yes

Yes

Log Server

Yes

Yes

Yes

Yes

SmartEvent Server

Yes

Yes

Yes

Yes

Multi-Domain Security Management Server

Yes

No

Yes

Yes

Multi-Domain Log Server

Yes

No

Yes

Yes

  1. For information about Smart-1 6000-L and Smart-1 6000-XL, see sk171903.

  2. For information about Smart-1 600-S and Smart-1 600-M, see sk171903.

  3. For information about Smart-1 5050 and Smart-1 5150, see sk120453.

  4. For information about Smart-1 625, see sk157153.

  5. For information about Smart-1 405 and Smart-1 410, see sk117578.

  6. "Virtual Machines" apply to Public Cloud and to Private Cloud. See the Hardware Compatibility List > Section Virtual Machines.

  7. Each of these Smart-1 models and platforms can run any combination of these products:

Management High Availability:

You can configure Check Point Management High AvailabilityClosed Deployment and configuration mode of two Check Point Management Servers, in which they automatically synchronize the management databases with each other. In this mode, one Management Server is Active, and the other is Standby. Acronyms: Management HA, MGMT HA. between on-premises Management Servers and Management Servers in a cloud.

You must make sure the required Check Point traffic can flow between the on-premises servers and the servers in the cloud.

For Management High Availability restrictions, see sk39345.

Security Gateway or Cluster

Only these platforms support R82 in the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. or ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. configuration:

Platforms

SK

Security Gateway,

Cluster (3)

ElasticXL Cluster (4,5)

MLS200, MLS400

sk176466

Yes

Yes

QLS250, QLS450, QLS650, QLS800

sk176466

Yes

Yes

29100, 29200

sk180520

Yes

Yes

28000, 28600HS

sk152733

Yes

Yes

26000, 26000T

sk152733

Yes

Yes

23500, 23800, 23900

sk107516

Yes

Yes

19100, 19200

sk180520

Yes

Yes

16000, 16200, 16600HS, 16600T

sk152733

Yes

Yes

15400, 15600

sk107516

Yes

Yes

9100, 9200, 9300, 9400, 9700, 9800

sk181698

Yes

Yes

7000

sk139932

Yes

Yes

6200, 6400, 6500, 6600, 6700, 6800, 6900

sk139932

Yes

Yes

5100, 5200, 5400, 5600, 5800, 5900

The models 5100, 5200 do not support ElasticXL

sk110053

Yes

Yes

3100, 3200, 3600, 3800

sk110052

Yes

No

64000, 44000 (1)

sk65305

Yes

No

Open Servers

N / A

Yes

No

Virtual Machines (2)

N / A

Yes

No

  1. R82 supports only SSM440 and SGM400 in Scalable ChassisClosed The container that contains the all the components of a 60000 / 40000 Appliance. Synonym: Chassis..

  2. Applies to Public Cloud and to Private Cloud. See the Hardware Compatibility List > Section Virtual Machines.

  3. "Cluster" refers to ClusterXL (Active-Active, High Availability, Load Sharing) and VRRP Cluster on Gaia OS.

  4. ElasticXL Cluster supports only Check Point appliances that have the dedicated ports called "Mgmt" and "Sync".

  5. ElasticXL Cluster requires the supported Check Point appliance to run SecureXLClosed Check Point product on a Security Gateway that accelerates IPv4 and IPv6 traffic that passes through a Security Gateway. in the Kernel Mode (KPPAK).

    The Gaia First Time Configuration Wizard changes the SecureXL mode automatically to KPPAK.

Standalone and Full High Availability

Only these platforms support R82 in the StandaloneClosed Configuration in which the Security Gateway and the Security Management Server products are installed and configured on the same server. (Gateway + Management Server) configuration or the Full High Availability Cluster configuration:

Platforms

SK

Standalone (1)

23500, 23800, 23900

sk107516

Yes (2)

16000, 16200, 16600T

The model 16600HS does not support Standalone

sk152733

Yes

15400, 15600

sk107516

Yes (2)

9100, 9200, 9300, 9400, 9700, 9800

(must change the SecureXL mode from UPPAK to KPPAK)

sk181698

Yes (1)

7000

sk139932

Yes

6200, 6400, 6600, 6700, 6900

The models 6500, 6800 do not support Standalone

sk139932

Yes

5900

sk110053

Yes

5100, 5200, 5400, 5600, 5800

sk110053

Yes (2)

3100, 3200, 3600, 3800

sk110052

Yes

Open Servers

N / A

Yes

Virtual Machines (3)

N / A

Yes

  1. Standalone configuration requires SecureXL to run in the Kernel Mode (KPPAK).

    As a result, the Firewall can run only as the Kernel Space Firewall (KSFW).

    To change the SecureXL mode, run the cpconfig command > select "Check Point SecureXL" > select "Change SecureXL Mode" > reboot.

  2. These appliance models support Standalone only with the HDD storage.

    These appliance models do not support Standalone with the SSD storage.

  3. Applies to Public Cloud and to Private Cloud. See the Hardware Compatibility List > Section Virtual Machines.

  4. It is not supported to enable the SmartEvent Software BladeClosed Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. on any Management Server in the Full High Availability Cluster configuration.

VSNext and Traditional VSX

This table shows the support for VSNext and Traditional VSXClosed Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. in R82:

Platforms

VSNext (1)

Traditional VSX

ElasticXL Cluster (2)

Yes (3)

No

Security Group - Maestro

Yes (4)

Yes (5)

Security Group - Scalable Chassis

No

Yes (6)

Open Servers

No

Yes (6)

Virtual Machines

No

Yes (6)

  1. Support for IPv6 in VSNext configuration is planned for the R82 Jumbo Hotfix AccumulatorClosed Collection of hotfixes combined into a single package. Acronyms: JHA, JHF, JHFA. (PMTR-108043).

  2. ElasticXL Cluster requires the supported Check Point appliance to run SecureXL in the Kernel Mode (KPPAK).

    The Gaia First Time Configuration Wizard changes the SecureXL mode automatically to KPPAK.

  3. The Security Appliances must be after a clean install, or restored to factory defaults.

    In the First Time Configuration Wizard, you must select ElasticXL and Install as VSNext.

    Converting to VSNext after the First Time Configuration Wizard is not supported.

  4. Create a new Maestro Security GroupClosed A logical group of Security Appliances (in Maestro) / Security Gateway Modules (on Scalable Chassis) that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances / Security Gateway Modules. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. In Maestro, each Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected. and in the First Time Wizard settings section, select Install as VSNext / VSX.

    Converting an existing Maestro Security Group to VSNext is not supported.

    Maestro OrchestratorClosed See "Maestro Orchestrator". that runs the R82 version, automatically configures these modes:

  5. To configure a Maestro Security Group that runs the R82 version in the Traditional VSX mode:

    1. Create a new Maestro Security Group and in the First Time Wizard settings section, do not select Install as VSNext / VSX.

    2. In SmartConsole, configure a VSX Gateway object and the required Virtual System / Virtual Switch objects.

  6. The Gaia Operating System must be after a clean install, or restored to factory defaults.

    In SmartConsole, you configure a VSX Gateway object and the required Virtual System / Virtual Switch objects.

Threat Emulation Appliances

Platform

SK

Security Gateway,

ClusterXL

TE2000XN

sk173494

No

TE2000X

sk106210

Yes

TE1000X

sk106210

Yes

TE250XN

sk173494

No

TE250X

sk106210

Yes

TE100X

sk106210

Yes

Quantum Maestro

Quantum Maestro OrchestratorClosed A scalable Network Security System that connects multiple Check Point Security Appliances into a unified system. Synonyms: Orchestrator, Quantum Maestro Orchestrator, Maestro Hyperscale Orchestrator. Acronym: MHO. models MHO-140, MHO-170, and MHO-175 fully support the R82 release. See sk181127.

For the list of supported Maestro Security Group versions, see Quantum Maestro Orchestrator and Security Group Versions.

For the list of supported Security Appliances in a Maestro Security Group, see sk162373.

User Space Firewall (USFW)

Security Gateways on these platforms run in the User Space Firewall (USFW) mode by default (see sk167052):

Platform

SK

USFW

All supported Check Point Appliances (*)

sk96246

Yes

Open Servers

N / A

Yes

Virtual Machines

N / A

Yes

CloudGuard Network Security for Public Cloud

N / A

Yes

CloudGuard Network Security for Private Cloud

N / A

Yes

Notes:

SecureXL User Mode (UPPAK)

Only these Check Point appliances support SecureXL in the User Mode (UPPAK):

Platforms

SK

UPPAK (1)

QLS250, QLS450, QLS650, QLS800 (2)

sk176466

Yes

29100, 29200

sk180520

Yes

19100, 19200

sk180520

Yes

9100, 9200, 9300, 9400, 9700, 9800

sk181698

Yes

Notes:

  1. On the supported Check Point appliances, the default SecureXL mode is the User Mode (UPPAK).

    On all other supported Check Point appliances (see the section Security Gateway or Cluster), SecureXL runs only in the Kernel Mode (KPPAK).

  2. Support for the SecureXL User Mode (UPPAK) in Maestro configuration is planned for the R82 Jumbo HotfixClosed Software package installed on top of the current software version to fix a wrong or undesired behavior, and to add a new behavior. Accumulator. See sk179432.

  3. For more information about SecureXL modes, see:

  4. SecureXL UPPAK Mode is not supported when the Firewall works in the Kernel Mode (KSFW). See sk167052.

Virtualization Platforms

For the most up-to-date information about the supported Linux versions and virtualization platforms, see the Hardware Compatibility List > Section Virtual Machines.

Cloud Platforms

Supported setups for cloud solutions: