What's New

Introduction

R82 is Check Point's major software release for Quantum products and CloudGuard Network Security. It introduces 50 innovative capabilities to strengthen threat prevention, greatly streamline operations and provisioning, and troubleshoot network connections with integrated diagnostics tools.

This release provides access to new AI-powered threat prevention engines that strengthen defense against zero-day phishing, brand spoofing, malware, and more. R82 also adds DNS protection against NXNS, offers DNS configuration granularity, and supports DNS-over-HTTPS Inspection Feature on a Security Gateway that inspects traffic encrypted by the Secure Sockets Layer (SSL) protocol for malware or suspicious patterns. Synonym: SSL Inspection. Acronyms: HTTPSI, HTTPSi..

Check Point offers the industry's first complete protection for HTTP/3 over QUIC. R82 also enables effortless and automated HTTPS Inspection deployment with granular controls and exceptional performance.

Check Point's VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. has a new versatile mode (VSNext) that unifies management features and APIs across Virtual Systems and physical Security Gateways. Furthermore, cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. management is greatly simplified with a new page in Gaia Portal Web interface for the Check Point Gaia operating system. and a new mode (ElasticXL) that enables Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. clustering without the need for physical Orchestrators See "Maestro Orchestrator"..

In addition, R82 introduces a new version of Check Point's operating system with superior networking and routing capabilities. For automation, users and DevOps teams can now execute API calls directly to security gateways through a new dynamic policy layer. For future-proofing, R82 enables NIST-approved Kyber (ML-KEM) encryption to protect today’s VPN traffic against future quantum computing-based hacking.

These are just some of the powerful new capabilities in R82.

Threat Prevention

AI-based prevention engines

Check Point's new AI security engines represent a shift in how we utilize data, transitioning from mostly a single indicator perspective to a multi-dimensional approach.

ThreatCloud Graph - Leverages ThreatCloud The cyber intelligence center of all of Check Point products. Dynamically updated based on an innovative global network of threat sensors and invites organizations to share threat data and collaborate in the fight against modern malware. AI knowledge base to form relationship graph, identifying attacks patterns to prevent zero-day threats.
Kronos - Inspects behavior over time with AI and signal processing algorithms to detect malicious activity, preventing zero-day C2, phishing campaigns and other threats.
Deep Brand Clustering - Prevents zero-day brand phishing campaigns with a patent-pending unsupervised deep learning engine. This engine cluster websites into local and global brands and determine whether it’s an attack.
Dynamic classification of uncategorized websites - An AI-based engine for dynamic classification of websites, accurately categorizing URLs to block previously uncategorized dangerous or inappropriate websites.

Improved DNS Security Capabilities

This release provides new and enhanced DNS security capabilities with the addition of:

Advanced DNS protection against Non-Existent Domain (NXNS) Attack.
Support for DNS over HTTPS (DoH) protocol.
Configuration Granularity - Advanced DNS Security settings in the Threat Prevention profile.
Detailed DNS Security statistics - Now available in the SmartView Dashboard.

Threat Prevention Dashboards

The Infinity Events app in the Check Point Infinity Portal now provides a real-time, comprehensive view of threats facing your organization, as well as insights into top global threats identified by ThreatCloud AI. Customers who share logs with the Infinity Portal can benefit from the Threat Prevention dashboards. This release introduces two new dashboards:

Web Security & Phishing - This dashboard offers an in-depth overview of your current web security and phishing attack status. It integrates tenant-specific data, such as prevented attacks, attack timelines, and top blocked domains, with global intelligence on malicious brands and websites from ThreatCloud AI.
File Security - The dashboard delivers detailed analyzes of malicious files, highlighting file types, malware families, and attack severity. It also incorporates global insights from ThreatCloud AI, including emulated files and unique catches, to provide a thorough understanding of potential threats.

Automatic Security Services Configuration

Zero Phishing Check Point Software Blade on a Security Gateway (R81.20 and higher) that provides real-time phishing prevention based on URLs. Acronym: ZPH., Anti-Virus Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV., Anti-Bot Check Point Software Blade on a Security Gateway that blocks botnet behavior and communication to Command and Control (C&C) centers. Acronyms: AB, ABOT. and IPS Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System). Software Blades are now more accessible, providing a simpler and easier user experience.

Zero Phishing Software Blade Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. - Introducing a new Automatic mode that significantly simplifies the configuration process, providing a seamless experience. With the Automatic mode, the Software Blade configuration is now effortless: simply enable the Software Blade and you are ready to go.
The Anti-Virus and Anti-Bot Malicious software that neutralizes Anti-Virus defenses, connects to a Command and Control center for instructions from cyber criminals, and carries out the instructions. Software Blades are now activated by default in newly created Security Gateway and Cluster objects.
It is now possible to automatically load and update SNORT rules file as Custom Intelligence Feed and enforce them as new IPS protections.

Web Security

Added support of HTTP/3 protocol over QUIC transport (UDP) for Network Security, Threat Prevention, and Sandboxing.

HTTPS Inspection

This release sets a new standard with breakthrough performance, unmatched simplicity, and effortless deployment of HTTPS Inspection. Now, you can significantly increase your security without sacrificing speed or user experience. Embrace cutting-edge technology that transforms HTTPS Inspection into a seamless, innovative solution, ensuring your systems stay secure and your users stay satisfied.

Enhanced HTTPS Inspection UI - HTTPS Inspection is fully managed in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on.:
- Enhanced HTTPS Inspection policy - A dedicated policy for inbound inspection, including certificate management views for both inbound and outbound policies and enhanced default outbound policy.
- Trusted CA package - A new view to manage Trusted certificates and see the status of the trusted CA package
- HTTPS Advanced settings - A new view to configure advanced settings, including R82 new features.
Client Side Fail mode - This new feature automatically detects failures in inspected HTTPS connections caused by client-side issues, such as certificate-pinned applications. When a failure is detected, the connection is flagged to be bypassed in future attempts, and Artificial intelligence (AI) learns from these failures to identify similar connections.
- Endpoint Detection - Identifies endpoints without deployed outbound CA certificate.
Learning mode:
- Gradual & Smart deployment - Activated during the deployment of HTTPS Inspection, inspecting a minor percentage of traffic over two weeks.
- Network Learning - Gathers insights into network behavior and detects potential connectivity issues for Artificial intelligence consideration.
- Performance Prediction - Estimates the impact on performance when HTTPS Inspection is fully implemented.
Bypass Under Load - Bypasses HTTPS connections when the Security Gateway experiences high CPU load.
HTTPS Inspection monitoring - Introducing the HTTPS Inspection statistics view in SmartView, including bypass/inspect statistics.

Quantum Security Gateway

IPsec VPN

Added support for ML-KEM (Kyber768) as required by the FIPS 203 standard to address Post-Quantum Cryptography (PQC).
Automatically detect configuration changes in AWS Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services., Azure, and GCP Google® Cloud Platform is a suite of products and services that includes hosting, cloud computing, database services and more. public clouds and adjust the VPN settings ensuring connection stability.
Introducing the Advanced VPN Monitoring tool that shows information on each VPN Tunnel An encrypted connection between two hosts using standard protocols (such as L2TP) to encrypt traffic going in and decrypt it coming out, creating an encapsulated network through which data can be safely shared as though on a physical private line. and tracks its health and performance.
Enhanced Link Selection
- Interoperability:
  - Uses public IP addresses as tunnel identifiers to establish separate tunnels for each link.
  - Uses Dead Peer Detection (DPD) as the link probing protocol instead of the proprietary "Reliable Data Protocol" (RDP).
- Redundancy:
  - Allows redundancy of VPN tunnels including third-party and native cloud VPN peers.
- Granularity:
  - Ability to configure the Security Gateway to use different VPN interfaces in different VPN communities.

Remote Access VPN

Security Gateway now supports the IKEv2 protocol for connections from Remote Access VPN An encrypted tunnel between remote access clients (such as Endpoint Security VPN) and a Security Gateway. Clients (E88.40 and higher).

Mobile Access

Mobile Access Check Point Software Blade on a Security Gateway that provides a Remote Access VPN access for managed and unmanaged clients. Acronym: MAB. Policy and Capsule Workspace configurations are now available in SmartConsole.
SAML authentication support for Mobile Access clients that allows seamless integration with third-party Identity Providers.
New Management API calls for Capsule Workspace configuration. See the Check Point Management API Reference > section "Mobile Access".

Dynamic Routing

Added support for new Dynamic Routing capabilities:

BGP Extended Communities (RFC 4360).
BGP Conditional Route Advertisement and Injection.
Routing Table Monitor for Event Record of a security or network incident that is based on one or more logs, and on a customizable set of rules that are defined in the Event Policy. Triggers.
IPv4 and IPv6 Router Discovery on cluster members.
Router Preference and Route Information option.
Route age information.
IPv4 PIM-SSM with non-default prefixes.
IPv4 PIM with BFD.
IPv4 PIM neighbor filtering.
IPv4 PIM RPT to SPT switchover control.
IPv6 Protocol Independent Multicast (PIM) and Multicast Listener Discovery (MLD).

Added support for new Dynamic Routing API calls:

REST API calls for BGP, PIM, Multicast Listener Discovery (MLD).
REST API calls for Route Redistribution, Inbound Route Filters, and NAT Pools.
REST API calls for IGMP.

See the Check Point Gaia API Reference v1.8 (and higher) > section "Networking".

Performance and Infrastructure

HyperFlow acceleration of elephant flows for the SMB/CIFS protocol.
HyperFlow acceleration of elephant flows for the QUIC protocol.
Quantum Security Gateway log rate output capacity increased by up to 100% through a new multi-process architecture.

Quantum Maestro, Scalable Chassis, and ElasticXL

This release features improvements in managing and monitoring Scalable Platform clusters, which include:

Support for REST API:
- New API calls on Quantum Maestro Orchestrator A scalable Network Security System that connects multiple Check Point Security Appliances into a unified system. Synonyms: Orchestrator, Quantum Maestro Orchestrator, Maestro Hyperscale Orchestrator. Acronym: MHO. to configure and monitor Maestro Security Groups A logical group of Security Appliances (in Maestro) / Security Gateway Modules (on Scalable Chassis) that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances / Security Gateway Modules. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. In Maestro, each Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected., Gateways, Sites, and Ports.
  
  See the complete list of available API calls in the Check Point Gaia API Reference v1.8 and higher > section "Maestro".
- Support for Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. REST APIs on Scalable Platform Members.
Support for Gaia First Time Configuration Wizard on Quantum Maestro Orchestrators with ability to configure the Maestro Site settings.
Support for authentication to secure the synchronization connections between Quantum Maestro Orchestrators.
Support for SNMP Queries on each Security Group Member.
Support for LLDP on Uplink, Sync, and Management ports of Quantum Maestro Orchestrators.
New page "Ports" in Gaia Portal on Quantum Maestro Orchestrator. This page shows a summary and interactive view of port configuration, runs diagnostics on ports, and blinks a port LED for identification.
New page "Cluster Management" in Gaia Portal on ElasticXL / Security Group. This page shows the state and performance of Scalable Platform Members.
"insights" - New CLI tool to monitor the entire Scalable Platform cluster in both Expert mode and Gaia gClish The name of the global command line shell in Check Point Gaia operating system for Security Appliances connected to Check Point Quantum Maestro Orchestrators and for Security Gateway Modules on Scalable Chassis. Commands you run in this shell apply to all Security Gateway Module / Security Appliances in the Security Group..
New Gaia gClish commands "show cluster" and "set cluster".
Improved boot time and decreased number of reboots of Scalable Platform Members when there is a change in the Gaia OS configuration in a Scalable Platform.
Improved upgrade simplicity:
- This release introduces automatic updates for the CPUSE Check Point Upgrade Service Engine for Gaia Operating System. With CPUSE, you can automatically update Check Point products for the Gaia OS, and the Gaia OS itself. Deployment Agent on Scalable Platforms. Manual deployment is no longer required.
- Upgrade to R82 and higher no longer requires the "sp_upgrade" script and can be easily monitored with Scalable Platform monitoring tools.
Additional snapshot mechanism to take small Gaia OS snapshots (lightshots).

VSX

Check Point VSX is enhanced with a new mode (VSNext), allowing simpler configuration, easier provisioning, and a similar experience to a physical Security Gateway.

The benefits of the new VSX mode are:

Unified management experience between Check Point physical Security Gateways and Virtual Gateways, including the capability to manage each Virtual Gateway from a different Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..
Improves VSX provisioning performance and provisioning experience - creating, modifying, and deleting Virtual Gateways and Virtual Switches in Gaia Portal, Gaia Clish The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell)., or with Gaia REST API.
Management feature and API parity between Virtual Gateways (VGW) and physical Security Gateways.
Managing different Virtual Gateways with different Security Management Servers, in addition to different Domain Management Servers Virtual Security Management Server that manages Security Gateways for one Domain, as part of a Multi-Domain Security Management environment. Acronym: DMS. on the same Multi-Domain Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server..

Tools and Utilities

New tool "connview" - a new consolidated troubleshooting tool for viewing connections information on the Security Gateway that works in the User Space Firewall (USFW).
New tool "fw up_execute" - performs virtual Access Control / NAT Rule Base All rules configured in a given Security Policy. Synonym: Rulebase. execution. Given inputs based on logs or connections, the execution provides detailed information such as matched rules and classification information.

Gaia Operating System

Note - This section applies to Security Gateways, Management Servers, and Log Servers.

This release boosts Gaia OS with a new OS kernel and multiple new configuration options for better security, enhanced networking and a simpler experience.

The new capabilities are:

Enhance Gaia OS with:
- Support for Link Layer Discovery Protocol (LLDP) in the VSX mode.
- DHCPv6 server, DHCPv6 client, and DHCPv6 client for prefix-delegation in Gaia Portal and Gaia Clish.
- Ability to configure the order of the "AAA" authentication (TACACS, RADIUS, Local authentication) in Gaia Portal and Gaia Clish
- DNS Proxy forwarding domains, which allows configuring specific DNS servers per DNS suffix.
New Gaia OS configuration items:
- Two-Factor Authentication for Gaia OS login using time-based authenticator apps (Google Authenticator and Microsoft Authenticator).
- NTP pools and a larger number of NTP servers in Gaia Portal and Gaia Clish.
- NFSv4 configuration.
- Keyboard layout.
- TLS configuration for a remote Syslog server in Gaia Portal and Gaia Clish.
Support for storing a Gaia OS backup in Amazon S3 and Microsoft Azure Collection of integrated cloud services that developers and IT professionals use to build, deploy, and manage applications through a global network of data centers managed by Microsoft®. and restoring it from there.

Quantum Security Management

Security Management Server Enhancements

The LDAP Account Unit object now uses the LDAP server name and CA certificate for LDAP trust. The trust is automatically renewed if an administrator renews or replaces the LDAP server certificate. As a result, Check Point servers keep their connectivity to the LDAP server.
Support for Management API to run the "vsx_provisioning_tool" operations to configure VSX Gateway Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0. and VSX Cluster objects. See the Check Point Management API Reference > section "VSX" > command "vsx-provisioning-tool".
Support for Management API to configure the "Data Type Classification of data in a Check Point Security Policy for the Content Awareness Software Blade." objects for the Data Loss Prevention Check Point Software Blade on a Security Gateway that detects and prevents the unauthorized transmission of confidential information outside the organization. Acronym: DLP. and Content Awareness Check Point Software Blade on a Security Gateway that provides data visibility and enforcement. Acronym: CTNT. Software Blades. See the Check Point Management API Reference > section "Data Types".
Security Gateways can now be managed by a Security Management Server hosted behind a public cloud or third-party NAT device.
Support to manage up to 500 Security Gateways / Cluster Members, allowing concurrent policy installation on all managed Security Gateways / Cluster Members. See Maximum Supported Items.
Support for SAML login in SmartConsole when Gaia Portal on the Management Server runs on a different port than the default port 443. See sk182032.
Ability to verify an Access Control policy that contains unpublished changes.
The "Access Rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. Name" and "Access Rule Number" fields will now prioritize information from administrator-defined rules by excluding Accept rules from the pre-defined Playblocks and IoT Access Policy layers.

SmartConsole

Added the ability for the system account to install SmartConsole.
Enhancements in the SmartConsole > "Gateways & Servers" view:
- You can now see and manage the Recommended Jumbo Hotfix Software package installed on top of the current software version to fix a wrong or undesired behavior, and to add a new behavior. Accumulators and Recommended Software Updates for Security Gateway / Cluster objects and Check Point Host objects.
- HealthCheck Point (HCP) tests are now integrated. You can see them as part of the Security Gateway's status. The feature is disabled by default.

Web SmartConsole

These new Web SmartConsole capabilities are available for this release:
- Threat Prevention Rule Base
- HTTPS Inspection Rule Base
- NAT Rule Base
- Rule Base search

Central Deployment of Hotfixes and Version Upgrades in SmartConsole

Central Software Deployment through SmartConsole was enhanced and now supports:

Uninstall of Jumbo Hotfix Accumulators.
Installation of packages on ClusterXL High Availability mode in the "Switch to higher priority Cluster Member" configuration ("Primary Up").
Installation of packages on Secondary Management Servers.
Installation of packages on Dedicated Log Servers.
Installation of packages on Dedicated SmartEvent Servers.
Installation of packages from Standalone Servers.

Package Repository per Domain on a Multi-Domain Security Management Server.

SmartProvisioning

Star VPN Community A named collection of VPN domains, each protected by a VPN gateway. now supports Quantum Maestro Security Groups, VSX Gateways, and VSX Clusters as Center Gateways (Corporate Office Gateway).

Multi-Domain Security Management Server

Ability to clone an existing Domain on the same Multi-Domain Security Management Server. See sk180631.
Improved upgrade time of large Multi-Domain Security Management Server environments by up to 50%.
New support for IPv6 configuration (only with Management API "set mds") on a Multi-Domain Security Management Server that allows Domains to communicate with the managed Security Gateways over IPv6.
Automatic refresh of modified Global objects in SmartConsole that is connected to a non-Global Domain when a superuser assigns a Global Policy On a Multi-Domain Security Management Server, a policy defined in the Global Domain. You can assigns this Global Policy to Domains. to a Domain Management Server. See sk182307.
Ability to select the Access Control, Threat Prevention, or both policies in a Policy Preset object.

Compliance

Added Gaia OS Best Practice support for Quantum Maestro - presenting a consolidated Best Practices status for each Security Group Member and Orchestrators.
Added Gaia OS Best Practice support for Quantum Spark Appliances (only for applicable Gaia OS Best Practices).
Added Gaia OS Best Practice support for Log Servers.
Added new regulations:
- Center for Internet Security Benchmarks
- Cyber Essentials v3.1
- Cybersecurity Maturity Model Certification
- Essential Eight & Strategies to Mitigate Cyber Security Incidents
- IEC 62443-2-1 201
- ISO 27001:2022
- Israeli Cyber Defense Methodology 2.0
- Network and Information Systems Directive 2
- PCI DSS 4.0
- TISAX 5.1

CloudGuard Network Security

CloudGuard Controller

CloudGuard Controller Provisions SDDC services as Virtual Data Centers that provide virtualized computer networking, storage, and security. now supports Identity Awareness Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. PDP (Identity Sharing).
CloudGuard Controller now supports VMware NSX-T Global Manager to allow integration with VMware NSX-T VMware NSX-T is a network virtualization and security platform that builds security into the network virtualization infrastructure. v4.1.
CloudGuard Controller for VMware NSX-T now uses Policy Mode APIs to import objects from an NSX-T Manager.
Multi-Domain Security Management Server now supports Data Center Virtual centralized repository, or a group of physical networked hosts, Virtual Machines, and datastores. They are collected in a group for secured remote storage, management, and distribution of data. objects and Data Center Query objects in the Global Policy.

Harmony Endpoint Web Management

Client optimization for Windows servers - Harmony Endpoint now allows you to easily optimize the Endpoint Security clients for Windows servers, such as Exchange servers, Active Directory servers, Database servers, and so on, by manually assigning Windows server roles.
Run Diagnostics - Using the Push Operation, an administrator can run a diagnostic check on endpoint clients.

The reports show the total CPU and RAM usage for the last 12 hours, including the CPU usage by processes. Based on the report Summary of network activity and Security Policy enforcement that is generated by Check Point products, such as SmartEvent. data, Harmony Endpoint may offer suggested exclusions to optimize the endpoint performance. You can easily add an exclusion as part of "Global Exclusion" or "Exclusion per Rule".
Exclusions Enhancements:
- Exclusion description - You can now add comments to new or existing exclusions.
- Global Exclusion - You can now easily add global exclusions that apply to all rules.
Application Control for macOS - Control which applications can run or use networking.
New Asset Management view:
- Filters - A brand new look and functionality for filters that enhances operation and productivity, while using the Asset Management view.
- Asset Management Table - Bigger asset management table to see all relevant data easily.
- Columns reorder - New Column reorder option to customize the asset management table based on their specific needs by changing columns location.
Linux Offline Package - Supports upload and export package for Linux OS clients.
Support for Harmony Endpoint Management API on an on-premises Endpoint Security Management Server.

The API is disabled by default for on-premises deployments. See the Harmony Endpoint Management API documentation.