Friday, March 31, 2017

R80 -



R80.10 Early Availability Program

As we are expanding our EA installations I would like to invite you to participate in the Early Availability Program of R80.10. Candidates should commit their Production environment in order to get on-site Early Availability engineer.

The registration process consists of filling out a short questionnaire to characterize the candidates for this EA program and NDA papers.
In order to register to the new R80.10 please fill in the following questionnaire (link below) and our early availability engineer will contact you.

WHAT’S NEW IN R80.10?

Check Point recently released Next Generation Security Management R80 setting the standard for reliability and ease-of-use in security management.

Check Point R80.10 extends R80 functionality to complete our vision for security consolidation, unified policy, and integrated threat management..

R80.10 will include:













Unified Access & Data Policy


1. Unified Policy

  • Unified security rule-base for Access blades: Firewall, VPN, Application Control, URL Filtering, Data Awareness, Mobile Access Blade
  • Unified log for network, protocol, application, user, accessed resources, file and data types.



2. Powerful Policy Model Architecture

  • Layered policy to support delegation and segregation of duties
  • Sub policy to define a set of rules as one management unit, independent from the rest of the rule-base.
  • Security zones bound to network interfaces to simplify security policy management.



3. Firewall and Application Control Enhancement
  • Application criteria now includes match by recommended services and by application signature.
  • Service criteria now includes match by protocol signature and by service port.


4. Integrated Data Awareness

  • Data Awareness adds file types, data types, and direction in the new unified policy, combining data with other security policy objects for granular rules..



5. Additional Enhancements:

  • New FQDN mode, to match fully qualified domain name of Domain Objects.
  • Domain Objects and Dynamic Objects support SecureXL accept templates.




Identity Awareness:


    • Large scale Identity Awareness, for support of 200K users.
    • Identity Collector Agent to collect user information from different identity sources (AD/ISE).
    • Web REST API for IDA.
    • LDAPv3 support for better nested group handling.



    Mobile Access:


    • Support Mobile Access in the unified rule base of R80 / R80.10.
    • Multiple Login Options, and multiple authentication factors, for Mobile Access and IPSec VPN. 


    VPN:


    • Multi-core for enhanced performance of VPN (Site-to-Site and Remote-Access VPN).
    • Security Gateways behind NAT use of NAT-T to initiate VPN site-to-site tunnel.


    Threat Prevention:


    • IPS is now part of the Threat Prevention policy, with multiple profiles per gateway and all Threat Prevention blades managed in one rule.
    • Threat Prevention Policy installation time considerably improved.
    • Threat Prevention Policy support for multi-layers, adding flexibility. 


    Additional Features:


    • SandBlast Threat Extraction immediately provides users with clean, reconstructed files containing only known safe element
    • Support of TLS 1.2 in Mobile Access connections and portals that do not work through multi-portal system. 


    Upgrade Method:

    • Upgrade to R80.10 and onward will be available online & offline through Check Point’s upgrade engine (CPUSE).