Sometimes your boss needs arguments to allow upgrade of your Check Point installation to new release version. Even if this upgrade is free, like upgrade to R75 version. I collected all information from "What's new" section from Release Notes documents for R70 till R75.10 releases. This helps you choose features important for exactly your installation and Check Point products set.
Scheme of release is not linear. You can see it here - Check Point R70, R71 and R75 Release Map
What's new in R70
New Terms
The following product and technology names have been changed for this version.
Table 1 Product and Technology Names
Versions NG and NGX Products and Technologies --- Version R70 Products and Technologies
Firewall-1 Firewall
Integrity Endpoint Security
Integrity Clientless Security Endpoint Security On Demand
ROBO Gateway Check Point SmartLSM Security Gateway
SmartCenter server Security Management server
SmartDefense IPS
SmartDirectory (LDAP) User Directory
SmartLSM management SmartProvisioning
SmartPortal Management Portal
VPN-1 (Power/UTM) Gateway Check Point Security Gateway
VPN-1 UTM Edge UTM-1 Edge
Web Filtering URL Filtering
The following product and technology names have been changed for this version.
Table 1 Product and Technology Names
Versions NG and NGX Products and Technologies --- Version R70 Products and Technologies
Firewall-1 Firewall
Integrity Endpoint Security
Integrity Clientless Security Endpoint Security On Demand
ROBO Gateway Check Point SmartLSM Security Gateway
SmartCenter server Security Management server
SmartDefense IPS
SmartDirectory (LDAP) User Directory
SmartLSM management SmartProvisioning
SmartPortal Management Portal
VPN-1 (Power/UTM) Gateway Check Point Security Gateway
VPN-1 UTM Edge UTM-1 Edge
Web Filtering URL Filtering
Table 2 SmartDashboard Tab Titles
Versions NG and NGX SmartDashboard Tabs --- Version R70 Products SmartDashboard Tabs
Address Translation NAT
Connectra SSL VPN
Content Inspection Anti-Virus and URL Filtering
Messaging Security Anti-Spam and Mail
Security Firewall
SmartDefense IPS
VPN IPSec VPN
Resume
Check Point R70 introduces the revolutionary Software Blades architecture. The Software Blades
architecture provides a complete selection of Software Blades, each delivering a modular security
gateway or security management function. Software Blades enable users to efficiently and quickly
tailor Security Gateway and Management functionality to specific and changing needs. When
running on multi-core platforms and appliances, Check Point CoreXL technology delivers near
linear performance scalability for many of the Software Blades.
The release has several highlights:
• New IPS blade which delivers superb IPS capabilities integrated into the Security Gateway:
• Integrated IPS Engine delivering over 2000 Pre-emptive/Behavioral-based Protections,
Signature–based Protections, Client and Server Protections and Application Controls
• Admin workflow and tools that allow simple management and deployment of IPS
capabilities
• Support for Prevent or Detect Mode per Profile and per Protection
• Breakthrough performance of up to 10Gbps
• Ability to limit system resources (CPU and memory) dedicated to IPS
• Granular Exceptions
• Easy IPS Protection updates including full coverage for Microsoft Patch Tuesday updates
and many others
• Enhanced log information (including packet capture) and new troubleshooting capabilities
• New Provisioning blade provides centralized administration and provisioning of Check Point
security devices through a single management console. The blade provides an intuitive and
easy interface to centrally manage both security and device configurations, such as operating
system and network settings. Management can be done either device-by-device or using profiles
which enable an administrator to manage large scale deployments that benefit from common
security policies and device settings.
• CoreXL for multi-core support and other performance enhancements.
• Enhanced SecurePlatform operating system, supporting new hardware platforms and providing
better performance.
• Provider-1 Enhancements: New Migration Tool, New High Availability Capabilities, Cross-CMA
Search, New IPS Global Policy capabilities and more.
• The Eventia Suite is now supported on VMware ESX server version 3.5.
Check Point R70 introduces the revolutionary Software Blades architecture. The Software Blades
architecture provides a complete selection of Software Blades, each delivering a modular security
gateway or security management function. Software Blades enable users to efficiently and quickly
tailor Security Gateway and Management functionality to specific and changing needs. When
running on multi-core platforms and appliances, Check Point CoreXL technology delivers near
linear performance scalability for many of the Software Blades.
The release has several highlights:
• New IPS blade which delivers superb IPS capabilities integrated into the Security Gateway:
• Integrated IPS Engine delivering over 2000 Pre-emptive/Behavioral-based Protections,
Signature–based Protections, Client and Server Protections and Application Controls
• Admin workflow and tools that allow simple management and deployment of IPS
capabilities
• Support for Prevent or Detect Mode per Profile and per Protection
• Breakthrough performance of up to 10Gbps
• Ability to limit system resources (CPU and memory) dedicated to IPS
• Granular Exceptions
• Easy IPS Protection updates including full coverage for Microsoft Patch Tuesday updates
and many others
• Enhanced log information (including packet capture) and new troubleshooting capabilities
• New Provisioning blade provides centralized administration and provisioning of Check Point
security devices through a single management console. The blade provides an intuitive and
easy interface to centrally manage both security and device configurations, such as operating
system and network settings. Management can be done either device-by-device or using profiles
which enable an administrator to manage large scale deployments that benefit from common
security policies and device settings.
• CoreXL for multi-core support and other performance enhancements.
• Enhanced SecurePlatform operating system, supporting new hardware platforms and providing
better performance.
• Provider-1 Enhancements: New Migration Tool, New High Availability Capabilities, Cross-CMA
Search, New IPS Global Policy capabilities and more.
• The Eventia Suite is now supported on VMware ESX server version 3.5.
Check Point Software Blades
Check Point Security Gateways are comprehensive security solutions that deliver industry-leading
performance, threat coverage, and value on a flexible Check Point Software Blade architecture.
With Software Blades, Security Gateways can be optimized to provide simple, flexible, extensible,
and manageable security for deployments ranging in size from small branch offices to large
enterprises to datacenters.
A software blade is a logical security building block that is independent, modular, and centrally
managed. Software Blades can be quickly enabled and configured into a solution based on specific
business needs. And as needs evolve, additional blades can be quickly activated to extend security
to an existing configuration within the same hardware foundation.
Check Point Software Blades include Firewall, VPN, IPS, Web Security, Anti-Virus and
Anti-Malware, URL Filtering, Messaging Security, Acceleration and Clustering, Advanced
Networking, Network Policy Management, End Policy Management, Logging and Status,
Monitoring, Management Portal, User Directory, Provisioning, Reporting, and Event Correlation.
Software Blades can be deployed on Check Point UTM-1 and Power-1 appliances, partner
appliances, open servers, and within virtualized environments. New blades can be added by simply
enabling their functionality in software; no additional hardware, firmware or drivers are necessary.
This enables organizations to deploy security dynamically, as needed, with lower total cost of
deployment.
More information about Software Blades can be found at:
http://www.checkpoint.com/products/softwareblades/architecture/index.html
IPS
New IPS engine: R70 introduces a new multi-tier inspection engine, delivering:
• Excellent security capabilities for detection and prevention of known and unknown, client
and server attacks.
• Application controls for Peer-To-Peer, Instant Messaging and many other applications.
• On-going update services covering Microsoft Patch Tuesday and many other applications.
• Admin workflow and tools that allow simple management and deployment of IPS
capabilities.
Blazing Fast Performance: Introducing a completely new IPS enforcement architecture that allows
up to 10 Gbps IPS throughput. Even when all protections are activated throughput remains above
2.2 Gbps.
Signature Matching Engine: New signature matching engine provides faster release of new updates,
while maintaining excellent performance no matter how many new protections are added.
Bypass Under Load: Maintain high network performance, with the new ability to stop inspection of
traffic when the gateway reaches user-defined memory or CPU thresholds. Inspection resumes
when the stress decreases.
Automatic Activation of Protections: Automatically manage protections or profiles based on policy
decisions, allowing easier creation of new profiles; predictable, consistent maintenance; and
update of protections and security policies. All protections received through the protection update
service can now be activated, deactivated or put in detect-only mode automatically, according to
the same policy decisions defined for the profile. Protections can also be automatically activated
based on user-defined criteria such as threat severity, estimated impact on performance, and
confidence indexing.
Network Exceptions: Exclude any source, destination, service or gateway from IPS inspection, for
any specific protections or from all protections.
Intuitive Information Access Points: Directly access any SmartView Tracker log from the protection
that generated it and link back to IPS. Easily create an exception to a specific protection based on
a log or set the protection to Detect.
Packet Capture: Added ability to save identified packets for forensics and analysis.
Protections Browser: The Protections Browser provides a central view of all protections and the
capability to quickly find, view or modify protection activation settings, globally or per profile. Find
any protection by name, CVE number, protocol, severity or any other parameter.
Check Point Security Gateways are comprehensive security solutions that deliver industry-leading
performance, threat coverage, and value on a flexible Check Point Software Blade architecture.
With Software Blades, Security Gateways can be optimized to provide simple, flexible, extensible,
and manageable security for deployments ranging in size from small branch offices to large
enterprises to datacenters.
A software blade is a logical security building block that is independent, modular, and centrally
managed. Software Blades can be quickly enabled and configured into a solution based on specific
business needs. And as needs evolve, additional blades can be quickly activated to extend security
to an existing configuration within the same hardware foundation.
Check Point Software Blades include Firewall, VPN, IPS, Web Security, Anti-Virus and
Anti-Malware, URL Filtering, Messaging Security, Acceleration and Clustering, Advanced
Networking, Network Policy Management, End Policy Management, Logging and Status,
Monitoring, Management Portal, User Directory, Provisioning, Reporting, and Event Correlation.
Software Blades can be deployed on Check Point UTM-1 and Power-1 appliances, partner
appliances, open servers, and within virtualized environments. New blades can be added by simply
enabling their functionality in software; no additional hardware, firmware or drivers are necessary.
This enables organizations to deploy security dynamically, as needed, with lower total cost of
deployment.
More information about Software Blades can be found at:
http://www.checkpoint.com/products/softwareblades/architecture/index.html
IPS
New IPS engine: R70 introduces a new multi-tier inspection engine, delivering:
• Excellent security capabilities for detection and prevention of known and unknown, client
and server attacks.
• Application controls for Peer-To-Peer, Instant Messaging and many other applications.
• On-going update services covering Microsoft Patch Tuesday and many other applications.
• Admin workflow and tools that allow simple management and deployment of IPS
capabilities.
Blazing Fast Performance: Introducing a completely new IPS enforcement architecture that allows
up to 10 Gbps IPS throughput. Even when all protections are activated throughput remains above
2.2 Gbps.
Signature Matching Engine: New signature matching engine provides faster release of new updates,
while maintaining excellent performance no matter how many new protections are added.
Bypass Under Load: Maintain high network performance, with the new ability to stop inspection of
traffic when the gateway reaches user-defined memory or CPU thresholds. Inspection resumes
when the stress decreases.
Automatic Activation of Protections: Automatically manage protections or profiles based on policy
decisions, allowing easier creation of new profiles; predictable, consistent maintenance; and
update of protections and security policies. All protections received through the protection update
service can now be activated, deactivated or put in detect-only mode automatically, according to
the same policy decisions defined for the profile. Protections can also be automatically activated
based on user-defined criteria such as threat severity, estimated impact on performance, and
confidence indexing.
Network Exceptions: Exclude any source, destination, service or gateway from IPS inspection, for
any specific protections or from all protections.
Intuitive Information Access Points: Directly access any SmartView Tracker log from the protection
that generated it and link back to IPS. Easily create an exception to a specific protection based on
a log or set the protection to Detect.
Packet Capture: Added ability to save identified packets for forensics and analysis.
Protections Browser: The Protections Browser provides a central view of all protections and the
capability to quickly find, view or modify protection activation settings, globally or per profile. Find
any protection by name, CVE number, protocol, severity or any other parameter.
Provisioning Software Blade
Check Point's Provisioning Software Blade provides an intuitive and easy interface to centrally
manage device configurations, such as operating system and network settings. Networking
configurations include DNS, hosts, domain, routing and interfaces settings.
Each provisioned device can be managed separately or associated with a provisioning profile, and
thus inherits all of the profile's settings. Each profile defines the gateway properties per profile
object - which represents multiple, unlimited gateways with similar properties and policies - rather
than per physical gateway. This means that time invested in each device can be minimized and
batch operations performed, thereby reducing administrative overhead.
A provisioning profile can define specific settings for networking, device management, and the
operating system. Common device settings include DNS, time zones, domain names and routing
data. Provisioning profiles can be applied to UTM-1, Power-1, SecurePlatform or UTM-1 Edge
appliances.
All devices managed fetch their assigned profiles from the centralized management server. If the
fetched profile differs from the previous profile, the device is updated with the changes. Thus, one
profile is able to update potentially hundreds and thousands of devices, each acquiring the new
common properties, while maintaining its own local settings.
manage device configurations, such as operating system and network settings. Networking
configurations include DNS, hosts, domain, routing and interfaces settings.
Each provisioned device can be managed separately or associated with a provisioning profile, and
thus inherits all of the profile's settings. Each profile defines the gateway properties per profile
object - which represents multiple, unlimited gateways with similar properties and policies - rather
than per physical gateway. This means that time invested in each device can be minimized and
batch operations performed, thereby reducing administrative overhead.
A provisioning profile can define specific settings for networking, device management, and the
operating system. Common device settings include DNS, time zones, domain names and routing
data. Provisioning profiles can be applied to UTM-1, Power-1, SecurePlatform or UTM-1 Edge
appliances.
All devices managed fetch their assigned profiles from the centralized management server. If the
fetched profile differs from the previous profile, the device is updated with the changes. Thus, one
profile is able to update potentially hundreds and thousands of devices, each acquiring the new
common properties, while maintaining its own local settings.
CoreXL
Multi-Core Performance Acceleration: SecurePlatform, IPSO 6, and Crossbeam support excellent
performance scalability across multiprocessing cores using CoreXL.
performance scalability across multiprocessing cores using CoreXL.
Performance Enhancements
Anti-Spoofing Enforcement Acceleration: Spoofed traffic is dropped, significantly improving the
performance of the gateway when handling spoofed traffic.
performance of the gateway when handling spoofed traffic.
Provider-1/SiteManager-1
New Migration Tool: Easily export CMAs from one MDS to another with the new R70 Migration Tool.
Enable automatic export and archive of CMAs, Security Management servers, or MGS global
database for migration.
High Availability Capabilities: New High Availability features make Load Sharing and Failover
deployments even more flexible and reliable.
• Cross-Platform High Availability: Add Provider-1 systems of one operating system to an existing
HA deployment of another.
• Multi-CMA High Availability: Include more than two CMAs per Customer (one primary CMA and
multiple secondary CMAs).
• Failure Recovery in High Availability Deployments: Recovery in many cases of a failed MDS in
a High Availability deployment.
Cross-CMA Search: Search across multiple CMA databases for defined Network objects (including
groups, Dynamic objects and Global objects) and for rules (including Global and implied rules) that
contain or affect a specified object.
Provider-1 Shell (P1Shell): New command line shell that enables Provider-1 administrators to run
commands in both MDS and CMA environments - without root permissions.
IPS in Global Policy: When a Global Policy is assigned, CMAs receive the global IPS profiles
contained in the Global Policy. Global profiles can be specifically assigned to individual gateways.
New Migration Tool: Easily export CMAs from one MDS to another with the new R70 Migration Tool.
Enable automatic export and archive of CMAs, Security Management servers, or MGS global
database for migration.
High Availability Capabilities: New High Availability features make Load Sharing and Failover
deployments even more flexible and reliable.
• Cross-Platform High Availability: Add Provider-1 systems of one operating system to an existing
HA deployment of another.
• Multi-CMA High Availability: Include more than two CMAs per Customer (one primary CMA and
multiple secondary CMAs).
• Failure Recovery in High Availability Deployments: Recovery in many cases of a failed MDS in
a High Availability deployment.
Cross-CMA Search: Search across multiple CMA databases for defined Network objects (including
groups, Dynamic objects and Global objects) and for rules (including Global and implied rules) that
contain or affect a specified object.
Provider-1 Shell (P1Shell): New command line shell that enables Provider-1 administrators to run
commands in both MDS and CMA environments - without root permissions.
IPS in Global Policy: When a Global Policy is assigned, CMAs receive the global IPS profiles
contained in the Global Policy. Global profiles can be specifically assigned to individual gateways.
Endpoint Connect VPN Client
R70 supports Endpoint Connect: Check Point’s new lightweight remote access client, providing
seamless, secure (IPSec) VPN connectivity to corporate resources.
Eventia Suite
R70 supports the Eventia Suite on VMware ESX server version 3.5.
SecurePlatform
R70 includes the latest enhancements to SecurePlatform and SecurePlatform Pro operating
systems. This release of SecurePlatform supports a large variety of hardware, including open
servers, network cards and RAID controllers. A comprehensive list of certified hardware can be
found at:
http://www.checkpoint.com/products/supported_platforms/secureplatform.html
R70 supports Endpoint Connect: Check Point’s new lightweight remote access client, providing
seamless, secure (IPSec) VPN connectivity to corporate resources.
Eventia Suite
R70 supports the Eventia Suite on VMware ESX server version 3.5.
SecurePlatform
R70 includes the latest enhancements to SecurePlatform and SecurePlatform Pro operating
systems. This release of SecurePlatform supports a large variety of hardware, including open
servers, network cards and RAID controllers. A comprehensive list of certified hardware can be
found at:
http://www.checkpoint.com/products/supported_platforms/secureplatform.html
What's new in R70.1
Quality Improvements
Check Point Suite R70.1 delivers significant improvements in quality and resolves issues from R70
and previous releases. For a list of resolved issues, see sk42333 at
http://supportcontent.checkpoint.com/solutions?id=sk42333.
Check Point Suite R70.1 delivers significant improvements in quality and resolves issues from R70
and previous releases. For a list of resolved issues, see sk42333 at
http://supportcontent.checkpoint.com/solutions?id=sk42333.
SmartWorkflow Blade
SmartWorkflow is a full-featured security policy change management solution incorporated into the
Security Management Server and Provider-1 environments.
• SmartWorkflow sessions allow administrators to work with discrete sets of proposed changes to
the network security configuration.
• Comprehensive audit features allow administrators to track, control, and analyze changes to the
network security configuration as follows:
• New or modified elements are highlighted in the SmartDashboard object tree and Rule
Base.
• The Session Information window documents specific changes and provides justification for
these actions.
• Audit logs provide detailed information regarding all changes and can be viewed in
SmartView Tracker.
• The Change Summary Report provides a list of changes made to the Rule Base and
Network objects.
• The Compare Policies feature provides a comparison between the installed policy and the
currently defined policy or between selected policy versions.
• Role segregation, with separate administrator and manager roles, ensures that proposed
changes are approved by authorized managers prior to implementation and that only authorized
managers can configure SmartWorkflow properties. This feature is optional.
• SmartWorkflow contains a user-friendly toolbar, menu, and other convenient user interface
elements that make it easy to learn and use.
For detailed information on SmartWorkflow, see the R70.1 SmartWorkflow Blade Administration
Guide at:
http://supportcontent.checkpoint.com/documentation_download?ID=10069
Hardware Health Monitoring Capabilities
• RAID Health: Monitor the health of the disks in the RAID array, and be notified of the states of
the volumes and disks in Check Point appliances. The information is available via SNMP.
•Sensors: Monitor fan speed, voltages, and temperatures on the hardware. The information is
available via SNMP and, for Check Point appliances, also via the SecurePlatform Web
interface.
For more information see the Hardware Health Monitoring for R70.1 Appliances and Open Servers
Administration Guide at http://supportcontent.checkpoint.com/documentation_download?ID=8650
Remote Deployment Tool
The Remote Deployment tool enables deployment of Power-1 and UTM-1 appliances in branch
offices or any location that is not accessible by the security or network administrator. The Remote
Deployment tool consists of a USB key that includes a simple configuration file for the installation
process. Once the USB key is inserted into the appliance and the appliance is turned on, the
appliance reads configuration information that enables it to be deployed remotely.
For more information see the Remote Deployment Tool R70.1 Administration Guide at:
http://supportcontent.checkpoint.com/documentation_download?ID=10098
Enhanced LCD Panel Menus
Configure the management IP address, netmask, and default gateway of the Check Point appliance
directly from the front panel. The appliance can also be rebooted from the front panel.
For more information see “Managing Check Point Appliances Using the LCD Panel” on page 16.
Link Aggregation is Now Available on SecurePlatform
Link Aggregation (also known as NIC teaming) involves bonding multiple network interfaces on a
Security Gateway. The Load Sharing mode of Link Aggregation can significantly increase total
throughput by supplying load sharing, in addition to high availability. All interfaces are active, and
connections are balanced between the bond’s interfaces. Connections are balanced according to
network layers three and four, and follow either the IEEE 802.3ad standard or XOR.
For more information see the ClusterXL R70.1 Administration Guide at:
http://supportcontent.checkpoint.com/documentation_download?ID=10068
Security Management Enhancements
New Security Management enhancements have been added based on requests from our valued
customers. The features are:
• Quick Add Object - Allows you to easily find and insert objects into the Security Rule Base
• Where Used > Go To - Allows you to jump from the Where Used window to the locations it
references.
• Easily View Group Members - When hovering over a Group in the Rule Base, a tooltip displays
the Group members.
• Extended Clone Functionality - The Clone functionality, which allows creating a new object
based on an existing one, is extended to include Services, IP ranges, Group objects, etc.
• Read Only State for Object Properties - In numerous key fields of the object properties it is now
possible to copy the text of the fields while in ‘Read-only’ state.
• Delete Multiple Database Versions - While in the Database Revision Control window, it is
possible to select multiple Database Versions and delete them at once.
For details see sk42042 at http://supportcontent.checkpoint.com/solutions?id=sk42042.
URL Filtering Enhancements
This release improves the coverage and performance of Check Point’s URL Filtering engine,
focusing on hazardous and malicious websites.
Total Security customers that enable URL Filtering do not necessarily have to install this release,
but it is recommended for improved URL Filtering results.
Important - During installation of the new URL Filtering engine, no default database is installed;
therefore, the URL Filtering policy is not enforced until a signature update is performed. The first
update may take several minutes, depending on your environment. Subsequent updates should
take significantly less time, as only incremental information is downloaded.
Eventia on VMware ESX Server
Beginning with Check Point Suite R70, the Eventia Suite is supported on VMware ESX server
version 3.5.
What's new in R70.20
Event Correlation & IPS Event Analysis Software Blades Update
New Real Time Views & Simplified Events Processing
Timeline View - See real-time information, trends, and anomalies at a glance with security events
displayed graphically to clearly represent the number, time, and severity of events.
Charts View - View event statistics in a variety of charts, including bar and pie charts.
Maps View - Geolocate an event source or destination IP on a world map. Maps can be color coded
to highlight relevant countries and can be expanded.
Export Event Data - Export sorted, filtered and grouped event data to a comma-delimited text file for
further analysis using external applications, such as a spreadsheet or text editor.
Eventia ClientInfo - Provides comprehensive information about a Windows machine's configuration,
including hardware and Operating System details, processes, services, software installed, and
Microsoft Security Patches installed. Helps you determine whether an attack related to Microsoft
software is likely to affect the target machine.
Real-Time Analysis & Action
Group By - Focus on the most important events and compact the event list by grouping events
based on event name, source, destination, or any other field.
New Event Search - New search field allows you to enter any text that can appear in any event field,
and displays only matching events.
Forensics - Drill down from the “big picture” to events, then use advanced filtering / search / group /
sort to go deeper, and finally go to raw logs / packet capture to understand exactly what happened.
Workflow
Ticketing - Use ticketing workflow to assign events to administrators.
IPS Specific
Improved Overview Page - New dashboard interface with IPS critical information.
Detailed hourly, weekly and monthly reports focusing on IPS events.
Share IPS Event & Packet Capture with Check Point Security Research Team.
Reporting Blade Updates
Numerous new Standard and Express reports for easy compliance with ISO 17799, COBIT, PCI-DSS,
SOX, and HIPAA standards.
URL Filtering activity report analyzes Web filtering activity by user, URL category, source, and more.
Improved Endpoint Security reports.
IPS Software Blade Update
Improved Source IP Information - Logs now include the original IP addresses of proxied connections.
Automatic packet capture on the first instance of any protection to help administrators analyze IPS
events.
Improved confidence level for many protections, primarily for DCE-RPC - Allows you to ignore the noise
and focus on the real threats.
Logs now include information about types of Web browsers and server.
Geo Protection - New protection category that allows you to control traffic based on the source or
destination country. You can define a policy for specific countries, and a policy that applies to all other
countries.
Note - To use Geo Protection, you must have:
A Software Blade license for each Security Gateway that
enforces Geo Protection, and for the Security Management
Server.
A valid IPS contract.
Logging & Status Software Blade Update
Identity Logging - Inserts user and computer names into Check Point logs by retrieving the information
from Active Directory Domain Controllers. No special configuration or agent installation is required on
the Domain Controllers themselves.
Note - To use Identity Logging, you must have a license for the
Logging and Status Software Blade installed on the Security
Management Server or Provider-1 MDS.
Multi-Core Licensing
R70.20 allows you to install a software license for the number of cores you plan to use, rather than the
number of physical cores on the open server.
What's New in R70.30
Non-English regional formats are now supported in the map visualization features of SmartDashboard
IPS Event Analysis and Eventia Analyzer.
SmartWorkflow reports can now be viewed in Windows 7.
It is now possible to use the SSL Network Extender client to access internal resources behind the
Security Gateway, using a client digital certificate that is signed by a subordinate CA. The certificate
need not be directly signed by a trusted CA. For example, the certificate can be signed by a CA that
belongs to the organization itself, which is in turn signed by a trusted root CA.
What's New in R70.40
The R70.40 Security Management Server supports:
Security Gateway 80 gateways for centrally managed branch offices
UTM-1 Edge N Series and Embedded NGX 8.1 Release gateways
Enhanced vsx_util command for improved user experience and additional functionality
Provisioning of IPSO 6.2 IP appliances using SmartProvisioning
Security Gateway 80
Check Point's Security Gateway 80 delivers integrated unified threat management to protect your
organization from today's emerging threats. Based on proven Check Point security technologies such as
Stateful Inspection, Application Intelligence, and SMART (Security Management Architecture), Security
Gateway 80 provides simplified deployment while delivering uncompromising levels of security.
Security Gateway 80 supports the Check Point Software Blade architecture, providing independent, modular
and centrally managed security building blocks. Software Blades can be quickly enabled and configured into
a solution based on specific security needs.
What's New in R71
Check Point R71 is based on the Software Blades Architecture.
Resume
Data Loss Prevention Software Blade
Check Point Revolutionizes the DLP Market by moving from Detection to Prevention of Data Loss
Incidents.
Prevents loss of critical business information.
Combines technology and processes to make DLP work.
Easy deployment for immediate data loss prevention.
SSL VPN Software Blade
New integrated SSL VPN Software Blade secures remote workers anywhere, while delivering flexible,
easy-to-use, and layered protection.
Lower the cost and complexity of managing remote access by simply adding the SSL VPN blade to
your existing Check Point gateway.
Increase productivity with easy Web-based remote access.
Raise network and remote endpoint security levels with multi-layered protection allowing services
such as IPS and Anti-Virus for remote access connections.
Raising the Bar on UTM-1 Appliances & UTM Features Performance
UTM-1 appliances provide enhanced Firewall & IPS performance featuring patented SecureXL
Technology available at no extra cost:
Up to 4 times Firewall Throughput improvement.
Up to 3 times IPS Throughput improvement.
Up to 4 times connection/sec rate improvement.
New Streaming architecture available with Anti-Virus & URL Filtering Software Blades provides
performance boost for UTM features:
Up to 15 times Anti-Virus Throughput improvement.
Up to 80 times Anti-Virus & URL Filtering connection capacity improvement.
IPS Manageability
IPS-1 Sensors can now be managed from Security Management server / Provider-1.
Update IPS Protections automatically according to a pre-defined schedule.
Management Enhancements
Various improvements in the Management Blades deployment (for example, the ability to install a
Security Management server on Windows with DHCP), usability enhancements, and new features (such
as Firewall Rule Expiration).
IPSec VPN Enhancements
Continuing Check Point leadership in Enterprise class VPN solutions, this release includes multiple
enhancements important for large network configurations and for customers interested in new VPN
standards (such as IKEv2).
New Terms
The following product and technology names have changed for this version.
Name Before R71 Name Starting with R71
Eventia Analyzer SmartEvent
Eventia Reporter SmartReporter
IPS Event Analysis SmartEvent Intro
Data Loss Prevention Software Blade
Data Loss Prevention (DLP) is an innovative solution for practical data loss prevention:
Prevents data leakage of critical business information
Stops users from sending or uploading sensitive information outside of the organization.
Network-based solution prevents breach of corporate data sharing policies – intentional or unintentional.
Provides easy compliance with data protection standards (such as PCI-DSS, HIPPA, GLBA, SOX).
Combines technology and processes to make DLP work
Innovative MultiSpect
TM data classification engine combines users, content and process into accurate
decisions.
New UserCheckTM technology empowers users to remediate incidents in real time.
Self-educating system – Does not require IT/security personnel for incident handling, while educating
the users on proper data sharing policies.
Easy deployment for immediate data loss prevention
Implement a preventative DLP solution on your existing gateway in less than one day.
Leverage over 250 pre-defined policies to create your own policy without the need for costly professional
services.
Get better control and auditing capabilities with centralized security management.
For more information about Data Loss Prevention, see the R71 DLP Release Notes
(http://supportcontent.checkpoint.com/documentation_download?ID=10774).
SSL VPN Software Blade
New integrated SSL VPN Software Blade secures remote workers anywhere, while delivering flexible, ease-
to-use and layered protection.
Lower the cost and complexity of managing remote access
Efficiently manage and protect your existing investment with the simple add-on remote access blade.
Eliminate the need to acquire dedicated gateways, clients, or third party authentication.
Set up in just two steps and easily administrate from a unified intuitive interface.
Increase productivity with easy Web-based remote access
Minimize user interruption for a large range of applications.
Easily sign in with built-in Single-Sign-On (SSO)
Gain immediate secure access for a large user base during a disaster.
Raise network and remote endpoint security levels with multi-layered
protection
Ensures in-depth security with integrated IPS, Anti-Virus and Anti-Malware.
Easily control and manage remote access for a range of users: employees, partners, and contractors.
Secure and minimize risk from known and unknown endpoints with a variety of protections.
For more information, see the R71 SSL VPN Administration Guide
(http://supportcontent.checkpoint.com/documentation_download?ID=10322).
UTM Service Performance Boost
Check Point R71 offers a dramatic increase to the performance of both the Anti-Virus (AV) and URL Filtering
software service blades.
The Check Point AV blade offers a new AV detection mode, Stream Detection Mode. With this mode,
which uses frequently updated state-of-the-art virus signatures, Anti-Virus performance is significantly
improved because traffic is scanned for viruses without storing entire files.
The Check Point URL Filtering Blade offers significant performance improvements. Connections
are now handled in kernel space and not folded into the Security Servers. URL Filtering performance figures
are significantly improved, as traffic is not interrupted while resolving the URL Filtering category.
Integrated Management Blade for IPS-1
Check Point R71 provides central management for IPS that lets you:
Manage R71 IPS-1 sensors using SmartConsole applications such as SmartDashboard
Manage IPS-1 Protections with an IPS policy
Improve performance for IPS protection management
Install an IPS Policy specifically tuned for IPS-1 protections
Update IPS protections according to a defined schedule
IPSec VPN Enhancements
Load Sharing Mode for VPN Traffic
Enables distributing VPN traffic among the available links between local and peer gateways.
Service Based Link Selection
Provides the ability to use different links for services that require different level of QoS. Administrators
control outgoing VPN traffic and bandwidth use by assigning a service or a group of services to a specific
interface for outgoing VPN routing decisions. Links availability and backup links are fully supported.
Trusted Links
Ability to define an interface as trusted for VPN traffic, where encryption is not required. Traffic routed
through this interface is sent in the clear. A trusted link is handled the same as any other VPN link, thus
enabling mixed MPLS/Internet environments.
IKEv2
IKEv2 Protocol is now available for VPN.
Enhanced Protection against IKE DOS attacks
New configuration exists for protection against IKE DOS attacks by authenticated peers.
Multiple Certificates Per Certificate Authority (CA)
Multiple signing certificates for a CA enable the administrator to expire a “CA Certificate” which invalidates
all certificates signed by this CA, alleviating the need for coordinating long Certificate Revocation Lists
(CRLs).
Multicast IPSec
A Multicast VPN solution that efficiently send multicast data through designated sender gateways (by VPN)
to hosts behind multiple listener gateways.
SmartEvent (formerly Eventia) Enhancements
Improved performance in the event correlation engine dramatically increases log correlation capacity.
Pre-defined event timelines, queries and rules for the DLP blade.
SmartEvent Intro for DLP provides centralized, real-time, security event correlation and management for
the DLP blade.
Improved Provider-1 Import and Export
Provider-1 now supports the export and import of a whole MDS machine,
Improved export and import of single CMA
For more information, see the R71 Installation and Upgrade Guide
(http://supportcontent.checkpoint.com/documentation_download?ID=10327).
New SmartLSM Clustering
SmartLSM Profile Security Clusters can now manage fully synchronized Check Point clusters.
For more information, see the R71 SmartProvisioning Administration Guide
(http://supportcontent.checkpoint.com/documentation_download?ID=10317).
Security Management Enhancements
Security Management Servers with Dynamic IPs
You can now install and use a Security Management Server on a Windows machine with a DHCP interface.
See the R71 Security Management Administration Guide
(http://supportcontent.checkpoint.com/documentation_download?ID=10315) for more information.
Firewall Rule Expiration
Rules in the Security Rule Base can now be made "temporary" by adding a time limit. The firewall rule is
enforced over a specific time period. The new time period settings are part of the Time Properties object of
each rule, with Activate On and Expire On fields for granular control. In addition:
In SmartDashboard, Temporary Rules and Expired rules are marked by new clocked-shaped icons.
Rule expiration can be added to existing rules, or created as an independent object and applied to
multiple rules.
New filtering options enable you to quickly find in the SmartDashboard Security Rule Base all temporary
rules, or only those rules that have expired.
Automatic Deletion of Old Database Versions
In the Database Revision Control window, you can now configure one of four options to automatically
delete database versions.
This feature comes with the ability to specify that a certain version should never be automatically
deleted.
SmartWorkflow versions are not affected by this feature. They are neither counted nor deleted.
Object Management Improvements
Light filtering and undocking the Objects List
Filtering objects by any of the fields displayed in the Objects List
Filtering objects on the fly while typing the text
Easy switching between the object types: Network Objects, Services, Users, etc.
Undocking the Objects List view
New-style object selectors in SmartDashboard - additional details appear for each object and filtering
capabilities have been added.
New-style editor for the Group’s properties - additional details appear for each group member, filtering
capabilities have been added and the window can now be resized.
Grouping selected objects in SmartDashboard - it is possible to create a group by selecting objects in
the Rule Base, Objects Tree and Objects List.
Other Security Management Enhancements
Default access mode configuration for SmartDashboard - administrators can now configure the default
mode (Read Only / Read Write) when accessing the Security Management server with
SmartDashboard.
SmartView Tracker queries by username - administrators can specify whether the text in the filter will be
case-sensitive or not.
Check Point Appliance Enhancements
Jumbo Frames Support for Power-1
Power-1 appliances now support "Jumbo Frames," which are Ethernet packets larger than 1500 bytes. To
utilize jumbo frames, use the Web User Interface or sysconfig to configure the required MTU for the
network interface.
Hardware Health Monitoring for Smart-1
Sensors monitor fan speed, motherboard voltages and temperatures on the Smart-1 hardware. The
information is available via SNMP and the SecurePlatform Web interface.
For more information, see Hardware Health Monitoring in the R71 SecurePlatform Administration Guide
(http://supportcontent.checkpoint.com/documentation_download?ID=10313).
What's New in R71.10
Abra is now supported on all Security Gateway platforms.
SSL VPN now supports Outlook Web Access version 2010 in addition to versions 2000, 2003 SP1, and
2007. Outlook Web Access (OWA) is a Web-based mail service, with the look, feel and functionality of
Microsoft Outlook.
Enabling the R71 SSL VPN Blade causes a Firewall access control issue. Installing R71.10 on both the
Security Management server and the gateway is mandatory to resolve this issue.
What's New in R71.20
Central management for Series 80 Appliances
Installation of Security Management Server on Microsoft Windows 7
Central management for UTM-1 Edge N Series and Embedded NGX 8.1 gateways
Provisioning of IPSO 6.2 IP appliances using SmartProvisioning
Enhanced vsx_util command for improved user experience and additional functionality
What's New in R71.20 DLP
You can customize the Email and UserCheck Notification text. You can use variables to automatically fill
in details of the incident.
You can customize the language for the DLP portal, email notifications, and UserCheck client and
notifications.
R71.10 DLP introduced Japanese support. In addition, R71.20 DLP introduces these languages:
• SmartWorkflow sessions allow administrators to work with discrete sets of proposed changes to
the network security configuration.
• Comprehensive audit features allow administrators to track, control, and analyze changes to the
network security configuration as follows:
• New or modified elements are highlighted in the SmartDashboard object tree and Rule
Base.
• The Session Information window documents specific changes and provides justification for
these actions.
• Audit logs provide detailed information regarding all changes and can be viewed in
SmartView Tracker.
• The Change Summary Report provides a list of changes made to the Rule Base and
Network objects.
• The Compare Policies feature provides a comparison between the installed policy and the
currently defined policy or between selected policy versions.
• Role segregation, with separate administrator and manager roles, ensures that proposed
changes are approved by authorized managers prior to implementation and that only authorized
managers can configure SmartWorkflow properties. This feature is optional.
• SmartWorkflow contains a user-friendly toolbar, menu, and other convenient user interface
elements that make it easy to learn and use.
For detailed information on SmartWorkflow, see the R70.1 SmartWorkflow Blade Administration
Guide at:
http://supportcontent.checkpoint.com/documentation_download?ID=10069
Hardware Health Monitoring Capabilities
• RAID Health: Monitor the health of the disks in the RAID array, and be notified of the states of
the volumes and disks in Check Point appliances. The information is available via SNMP.
•Sensors: Monitor fan speed, voltages, and temperatures on the hardware. The information is
available via SNMP and, for Check Point appliances, also via the SecurePlatform Web
interface.
For more information see the Hardware Health Monitoring for R70.1 Appliances and Open Servers
Administration Guide at http://supportcontent.checkpoint.com/documentation_download?ID=8650
Remote Deployment Tool
The Remote Deployment tool enables deployment of Power-1 and UTM-1 appliances in branch
offices or any location that is not accessible by the security or network administrator. The Remote
Deployment tool consists of a USB key that includes a simple configuration file for the installation
process. Once the USB key is inserted into the appliance and the appliance is turned on, the
appliance reads configuration information that enables it to be deployed remotely.
For more information see the Remote Deployment Tool R70.1 Administration Guide at:
http://supportcontent.checkpoint.com/documentation_download?ID=10098
Enhanced LCD Panel Menus
Configure the management IP address, netmask, and default gateway of the Check Point appliance
directly from the front panel. The appliance can also be rebooted from the front panel.
For more information see “Managing Check Point Appliances Using the LCD Panel” on page 16.
Link Aggregation is Now Available on SecurePlatform
Link Aggregation (also known as NIC teaming) involves bonding multiple network interfaces on a
Security Gateway. The Load Sharing mode of Link Aggregation can significantly increase total
throughput by supplying load sharing, in addition to high availability. All interfaces are active, and
connections are balanced between the bond’s interfaces. Connections are balanced according to
network layers three and four, and follow either the IEEE 802.3ad standard or XOR.
For more information see the ClusterXL R70.1 Administration Guide at:
http://supportcontent.checkpoint.com/documentation_download?ID=10068
Security Management Enhancements
New Security Management enhancements have been added based on requests from our valued
customers. The features are:
• Quick Add Object - Allows you to easily find and insert objects into the Security Rule Base
• Where Used > Go To - Allows you to jump from the Where Used window to the locations it
references.
• Easily View Group Members - When hovering over a Group in the Rule Base, a tooltip displays
the Group members.
• Extended Clone Functionality - The Clone functionality, which allows creating a new object
based on an existing one, is extended to include Services, IP ranges, Group objects, etc.
• Read Only State for Object Properties - In numerous key fields of the object properties it is now
possible to copy the text of the fields while in ‘Read-only’ state.
• Delete Multiple Database Versions - While in the Database Revision Control window, it is
possible to select multiple Database Versions and delete them at once.
For details see sk42042 at http://supportcontent.checkpoint.com/solutions?id=sk42042.
URL Filtering Enhancements
This release improves the coverage and performance of Check Point’s URL Filtering engine,
focusing on hazardous and malicious websites.
Total Security customers that enable URL Filtering do not necessarily have to install this release,
but it is recommended for improved URL Filtering results.
Important - During installation of the new URL Filtering engine, no default database is installed;
therefore, the URL Filtering policy is not enforced until a signature update is performed. The first
update may take several minutes, depending on your environment. Subsequent updates should
take significantly less time, as only incremental information is downloaded.
Eventia on VMware ESX Server
Beginning with Check Point Suite R70, the Eventia Suite is supported on VMware ESX server
version 3.5.
What's new in R70.20
Event Correlation & IPS Event Analysis Software Blades Update
New Real Time Views & Simplified Events Processing
Timeline View - See real-time information, trends, and anomalies at a glance with security events
displayed graphically to clearly represent the number, time, and severity of events.
Charts View - View event statistics in a variety of charts, including bar and pie charts.
Maps View - Geolocate an event source or destination IP on a world map. Maps can be color coded
to highlight relevant countries and can be expanded.
Export Event Data - Export sorted, filtered and grouped event data to a comma-delimited text file for
further analysis using external applications, such as a spreadsheet or text editor.
Eventia ClientInfo - Provides comprehensive information about a Windows machine's configuration,
including hardware and Operating System details, processes, services, software installed, and
Microsoft Security Patches installed. Helps you determine whether an attack related to Microsoft
software is likely to affect the target machine.
Real-Time Analysis & Action
Group By - Focus on the most important events and compact the event list by grouping events
based on event name, source, destination, or any other field.
New Event Search - New search field allows you to enter any text that can appear in any event field,
and displays only matching events.
Forensics - Drill down from the “big picture” to events, then use advanced filtering / search / group /
sort to go deeper, and finally go to raw logs / packet capture to understand exactly what happened.
Workflow
Ticketing - Use ticketing workflow to assign events to administrators.
IPS Specific
Improved Overview Page - New dashboard interface with IPS critical information.
Detailed hourly, weekly and monthly reports focusing on IPS events.
Share IPS Event & Packet Capture with Check Point Security Research Team.
Reporting Blade Updates
Numerous new Standard and Express reports for easy compliance with ISO 17799, COBIT, PCI-DSS,
SOX, and HIPAA standards.
URL Filtering activity report analyzes Web filtering activity by user, URL category, source, and more.
Improved Endpoint Security reports.
IPS Software Blade Update
Improved Source IP Information - Logs now include the original IP addresses of proxied connections.
Automatic packet capture on the first instance of any protection to help administrators analyze IPS
events.
Improved confidence level for many protections, primarily for DCE-RPC - Allows you to ignore the noise
and focus on the real threats.
Logs now include information about types of Web browsers and server.
Geo Protection - New protection category that allows you to control traffic based on the source or
destination country. You can define a policy for specific countries, and a policy that applies to all other
countries.
Note - To use Geo Protection, you must have:
A Software Blade license for each Security Gateway that
enforces Geo Protection, and for the Security Management
Server.
A valid IPS contract.
Logging & Status Software Blade Update
Identity Logging - Inserts user and computer names into Check Point logs by retrieving the information
from Active Directory Domain Controllers. No special configuration or agent installation is required on
the Domain Controllers themselves.
Note - To use Identity Logging, you must have a license for the
Logging and Status Software Blade installed on the Security
Management Server or Provider-1 MDS.
Multi-Core Licensing
R70.20 allows you to install a software license for the number of cores you plan to use, rather than the
number of physical cores on the open server.
What's New in R70.30
Non-English regional formats are now supported in the map visualization features of SmartDashboard
IPS Event Analysis and Eventia Analyzer.
SmartWorkflow reports can now be viewed in Windows 7.
It is now possible to use the SSL Network Extender client to access internal resources behind the
Security Gateway, using a client digital certificate that is signed by a subordinate CA. The certificate
need not be directly signed by a trusted CA. For example, the certificate can be signed by a CA that
belongs to the organization itself, which is in turn signed by a trusted root CA.
What's New in R70.40
The R70.40 Security Management Server supports:
Security Gateway 80 gateways for centrally managed branch offices
UTM-1 Edge N Series and Embedded NGX 8.1 Release gateways
Enhanced vsx_util command for improved user experience and additional functionality
Provisioning of IPSO 6.2 IP appliances using SmartProvisioning
Security Gateway 80
Check Point's Security Gateway 80 delivers integrated unified threat management to protect your
organization from today's emerging threats. Based on proven Check Point security technologies such as
Stateful Inspection, Application Intelligence, and SMART (Security Management Architecture), Security
Gateway 80 provides simplified deployment while delivering uncompromising levels of security.
Security Gateway 80 supports the Check Point Software Blade architecture, providing independent, modular
and centrally managed security building blocks. Software Blades can be quickly enabled and configured into
a solution based on specific security needs.
What's New in R71
Check Point R71 is based on the Software Blades Architecture.
Resume
Data Loss Prevention Software Blade
Check Point Revolutionizes the DLP Market by moving from Detection to Prevention of Data Loss
Incidents.
Prevents loss of critical business information.
Combines technology and processes to make DLP work.
Easy deployment for immediate data loss prevention.
SSL VPN Software Blade
New integrated SSL VPN Software Blade secures remote workers anywhere, while delivering flexible,
easy-to-use, and layered protection.
Lower the cost and complexity of managing remote access by simply adding the SSL VPN blade to
your existing Check Point gateway.
Increase productivity with easy Web-based remote access.
Raise network and remote endpoint security levels with multi-layered protection allowing services
such as IPS and Anti-Virus for remote access connections.
Raising the Bar on UTM-1 Appliances & UTM Features Performance
UTM-1 appliances provide enhanced Firewall & IPS performance featuring patented SecureXL
Technology available at no extra cost:
Up to 4 times Firewall Throughput improvement.
Up to 3 times IPS Throughput improvement.
Up to 4 times connection/sec rate improvement.
New Streaming architecture available with Anti-Virus & URL Filtering Software Blades provides
performance boost for UTM features:
Up to 15 times Anti-Virus Throughput improvement.
Up to 80 times Anti-Virus & URL Filtering connection capacity improvement.
IPS Manageability
IPS-1 Sensors can now be managed from Security Management server / Provider-1.
Update IPS Protections automatically according to a pre-defined schedule.
Management Enhancements
Various improvements in the Management Blades deployment (for example, the ability to install a
Security Management server on Windows with DHCP), usability enhancements, and new features (such
as Firewall Rule Expiration).
IPSec VPN Enhancements
Continuing Check Point leadership in Enterprise class VPN solutions, this release includes multiple
enhancements important for large network configurations and for customers interested in new VPN
standards (such as IKEv2).
New Terms
The following product and technology names have changed for this version.
Name Before R71 Name Starting with R71
Eventia Analyzer SmartEvent
Eventia Reporter SmartReporter
IPS Event Analysis SmartEvent Intro
Data Loss Prevention Software Blade
Data Loss Prevention (DLP) is an innovative solution for practical data loss prevention:
Prevents data leakage of critical business information
Stops users from sending or uploading sensitive information outside of the organization.
Network-based solution prevents breach of corporate data sharing policies – intentional or unintentional.
Provides easy compliance with data protection standards (such as PCI-DSS, HIPPA, GLBA, SOX).
Combines technology and processes to make DLP work
Innovative MultiSpect
TM data classification engine combines users, content and process into accurate
decisions.
New UserCheckTM technology empowers users to remediate incidents in real time.
Self-educating system – Does not require IT/security personnel for incident handling, while educating
the users on proper data sharing policies.
Easy deployment for immediate data loss prevention
Implement a preventative DLP solution on your existing gateway in less than one day.
Leverage over 250 pre-defined policies to create your own policy without the need for costly professional
services.
Get better control and auditing capabilities with centralized security management.
For more information about Data Loss Prevention, see the R71 DLP Release Notes
(http://supportcontent.checkpoint.com/documentation_download?ID=10774).
SSL VPN Software Blade
New integrated SSL VPN Software Blade secures remote workers anywhere, while delivering flexible, ease-
to-use and layered protection.
Lower the cost and complexity of managing remote access
Efficiently manage and protect your existing investment with the simple add-on remote access blade.
Eliminate the need to acquire dedicated gateways, clients, or third party authentication.
Set up in just two steps and easily administrate from a unified intuitive interface.
Increase productivity with easy Web-based remote access
Minimize user interruption for a large range of applications.
Easily sign in with built-in Single-Sign-On (SSO)
Gain immediate secure access for a large user base during a disaster.
Raise network and remote endpoint security levels with multi-layered
protection
Ensures in-depth security with integrated IPS, Anti-Virus and Anti-Malware.
Easily control and manage remote access for a range of users: employees, partners, and contractors.
Secure and minimize risk from known and unknown endpoints with a variety of protections.
For more information, see the R71 SSL VPN Administration Guide
(http://supportcontent.checkpoint.com/documentation_download?ID=10322).
UTM Service Performance Boost
Check Point R71 offers a dramatic increase to the performance of both the Anti-Virus (AV) and URL Filtering
software service blades.
The Check Point AV blade offers a new AV detection mode, Stream Detection Mode. With this mode,
which uses frequently updated state-of-the-art virus signatures, Anti-Virus performance is significantly
improved because traffic is scanned for viruses without storing entire files.
The Check Point URL Filtering Blade offers significant performance improvements. Connections
are now handled in kernel space and not folded into the Security Servers. URL Filtering performance figures
are significantly improved, as traffic is not interrupted while resolving the URL Filtering category.
Integrated Management Blade for IPS-1
Check Point R71 provides central management for IPS that lets you:
Manage R71 IPS-1 sensors using SmartConsole applications such as SmartDashboard
Manage IPS-1 Protections with an IPS policy
Improve performance for IPS protection management
Install an IPS Policy specifically tuned for IPS-1 protections
Update IPS protections according to a defined schedule
IPSec VPN Enhancements
Load Sharing Mode for VPN Traffic
Enables distributing VPN traffic among the available links between local and peer gateways.
Service Based Link Selection
Provides the ability to use different links for services that require different level of QoS. Administrators
control outgoing VPN traffic and bandwidth use by assigning a service or a group of services to a specific
interface for outgoing VPN routing decisions. Links availability and backup links are fully supported.
Trusted Links
Ability to define an interface as trusted for VPN traffic, where encryption is not required. Traffic routed
through this interface is sent in the clear. A trusted link is handled the same as any other VPN link, thus
enabling mixed MPLS/Internet environments.
IKEv2
IKEv2 Protocol is now available for VPN.
Enhanced Protection against IKE DOS attacks
New configuration exists for protection against IKE DOS attacks by authenticated peers.
Multiple Certificates Per Certificate Authority (CA)
Multiple signing certificates for a CA enable the administrator to expire a “CA Certificate” which invalidates
all certificates signed by this CA, alleviating the need for coordinating long Certificate Revocation Lists
(CRLs).
Multicast IPSec
A Multicast VPN solution that efficiently send multicast data through designated sender gateways (by VPN)
to hosts behind multiple listener gateways.
SmartEvent (formerly Eventia) Enhancements
Improved performance in the event correlation engine dramatically increases log correlation capacity.
Pre-defined event timelines, queries and rules for the DLP blade.
SmartEvent Intro for DLP provides centralized, real-time, security event correlation and management for
the DLP blade.
Improved Provider-1 Import and Export
Provider-1 now supports the export and import of a whole MDS machine,
Improved export and import of single CMA
For more information, see the R71 Installation and Upgrade Guide
(http://supportcontent.checkpoint.com/documentation_download?ID=10327).
New SmartLSM Clustering
SmartLSM Profile Security Clusters can now manage fully synchronized Check Point clusters.
For more information, see the R71 SmartProvisioning Administration Guide
(http://supportcontent.checkpoint.com/documentation_download?ID=10317).
Security Management Enhancements
Security Management Servers with Dynamic IPs
You can now install and use a Security Management Server on a Windows machine with a DHCP interface.
See the R71 Security Management Administration Guide
(http://supportcontent.checkpoint.com/documentation_download?ID=10315) for more information.
Firewall Rule Expiration
Rules in the Security Rule Base can now be made "temporary" by adding a time limit. The firewall rule is
enforced over a specific time period. The new time period settings are part of the Time Properties object of
each rule, with Activate On and Expire On fields for granular control. In addition:
In SmartDashboard, Temporary Rules and Expired rules are marked by new clocked-shaped icons.
Rule expiration can be added to existing rules, or created as an independent object and applied to
multiple rules.
New filtering options enable you to quickly find in the SmartDashboard Security Rule Base all temporary
rules, or only those rules that have expired.
Automatic Deletion of Old Database Versions
In the Database Revision Control window, you can now configure one of four options to automatically
delete database versions.
This feature comes with the ability to specify that a certain version should never be automatically
deleted.
SmartWorkflow versions are not affected by this feature. They are neither counted nor deleted.
Object Management Improvements
Light filtering and undocking the Objects List
Filtering objects by any of the fields displayed in the Objects List
Filtering objects on the fly while typing the text
Easy switching between the object types: Network Objects, Services, Users, etc.
Undocking the Objects List view
New-style object selectors in SmartDashboard - additional details appear for each object and filtering
capabilities have been added.
New-style editor for the Group’s properties - additional details appear for each group member, filtering
capabilities have been added and the window can now be resized.
Grouping selected objects in SmartDashboard - it is possible to create a group by selecting objects in
the Rule Base, Objects Tree and Objects List.
Other Security Management Enhancements
Default access mode configuration for SmartDashboard - administrators can now configure the default
mode (Read Only / Read Write) when accessing the Security Management server with
SmartDashboard.
SmartView Tracker queries by username - administrators can specify whether the text in the filter will be
case-sensitive or not.
Check Point Appliance Enhancements
Jumbo Frames Support for Power-1
Power-1 appliances now support "Jumbo Frames," which are Ethernet packets larger than 1500 bytes. To
utilize jumbo frames, use the Web User Interface or sysconfig to configure the required MTU for the
network interface.
Hardware Health Monitoring for Smart-1
Sensors monitor fan speed, motherboard voltages and temperatures on the Smart-1 hardware. The
information is available via SNMP and the SecurePlatform Web interface.
For more information, see Hardware Health Monitoring in the R71 SecurePlatform Administration Guide
(http://supportcontent.checkpoint.com/documentation_download?ID=10313).
What's New in R71.10
Abra is now supported on all Security Gateway platforms.
SSL VPN now supports Outlook Web Access version 2010 in addition to versions 2000, 2003 SP1, and
2007. Outlook Web Access (OWA) is a Web-based mail service, with the look, feel and functionality of
Microsoft Outlook.
Enabling the R71 SSL VPN Blade causes a Firewall access control issue. Installing R71.10 on both the
Security Management server and the gateway is mandatory to resolve this issue.
What's New in R71.20
Central management for Series 80 Appliances
Installation of Security Management Server on Microsoft Windows 7
Central management for UTM-1 Edge N Series and Embedded NGX 8.1 gateways
Provisioning of IPSO 6.2 IP appliances using SmartProvisioning
Enhanced vsx_util command for improved user experience and additional functionality
What's New in R71.20 DLP
You can customize the Email and UserCheck Notification text. You can use variables to automatically fill
in details of the incident.
You can customize the language for the DLP portal, email notifications, and UserCheck client and
notifications.
R71.10 DLP introduced Japanese support. In addition, R71.20 DLP introduces these languages:
Traditional Chinese Simplified Chinese Korean Spanish Russian Italian German French
You can configure which SMTP servers are allowed to connect to the DLP gateway for replies to email
notifications.
What's New in R71.30
New Remote Access Client Support
Endpoint Security VPN R75 (SecureClient Next Generation), support for Windows 7 32bit/64bit
Check Point Mobile for iPhone and iPad
Access to Web applications
Access to email, calendar, and contacts
Two-factor authentication with client certificate and username/password
SSL Network Extender support for MacOS 10.6 (Snow Leopard) as part of Check Point Mobile Access
Provider-1
Adds SNMP Thresholds to enhance SNMP monitoring & trapping
Adds tooltip to display name and IP of group objects
Lets you copy network and host objects between CMAs with easy object export and import from the
Object Tree of the SmartDashboard
Improves SmartDashboard so that global objects function like local objects
Tooltip displays the object’s details
Double-click opens a read only dialog with the object’s details
Lets the Customer administrator choose to assign the Global Policy to specific local policy packages
Lets you use the new cma_restore utility to restore a specific CMA from a backup of the entire Multi-
Domain Server
SmartDashboard
Lets you make changes in SmartDashboard during Policy Installation
Security Gateway 80 Series R71.30
Top Services graph in overview page
Configuration of advanced DHCP options
Full support for Google Chrome browser
ECMP for OSPF
The OSPF routing protocol in Check Point’s dynamic routing suite explicitly allows Equal-Cost Multi-Path
(ECMP) routing, a strategy for routing packets along multiple "best paths" of equal cost. By load balancing
traffic over multiple (redundant) routes, ECMP increases network bandwidth.
Check Point’s dynamic routing suite supports up to six simultaneous routes, which means that up to six
multiple routes can be used for ECMP. If the routing metric calculations discover more than six paths of
equal cost to the same destination, the ECMP feature makes available only the first six.
What's New in R70.40
Upgrade from R70.40 directly to R71.40
Security Management
IPS improvements
SmartEvent enhancements
Increase pattern granularity - Header rejection, Http worm catcher and Cifs worm catcher patterns
were converted into separate protections, giving more granularity in their settings. This feature is
installed during the first IPS update process (online update, offline update or scheduled update).
Implied exceptions - Built-in exceptions to allow Check Point products trusted traffic.
Support for UTM-1 Edge 8.2 gateways
Security Gateway
IPS Geo database - The Geo country-ranges database accuracy has been significantly improved.
Security Gateway 80 Series
Support for VPN Link Selection
Support for local masters file
Improved communication when Security Management server is behind NAT
Support for IGMP Proxy
Windows 7 32-bit and 64-bit Support
Secure Workspace supports Windows 7 32-bit and 64-bit.
Mobile Access clients with Windows 7 64-bit can connect to Connectra and SSL VPN gateways
Support for SSL Network Extender Application mode and Network mode for Windows 7 32-bit and 64-
bit.
Enhanced Secure Workspace
Faster and better performance.
Enhanced allowed application configuration by software vendor. You can easily allow all applications
from a specific vendor.
VPN Client
This version includes a deployment package of Endpoint Security VPN R75, which replaces SecureClient
and Endpoint Connect. For automatic deployment of the new VPN client, select a client upgrade mode in
Global Properties > Remote Access > Endpoint Connect.
What's New in R75
Check Point R75 is based on the Software Blades Architecture™.
Check Point Identity Awareness™ in the Check Point Security Gateway™
Identity based Firewall and Application Control polices including users, user-group and machines
Logging of user identities makes troubleshooting simpler and allows better trend analysis
Multiple and flexible methods for obtaining user identity including seamless integration with Active
Directory (no need to install agent on Domain Controller), captive web portal for clientless user
authentication or thin client for strong authentication and impersonation prevention based on unique
patent-pending technology for light signature of packet information
Scalable identity sharing between multiple gateways to identify users in one or many sites and share
with other gateways in the same or different sites
Check Point Application Control Software Blade™
Granular Application Control to identify, allow or block thousands of applications
Largest application library with AppWiki - Comprehensive application control leveraging the largest
application library that scans and detects more than 100,000 applications and Social Network widgets
Auto-updates for applications database on the gateway (NO need to re-install policy)
Detect rapidly changing Social Network Widgets via online service
Integrated Check Point DLP™ Software Blade™
Check Point's innovative Data Loss Prevention™, now available as an integrated Software Blade.
Prevents data loss of critical business information
Network-based solution prevents breach of corporate data
Compliance with data protection standards (such as PCI-DSS, HIPPA, GLBA, SOX, etc.)
Cutting edge technology for DLP processes enforcement
Innovative MultiSpect™ data classification engine combines users, content and process into
accurate decisions
New UserCheck™ technology empowers users to remediate incidents
Low maintenance, self-educating system does not require IT/security personnel in incident handling
while educating the users on proper data sharing policies
Easy deployment for immediate data loss prevention
Less the one day deployment of preventative DLP solution
Over 250 pre-defined types to create your own policy
Better control and auditing capabilities with centralized security management
New DLP features:
ClusterXL®
HA support quarantine database is synchronized between cluster members
Incident storage at Management server
Check Point Mobile Access Blade™
Remote Access - SSL VPN technology is used for secure encrypted communication from unmanaged
mobile devices, PCs and Macs to your corporate IT infrastructure
Check Point Mobile™ Client - For simple and secure connectivity to corporate resources from
smartphones and PCs
Mobile Access Portal - For connecting securely to corporate resources through a portal from a web
browser
SSL Network Extender (On-demand client - SNX) - For secure connectivity to corporate resources using
non-web-based applications via an on-demand, dissolvable client
Endpoint Security™ VPN R75
Endpoint Security VPN introduces the Next Generation of SecureClient®, including 64-bit support. It
provides mobile users seamless and secure connectivity to corporate resources by establishing an
encrypted and authenticated IPSec tunnel with Check Point Security Gateways.
This version includes a deployment package of Endpoint Security VPN R75. By default, Endpoint Connect
clients are upgraded automatically to Endpoint Security VPN R75. After you upgrade the Security
Management server and install a policy, users who connect with Endpoint Connect clients get a prompt to
accept an automatic upgrade. The included deployment package cannot upgrade SecureClient to Endpoint
Security VPN R75. SecureClient users are not affected.
To disable the automatic upgrade of the VPN clients, do this before installing or upgrading the Security
Management server:
1. Open Global Properties > Remote Access > Endpoint Connect.
2. Set Client upgrade mode to Do not upgrade.
Enhanced Check Point IPS™ Signature Support
Increase scalability of the IPS engine when adding many more protections
Decrease memory footprint (currently some pattern based protections require large memory footprint)
Provide a new framework for using non-regular keywords replacing complex regular expressions
Enhance the IPS engine to support simpler and more efficient CIFS and DCE-RPC protections
Multi-Domain Security Management™ (based on proven Provider-1®technology)
R75 supports the new licensing scheme of Multi-Domain Security Management. You can easily convert
an existing Security Management deployment to a Multi-Domain Security Management deployment by
adding Software Blades.
Other Improvements
Security Management Server supports Series 80 Appliances™ gateways for centrally managed branch
offices
You can set a different authentication method per blade on the same gateway. For example, a user can
login to Mobile Access with certificate authentication and login to DLP with username and password
authentication.
In Gateway Properties, configure the desired authentication method for Check Point IPSec VPN™ and
Mobile Access in its respective Authentication page, and for Identity Awareness in its Authentication
Settings page.
You can now use multiple portals over port 443 and port 80. For example, the SecurePlatform™ Web
User interface and the Mobile Access portal can both be on port 443. In the SmartDashboard™
Gateway properties window, set the Portal URL for the different portals on the portal configuration
pages.
The user search for remote access users works according to the user groups. If a user authenticates
with an IPSEC VPN client and the user is in the LDAP groups of a Remote Access VPN Community,
then the user will be found in the LDAP server. If a user authenticates to the Mobile Access portal, and
the user is defined in the Access to Application rules as part of the Internal Database groups, the user
will be found in the Internal Database.
What's New in R75.10
Mobile Access Software Blade
Improved Clientless VPN features
Support for Secure Workspace and SSL Network Extender (Application and Network Modes) on
Windows 7 32/64-bit
Improved SSL Network Extender application control by software vendor so you can easily choose to
allow all applications from a specific vendor
SSL Network Extender on Mac 10.6 connecting to the Mobile Access Software Blade
Support for Check Point Mobile for iPhone and iPad, from the R75 Hotfix
(http://supportcontent.checkpoint.com/documentation_download?ID=11950).
Access to Web applications
Access to email, calendar, and contacts
Two-factor authentication with client certificate and username/password
SmartConsole
Multiple selection of applications in Application Control
Faster loading time and improved application performance
SmartEvent and SmartView Tracker
Faster query response and improved application performance
Get packet capture data from the Security Gateway with the fwm getpcap Command (on page 22)
VPN Client
This version includes a deployment package of Endpoint Security VPN R75, which replaces SecureClient
and Endpoint Connect. For automatic deployment of the new VPN client, select a client upgrade mode in
Global Properties > Remote Access > Endpoint Connect.
New Support
UTM-1 Edge 8.2 gateways
SecuRemote E75.10
Pre-shared secret authentication method for E75 remote access clients
notifications.
What's New in R71.30
New Remote Access Client Support
Endpoint Security VPN R75 (SecureClient Next Generation), support for Windows 7 32bit/64bit
Check Point Mobile for iPhone and iPad
Access to Web applications
Access to email, calendar, and contacts
Two-factor authentication with client certificate and username/password
SSL Network Extender support for MacOS 10.6 (Snow Leopard) as part of Check Point Mobile Access
Provider-1
Adds SNMP Thresholds to enhance SNMP monitoring & trapping
Adds tooltip to display name and IP of group objects
Lets you copy network and host objects between CMAs with easy object export and import from the
Object Tree of the SmartDashboard
Improves SmartDashboard so that global objects function like local objects
Tooltip displays the object’s details
Double-click opens a read only dialog with the object’s details
Lets the Customer administrator choose to assign the Global Policy to specific local policy packages
Lets you use the new cma_restore utility to restore a specific CMA from a backup of the entire Multi-
Domain Server
SmartDashboard
Lets you make changes in SmartDashboard during Policy Installation
Security Gateway 80 Series R71.30
Top Services graph in overview page
Configuration of advanced DHCP options
Full support for Google Chrome browser
ECMP for OSPF
The OSPF routing protocol in Check Point’s dynamic routing suite explicitly allows Equal-Cost Multi-Path
(ECMP) routing, a strategy for routing packets along multiple "best paths" of equal cost. By load balancing
traffic over multiple (redundant) routes, ECMP increases network bandwidth.
Check Point’s dynamic routing suite supports up to six simultaneous routes, which means that up to six
multiple routes can be used for ECMP. If the routing metric calculations discover more than six paths of
equal cost to the same destination, the ECMP feature makes available only the first six.
What's New in R70.40
Upgrade from R70.40 directly to R71.40
Security Management
IPS improvements
SmartEvent enhancements
Increase pattern granularity - Header rejection, Http worm catcher and Cifs worm catcher patterns
were converted into separate protections, giving more granularity in their settings. This feature is
installed during the first IPS update process (online update, offline update or scheduled update).
Implied exceptions - Built-in exceptions to allow Check Point products trusted traffic.
Support for UTM-1 Edge 8.2 gateways
Security Gateway
IPS Geo database - The Geo country-ranges database accuracy has been significantly improved.
Security Gateway 80 Series
Support for VPN Link Selection
Support for local masters file
Improved communication when Security Management server is behind NAT
Support for IGMP Proxy
Windows 7 32-bit and 64-bit Support
Secure Workspace supports Windows 7 32-bit and 64-bit.
Mobile Access clients with Windows 7 64-bit can connect to Connectra and SSL VPN gateways
Support for SSL Network Extender Application mode and Network mode for Windows 7 32-bit and 64-
bit.
Enhanced Secure Workspace
Faster and better performance.
Enhanced allowed application configuration by software vendor. You can easily allow all applications
from a specific vendor.
VPN Client
This version includes a deployment package of Endpoint Security VPN R75, which replaces SecureClient
and Endpoint Connect. For automatic deployment of the new VPN client, select a client upgrade mode in
Global Properties > Remote Access > Endpoint Connect.
What's New in R75
Check Point R75 is based on the Software Blades Architecture™.
Check Point Identity Awareness™ in the Check Point Security Gateway™
Identity based Firewall and Application Control polices including users, user-group and machines
Logging of user identities makes troubleshooting simpler and allows better trend analysis
Multiple and flexible methods for obtaining user identity including seamless integration with Active
Directory (no need to install agent on Domain Controller), captive web portal for clientless user
authentication or thin client for strong authentication and impersonation prevention based on unique
patent-pending technology for light signature of packet information
Scalable identity sharing between multiple gateways to identify users in one or many sites and share
with other gateways in the same or different sites
Check Point Application Control Software Blade™
Granular Application Control to identify, allow or block thousands of applications
Largest application library with AppWiki - Comprehensive application control leveraging the largest
application library that scans and detects more than 100,000 applications and Social Network widgets
Auto-updates for applications database on the gateway (NO need to re-install policy)
Detect rapidly changing Social Network Widgets via online service
Integrated Check Point DLP™ Software Blade™
Check Point's innovative Data Loss Prevention™, now available as an integrated Software Blade.
Prevents data loss of critical business information
Network-based solution prevents breach of corporate data
Compliance with data protection standards (such as PCI-DSS, HIPPA, GLBA, SOX, etc.)
Cutting edge technology for DLP processes enforcement
Innovative MultiSpect™ data classification engine combines users, content and process into
accurate decisions
New UserCheck™ technology empowers users to remediate incidents
Low maintenance, self-educating system does not require IT/security personnel in incident handling
while educating the users on proper data sharing policies
Easy deployment for immediate data loss prevention
Less the one day deployment of preventative DLP solution
Over 250 pre-defined types to create your own policy
Better control and auditing capabilities with centralized security management
New DLP features:
ClusterXL®
HA support quarantine database is synchronized between cluster members
Incident storage at Management server
Check Point Mobile Access Blade™
Remote Access - SSL VPN technology is used for secure encrypted communication from unmanaged
mobile devices, PCs and Macs to your corporate IT infrastructure
Check Point Mobile™ Client - For simple and secure connectivity to corporate resources from
smartphones and PCs
Mobile Access Portal - For connecting securely to corporate resources through a portal from a web
browser
SSL Network Extender (On-demand client - SNX) - For secure connectivity to corporate resources using
non-web-based applications via an on-demand, dissolvable client
Endpoint Security™ VPN R75
Endpoint Security VPN introduces the Next Generation of SecureClient®, including 64-bit support. It
provides mobile users seamless and secure connectivity to corporate resources by establishing an
encrypted and authenticated IPSec tunnel with Check Point Security Gateways.
This version includes a deployment package of Endpoint Security VPN R75. By default, Endpoint Connect
clients are upgraded automatically to Endpoint Security VPN R75. After you upgrade the Security
Management server and install a policy, users who connect with Endpoint Connect clients get a prompt to
accept an automatic upgrade. The included deployment package cannot upgrade SecureClient to Endpoint
Security VPN R75. SecureClient users are not affected.
To disable the automatic upgrade of the VPN clients, do this before installing or upgrading the Security
Management server:
1. Open Global Properties > Remote Access > Endpoint Connect.
2. Set Client upgrade mode to Do not upgrade.
Enhanced Check Point IPS™ Signature Support
Increase scalability of the IPS engine when adding many more protections
Decrease memory footprint (currently some pattern based protections require large memory footprint)
Provide a new framework for using non-regular keywords replacing complex regular expressions
Enhance the IPS engine to support simpler and more efficient CIFS and DCE-RPC protections
Multi-Domain Security Management™ (based on proven Provider-1®technology)
R75 supports the new licensing scheme of Multi-Domain Security Management. You can easily convert
an existing Security Management deployment to a Multi-Domain Security Management deployment by
adding Software Blades.
Other Improvements
Security Management Server supports Series 80 Appliances™ gateways for centrally managed branch
offices
You can set a different authentication method per blade on the same gateway. For example, a user can
login to Mobile Access with certificate authentication and login to DLP with username and password
authentication.
In Gateway Properties, configure the desired authentication method for Check Point IPSec VPN™ and
Mobile Access in its respective Authentication page, and for Identity Awareness in its Authentication
Settings page.
You can now use multiple portals over port 443 and port 80. For example, the SecurePlatform™ Web
User interface and the Mobile Access portal can both be on port 443. In the SmartDashboard™
Gateway properties window, set the Portal URL for the different portals on the portal configuration
pages.
The user search for remote access users works according to the user groups. If a user authenticates
with an IPSEC VPN client and the user is in the LDAP groups of a Remote Access VPN Community,
then the user will be found in the LDAP server. If a user authenticates to the Mobile Access portal, and
the user is defined in the Access to Application rules as part of the Internal Database groups, the user
will be found in the Internal Database.
What's New in R75.10
Mobile Access Software Blade
Improved Clientless VPN features
Support for Secure Workspace and SSL Network Extender (Application and Network Modes) on
Windows 7 32/64-bit
Improved SSL Network Extender application control by software vendor so you can easily choose to
allow all applications from a specific vendor
SSL Network Extender on Mac 10.6 connecting to the Mobile Access Software Blade
Support for Check Point Mobile for iPhone and iPad, from the R75 Hotfix
(http://supportcontent.checkpoint.com/documentation_download?ID=11950).
Access to Web applications
Access to email, calendar, and contacts
Two-factor authentication with client certificate and username/password
SmartConsole
Multiple selection of applications in Application Control
Faster loading time and improved application performance
SmartEvent and SmartView Tracker
Faster query response and improved application performance
Get packet capture data from the Security Gateway with the fwm getpcap Command (on page 22)
VPN Client
This version includes a deployment package of Endpoint Security VPN R75, which replaces SecureClient
and Endpoint Connect. For automatic deployment of the new VPN client, select a client upgrade mode in
Global Properties > Remote Access > Endpoint Connect.
New Support
UTM-1 Edge 8.2 gateways
SecuRemote E75.10
Pre-shared secret authentication method for E75 remote access clients
No comments:
Post a Comment