R81.10 EA Program now available

Check Point launched the R81.10 Early Availability program for production environments. The GA release of R81.10 is expected in Q2, though not officially confirmed.

From the announcement on CheckMates:

Check Point’s Cyber Security Platform R81.10, the industry’s most advanced Threat Prevention and security management software that delivers uncompromising simplicity and consolidation across the enterprise. Whether it is deploying the latest technologies and security to protect the organization or expertly crafting security policies, R81.10 enables enterprises to be their best. Now with the newest version, R81.10 delivers feature parity with Check Point Maestro, in addition, the Scalable Platform software delivers the option to mix and match security gateways in the same Security Group to maximize cost-efficiency. R81.10 introduces the ability to automatically update the Smart Console with the latest fixes and improvements all while accelerating the administrator’s daily operations. R81.10 enhances Infinity Threat Prevention, the industry’s first autonomous Threat Prevention system that provides fast, self-driven policy creation and one-click security profiles keeping policies always up to date. Policies are installed in seconds, upgrades require only one click, and Quantum gateways can be simultaneously upgraded in minutes.

If you would like to participate in the R81.10 Production EA Program you need to fill in this enrollment survey.

New in this release

Quantum Security Gateway and Gaia

Quantum Maestro Hyperscale (NOTE: Will not be part of R81.10 EA program)

• Mix appliances – The ability to include different appliance models in the same Security Group.
• Maestro Orchestrator is aligned with the latest version as part of the main-train release and includes the latest Gaia fixes and improvements.
•        All VPN functionality is now supported:
  •        Route Based VPN.
  •        Permanent Tunnels.
  •        Link Selection Load Sharing.
  •        Service Based Link Selection.
  •        Route-based probing for Link Selection.
  •        Back-to-back tunnels (hub and spokes).
  •        Dynamic Routing through VPN tunnels.
  •        Identity Awareness through VPN tunnels.
  •        Members’ local connections through VPN tunnels.

VSX

Configure Bridge and Multi-Bridge interfaces on a regular Virtual Systems not in Bridge Mode to use features that require an IP address to work, such as Identity Awareness, Threat Emulation, UserCheck Web Portal and Captive Portal.

IPsec VPN

VPN performance enhancements – Site to Site VPN and Remote Access clients are now handled by two different processes.

Access Control

Enhance security by setting default values to Access Rules when the last object in a rule’s cell is removed.

Advanced Routing

• IPv4 PIM enhancements. and stability fixes.
• Ability to clear OSPF error counters.
• OSPFv2 Graceful Restart with ClusterXL.
• Static Multicast Forwarding.
• Support for different ECMP algorithms.

ISP Redundancy

Support up to 10 ISP links.

Quantum Security Management

Security Management Servers enchantments

• Infallible Management Login – Improved stability of the log-in process to the Management server using SmartConsole or Management API, when the Server is under load.
• Significant improvements for the stability and performance of the Security Management Server, especially for large Management environments under high load:
  • Admin operations to the Security Management Server such as backup and restore, and revisions purge are drastically faster.
  • Faster Management API functions execution.
  • Search and navigate in SmartConsole is smoother when concurrent SmartConsole administrators are connected

Management REST API

• New export, import, and upgrade Management APIs for primary Security Management Servers or Multi-Domain Servers.
• Unified Management API commands for server export and import, Domain backup and migration.
• SmartLSM – REST API commands to simplify the creation of ROBO Gateways.

SmartConsole

Automatic updates – SmartConsole detects and installs client updates for the same major version.

Logging and Monitoring

• IPS and Anti-Bot logs now include a MITRE ATT&CK section that details the different techniques for malicious attack attempts. This Section provides an easier way to understand an attack by looking at the log card and to export the data to external SIEM systems, and an easy search and filter for attack events based on MITRE techniques.
• Dynamic logs distribution – Configure the Security Gateway to distribute logs between the active Log Servers to reduce CPU and Disk utilization.
• Enhancement to logging services stability.

CloudGuard Controller

• Use AWS Security Token Service (STS) Assume Role to simplify the access to AWS Data Centers.
• Support all Microsoft Azure Data Center locations.

Management High Availability

• Synchronization and stability enhancements.
• Significant Full sync duration improvement.

Multi-Domain Server

IoT support for Multi-Domain Security Management.

SmartLSM

Use group object, Multiple IP addresses and IP ranges in LSM profiles

Endpoint Security VPN

• Endpoint Security Web Management enhancements to allow the configuration of:
  • Media Encryption & Port Protection policy
  • Firewall policy
  • Application Controlpolicy
  • Developer protection policy

• Push Operation for Host Isolation and Client Uninstall