R81.10 Public EA is available

Check Point launched the Public Early Availability (EA) program for their upcoming R81.10 release. The GA is expected in Q2/Q3. The Production EA was announced in February.

How to register?

UserCenter:
Register to the Public EA release via – UserCenter -> TRY OUR PRODUCTS -> Early Availability Programs -> CPEA-EVAL-R81.10

PartnerMAP:
Register to the Public EA release via – Partnermap -> CUSTOMER ACQUISITIONS-> Early Availability Programs -> CPEA-EVAL-R81.10

R81.10 Public EA limitations

• Check Point Public EA is designed for lab and sandbox deployments only.
• Public EA version upgrade to GA is not supported.
• VSX is not supported within the public EA program.
• For Maestro Hyper Scale – Please contact the Public EA Support team directly via the feedback link provided within the EA program.
• Multi-version Cluster (MVC) is not supported with Cluster Load-Sharing.

What’s New

Quantum Security Gateway and Gaia

Quantum Maestro Hyperscale _{^{(out of scope of this EA program)}}

• Mix appliances – The ability to include different appliance models in the same Security Group.
• Maestro Orchestrator is aligned with the latest version as part of the main-train release and includes the latest Gaia fixes and improvements.
• All VPN functionality is now supported:
  • Route Based VPN.
  • Permanent Tunnels.
  • Link Selection Load Sharing.
  • Service Based Link Selection.
  • Route-based probing for Link Selection.
  • Back-to-back tunnels (hub and spokes).
  • Dynamic Routing through VPN tunnels.
  • Identity Awareness through VPN tunnels.
  • Members’ local connections through VPN tunnels.

VSX

Configure Bridge and Multi-Bridge interfaces on a regular Virtual Systems not in Bridge Mode to use features that require an IP address to work, such as Identity Awareness, Threat Emulation, UserCheck Web Portal and Captive Portal.

IPsec VPN

VPN performance enhancements: Site to Site VPN and Remote Access clients
are now handled by two different processes.

Access Control

Enhance security by setting default values to Access Rules when the last object in a rule’s cell is removed.

Advanced Routing

• IPv4 PIM enhancements and stability fixes.
• Ability to clear OSPF error counters.
• OSPFv2 Graceful Restart with ClusterXL.
• Static Multicast Forwarding.
• Support for different ECMP algorithms.

ISP Redundancy

Support up to 10 ISP links.

Quantum Security Management

Security Management Servers enchantments

• Infallible Management Login – Improved stability of the log-in process to the Management server using SmartConsole or Management API, when the Server is under load.
• Significant improvements for the stability and performance of the Security Management Server, especially for large Management environments under high load:
  • Admin operations to the Security Management Server such as backup and restore, and revisions purge are drastically faster.
  • Faster Management API functions execution.
  • Search and navigate in SmartConsole is smoother when concurrent SmartConsole administrators are connected.

Management REST API

• New export, import, and upgrade Management APIs for primary Security Management Servers or Multi-Domain Servers.
• Unified Management API commands for server export and import, Domain backup and migration.
• SmartLSM – REST API commands to simplify the creation of ROBO Gateways.

SmartConsole

Automatic updates – SmartConsole detects and installs client updates for the same major version.

Logging and Monitoring

• IPS and Anti-Bot logs now include a MITRE ATT&CK section that details the different techniques for malicious attack attempts. This Section provides an easier way to understand an attack by looking at the log card and to export the data to external SIEM systems, and an easy search and filter for attack events based on MITRE techniques.
• Dynamic logs distribution – Configure the Security Gateway to distribute logs between the active Log Servers to reduce CPU and Disk utilization.
• Enhancements to logging services stability.

CloudGuard Controller

• Use AWS Security Token Service (STS) Assume Role to simplify the access to AWS Data Centers.
• Support all Microsoft Azure Data Center locations.

Management High Availability

• Synchronization and stability enhancements.
• Significant Full sync duration improvement.

Multi-Domain Server

IoT support for Multi-Domain Security Management.

SmartLSM

Use group object, Multiple IP addresses and IP ranges in LSM profiles.

Endpoint Security VPN

• Endpoint Security Web Management enhancements to allow the configuration of:
  • Media Encryption & Port Protection policy
  • Firewall policy
  • Application Control policy
  • Developer protection policy
  • Push Operation for Host Isolation and Client Uninstall