R81.20 EA Program now available

Check Point announced the Quantum R81.20 Early Availability program for production environments. A date for the Public EA (for lab environments) has not been announced yet. But looking at previous EA programs the Public EA is usually announced within 3 months after the Production EA.

From the announcement on CheckMates:

Check Point Quantum R81.20 is packed with new features. that offer elasticity, efficiency, and innovative security enhancements.

NOTE: Unfortunately, the announcement on CheckMates does not include a link to the R81.20 enrollment survey. As soon a link is published this article will be updated.
UPDATE 15/12/2021: Valeri Loukine advises to send a PM through CheckMates to @Tsvika_Akerman for enrollment as there is an issue with the registration forms.

Below you find the details of the Quantum R81.20 Production Program. It is not guaranteed that everything will be included in the Public EA or final GA version.

Quantum Security Gateway and Gaia

Threat Prevention

• Prevent browsing to Zero-Day phishing websites
  • Check Point Quantum Security Gateway enhances its web browsing protection to further prevent users from accessing phishing websites.
  • Powered by patented technologies and AI engines, the Security Gateway now uses Clientless In-Browser protection to prevent access to the most sophisticated phishing websites, both known and completely unknown (zero-day phishing websites).
  • The enhanced solution is available through the Security Gateway network flow, introducing dynamic security components that run within the browser with no need to install any client.
  • Delivered as part of your existing NGTX license.
  • Works out of the box for Security Gateways with Autonomous Threat Prevention enabled.
• Up to 50% performance enhancement to IPS CIFS protections.
• IOC feeds now support a significantly increased capacity in the number of observables for URLs, Domains, IP addresses, and Hashes – 2 million and up to hardware limit.
• Support for inspection of FTPS by Content Awareness, Anti-Virus and Threat Extraction blades.

Maestro Hyperscale

Maestro Fastforward -Significantly Improved throughput and latency for trusted connections. Maestro Fastforward offloads accept or drop policy rules to the Maestro Hyperscale Orchestrator for hardware acceleration.

• Sub microseconds latency.
• Port line-rate throughput for single connection.
• Support for Accelerated policy installation on Maestro Security Gateways. For more information see sk169096 .

• Support gradual upgrade with Multi Version Cluster (MVC)
• Based on the current traffic load, the Security Gateway automatically changes the number of CoreXL SNDs, Firewall instances and the Multi-Queue configuration for zero traffic impact.
• Management Data Plane Separation (MDPS) support for Scalable Platforms.

IoT Protect

Leverage Quantum Security Gateway and Infinity to instantly discover IoT devices and enforce independent Zero-Trust policies.

• Only allow what’s needed for the device to operate.
• Automatic grouping based on device type.

IPsec VPN

• Seamless site-to-site tunnel establishment with AWS native cloud VPN. Setup a route-based VPN tunnel with a virtual Gateway with just a few simple steps.
• Major performance and stability improvement for Remote Access and Site to Site VPN that delivers a much higher capacity for VPN tunnels.
• Extended Security Gateway certificate validation capabilities for faster authentication.

Access Control

• Network Feed Object – Use a Network Feed object to get dynamic IPs or domains of a specific external service that is not included in the Updatable Objects options. In addition, the user can create its own service containing a list of IPs or domains and have them in his policy. The object is automatically updated in Security Gateway without the need to install the policy.
• Performance improvements – support for Updatable Objects, Domain objects, and Dynamic objects with the Optimized Drop feature (drop templates).

Advanced Routing

• Support for Intermediate System (IS-IS) routing protocol.
• DHCP Relay Agent Information Option 82 that addresses several scaling and security issues arising in public DHCP use.
• OSPFv3 NSSA support.
• IPv6 Static MFC Cache to enable forwarding of multicast data without PIM configuration.
• Support for Routed control scripts to allow ClusterXL fail-over and tear down of BGP connections.
• Routing Protocol History for BFD to improve troubleshooting capabilities.
• Netflow Live connections and Firewall rule ID UUID.

Gaia Operating System

• Configure a retention policy for Gaia scheduled backups and snapshots.
• Using the CLI, monitor the module temperature, module supply voltage, TX Bais voltage, Rx optical Power, and TX optical power for a single transceiver or all transceivers on an appliance.
• Automatic update to the NIC firmware during the ISO installation process for appliances that have 40GbE, 100/25GbE, and/or SmartNIC acceleration cards.

CoreXL

In UserSpace Firewall (USFW), the number of IPv6 instances can equal the number of IPv4 instances, allowing the configuration of the gateway to process a more significant amount of IPv6 traffic.

Identity Awareness

• The Identity Awareness Gateway automatically identifies and excludes Service Account sessions acquired by the Identity Collector. For more details, see sk174266.
• Improved resiliency, scalability, and stability for PDPs and Identity Brokers. Additional threads handle authentication and authorization flows.
• Automatic tuning of nested LDAP groups – The Identity Awareness Gateway automatically chooses the optimal way to query the LDAP server for users and groups.
• During a PDP failure, a PEP Identity Awareness Gateway can recover its identity database from connected PDP Gateways.
• Identity Collector is now supported with Quantum Spark Appliances.

Mobile Access

Oauth 2.0 support for Capsule Workspace and Office 365.

Quantum Security Management

General

Performance improvements to IPS updates and utilization.

SmartConsole

Administrators can use SAML 2.0 to configure SmartConsole users to authenticate with an Identity Provider.

SmartWorkflow

Send policy and configuration changes for peer review and approval before publishing.

Management REST API

Management API support for:

• Identity Awareness configuration on gateways and clusters.
• HTTPS Inspection outbound certificate configuration.
• Creation of LSM Gateways.
• Creation of LSM Gateways VPN configuration.

Upgrades

• Central Deployment- Use SmartConsole to:
  • Gradually upgrade Quantum Cluster Members.
  • Upgrade Quantum Spark and Quantum Edge Appliances.
• Pre-Upgrade Verifier results are now presented in the upgrade report.
• Significant performance improvement by importing Domain Management Servers concurrently instead of sequentially.

CloudGuard Network Security

• CloudGuard Controller support for:
  • Oracle Cloud Infrastructure (OCI)
  • Nutanix
  • New Azure resources – Application Security Groups, Private Endpoints
  • New AWS resources – Load Balancer tags
• Nutanix Flow support for CloudGuard Network Security Gateways.
• Amazon Web Services (AWS):
  • Security Gateway, Single, High Availability Cluster, Auto Scaling Group (ASG), Gateway Load Balancer Auto Scaling Group (ASG), Transit Gateway with ASG.
  • AWS Gateway Load Balancer support.

Harmony Endpoint

Endpoint Policy Management

Use SSO to connect to the Endpoint Web Management Console.

Remote Access VPN

Authenticate Remote Access VPN users with SAML.