R80.40 EA went live a few days ago. There are tons of new features including a new Kernel: TL:DR

What’s New

IoT Security

A new IoT security controller to:

  • Collect IoT devices and traffic attributes from certified IoT discovery engines (currently supports Medigate, CyberMDX, Cynerio, Claroty, Indegy, SAM and Armis).
  • Configure a new IoT dedicated Policy Layer in policy management.
  • Configure and manage security rules that are based on the IoT devices’ attributes.

HTTPS Inspection

  • HTTP/2 is an update to the HTTP protocol. The update provides improvements to speed, efficiency and security and results with a better user experience.
  • Check Point’s Security Gateway now support HTTP/2 and benefits better speed and efficiency while getting full security, with all Threat Prevention and Access Control blades, as well as new protections for the HTTP/2 protocol.
  • Support is for both clear and SSL encrypted traffic and is fully integrated with HTTPS/TLS Inspection capabilities.

HTTPS Inspection Layer

  • Provides these new capabilities:
  • A new Policy Layer in SmartConsole dedicated to HTTPS Inspection.
  • Different HTTPS Inspection layers can be used in different policy packages.
  • Sharing of a HTTPS Inspection layer across multiple policy packages.
  • API for HTTPS Inspection operations.

Threat Prevention

  • Overall efficiency enhancement for Threat Prevention processes and updates.
  • Automatic updates to Threat Extraction Engine.
  • Dynamic, Domain and Updatable Objects can now be used in Threat Prevention and TLS Inspection policies. Updatable objects are network objects that represent an external service or a known dynamic list of IP addresses, for example – Office365 / Google / Azure / AWS IP addresses and Geo objects.
  • Anti-Virus now uses SHA-1 and SHA-256 threat indications to block files based on their hashes. Import the new indicators from the SmartConsole Threat Indicators view or the Custom Intelligence Feed CLI.
  • Anti-Virus and SandBlast Threat Emulation now support inspection of e-mail traffic over the POP3 protocol, as well as improved inspection of e-mail traffic over the IMAP protocol.
  • Anti-Virus and SandBlast Threat Emulation now use the newly introduced SSH inspection feature to inspect files transferred over the SCP and SFTP protocols.
  • Anti-Virus and SandBlast Threat Emulation now provides improved support for SMBv3 inspection (3.0, 3.0.2, 3.1.1), it includes inspection of multi-channel connections. Check Point is now the only vendor to support inspection of a file transfer through multiple channels (a feature that is on-by-default in all Windows environments). This allows customers to stay secure while working with this performance enhancing feature.

Access Control

  • Identity Awareness
  • Support for Captive Portal integration with SAML 2.0 and third party Identity Providers.
  • Support for Identity Agent Broker for scalable and granular sharing of identity information between PDPs, as well as cross-domain sharing.
  • Enhancements to Terminal Servers Agent for better scaling and compatibility.


  • Configure different VPN encryption domains on a Security Gateway that is a member of multiple VPN communities. This provides:
  • Improved privacy – Internal networks are not disclosed in IKE protocol negotiations.
  • Improved security and granularity – Specify which networks are accessible in a specified VPN community.
  • Improved interoperability – Simplified route-based VPN definitions (recommended when you work with an empty VPN encryption domain).
  • Create and seamlessly work with a Large Scale VPN (LSV) environment with the help of LSV profiles.

URL Filtering

  • Improved scalability and resilience.
  • Extended troubleshooting capabilities.

Application Control

  • Improved performance, diagnostics and monitoring tools.
  • Enchantment to Server Name Indicators (SNI) classifications.


  • Enhanced NAT port allocation mechanism – on Security Gateways with 6 or more CoreXL Firewall instances, all instances use the same pool of NAT ports, which optimizes the port utilization and reuse.
  • NAT port utilization monitoring in CPView and with SNMP.

Voice over IP (VoIP)

  • Multiple CoreXL Firewall instances handle the SIP protocol to enhance performance.

Remote Access VPN

  • Use machine certificate to distinguish between corporate and non-corporate assets and to set a policy enforcing the use of corporate assets only. Enforcement can be pre-logon (device authentication only) or post-logon (device and user authentication).

Mobile Access Portal Agent

CoreX L and Multi-Queue

  • Improved out of the box experience – Security Gateway automatically changes the number of CoreXL SNDs and Firewall instances and the Multi-Queue configuration based on the current traffic load.
  • Priority Queues are enabled by default. For more information see sk105762.


  • Support for Cluster Control Protocol in Unicast mode that eliminates the need for CCP Broadcast or Multicast modes.
  • Cluster Control Protocol encryption is now enabled by default.
  • New ClusterXL mode -Active/Active, which supports Cluster Members in different geographic locations that are located on different subnets and have different IP addresses.
  • Support for ClusterXL Cluster Members that run different software versions.
  • Eliminated the need for MAC Magic configuration when several clusters are connected to the same subnet.


  • Support for VSX upgrade with CPUSE in Gaia Portal.
  • Support for Active Up mode in VSLS.
  • Support for CPView statistical reports for each Virtual System

Zero Touch

  • A simple Plug & Play setup process for installing an appliance – eliminating the need for technical
  • expertise and having to connect to the appliance for initial configuration.


Advanced Routing

  • Enhancements to OSPF and BGP allow to reset and restart OSPF neighboring for each CoreXL Firewall instance without the need to restart the routed daemon.
  • Enhancing route refresh for improved handling of BGP routing inconsistencies.

New kernel capabilities

  • Upgraded Linux kernel
  • New partitioning system (gpt):
  • Supports more than 2TB physical/logical drives
  • Faster file system (xfs)
  • Supporting larger system storage (up to 48TB tested)
  • I/O related performance improvements
  • Multi-Queue:
  • Full Gaia Clish support for Multi-Queue commands
  • Automatic “on by default” configuration
  • SMB v2/3 mount support in Mobile Access blade
  • Added NFSv4 (client) support (NFS v4.2 is the default NFS version used)
  • Support of new system tools for debugging, monitoring and configuring the system

Multi-Domain Server

  • Back up and restore an individual Domain Management Server on a Multi-Domain Server.
  • Migrate a Domain Management Server on one Multi-Domain Server to a different Multi-Domain Security Management.
  • Migrate a Security Management Server to become a Domain Management Server on a Multi-Domain Server.
  • Migrate a Domain Management Server to become a Security Management Server.
  • Revert a Domain on a Multi-Domain Server, or a Security Management Server to a previous revision for further editing.

SmartTasks and API

  • New Management API authentication method that uses an auto-generated API Key.
  • New Management API commands to create cluster objects.
  • SmartTasks – Configure automatic scripts or HTTPS requests triggered by administrator tasks, such as publishing a session or installing a policy.

CloudGuard Controller

  • Performance enhancements for connections to external Data Centers.
  • Integration with VMware NSX-T.
  • Support for additional API commands to create and edit Data Center Server objects.


  • Central Deployment of Jumbo Hotfix Accumulator and Hotfixes from SmartConsole or with an API allows to install or upgrade multiple Security Gateways and Clusters in parallel.


  • Share SmartView views and reports with other administrators.

Log Exporter

  • Export logs filtered according to field values.
  • Generate SIEM compatible Threat Emulation and Forensics reports.

Endpoint Security

  • Support for BitLocker encryption for Full Disk Encryption.
  • Support for external Certificate Authority certificates for Endpoint Security client authentication and communication with the Endpoint Security Management Server.
  • Support for dynamic size of Endpoint Security Client packages based on the selected features for deployment.
  • Policy can now control level of notifications to end users.
  • Randomize the Malware scan time to make sure that not all computers do a scan at the same time. This makes sure that network performance is not affected by many simultaneous scans.
R80.40 EA is Public

Leave a Reply

Your email address will not be published. Required fields are marked *

5 × 5 =