Check Point R75.40

Check Point R75.40.

What’s New in R75.40

 

Operating System – Gaia

Gaia is Check Point’s next generation operating system for security applications. In Greek mythology, Gaia is the mother of all, representing closely integrated parts to form a single, efficient system. The Gaia Operating System supports the full portfolio of Check Point Software Blades, Gateway and Security Management products.
Gaia is a single, unified network security OS that combines the best of Check Point’s SecurePlatform operating system, and IPSO, the operating system from the appliance security products. Gaia is available for all Check Point security appliances, open servers and virtualized environments.

Designed from the ground up for modern high-end deployments, Gaia includes support for:

  • IPv4 and IPv6 – fully integrated into the Operating System.
  • High Connection Capacity – 64bit support.
  • Load Sharing – ClusterXL and Interface bonding.
  • High Availability – ClusterXL, VRRP, Interface bonding.
  • Dynamic and Multicast Routing – BGP, OSPF, RIP, and PIM-SM, PIM-DM, IGMP.
  • Easy to use Command Line Interface – Commands are structured using the same syntactic rules. An enhanced help system and auto-completion further simplifies user operation.
  • Role Based Administration– Enables Gaia administrators to create different roles. Administrators can allow users to access features by adding those functions to the user’s role definition. Each role can include a combination of administrative (read/write) access to some features, monitoring (read-only) access to other features, and no access to other features.
  • Simple and Easy upgrade – from IPSO and SecurePlatform.

Gaia Software Updates

  • Get updates for licensed Check Point products directly through the Operating System.
  • Download and install the updates more quickly. Download automatically, manually, or periodically. Install manually or periodically.
  • Get email notifications for new available updates and for downloads and installations.
  • Easy rollback from new update.

Gaia Web User Interface

  • The Gaia WebUI is an advanced, web-based interface for configuring Gaia platforms. Almost all system configuration tasks can be done through this Web-based interface.
  • Easy Access – Simply go to https://<Device IP Address>.
  • Browser Support – Internet Explorer, Firefox, Chrome and Safari.
  • Powerful Search Engine – makes it easy to find features or functionality to configure.
  • Easy Operation – Two operating modes.
    1. Simplified mode shows only basic configuration options.
    2. Advanced mode shows all configuration options. You can easily change modes.
  • Web-Based Access to Command Line – Clientless access to the Gaia CLI directly from your browser.

New Appliances

New Check Point appliances support R75.40:

  • 21400 Appliance
  • 12000 Appliances
  • 4000 Appliances
  • 2200 Appliances

Note: all former Check Point appliance series(UTM-1/Smart-1/Power-1) are supported with R75.40, for further information please refer to R75.40 Release Notes

Anti-Bot

Check Point Anti-Bot prevents damage and blocks bot communication between infected hosts and a remote operator.

The Anti-Bot Software Blade:

  • Uses the multi-layered ThreatSpect engine to analyze network traffic and identify bot infected machines in the organization.
  • The ThreatCloud repository receives updates and allows for classification of unidentified IP, URL, and DNS resources.
  • Uses different views and reports to provide threat visibility for the organization and help assess damages and decide on corrective actions.
  • Integrates with other Software Blades for a unique Anti-Bot and Anti-Malware solution on a Security Gateway.

New Anti-Virus

Check Point Anti-Virus provides superior Anti-Virus protection against modern malware multiple attack vectors and threats.

The Anti-Virus Software Blade:

  • Offers powerful security coverage by supporting millions of signatures.
  • Leverages the Check Point ThreatCloud repository to identify and block incoming malicious files (such as exe, doc, xls, pdf) from entering the organization.
  • Prevents web-based malware download from sites known to contain malware.
  • Uses different views and reports to provide threat visibility for the organization and help assess damages and decide on corrective actions.
  • Consolidated Anti-Bot and Anti-Virus approach for dealing with malware threats (including policy setting, event analysis, and malware reports).
  • Uses a separate policy installation (together with the Anti-Bot Software Blade) to minimize risk and operational impact.

IPS

  • Significant reduction (about 90%) of false positives of non-compliant HTTP and TCP-streaming protections and of redundant logs.
  • Increase pattern granularity – Header rejection, Http worm catcher and Cifs worm catcher patterns were converted into separate protections, giving more granularity in their settings. This feature is installed during the first IPS update process (online update, offline update or scheduled update).
  • Implied exceptions – Built-in exceptions to allow Check Point products trusted traffic.
  • New tool to control IPS functionality from the gateway through CLI.
  • Improved TCP streaming infrastructure.
  • Enhanced HTTP and Web Sockets protection.
  • Improved TAP mode support.
  • Granular TCP logging.
  • New GEO database and additional countries and significantly improved accuracy.

Application Control and URL Filtering

  • Use the Limit action in rules to limit the bandwidth permitted for a rule.
  • Add a Time object to a rule to make the rule active only during specified times.
  • The UserCheck client adds the option to send notifications for applications that are not in a web browser, such as Skype or iTunes.
  • New UserCheck features: Cancel button on messages and UserCheck Frequency.
  • If traffic is not detected by other applications, it is declared an unknown application. This lets you block all unknown traffic and better handle known traffic.

Data Loss Prevention

Watermarking:
Add visible and hidden marks to Microsoft Office documents when they are sent as email attachments (outgoing and internal emails).

  • Visible Watermarks alert users to sensitive document content when viewed or printed.
    Examples:

    • Add customized text footer to Power Point slides: “Highly Restricted, sent by John Smith on 7/7/11”.
    • Add a large diagonal “Classified” visible watermark on the first page of Word documents that match a DLP rule.
  • Hidden Watermarksare encrypted and let DLP tag documents without affecting format.
    • Does not change the visible document layout.
    • The tag can be identified in DLP scans.
    • The tag can be used for forensic analysis to track leaked documents.

Improved Privacy Options:

  • Can choose to not store original messages with the DLP incident.
  • Send the original email to the data owner.
  • Easy to view HTML-based messages include highlighted matched content and masked credit card numbers.

Time Object:

  • Limit rules to certain times of the day, day of week or day of month.
  • Stop DLP rules on set date, when the data is no longer sensitive (for example, after financial data is publicly released).

Improved Compliance and Matching:

  • Easily view and quickly apply multiple compliance-related rules.
  • Improved template matching identifies files by text and by embedded images (for example, upload company logo to match documents using the company template with that logo embedded).
  • New Message Attributes data type to match based on overall message size, number of attachments, and number of words.

UserCheck

  • In Application and URL Filtering, UserCheck Frequencylets you set the number of times that users get UserCheck messages for accessing applications that are not permitted by the policy. You can also set the notifications to be based on accessing the rule, application category, or the application itself.
  • UserCheck Scopingenhances notifications to match not only by rule, but also by category and site in the Application Control rulebase.
  • A dedicated UserCheck agent on the endpoint gives users notifications and options, according to your rules, when their user actions match DLP or Application and URL Filtering rules.
  • If you don’t need users to enter their reason for wanting to do an action that is caught by DLP or Application and URL Filtering rules, you can disable this requirement. See the UserCheck Interaction window > Conditions.
  • Cancel button added to the Inform and Ask web pages, to stop loading a requested page or to stop an email in progress.
  • UserCheck Revoke Pagelets you delete (revoke) all UserCheck entries when you access the Revoke Page (https:///RevokePage).

Identity Awareness

  • New Identity acquisition methods:
    • Terminal Servers / Citrix communicate with the gateway through one IP address, but are used to host multiple users. The gateway identifies the originating user behind connections from these multi-user hosts.
    • Transparent Portal Authentication redirects an unauthenticated user to a URL, for authentication (using Kerberos SSO) and then redirects the user back to the originally requested URL. If the transparent authentication fails, the user is redirected to the Captive Portal for manual authentication. The new Browser-Based Authentication lets you configure Captive Portal and Transparent Portal Authentication for Identity Awareness.
    • SSO with Remote Access Clients integrates the Mobile Access blade with the Identity Awareness blade. It adds identity data for VPN client users (coming from E75.x clients, E80.x clients, SecureClient, SSL Network Extender, and so on).
  • Identity Agent for MAC OS (10.6 and 10.7). It can be downloaded from the Identity Awareness Captive Portal.
  • Nested Groups are enforced by the Identity Awareness blade. You can set a parent group as an Access Role in a rule, and it applies to all users in the sub groups.

SmartEvent

Reports:

 

  • New Reports tab, for richer management functionality of SmartEvent reports and ease of use.
  • Output reports to PDF.
  • New layout for Anti-Malware reports.

     

Anti-Bot and Anti-Virus X 5:

 

  • Enhanced overall support for Anti-Bot and Anti-Virus X 5.
  • SmartEvent Intro for Anti-Bot and Anti-Virus X 5.
  •  

 

Usability and Performance Enhancements:

  • Summary view of grouped Events tab supported in Application Control and Anti-Malware events.
  • Easy to activate SmartEvent on a standalone environment – no configuration needed, just activate the Software Blade on the Security Management Server properties.
  • Enhanced SmartEvent performance: support for 2 Million events per day (8,000 to 15,000 users behind Application Control and URL Filtering).

HTTPS Inspection

  • Support for HTTPS Inspection on inbound traffic.
  • Automatic update for Trusted CA list.

HTTPS Proxy

You can configure a Security Gateway to be an HTTP/HTTPS web proxy, in transparent or non-transparent mode.

IPsec

Support for Suite-B GCM encryption. See RFC 6379 for more information.

SmartLog

SmartLog is a next generation solution for managing logs generated by Check Point Security Gateways. This solution is designed to answer the challenges of storing, searching and filtering logs in modern environments with continually increasing log volume. SmartLog has full-text, ultra-fast search capability, and can search huge quantities of log files in seconds.

Enhancements

General

  • New SmartLog for full-text, ultra-fast search over billions of log records.
  • Configure Multi Portal access through VPN clients (connected with Office Mode), to protect your portals from external network exposure. This new option applies to all portals: Mobile Access Portal, UserCenter Portal, Identity Awareness Captive Portal, Platform Portal, and DLP Portal.
  • SmartProvisioning supports Security Gateway 80 appliances.

Performance

  • NAT and log templates in SecureXL.
  • IPv6 acceleration, MultiCore and ClusterXL HA support on Gaia and SecurePlatform.

Licensing

  • R75.40 management servers do not need IPv6 licenses.
  • Gaia can automatically attach licenses for Security Gateways and management servers.

SmartConsole

  • Hit count– shows number of instances a rule in the Application Control or Firewall rulebases was matched to traffic.
  • Improved performance and easier installation of SmartConsoles.

R75.40 Documentation

 

 

 

This entry was posted in CheckPoint. Bookmark the permalink.

One Response to Check Point R75.40

  1. ltgjamaica says:

    This update seem good but how about returning developing a pure 64bit VPN client that works with IPSEC only,I prefer secure client and have yet to see the reason for the change in behavior in the new vpn client. Is there a way to stop Endpoint connect from uing SSL to connect to a gateway ?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s