Check Point Gaia R81 is now EA. First glance

A new version of Gaia R81 has been posted in Early Access (EA). Previously it was possible to get acquainted with planned innovations in release notes. Now we have the opportunity to look at it in real life. For this, a standard scheme was assembled with a dedicated control server and gateway. Naturally, we did not have time to carry out all the full-fledged tests, but we are ready to share what immediately catches the eye when we get acquainted with the new system. Below the cut are the main points that we highlighted when we first met the system (many pictures).

Control

When initializing the gateway, you have the opportunity to immediately connect to the cloud management server – Smart 1 Cloud (aka MaaS):

This is a relatively new feature (there is also 80.40 in the latest take) and we will tell you more about this service in the very near future. Here the main plus (in our opinion) is the long-awaited possibility of control through the browser 🙂

VxLAN and GRE

The first thing we “climbed” to check was VxLAN and GRE support. Release Notes did not deceive us, everything is in place:

One can argue about the need for these features on NGFW, but it’s better when the user has that choice.

Infinity Threat Prevention

This is probably the first thing that catches your eye when you start to rule security policy. Added a new option for activating Threat Prevention blades – Infinity. Those. no need to choose which blades to enable, Check Point decided everything for us (I don’t know how good it is):

In this case, of course, you still have the opportunity to customize the blades as usual.

Infinity Threat Prevention Policy

While we’re on the subject of Threat Prevention, let’s take a look at Policy right away. This is probably one of the most significant changes:

As you can see, there are many more pre-configured policies. You can see in detail what the difference between them is by clicking on Help me decide:



This policy is dynamic and updated without your participation.

Change Report

Finally, you can see in a convenient form what exactly was changed while editing the configuration:

There is a general report:

And there are completely specific sections:


It is very convenient to follow the changes.

Web Management for Endpoint

As you probably know, you can enable Endpoint Management and manage SandBlast agents on the management server. An interesting feature has been added to the R81 – browser control. This is turned on in a rather interesting way. You need to enter the CLI mode expert and enter the command “Web_mgmt_start”, and then go to the address – https: //: 4434 / sba /. And the web console will open in front of you:

We partially talked about this platform in the framework of the articles “Check Point SandBlast Agent Management Platform” by Alexey Malko. True, there such a console was available only in the cloud, but now it works on local management servers.

Smart Update

When you try to add licenses through the good old Smart Update, the console will kindly warn you that now you can do this without leaving the already familiar Smart Console:

NAT

A very expected functionality. NAT rules can now use Access Roles, Security Zones or Updatable Objects… There are cases when it is very useful and necessary.

Conclusion

That’s all for now. There are many more innovations that require a test (IoT, Azure AD, Updgrade, Logs API, etc.). As I wrote above, in the near future we will publish an overview of the new cloud management system – Smart-1 Cloud… Stay tuned for updates in our channels (Telegram, Facebook, VK, TS Solution Blog)!
Also, do not forget about our large selection of Check Point materials.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *