15 January 2019

R80.20

Release Notes
[Protected]
Classification:
CHAPTER 1

2019 Check Point Software Technologies Ltd.

All rights reserved. This product and related documentation are protected by copyright and
distributed under licensing restricting their use, copying, distribution, and decompilation. No part
of this product or related documentation may be reproduced in any form or by any means without
prior written authorization of Check Point. While every precaution has been taken in the
preparation of this book, Check Point assumes no responsibility for errors or omissions. This
publication and features described herein are subject to change without notice.
RESTRICTEDRIGHTSLEGEND:
Use, duplication, or disclosure by the government is subject to restrictions as set forth in
subparagraph (c)(1)(ii)of the Rights in Technical Data and Computer Software clause at DFARS
252.227-7013 and FAR 52.227-19.
TRADEMARKS:
Refer to the Copyright page https://www.checkpoint.com/copyright/ for a list of our trademarks.
Refer to the Third Party copyright notices
https://www.checkpoint.com/about -us/third -party-trademarks -and-copyrights/ for a list of
relevant copyrights and third -party licenses.

R80.20 Release Notes | 2

 Important Information

Important Information
Latest Software
We recommend that you install the most recent software release to stay up-to-date
with the latest functional improvements, stability fixes, security enhancements and
protection against new and evolving attacks.

Certifications
For third party independent certification of Check Point products, see the Check Point
Certifications page
https://www.checkpoint.com/products -solutions/certified -check-point-solutions/ .

CheckPoint R80.20
For more about this release, see the R80.20 home page
http://supportcontent.ch eckpoint.com/solutions?id=sk122485.

More Information
Visit the Check Point Support Center https://supportcenter.checkpoint.com .

Latest Version of this Document

Open the latest version of this document in a Web browser
https://sc1.checkpoint.com/documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_
RN/html_frameset.htm .
Download the latest version of this document in PDF format
http://supportcontent.checkpoint.com/documentation_download?ID=65044 .
To learn more, visit the Check Point Support Center
https://supportcenter.checkpoint.com .

Feedback
Check Point is engaged in a continuous effort to improve its documentation.
Please help us by sending your comments
mailto:[email protected]?subject=Feedbackon R80.20 Release
Notes.

RevisionHistory
Date Description
15-January-2019 R80.20 becomes the default version (on page 8)
18 November 2018 Updated: R80.10 Security Management Server can manage R80.20
Security Gateway (on page 16)
17 October 2018 Updated: Advanced Threat Prevention (on page 10) - added "Threat
Emulation is fully supported."

R80.20 Release Notes | 3

 Important Information

Date Description
08 October 2018 Updated: Supported Upgrade Paths (on page 16) - Added a note "New
Early Availability program with our new Linux kernel version 3.10 based
on R80.20 is now available for Security Gateway (see sk137854
http://supportcontent.checkpoint.com/solutions?id=sk137854 )"
04 October 2018 Improved formatting and document layout for the HTML guide
26 September 2018 First release of this document

R80.20 Release Notes | 4

Contents
Important Information .................................................................................................................. 3
Important Links ............................................................................................................................7
Introduction ..................................................................................................................................
8
What's New ...................................................................................................................................
9
Performance Enhancements ................................................................................................... 9
Performance Enhancements .............................................................................................. 9
VSXGateways...................................................................................................................... 9
Significant Improvements & New Features ............................................................................10
Advanced Threat Prevention ..............................................................................................10
CloudGuard IaaS Enhancements .......................................................................................11
Access Policy ......................................................................................................................11
Identity Awareness .............................................................................................................11
HTTPSInspection ...............................................................................................................12
Mirror and Decrypt .............................................................................................................12
Clustering ...........................................................................................................................12
Gaia OS...............................................................................................................................12
Advanced Routing...............................................................................................................13
ICAP Client .........................................................................................................................13
Security Management Enhancements ....................................................................................13
SmartConsole.....................................................................................................................13
Logging and Monitoring .....................................................................................................13
SmartProvisioning ..............................................................................................................14
Mobile Access.....................................................................................................................14
Endpoint Security Management Server .............................................................................14
Compliance.........................................................................................................................14
Licensing......................................................................................................................................15
Supported Upgrade Paths ...........................................................................................................16
Maintaining Security Management Server Version ................................................................17
Required Disk Space....................................................................................................................17
Check Point Appliances ...............................................................................................................18
Hardware Health Monitoring .......................................................................................................19
Open Server Minimal Hardware Requirements ..........................................................................20
Maximum Supported Physical Memory.......................................................................................20
Supported Platforms ...................................................................................................................20
Build Numbers ............................................................................................................................21
Supported Backward Compatibility Gateways............................................................................21
Maximum Supported Number of Interfaces on Security Gateway..............................................22
Maximum Supported Number of Cluster Members ....................................................................22
Logging Requirements ................................................................................................................22
Storing Logs ............................................................................................................................22
SmartEvent Requirements .....................................................................................................23
SmartConsole Requirements ......................................................................................................23
Hardware Requirements.........................................................................................................23
Software Requirements ..........................................................................................................23
Gaia Portal Requirements ...........................................................................................................24
Threat Emulation Requirements ................................................................................................. 24
Mobile Access Requirements ......................................................................................................25
Identity Awareness Requirements ..............................................................................................26
Endpoint Security Requirements ................................................................................................. 27
Check Point Clients and Agents Support ....................................................................................28
Multiple Login Option Support ................................................................................................28
Clients and Agents Support by Windows Platform ................................................................. 29
Clients and Agents Support by Mac Platform .........................................................................30
DLP Exchange Agent Support .................................................................................................
30
CHAPTER 2

Important Links
For more about R80.20 and to download the software, see the R80.20 Home Page: sk122485
http://supportcontent.checkpoint.com/solutions?id=sk122485 .
Read the Known Limitations: sk122486
http://supp ortcontent.checkpoint.com/solutions?id=sk122486 .
See issues resolved in this release: sk122488
http://supportcontent.checkpoint.com/solutions?id=sk122488 .
Visit the Check Point Checkmates Community https://community.checkpoint.com/ :
 Start discussions
 Get answers from experts
 Join the API community to get code samples and share yours
Visit http://www.checkpoint.com/architecture/infinity/ to learn more about R80.20.

R80.20 Release Notes | 7

CHAPTER 3

Introduction
R80.20, part of the Check Point Infinity architecture, delivers the most innovative and effective
security that keeps our customers protected against large scale, fifth generation cyber threats.
The release contains innovations and significant improvements in:
 Gateway performance
 Advanced Threat Prevention
 Cloud Security
 Access policy
 Consolidated network and endpoint management capabilities
 And much more
R80.20 was released on September 26, 2018. Starting January 15th 2019, R80.20 take 101 with
Jumbo Hotfix Accumulator take_17 (see sk137592) is considered as Check Point's default version
(widely recommended for all deployments)

R80.20 Release Notes | 8

 What's New

What's New
R80.20 creates a breakthrough in Check Point Security Gateway,matching the R80 security
management innovations.
R80.20 is part of CheckPoint Infinity, a consolidated cyber security architecture that spans
networks, cloud, and mobile. It provides the highest level of Threat Prevention against both known
and unknown targeted attacks to keep you protected now and in the future.

Performance Enhancements
Performance Enhancements
 HTTPSInspection performance improvements
 Session rate improvements on high- end appliances (13000,15000, 21000 & 23000 Security
Gateway models).
 Acceleration remains active during policy installation, no impact on Security Gateway
performance.

VSX Gateways
 Significant boost to Virtual Systems performance, utilizing up to 32 CoreXL FW instances for
each Virtual System.
 Dynamic Dispatcher - Packets are processed by different FW worker (FWK) instances based on
the current instance load.
 Changes in the number of FW worker instances (FWK) in a VSLSsetup do not require
downtime.
 SecureXL Penalty Box supports the contexts of each Virtual System, see sk74520
http://supportcontent.checkpoint.com/solutions?id=sk74520 .

R80.20 Release Notes | 9

 What's New

Significant Improvements & New Features

Advanced Threat Prevention
 Threat Emulation is fully supported.
 Enhanced configurati on and monitor abilities for Mail Transfer Agent (MTA) in SmartConsole
for handling malicious mails.
 Configuration of ICAP Server with Threat Emulation and Anti-Virus Deep Scan in
SmartConsole.
 Automatic download of IPS updates by the Security Gateway.
 SmartConsole support for multiple Threat Emulation Private Cloud Appliances.
 SmartConsole support for blocking archives containing prohibited file types.
 Threat Extraction
 Full ClusterXL HA synchronization, access to the original files is available after a failover.
 Support for external storage.
 Advanced Threat Prevention Indicators (IoC) API
 Management API support for Advanced Threat Prevention Indicators (IoC).
 Add, delete, and view indicators through the management API.
 Advanced Threat Prevention Layers
 Support layer sharing within Advanced Threat Prevention policy.
 Support setting different administrator permissions per Advanced Threat Prevention layer.
 MTA (Mail Transfer Agent)
 MTA monitoring, e-mails history views and statistics, current e-mails queue status and
actions performed on e-mails in queue.
 MTA configuration enhancements
 Setting a domain object as next hop.
 Ability to create an access rule to allow SMTP traffic to a Security Gateway.
 Create a dedicated Advanced Threat Prevention rule for MTA.
 MTA enforcement enhancements
 Replacing malicious links in an email with a configurable template.
 Configurable format for textual attachments replacement.
 Ability to add a customized text to malicious e-mails' body or subject.
 Tagging malicious-mails using X-header
 Sending a copy of the malicious e-mail to a predefined recipients list
 Improvements in policy installation performance on R80.10 and above Security Gateways with
IPS
 Performance impact of "Suspicious Mail Activity" protection in Anti-Bot was changed to "High"
and is now off by default

R80.20 Release Notes | 10

 What's New

CloudGuard IaaS Enhancements

 Automated Security Transit VPCin Amazon Web Services (AWS)- Automatically deploy and
maintain secured scalable architecture in Amazon Web Services.
 Integration with Google Cloud Platform.
 Integration with Cisco ISE.
 Integration with Nuage Networks.
 Automatic license management with the CloudGuard IaaS Central Licensing utility.
 Monitoring capabilities integrated into SmartView.
 Data center objects can now be used in access policy rules installed on 41000, 44000, 61000
and 64000 Scalable Platforms.

Access Policy
 Updatable Objects – a new type of network objects that represent an external service such as
Office 365, Amazon Web Services, Azure GEOlocations and more, and can be used in the
Source and Destination columns of an Access Control policy. These objects are dynamically
updated and kept up-to-date by the Security Gateway without the need to install a policy.
 Wildcard network object in Access Control that represents a series of IP addresses that are
not sequential.
 Only for Multi -Domain Server: Support for scheduled policy installation with cross-Domain
installation targets (Security Gateways or Policy Packages).
 Rule Base performance improvements, for enhanced Rule Base navigation and scrolling.
 Global VPN Communities (previously supported in R77.30).
 Support for using NAT64 and NAT46 objects in Access Control policy.

Identity Awareness
 Identity Tags support the use of tags defined by an external source to enforce users, groups or
machines in Access Roles matching.
 Improved SSOTransparent Kerberos Authentication for Identity Agent, LDAP groups are
extracted from the Kerberos ticket.
 Two Factor Authentication for Browser- Based Authentication (support for RADIUS
challenge/respons e in Captive Portal and RSA SecurID next Token/Next PIN mode).
 Identity Collector
 Support for Syslog Messages - ability to extract identities from syslog notifications.
 Support for NetIQ eDirectory LDAP Servers.
 Additional filter options - "Filter per Security Gateway" and "Filter by domain".
 Improvements and stability fixes related to Identity Collector and Web API.
 New configuration container for Terminal Servers Identity Agents.
 Active Directory cross-forest trust support for Terminal Servers Agent.
 Identity Agent automatic reconnection to prioritized PDP gateways.

R80.20 Release Notes | 11

 What's New

 Security Management Server can securely connect to Active Directory through a Security
Gateway,if the Security Management Server has no connectivity to the Active Directory
environment and the Security Gateway does.

HTTPSInspection
 Hardware Security Module (HSM) support – outbound HTTPSInspection stores the SSL keys
and certificates on a third party dedicated appliance.
 Additional ciphers support for HTTPSInspection (for more information see sk104562
http://supportcontent.checkpoint.com/solutions?id=sk104562 ).

Mirror and Decrypt

 Decryption and clone of HTTP and HTTPStraffic.
 Forwarding traffic to a designated interface for mirroring purposes.

Clustering
 New CCP Unicast mode - a new mode in which a cluster member sends the CCP packets to the
unicast address of a peer member.
 New Automatic CCP mode - CCP mode is adaptive to network changes, Unicast, Multicast or
Broadcast modes are automatically applied according to network state.
 Enhanced cluster monitoring capabilities.
 Enhanced cluster statistics and debugging capabilities.
 Enhanced Active/Backup Bond.
 Support for more topologies for Synchronization Network over Bond interfaces.
 Improved cluster synchronization and policy installation mechanism.
 New grace mechanism for cluster failover for improved stability.
 New cluster commands in Gaia Clish.
 Improved clustering infrastructure for RouteD (Dynamic Routing) communication.

Gaia OS
Upgraded Linux kernel (3.10) - applies to Security Management Server only.
 New file system (xfs)
 More than 2TB support per a single storage device.
 Enlarged systems storage (up to 48TB).
 I/O-related performance improvements.
 Support of new system tools for debugging, monitoring and configuring the system
 iotop (provides I/O runtime statistics).
 lsusb (provides information about all devices connected to USB).
 lshw (provides detailed information about all hardware).
 lsscsi (provides information about storage).
 ps (new version, more counters).
 top (new version, more counters).
R80.20 Release Notes | 12
 What's New

 iostat (new version, more counters).

Advanced Routing
 Allow AS-in-count.
 IPv6 MD5 for BGP.
 IPv4 and IPv6 OSPFmultiple instances.
 Bidirectional Forwarding Detection (BFD) for gateways and VSX,including IP Reachability
detection and BFD Multihop.
 OSPFv2HMAC-SHA authentication (in addition to OSPFv2MD5 authentication).

ICAP Client
 Integrated ICAP Client functionality.

Security Management Enhancements

SmartConsole
 Multiple simultaneous sessions in SmartConsole - One administrator can publish or discard
several SmartConsole private sessions, independently of the other sessions
 SmartConsole Accessibility features
 Keyboard navigation - ability to use the keyboard alone to navigate between the different
SmartConsole fields.
 Improved experience for the visually impaired, color invert for all SmartConsole windows.
 Required fields are highlighted.

Logging and Monitoring

 Log Exporter - an easy and secure method to export Check Point logs over Syslog to any SIEM
vendor using standard protocols and formats.
 Ability to export logs directly from a Security Gateway (previously supported in R77.30).
 Unified logs for Security Gateway,SandBlast Agent and SandBlast Mobile for simplified log
investigation.
 Enhanced SmartView in browser:
 Log viewer with log card, column profile and statistics.
 Export logs with custom or all fields.
 Automatic-refresh for views.
 Relative time frame support.
 Improved log-viewer with cards, profiles, statistics and filters.
 I18N support for 6 languages (English, French, Spanish, Japanese, Chinese, Russian).
 Accessibility support - keyboard navigation and high contrast theme.

R80.20 Release Notes | 13

 What's New

SmartProvisioning
 Integration with SmartProvisioning (previously supported in R77.30).
 Support for the 1400 series appliances.
 Administrators can now use SmartProvisioning in parallel with SmartConsole.

Mobile Access
 Support for reCAPTCHA,keep abusive automated software activities from interfering with
regular portal operations.
 Support for One Time Password (OTP)without any hardware tokens.

Endpoint Security Management Server

Endpoint Security Server is now part of the main train.
 Support for SandBlast Agent, Anti-Exploit and Behavioral Guard policies.
 SandBlast Agent push operation to move/restore files from quarantine.
 Directory Scanner initial scan and full rescan takes significantly less time.
 Stability and performance enhancements for Online Automatic Synchronization (High
Availability).
These features from the Endpoint Security Management R77.30.03release are included:
 Management of new Software Blades:
 SandBlast Agent Anti-Bot.
 SandBlast Agent Threat Emulation and Anti-Exploit.
 SandBlast Agent Forensics and Anti-Ransomware.
 Capsule Docs.
 New features in existing Software Blades:
 Full Disk Encryption
* Offline Mode.
* Self Help Portal.
* XTS-AES Encryption.
* New options for the Trusted Platform Module (TPM).
* New options for managing Pre- boot Users.
 Media Encryption & Port Protection
* New options to configure encrypted container.
* Optical Media Scan.
 Anti- Malware
* Web Protection.
* Advanced Disinfection.

Compliance
 User can create custom best practices based on scripts.
 Support for 35 regulations including General Data Protection Regulation (GDPR).

R80.20 Release Notes | 14

 Licensing

Licensing
For all licenses issues contact Account Services
mailto:[email protected]?subject=Licensing Issues.

R80.20 Release Notes | 15

 Supported Upgrade Paths

Supported Upgrade Paths

CPUSEis the installat ion and upgrade method supported for this release. To learn more about
CPUSE,see sk92449 http://supportcontent.checkpoint.com/solutions?id=sk92449 .
R80.20 Security Management Server supports Linux 3.10 kernel. When you perform a Clean
Install, or Advanced Upgrade to R80.20,it uses the xfs file system. After an in- place upgrade
(using CPUSE),the file system remains ext3 except for Smart-1 525, 5050, 5150 appliances, which
use the xfs file system.
New Early Availability program with our new Linux kernel version 3.10 based on R80.20 is now
available for Security Gateway.This version is for customers who are looking to try R80.20
Security Gateway on Open Servers with latest CPUs. For more information, see sk137854
http://supportcontent.checkpoint.com/solutions?id=sk137854 .
Upgrade with the Supported Methods for your current installation.

From R75.4x, R75.40VS,R76, R77.x, R77.20 EP6.0/EP6.1/EP6.2, R77.30.01, R77.30.02,

R77.30.03, R80, R80.10 and R80.20.M1 to R80.20*:
Check Point Product Supported Methods
Security Gateway  CPUSEUpgrade
Security Management Server
 CPUSEClean Install
Multi -Domain Server
 Advanced Upgrade
CloudGuard Controller

* To upgrade from R80.20.M1to R80.20,see sk137677

http://supportcontent.checkpoint.com/solutions?id=sk137677 .
Notes:
 To upgrade from R77.20 or R77.30 with the Add-on: It is not necessary to uninstall the
Add-on. Remove these unsupported features: Modbus support with the Application Control
Software Blade, "SAML" Cloud Connector for web based single sign on.
 Downgrade: On Smart -1 525, Smart-1 5050, and Smart-1 5150 appliances (sk120453
http://supportcontent.checkpoint.com/solutions?id=sk120453 ) that run the Dedicated R80.10
image -
Before upgrading to R80.20,take a Gaia OS Snapshot. If in the future you decide to downgrade
the appliance back to the Dedicated R80.10 image, revert to that Gaia OS Snapshot.
 When upgrading from R80 only, User Defined reports will be migrated during the upgrade to
the SmartConsole reports. Report Scheduling and email server definitions will not be migrated
and need to be defined.

R80.20 Release Notes | 16

 Required Disk Space

Maintaining Security Management Server Version

You can manage R80.20 Gateways with your existing R80.10 Security Management Server or
Multi -Domain Server.

To enable this:
 Install R80.10 Jumbo Hotfix Accumulator Take 167 and higher (Refer to sk116380
http://supportcontent.checkpoint.com/solutions?id=sk116380 ).
 Install R80.10 SmartConsole build 89 and higher (Refer to sk119612
http://supportcontent.checkpoin t.com/solutions?id=s119612).
Note that if you choose to not upgrade to R80.20 Security Management Server or Multi -Domain
Server, the new features will not be supported.

Required Disk Space

RequiredDisk Spacefor SecurityManagementServer:
Before installation or upgrade, CPUSEverifies that enough free disk space is available. If the
amount of available disk space is not sufficient, a message shows what is required.
This table shows the free disk space required for some packages:

R80.20Installatio n, Required Disk Space

or Upgrade Type
The minimum required unpartitioned disk space is the
highest value of one of these:
Clean Install
 Size of the current root partition.
 The used space in the current root partition plus 3 GB.
Major Upgrade
 If the used space is more than 90% of the root partition,
then 110% of the size of the current root partition.
If you do not have enough free disk space, you can use the Logical Volume Manager (LVM) to
increase the disk space of logical volumes on Gaia. This space is taken from the unallocated disk
space, which is usually used for snapshots and upgrades. For more details see sk95566
http://supportcontent.checkpoint.com/solutions?id=sk95566 .

Required Disk Spacefor R80.20 Server:

Before you run a clean install of R80.20 Multi -Domain Servers, make sure that at least 10 GB of
free disk space in the root partition is available. For an environment with many Domain
Management Servers, more than 10 GB of free disk space is often required.

R80.20 Release Notes | 17

 Check Point Appliances

Check Point Appliances

Standalone and Management Servers boot by default with 64-bit Gaia kernel after a clean install
or upgrade to R80.20.
Note - If you revert an R80.20 upgrade, the appliance will still boot with 64-bit Gaia kernel, even if
it was originally 32-bit.

ManagementServers
Check Point Product
Security Management
Log Server
SmartEvent Server
Multi-Domain Security
Management
Multi-Domain Log Server
Smart-1 Smart-1
25b, 205, 210, 225, 405, 410, 525 50, 150, 3050, 3150, 5050, 5150
* *
* *
* *
*
*

* Smart -1 25B, 205, and 210 appliances with default memory can run Security Management OR
Log Server OR SmartEvent.
** We recommend that you upgrade the memory of Smart-1 205 to 16GB as part of the upgrade to
R80.20.
*** Smart -1 210 with memory extension to 16GB can run Security Management AND/OR Log
Server AND/OR SmartEvent.

R80.20 Release Notes | 18

 Hardware Health Monitoring

Security Gatewayand Standalone(Gateway+ Management)

The model numbers in this table are for the series of appliances that support R80.20.

Appliance Series Security Gateway Standalone (Gateway+

Management)
2200 *

3000 * *

4000 * *, **
5000 * *

12000 * **
13000 * *

15000 * *

21000 * *

23000 * *

* The 4200 appliance does not support a Standalone deployment.

** These appliance models do not support a Standalone deployment with their default RAM (4GB):
4400, 4600, 4800, 12200, and 12400. Upgrade these models to at least 8 GB RAM to support a
Standalone deployment.

Threat EmulationPrivate CloudAppliance

These appliances are fully supported with R80.20:
TEX100X,TEX250X,TEX1000Xand TEX2000X.

Hardware Health Monitoring

R80.20 supports these Hardware Health Monitoring features for Gaia Check Point appliances:
 RAID Health:Use SNMP to monitor the health of the disks in the RAID array, and be notified of
volume and disk states.
 Hardware Sensors:Use the Gaia Portal or SNMP to monitor fan speed, motherboard voltages,
power supply health, and temperatures. Some open servers are supported with an IPMI
interface card that requires an IPMI card.

Check Point Appliances Smart-1

SNMP Hardware sensor monitoring (polling and traps) *
Gaia Portal hardware sensor monitoring *
RAID monitoring with SNMP *

R80.20 Release Notes | 19

CHAPTER 4

Open Server Minimal Hardware

Requirements
R80.20 servers are designed to utilize available hardware resources efficiently to maximize
performance and scalability. We recommend that you leverage this advantage and use the most
powerful hardware available to get the best performance.

Component Security Gateway VSXGateway Security Management Multi -Domain

Server/Standalone Server
Processor Intel Pentium IV, Intel Pentium IV, 2 Intel Pentium IV, 2.6 Dual Socket 2x
2 GHz or GHz or equivalent GHz or equivalent Xeon E5-2609v2
equivalent 4 cores, 2.5 GHz
or equivalent
Total CPU 2 2 2 8
Cores
Memory 4 GB RAM 4 GB RAM 6 GB RAM 32 GB RAM
Free Disk 15 GB 12 GB + 1 GB per VS 500 GB (Installation 1 TB (Installation
Space includes OS) includes OS)

Note - The above numbers do not apply to SmartEvent & SmartLog.

Maximum Supported Physical Memory

Check Point Product Physical RAM Limit
Security Management Server, or 512 GB
Multi -Domain Security Management Server
Security Gateway or Cluster Member 256 GB

Supported Platforms
Check Point Product Red Hat Enterprise VMware ESXi Microsoft
Linux Hyper-V**
Windows 2012 R2,
Security Management Server 7.3 or higher 5.x, 6.x
2016 (64-bit only)*
Multi -Domain Security Windows 2012 R2,
7.3 or higher 5.x, 6.x
Management Server 2016 (64-bit only)*
Windows 2016 (64
Security Gateway Not Supported 5.x, 6.x
bit only)

* For the most up-to-date information about Microsoft Hyper-V, see the Virtual Machines section
of the Hardware Compatibility List https://www.checkpoint.com/support -services/hcl/ .
R80.20 Release Notes | 20
 Build Numbers

Build Numbers
Software Blade / Product Build Number Verifying Build Number
Gaia OS build 101 show version all

Security Gateway 255 fw ver

Security Management 081 fwm ver

Multi -Domain Server 084 fwm mds ver

SmartConsole 992000164 Menu > About Check Point SmartConsole

Supported Backward Compatibility

Gateways
R80.20 Management Servers can manage Security Gateways of these versions:

GatewayType Release Version

R75.20, R75.30, R75.40,R75.45,R75.46, R75.47,
R76,
Security Gateway
R77, R77.10, R77.20,R77.30,
R80.10

R76, R77, R77.10, R77.20,R77.30,

VSX
R80.10

R80.20 Management Servers can manage appliance Security Gateways that run these versions:

Appliance Release Version

Security Gateway 80 R75.20.x

UTM-1 Edge N 8.1 and higher

1100 Appliances R75.20.x,R77.20.x

1200R Appliances R77.20.x

1400 Appliances R77.20.x

60000/40000Scalable R76SP,R76SP.10,R76SP.20,R76SP.30,R76SP.40for 61000/41000

Platforms R76SP.50for 61000/41000and 64000/44000

R80.20 Release Notes | 21

 Maximum Supported Number of Interfaces on Security Gateway

Maximum Supported Number of

Interfaces on Security Gateway
The maximum number of interfaces supported (physical and virtual) is shown in this table.

Mode Max # of Interfaces Notes

Security Gateway 1024 Non-VSX
VSXGateway 4096 Includes VLANs and Warp Interfaces
Virtual System 256 Includes VLANs and Warp Interfaces

Note - This table applies to Check Point Appliances and Open Servers.

Maximum Supported Number of

Cluster Members
Cluster Type Maximum Supported Number
of Cluster Members
ClusterXL 5
Virtual System Load Sharing 13

Logging Requirements
Storing Logs
Logs can be stored on:
 A Security Management Server that collects logs from the Security Gateways.This is the
default.
 A Log Server on a dedicated machine. This is recommended for organizations that generate
many logs.
A dedicated Log Server has greater capacity and performance than a Security Management Server
with an activated logging service. On dedicated Log Servers, the Log Server must be the same
version as the Management Server.

R80.20 Release Notes | 22

 SmartConsole Requirements

SmartEvent Requirements
You can enable the SmartEvent Blade on a Security Management Server, or install a dedicated
SmartEvent Server. SmartEvent R80.20 can connect to a different version of Log Server - R77.xx
or lower.
SmartEvent and a SmartEvent Correlation Unit are usually installed on the same server. You can
also install them on separate servers, for example, to balance the load in large logging
environments. The SmartEvent Correlation Unit must be the same version as SmartEvent Server.
To deploy SmartEvent and to generate reports, a valid license or contract is required.

SmartConsole Requirements
Hardware Requirements
This table shows the minimum hardware requirements for SmartConsole applications:

Component Minimal Requirement

CPU Intel Pentium Processor E2140, or 2 GHz equivalent processor
Memory 4 GB
Available Disk Space 2 GB
Video Adapter Minimum resolution: 1024 x 768

Software Requirements
SmartConsole is supported on:
 Windows 10 (all editions), Windows 8.1 (Pro), and Windows 7 (SP1, Ultimate, Professional, and
Enterprise)
 Windows Server 2016, 2012, 2008 (SP2),and 2008 R2 (SP1)

R80.20 Release Notes | 23

 Gaia Portal Requirements

Gaia Portal Requirements

The Gaia Portal supports these web browsers:

Browser Supported Versions

Google Chrome 14 and higher

8 and higher
Microsoft Internet Explorer (If you use Internet Explorer 8, file uploads through the Gaia
Portal are limited to 2 GB)

Microsoft Edge Any

Mozilla Firefox 6 and higher
Apple Safari 5 and higher

Threat Emulation Requirements

The Threat Emulation requirements are different based on the emulation location:
 ThreatCloud - Gaia operating system (64 or 32-bit)
 Local or Remote emulation - Threat Emulation Private Cloud Appliance on the Gaia
operating system (64-bit only)

R80.20 Release Notes | 24

 Mobile Access Requirements

Mobile Access Requirements

OSCompatibility
Endpoint OS Compatibility Windows Linux Mac iOS Android
Mobile Access Portal * * * * *

Clientless access to web applications * * * * *

(Link Translation)
Compliance Scanner * * *

Secure Workspace *

SSL Network Extender - Network * * *

Mode
SSL Network Extender - Application *
Mode
Downloaded from Mobile Access * * *
applications
Clientless Citrix * * *

File Shares - Web-based file viewer * * * * *

(HTML)
Web mail * * * * *

R80.20 Release Notes | 25

 Identity Awareness Requirements

Browser Compatibility
Endpoint Microsoft Microsoft Google Mozilla Apple Opera
Browser Internet Edge Chrome(1) Firefox Safari for
Compatibility Explorer Windows

Mobile Access Portal * * * * * *

Clientless access to web * * * * *

applications (Link
Translation)
* * * *
Compliance Scanner(2)
* * *
Secure Workspace(3)

SSL Network Extender - * * * *

Network Mode
SSL Network Extender - * * * *
Application Mode(3)

Downloaded from Mobile * * * *

Access applications
Clientless Citrix * *

File Shares - Web- based * * * * * Limited

file viewer (HTML) support
Web mail * * * * *

1. Google Chrome support for Mobile Access Portal on-demand clients, such as SSL Network
Extender Network Mode, SSL Network Extender Application Mode, Secure Workspace, and
Endpoint Security on Demand, requires Java JRE 32-bit installed on the end-user's computer.
2. Running Compliance Scanner on Windows platforms requires Java Runtime Environment (JRE
or JDK) 32-bit installed on the end-user's computer.
3. Secure Workspace and SSL Network Extender Application Mode are available for Windows
platforms only.

Identity Awareness Requirements

 Identity Agents
See Clients and Agents Support by Windows Platform (on page 28) and Clients and Agents
Support by Mac Platform (on page 29) for:
 Identity Agent (Light and Full)
 Identity Agent for Terminal Servers
 Identity Collector
 AD Query
Active Directory for AD Query is supported on:
Microsoft Windows Server 2008 R2, 2012, 2012 R2, and 2016.

R80.20 Release Notes | 26

 Endpoint Security Requirements

Endpoint Security Requirements

 Endpoint Security Management Servers are supported on Management-only appliances or
open servers. Endpoint Security Management Servers do not support Standalone (Security
Gateway + Management Server) and Multi -Domain Security Management deployments.
 Endpoint Security Management Servers do not support on Red Hat Enterprise Linux releases.
 R80.20 Endpoint Security Management Server can manage:
 E80.64 and higher versions of Endpoint Security Clients for Windows
 E80.64 Endpoint Security Client for Mac

Anti- Malware signature updates:

 To allow Endpoint clients to get Anti-Malware signature updates from a cleanly installed
R80.20 Primary Endpoint Security Management Server or cleanly installed R80.20 Endpoint
Policy Server, you must follow sk127074
http://supportcontent.checkpoint.com/solutions?id=sk127074 . No additional steps are
required, if you upgraded the Primary Endpoint Security Management Server to R80.20.
 Endpoint Security Clients can still acquire their Anti-Malware signature updates directly from
an external Check Point signature server or other external Anti-Malware signature resources,
if your organization's Endpoint Anti-Malware policy allows it.

Post-Upgrade Requirement:
If you upgraded the Endpoint Security Management Server to R80.20, then to keep visibility of
Endpoint client events in the SmartConsole, you must perform these steps:
1. Connect with SmartConsole to the Security Management Server.
2. In the top left corner, click Menu > Install database.
3. Select all objects.
4. Click Install.
5. Click OK.
For more information, see the R80.20 Endpoint Security Management Server Administration Guide
https://sc1.checkpoint.com/documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_EndpointSe
curity_AdminGuide/html_frameset.htm .

R80.20 Release Notes | 27

 Check Point Clients and Agents Support

Check Point Clients and Agents Support

Multiple Login Option Support
R80.10 introduced multiple login options per gateway with multi -factor authentication schemes,
for users of different clients and the Mobile Access portal. For example, configure an option to
authenticate with Personal Certificate and Password, or Password and DynamicID for SMS or
email.
These features are supported when connected to an R80.20 gateway that has IPsec VPN or Mobile
Access enabled.

Supported Client or Portal Lowest Supported Version

Mobile Access Portal R80.10
Capsule Workspace for iOS 1002.2
Capsule Workspace for Android 7.1
Remote Access clients for Windows - Standalone clients E80.65
Remote Access VPN Blade of the Endpoint Security Suite for E80.65
Windows

See the R80.30 Mobile Access Administration Guide

https://sc1.checkpoint.com/documents/R80.30_GA/WebAdminGuides/EN/CP_R80.30_MobileAcce
ss_AdminGuide/html_frameset.htm or the R80.30 Remote Access VPN Administration Guide
https://sc1.checkpoint. com/documents/R80.30_GA/WebAdminGuides/EN/CP_R80.30_RemoteAcc
essVPN_AdminGuide/html_frameset.htm for details.

R80.20 Release Notes | 28

 Check Point Clients and Agents Support

Clients and Agents Support by Windows Platform

Microsoft Windows
In this table, Windows 7 support is true for Ultimate, Professional, and Enterprise editions.
Windows 8 support is true for Pro and Enterprise editions. All the marked consoles and clients
support Windows 32-bit and 64-bit.

Check Point Product Windows 7 (+SP1) Windows 8.1 Windows 10 *

* *
Remote Access clients E80.x * (with 8.1 (E80.62
Update 1) and higher)

Capsule VPN Plug-in * *

SSL Network Extender * * *

UserCheck Client * * *

Identity Agent (Light and Full) * * *

Identity Agent for Terminal

*
Servers

* Supported Windows 10 versions: 1703, 1709, 1803 for more information see the Detailed Client
Releases Information section in sk117536
http://supportcontent.checkpoint.com/solutions?id=sk117536

Microsoft WindowsServer

Check Point Product Server Server Server Server

2008R2 2012 2012 R2 2016
(+SP1) 64-bit
UserCheck Client * * *
Identity Agent for Terminal
* * * *
Servers
Identity Collector * * * *

Note - Identity Agent for Terminal Servers is also supported on XenApp 6.

R80.20 Release Notes | 29

 Check Point Clients and Agents Support

Clients and Agents Support by Mac Platform

All support is for Macintosh OS 64-bit.

Check Point Product OS X 10.11 macOS 10.12 OS X 10.13

Identity Agent * * *
SSL Network Extender * * *
* *
Endpoint Security VPN E80.x or higher (E80.62 (E80.64 *
and higher) and higher)

DLP Exchange Agent Support

The R80.20 DLP Exchange Agent is supported on:

Windows Server Exchange Server

2012 R2 64-bit 2010, 2013
2016 64-bit 2016

For earlier server versions, use the R77.30 DLP Exchange Agent.

R80.20 Release Notes | 30