A new version of Gaia R81 has been posted in Early Access (EA). Earlier it was possible to familiarize yourself with the planned innovations in the release notes. Now we have the opportunity to look at it in real life. For this, a standard scheme was assembled with a dedicated control server and gateway. Naturally, we did not have time to conduct all the full-fledged tests, but we are ready to share what immediately catches the eye when we get acquainted with the new system. Below the cut are the main points that we highlighted when we first met the system (many pictures).
Control
When initializing the gateway, you have the opportunity to immediately connect to the cloud management server - Smart 1 Cloud (so-called MaaS):
This is a relatively new feature (there is also 80.40 in the latest take) and we will tell you more about this service in the very near future . Here the main plus (in our opinion) is the long-awaited possibility of control through the browser :)
VxLAN and GRE
The first thing we “climbed” to check was VxLAN and GRE support. The Release Notes did not deceive us, everything is in place:
One can argue about the need for these functions on NGFW, but it's still better when the user has such a choice.
Infinity Threat Prevention
This is probably the first thing that catches your eye when you start to edit security policy. Added a new option for activating Threat Prevention blades - Infinity. Those. no need to choose which blades to enable, Check Point decided everything for us (I don’t know how good it is):
In this case, of course, you still have the opportunity to customize the blades as usual.
Infinity Threat Prevention Policy
While we're on the subject of Threat Prevention, let's take a look at Policy right away. This is probably one of the most significant changes:
As you can see, there are many more pre-configured policies. You can see in detail what the difference between them is by clicking on Help me decide :
This policy is dynamic and updated without your participation.
Change Report
Finally, you can see in a convenient form what exactly was changed in the course of editing the configuration:
There is a general report:
And there are completely specific sections:
It is very convenient to follow the changes.
Web Management for Endpoint
As you probably know, you can enable Endpoint Management and manage SandBlast agents on the management server. An interesting feature has been added to the R81 - browser control. This is turned on in a rather interesting way. You need to enter the expert mode in the CLI and enter the “web_mgmt_start” command , and then go to the address - https: //: 4434 / sba /. And a web console will open in front of you:
We partially talked about this platform within the articles " Check Point SandBlast Agent Management Platform " by Alexey Malko. True, there such a console was available only in the cloud, but now it works on local management servers.
Smart Update
When you try to add licenses through the good old Smart Update, the console will kindly warn you that now you can do this without leaving the already familiar Smart Console:
NAT
A very expected functionality. You can now use Access Roles , Security Zones, or Updatable Objects in NAT rules . There are cases when it is very useful and necessary.
Conclusion
That's all for now. There are many more innovations that require a test (IoT, Azure AD, Updgrade, Logs API, etc.). As I wrote above, in the near future we will publish an overview of the new cloud management system - Smart-1 Cloud . Stay tuned for updates in our channels ( Telegram , Facebook , VK , TS Solution Blog )!
Also, do not forget about our large selection of Check Point materials .