[Internal Use] for Check Point employees​ Security management R80.20 Use Cases and More Anat Eytan-Davidi  [Internal Use] for Check Point employees​

[Internal Use] for Check Point employees​ Agenda Management feature release How R80.20 can improve your day-2-day work R80.30 – join the EA program Q&A  [Internal Use] for Check Point employees​

[Internal Use] for Check Point employees​ Management feature release  [Internal Use] for Check Point employees​

Management Feature Release  [Internal Use] for Check Point employees​

[Internal Use] for Check Point employees​ (17-May-2017) Main Release R80.10 JHF (26-Sep-2018) R80.20 JHF R80.30 Coming next Management Feature Release R80.20.M1 R80.20.M2 R80.30.M1 TBD (25-Jun-2018) (23-Dec-2018)  [Internal Use] for Check Point employees​

Which version should I install?  [Internal Use] for Check Point employees​

[Internal Use] for Check Point employees​ R80.20 new features  [Internal Use] for Check Point employees​

IPS updates Keep gateway always up-to-date with the latest IPS signatures Until R80.20 Management fetched the IPS Updates Required policy installation Starting R80.20 Gateway can fetch the IPS updates independently Default option for users who used “scheduled IPS updates with automatic install policy” Management Gateway IPS updates Check Point Cloud For all gateways, in Threat Prevention -> Updates -> clear the scheduled update. To disable for specific gateway, on gateway configuration go to IPS tab and select 'Use IPS managements updates' in the gateway editor. Fall back on gateway update failure - if gateway fails to perform automatic update, the gateway will get the management package during policy installation. Scheduled update time - recommended every 2 hours. Switch version - if user wants to switch gateway version he will need to disable scheduled update, switch to the version he wants and then preform install policy.  [Internal Use] for Check Point employees​

Maintain Office365 list of IPs Your company is using Office 365 and you need to configure the policy accordingly Until R80.20 Requires an on-going maintenance for the list of IPs Requires policy installation Starting R80.20 Add Office365 object in your policy Updatable object One-time policy installation Gateway fetches the list of IPs No need for an additional policy installation Get them from the IT manager as embed them in the security policy  [Internal Use] for Check Point employees​

Services that run online typically change the IP Addresses of their servers frequently. Examples of such services include: AWS, Microsoft Office 365, Microsoft Azure, and Countries. Managing changes made by these vendors is a common task for Security Administrators. Check Point provides Updatable Objects, representing the IP Addresses and Domains that get updated periodically. After these objects are installed on a Gateway, the Gateway fetches updates for these objects independently. How does this work: Requires R80.20 Security Management Server and R80.20 Gateway. Updatable Objects is a Check Point online service that collects current lists of IP addresses and FQDN URI’s from dynamic list providers. The Security Management presents the current repository of Updatable Objects through the CloudGuard Controller component. Pick the object once, publish, install policy once. From now on, the Gateway periodically checks for updates at the Check Point online service for the Updatable Objects that are currently in use. No need to monitor updates for the service – the Gateway already does this for you. Countries

Services that run online typically change the IP Addresses of their servers frequently. Examples of such services include: AWS, Microsoft Office 365, Microsoft Azure, and Countries. Managing changes made by these vendors is a common task for Security Administrators. Check Point provides Updatable Objects, representing the IP Addresses and Domains that get updated periodically. After these objects are installed on a Gateway, the Gateway fetches updates for these objects independently. How does this work: Requires R80.20 Security Management Server and R80.20 Gateway. Updatable Objects is a Check Point online service that collects current lists of IP addresses and FQDN URI’s from dynamic list providers. The Security Management presents the current repository of Updatable Objects through the CloudGuard Controller component. Pick the object once, publish, install policy once. From now on, the Gateway periodically checks for updates at the Check Point online service for the Updatable Objects that are currently in use. No need to monitor updates for the service – the Gateway already does this for you. Countries

Work on several changes in parallel Multi-Tasking Work on several changes in parallel Until R80.20 Starting R80.20 Concurrent Administrators Concurrent Sessions might be due to urgency or separation of tasks

[Internal Use] for Check Point employees​ Multi-Tasking Isolate tasks No need to publish or discard unfinished work Work on several tasks in parallel Have several open sessions at the same time  [Internal Use] for Check Point employees​

[Internal Use] for Check Point employees​ Multi-Tasking Enable the feature Create a new session  [Internal Use] for Check Point employees​

Also review all changes before publish  [Internal Use] for Check Point employees​

Install policy in a large environment Install policy on several gateways or several policy packages Until R80.20 Install policy per policy package Need to be on-site or use an api Starting R80.20 Create policy installation presets, by gateways or policy packages Schedule policy installation might be due to urgency or separation of tasks

Schedule Install Policy  [Internal Use] for Check Point employees​

[Internal Use] for Check Point employees​ Wildcard Object Assume you have the following deployment in your organization, and you want to allow an access for all to a specific server. Instead of using 256 hosts, you can use 1 wild card object that represents all . Wildcard objects let you define IP address objects that share a common pattern that can be permitted or denied access in a security policy. 192.29.0.1 192.29.1.1 192.29.2.1 192.29.3.1 192.29.255.1  [Internal Use] for Check Point employees​

Log Exporter Export Check Point logs Check Point App for Splunk cp_log_export add name cp_exporter target-server 192.168.1.100 target-port 7781 protocol tcp format splunk read-mode semi-unified Check Point App for Splunk Sk122323 Check Point "Log Exporter" is an easy and secure method for exporting Check Point logs over syslog. Exporting can be done in few standard protocols and formats. Log Exporter supports: SIEM applications: Splunk, Arcsight, RSA, LogRhythm, QRadar, McAfee, rsyslog, ng-syslog and any other SIEM application that can run a syslog agent. Protocols: syslog over TCP or UDP. Formats: Syslog, Splunk, CEF, LEEF, Generic. Security: Mutual authentication TLS. Log Types: The ability to export security logs / audit logs or both. Filter out (don't export) firewall connection logs. Filtering: choose what to export based on field values. Filtering ability is not integrated to R80.20 yet, this SK will be updated when it will be supported In order to support exporting logs in Splunk format, please install R80.20 Jumbo Hotfix Take 5 and above.   [Internal Use] for Check Point employees​

[Internal Use] for Check Point employees​ Some more… SmartEndpoint SmartProvisioining Global VPN Community Starting R80.20.M1 and above, the Endpoint Security Management Server is fully integrated into the Check Point main train  Important fixes for the Endpoint Security Management Server will be either included in the standard Jumbo hotfix, or in a dedicated hotfix. R80.20.M1 and above can manage E80.64 and above Endpoint Security Clients.  [Internal Use] for Check Point employees​

[Internal Use] for Check Point employees​ Important to know before upgrading to R80.20  [Internal Use] for Check Point employees​

Kernel update for Management & log servers New Linux Kernel version -> 3.10 New file system on the new kernel ext3 -> XFS Benefits More than 2TB support per a single storage device Enlarged systems storage (up to 48TB) I/O related performance improvements Compressed snapshots - reduced system snapshot size

[Internal Use] for Check Point employees​ Upgrade Method to R80.20 Kernel File System Clean install 3.10 XFS Advanced upgrade In-place upgrade ext3 When performing clean install – File system will be XFS When performing advanced upgrade - File system will change to XFS When performing in-place upgrade - file system will remain ext3 The recommendation is due to the new faster file system that comes with the updated Linux kernel.  [Internal Use] for Check Point employees​

[Internal Use] for Check Point employees​ Smartconsole extensions  [Internal Use] for Check Point employees​

SmartConsole Extensions Expand and customize Check Point SmartConsole for your needs Integrate tools you work with, into SmartConsole SmartConsole Extensions was designed to further extend the consolidation vision, and invite external interfaces to be integrated inside our Smart Console. For example, you can create a web interface for an existing ticketing system, and embed it in SmartConsole so associated tickets can be displayed for every rule in the Rule Base.   Customers, vendors, partners and third-parties can develop their own extensions and use them inside SmartConsole.

A new button was added to the SmartConsole Tool bar “Connectivity Check”, all you need to do it to clink it

That’s it – the extension is ready and you can use it Screenshot with the extension And in short time you will have your results in the SmartConsole

Where can I find it? And more information https://community.checkpoint.com/docs/DOC-3472-how-to-extend-and-enhance-smartconsole  [Internal Use] for Check Point employees​

Places an extension can be added and many more… TOOLBAR DETAILS PANE GLOBAL PANE 1 2 3 Our new extension platform was designed to further extend the consolidation vision, and invite those interfaces to be integrated inside our Smart Console.

[Internal Use] for Check Point employees​ R80.30 – Join the EA program  [Internal Use] for Check Point employees​

Change Report OVERVIEW CHANGED OBJECTS CHANGES IN ACCESS CONTROL POLICY Change management diff view integrated in SmartConsole. See changes made in the policy packages and in objects SmartConsole includes built-in revision management. Every time an administrator publishes changes, a new revision is automatically created.  You can review changes made by each revision and private changes with the SmartConsole Change Report CHANGED OBJECTS

[Internal Use] for Check Point employees​ Summary 30  [Internal Use] for Check Point employees​

[Internal Use] for Check Point employees​ Q&A  [Internal Use] for Check Point employees​

[Internal Use] for Check Point employees​ THANK YOU  [Internal Use] for Check Point employees​