With 1 Year left until R77.30 goes end of support, have you started to look at upgrades?
From May 2019 you will no longer be able to get Check Point Support for hardware running R77.30 or older, so now is the time to plan your upgrade path.
What Is Check Point R80?
For over a decade it has been possible to just apply the next version soon after release and continue onward, but R80 is an absolute game changer.
One of the biggest feature changes that has appealed to our customers is the ability to have multiple users administering policy changes at the same time.
This allows the whole security team to work on specific rules simultaneously, focusing on their niche area of interest, without impacting the rest of the team.
More importantly, as R80 has developed it has lead to a brand-new blade being introduced in R80.10.
Content Awareness forms part of a new blade setup which utilises a ‘Unified Access Control Policy’ where each blade works in conjunction with the others collaboratively.
Content Awareness is particularly exciting as it is a new blade included in R80 as standard, which allows administrators to enforce policies based on the content of the traffic, identifying files and what’s inside them.
This allows administrators to restrict specific data types from entering or leaving the network, acting as a new way to stem data loss.
In practice, using a Unified Access Control Policy, the Content Awareness blade can be combined with Application Control to monitor and control which files are uploaded to applications like DropBox.
There are a huge number of ‘under the bonnet’ changes to R80 that are worth acknowledgement. CPU Utilisation, 64-bit processing capabilities and many other efficiency upgrades have taken place.
These changes do take their toll on older devices however.
Officially R80.10 is supported on 2011 firewall models such as the 12400, and the 2014 management devices.
However, without a significant RAM upgrade, you will find that making changes to policies or inspecting https traffic becomes far too much for the hardware to handle.
Pentesec have found that for devices built from 2016 onwards, the hardware is more than capable of running R80 on a live environment and of taking advantage of the newer security features.
We are currently helping organisations plan their migration from older hardware, incapable of running R80, towards new hardware that can take advantage of the many additional security benefits of Check Point’s new architecture.
This is a major shift and so far, we have found that even seasoned experts with decades of experience on using Check Point are entering in to this tentatively and finding that they have much to learn.
Talk to Pentesec for some ‘no obligation’ advice about upgrades, we’re here to give you our expertise and experience.
As the only Check Point Authorised Training Centre in the Check Point Partner Channel, Pentesec can also offer CCSA and CCSE training for R80 that will help your team get the most out of this bold new approach to security.
Contact us on firstname.lastname@example.org and we will be happy to answer any of your questions.