CHECKPOINT 發(fā)布R80.3版新特性

Introduction
R80.30, part of the Check Point Infinity architecture, delivers the most innovative and effective security that keeps our customers protected against large scale, fifth generation cyber threats.
R80.30，Check point無限架構的一部分，提供最創(chuàng)新和有效的安全，保護我們的客戶免受大規(guī)模，第五代網(wǎng)絡威脅。
The release contains innovations and significant improvements such as:
該版本包含創(chuàng)新和重大改進，如:
? Practical Prevention against Advanced Threats: The Industry's 1st Threat Extraction for Web. Protect users from malicious web downloads using real-time Threat Extraction technology with a seamless user experience.
? 針對高級威脅的實用預防:業(yè)界第一次Web威脅提取。通過無縫用戶體驗保護用戶免受惡意網(wǎng)絡下載使用實時威脅提取技術。
? State-of-the-Art HTTPS Inspection: New SSL Inspection Patent Pending Technologies. Delivering the power to inspect SSL-encrypted network traffic with secure SNI verification improvements. Next Generation Bypass: TLS inspection based on Verified Subject Name.
? 最先進的HTTPS檢測:新的SSL檢測專利技術。通過安全的SNI驗證改進，提供了檢查ssl加密網(wǎng)絡流量的能力。下一代旁路:基于驗證主題名稱的TLS檢查。
Full control over TLS 1.2 traffic with new utility tools to manage cipher suites.
? 完全控制TLS 1.2流量與新的實用工具管理密碼套件。
? Superior Management & Visibility: New Performance & Operational Techniques: Central Deployment Tool (CDT) now embedded for simple and automatic deployments of software packages. Enhanced Logging & Monitoring, Cyber Attack Dashboard. Increased productivity using SmartConsole Extensions.
? 卓越的管理和可視性:新的性能和操作技術:中央部署工具(CDT)，現(xiàn)在嵌入式用于軟件包的簡單和自動部署。增強的日志和監(jiān)控，網(wǎng)絡Attack 儀表板。使用SmartConsole擴展提高生產(chǎn)力
R80.30 was released on May 7, 2019. Starting Aug 6th 2019, R80.30 Take 200 with Jumbo Hotfix Accumulator Take_19 (see sk153152) is considered as Check Point's default version (widely recommended for all deployments).
R80.30于2019年5月7日發(fā)布。從2019年8月6日開始，R80.30 Take 200和Jumbo Hotfix累加器Take_19(參見sk153152)被認為是check point的默認版本(廣泛推薦用于所有部署)。
For R80.30 with Gaia 3.10, a dedicated image is available. For more information, refer to sk152652. 對于帶有Gaia 3.10的R80.30，可以使用專用映像。更多信息，請參考sk152652。

What's New in R80.30
Threat Prevention威脅預防
SandBlast Threat Extraction for web-downloaded documents
用于web下載文檔的噴砂威脅提取
? Simple to use, easily enabled for an existing Security Gateway, and does not require any changes to your configuration on the network or client side
? 使用簡單，易于為現(xiàn)有安全網(wǎng)關啟用，不需要對網(wǎng)絡或客戶端上的配置進行任何更改
? Extends Threat Extraction, Check Point's File Sanitization capabilities, to web-downloaded documents. Supported file types: Microsoft Word, Excel, PowerPoint and PDF formats
? 將威脅提取，check point 的文件清理功能擴展到web下載的文檔。支持的文件類型:Microsoft Word、Excel、PowerPoint和PDF格式
? Threat Extraction prevents zero-day and known attacks by proactively removing active malware, embedded content and other potentially-malicious parts from a file. Promptly delivers sanitized content to users, maintaining business flow
? 威脅提取通過主動刪除文件中的活動惡意軟件、嵌入內(nèi)容和其他潛在惡意部分，防止零日和已知的Attack 。及時向用戶交付經(jīng)過殺毒的內(nèi)容，維護業(yè)務流程
? Allows access to the original file, if it is determined to be safe
? 如果確定是安全的，允許訪問原始文件
Endpoint Security Threat Extraction for web-downloaded documents
對web下載的文檔提取端點的安全威脅
? Endpoint and Network compatibility includes a new mechanism that inspects files just once, either by the Security Gateway or the Endpoint client
? 端點和網(wǎng)絡兼容性包括一種新的機制，它只通過安全網(wǎng)關或端點客戶機檢查文件一次
Advanced Threat Prevention先進的威脅預防
? Advanced forensics details for Threat Prevention logs
? 用于威脅預防日志的高級取證細節(jié)
? Ability to import Cyber Intelligence Feeds to the Security Gateway using custom CSV and Structured Threat Information Expression (STIX)
? 能夠使用自定義CSV和結構化威脅信息表達(STIX)將網(wǎng)絡情報提要導入安全網(wǎng)關
? FTP protocol inspection with Anti-Virus and SandBlast Threat Emulation
? ftp協(xié)議檢查與防毒和噴砂威脅仿真
? Stability and performance improvements for SandBlast Threat Prevention components噴砂威脅預防組件的穩(wěn)定性和性能改進
? Consolidated Threat Prevention dashboard provides full threat visibility across networks, mobile devices and endpoints
? 統(tǒng)一的威脅預防儀表板提供了跨網(wǎng)絡、移動設備和端點的完整的威脅可視性
Enhanced visibility to "Malware DNA" analysis for Threat Emulation
增強對“惡意軟件DNA”分析的可見性，用于威脅模擬
Improved understanding for security personnel of how malware analysis is performed and the reasons a file is flagged as malicious. The Threat Detail report now includes the Malware DNA - a deeper exploration into features determined to be similar to those in known malware families. The enhanced analysis of similarities includes:
提高了安全人員對惡意軟件分析如何執(zhí)行以及文件被標記為惡意的原因的理解?！锻{詳情報告》現(xiàn)在包括了惡意軟件的DNA，這是對已知惡意軟件家族的特征的更深入的探索。加強相似性分析包括:
? Behavior
? Code structure代碼結構
? File similarities文件相似性
? Patterns of attempted connections to malicious websites and C&C servers
? 嘗試連接惡意網(wǎng)站和C&C服務器的模式
Complete facelift for the Threat Emulation Findings Summary Report
完成對威脅仿真結果摘要報告的翻新
? Redesigned Threat Emulation findings report for a more modern look
? 重新設計的威脅模擬結果報告，以更現(xiàn)代的外觀
? The report also includes a dynamic map view of malware family appearances around the globe over time
? 該報告還包括一個動態(tài)地圖視圖，顯示隨著時間的推移，惡意軟件家族在全球范圍內(nèi)的表現(xiàn)
? For more details, as well as information about the availability, refer to sk120357更多細節(jié)，以及關于可用性的信息，請參考sk120357
Threat Prevention APIs enhancements加強API預防威脅
? Added ability to send files via APIs to be scanned by Anti-Virus on local Check Point appliances. This capability is supported for both Security Gateways and dedicated Threat Emulation appliances
? 增加了通過api發(fā)送文件的能力，通過本地check point設備上的反病毒掃描。安全網(wǎng)關和專用的威脅模擬設備都支持此功能
For more information, refer to the Threat Prevention API Reference Guide.
New and Improved Machine-Learning Engines for Threat Emulation
新的和改進的機器學習引擎的威脅仿真
? Added new machine-learning engines focused on malware detection inside document files to achieve an optimum catch rate
? 增加了新的機器學習引擎，專注于文檔文件中的惡意軟件檢測，以達到最佳的捕獲率
Enhanced Control of MTA actions and Threat Emulation behavior in case of failure
增強了對MTA操作和失敗時的威脅模擬行為的控制
? Added ability for administrators to granularly configure Threat Emulation policy and decide whether to allow a file transfer based on the error type
? 增加了管理員粒度配置威脅模擬策略的能力，并根據(jù)錯誤類型決定是否允許文件傳輸
? When configuring the MTA gateway to block emails if a scan fails (fail-block), administrators can granularly configure MTA to deliver emails to the users for specific failure types
? 在配置MTA網(wǎng)關以在掃描失敗時阻止電子郵件時(故障塊)，管理員可以詳細配置MTA，以便針對特定的故障類型向用戶發(fā)送電子郵件
? For more details and configuration instructions, refer to sk132492 and sk145552
Enhanced Anti-Virus support加強反病毒的支持
? Anti-Virus protections are now applied by default on files received through the MTA gateway. These protections include signatures, hashes and link reputation checks for attachments, link reputation checks for the email body, and granular enforcement based on the file type
? 在默認情況下，通過MTA網(wǎng)關接收的文件會受到反病毒保護。這些保護包括簽名、散列和附件的鏈接聲譽檢查、電子郵件主體的鏈接聲譽檢查以及基于文件類型的細粒度執(zhí)行
Enhanced Import of additional IOCs增加了額外的國際石油公司的進口
Gateways configured as MTA can now be enriched with custom Anti-Virus IOCs from external sources.
配置為MTA的網(wǎng)關現(xiàn)在可以使用來自外部源的自定義抗病毒IOCs來豐富。
? IOCs can be manually imported via the User Interface
? IOCs可以通過用戶界面手動導入
? Links to external feeds for automatic ongoing IOC importing can be added via a configuration change
? 可以通過配置更改添加指向外部提要的鏈接，以便自動進行IOC導入
? For more information and setup instructions, refer to sk132193 and R80.30 Threat Prevention Administration Guide
Enhanced support for non-default SMTP ports增強了對非默認SMTP端口的支持
? Added the ability to configure the MTA gateway to send and receive emails on non-default SMTP ports (ports other than 25). For more details and configuration instructions, see sk142932.
? 增加了配置MTA網(wǎng)關的功能，可以在非默認SMTP端口(25個端口之外的端口)上發(fā)送和接收電子郵件。有關詳細信息和配置說明，請參見sk142932。
Enhanced management of the MTA加強運輸署的管理
? Failure to inspect the attachments or links inside an email is now immediately treated as a failure.
? 未能檢查電子郵件中的附件或鏈接現(xiàn)在立即被視為失敗。
? Previously, inspection failure resulted in adding the email to the MTA queue and retrying the action. As the majority of inspection retries fail as well, this change reduces the size of the queue and improves MTA performance
? 以前，檢查失敗導致將電子郵件添加到MTA隊列并重試操作。由于大多數(shù)檢查重試也失敗了，所以這個更改減少了隊列的大小，并提高了MTA的性能

Security Gateway安全網(wǎng)關
Management Data Plane Separation管理數(shù)據(jù)平面分離
? Allows a Security Gateway to separate the resources and routing for Management and Data networks. For more information, see sk138672.
? 允許安全網(wǎng)關為管理和數(shù)據(jù)網(wǎng)絡分離資源和路由。
SSL Inspection SSL檢查
? Server Name Indications (SNI) 服務器名稱指示
o Next Generation Bypass - TLS inspection based on Verified Subject Name下一代旁路檢測-基于已驗證主題名稱的TLS檢測
o Improved TLS implementation for TLS Inspection and categorization改進TLS的實施，以進行TLS檢查和分類
? TLS 1.2 support for additional cipher suites:
o TLS_RSA_WITH_AES_256_GCM_SHA384
o TLS_RSA_WITH_AES_256_CBC_SHA256
o TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
o TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
o TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
o TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
o TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
o TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
o X25519 Elliptic Curve
o P-521 Elliptic Curve
o Full ECDSA support
o Improved fail open/close mechanism
o Improved logging for validations
o For the complete list of supported cipher suites, see sk104562
IPsec 虛擬專用網(wǎng)
? Redundancy for Multiple Entry Points configuration using Dead Peer Detection (DPD) with third party 虛擬專用網(wǎng) peers
? 使用第三方虛擬專用網(wǎng)對等點的死對等點檢測(DPD)配置多個入口點的冗余
? Improved troubleshooting capabilities allows disabling acceleration only for 虛擬專用網(wǎng) and per 虛擬專用網(wǎng) peer. For more information, see sk151114
? 改進的故障排除功能只允許禁用虛擬專用網(wǎng)和每個虛擬專用網(wǎng)對等點的加速。有關更多信息，請參見sk151114
Advanced Routing
? Multihop Ping and Multiple ISPs in Policy-Based Routing
? 基于策略路由中的多跳Ping和多個isp
? Multihop Ping in Static Routes靜態(tài)路由中的多跳Ping
? BFD in Static Routes靜態(tài)路由中的bfd
? VSX VSID in Netflow 網(wǎng)絡流中的vsx VSID
ClusterXL
? Support for Cluster Control Protocol (CCP) encryption provides better security for cluster synchronization networks.
? 支持集群控制協(xié)議(CCP)加密，為集群同步網(wǎng)絡提供更好的安全性。

Security Management
Central Deployment Tool (CDT)
? Starting from this release, CDT version 1.6.1 is embedded in Gaia. For more information, see sk111158.
? 從這個版本開始，CDT版本1.6.1就嵌入到了Gaia中。
SmartConsole extensions
? Expand and customize Check Point's SmartConsole for your needs by integrating the tools you work with into SmartConsole or add third-party tools as panels and views inside SmartConsole. For more information, see the SmartConsole Extensions Developer Guide.
? 將您使用的工具集成到SmartConsole中，或者將第三方工具作為面板和視圖添加到SmartConsole中，從而根據(jù)您的需要擴展和定制Check Point的SmartConsole。
Endpoint Security端點安全
? Endpoint and Network compatibility including a new mechanism that inspects files just once, either by the Security Gateway or by the Endpoint Client, eliminating redundancy.
? 端點和網(wǎng)絡兼容性，包括一種新的機制，可以通過安全網(wǎng)關或端點客戶端檢查文件一次，消除冗余。
? Get email alerts when an Endpoint Policy Server is out of sync.
? 當端點策略服務器不同步時獲取電子郵件警報。
? CPUSE upgrade for Endpoint Policy Servers. 端點策略服務器的cpuse升級
Full Disk Encryption
? The number of preboot users using the same client computer increased to 1000.
? 使用同一臺客戶機計算機的預引導用戶數(shù)量增加到1000

All R80.20.M2 new features are integrated into this release:
所有R80.20.M2的新功能集成到這個版本中
CloudGuard Controller 云防護控制者
? Support Data Center Objects for VMware vCenter Tags.
? 支持VMware vCenter標簽的數(shù)據(jù)中心對象。
? Support Data Center Objects for VMware NSX Universal Security Groups.
? 支持VMware NSX通用安全組的數(shù)據(jù)中心對象。
CPView
? CPView support for Multi-Domain Security Management.
? cpview支持多域安全管理。
? Use SNMP for CPView metrics. 使用SNMP作為CPView度量。
SmartConsole
? Operational Efficiency - Add and remove an object from groups within the object editor.
? 操作效率——在對象編輯器中從組中添加和刪除對象。
? Logging and Monitoring - Improved, simpler and faster user experience for exporting logs to Splunk.
? 日志和監(jiān)控-提升了導出日志到Splunk的用戶體驗，使之更簡單，更快速
Advanced Threat Prevention
Consolidated Threat Prevention dashboard provides full threat visibility across networks, mobile and endpoints.
統(tǒng)一的威脅預防儀表板提供了跨網(wǎng)絡、移動和端點的完整的威脅可視性。