22 July 2021

QUANTUM R81.10

Release Notes
[Classification: Protected]
Check Point Copyright Notice
© 2021 Check Point Software Technologies Ltd.

All rights reserved. This product and related documentation are protected by copyright and distributed under
licensing restricting their use, copying, distribution, and decompilation. No part of this product or related
documentation may be reproduced in any form or by any means without prior written authorization of Check
Point. While every precaution has been taken in the preparation of this book, Check Point assumes no
responsibility for errors or omissions. This publication and features described herein are subject to change
without notice.

RESTRICTED RIGHTS LEGEND:

Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)
(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR
52.227-19.

TRADEMARKS:
Refer to the Copyright page for a list of our trademarks.
Refer to the Third Party copyright notices for a list of relevant copyrights and third-party licenses.
 Important Information

Important Information
Latest Software
We recommend that you install the most recent software release to stay up-to-date with the
latest functional improvements, stability fixes, security enhancements and protection against
new and evolving attacks.

Certifications
For third party independent certification of Check Point products, see the Check Point
Certifications page.

Check Point R81.10

For more about this release, see the R81.10 home page.

Latest Version of this Document in English

Open the latest version of this document in a Web browser.
Download the latest version of this document in PDF format.

Feedback
Check Point is engaged in a continuous effort to improve its documentation.
Please help us by sending your comments.

R81.10 Release Notes      |      3

 Important Information

Revision History

Date Description

22 July 2021 Updated:

n "Open Server Hardware Requirements" on page 23 - Disk Space Requirements
n "Upgrade Methods" on page 20 - Important Notes

06 July 2021 First release of this document

R81.10 Release Notes      |      4

 Table of Contents

Table of Contents
Important Links 8
What's New 9
Introduction 9
Quantum Security Gateway and Gaia 9
Maestro Hyperscale 9
VSX 10
IPsec VPN 10
Clustering 10
Access Control 10
Advanced Routing 10
Gaia Operating System 11
ISP Redundancy 11
Threat Extraction 11
Identity Awareness 11
Quantum Security Management 11
Security Management Servers enhancements 11
Management REST API 12
SmartConsole 12
Logging and Monitoring 12
Management High Availability 12
Multi-Domain Server 12
SmartLSM 12
CloudGuard Network Security 12
Harmony Endpoint 13
Licensing 13
Software Changes 14
This section lists differences in behavior from previous versions. 14
Supported Environments 16
Management Server Appliances 16
Standalone (Gateway + Management) 17
Appliance Support for the User Space Firewall (USFW) 17
Threat Emulation Appliances 18
Supported Virtualization Platforms 18

R81.10 Release Notes      |      5

 Table of Contents

Cloud Platforms 18
Supported Upgrade Paths 19
Installation Methods 19
Upgrade Paths 19
Upgrade Methods 20
Build Numbers 21
Supported Backward Compatibility Gateways 22
Open Server Hardware Requirements 23
Minimal Hardware Requirements 23
Disk Space Requirements 23
Maximum Supported Physical Memory 24
Requirements 25
Threat Extraction Requirements for Web-downloaded documents 25
Threat Emulation Requirements 25
Logging Requirements 25
SmartEvent Requirements 25
SmartConsole Requirements 26
Hardware Requirements 26
Software Requirements 26
Gaia Portal Requirements 26
Mobile Access Requirements 27
Identity Awareness Requirements 29
Harmony Endpoint Management Server Requirements 29
Hardware Requirements 29
Software Requirements 30
Scalable Platform Requirements 30
Supported Network Cards on Maestro Security Appliances 31
Supported Hardware and Firmware on 60000 / 40000 Scalable Chassis 31
Maximum Supported Items 32
Maximum Supported Number of Interfaces on Security Gateway 32
Maximum Supported Number of Cluster Members 32
Number of Supported Items in a Maestro Environment 33
Check Point Clients and Agents Support 34
Multiple Login Option Support 34
Clients and Agents Support by Windows Platform 35

R81.10 Release Notes      |      6

 Table of Contents

Clients and Agents Support by macOS Platform 36

DLP Exchange Agent Support 36

R81.10 Release Notes      |      7

 Important Links

Important Links
For more about R81.10, see:
n R81.10 Home Page
n R81.10 Known Limitations
n R81.10 Resolved Issues
In addition, see Known Limitations for Scalable Platforms.
Visit the Check Point CheckMates Community to:
n Start discussions
n Get answers from experts
n Join the API community to get code samples and share yours
To learn more about R81.10, visit http://www.checkpoint.com/architecture/infinity/.

R81.10 Release Notes      |      8

 What's New

What's New
Introduction
Welcome to Check Point Quantum R81.10, the industry's most advanced Threat Prevention and Security
Management software for network security that delivers uncompromising simplicity and consolidation. R81
introduced the first Autonomous Threat Prevention system that provides fast, self-driven policy creation and
one-click security profiles, keeping policies always up to date. Policies install in seconds, upgrades require
only one click, and the gateways can simultaneously upgrade in minutes. R81.10 brings a major
improvement in operational security efficiency across the Management Server's reliability, performance,
and scale. Critical operations such as APIs, High Availability synchronization, and login are more reliable
and faster than ever. In addition, the SmartConsole is automatically updated with the latest fixes and
improvements. R81.10 adds new dynamic log distribution to add Log Server capacity on demand. And as
part of Scalable Platforms, R81.10 brings a unique mix and match ability to leverage different Quantum
Security Gateways within a single Quantum Maestro orchestration.

Quantum Security Gateway and Gaia

Maestro Hyperscale

n Maestro Orchestrator is aligned with the latest version R81.10 as part of the main-train release and
includes the latest Gaia fixes and improvements.
n Ability to upgrade Security Groups and Orchestrators to the latest R81.10 version. For the list of
supported versions see "Supported Upgrade Paths" on page 19.
n Mix appliances - The ability to include different appliance models in the same Security Group.
n Alignment with standard Security Gateway features:
l VPN Tunnel Interface (VTI)
o Route based VPN
o Enable BGP and OSPF Dynamic Routing Protocols on VTIs
l Tunnel Management - Permanent Tunnels
o Tunnel testing for permanent tunnels
o Dead Peer Detection (DPD)

R81.10 Release Notes      |      9

 What's New

l Link Selection
o Service based link selection (sk56384)
o IP selection by remote peer
o High Availability
o Load Sharing
o Outgoing route selection
o Route-based probing
l Back-to-back tunnels (hub and spokes)
o Maestro as the center in Star community – Satellite peers can communicate with each
other through the Center.
o Client-to-Site traffic over a Site to Site VPN tunnel (Client > Maestro Gateway > VPN
Peer Gateway> resource)
o Client to Site to Client through a Maestro Gateway (Client > Maestro > Client)
l VPN local connections that originate from Maestro Security Group Members
o Initiate a connection from an Security Group Member if the connection's destination
requires encryption
o Identity Awareness via VPN – The Identity Source (users database) can be located
across a VPN tunnel (especially in the cloud).

VSX

Configure bridge and multi-bridge interfaces on a regular Virtual Systems (VS) not in Bridge Mode. Now you
can use features that require an IP address to work, such as Identity Awareness, Threat Emulation,
UserCheck Web Portal and Captive Portal.

IPsec VPN

VPN performance enhancements - Site to Site VPN and Remote Access clients are now handled by two
different processes.

Clustering

Use a loopback interface with Dynamic Routing in ClusterXL environments.

Access Control

Tighten your policy and reduce the risk of human error through Access Control Rule Base settings and
defaults. Watch the video.

Note - The new defaults apply only to new R81.10 installations. Upgraded environments
can use this feature but the default behavior from previous versions is kept.

Advanced Routing

n IPv4 PIM enhancements and stability fixes.

n Ability to reset OSPFv2 counters.

R81.10 Release Notes      |      10

 What's New

n Ability to configure a Source-Specific Multicast (SSM) source for an IGMPv3 Group.

n Support for ECMP algorithms to provide traffic load balancing:
l Based on the 2-tuple hash of Source and Destination.
l Based on the 5-tuple hash of Source, Destination, Source Port, Destination Port, and
Protocol.

Gaia Operating System

n Ability to configure (only in Gaia Clish) the Ciphers and Message Authentication Codes (MAC) for the
built-in OpenSSH Server.
n Ability to configure the access to Gaia REST API for specific users.
n Optimize SNMP OID for the ARP to return the current number of entries in the ARP table
(.1.3.6.1.4.1.2620.1.6.22.1, or
.iso.org.dod.internet.private.enterprises.checkpoint.products.svn.arpTableInfo.arpTableSize).
n Administrator use of CLI to configure the TLS version of the Gaia portal
n Gaia API updated to latest released version (version 1.5) including new API calls for:
l SNMP
l GRE
l VXLAN.
l Static route
l Scheduled snapshots

ISP Redundancy

Extended support for a maximum of 10 ISP links.

Threat Extraction

Automatic Threat Extraction, Threat Extraction security improvements, and new features are automatically
downloaded and applied without the need for human intervention.

Identity Awareness

AES encryption type configuration for Kerberos Ticket Encryption Methods is now available through Smart
Console. For more information see sk111945.

Quantum Security Management

Security Management Servers enhancements

n Significant improvements for the stability and performance of the Management Server, especially for
large Management environments under high load:
l Faster Administrator operations to the Management Server such as backup and restore, and
revisions purge are drastically faster.
l Faster execution of Management API functions.

R81.10 Release Notes      |      11

 What's New

l Search and navigate in SmartConsole works more smoothly when concurrent SmartConsole
administrators are connected.
n Improved stability of the login process to the Management Server using SmartConsole or
Management API, when the Management Server is under a heavy load.

Management REST API

n New export, import, and upgrade Management APIs for primary Security Management Servers or
Multi-Domain Servers.
n Unified Management API commands for:
l Domain export and backup
l Domain import and restore
n SmartLSM - REST API commands to simplify the creation of ROBO Gateways.

SmartConsole

Automatic updates - SmartConsole detects and installs client updates for the same major version. For more
information, see sk171315.

Logging and Monitoring

n IPS and Anti-Bot logs now include a MITRE ATT&CK section that details the different techniques for
malicious attack attempts. This section provides an easier way to understand an attack by looking at
the log card and to export the data to external SIEM systems, and an easy search and filter for attack
events based on MITRE techniques.
n Dynamic logs distribution - Configure the Security Gateway to distribute logs between multiple active
Log Servers to support a higher rate of Logs and Log Servers redundancy.
n Enhancements to improve logging services stability.

Management High Availability

n Synchronization and stability enhancements.

n Significant Full sync duration improvement.

Multi-Domain Server

IoT Controller support for Multi-Domain Security Management.

SmartLSM

Use group object, Multiple IP addresses and IP ranges in LSM profiles

CloudGuard Network Security

n Use AWS Security Token Service (STS) Assume Role to simplify the access to AWS Data Centers.
n Create Azure Data Centers on different Azure cloud environments in parallel including Azure Global,
Azure Government, and Azure China.

R81.10 Release Notes      |      12

 What's New

Harmony Endpoint
Harmony Endpoint Web Management enhancements to allow these configurations:
n Media Encryption & Port Protection policy.
n Firewall policy.
n Application Control policy.
n Developer protection policy.
n Push Operation for Host Isolation and Client Uninstall.

Licensing
For all licenses issues contact Check Point Account Services.

R81.10 Release Notes      |      13

 Software Changes

Software Changes
This section lists differences in behavior from previous
versions.
n The Solr functionality used by the Security Management Server database is replaced with a
PostgreSQL database to improve the stability and performance of the Security Management Server.
Solr is still in use for logs and SmartEvent.
l Note - All Solr-based scripts are removed (for example $MDS_
FWDIR/scripts/solr_monitor.sh, $MDS_FWDIR/scripts/solr_
recovery.sh, $MDS_FWDIR/scripts/solr_cure.sh).
l All custom Solr-based scripts are no longer operational.
l Starting R81.10, the ICA (Internal Certificate Authority) service now uses two separate ports:
o Port 18264 for CRL (Certificate Revocation List) retrieval.
o Port 18268 for the ICA portal: http://<IP Address of Domain Management
Server>:18268.
o For more information, refer to the "The ICA Management Tool" chapter in the R81.10
Security Management Administration Guide.
n Multi-Domain Server High Availability
l Publishing a session for the Global Domain or the Domain Management does not automatically
trigger synchronization. It may take up to 5 minutes for synchronization to start.
n Automatic revision purge is on by default:
l Every 30 days, a purge operation executes automatically at 02:00 AM (according to
Management Server time settings) and purges all revisions older than 14 days.
l The 30 most recent revisions are kept and are not purged (even if older than 14 days).
l Change the default settings or disabe the automatic revision purge is available through API
(see Check Point Management API Reference).
l For more information, see sk170059.
n Endpoint Security - The Web Management portal is on by default when Endpoint Security is
activated.
n Endpoint Security VPN
l Simultaneous Login Prevention (SLP) default was changed to "user is allowed only single
login" in: Global properties > Remote Access > SLP
l Visitor mode is on by default in: GW object > VPN Clients > Remote Access > Support Visitor
Mode
l Support connectivity enhancement for gateways with multiple external interfaces is on by
default in:GW object > VPN Clients > Office Mode > Multiple Interfaces
n Access Control - New default values for Access Rules, the value None replaces the value Any for
new installations.

R81.10 Release Notes      |      14

 Software Changes

n VSX - Starting R81.10, VSLS is the only supported mode for new installations. Upgrade to R81.10
from earlier versions that use High Availability is supported.
n The Autonomous Threat Prevention options replaces the Threat Extraction First Time Activation
Wizard.
n To add or remove licenses on the licenses tab, an administrator must have the Run One Time Script
permission selected in their profile. To assign this permission:
1. In SmartConsole, go to Manage & Settings > Permissions & Administrators > Permission
Profiles.
2. Open the applicable permission profile, go to Gateways > Scripts, and select Run One-Time
Scripts.
n In the Gateways & Servers Tab of SmartConsole, when available, the actual software version
appears instead of the one set in the Security Management Serverdatabase.

R81.10 Release Notes      |      15

 Supported Environments

Supported Environments
Management Servers boot by default with 64-bit Gaia kernel after a clean install or upgrade to R81.10.

Note - If you revert from the R81.10 upgrade, the appliance will still boot with 64-bit
kernel, even if it was originally 32-bit.

Refer to the Product Life Cycle page for more information and announcements about Check Point
Appliances.

Management Server Appliances

Product and Supported Appliances
Smart-1 225, 405, 410, 525, Smart-1 3050, 3150, 5050, 5150,
Check Point Product
625, 600-S, 600-M 6000-L, 6000-XL

Security Management
Server

Log Server

SmartEvent Server

Multi-Domain Security
Management Server

Multi-Domain Log Server

Appliances and Supported Products

Management +
Management +
Appliance Management Log Server +
Log Server
SmartEvent

Quantum Smart-1 6000-L/6000-XL

Quantum Smart-1 600-S/Smart-1 600-M

Gen V Smart-1
(405, 410, 525, 625, 5050, 5150)

Smart-1 225, 3050, 3150

R81.10 Release Notes      |      16

 Supported Environments

Standalone (Gateway + Management)

The model numbers in this table are for the series of appliances that support R81.10 Standalone

Appliance Series Security Gateway Standalone (Gateway + Management)

3000

5000

6500, 6800

6200 6600, 6400, 6700, 6900

7000

15000 (*)

16000, 16200

16600HS

23000 (*)

26000, 26000THS

28000, 28600HS

Cloud setup, VMware Using kernel mode only

(*) Standalone is only supported with appliances using HDD for storage (Standalone is NOT supported with
appliances using SSD).

Appliance Support for the User Space Firewall

(USFW)
Security Gateways on these platforms run in the USFW mode by default:
n 3600, 3600T, 3800, 6200B, 6200P, 6200T, 6400, 6600, 6700, 6900, 7000, 16000, 16000THS, 16200,
16600HS, 23900, 26000, 26000THS, 28000, and 28600HS appliances.
n VMware Virtual Machine.

Note - All other Check Point appliances boot in the kernel mode by default.
Open Server / Cloud setup boots in the USFW mode when using 40 CPU cores or more.

R81.10 Release Notes      |      17

 Supported Environments

Threat Emulation Appliances

TE100X, TE250X, TE1000X, and TE2000X are fully supported with R81.10.

Supported Virtualization Platforms

For the most up-to-date information about the supported Linux versions and virtualization platforms, see the
Virtual Machines section of the Hardware Compatibility List.

Cloud Platforms
Supported setups for cloud solutions:
n Amazon Web Services:
l Security Gateway, Single, High Availability Cluster, Auto Scaling Group (ASG), Transit
Gateway with ASG.
l Security Management Server.
l Standalone.
n Microsoft Azure:
l Security Gateway, Virtual Machine Scale Sets, High Availability.
l Security Management Server.
l Standalone.
n Google Cloud Platform (GCP):
l Security Gateway, Managed Instance Group, High Availability.
l Security Management Server.
l Standalone.

R81.10 Release Notes      |      18

 Supported Upgrade Paths

Supported Upgrade Paths

Installation Methods
n For Security Management Servers it is recommended to use the CPUSE option available in Gaia
Portal. To learn more about CPUSE, see sk92449.
n For Security Gateway upgrade, it is recommended to use the Central Deployment available in
SmartConsole.

Upgrade Paths
Upgrade to R81.10 is available only from these versions:

Security Management
Gateways Servers
Current Version and and Standalone

VSX(1) Multi-Domain
Servers

R81

R80.20 kernel 2.6,

R80.20 kernel 3.10,
R80.30 kernel 2.6,
R80.30 kernel 3.10,
R80.40

R80.20SP, (2) Not applicable Not applicable

R80.30SP,
R81
for Scalable Platforms

R80.20.M1, Not Not applicable

R80.20.M2 applicable

R80.10 Requires a 2- Requires a 2-

step upgrade step upgrade
path: path:
1) R80.10 à 1) R80.10 à
R80.40(3) R80.40(3)
2) R80.40 à 2) R80.40 à
R81.10 R81.10

R81.10 Release Notes      |      19

 Supported Upgrade Paths

Security Management
Gateways Servers
Current Version and and Standalone

VSX(1) Multi-Domain
Servers

R80 Not Requires a 2- Not applicable

applicable step upgrade
path:
1) R80 à
R80.40(3)
2) R80.40 à
R81.10

R77.30 Requires a 2- Requires a 2-

step upgrade step upgrade
path: path:
1) R77.30 à 1) R70.30 à
R80.40(3) R80.40(3)
2) R80.40 à 2) R80.40 à
R81.10 R81.10

Notes:
1. Starting in R81.10, VSLS is the only supported mode for new installations.
Upgrade of a VSX Cluster in the High Availability mode from earlier versions to
R81.10 is supported.
The VSX Cluster is automatically converted to VSLS.
2. Upgrade from these versions to R81.10 is supported only with the required Takes
of Jumbo Hotfix Accumulators. See sk173363.
In Maestro environment, it is possible to upgrade Security Groups and Quantum
Maestro Orchestrators (if you decide to upgrade, you must upgrade both).
3. To upgrade to R80.40, see the R80.40 Installation and Upgrade Guide.
4. To upgrade a Security Gateway or a Management Server that implements Carrier
Security, see sk169415.

Upgrade Methods
Use these methods to upgrade your Check Point environment to R81.10:

Check Point Products Supported Upgrade Methods for These Products                             

n Central Deployment of Hotfixes in SmartConsole

n Security Gateway
n CPUSE Upgrade
n VSX
n CPUSE Clean Install

n Security Management Server

n CPUSE Upgrade
n Multi-Domain Server
n CPUSE Clean Install
n CloudGuard Controller
n Advanced Upgrade
n Endpoint Security
n Upgrade with Migration
Management Server

R81.10 Release Notes      |      20

 Supported Upgrade Paths

The minimum required unpartitioned disk space is the highest value of one of these:
n Size of the current root partition.
n The used space in the current root partition plus 3 GB.
n If the used space is more than 90% of the root partition, then 110% of the size of the current root
partition.
Important:
n At least 20 GB of free disk space is required in the root partition for an Upgrade
to succeed.
n At least 10 GB of free disk space is required in the /var/log partition for a Clean
Install or Upgrade to succeed.

Build Numbers
Software Component Build Number Verifying Build Number

Gaia OS Build 335 Run this command in Gaia Clish:

OS kernel version 3.10.0- show version all
957.21.3cpx86_64

Security Gateway R81.10 Build 883 Run this command in the Expert
mode:
fw ver

Security Management R81.10 Build 220 Run this command in the Expert
Server mode:
fwm ver

Multi-Domain Server R81.10 Build 195 Run this command in the Expert
mode:
fwm mds ver

SmartConsole 81.10.9600.358 Click Menu > About Check Point

SmartConsole

R81.10 Release Notes      |      21

 Supported Backward Compatibility Gateways

Supported Backward Compatibility

Gateways
R81.10 Management Servers can manage Security Gateways of these versions:

Gateway Type Release Version

Security Gateway R77.30,

R80.10, R80.20, R80.30, R80.40, R81

VSX R77.30,
R80.10, R80.20, R80.30, R80.40, R81

Security Groups on Maestro R80.20SP, R80.30SP, R81

Security Groups on Scalable Chassis R80.20SP, R81

R81.10 Management Servers can manage appliance Security Gateways that run these versions:

Appliance Release Version

1100 Appliances R77.20.x

1200R Appliances R77.20.x

1400 Appliances R77.20.x

1530, 1550, 1570, 1590 Appliances R80.20.x

60000 / 40000 Scalable Chassis R80.20SP, R81

R81.10 Release Notes      |      22

 Open Server Hardware Requirements

Open Server Hardware

Requirements
Minimal Hardware Requirements
Security
Multi-Domain Security
Component Management VSX Standalone
Server Gateway
Server

Processor Intel Pentium IV, Intel Pentium Intel Pentium Intel Pentium Intel Pentium
2 GHz or IV,2.6 GHz or IV,2 GHz or IV, 2 GHz or IV, 2.6 GHz or
equivalent equivalent equivalent equivalent equivalent

Total CPU 2 8 2 2 4
cores

Memory 8 GB RAM 32 GB RAM 4 GB RAM 4 GB RAM 8 GB RAM

Note - The above numbers do not apply to SmartEvent and SmartLog.

Disk Space Requirements

Multi-
Security Security
Disk Space Domain VSX Standalone
Management Gateway
Server

Recommended 1 TB 1 TB 200 GB 200 GB + 1 GB 1 TB

free disk space for each
Virtual System

Minimum free disk 110 GB 100 GB 110 GB 100 GB + 1 GB 110 GB

space for each
Virtual System

Notes:
n Only one upgrade is allowed.
n Additional backup / snapshot is not supported.
n Logging partition size is just enough for minimal machine operations.
n At least 20 GB of free disk space is required in the root partition to start the
upgrade process to R81.10.‎

R81.10 Release Notes      |      23

 Open Server Hardware Requirements

Maximum Supported Physical Memory

Check Point Product Physical RAM Limit

Security Management Server, or Multi-Domain Security Management 512 GB

Security Gateway, or Cluster Member 256 GB

R81.10 Release Notes      |      24

 Requirements

Requirements
Threat Extraction Requirements for Web-
downloaded documents
n A minimum of 2.3GB free RAM must be available, regardless of the number of cores or connection
used by the Security Gateway.
n Supported with 5000 and higher appliances series.

Threat Emulation Requirements

Threat Emulation using ThreatCloud requires Gaia operating system (64 or 32-bit).

Logging Requirements
Logs can be stored on:
n A Management Server that collects logs from the Security Gateways. This is the default.
n A Log Server on a dedicated machine. This is recommended for environments that generate many
logs.
A dedicated Log Server has greater capacity and performance than a Management Server with an activated
logging service. On dedicated Log Servers, the Log Server must be the same version as the Management
Server.

SmartEvent Requirements
SmartEvent R81.10 can connect to an R81.10 or R81 Log Server.
SmartEvent and a SmartEvent Correlation Unit are usually installed on the same server. You can also install
them on separate servers, for example, to balance the load in large logging environments. The SmartEvent
Correlation Unit must be the same version as SmartEvent Server.
To deploy SmartEvent and to generate reports, a valid license or contract is required.

R81.10 Release Notes      |      25

 Requirements

SmartConsole Requirements
Hardware Requirements
This table shows the minimum hardware requirements for SmartConsole applications:

Component Minimal Requirement

CPU Intel Pentium Processor E2140, or 2 GHz equivalent processor

Memory 4 GB

Available Disk Space 2 GB

Video Adapter Minimum resolution: 1024 x 768

Software Requirements
SmartConsole is supported on:
n Windows 10 (all editions), Windows 8.1 (Pro), and Windows 7 (SP1, Ultimate, Professional, and
Enterprise)
n Windows Server 2019, 2016, 2012, 2008 (SP2), and 2008 R2 (SP1)

Gaia Portal Requirements

The Gaia Portal supports these web browsers:

Browser Supported Versions

Google Chrome 14 and higher

Microsoft Internet Explorer 8 and higher

(If you use Internet Explorer 8, file uploads
through the Gaia Portal are limited to 2 GB)

Microsoft Edge Any

Mozilla Firefox 6 and higher

Apple Safari 5 and higher

R81.10 Release Notes      |      26

 Requirements

Mobile Access Requirements

OS Compatibility
Endpoint OS
Windows Linux macOS iOS Android
Compatibility

Mobile Access
Portal

Clientless
access to web
applications
(Link
Translation)

Compliance
Scanner

Secure
Workspace

SSL Network
Extender -
Network Mode

SSL Network
Extender -
Application
Mode

Downloaded
from Mobile
Access
applications

Citrix

File Shares -
Web-based file
viewer (HTML)

Web mail

Browser Compatibility
Endpoint Microsoft
Microsoft Google Mozilla Apple Opera for
Browser Internet
Edge Chrome Firefox Safari Windows
Compatibility Explorer

Mobile Access
Portal

R81.10 Release Notes      |      27

 Requirements

Browser Compatibility (continued)

Endpoint Microsoft
Microsoft Google Mozilla Apple Opera for
Browser Internet
Edge Chrome Firefox Safari Windows
Compatibility Explorer

Clientless
access to web
applications
(Link
Translation)

Compliance
Scanner

Secure
Workspace (2)
(3)

SSL Network
Extender -
Network Mode

SSL Network
Extender -
Application
Mode (2)

Downloaded
from Mobile
Access
applications

Citrix

File Shares - Limited

Web-based file support
viewer (HTML)

Web mail

Notes:
1. For a list of the prerequisites required for using Mobile Access Portal on-demand clients such as SSL
Network Extender Network mode, SSL Network Extender Application Mode, Secure Workspace and
Compliance Scanner, refer to sk113410.
2. Secure Workspace and SSL Network Extender Application Mode are available for Windows platforms
only.
3. Microsoft Internet Explorer is only browser supported inside Secure Workspace.

R81.10 Release Notes      |      28

 Requirements

Identity Awareness Requirements

Identity Agents
See "Clients and Agents Support by Windows Platform" on page 35 and "Clients and Agents Support by
macOS Platform" on page 36 for:
n Identity Agent (Light and Full)
n Identity Agent for Terminal Servers
n Identity Collector
AD Query and Identity Collector
Supported Active Directory versions: Microsoft Windows Server 2008 R2, 2012, 2012 R2, 2016 and 2019.

Harmony Endpoint Management Server

Requirements
Hardware Requirements
These are the minimum requirements to enable Endpoint Security management on a Security Management
Server:

Component Requirement

Number of CPU cores 4

Memory 16 GB

Disk Space 845 GB

The requirements for dedicated Endpoint Security Management Servers are similar.
Resource consumption is based on the size of your environment. For larger environments, more disk space,
memory, and CPU are required.

R81.10 Release Notes      |      29

 Requirements

Software Requirements
n Endpoint Security Management Servers are supported on Management-only appliances or open
servers. Endpoint Security Management Servers do not support Standalone (Security Gateway +
Management Server) and Multi-Domain Security Management deployments.
n Endpoint Security Management Servers is not supported on Red Hat Enterprise Linux releases.
n R81.10 Endpoint Security Management Server can manage:
l E81.00 and higher versions of Endpoint Security Clients for Windows
l E82.00 and higher Client for macOS

Anti-Malware signature updates:

n To allow Endpoint Security clients to get Anti-Malware signatures updates from a cleanly installed
R81.10 Primary Endpoint Security Management Server, follow the instructions in the R81.10
Endpoint Security Server Administration Guide when you select the Anti-Malware component.
n For cleanly installed R81.10 Endpoint Policy Server, you must follow sk127074. No additional steps
are required, if you upgrade the Primary Endpoint Security Management Server to R81.10.
n Endpoint Security Clients can still acquire their Anti-Malware signature updates directly from an
external Check Point signature server or other external Anti-Malware signature resources, if your
organization's Endpoint Anti-Malware policy allows it.
For more information, see the R81.10 Endpoint Security Server Administration Guide.

Scalable Platform Requirements

You can manage R81.10 Security Groups with an R81.10 Security Management Server or Multi-Domain
Server.
For the list of available Maestro Security Appliances, see sk162373.
For the list of compatible transceivers for Check Point Appliances, see sk92755.
For comparison between different software versions for Scalable Platforms (Maestro and Chassis), see
sk173183.

R81.10 Release Notes      |      30

 Requirements

Supported Network Cards on Maestro Security Appliances

To connect a Maestro Security Appliance to Quantum Maestro Orchestrator with DAC cables, one of these
Check Point cards has to be installed in the Maestro Security Appliance:

Network Card Notes

10 GbE Fiber SFP+ Output of the "lspci -v" command must show:
SKUs: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network
CPAC-4-10F-B Connection
CPAC-4-10F- To verify, run this command in the Expert mode on the Security Appliance:
6500/6800-C
lspci -v | grep 'Ethernet controller' | grep
Intel

40 GbE Fiber QSFP+ The minimal required card firmware version is 12.22.1002
SKU: To verify, run this single long command in the Expert mode on the Security
CPAC-2-40F-B Appliance:
for NIC in $(ifconfig | grep ethsBP | awk '
{print $1}') ; do echo $NIC: ; ethtool -i $NIC |
100 GbE Fiber QSFP grep firmware ; done
SKU:
CPAC-2-100/25F-B Example output:
ethsBP4-01:
firmware-version: 12.22.1002
ethsBP4-02:
firmware-version: 12.22.1002

Supported Hardware and Firmware on 60000 / 40000

Scalable Chassis
All information is documented in sk93332.

R81.10 Release Notes      |      31

 Maximum Supported Items

Maximum Supported Items

This section provides the maximum supported numbers for various hardware and software items.

Maximum Supported Number of Interfaces on

Security Gateway
The maximum number of interfaces supported (physical and virtual) is shown in this table.

Mode Max # of Interfaces Notes

Security Gateway 1024 Non-VSX

VSX Gateway 4096 Includes VLANs and Warp Interfaces

Virtual System 250

Note - This table applies to Check Point Appliances and Open Servers.

Maximum Supported Number of Cluster

Members
Cluster Type Maximum Supported Number of Cluster Members

ClusterXL 5

Virtual System Load Sharing 13

R81.10 Release Notes      |      32

 Maximum Supported Items

Number of Supported Items in a Maestro

Environment
Number of
Item Notes
Supported Items

Number of Security Groups n Minimum: 1 None

configured n Maximum: 8

Number of Security In Single Site In Dual Site deployment:

Appliances in one Security deployment:
Group n Each Security Group must contain at least
n Minimum: 1 one Security Appliance from each site (see
n Maximum: MBS-7606 in sk148074).
31 n Each Security Group can contain a
maximum of 28 Security Appliances - 14
In Dual Site Security Appliances from each site (see
deployment: MBS-7773 in sk148074).
n Minimum: 1
n Maximum:
28

Number of interfaces In Security Includes all interface types

configured on top of Uplink Gateway Mode: (Physical, Bonds, VLAN, Warp).
ports in one Security Group
n Minimum: 2
n Maximum:
1024
In VSX Mode:
n Minimum: 2
n Maximum:
4096
For every Virtual
System:
n Minimum: 2
n Maximum:
250

R81.10 Release Notes      |      33

 Check Point Clients and Agents Support

Check Point Clients and Agents

Support
Multiple Login Option Support
This version supports multiple login options per gateway with multi-factor authentication schemes, for users
of different clients and the Mobile Access Portal. For example, configure an option to authenticate with
Personal Certificate and Password, or Password and DynamicID for SMS or email.
These features are supported when connected to an R81.10 gateway that has IPsec VPN or Mobile Access
enabled.

Supported Client or Portal Lowest Supported Version

Mobile Access Portal R80.10

Capsule Workspace for iOS 1002.2

Capsule Workspace for Android 7.1

Remote Access clients for Windows - Standalone clients E80.65

Remote Access VPN Blade of the Endpoint Security Suite for Windows E80.65

R81.10 Release Notes      |      34

 Check Point Clients and Agents Support

Clients and Agents Support by Windows

Platform
Microsoft Windows
In this table, Windows 7 support is true for Ultimate, Professional, and Enterprise editions. Windows 8
support is true for Pro and Enterprise editions. All the marked consoles and clients support Windows 32-bit
and 64-bit.

Check Point Product Windows 7 (+SP1) Windows 8.1 Windows 10 *

Remote Access clients E80.x

(with 8.1 (E80.62
Update 1) and higher)

Capsule VPN Plug-in

SSL Network Extender

UserCheck Client

Identity Agent (Light and Full)

Identity Agent for Terminal Servers

* Supported Windows 10 versions: 1703, 1709, 1803 for more information see the Detailed Client Releases
Information section in sk117536.

Microsoft Windows Server

Server 2008 R2 Server Server 2012 R2 Server Server

Check Point Product
(+SP1) 2012 64-bit 2016 2019

UserCheck Client

Identity Agent for

Terminal Servers

Identity Collector

Note - Identity Agent for Terminal Servers is also supported on XenApp 6.

R81.10 Release Notes      |      35

 Check Point Clients and Agents Support

Clients and Agents Support by macOS Platform

All support is for macOS 64-bit.

OS X macOS macOS macOS

Check Point Product
10.11 10.12 10.13 10.14

Identity Agent

SSL Network Extender

Endpoint Security VPN E80.x or

higher (E80.62 (E80.64
and higher) and higher)

DLP Exchange Agent Support

The R81.10 DLP Exchange Security Agent is supported on:

Windows Server Exchange Server

2012 R2 64-bit 2010, 2013

2016 64-bit 2016

For earlier server versions, use the R77.30 DLP Exchange Security Agent.

R81.10 Release Notes      |      36