A new version of Gaia R81 has been released to Early Access (EA). Previously, you could see in release notes. Now we have the opportunity to see it in real life. For this, a standard scheme was assembled with a dedicated management server and a gateway. Naturally, we did not have time to conduct all the full-fledged tests, but we are ready to share what immediately catches your eye when you get acquainted with the new system. Under the cut are the main points that we highlighted when we first met the system (a lot of pictures).
Management
When you initialize the gateway, you have the opportunity to immediately connect to the cloud management server - Smart 1 Cloud (so-called MaaS):
This is a relatively new feature (there is also in the latest 80.40 takes) and we will tell you a little more about this service in the most . Here, the main plus (in our opinion) is the long-awaited ability to control through the browser π
VxLAN and GRE
The first thing we βclimbedβ to check was support for VxLAN and GRE. Release Notes did not deceive us, everything is in place:
You can argue about the need for these features on NGFW, but it's still better when the user has such a choice.
Infinity Threat Prevention
This is probably the first thing that catches your eye when you start to edit the security policy. Added a new activation option for Threat Prevention blades - Infinity. Those. no need to choose which blades to include, Check Point decided everything for us (I donβt know how good it is):
At the same time, of course, you still have the possibility of the usual self-configuration of the blades.
Infinity Threat Prevention Policy
Since we are talking about Threat Prevention, let's immediately look at Policy. This is probably one of the most significant changes:
As you can see, there are many more pre-configured policies. You can see in detail what is the difference between them by clicking on Help me decide:
This policy is dynamic and is updated without your participation.
Change Report
Finally, you can see in a convenient form what exactly was changed during configuration editing:
There is a general report:
And there are very specific sections:
It is very convenient to follow the changes.
Web Management for Endpoint
As you probably know, you can enable Endpoint Management on the management server and manage SandBlast agents. R81 added an interesting feature - browser control. It turns on in a rather interesting way. You need to enter the CLI mode expert and enter the command βweb_mgmt_startβ, and then go to the address - https://:4434/sba/. And the web console will open in front of you:
We partially talked about this platform as part of the articles ""from Alexey Malko. True, such a console was available there only in the cloud, but now it also works on local management servers.
smart update
When you try to add licenses through the good old Smart Update, the console will kindly warn you that now you can do this without leaving the already familiar Smart Console:
NAT
The functionality we are expecting. Now in NAT rules you can use Access Roles, Security Zones or Updateable Objects. There are cases when it is very useful and necessary.
Conclusion
That's all for now. There are many more innovations that require testing (IoT, Azure AD, Updgrade, Logs API, etc.). As I wrote above, in the near future we will publish an overview of the new cloud management system - . Stay tuned for updates in our channels (, , , )!
Also, don't forget about our big .
Source: habr.com