ProHoster > Blog > Utongi > Tarisa Nzvimbo Gaia R80.40. Chii chitsva?

Tarisa Nzvimbo Gaia R80.40. Chii chitsva?

Tarisa Nzvimbo Gaia R80.40. Chii chitsva?

Kuburitswa kunotevera kwehurongwa hwekushandisa kuri kusvika Gaia R80.40. Masvondo mashoma apfuura Early Access chirongwa chakatanga, kwaunogona kuwana kuti uedze kugovera. Semazuva ese, isu tinoburitsa ruzivo nezve izvo zvitsva, uye zvakare tinosimbisa mapoinzi anonyanya kufadza kubva pamaonero edu. Ndichitarisa kumberi, ndinogona kutaura kuti mitsva yacho yakakosha. Naizvozvo, zvakakodzera kugadzirira yekutanga kugadzirisa maitiro. Kare tatova akabudisa imwe nyaya pamusoro pekuita izvi (kuti uwane rumwe ruzivo, ndapota shanya contact here) Ngatisvikei kunyaya...

Chii New

Ngatitarisei zviri pamutemo zvakaziviswa zvitsva pano. Ruzivo rwakatorwa kubva panzvimbo Check Mates (yemukuru Check Point nharaunda). Nemvumo yako, ini handisi kududzira chinyorwa ichi, rombo rakanaka vateereri veHabr vanozvibvumira. Pane kudaro, ndinosiya mhinduro dzangu pachitsauko chinotevera.

1. IoT Security. Zvitsva zvine chekuita neInternet yezvinhu

  • Unganidza zvishandiso zveIoT uye hunhu hwetraffic kubva kune yakasimbiswa IoT yekutsvaga injini (ikozvino inotsigira Medigate, CyberMDX, Cynerio, Claroty, Indegy, SAM uye Armis).
  • Gadzirisa iyo itsva IoT yakatsaurirwa Policy Layer mune manejimendi manejimendi.
  • Gadzirisa uye gadzirisa mitemo yekuchengetedza iyo yakavakirwa pane iyo IoT zvishandiso 'hunhu.

2. TLS KuongororaHTTP/2:

  • HTTP/2 inogadziridza kune HTTP protocol. Iyo yekuvandudza inopa kuvandudzwa kwekukurumidza, kushanda nesimba uye kuchengetedzeka uye mhedzisiro ine nani mushandisi ruzivo.
  • Tarisa Point's Security Gateway ikozvino inotsigira HTTP/2 uye inobatsira zvirinani kukurumidza uye kushanda nesimba uchiwana kuchengetedzeka kwakazara, nese Threat Prevention uye Access Control blades, pamwe nedziviriro nyowani yeHTTP/2 protocol.
  • Tsigiro ndeyeese akajeka uye SSL encrypted traffic uye yakanyatsobatanidzwa neHTTPS/TLS
  • Kuongorora kugona.

TLS Inspection Layer. Zvitsva zvine chekuita nekuongorora kweHTTPS:

  • Iyo itsva Policy Layer muSmartConsole yakatsaurirwa kuTLS Inspection.
  • Akasiyana TLS Inspection layers inogona kushandiswa mumapakeji akasiyana epolicy.
  • Kugovaniswa kweTLS Yekuongorora layer pane akawanda epolicy mapakeji.
  • API yeTLS mashandiro.

3. Kudzivirira Kutyisidzira

  • Kuwedzeredza kwekubudirira kweThreat Prevention maitiro uye zvigadziriso.
  • Otomatiki inogadziridza kune Threat Extraction Injini.
  • Dynamic, Domain uye Updatable Objects zvino zvinogona kushandiswa muThreat Prevention uye TLS Inspection policy. Zvinhu zvinogadziridzwa zvinhu zvetiweki zvinomiririra sevhisi yekunze kana inozivikanwa ine simba runyorwa rwe IP kero, semuenzaniso - Office365 / Google / Azure / AWS IP kero uye Geo zvinhu.
  • Anti-Virus ikozvino inoshandisa SHA-1 uye SHA-256 zviratidzo zvekutyisidzira kuvhara mafaira zvichienderana nehashi dzavo. Ngenisa zviratidzo zvitsva kubva kuSmartConsole Threat Indicators maonero kana Custom Intelligence Feed CLI.
  • Anti-Virus uye SandBlast Threat Emulation ikozvino inotsigira kuongororwa kwe-e-mail traffic pamusoro pePOP3 protocol, pamwe nekuvandudzwa kwekuongorora kwe-e-mail traffic pamusoro peIMAP protocol.
  • Anti-Virus uye SandBlast Threat Emulation ikozvino shandisa ichangoburwa SSH yekuongorora chimiro chekuongorora mafaera anotamiswa pamusoro peSCP neSFTP protocol.
  • Anti-Virus uye SandBlast Threat Emulation zvino inopa rutsigiro rwakavandudzwa rweSMBv3 ongororo (3.0, 3.0.2, 3.1.1), iyo inosanganisira kuongororwa kweakawanda-channel yekubatanidza. Check Point parizvino ndiye ega mutengesi kutsigira kuongororwa kwekufambisa kwefaira kuburikidza nematanho akawanda (chinhu chiri pa-ne-default munzvimbo dzese dzeWindows). Izvi zvinobvumira vatengi kuti vagare vakachengeteka pavanenge vachishanda neichi chiitiko chekusimudzira.

4. Identity Awareness

  • Tsigiro yeCaptive Portal kubatanidzwa neSAML 2.0 uye yechitatu bato Identity Providers.
  • Tsigiro yeIdentity Broker yekugovana uye kugovana ruzivo rwechitupa pakati pePDPs, pamwe nekuyambuka-domain kugovana.
  • Makwidziridzo kune Terminal Servers Agent kuti ive nani kuyera uye kuenderana.

5. IPsec VPN

  • Gadzira akasiyana VPN encryption domains pane Chengetedzo Gedhi iyo inhengo yeakawanda VPN nharaunda. Izvi zvinopa:
  • Yakavandudzwa kuvanzika - Manetiweki emukati haana kuburitswa muIKE protocol nhaurirano.
  • Kuvandudzwa kuchengetedzeka uye granularity - Taura kuti ndeapi network inowanikwa munharaunda yakatarwa yeVPN.
  • Yakavandudzwa kudyidzana - Yakareruka nzira-yakavakirwa VPN tsananguro (inokurudzirwa kana iwe uchishanda isina chinhu VPN encryption domain).
  • Gadzira uye shanda zvisina musono neiyo Yakakura Scale VPN (LSV) nharaunda nerubatsiro rweLSV profiles.

6. URL Sefa

  • Kuvandudza scalability uye kusimba.
  • Kuwedzerwa matambudziko ekugadzirisa matambudziko.

7.NAT

  • Yakavandudzwa NAT port allocation mechanism - paSecurity Gateways ine 6 kana anopfuura CoreXL Firewall zviitiko, zvese zviitiko zvinoshandisa dziva rimwe chete reNAT ports, iro rinogonesa kushandiswa kwechiteshi nekushandisazve.
  • NAT chiteshi chekushandisa chekutarisa muCPView uye neSNMP.

8. Izwi pamusoro peIP (VoIP)Multiple CoreXL Firewall zviitiko zvinobata iyo SIP protocol kuwedzera mashandiro.

9.Remote Access VPNShandisa chitupa chemuchina kusiyanisa pakati pezvinhu zvekambani nezvisiri zvekambani uye kuseta mutemo unomanikidza kushandiswa kwezvinhu zvemakambani chete. Enforcement inogona kuve pre-logon (kusimbisa mudziyo chete) kana post-logon (mudziyo uye mushandisi chokwadi).

10. Mobile Access Portal AgentYakavandudzwa Endpoint Chengetedzo pane Inodiwa mukati meMobile Access Portal Agent kutsigira ese makuru mabhurawuza. Kuti uwane rumwe ruzivo, ona sk113410.

11.CoreXL uye Multi-Queue

  • Tsigiro yekugovera otomatiki yeCoreXL SNDs uye Firewall zviitiko zvisingade Chengetedzo Gateway reboot.
  • Yakavandudzwa kunze kwechiitiko chebhokisi - Chengetedzo Gedhi inoshandura otomatiki nhamba yeCoreXL SNDs uye Firewall zviitiko uye Multi-Queue kumisikidza zvichienderana neazvino traffic traffic.

12. Kubatanidza

  • Tsigiro yeCluster Control Protocol muUnicast modhi inobvisa kudiwa kweCCP

Broadcast kana Multicast modes:

  • Cluster Control Protocol encryption ikozvino yagoneswa nekusarudzika.
  • New ClusterXL modhi -Active/Active, inotsigira Nhengo dzeCluster munzvimbo dzakasiyana dzenzvimbo dzinowanikwa pama subnets akasiyana uye dzine kero dzeIP dzakasiyana.
  • Tsigiro yeClusterXL Cluster Nhengo dzinomhanyisa akasiyana software shanduro.
  • Yakabvisa kudiwa kweMAC Magic kumisikidzwa kana akati wandei masumbu akabatana kune imwechete subnet.

13. VSX

  • Tsigiro yeVSX kusimudzira neCPUSE muGaia Portal.
  • Tsigiro yeActive Up mode muVSLS.
  • Tsigiro yeCPView manhamba mishumo kune yega yega Virtual System

14. Zero TouchIyo yakapfava Plug & Play setup process yekuisa mudziyo - kubvisa kudiwa kwehunyanzvi hwehunyanzvi uye kuve nekubatanidza kune mudziyo wekutanga kumisikidzwa.

15. Gaia REST APIGaia REST API inopa nzira itsva yekuverenga nekutumira ruzivo kumaseva anomhanyisa Gaia Operating System. Ona sk143612.

16. Advanced Routing

  • Makwidziridzo kuOSPF neBGP anobvumira kuseta zvakare uye kutangazve OSPF yakavakidzana kune yega yega CoreXL Firewall muenzaniso pasina kukosha kwekutangazve daemon yakafambiswa.
  • Kuvandudza nzira yekumutsiridza yekuvandudza mabatiro eBGP routing kusawirirana.

17. Nyowani kernel masimba

  • Yakakwidziridzwa Linux kernel
  • New partitioning system (gpt):
  • Inotsigira anopfuura 2TB emuviri / zvine musoro madhiraivha
  • Inokurumidza faira system (xfs)
  • Inotsigira yakakura sisitimu yekuchengetedza (inosvika 48TB yakaedzwa)
  • I/O ine chekuita nekuvandudzwa kwemaitiro
  • Multi-Queue:
  • Yakazara Gaia Clish rutsigiro rweMulti-Queue mirairo
  • Otomatiki "on by default" kumisikidza
  • SMB v2/3 gomo rutsigiro muMobile Access blade
  • Yakawedzerwa NFSv4 (mutengi) rutsigiro (NFS v4.2 ndiyo yakasarudzika NFS vhezheni inoshandiswa)
  • Tsigiro yezvishandiso zvitsva zvekugadzirisa, kutarisa uye kugadzirisa sisitimu

18. CloudGuard Controller

  • Mafambiro ekuwedzera ekubatanidza kune ekunze Data Centers.
  • Kubatanidzwa neVMware NSX-T.
  • Tsigiro yekuwedzera API mirairo yekugadzira uye kugadzirisa Data Center Server zvinhu.

19. Multi-Domain Server

  • Chengetedza uye dzorera munhu Domain Management Server pane Multi-Domain Server.
  • Tamisa Domain Management Server pane imwe Multi-Domain Server kune yakasiyana Multi-Domain Security Management.
  • Tamisa Chengetedzo Management Server kuti ive Domain Management Server pane Multi-Domain Server.
  • Tamisa Domain Management Server kuti ive Chengetedzo Management Server.
  • Dzosera Domain paMulti-Domain Server, kana Chengetedzo Yekuchengetedza Server kune yakapfuura kudzokorora kuti uwedzere kugadzirisa.

20. SmartTasks uye API

  • New Management API yechokwadi nzira inoshandisa auto-yakagadzirwa API Kiyi.
  • New Management API inoraira kugadzira zvinhu zvemasumbu.
  • Central Deployment yeJumbo Hotfix Accumulator uye Hotfixes kubva kuSmartConsole kana neAPI inobvumira kuisa kana kusimudzira akawanda Chengetedzo Magedhi uye Masumbu akafanana.
  • SmartTasks -Gadzirisa otomatiki zvinyorwa kana zvikumbiro zveHTTPS zvinokonzereswa nemabasa emaneja, sekuburitsa chikamu kana kuisa mutemo.

21. DeploymentCentral Deployment yeJumbo Hotfix Accumulator uye Hotfixes kubva kuSmartConsole kana neAPI inobvumira kuisa kana kusimudzira akawanda Chengetedzo Magedhi uye Masumbu akafanana.

22. SmartEventGovera SmartView maonero uye mishumo nevamwe maneja.

23.Log ExporterTumira kunze matanda akasefa zvinoenderana nemunda.

24.Endpoint Security

  • Tsigiro yeBitLocker encryption yeYakazara Disk Encryption.
  • Tsigiro yekunze Sitifiketi Chiremera zvitupa zve Endpoint Security mutengi
  • chokwadi uye kutaurirana neEndpoint Security Management Server.
  • Tsigiro yekukura kwesimba reEndpoint Security Client mapakeji zvichibva pane zvakasarudzwa
  • features for deployment.
  • Policy ikozvino inogona kudzora mwero wezviziviso kupedzisa vashandisi.
  • Tsigiro yePersistent VDI nharaunda muEndpoint Policy Management.

Zvataida zvakanyanya (zvichibva pamabasa evatengi)

Sezvaunogona kuona, kune zvakawanda zvitsva. Asi kwatiri, sekudaro system integrator, kune akati wandei anonakidza mapoinzi (awo anonakidza kune vatengi vedu). Yedu yepamusoro gumi:

  1. Pakupedzisira, kutsigirwa kuzere kweIoT zvishandiso kwaonekwa. Zvatove zvakaoma kuwana kambani isina michina yakadaro.
  2. Kuongorora kweTLS iko zvino kwaiswa mune yakaparadzana layer (Layer). Zviri nyore kupfuura ikozvino (pa80.30). Hapasisina kumhanya yekare Legasy Dashboard. Uyezve, ikozvino unogona kushandisa Zvinhu zvinogadziriswa muHTTPS yekuongorora mutemo, seHofisi365, Google, Azure, AWS, nezvimwe. Izvi zviri nyore kwazvo kana iwe uchida kuseta kunze. Nekudaro, hapasati paine tsigiro yetls 1.3. Sezviri pachena ivo "vachabata" neinotevera hotfix.
  3. Shanduko dzakakosha dzeAnti-Virus uye SandBlast. Iye zvino unogona kutarisa maprotocol akadai SCP, SFTP uye SMBv3 (nenzira, hapana anogona kutarisa iyi multi-channel protocol zvakare).
  4. Pane zvakawanda zvekuvandudza maererano neSite-to-Site VPN. Iye zvino unogona kugadzirisa akati wandei VPN madomasi pane gedhi iro riri chikamu che akati wandei VPN nharaunda. Zviri nyore uye zvakachengeteka zvakanyanya. Uye zvakare, Check Point yakazorangarira Route Yakavakirwa VPN uye yakavandudza zvishoma kugadzikana kwayo / kuenderana.
  5. Chinhu chakakurumbira chevashandisi vari kure chavepo. Iye zvino iwe unogona kutendesa kwete chete mushandisi, asiwo mudziyo waanobatanidza. Semuenzaniso, isu tinoda kubvumira VPN kubatana chete kubva kumakambani emakambani. Izvi zvinoitwa, hongu, nerubatsiro rwezvitupa. Izvo zvakare zvinogoneka kukwira otomatiki (SMB v2/3) faira migove yevashandisi vari kure neVPN mutengi.
  6. Pane zvakawanda zvekuchinja mukushanda kwechikwata. Asi pamwe chimwe chezvinonyanya kunakidza mukana wekushandisa sumbu uko masuwo ane akasiyana mavhezheni eGaia. Izvi zviri nyore pakuronga update.
  7. Yakavandudzwa Zero Touch kugona. Chinhu chinobatsira kune avo vanowanzoisa "madiki" magedhi (somuenzaniso, maATM).
  8. Kune matanda, kuchengetedza kusvika ku48TB ikozvino kwatsigirwa.
  9. Unogona kugovera madhibhodhi ako eSmartEvent nevamwe maneja.
  10. Log Exporter ikozvino inobvumidza iwe kufanosefa yakatumirwa meseji uchishandisa iyo inodiwa minda. Avo. Iwo chete matanda anodiwa uye zviitiko zvinozoendeswa kune ako SIEM masisitimu

Update

Zvichida vazhinji vari kutofunga nezvekuvandudza. Hapana chikonzero chekumhanyira. Kutanga, vhezheni 80.40 inofanirwa kuenda kune General Availability. Asi kunyangwe mushure meizvozvo, haufanirwe kugadzirisa ipapo. Zviri nani kumirira kanenge hotfix yekutanga.
Zvichida vazhinji "vakagara" pane zvinyorwa zvekare. Ndinogona kutaura kuti padiki zvave kutogoneka (uye kunyangwe zvakafanira) kugadzirisa ku80.30. Iyi yatove yakagadzikana uye yakaratidza system!

Iwe unogona zvakare kunyorera kumapeji edu eruzhinji (teregiramu, Facebook, VK, TS Solution Blog), kwaunogona kutevera kubuda kwezvinhu zvitsva paCheck Point uye zvimwe zvigadzirwa zvekuchengetedza.

Vashandisi vakanyoresa chete ndivo vanogona kutora chikamu muongororo. Nyorera mu, Munogamuchirwa.

Ndeipi vhezheni yeGaia yauri kushandisa?

  • R77.10

  • R77.30

  • R80.10

  • R80.20

  • R80.30

  • mwe

13 vashandisi vakavhota. 6 vashandisi vakaramba.

Source: www.habr.com

Voeg