Shulou(Shulou.com)06/01 Report--

What's New in R80.20

What's new in R80.20?

Acceleration

accelerate

With Falcon Acceleration Cards:

Super accelerator card

NGFW/NGTP/NGTX-supports higher throughput with maximum security byimplementing Deep Inspection acceleration

NGFW/NGTP/NGTX supports higher throughput and maximum security for deep detection acceleration

HTTPS Inspection acceleration-supports higher throughput of HTTPStraffic

Accelerated detection of HTTPS-support for higher throughput

Firewall only acceleration-low-latency for Firewall only traffic, highpacket and session rates

Firewall unique acceleration-firewall traffic high-speed packet forwarding and low latency of session rate

VSX and QoS support

Support for VSX and QoS

Additional software enhancements:

Enhanced additional software features

HTTPS Inspection performance improvements

Improvement of detection performance of HTTPS

Session rate improvements on high-end appliances (including 2012 appliancesand 13000 and above appliances)

The increase in interest rates for high-end sessions includes 2012 devices and more than 13000 security devices.

Acceleration is enabled during policy installation

Acceleration can be enabled during policy installation.

Threat Prevention

Prevent threats

Threat Prevention Indicators (IoC) API

Threat Prevention indicator API

Management API support for Threat Prevention Indicators (IoC)

Manage API to support threat prevention metrics

Add, delete, and view indicators through the management API

Add, delete and display metrics by managing API

Threat Prevention Layers

Threat Prevention menu

Support layer sharing within Threat Prevention policy

Support layering in threat prevention policy

Support setting different administrator permissions per ThreatPrevention layer

Support for setting different administrator privileges for each threat prevention tier

MTA (Mail Transfer Agent)

MTA monitoring:

MTA monitoring

§E-mails history views and statistics, current e-mails queue status andactions performed on e-mails in queue

Email history view and statistics, current email queue status and actions performed in the queue

MTA configuration enhancements:

Enhanced MTA configuration

§Setting a next-hop server by domain name

Set next-hop service by domain name

§Stripping or neutralizing malicious links from e-mails

Stripping or balancing malicious links to incoming messages

§Adding a customized text to a malicious e-mail's body or subject

Add custom text to the body of malware

§Malicious e-mail tagging using an X-header

Marked with malicious messages that begin with x

§Sending a copy of the malicious e-mail

Send a copy to a malicious message

ICAP

ICAP server support on a Security Gateway to consult with ThreatEmulation and Anti-Virus Deep Scan whether a file is malicious

The ICAP service supports threat simulation and virus deep scanning at secure gateways to detect whether a file is malicious.

Threat Emulation

Threat simulation

SmartConsole support for multiple Threat Emulation Private CloudAppliances

The intelligent console supports multiple threats to simulate private cloud devices

SmartConsole support for Blocking files types in archives

Smart console supports encapsulating file types in archives

Identity Awareness

Identity warning

Identity Tags support the use of tags defined by an external source toenforce users, groups or machines in Access Roles matching

Identity tags support the use of tags defined by external sources to force users, groups, or machines in role access matching

Identity Collector support for Syslog Messages-ability to extractidentities from syslog notifications

Identity collection messages that support SYSLOG-the ability to extract identities from SYSLOG notifications

Identity Collector support for NetIQ eDirectory LDAP Servers

Identity collection supports flexible electronic directory server LDAP server

Improved Transparent Kerberos SSO Authentication for Identity Agent

Improve transparent kerberossso authentication for identity agents

Two Factor Authentication for Browser-Based Authentication (support forRADIUS challenge/response in Captive Portal and RSA SecurID next Token/Next PINmode)

Two-factor authentication of browser-browser-based

New configuration container for Terminal Servers Identity Agents

New configuration container for terminal server identity agent

Ability to use an Identity Awareness Security Gateway as a proxy toconnect to the Active Directory environment, if SmartConsole has noconnectivity to the Active Directory environment and the gateway does

Can use identity awareness security gateway as the environment to connect to ACTIVE directory, if the intelligent control platform is not connected to the active directory environment and gateway

Active Directory cross-forest trust support for Identity Agent

Active directory cross-domain trust supports identity agents

Identity Agent automatic reconnection to prioritized PDP gateways

The identity agent automatically reconnects to the high priority PDP gateway

Additional filter options for identity collector-additional filter options for "FilterperSecurity Gateway" and "Filter by domain" identity collection-filter gateway and filter by domain

Improvements and stability fixes related to Identity Collector andWeb-API

Mirror and Decrypt improvements and stability fixes related to identity collection, web-api mirroring and decryption

Decryption and clone of HTTP and HTTPS traffic decryption and clone HTTPS traffic

Forwarding traffic to a designated interface for mirroring purposes

Hardware Security Module (HSM)

Forwards traffic to the specified interface for backup destination hardware security block

Enhancement of outbound HTTPS Inspection with a Gemalto SafeNet HSMAppliance

Strengthen external HTTPS detection through equipment

SSL keys are stored when using HTTPS Inspection

The SSL key is saved when HTTPS detection is used

Clustering

Sync redundancy support (over bond interface) information redundancy support

Automatic CCP mode (either Unicast, Multicast or Broadcast mode)

Automatic CCP mode unicast multicast or broadcast

Unicast CCP mode unicast mode

Enhanced state and fault monitoring capabilities of Enhanced state and failover monitoring capabilities

OSPFv3 (IPv6) clustering support cluster support

New cluster commands in Gaia Clish new cluster command

Advanced Routing

Advanced routin

Allow AS-in-count

IPv6 MD5 for BGP

IPv6 Dynamic Routing in ClusterXL

Dynamic routing

IPv4 and IPv6 OSPF multiple instances

Bidirectional Forwarding Detection (BFD) for gateways and VSX, includingIP Reachability detection and BFD Multihop

Access Policy access policy

New Wildcard Network object supported in Access Control policy

New network wildcard object supports communication control strategy

Simplified management of Network objects in a security policy

Simple Management of Network objects in Security Policy

HTTPS Inspection now works in conjunction with HTTPS web sitescategorization.

HTTPS testing now works with HTTPS site classification

HTTPS traffic that is bypassed will becategorized. HTTP traffic that is not processed will be classified

Rule Base performance improvements, for enhanced rule base navigationand scrolling

Rule base performance improvement is used to enhance basic navigation and scrolling

Global × × Communities. Previously supported in R77.30.

Global × × community, previously in R77Jing 30, supported

Security Management

Safety management

Upgraded Linux kernel (3.10)

Update Linux kernel 3.10

Additional support for Open Servers hardware

Additional support for open hardware servers

New file system (xfs)

New file system

More than 2TB support per a single storage device

Each single storage device has more than 2TB space

Enlarged systems storage (up to 48T tested)

Expanded system storage

I/O related performance improvements

The related improvement of the Icano program

Supportof new system tools for debugging, monitoring and configuring the system supports new system tools for debugging, monitoring, and configuring systems

Iotop (provides I do O runtime stats)

Provide run-time data for IPUBO

Lsusb (provides information about all devices connected to USB)

Provide all devices connected with USB

Lshw (provides detailed information about all HW)

Provide all the data about HW

Lsscsi (provides information about storage)

Provide stored information

Ps (new version, more counters)

New version, more components

Top (new version, more counters)

New version, more components

O iostat (new version, more counters)

Multiple simultaneous sessions in SmartConsole-One administrator canpublish or discard several SmartConsole private sessions, independently of theother sessions.

There are multiple sessions in the intelligent control platform at the same time-an administrator can expose or discard several smart console private sessions, as well as independent of other sessions.

Integration with a Syslogserver (previously supported in R77.30)-ASyslog server object can be configured in SmartConsole to send logs to a Syslogserver.

Integration with SYSLOG server (previously supported in r7730)-an syslog server object can be configured on the intelligent control platform to send logs to the syslog server

SmartProvisioning

Intelligent service is launched

Integration with SmartProvisioning (previously supported in R77.30)

The Integration of Intelligent Service Activation

Support for the 1400 series appliances

Support 1400 Series Electrical Appliances

Administrators can now use SmartProvisioning in parallel withSmartConsole

VSEC Controller Enhancements

Managers can now use intelligent enablement and intelligent control platforms in parallel to enhance vsec controllers

Integration with Google Cloud Platform

Integration of Google's cloud platform

Integration with Cisco ISE

Integration of Cisco ISE

Automatic license management with the vSEC Central Licensing utility

Use the vsec central licensing utility to automate management

Monitoring capabilities integrated into SmartView

Monitoring smartview integration function

VSEC Controller support for 41000, 44000, 61000, and 64000 ScalablePlatforms

Endpoint Security Server

The Vsec controller supports 41000, 44000, and 64000 scalable platform endpoint security servers

Managing features that are included inR77.30.03:

Management characteristics in r773003

Management of new blades:

New features of management

SandBlast Agent Anti-Bot

Agent anti-puppet program

SandBlast Agent Threat Emulation and Anti-Exploit

Agent threat simulation and anti-puppet programs

SandBlast Agent Forensics and Anti-Ransomware

Proxy authentication and anti-puppet procedures

Capsule Docs

Capsule file

New features in existing blades:

New features of existing blades

Full Disk Encryption

Full disk encryption

§Offline Mode

Offline mode

§Self Help Portal

Online help website

§XTS-AES Encryption

Encrypt

§New options for the Trusted Platform Module (TPM)

New options for trusted platforms

§New options for managing Pre-Boot Users

New options for managing users

Media Encryption and Port Protection

Media encryption and port protection

§New options to configure encrypted container

New options for configuring encryption containers

§Optical Media Scan

Optical media detection

Anti-Malware

Anti-malware

§Web Protection

Web protection

§Advanced Disinfection

Advanced antivirus

Additional Enhancements

Additional enhancements

HTTPS Inspection support for IPv6 traffic

HTTPS inspection supports IPV6 traffic

Additional cipher suites support for HTTPS inspection

Additional cipher suites support HTTPS detection

Improvements in policy installation performance on R80.10 and highergateways with IPS

Improved installation policy performance of R80 and higher gateway IPS

Network defined by routes-gateway's topology is automaticallyconfigured based on routing

The network defined by the route-the topology of the gateway is automatically configured based on the route

IPS Domain Purge on Security Management Server-IPS update packages aresaved for 30 days, older packages are purged.

IPS domain clearing security management server-IPS update packages will be saved for 30 days, and older update packages will be cleared

SmartConsole Extensions-an open API platform for extending SmartConsole with third-party and in-house tools and features.

Extension of Intelligent extension platform-an open API platform for extending intelligent control platforms and internal tools and functions using third-party software

Compressed snapshots-reduced system snapshot size.

Compress Snapshot-reduce system snapshot model

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.