Support Center > Search Results > SecureKnowledge Details
R80.20.25 for Quantum Spark Appliances Technical Level
Solution

Table of Contents

  • What's New
  • Supported Appliances
  • Downloads
  • Known Limitations and Resolved Issues
  • Enhancements
  • Documentation
  • Revision History 
Important Note: This may not be the latest firmware release. To see the latest firmware release, refer to sk97766.

What's New

  • New Quantum Spark branding
  • Access policy (locally managed)
    • Restore "This gateway" and “Remote access users” objects for Access policy
    • Enforce API/URL policy for VPN Remote Access and VPN Site-to-Site traffic (see SMB-14610 in enhancement section)
    • New SNX client
  • Networking
    • VLAN configuration on Switch interface
    • Bond configuration on LAN1
    • Cluster configuration with Bond
    • Configuration of a Bond without an IP address
  • OS
    • Wireless scheduling - ability to enable and disable wireless transmitters during specific time and day
    • Support for SFP type of 100Mbs
    • Support for SFP DSL in 1570/1590 models
  • SMP access policy for 1500/1600/1800 appliances
  • Clish and APIs
    • Customize appliance administrator role
    • Upload SSL trusted CA certificate via Clish command
    • Gateway REST API for executing a single Clish command
The following features are at an Early Availability (EA) level:
  • Setting MTU per interface, and per VLAN
  • Secure FTP - Backup settings over SFTP
  • MAC filtering support on the Switch (in 1500 models)
  • LTE enhancements:
    • Force cellular on 4G network only
    • Auto carrier package selection based on a SIM ID (Auto PRI)

Supported Appliances  

  • 1500 Series: 1530, 1550, 1570, 1570R, and 1590 appliances.
  • 1600 appliances
  • 1800 appliances

Downloads

  • Check the MD5 string before installing the downloaded file.
  • To download these packages, you will need a Software Subscription or Active Support Plan.
  • May 27, 2021: R80.20.25 Build 992002123 for 1500/1600/1800 appliances is the latest General Availability release that can be directly downloaded from this article:
Download Package 1500 Appliance 1600/1800 Appliance
R80.20.25 Build 992002123  
R80.20.25 Build 992002123  for R80.20 SmartUpdate

Known Limitations and Resolved Issues

  • To view the Known Limitations and Resolved Issues for this release, see sk159772. This is a master list of all issues, arranged according to features.

    In the filter field above each table, enter the string to search for desired results. All rows with relevant information are shown.

    Example:

Enhancements

ID Description 
SMB-14342 InfinitySOC (sk164332) is supported from R80.20.25 in Locally managed mode. It is possible to enable the InfinitySOC feature in Web UI or Gaia Clish. For instructions, see the R80.20.25 Locally Managed Administration Guide.
SMB-14610 Starting in R80.20.25: In locally-managed mode, traffic from VPN Remote Access clients toward the Internet is matched on the "Outgoing access to the Internet" Rule Base if "Route Internet traffic from connected clients through this gateway" is selected. This allows Application Control and URL Filtering enforcement for this traffic.

To restore the previous behavior, do one of these actions:
  • In the WebUI - Under Advanced Settings, set "VPN Remote Access - Match on Internal rulebase only" to "true".
  • In CLI -  Run this command:
set vpn remote-access advanced-settings internal-rulebase-only true
SMB-14661 Starting from R80.20.25, you can enforce Application Control and URL Filtering on VPN Site-to-Site traffic, when VPN peers route their Internet traffic through the gateway.

To configure, enable Outgoing Rule Base matching for that traffic in one of these ways:
  • From the WebUI:
Under "Advanced Settings", set "VPN Site to Site global settings - Match Internet traffic on the Outgoing rulebase" to "true".
  • From CLI:
set vpn site-to-site advanced-settings outgoing-rulebase-match true
SMB-13949 A "Path MTU Discovery" utility was added to check for ICMP messages that indicate the correct MTU to set for the cellular interface. The utility is disabled by default but can be enabled in the Advanced Settings page.
SMB-14554 Added an "Advanced Settings" flag that forces the internal cellular modem to register to the 4G (LTE) network.
SMB-14818 In locally-managed mode, nmap queries are sent to devices connected to the local network to collect device details for display on the Active Devices page.
Starting in R80.20.25, to disable this proactive querying, run this clish command:
set privacy-settings advanced-settings proactive-device-details false

Documentation

User Guides
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Release Notes
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 CLI Reference Guide
Related Solutions
sk97766: Check Point 600 / 700 / 910 / 1100 / 1200R / 1400 / 1500 SMB Appliances Releases
sk159173: Check Point R80.20 for Small and Medium Business Appliances
sk157412: 1500 Series Security Gateways
sk166654: Check Point 1570R Ruggedized Appliances
sk159772: Check Point SMB R80.20 Appliances Features and Known Limitations
sk168880: 1600 and 1800 Series Security Gateways


Revision History

Show / Hide this section
Date Description
15 July 2021 Removed Known Limitations and Resolved Issues. See sk159772.
27 May 2021 Release of Build 992002123
05 April 2021 First release of this document.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment