CHECKPOINT发布R80.2版本，00后小伙技术翻译

network

CHECKPOINT发布R80.2版本，00后小伙技术翻译


What’s New in R80.20
R80.20有什么新的内容？


Acceleration
加速
·         With Falcon Acceleration Cards:
超级加速卡
·         NGFW/NGTP/NGTX - supports higher throughput with maximum security by implementing Deep Inspection acceleration
NGFW/NGTP/NGTX支持更高的吞吐量和最大安全性来实现深度检测加速度
·         HTTPS Inspection acceleration - supports higher throughput of HTTPS traffic
HTTPS的加速检测——支持更高的吞吐量
·         Firewall only acceleration - low-latency for Firewall only traffic, high packet and session rates
防火墙特有加速——防火墙流量 高速包转发 及会话速率变的低延时
·         VSX and QoS support
支持VSX和QoS

·         Additional software enhancements:
增强了另外的软件功能
·         HTTPS Inspection performance improvements
HTTPS的检测性能提升
·         Session rate improvements on high-end appliances (including 2012 appliances and 13000 and above appliances)
高端会话利率提升包括2012型设备和13000以上的安全设备
·         Acceleration is enabled during policy installation
在策略安装过程中可以启用加速。
Threat Prevention
预防威胁
·         Threat Prevention Indicators (IoC) API
威胁预防指标API
        Management API support for Threat Prevention Indicators (IoC)
        管理API来支持威胁预防指标
        Add, delete, and view indicators through the management API
        通过管理API来增加，删除和展示指标
·         Threat Prevention Layers
威胁预防菜单
        Support layer sharing within Threat Prevention policy
        在威胁预防政策中支持分层
        Support setting different administrator permissions per Threat Prevention layer
        支持为每个威胁预防分层设置不同的管理员权限
·         MTA (Mail Transfer Agent)
        MTA monitoring:
        MTA监视
§  E-mails history views and statistics, current e-mails queue status and actions performed on e-mails in queue
电子邮件历史视图和统计，当前电子邮件队列状态和在队列中执行的操作
·         MTA configuration enhancements:
MTA配置功能增强
§  Setting a next-hop server by domain name
按域名设置下一跳服务
§  Stripping or neutralizing malicious links from e-mails
剥离或平衡来着邮件的恶意链接
§  Adding a customized text to a malicious e-mail's body or subject
向恶意软件的主体添加自定义文本
§  Malicious e-mail tagging using an X-header
标记使用x开头的恶意邮件
§  Sending a copy of the malicious e-mail
发送一个复制向恶意邮件
·         ICAP
·         ICAP server support on a Security Gateway to consult with Threat Emulation and Anti-Virus Deep Scan whether a file is malicious
ICAP服务支持在安全网关上的威胁模拟和病毒深度扫描检测一个文件是否有恶意
·         Threat Emulation
威胁模拟
        SmartConsole support for multiple Threat Emulation Private Cloud Appliances
        智能控制台支持多次威胁模拟私有云设备
        SmartConsole support for Blocking files types in archives
        智能控制台支持在档案封装文件类型
Identity Awareness
身份警觉

·         Identity Tags support the use of tags defined by an external source to enforce users, groups or machines in Access Roles matching
在角色访问匹配中身份标签支持使用外部源定义的标签来强制用户，组或机器
·         Identity Collector support for Syslog Messages - ability to extract identities from syslog notifications
身份收集支持SYSLOG的消息-从SYSLOG通知中提取身份的能力
·         Identity Collector support for NetIQ eDirectory LDAP Servers
身份收集支持灵活的电子目录服务器LDAP服务器
·         Improved Transparent Kerberos SSO Authentication for Identity Agent
       提高身份代理的透明kerberos sso 身份验证
·         Two Factor Authentication for Browser-Based Authentication (support for RADIUS challenge/response in Captive Portal and RSA SecurID next Token/Next PIN mode)
  浏览器的两个因素认证-基于浏览器
·         New configuration container for Terminal Servers Identity Agents
用于终端服务器身份代理的新配置容器
·         Ability to use an Identity Awareness Security Gateway as a proxy to connect to the Active Directory environment, if SmartConsole has no connectivity to the Active Directory environment and the gateway does
能够使用身份认识安全网关作为连接到ACTIVE directory的环境，如果智能控制平台没有连接到active directory环境和网关
·         Active Directory cross-forest trust support for Identity Agent
Active directory跨域信任支持身份代理
·         Identity Agent automatic reconnection to prioritized PDP gateways
身份代理自动重新连接到优先级高的PDP网关
·         Additional filter options for identity collector - "Filter perSecurity Gateway" and "Filter by domain"身份收集的附加过滤器选项-过滤器网关和按域过滤
·         Improvements and stability fixes related to Identity Collector and Web-API
Mirror and Decrypt与身份收藏，web-api镜像和解密相关的改进和稳定性修复

·         Decryption and clone of HTTP and HTTPS traffic解密和克隆HTTPS交通
·         Forwarding traffic to a designated interface for mirroring purposes
Hardware Security Module (HSM)
将流量转发到指定接口以进行备份目的硬件安全块
·         Enhancement of outbound HTTPS Inspection with a Gemalto SafeNet HSM Appliance通过     设备加强对外的HTTPS检测
·         SSL keys are stored when using HTTPS Inspection
当使用HTTPS检测时SSL密钥被保存
Clustering
·         Sync redundancy support (over bond interface)信息冗余支持
·         Automatic CCP mode (either Unicast, Multicast or Broadcast mode)
自动CCP模式单播 多播或广播
·         Unicast CCP mode单播模式
·         Enhanced state and failover monitoring capabilities增强的状态和故障监测能力
·         OSPFv3 (IPv6) clustering support集群支持
·         New cluster commands in Gaia Clish新集群命令
Advanced Routing先进的路由

·         Allow AS-in-count
·         IPv6 MD5 for BGP
·         IPv6 Dynamic Routing in ClusterXL动态路由
·         IPv4 and IPv6 OSPF multiple instances
·         Bidirectional Forwarding Detection (BFD) for gateways and VSX, including IP Reachability detection and BFD Multihop
Access Policy通过策略

·         New Wildcard Network object supported in Access Control policy
新的网络通配符对象支持通信控制策略
·         Simplified management of Network objects in a security policy
安全政策中对网络对象的简单管理
·         HTTPS Inspection now works in conjunction with HTTPS web sites categorization.
HTTPS检测现在与HTTPS网站分类一起工作
HTTPS traffic that is bypassed will be categorized.那些不被处理的HTTP流量将被分类
·         Rule Base performance improvements, for enhanced rule base navigation and scrolling
规则基础性能提升用于增强基础导航和滚动
·         Global VPN Communities. Previously supported in R77.30.
全局VPN社区，以前在R77,30,支持
Security Management
安全管理
·         Upgraded Linux kernel (3.10)
更新Linux内核
·         Additional support for Open Servers hardware
对开放硬件服务器有额外支持
·         New file system (xfs)
新文件系统
        More than 2TB support per a single storage device
        每个单一的存储设备有超过2TB空间
        Enlarged systems storage (up to 48T tested)
        扩大的系统存储
·         I/O related performance improvements
I/O程序的相关提升
·         Support of new system tools for debugging, monitoring and configuring the  system支持用于调试，监视和配置系统的新系统工具
        iotop (provides I/O runtime stats
        提供I/O运行时的数据
        lsusb (provides information about all devices connected to USB)
        提供所有用USB连接的设备
        lshw (provides detailed information about all HW)
        提供所有有关HW的数据
        lsscsi (provides information about storage)
        提供存储的有关信息
        ps (new version, more counters)
        新版本，更多组件
        top (new version, more counters)
        新版本，更多组件
o    iostat (new version, more counters)
·         Multiple simultaneous sessions in SmartConsole - One administrator can publish or discard several SmartConsole private sessions, independently of the other sessions.
在智能控制平台中同时有多个会话-一个管理员能公开或丢弃几个智能控制台私有会话，以及独立于其他会话。
·         Integration with a Syslog server (previously supported in R77.30) - A Syslog server object can be configured in SmartConsole to send logs to a Syslog server.
与SYSLOG服务器的一体化（以前在r7730中支持）-一个syslog服务器对象可以在智能控制平台上配置以便将日志发送到syslog服务器

SmartProvisioning
智能服务开通

·         Integration with SmartProvisioning (previously supported in R77.30)
智能服务开通的一体化
·         Support for the 1400 series appliances
支持1400系列电气用品
·         Administrators can now use SmartProvisioning in parallel with SmartConsole
vSEC Controller Enhancements
管理者现在可以并联使用智能开通和智能控制平台来增强vsec控制器
·         Integration with Google Cloud Platform
谷歌云平台的一体化
·         Integration with Cisco ISE
思科ISE的一体化
·         Automatic license management with the vSEC Central Licensing utility
使用vsec中央许可实用程序来自动管理
·         Monitoring capabilities integrated into SmartView
监视smartview一体化功能
·         vSEC Controller support for 41000, 44000, 61000, and 64000 Scalable Platforms
Endpoint Security Server
Vsec控制器支持41000,44000,61000和64000可伸缩平台端点安全服务器
Managing features that are included in R77.30.03:
在r773003中的管理特点
·         Management of new blades:
管理新特点
        SandBlast Agent Anti-Bot
        代理反傀儡程序
        SandBlast Agent Threat Emulation and Anti-Exploit
        代理威胁仿真和反傀儡程序
        SandBlast Agent Forensics and Anti-Ransomware
        代理鉴证和反傀儡程序
        Capsule Docs
        胶囊文件
·         New features in existing blades:
现有刀片的新特点
        Full Disk Encryption
        全磁盘的加密
§  Offline Mode
线下模式
§  Self Help Portal
私有帮助网站
§   XTS-AES Encryption
            加密
§  New options for the Trusted Platform Module (TPM)
可信平台的新选项
§  New options for managing Pre-Boot Users
管理用户的新选项
·         Media Encryption and Port Protection
媒体加密和端口保护
§  New options to configure encrypted container
配置加密集装箱的新选项
§  Optical Media Scan
光学媒体检测
·                 Anti-Malware
反恶意软件
§   Web Protection
网络保护
§   Advanced Disinfection
    提前的消毒
Additional Enhancements
另外的增强功能
·         HTTPS Inspection support for IPv6 traffic
HTTPS检测支持IPV6流量
·         Additional cipher suites support for HTTPS inspection
额外的密码套件支持HTTPS的检测
·         Improvements in policy installation performance on R80.10 and higher gateways with IPS
提高了R80的安装政策性能和更高的网关IPS
·         Network defined by routes - gateway's topology is automatically configured based on routing
由路由定义的网络-网关的拓扑是以路由为基础自动配置的
·         IPS Domain Purge on Security Management Server - IPS update packages are saved for 30 days, older packages are purged.
IPS域清除安全管理服务器-IPS更新包会被保存30天，更旧的更新包会被清除
·         SmartConsole Extensions – an open API platform for extending Smart Console with third-party and in-house tools and features.
智能扩展平台的扩展-一个开放的API平台对于使用第三方软件扩展智能控制平台和内部工具和功能
·         Compressed snapshots - reduced system snapshot size.  
压缩快照-降低系统快照型号