CheckPoint Release Comparision R65 <-> R70

Advanced search

[subbz2k]

Hey there.

I am a trainee in my company that is specialized in IT-Security. Today i received the instruction to collect relevant (and real technical) differences in the CheckPoint Releases R65 and R70. My trainer wants a comparison between the two releases and i need to point out major technical changes that were made. Those informations mainly need to be collected for the Firewall and their respective feature sets as well as for differences between SmartDefense and the new IPS. And also for other things that are relevant in security matter.

My problem is, that i have no idea where to start searching for what He gave me no hints and nothing - i was just thrown into this issue and dunno where to start. For now i already looked at some Release Notes but i only find new things and nothing that actually compares features from the new R70 and foremost its new Softwareblade architecture to how all this stuff was managed in R65.

Can you help me out with this?? Is there any comparision table regarding those 2 releases out there? Or where should i start to search for those informations if there isnt such a thing?

Would be really great if you can help me with this.
Many thanks in advance!
subb

[juve]

Hi,

Some points I can give you are:

- software blade architecture: new licensing mechanism that is more flexible and will be cheaper for most customers (but don't expect a lot cheaper )
- IPS is the "new" Smartdefense, rewritten from scratch and designed to function better with lower load on the system. You now have a packet capture ability and follow-up feature on the new signatures.
- SPLAT went from 2.4 to 2.6 kernel (there has been a 2.6 R65 SPLAT version, but it wasn't mainstream)
- VMWare support was added. Everyone knows you can run a smartcenter on vmware and now it is officially supported
- Smartworkflow for better rule base management and follow-up
- provisioning of Edge/SPLAT firewalls
- DLP (data leakage prevention) introduced recently
- windows username and pc name can be put in the logs, using a WMI connection to AD
- Smartconsole is now built on the .NET framework

management itself didn't change that much. The log viewer has a different layout for the detailed logs and the addition of windows credentials/packet captures and a few IPS options that guide you to the correct protection being hit. If you want to see the difference, install both the R65 and R70 smartconsoles on your pc and run them in demo mode. That way, you can see the management interfaces and what changed.

[subbz2k]

hey juve,

many thanks for your reply.
those are all the new features of R70 i guess?! or is there more?
my problem is, that i need to deliver a deep technical comparison between r65 and r70. which means that i have to point out the differences and therefore i also need to know what was available in r65. thats my problem, i have no idea what was used in r65. beside the basic rule management and the tracker/dashboard and so on im really not into this whole thing yet.
the only thing i can find is a whats new page for NGX - is that r65? or is this everything from r60 up to r65? and therefore applies to r65 too? and what was new - technical - in r65??

this is soo much stuff to look at - the checkpoint website has tons of pdfs and nothing seems to have the info in it i need.

would be great if you could give me some more advice so that i can overlook everything and can start searching more efficently.

many thanks again
subb

[juve]

Those are the things I can instantly remember, but I may have forgotten a few.

NGX points towards everything ranging from R60 to R65. One of the major things added in NGX was route based VPN. There was also the introduction of the unified client for the desktop, combining VPN, endpoint encryption (pointsec), ...

The basic firewall kernel didn't change that much, but in R70 a lot of work was put in multicore performance. They started it on R65 but it got fully deployed in R70.

You can always have a chat with a sales guy (you can click a link on the site to start a conversation) who probably can fill in the gaps on the introduced features.

[subbz2k]

Hey again,

thanks for your answers so far. I had a meeting with my trainer today and he's more or less satisfied with my little results so far. But he has a new thing for me now. And now it's getting really frustrating for me:

He told me, that there must be a new Version of the INSPECT Engine in R70, simply called Inspect 2 - somehow. And he wants me to now point out the difference between the first Inspect Version in R65 and the new Inspect 2 Engine in R70. I cant find any information about this! The only thing i find is the description, what this Engine does and how INSPECT Scripts work. But i cant find any info on a new Engine Version nor information about technical details there.

And if it wouldnt be enough: He also told me that there was a change in the Packet Flow regarding IPS. There are 3 Paths available in the firewall (kernel side) - the AccelPath from SecureXL, the Medium Path and the Firewall path. He told me, that SmartDefense must have been on the firewall path and now IPS is somethere in between. I can also not find information about this. I'm really overwhelmed now.

Theres one final Question and i hope that it can be answered with not too much stress, sorry: Today there is an Acceleration and Clustering Blade available, containing SecureXL and ClusterXL. In the past i read from the Performance Pack which has SecureXL integrated. Is this the product behind it? Was the Performance Pack in R65 what is now the Accelleration and Clustering Blade in R70? And where was ClusterXL in R65?

Would be really great if you could help me out again!
Many thanks in advance!
Steffen

[juve]

Hi,

In R65, you had the performance pack, being SecureXL. ClusterXL was just a seperate license. Now, they are combined into 1 blade. PArt of ClusterXL is already available in the firewall blade, being the active/passive failover and state sync. It is the active/active part of clusterxl which is licensed seperately.

For the IPS functionality, download this whitepaper with some notes on the INSPECT v2 and how things are processed (you'll need to register or fill out a form to download it):
https://www.checkpoint.com/products/downloads/whitepapers/IPS_Engine_Architecture.pdf.

[subbz2k]

Hey Juve,

many many thanks for your fast reply. I will check the PDF tomorrow and hopefully, your information can fill the rest of the table that i need to produce.

Regarding the information about the Performance Pack and SecureXL - do you have a link at your fingertips, that will let me do some further study of those things? I ask this because when i search the documentations for the Performance Pack i get Documents called "R70/R71 Performance Pack Administration Guide" in spite of that which is confusing: This sounds to me as if the Perf.Pack is still available in R70 and overlaps with the Blade. Is that true? Or do i get things completely wrong?

And one last thing: ClusterXL with active/passive failover, state sync AND active/active failover was a separate feature in R65. Or was it splitted with active/active being separate in R65 also?

Many thanks in advance again
Steffen

[juve]

active/active has always been seperate. I can't find any specific details about the performance pack licensing, but it seems to be specific to SPLAT and uses SecureXL/..., so most likely you can tweak further when you have the acceleration license.

• Articles
• Knowledge base