NPU 域名 consul purposes setting 加密 nes reac 角色

What’s New in R80.20
R80.20有什麽新的內容？

Acceleration
加速
· With Falcon Acceleration Cards:
超級加速卡
· NGFW/NGTP/NGTX - supports higher throughput with maximum security byimplementing Deep Inspection acceleration
NGFW/NGTP/NGTX支持更高的吞吐量和最大安全性來實現深度檢測加速度
· HTTPS Inspection acceleration - supports higher throughput of HTTPStraffic

HTTPS的加速檢測——支持更高的吞吐量
· Firewall only acceleration - low-latency for Firewall only traffic, highpacket and session rates
防火墻特有加速——防火墻流量 高速包轉發 及會話速率變的低延時
· VSX and QoS support
支持VSX和QoS

· Additional software enhancements:
增強了另外的軟件功能
· HTTPS Inspection performance improvements
HTTPS的檢測性能提升

· Session rate improvements on high-end appliances (including 2012 appliancesand 13000 and above appliances)
高端會話利率提升包括2012型設備和13000以上的安全設備
· Acceleration is enabled during policy installation
在策略安裝過程中可以啟用加速。
Threat Prevention
預防威脅
· Threat Prevention Indicators (IoC) API
威脅預防指標API
Management API support for Threat Prevention Indicators (IoC)
管理API來支持威脅預防指標
Add, delete, and view indicators through the management API
通過管理API來增加，刪除和展示指標
· Threat Prevention Layers
威脅預防菜單
Support layer sharing within Threat Prevention policy
在威脅預防政策中支持分層
Support setting different administrator permissions per ThreatPrevention layer
支持為每個威脅預防分層設置不同的管理員權限
· MTA (Mail Transfer Agent)
MTA monitoring:
MTA監視
§ E-mails history views and statistics, current e-mails queue status andactions performed on e-mails in queue
電子郵件歷史視圖和統計，當前電子郵件隊列狀態和在隊列中執行的操作
· MTA configuration enhancements:
MTA配置功能增強
§ Setting a next-hop server by domain name
按域名設置下一跳服務
§ Stripping or neutralizing malicious links from e-mails
剝離或平衡來著郵件的惡意鏈接
§ Adding a customized text to a malicious e-mail‘s body or subject
向惡意軟件的主體添加自定義文本
§ Malicious e-mail tagging using an X-header
標記使用x開頭的惡意郵件
§ Sending a copy of the malicious e-mail
發送一個復制向惡意郵件
· ICAP
· ICAP server support on a Security Gateway to consult with ThreatEmulation and Anti-Virus Deep Scan whether a file is malicious
ICAP服務支持在安全網關上的威脅模擬和病毒深度掃描檢測一個文件是否有惡意
· Threat Emulation
威脅模擬
SmartConsole support for multiple Threat Emulation Private CloudAppliances
智能控制臺支持多次威脅模擬私有雲設備
SmartConsole support for Blocking files types in archives
智能控制臺支持在檔案封裝文件類型
Identity Awareness
身份警示

· Identity Tags support the use of tags defined by an external source toenforce users, groups or machines in Access Roles matching
在角色訪問匹配中身份標簽支持使用外部源定義的標簽來強制用戶，組或機器
· Identity Collector support for Syslog Messages - ability to extractidentities from syslog notifications
身份收集支持SYSLOG的消息-從SYSLOG通知中提取身份的能力
· Identity Collector support for NetIQ eDirectory LDAP Servers
身份收集支持靈活的電子目錄服務器LDAP服務器
· Improved Transparent Kerberos SSO Authentication for Identity Agent
提高身份代理的透明kerberossso 身份驗證
· Two Factor Authentication for Browser-Based Authentication (support forRADIUS challenge/response in Captive Portal and RSA SecurID next Token/Next PINmode)
瀏覽器的雙因子認證-基於瀏覽器
· New configuration container for Terminal Servers Identity Agents
用於終端服務器身份代理的新配置容器
· Ability to use an Identity Awareness Security Gateway as a proxy toconnect to the Active Directory environment, if SmartConsole has noconnectivity to the Active Directory environment and the gateway does
能夠使用身份認識安全網關作為連接到ACTIVE directory的環境，如果智能控制平臺沒有連接到active directory環境和網關
· Active Directory cross-forest trust support for Identity Agent
Active directory跨域信任支持身份代理
· Identity Agent automatic reconnection to prioritized PDP gateways
身份代理自動重新連接到優先級高的PDP網關
· Additional filter options for identity collector - "FilterperSecurity Gateway" and "Filter by domain"身份收集的附加過濾器選項-過濾器網關和按域過濾
· Improvements and stability fixes related to Identity Collector andWeb-API
Mirror and Decrypt與身份收藏，web-api鏡像和解密相關的改進和穩定性修復

· Decryption and clone of HTTP and HTTPS traffic解密和克隆HTTPS交通
· Forwarding traffic to a designated interface for mirroring purposes
Hardware Security Module (HSM)
將流量轉發到指定接口以進行備份目的硬件安全塊
· Enhancement of outbound HTTPS Inspection with a Gemalto SafeNet HSMAppliance
通過 設備加強對外的HTTPS檢測
· SSL keys are stored when using HTTPS Inspection
當使用HTTPS檢測時SSL密鑰被保存
Clustering
· Sync redundancy support (over bond interface)信息冗余支持
· Automatic CCP mode (either Unicast, Multicast or Broadcast mode)
自動CCP模式單播 多播或廣播
· Unicast CCP mode單播模式
· Enhanced state and failover monitoring capabilities增強的狀態和故障監測能力
· OSPFv3 (IPv6) clustering support集群支持
· New cluster commands in Gaia Clish新集群命令
Advanced Routing
高級的路由

· Allow AS-in-count
· IPv6 MD5 for BGP
· IPv6 Dynamic Routing in ClusterXL
動態路由
· IPv4 and IPv6 OSPF multiple instances
· Bidirectional Forwarding Detection (BFD) for gateways and VSX, includingIP Reachability detection and BFD Multihop
Access Policy訪問策略

· New Wildcard Network object supported in Access Control policy
新的網絡通配符對象支持通信控制策略
· Simplified management of Network objects in a security policy
安全政策中對網絡對象的簡單管理
· HTTPS Inspection now works in conjunction with HTTPS web sitescategorization.
HTTPS檢測現在與HTTPS網站分類一起工作
HTTPS traffic that is bypassed will becategorized.那些不被處理的HTTP流量將被分類
· Rule Base performance improvements, for enhanced rule base navigationand scrolling
規則基礎性能提升用於增強基礎導航和滾動
· Global ××× Communities. Previously supported in R77.30.
全局×××社區，以前在R77,30,支持
Security Management
安全管理
· Upgraded Linux kernel (3.10)
更新Linux內核3.10
· Additional support for Open Servers hardware
對開放硬件服務器有額外支持
· New file system (xfs)
新文件系統
More than 2TB support per a single storage device
每個單一的存儲設備有超過2TB空間
Enlarged systems storage (up to 48T tested)
擴大的系統存儲
· I/O related performance improvements
I/O程序的相關提升
· Supportof new system tools for debugging, monitoring and configuring the system支持用於調試，監視和配置系統的新系統工具
iotop (provides I/O runtime stats
提供I/O運行時的數據
lsusb (provides information about all devices connected to USB)
提供所有用USB連接的設備
lshw (provides detailed information about all HW)
提供所有有關HW的數據
lsscsi (provides information about storage)
提供存儲的有關信息
ps (new version, more counters)
新版本，更多組件
top (new version, more counters)
新版本，更多組件
o iostat (new version, more counters)
· Multiple simultaneous sessions in SmartConsole - One administrator canpublish or discard several SmartConsole private sessions, independently of theother sessions.
在智能控制平臺中同時有多個會話-一個管理員能公開或丟棄幾個智能控制臺私有會話，以及獨立於其他會話。
· Integration with a Syslog server (previously supported in R77.30) - ASyslog server object can be configured in SmartConsole to send logs to a Syslogserver.
與SYSLOG服務器的一體化（以前在r7730中支持）-一個syslog服務器對象可以在智能控制平臺上配置以便將日誌發送到syslog服務器

SmartProvisioning
智能服務開通

· Integration with SmartProvisioning (previously supported in R77.30)
智能服務開通的一體化
· Support for the 1400 series appliances
支持1400系列電氣用品
· Administrators can now use SmartProvisioning in parallel withSmartConsole
vSEC Controller Enhancements
管理者現在可以並聯使用智能開通和智能控制平臺來增強vsec控制器
· Integration with Google Cloud Platform
谷歌雲平臺的一體化
· Integration with Cisco ISE
思科ISE的一體化
· Automatic license management with the vSEC Central Licensing utility
使用vsec中央許可實用程序來自動管理
· Monitoring capabilities integrated into SmartView
監視smartview一體化功能
· vSEC Controller support for 41000, 44000, 61000, and 64000 ScalablePlatforms
Endpoint Security Server
Vsec控制器支持41000,44000,61000和64000可伸縮平臺端點安全服務器
Managing features that are included inR77.30.03:
在r773003中的管理特點
· Management of new blades:
管理新特點
SandBlast Agent Anti-Bot
代理反傀儡程序
SandBlast Agent Threat Emulation and Anti-Exploit
代理威脅仿真和反傀儡程序
SandBlast Agent Forensics and Anti-Ransomware
代理鑒證和反傀儡程序
Capsule Docs
膠囊文件
· New features in existing blades:
現有刀片的新特點
Full Disk Encryption
全磁盤的加密
§ Offline Mode
線下模式
§ Self Help Portal
在線幫助網站
§ XTS-AES Encryption
加密
§ New options for the Trusted Platform Module (TPM)
可信平臺的新選項
§ New options for managing Pre-Boot Users
管理用戶的新選項
· Media Encryption and Port Protection
媒體加密和端口保護
§ New options to configure encrypted container
配置加密容器的新選項
§ Optical Media Scan
光學媒體檢測
· Anti-Malware
反惡意軟件
§ Web Protection
web 防護
§ Advanced Disinfection
高級殺毒
Additional Enhancements
附加增強功能
· HTTPS Inspection support for IPv6 traffic
HTTPS檢測支持IPV6流量
· Additional cipher suites support for HTTPS inspection
額外的密碼套件支持HTTPS的檢測
· Improvements in policy installation performance on R80.10 and highergateways with IPS
提高了R80的安裝政策性能和更高的網關IPS
· Network defined by routes - gateway‘s topology is automaticallyconfigured based on routing
由路由定義的網絡-網關的拓撲是以路由為基礎自動配置的
· IPS Domain Purge on Security Management Server - IPS update packages aresaved for 30 days, older packages are purged.
IPS域清除安全管理服務器-IPS更新包會被保存30天，更舊的更新包會被清除
· SmartConsole Extensions – an open API platform for extending SmartConsole with third-party and in-house tools and features.
智能擴展平臺的擴展-一個開放的API平臺對於使用第三方軟件擴展智能控制平臺和內部工具和功能
· Compressed snapshots - reduced system snapshot size.
壓縮快照-降低系統快照型號

CHECKPOINT發布R80.2版本