What’s New in R80.20 R80.20有什么新的内容?
Acceleration 加速 · With Falcon Acceleration Cards: 超级加速卡 · NGFW/NGTP/NGTX - supports higher throughput with maximum security byimplementing Deep Inspection acceleration NGFW/NGTP/NGTX支持更高的吞吐量和最大安全性来实现深度检测加速度 · HTTPS Inspection acceleration - supports higher throughput of HTTPStraffic HTTPS的加速检测——支持更高的吞吐量 · Firewall only acceleration - low-latency for Firewall only traffic, highpacket and session rates 防火墙特有加速——防火墙流量 高速包转发 及会话速率变的低延时 · VSX and QoS support 支持VSX和QoS
· Additional software enhancements: 增强了另外的软件功能 · HTTPS Inspection performance improvements HTTPS的检测性能提升 · Session rate improvements on high-end appliances (including 2012 appliancesand 13000 and above appliances) 高端会话利率提升包括2012型设备和13000以上的安全设备 · Acceleration is enabled during policy installation 在策略安装过程中可以启用加速。 Threat Prevention 预防威胁 · Threat Prevention Indicators (IoC) API 威胁预防指标API Management API support for Threat Prevention Indicators (IoC) 管理API来支持威胁预防指标 Add, delete, and view indicators through the management API 通过管理API来增加,删除和展示指标 · Threat Prevention Layers 威胁预防菜单 Support layer sharing within Threat Prevention policy 在威胁预防政策中支持分层 Support setting different administrator permissions per ThreatPrevention layer 支持为每个威胁预防分层设置不同的管理员权限 · MTA (Mail Transfer Agent) MTA monitoring: MTA监视 § E-mails history views and statistics, current e-mails queue status andactions performed on e-mails in queue 电子邮件历史视图和统计,当前电子邮件队列状态和在队列中执行的操作 · MTA configuration enhancements: MTA配置功能增强 § Setting a next-hop server by domain name 按域名设置下一跳服务 § Stripping or neutralizing malicious links from e-mails 剥离或平衡来着邮件的恶意链接 § Adding a customized text to a malicious e-mail's body or subject 向恶意软件的主体添加自定义文本 § Malicious e-mail tagging using an X-header 标记使用x开头的恶意邮件 § Sending a copy of the malicious e-mail 发送一个复制向恶意邮件 · ICAP · ICAP server support on a Security Gateway to consult with ThreatEmulation and Anti-Virus Deep Scan whether a file is malicious ICAP服务支持在安全网关上的威胁模拟和病毒深度扫描检测一个文件是否有恶意 · Threat Emulation 威胁模拟 SmartConsole support for multiple Threat Emulation Private CloudAppliances 智能控制台支持多次威胁模拟私有云设备 SmartConsole support for Blocking files types in archives 智能控制台支持在档案封装文件类型 Identity Awareness 身份警示
· Identity Tags support the use of tags defined by an external source toenforce users, groups or machines in Access Roles matching 在角色访问匹配中身份标签支持使用外部源定义的标签来强制用户,组或机器 · Identity Collector support for Syslog Messages - ability to extractidentities from syslog notifications 身份收集支持SYSLOG的消息-从SYSLOG通知中提取身份的能力 · Identity Collector support for NetIQ eDirectory LDAP Servers 身份收集支持灵活的电子目录服务器LDAP服务器 · Improved Transparent Kerberos SSO Authentication for Identity Agent 提高身份代理的透明kerberossso 身份验证 · Two Factor Authentication for Browser-Based Authentication (support forRADIUS challenge/response in Captive Portal and RSA SecurID next Token/Next PINmode) 浏览器的双因子认证-基于浏览器 · New configuration container for Terminal Servers Identity Agents 用于终端服务器身份代理的新配置容器 · Ability to use an Identity Awareness Security Gateway as a proxy toconnect to the Active Directory environment, if SmartConsole has noconnectivity to the Active Directory environment and the gateway does 能够使用身份认识安全网关作为连接到ACTIVE directory的环境,如果智能控制平台没有连接到active directory环境和网关 · Active Directory cross-forest trust support for Identity Agent Active directory跨域信任支持身份代理 · Identity Agent automatic reconnection to prioritized PDP gateways 身份代理自动重新连接到优先级高的PDP网关 · Additional filter options for identity collector - "FilterperSecurity Gateway" and "Filter by domain"身份收集的附加过滤器选项-过滤器网关和按域过滤 · Improvements and stability fixes related to Identity Collector andWeb-API Mirror and Decrypt与身份收藏,web-api镜像和解密相关的改进和稳定性修复
· Decryption and clone of HTTP and HTTPS traffic解密和克隆HTTPS交通
· Forwarding traffic to a designated interface for mirroring purposes
Hardware Security Module (HSM)
将流量转发到指定接口以进行备份目的硬件安全块
· Enhancement of outbound HTTPS Inspection with a Gemalto SafeNet HSMAppliance
通过 设备加强对外的HTTPS检测
· SSL keys are stored when using HTTPS Inspection
当使用HTTPS检测时SSL密钥被保存
Clustering
· Sync redundancy support (over bond interface)信息冗余支持
· Automatic CCP mode (either Unicast, Multicast or Broadcast mode)
自动CCP模式单播 多播或广播
· Unicast CCP mode单播模式
· Enhanced state and failover monitoring capabilities增强的状态和故障监测能力
· OSPFv3 (IPv6) clustering support集群支持
· New cluster commands in Gaia Clish新集群命令
Advanced Routing
高级的路由
· Allow AS-in-count · IPv6 MD5 for BGP · IPv6 Dynamic Routing in ClusterXL 动态路由 · IPv4 and IPv6 OSPF multiple instances · Bidirectional Forwarding Detection (BFD) for gateways and VSX, includingIP Reachability detection and BFD Multihop Access Policy访问策略
· New Wildcard Network object supported in Access Control policy 新的网络通配符对象支持通信控制策略 · Simplified management of Network objects in a security policy 安全政策中对网络对象的简单管理 · HTTPS Inspection now works in conjunction with HTTPS web sitescategorization. HTTPS检测现在与HTTPS网站分类一起工作 HTTPS traffic that is bypassed will becategorized.那些不被处理的HTTP流量将被分类 · Rule Base performance improvements, for enhanced rule base navigationand scrolling 规则基础性能提升用于增强基础导航和滚动 · Global ××× Communities. Previously supported in R77.30. 全局×××社区,以前在R77,30,支持 Security Management 安全管理 · Upgraded Linux kernel (3.10) 更新Linux内核3.10 · Additional support for Open Servers hardware 对开放硬件服务器有额外支持 · New file system (xfs) 新文件系统 More than 2TB support per a single storage device 每个单一的存储设备有超过2TB空间 Enlarged systems storage (up to 48T tested) 扩大的系统存储 · I/O related performance improvements I/O程序的相关提升 · Supportof new system tools for debugging, monitoring and configuring the system支持用于调试,监视和配置系统的新系统工具 iotop (provides I/O runtime stats 提供I/O运行时的数据 lsusb (provides information about all devices connected to USB) 提供所有用USB连接的设备 lshw (provides detailed information about all HW) 提供所有有关HW的数据 lsscsi (provides information about storage) 提供存储的有关信息 ps (new version, more counters) 新版本,更多组件 top (new version, more counters) 新版本,更多组件 o iostat (new version, more counters) · Multiple simultaneous sessions in SmartConsole - One administrator canpublish or discard several SmartConsole private sessions, independently of theother sessions. 在智能控制平台中同时有多个会话-一个管理员能公开或丢弃几个智能控制台私有会话,以及独立于其他会话。 · Integration with a Syslog server (previously supported in R77.30) - ASyslog server object can be configured in SmartConsole to send logs to a Syslogserver. 与SYSLOG服务器的一体化(以前在r7730中支持)-一个syslog服务器对象可以在智能控制平台上配置以便将日志发送到syslog服务器
SmartProvisioning 智能服务开通
· Integration with SmartProvisioning (previously supported in R77.30) 智能服务开通的一体化 · Support for the 1400 series appliances 支持1400系列电气用品 · Administrators can now use SmartProvisioning in parallel withSmartConsole vSEC Controller Enhancements 管理者现在可以并联使用智能开通和智能控制平台来增强vsec控制器 · Integration with Google Cloud Platform 谷歌云平台的一体化 · Integration with Cisco ISE 思科ISE的一体化 · Automatic license management with the vSEC Central Licensing utility 使用vsec中央许可实用程序来自动管理 · Monitoring capabilities integrated into SmartView 监视smartview一体化功能 · vSEC Controller support for 41000, 44000, 61000, and 64000 ScalablePlatforms Endpoint Security Server Vsec控制器支持41000,44000,61000和64000可伸缩平台端点安全服务器 Managing features that are included inR77.30.03: 在r773003中的管理特点 · Management of new blades: 管理新特点 SandBlast Agent Anti-Bot 代理反傀儡程序 SandBlast Agent Threat Emulation and Anti-Exploit 代理威胁仿真和反傀儡程序 SandBlast Agent Forensics and Anti-Ransomware 代理鉴证和反傀儡程序 Capsule Docs 胶囊文件 · New features in existing blades: 现有刀片的新特点 Full Disk Encryption 全磁盘的加密 § Offline Mode 线下模式 § Self Help Portal 在线帮助网站 § XTS-AES Encryption 加密 § New options for the Trusted Platform Module (TPM) 可信平台的新选项 § New options for managing Pre-Boot Users 管理用户的新选项 · Media Encryption and Port Protection 媒体加密和端口保护 § New options to configure encrypted container 配置加密容器的新选项 § Optical Media Scan 光学媒体检测 · Anti-Malware 反恶意软件 § Web Protection web 防护 § Advanced Disinfection 高级杀毒 Additional Enhancements 附加增强功能 · HTTPS Inspection support for IPv6 traffic HTTPS检测支持IPV6流量 · Additional cipher suites support for HTTPS inspection 额外的密码套件支持HTTPS的检测 · Improvements in policy installation performance on R80.10 and highergateways with IPS 提高了R80的安装政策性能和更高的网关IPS · Network defined by routes - gateway's topology is automaticallyconfigured based on routing 由路由定义的网络-网关的拓扑是以路由为基础自动配置的 · IPS Domain Purge on Security Management Server - IPS update packages aresaved for 30 days, older packages are purged. IPS域清除安全管理服务器-IPS更新包会被保存30天,更旧的更新包会被清除 · SmartConsole Extensions – an open API platform for extending SmartConsole with third-party and in-house tools and features. 智能扩展平台的扩展-一个开放的API平台对于使用第三方软件扩展智能控制平台和内部工具和功能 · Compressed snapshots - reduced system snapshot size. 压缩快照-降低系统快照型号
