It's been a while since my R70 IPS review so I thought I'd write some details about the 'what happened next'. The short answer is a lot. The Check Point Products Organisation are really pushing forward and shipping us some good toys to play with. All of it useful too.
Lets summarise each release:
R70.1 - Headlines: SmartWorkflow, Link Aggregation
SmartWorkflow was added with the goal of providing better change management within the Check Point SmartDashboard. Essentially, this tool provides better change tracking within SmartView Tracker, ability to run 'diff' style reports on database revisions and the ability to have 'four eyes' review (one engineer makes the change, second engineer installs it) on all security policy changes.
It requires a license to use. The 'SmartWorkflow Blade'. (Just %s/blade/license/g ok??)
Link Aggregation is now offciailly supported on SecurePlatform and all Check Point SecurePlatform-based appliances: the UTM-1 and Power-1 appliance lines. Check Point have had this in the works for some time and it's good to see it make the main-train software. In honesty, the lack of 802.3ad in SecurePlatform has been a major scaleability issue for Power-1 and UTM-1 appliances, forcing the customer to use a Check Point (previously Nokia) IP Platform - or choose another firewall brand.
A Remote Deployment Tool has been added to UTM-1 and Power-1 appliances (not all of them, check the release notes). Essentially, you can load IP address and username/password details onto a USB key and boot with this placed into a Check Point appliance. As the OS boots up it will import and active these so that the device can be reached across the network. A nice touch. Very useful if you've a high number of boxes to ship out, but also if you want an easy way of bringing an appliance backup following a factory default.
SNMP Hardware Monitoring has been added to SecurePlatform and the appliances (except the original UTM-1 xx50s). This uses the IPMI standard to query fan speed, temperature and systems voltages and reports all of this via SNMP and details this in the SecurePlatform Web UI. It can also interact with (from the release notes) the HP P400 raid controller and the Power-1's onboard raid controller in order to report disk health. This addresses another missing feature bringing Check Point appliances, and open server gateways (that is, SecurePlatform installed on your own box - HP, Dell, IBM etc - box) closer to being a 'true' appliance.
LCD Pannel is now more useful on the Power-1/UTM-1 devices. You can use it to set the IP addresses and default gateway of the management interface.
Security Management Enhancements have been added that will genuinely wow anyone that manages a reasonably large security policy (200+ rules, 500+ objects).
The 'where used' feature now allows you to 'jump' to the rules that uses the object rather than close the 'where used' results window and find it yourself.
There is now a 'quick add object' feature that allows you to click on a cell in the rulebase and type in an IP address or object name. The feature displays any matches right away, saving your the effort of scrolling up and down the objects list looking for perhaps an object that doesn't even exist. Top marks for this small, but massively useful feature.
The clone function now works on services, and other object types (woohoo!), you can delete multiple database revisions in a single action, and finally group objects have their members displayed if move-over tool tip.
URL Filtering is now provided by, what looks to be, the Secure Computing Smart Filter OEM (now a McAfee brand since acquisition) and this is not bad thing. It moves Check Point away from using the now Websense owned SurfControl database, which is rapidly becoming end of support since that acquisition, and adds better coverage for Spyware-infected sites which SmartFilter includes as a category and Check Point refer to in their release notes. (Caveat here: I may be utterly wrong).
Something of note here, in my R70.30 SmartDashboard, under the URL Filtering section, only the old (R65+) URL categories are there. No new categories or any UI changes. I'm using eval licenses, with no URL Filtering subscription so I'm going to guess that the new categories appear after a URL Filtering database update. If anyone can verify, do wack me a tweet (you can see the snake eating a bird to the right there? - Yes? Click it).
R70.20
R70.30