Documentation Index

Fetch the complete documentation index at: https://support.perimeter81.com/llms.txt

Use this file to discover all available pages before exploring further.

May

New
  • Published on Jun 3, 2026
  • 2 minute(s) read
  • R
 Prev Next

Early Availability

Role Sync & Multiple Roles
Once enabled, user roles in Check Point SASE are synchronized automatically from the Check Point portal. Role changes made in the portal reflect in SASE in real time, and users assigned to multiple groups in the portal have all their roles applied in SASE, with permissions aggregated across them.

Note -

Once enabled, role management from within Check Point SASE is no longer available. Role upgrades must be performed in the Check Point portal. Members can still be added individually or through an identity provider (IdP) as the User role.

New Features

  • Internet Access Dashboard – General Availability (GA)
    The Internet Access Dashboard is now generally available, giving administrators a consolidated view of web filtering and threat prevention activity. It surfaces license utilization, blocked web events, blocked incidents, top blocked web categories, top blocked malware types, and the users generating the most blocked traffic. You can filter the data for the last 24 hours, 7 days, or 30 days.

    For more information, see Internet Access Dashboard.

  • Private DNS per Domain – General Availability (GA)
    Administrators can now restrict private DNS resolution to an explicit list of domains, configurable per network with regional override. Queries that match the configured domain list, including exact names or wildcards, resolve through the private DNS servers, while all other queries continue to use public DNS. Optional fallback to public DNS on failure is supported. For more information, see Private DNS.

  • Split Tunnel Subnet Exceptions – General Availability (GA)
    Split Tunnel Subnet Exceptions are now generally available. Administrators can define exceptions for included subnets by using specific IP addresses or CIDR ranges when using split tunnelling in Include mode. This enables granular routing control by explicitly excluding selected traffic from the tunnel.

    Minimum agent version: 12.7.

  • Updatable Objects for Internet Access – General Availability (GA)
    Updatable Objects are now generally available in Internet Access policies. Administrators can reference dynamically updated address objects in Internet Access rules so that policies stay current without manual maintenance.

Enhancements

  • Agent Uninstall Control – General Availability (GA)
    The User Profiles toggle that controls agent uninstall permissions is now generally available. Administrators can allow or block agent uninstall independently of sign-out through a dedicated toggle in User Profiles.

  • Tenant Restrictions – Logs for Failed SaaS Sign-ins
    Tenant Restrictions now generates log entries when a user attempts to sign in to a software-as-a-service (SaaS) application by using an account that does not belong to an allowed tenant. Each blocked attempt captures the user identity, application name, restricted domain, URL category, applicable policy rule, and action taken. This gives administrators full visibility into blocked SaaS access attempts for Microsoft 365 and Google Workspace. For more information, see Tenant Restriction Logs.

  • HTTPS Inspection – Policy Logging
    Administrators can now enable logging on HTTPS Inspection policy rules. This provides visibility into inspected and bypassed encrypted traffic for audit, troubleshooting, and compliance.