Secureclient NG with Application Intelligence R56 - Check Point
Secureclient NG with Application Intelligence R56 - Check Point
Secureclient NG with Application Intelligence R56 - Check Point
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
General<br />
<strong>Check</strong> <strong>Point</strong>® VPN-1 SecuRemote/<br />
SecureClient <strong>NG</strong> <strong>with</strong> <strong>Application</strong><br />
<strong>Intelligence</strong> <strong>R56</strong><br />
Desktop_HF_<strong>R56</strong>_01<br />
Release Notes<br />
August 12, 2004<br />
IMPORTANT<br />
<strong>Check</strong> <strong>Point</strong> recommends that customers stay up-to-date <strong>with</strong> the latest<br />
service packs, HFAs and versions of security products, as they contain<br />
security enhancements and protection against new and changing attacks.<br />
In This Section<br />
General page 1<br />
Security Enhancements page 1<br />
Supported Platforms and Versions page 2<br />
Uninstallation page 2<br />
Resolved Issues in Desktop_HF_<strong>R56</strong>_01 page 2<br />
Thank you for using <strong>Check</strong> <strong>Point</strong> VPN-1 SecuRemote/SecureClient Next Generation<br />
<strong>with</strong> <strong>Application</strong> <strong>Intelligence</strong> <strong>R56</strong> DESKTOP_HF_<strong>R56</strong>_01. The Hotfix<br />
DESKTOP_HF_<strong>R56</strong>_01 contains fixes for SecuRemote/SecureClient products. Please read<br />
this document carefully to decide if you should install <strong>Check</strong> <strong>Point</strong> VPN-1 SecuRemote/<br />
SecureClient <strong>NG</strong> <strong>with</strong> <strong>Application</strong> <strong>Intelligence</strong> <strong>R56</strong> Desktop_HF_<strong>R56</strong>_01 on your system.<br />
<strong>Check</strong> <strong>Point</strong> VPN-1 SecuRemote/SecureClient <strong>NG</strong> <strong>with</strong> <strong>Application</strong> <strong>Intelligence</strong><br />
Desktop_HF_<strong>R56</strong>_01 can be installed <strong>with</strong>out removing <strong>Check</strong> <strong>Point</strong> VPN-1<br />
SecuRemote/SecureClient <strong>NG</strong> <strong>with</strong> <strong>Application</strong> <strong>Intelligence</strong> <strong>R56</strong>. In addition,<br />
Desktop_HF_<strong>R56</strong>_01 can be installed <strong>with</strong>out a preceding package being present.<br />
Security Enhancements<br />
Desktop_HF_<strong>R56</strong>_01 contains the following security enhancements:<br />
• A vulnerability in ASN.1 has been discovered affecting <strong>Check</strong> <strong>Point</strong> VPN-1 products<br />
during IKE negotiations of a VPN tunnel which may cause a buffer overrun. <strong>Check</strong><br />
<strong>Point</strong> Software customers who do not use Remote Access VPNs or gateway-togatewayVPNs,<br />
are NOT affected by this vulnerability.
Supported Platforms and Versions<br />
Supported Platforms<br />
• Windows XP Home/Professional (initial release, SP1, SP2)<br />
• Windows XP Tablet PC Edition<br />
• Windows 2000 Professional/Server/Advanced Server (SP1,SP2,SP3,SP4)<br />
• Windows 2003 Server<br />
Note - If you are working <strong>with</strong> Window XP SP2, and also using IBM Access Connection software,<br />
SecuRemote/SecureClient connections that employ both office mode and visitor mode may fail.<br />
Supported Versions<br />
Desktop_HF_<strong>R56</strong>_01 can be installed on top of <strong>Check</strong> <strong>Point</strong> VPN-1 SecuRemote/<br />
SecureClient <strong>NG</strong> <strong>with</strong> <strong>Application</strong> <strong>Intelligence</strong> <strong>R56</strong>. There are separate hotfixes for:<br />
• Compact view package<br />
• Extended view package<br />
Uninstallation<br />
DESKTOP_HFA_<strong>R56</strong>_01 cannot be uninstalled. To revert to a previous version, use the<br />
Windows Add Remove Programs option to completely remove <strong>Check</strong> <strong>Point</strong> VPN-1<br />
SecuRemote/SecureClient from the system, then reinstall it.<br />
Resolved Issues in Desktop_HF_<strong>R56</strong>_01<br />
<strong>R56</strong>_01 Description of Resolved Issue Comments<br />
<strong>R56</strong>_01_1 When connecting using a dialup (“Use Dialup” is checked in<br />
Connect Dialog) and SDL, the dialup connection is not closed<br />
when disconnecting from the VPN gateway. Now when the VPN<br />
connection is closed, the dialup connection is closed as well.<br />
<strong>R56</strong>_01_2 Occasional crashes of SR_SERVICE (the service of<br />
SecuRemote/SecureClient) when the computer is shutdown or<br />
restarted.<br />
<strong>R56</strong>_01_3 Renewing a certificate failed when an unresolvable site name was<br />
entered during the site creation process.<br />
<strong>R56</strong>_01_4<br />
<strong>R56</strong>_01_5<br />
Various issues when using the Secure Authentication API (SAA)<br />
to integrate 3rd party software <strong>with</strong> SecureClient.<br />
When connecting to a Nokia VPN gateway <strong>with</strong> a Viper III<br />
acceleration card, fragmented packets are not passed. As a result,<br />
users experienced difficulties in working over the VPN tunnel.<br />
<strong>Check</strong> <strong>Point</strong> <strong>NG</strong> <strong>with</strong> <strong>Application</strong> <strong>Intelligence</strong> <strong>R56</strong> (<strong>R56</strong>_HF_01) Release Notes. Last Update — August 12, 2004 2
<strong>R56</strong>_01 Description of Resolved Issue Comments<br />
<strong>R56</strong>_01_6<br />
<strong>R56</strong>_01_7<br />
<strong>R56</strong>_01_8<br />
<strong>R56</strong>_01_9<br />
<strong>R56</strong>_01_10<br />
In SmartCenter > Global Properties > Remote Access ><br />
Authentication Timeout, when Use default value was<br />
checked, the user password on the client was valid for a<br />
connection duration of 24 hours at most. The user’s password is<br />
now valid for the duration of the connection. No popup messages<br />
appear requesting re-authentication.<br />
Windows Roaming Profiles were not supported by SDL. Now<br />
they are supported.<br />
When working in Office Mode, the client could not resolve DNS<br />
names that were dynamically updated in the domain. Now there<br />
is support of DNS dynamic updates when Office Mode is<br />
enabled.<br />
Before using RSA SoftID the administrator needed to add the<br />
attribute support_rsa_soft_tokens to userc.c and set its<br />
value to TRUE. Now there is no need to add the attribute to<br />
userc.c.<br />
When installing a software using a software distribution agent on<br />
a computer that is using the SecureClient SDL feature, there was<br />
no automatic way to avoid the SDL logon dialog. This limitation<br />
caused the new software installation to fail. Now a timeout on<br />
the DSL logon dialog can be set by changing the value of<br />
sdl_main_user_timout in userc.c to the desired timeout in<br />
milliseconds.<br />
<strong>Check</strong> <strong>Point</strong> <strong>NG</strong> <strong>with</strong> <strong>Application</strong> <strong>Intelligence</strong> <strong>R56</strong> (<strong>R56</strong>_HF_01) Release Notes. Last Update — August 12, 2004 3