Secureclient NG with Application Intelligence R56 - Check Point

General 

Check Point® VPN-1 SecuRemote/ 

SecureClient NG with Application 

Intelligence R56 

Desktop_HF_R56_01 

Release Notes 

August 12, 2004 

IMPORTANT 

Check Point recommends that customers stay up-to-date with the latest 

service packs, HFAs and versions of security products, as they contain 

security enhancements and protection against new and changing attacks. 

In This Section 

General page 1 

Security Enhancements page 1 

Supported Platforms and Versions page 2 

Uninstallation page 2 

Resolved Issues in Desktop_HF_R56_01 page 2 

Thank you for using Check Point VPN-1 SecuRemote/SecureClient Next Generation 

with Application Intelligence R56 DESKTOP_HF_R56_01. The Hotfix 

DESKTOP_HF_R56_01 contains fixes for SecuRemote/SecureClient products. Please read 

this document carefully to decide if you should install Check Point VPN-1 SecuRemote/ 

SecureClient NG with Application Intelligence R56 Desktop_HF_R56_01 on your system. 

Check Point VPN-1 SecuRemote/SecureClient NG with Application Intelligence 

Desktop_HF_R56_01 can be installed without removing Check Point VPN-1 

SecuRemote/SecureClient NG with Application Intelligence R56. In addition, 

Desktop_HF_R56_01 can be installed without a preceding package being present. 

Security Enhancements 

Desktop_HF_R56_01 contains the following security enhancements: 

• A vulnerability in ASN.1 has been discovered affecting Check Point VPN-1 products 

during IKE negotiations of a VPN tunnel which may cause a buffer overrun. Check 

Point Software customers who do not use Remote Access VPNs or gateway-togatewayVPNs, 

are NOT affected by this vulnerability.

Supported Platforms and Versions 

Supported Platforms 

• Windows XP Home/Professional (initial release, SP1, SP2) 

• Windows XP Tablet PC Edition 

• Windows 2000 Professional/Server/Advanced Server (SP1,SP2,SP3,SP4) 

• Windows 2003 Server 

Note - If you are working with Window XP SP2, and also using IBM Access Connection software, 

SecuRemote/SecureClient connections that employ both office mode and visitor mode may fail. 

Supported Versions 

Desktop_HF_R56_01 can be installed on top of Check Point VPN-1 SecuRemote/ 

SecureClient NG with Application Intelligence R56. There are separate hotfixes for: 

• Compact view package 

• Extended view package 

Uninstallation 

DESKTOP_HFA_R56_01 cannot be uninstalled. To revert to a previous version, use the 

Windows Add Remove Programs option to completely remove Check Point VPN-1 

SecuRemote/SecureClient from the system, then reinstall it. 

Resolved Issues in Desktop_HF_R56_01 

R56_01 Description of Resolved Issue Comments 

R56_01_1 When connecting using a dialup (“Use Dialup” is checked in 

Connect Dialog) and SDL, the dialup connection is not closed 

when disconnecting from the VPN gateway. Now when the VPN 

connection is closed, the dialup connection is closed as well. 

R56_01_2 Occasional crashes of SR_SERVICE (the service of 

SecuRemote/SecureClient) when the computer is shutdown or 

restarted. 

R56_01_3 Renewing a certificate failed when an unresolvable site name was 

entered during the site creation process. 

R56_01_4 


Various issues when using the Secure Authentication API (SAA) 

to integrate 3rd party software with SecureClient. 

When connecting to a Nokia VPN gateway with a Viper III 

acceleration card, fragmented packets are not passed. As a result, 

users experienced difficulties in working over the VPN tunnel. 

Check Point NG with Application Intelligence R56 (R56_HF_01) Release Notes. Last Update — August 12, 2004 2

R56_01 Description of Resolved Issue Comments 






In SmartCenter > Global Properties > Remote Access > 

Authentication Timeout, when Use default value was 

checked, the user password on the client was valid for a 

connection duration of 24 hours at most. The user’s password is 

now valid for the duration of the connection. No popup messages 

appear requesting re-authentication. 

Windows Roaming Profiles were not supported by SDL. Now 

they are supported. 

When working in Office Mode, the client could not resolve DNS 

names that were dynamically updated in the domain. Now there 

is support of DNS dynamic updates when Office Mode is 

enabled. 

Before using RSA SoftID the administrator needed to add the 

attribute support_rsa_soft_tokens to userc.c and set its 

value to TRUE. Now there is no need to add the attribute to 

userc.c. 

When installing a software using a software distribution agent on 

a computer that is using the SecureClient SDL feature, there was 

no automatic way to avoid the SDL logon dialog. This limitation 

caused the new software installation to fail. Now a timeout on 

the DSL logon dialog can be set by changing the value of 

sdl_main_user_timout in userc.c to the desired timeout in 

milliseconds. 

Check Point NG with Application Intelligence R56 (R56_HF_01) Release Notes. Last Update — August 12, 2004 3

Secureclient NG with Application Intelligence R56 - Check Point

Create successful ePaper yourself

Delete template?

Save as template?