Check Point Vpn-1/Securemote/Secureclient Version 4.1 SP2 ...
18.07.2012 Views
Share Embed Flag

Check Point Vpn-1/Securemote/Secureclient Version 4.1 SP2 ...

Check Point Vpn-1/Securemote/Secureclient Version 4.1 SP2 ...

Check Point Vpn-1/Securemote/Secureclient Version 4.1 SP2 ...

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
checkpoint

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

SecuRemote/SecureClient<br />

11 Non-Entrust certificates were sometimes considered invalid for as early as 3-4 months before they actually<br />

expired. This was fixed by ignoring the “PrivateKeyUsagePeriod” extension, which in effect allows the private<br />

key to expire before the certificate does. If this extension is important in your environment, you may instruct<br />

SecuRemote to honor it by adding “:check_PrivateKeyUsagePeriod (true)” in the “options” section<br />

of userc.C.<br />

12 There was a problem running alongside Citrix clients. This problem appears to have been solved by Citrix in<br />

their version 4.20.779.<br />

SecureClient specific Bug Fixes<br />

1 Excessive memory consumption (possible application errors) when SecureClient was blocking heavy load of<br />

unauthorized connections.<br />

2 If you logged on to a Policy Server implicitly (during encryption key exchange), then disabling the Security<br />

Policy did not always block the connection that initiated the key exchange. In particular, in the case of FTP,<br />

data connections may have been blocked while the control connection was not blocked.<br />

3 If a Security Policy was lost implicitly, by logging on to a Policy Server with a user not authorized to receive<br />

a Security Policy, then open connections were not blocked.<br />

Platform specific bug fixes<br />

Windows NT specific<br />

1 SecuRemote did not always recognize the need to re-negotiate IKE keys when its IP address changed (e.g.,<br />

disconnect and re-dial).<br />

2 If SDL was enabled, SecureClient’s IP forwarding is enabled dialog appeared too early, interfering with the<br />

logon process.<br />

3 SecuRemote would fail to initialize if the etc/hosts file was read-only (on NTFS).<br />

Windows 9x specific<br />

1 Occasional blue screen if PCI or PCMCIA slots were not functioning.<br />

2 SecuRemote did not always survive Suspend/Standby events. Now, if severe error conditions are encountered,<br />

SecuRemote will automatically be re-launched. It is possible to configure how long SecuRemote waits before<br />

giving up and re-launching, but it should not be necessary. If defaults are not satisfactory, please contact<br />

Technical Support.<br />

Known Limitations<br />

1 SecuRemote has only limited support for environments using multiple hardware profiles. In particular, there<br />

may be DHCP problems on NT, and there may be unexpected behavior on 9x platforms.<br />

2 In some rare cases, DHCP does not function correctly on the first reboot after installation (NT only). In some<br />

even rarer cases, this problem may persist on subsequent boots. If you encounter this problem, please contact<br />

your <strong>Check</strong> <strong>Point</strong> Technical Support.<br />

NTFS permission issues<br />

3 If etc/LMHOST is read-only (NTFS on NT), then the SDL feature will not function properly.<br />

4 SecuRemote will not function correctly in the unlikely event that the directory SecuRemote is installed on<br />

does not grant the interactive user write permissions.<br />

5 For logging to NTFS, you need to make sure the interactive user have write privileges on the log file.<br />

SecureClient specific<br />

6 When a new Security Policy is installed, it will not be applied to existing connections.<br />

7 Even if the Security Policy restricts incoming connections, IKE packets (UDP port 500) will be accepted from<br />

any IP address. SecuRemote will respond to these packets only if they are received from an authorized<br />

source.<br />

8 The Security Policy is applied very early during boot (by means of a service), but some unauthorized packets<br />

may make it through nonetheless.<br />

This applies to protocols that occur very early, for example DHCP.<br />

9 Switching between Policy Servers should be done explicitly. Implicit logon to a Policy Server when already<br />

logged on to some other Policy Server may cause the logon to fail.<br />

10 Some complex services involve opening back connections to the client. In general, a policy of “Outgoing<br />

Only” will prevent these services from running properly. The following complex services are supported with<br />

an Outgoing policy: DHCP, Ping, FTP PORT, FTP PASV, Real Audio (no G2/RTSP), VDOlive.<br />

11 If SecureClient is killed, the policy reverts to “Allow Outgoing and Encrypted”, regardless of the previously<br />

active policy.<br />

12 If you install SecureClient (SecuRemote with Desktop Security), you may receive messages advising you to<br />

logon to a Policy Server, even if no Policy Server is defined. If no Policy Servers are defined, Required Policy<br />

for All Desktops should be set on the management to “No Policy”.<br />

4 VPN-1/SecuRemote/SecureClient <strong>Version</strong> <strong>Version</strong> <strong>4.1</strong> <strong>SP2</strong> - Release Notes

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!