NGX R65 Release Notes - Check Point

More documents

Recommendations

Info

Provider-1/SiteManager-1 28. When installing policy from the MDG using the Assign/ Install Global Policy operation, the Security Policy is not installed on UTM-1 Edge profiles. Use SmartDashboard to install policy to UTM-1 Edge profiles. 29. When creating Connectra gateway objects (like other gateway objects, such as VPN-1 Power/UTM, UTM-1 Edge, and InterSpect), be sure to do so using the CMA SmartDashboard. Defining Connectra objects in Global SmartDashboard is not supported. Global VPN 30. Simplified VPN Mode Policies cannot work with gateways from versions prior to FP2. You cannot assign a Global Simplified VPN Mode Policy to a CMA with gateways of version FP2 or lower. 31. Global VPN Communities do not support shared secret authentication. 32. Only Globally-enabled gateways can participate in Global VPN Communities. Gateway authentication is automatically defined using the CMA’s Internal Certificate Authority. Third-party Certificate Authorities are not supported. 33. UTM-1 Edge gateways cannot participate in Global VPN Communities. 34. Currently an external gateway can fetch CRL only according to the FQDN. Therefore, a peer gateway would fail to fetch a CRL when the primary CMA is down (even if the mirror CMA is operational). To avoid this scenario, you can change the FQDN to a resolvable DNS name by executing the following commands: 1. mdsenv 2. Run cpconfig and select the menu item Certificate Authority 35. After enabling a module for global use from the MDG, install a policy on the module or use the Install Database operation on the management server in order for its VPN domain to be calculated. 36. When migrating a CMA, all CMAs that participate in a Global VPN Community must be migrated as well. If you do not migrate all relevant CMAs, it will affect Global Community functionality and maintenance. 37. A globally enabled gateway can be added to a Global VPN Community from Global SmartDashboard only through the community object and not from the VPN tab of the object. 38. When a VPN Simplified Mode Global Policy is assigned to a Customer, all of the Customer’s Security Policies must be VPN Simplified as well. 39. If the Install policy on gateway operation takes place while the MDS is down, the status of this gateway in the Global VPN Communities view is not updated. 40. When using VPN-1 Power VSX Virtual Systems in Global VPN Communities, the operating system and version displayed on objects representing Virtual Systems in peer CMAs is incorrect. This information can be safely ignored. Global SmartDefense 41. If a Customer is configured for SmartDefense Merge mode, modifications made to the SmartDefense settings on a SmartCenter Backup server are not preserved after Global Policy is reassigned to the Customer. 42. Customers subscribed to the Global SmartDefense service also receive updates to the Content Inspection > File Types list. All newly downloaded file types are by default set to Action type Scan. The SmartDefense mode assigned to the Customer determines whether any changes the CMA administrator has made to the File Types list are preserved when Global Policy is assigned. VPN-1/FireWall-1 NGX R65 Known Limitations Supplement. Last Update — February 4, 2008 5:37 pm 26
Provider-1/SiteManager-1 SmartUpdate 43. Firmware packages cannot be deleted from the SmartUpdate repository. In order to delete packages, use the utility mds_delete_firmware. 44. When using the MDG’s SmartUpdate view, packages are added to the SmartUpdate repository of the MDS to which the MDG is connected. When in a Multi-MDS environment, make sure that each SmartUpdate package is added to each MDS individually. When adding SofaWare firmware packages in such an environment, a package added to one MDS will appear to have been added to all other MDSs. In this case as well, make sure that each firmware package is added to each MDS individually. 45. After detaching a Central license from a CMA using the SmartUpdate view, the license remains in the License Repository, and therefore cannot be added again to the CMA from the MDG General view. To add it again, reattach the license using SmartUpdate. 46. SmartUpdate packages cannot be added to the MDS Package repository if no CMAs are defined. Before populating an MDS's SmartUpdate repository with packages, define at least one CMA. SmartPortal 47. When using Management High Availability (between a SmartCenter server and either a CMA or an MDS), change over may not succeed when SmartPortal is connected in Read/Write mode. To resolve this issue, do one of the following: • Only allow access from SmartPortal to Read-only administrators • Disconnect Read/Write SmartPortal clients from SmartView Monitor Status Monitoring 48. A CMA will report the status Waiting until it is started for the first time. 49. In a CMA High Availability configuration, the High Availability synchronization status in the MDG may contain inconsistent values if valid licenses have not been installed. If this is the case, the synchronization status should be ignored. In order to operate, however, all CMAs must have valid licenses. 50. SmartView Monitor displays invalid statuses when connecting to a CLM. To view Customer statuses using SmartView Monitor, connect to a CMA. Eventia Reporter 51. As Eventia Reporter data is not synchronized on multiple MDSs in High Availability configurations, Eventia Reporter should be set to work with just one MDS. To do so, install the Eventia Reporter Add-on on one MDS only, and log into this MDS whenever using the Eventia Reporter client. 52. You must log into the Eventia Reporter client using a Provider-1 Superuser administrator account, or a Customer Superuser administrator account. Other administrator types are not supported. 53. Only one Eventia Reporter server is supported. Do not define more than one Eventia Reporter server in Global SmartDashboard. 54. For Eventia Reporter to function properly, all Customers must have a Global Policy assigned to them. If a Customer has not been assigned a Global Policy, all reports generated for this Customer will fail with the following error: Could not retrieve CMA for customer . CMA is either stopped or standby. VPN-1/FireWall-1 NGX R65 Known Limitations Supplement. Last Update — February 4, 2008 5:37 pm 27
Page 1 and 2: Check Point NGX R65 Known Limitatio
Page 3 and 4: ClusterXL ClusterXL In This Section
Page 5 and 6: ClusterXL 2. Performing an SNMP que
Page 7 and 8: ClusterXL Platform Specific — Sol
Page 9 and 10: ClusterXL 39. The following Web Int
Page 11 and 12: Endpoint Security Endpoint Security
Page 13 and 14: Endpoint Security 18. Endpoint Secu
Page 15 and 16: Eventia Suite 15. To upgrade a dist
Page 17 and 18: Firewall 5. The name of the install
Page 19 and 20: Firewall 31. In a cluster environme
Page 21 and 22: Firewall SecureClient 56. Policy in
Page 23 and 24: Provider-1/SiteManager-1 3. After u
Page 25: Provider-1/SiteManager-1 In additio
Page 29 and 30: SecureXL SecureXL In This Section G
Page 31 and 32: SmartCenter Server SmartCenter Serv
Page 33 and 34: SmartCenter Server Policy Installat
Page 35 and 36: SmartPortal Platform Specific - Nok
Page 37 and 38: SmartUpdate Miscellaneous 11. When
Page 39 and 40: VPN VPN VPN Communities 1. When man
Page 41 and 42: VPN-1 Power VSX 27. When connecting

NGX R65 Release Notes - Check Point

Create successful ePaper yourself

Delete template?

Save as template?