NGX R65 Release Notes - Check Point
NGX R65 Release Notes - Check Point
NGX R65 Release Notes - Check Point
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Provider-1/SiteManager-1<br />
28. When installing policy from the MDG using the Assign/ Install Global Policy operation, the<br />
Security Policy is not installed on UTM-1 Edge profiles. Use SmartDashboard to install policy<br />
to UTM-1 Edge profiles.<br />
29. When creating Connectra gateway objects (like other gateway objects, such as VPN-1<br />
Power/UTM, UTM-1 Edge, and InterSpect), be sure to do so using the CMA SmartDashboard.<br />
Defining Connectra objects in Global SmartDashboard is not supported.<br />
Global VPN<br />
30. Simplified VPN Mode Policies cannot work with gateways from versions prior to FP2. You<br />
cannot assign a Global Simplified VPN Mode Policy to a CMA with gateways of version FP2 or<br />
lower.<br />
31. Global VPN Communities do not support shared secret authentication.<br />
32. Only Globally-enabled gateways can participate in Global VPN Communities. Gateway<br />
authentication is automatically defined using the CMA’s Internal Certificate Authority.<br />
Third-party Certificate Authorities are not supported.<br />
33. UTM-1 Edge gateways cannot participate in Global VPN Communities.<br />
34. Currently an external gateway can fetch CRL only according to the FQDN. Therefore, a peer<br />
gateway would fail to fetch a CRL when the primary CMA is down (even if the mirror CMA is<br />
operational). To avoid this scenario, you can change the FQDN to a resolvable DNS name by<br />
executing the following commands:<br />
1. mdsenv <br />
2. Run cpconfig and select the menu item Certificate Authority<br />
35. After enabling a module for global use from the MDG, install a policy on the module or use the<br />
Install Database operation on the management server in order for its VPN domain to be<br />
calculated.<br />
36. When migrating a CMA, all CMAs that participate in a Global VPN Community must be<br />
migrated as well. If you do not migrate all relevant CMAs, it will affect Global Community<br />
functionality and maintenance.<br />
37. A globally enabled gateway can be added to a Global VPN Community from Global<br />
SmartDashboard only through the community object and not from the VPN tab of the object.<br />
38. When a VPN Simplified Mode Global Policy is assigned to a Customer, all of the Customer’s<br />
Security Policies must be VPN Simplified as well.<br />
39. If the Install policy on gateway operation takes place while the MDS is down, the status of this<br />
gateway in the Global VPN Communities view is not updated.<br />
40. When using VPN-1 Power VSX Virtual Systems in Global VPN Communities, the operating<br />
system and version displayed on objects representing Virtual Systems in peer CMAs is<br />
incorrect. This information can be safely ignored.<br />
Global SmartDefense<br />
41. If a Customer is configured for SmartDefense Merge mode, modifications made to the<br />
SmartDefense settings on a SmartCenter Backup server are not preserved after Global Policy is<br />
reassigned to the Customer.<br />
42. Customers subscribed to the Global SmartDefense service also receive updates to the Content<br />
Inspection > File Types list. All newly downloaded file types are by default set to Action type<br />
Scan. The SmartDefense mode assigned to the Customer determines whether any changes the<br />
CMA administrator has made to the File Types list are preserved when Global Policy is<br />
assigned.<br />
VPN-1/FireWall-1 <strong>NGX</strong> <strong>R65</strong> Known Limitations Supplement. Last Update — February 4, 2008 5:37 pm 26