NGX R65 Release Notes - Check Point

More documents

Recommendations

Info

SecureXL Platform Specific — Solaris 8. On Solaris platforms, Performance Pack does not support the following types of interfaces • VLAN and virtual interfaces • bge, dmfe and skge interfaces Accelerated Features 9. When flows are enabled, full sanity checks are performed for flowed (accelerated) connections for the IP layer. No sanity checks are performed on the UDP or TCP layer of flowed packets. The workaround is to disable flows. 10. SmartView Monitor gets updates for every connection from SecureXL once every 30 seconds. Because of the difference between the SecureXL update interval and the SmartView Monitor update interval, you might not get a smooth line even when monitoring constant rate connection. This phenomenon is negligible when monitoring real life traffic that has many connections that open and close at random. Regardless of the number of connections, over a significant period of time, the average of the total number of monitored traffic, will be monitored accurately. 11. The SmartDefense protection PPTP Enforcement does not allow acceleration of the GRE protocol over PPTP when enabled. In order to accelerate the GRE protocol over PPTP, disable this protection (on the SmartDefense tab, select Application Intelligence > VPN Protocols > PPTP Enforcement). Unsupported Features 12. Fingerprint Scrambling causes a negative impact on performance. ISN Spoofing disables TCP templates, and TTL and IPID cause traffic to be handled by the firewall module only. 13. The NetQuotas feature is not supported with SecureXL. 14. The Overlapping NAT feature is not supported with SecureXL. 15. WISP redundancy has the following limitations when working with SecureXL: • Connections passing through interfaces configured with ISP redundancy are not accelerated. Other connections (for example, an internal connection to a DMZ) are accelerated and are not affected by this limitation. • ISP redundancy over PPTP and PPPoE interfaces is not supported. 16. When configuring Remote Access > Office Mode on a gateway that has multiple external interfaces with SecureXL enabled, make sure that Support connectivity enhancement for gateways with multiple external interfaces is checked. 17. When SecureClient is connected to a Check Point gateway with two external interfaces and the connected interface goes down, SecureClient will lose connectivity. In order to resume connectivity, the user needs to disconnect and reconnect. 18. Performance Pack does not support source-based routing. Unsupported Products 19. Check Point QoS is not supported with SecureXL. 20. PPTP and PPPoE interfaces are not supported by Performance Pack in configurations where NAT and/or VPN are used. VPN-1/FireWall-1 NGX R65 Known Limitations Supplement. Last Update — February 4, 2008 5:37 pm 30
SmartCenter Server SmartCenter Server In This Section Upgrade, Backout and Backward Compatibility page 31 Policy Installation page 33 SmartConsole Applications page 33 Logging page 34 SmartCenter High Availability page 34 SmartDirectory page 34 User Management page 34 Trust Establishment page 34 OSE page 34 Platform Specific - Nokia page 35 Platform Specific - Windows page 35 Upgrade, Backout and Backward Compatibility 1. When using the Upgrade Export and Import utilities on the Windows platform, the machine should be connected to the network. Alternatively, a connector can be used to simulate a connection. Refer to SecureKnowledge solution sk19840 for more information regarding how to simulate a network connection during an upgrade. 2. When upgrading with a duplicate machine whose IP address differs from the original IP address of the SmartCenter server, if Central licenses are used, they should be updated to the new IP address. This can be done via the User Center at http://usercenter.checkpoint.com, by choosing the action License > Move IP > Activate Support and Subscription. 3. When using the Upgrade Export and Import utilities, if a specific product should fail to install, the entire operation will fail, with the exception of these products: • SmartView Reporter • SmartView Monitor • SecureXL • UserAuthority Server Failure importing and/or exporting of these products will not cause the entire import/export operation to fail. Use the log file of the import/export operation to understand what caused the problem and fix it. The log file is located at: Windows: C:\program files\checkpoint\CPInstLog Unix: /opt/CPInstLog 4. When upgrading a Log Server, always choose to upgrade and ignore the other options (to export the configuration or to perform pre-upgrade verifications). These options are irrelevant for Log Server upgrades. Also, the backwards compatibility (BC) package is installed on every Log Server. It can be safely removed, as it is not in use on a Log Server. VPN-1/FireWall-1 NGX R65 Known Limitations Supplement. Last Update — February 4, 2008 5:37 pm 31
Page 1 and 2: Check Point NGX R65 Known Limitatio
Page 3 and 4: ClusterXL ClusterXL In This Section
Page 5 and 6: ClusterXL 2. Performing an SNMP que
Page 7 and 8: ClusterXL Platform Specific — Sol
Page 9 and 10: ClusterXL 39. The following Web Int
Page 11 and 12: Endpoint Security Endpoint Security
Page 13 and 14: Endpoint Security 18. Endpoint Secu
Page 15 and 16: Eventia Suite 15. To upgrade a dist
Page 17 and 18: Firewall 5. The name of the install
Page 19 and 20: Firewall 31. In a cluster environme
Page 21 and 22: Firewall SecureClient 56. Policy in
Page 23 and 24: Provider-1/SiteManager-1 3. After u
Page 25 and 26: Provider-1/SiteManager-1 In additio
Page 27 and 28: Provider-1/SiteManager-1 SmartUpdat
Page 29: SecureXL SecureXL In This Section G
Page 33 and 34: SmartCenter Server Policy Installat
Page 35 and 36: SmartPortal Platform Specific - Nok
Page 37 and 38: SmartUpdate Miscellaneous 11. When
Page 39 and 40: VPN VPN VPN Communities 1. When man
Page 41 and 42: VPN-1 Power VSX 27. When connecting

NGX R65 Release Notes - Check Point

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?