NGX R65 Release Notes - Check Point
NGX R65 Release Notes - Check Point
NGX R65 Release Notes - Check Point
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
SecureXL<br />
Platform Specific — Solaris<br />
8. On Solaris platforms, Performance Pack does not support the following types of interfaces<br />
• VLAN and virtual interfaces<br />
• bge, dmfe and skge interfaces<br />
Accelerated Features<br />
9. When flows are enabled, full sanity checks are performed for flowed (accelerated) connections<br />
for the IP layer. No sanity checks are performed on the UDP or TCP layer of flowed packets.<br />
The workaround is to disable flows.<br />
10. SmartView Monitor gets updates for every connection from SecureXL once every 30 seconds.<br />
Because of the difference between the SecureXL update interval and the SmartView Monitor<br />
update interval, you might not get a smooth line even when monitoring constant rate<br />
connection.<br />
This phenomenon is negligible when monitoring real life traffic that has many connections that<br />
open and close at random. Regardless of the number of connections, over a significant period<br />
of time, the average of the total number of monitored traffic, will be monitored accurately.<br />
11. The SmartDefense protection PPTP Enforcement does not allow acceleration of the GRE protocol<br />
over PPTP when enabled. In order to accelerate the GRE protocol over PPTP, disable this<br />
protection (on the SmartDefense tab, select Application Intelligence > VPN Protocols > PPTP<br />
Enforcement).<br />
Unsupported Features<br />
12. Fingerprint Scrambling causes a negative impact on performance. ISN Spoofing disables TCP<br />
templates, and TTL and IPID cause traffic to be handled by the firewall module only.<br />
13. The NetQuotas feature is not supported with SecureXL.<br />
14. The Overlapping NAT feature is not supported with SecureXL.<br />
15. WISP redundancy has the following limitations when working with SecureXL:<br />
• Connections passing through interfaces configured with ISP redundancy are not<br />
accelerated. Other connections (for example, an internal connection to a DMZ) are<br />
accelerated and are not affected by this limitation.<br />
• ISP redundancy over PPTP and PPPoE interfaces is not supported.<br />
16. When configuring Remote Access > Office Mode on a gateway that has multiple external<br />
interfaces with SecureXL enabled, make sure that Support connectivity enhancement for gateways<br />
with multiple external interfaces is checked.<br />
17. When SecureClient is connected to a <strong>Check</strong> <strong>Point</strong> gateway with two external interfaces and the<br />
connected interface goes down, SecureClient will lose connectivity. In order to resume<br />
connectivity, the user needs to disconnect and reconnect.<br />
18. Performance Pack does not support source-based routing.<br />
Unsupported Products<br />
19. <strong>Check</strong> <strong>Point</strong> QoS is not supported with SecureXL.<br />
20. PPTP and PPPoE interfaces are not supported by Performance Pack in configurations where<br />
NAT and/or VPN are used.<br />
VPN-1/FireWall-1 <strong>NGX</strong> <strong>R65</strong> Known Limitations Supplement. Last Update — February 4, 2008 5:37 pm 30