NGX R65 Release Notes - Check Point

More documents

Recommendations

Info

UTM-1 Edge UTM-1 Edge Upgrade, Revert and Backward Compatibility 1. After a SmartCenter server has been upgraded or copied via the Advanced Upgrade feature, previously defined UTM-1 Edge devices will not be able to connect to the SmartCenter server, and the Connection Wizard will generate object non-registered messages. To resolve this issue, use SmartUpdate to re-install a specific firmware package. 2. To manage UTM-1 Edge devices with an R62 SmartCenter server that was migrated from Nokia to a different platform, see SecureKnowledge sk30389. SmartCenter 3. A Sofaware profile will fail to install if a Check Point gateway has an interface named in and the Sofaware Reducer is disabled. To resolve this issue, make sure that the Sofaware Reducer is enabled, or avoid naming Check Point gateway interfaces as in. 4. Make sure that in the Advanced Permanent Tunnel configuration, the life_sign_timeout attribute is larger than life_sign_transmitter_interval attribute. 5. UFP settings, CVP settings, and internal network settings of UTM-1 Edge ROBO gateways with firmware version 5.0 cannot be managed by this version of SmartLSM. Policy Installation 6. When using the group All VPN-1 Embedded devices defined as Remote Access on the rulebase, the icon that is defined is wrong and can be safely ignored. 7. In case an object of type Embedded Device exists in the database but is not DNS-resolvable, installing policy on any Edge devices may operate slowly. To solve the problem, either remove the Embedded Device object from the database, or make sure the name as exists in the database is resolvable by DNS on the management machine. VPN Communities 8. In order for SofawareLoader to create topologies suitable for Sofaware 4.5 appliances, use a text editor to open the file SofawareLoader.ini, located in the directory %FWDIR%\FW1_EDGE_BC\conf. In the [Server] section, add the line TopologyOldFormat=1. The change takes effect without running the commands cpstop and cpstart. 9. UTM-1 Edge devices do not support GRE tunnels, and therefore cannot be included in VPN Communities that use GRE tunnels. Other 10. UTM-1 Edge gateways support only regular log tracking. When using other tracking on a rule that would be installed on such gateways, it is ignored. 11. If, while pushing new firmware to a UTM-1 Edge device, the secondary management has just failed over, the firmware may not be successfully installed. To resolve this issue, synchronize the UTM-1 Edge device with the secondary management and run the Push Now operation again. 12. Scanning is performed on archive files of the following types only: zip, gzip, and tar. 13. Only the first 30 HTTP headers or worm patterns defined on UTM-1 Edge devices of version 6.0.x are enforced. VPN-1/FireWall-1 NGX R65 Known Limitations Supplement. Last Update — February 4, 2008 5:37 pm 38
VPN VPN VPN Communities 1. When managing SmartLSM ROBO gateways some of which are VPN-1 -enabled from a standalone machine, the policy fetch operation may not succeed once VPN has been established between the standalone and the ROBO gateway in question. In order to overcome this issue, you should add the CPD service as an excluded service for each of the communities which have SmartLSM ROBO profiles. To do this, a. Open the community object. b. In the Advanced Setting tab, choose the Excluded Services tab and add the CPD as excluded service. VPN-1 Power VSX In This Section Miscellaneous page 39 Provider-1/SiteManager-1 page 39 SmartCenter page 40 SmartDashboard page 40 Policy Installation page 40 VSX NG AI Management Issues page 40 VSX ClusterXL page 41 Platform Specific — Nokia page 41 Miscellaneous 1. When working with a non-dedicated management interface, you cannot add new members to an existing VSX cluster using the vsx_util command. 2. On a VSX NG AI Release 2.2 (Nokia) cluster/gateway, SecureClient connections are dropped during policy installation. 3. Upgrading to R65 is not support for Nokia VSX. Provider-1/SiteManager-1 4. Make sure that the IP address of the management object is set before running vsx_util or creating any Virtual Devices. 5. When attempting to delete a Virtual Device from a CMA, and the CMA database on which the VSX is defined is locked, the operation will fail, and an error message will be displayed. This is the proper behavior. However, this operation also causes the Virtual Device to disappear from the Tree view. To resolve this issue, restart SmartDashboard. 6. If the VSX Wizard fails, and changes need to be made to the defined configuration, avoid re-fetching the configuration from the modules. This means that if you move back to the SIC establishment dialog and click Next, you should reply NO to the question regarding re-fetching the configuration from the VSX gateway(s). VPN-1/FireWall-1 NGX R65 Known Limitations Supplement. Last Update — February 4, 2008 5:37 pm 39
Page 1 and 2: Check Point NGX R65 Known Limitatio
Page 3 and 4: ClusterXL ClusterXL In This Section
Page 5 and 6: ClusterXL 2. Performing an SNMP que
Page 7 and 8: ClusterXL Platform Specific — Sol
Page 9 and 10: ClusterXL 39. The following Web Int
Page 11 and 12: Endpoint Security Endpoint Security
Page 13 and 14: Endpoint Security 18. Endpoint Secu
Page 15 and 16: Eventia Suite 15. To upgrade a dist
Page 17 and 18: Firewall 5. The name of the install
Page 19 and 20: Firewall 31. In a cluster environme
Page 21 and 22: Firewall SecureClient 56. Policy in
Page 23 and 24: Provider-1/SiteManager-1 3. After u
Page 25 and 26: Provider-1/SiteManager-1 In additio
Page 27 and 28: Provider-1/SiteManager-1 SmartUpdat
Page 29 and 30: SecureXL SecureXL In This Section G
Page 31 and 32: SmartCenter Server SmartCenter Serv
Page 33 and 34: SmartCenter Server Policy Installat
Page 35 and 36: SmartPortal Platform Specific - Nok
Page 37: SmartUpdate Miscellaneous 11. When
Page 41 and 42: VPN-1 Power VSX 27. When connecting

NGX R65 Release Notes - Check Point

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?