NGX R65 Release Notes - Check Point
NGX R65 Release Notes - Check Point
NGX R65 Release Notes - Check Point
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
UTM-1 Edge<br />
UTM-1 Edge<br />
Upgrade, Revert and Backward Compatibility<br />
1. After a SmartCenter server has been upgraded or copied via the Advanced Upgrade feature,<br />
previously defined UTM-1 Edge devices will not be able to connect to the SmartCenter server,<br />
and the Connection Wizard will generate object non-registered messages. To resolve this issue,<br />
use SmartUpdate to re-install a specific firmware package.<br />
2. To manage UTM-1 Edge devices with an R62 SmartCenter server that was migrated from Nokia<br />
to a different platform, see SecureKnowledge sk30389.<br />
SmartCenter<br />
3. A Sofaware profile will fail to install if a <strong>Check</strong> <strong>Point</strong> gateway has an interface named in and<br />
the Sofaware Reducer is disabled. To resolve this issue, make sure that the Sofaware Reducer is<br />
enabled, or avoid naming <strong>Check</strong> <strong>Point</strong> gateway interfaces as in.<br />
4. Make sure that in the Advanced Permanent Tunnel configuration, the life_sign_timeout attribute<br />
is larger than life_sign_transmitter_interval attribute.<br />
5. UFP settings, CVP settings, and internal network settings of UTM-1 Edge ROBO gateways with<br />
firmware version 5.0 cannot be managed by this version of SmartLSM.<br />
Policy Installation<br />
6. When using the group All VPN-1 Embedded devices defined as Remote Access on the rulebase,<br />
the icon that is defined is wrong and can be safely ignored.<br />
7. In case an object of type Embedded Device exists in the database but is not DNS-resolvable,<br />
installing policy on any Edge devices may operate slowly. To solve the problem, either remove<br />
the Embedded Device object from the database, or make sure the name as exists in the<br />
database is resolvable by DNS on the management machine.<br />
VPN Communities<br />
8. In order for SofawareLoader to create topologies suitable for Sofaware 4.5 appliances, use a<br />
text editor to open the file SofawareLoader.ini, located in the directory<br />
%FWDIR%\FW1_EDGE_BC\conf. In the [Server] section, add the line TopologyOldFormat=1. The<br />
change takes effect without running the commands cpstop and cpstart.<br />
9. UTM-1 Edge devices do not support GRE tunnels, and therefore cannot be included in VPN<br />
Communities that use GRE tunnels.<br />
Other<br />
10. UTM-1 Edge gateways support only regular log tracking. When using other tracking on a rule<br />
that would be installed on such gateways, it is ignored.<br />
11. If, while pushing new firmware to a UTM-1 Edge device, the secondary management has just<br />
failed over, the firmware may not be successfully installed. To resolve this issue, synchronize<br />
the UTM-1 Edge device with the secondary management and run the Push Now operation again.<br />
12. Scanning is performed on archive files of the following types only: zip, gzip, and tar.<br />
13. Only the first 30 HTTP headers or worm patterns defined on UTM-1 Edge devices of version<br />
6.0.x are enforced.<br />
VPN-1/FireWall-1 <strong>NGX</strong> <strong>R65</strong> Known Limitations Supplement. Last Update — February 4, 2008 5:37 pm 38