NGX R65 Release Notes - Check Point

More documents

Recommendations

Info

VPN-1 Power VSX SmartCenter 7. To establish trust with newly created Virtual Devices, the IP address of the management server must be routable from the VSX gateway. When a management server has more then one interface, make sure to select the IP address of the proper interface to serve as the management server's IP address. 8. The Install Database operation is not supported on Virtual Devices. 9. The Policy Uninstall operation is not supported on VSX clusters. SmartDashboard 10. After creating a VSX gateway or cluster, its IP address cannot be changed. 11. The name of a Virtual Device should not exceed 64 characters. In cluster scenarios, the Member Virtual Device name is a composite of the Member name and the Cluster Virtual Device name. This could result in a Virtual Device name which contains more than 64 characters. 12. After resetting the SIC for a VSX gateway or cluster member, reinstall policy. 13. When adding NATed addresses to the topology of a Virtual System, only address ranges are supported. To add a single IP address or an IP subnet, define it as an address range. 14. Editing the name of the VSX management interface is not supported. 15. When editing a VSX gateway or cluster object using the Creation Templates tab, you can only switch to a Customized Virtual System. Please note that this act is irreversible. 16. Propagating routes from Virtual Routers to Virtual Systems is not supported. 17. When using the vsx_util reconfigure command line utility to reconfigure a VSX gateway, the SIC status of the network object does not change to Communicating. While this will result in warnings regarding trust establishment on VS/VR for this specific object, the messages can be safely ignored. 18. When configuring a host object as a Web Server in a deployment that contains configured Virtual Systems, on the Web Server tab, set the Protected by field to contain targets that do not include Virtual Systems. 19. When defining NAT routes on the Topology tab of the Virtual System, insert two IP addresses, the first and last address of the IP range used for NATing. Note that large ranges can result in a slow response from the SmartCenter server. 20. When activating the "General HTTP Worm Catcher" SmartDefense protection on a VSX gateway, all HTTP traffic is scanned for worms, regardless of the scope. Policy Installation 21. Policy cannot be installed on more then 10 Virtual Systems simultaneously. 22. VSX does not support the SmartDefense Profiles feature. 23. Virtual Systems cannot be managed from a Secondary management server. VSX NG AI Management Issues 24. When creating a NG AI Virtual Device, the main IP address of the Virtual Device should be routable from the SmartCenter server. 25. When two Virtual Systems with internal IP addresses that originate from identical subnets (that is, overlapping subnets) are connected through a Virtual Switch, the internal interface of one of the Virtual Systems cannot be propagated. 26. To enable the synchronization of routing information between cluster members, the policy on the VSX cluster must allow communication between cluster members on TCP port 2010. VPN-1/FireWall-1 NGX R65 Known Limitations Supplement. Last Update — February 4, 2008 5:37 pm 40
VPN-1 Power VSX 27. When connecting from SmartDashboard to the management server through a Virtual Device, the Virtual Device topology or routing cannot be changed. 28. If you change the IP address of an interface leading to a virtual router when editing VSX NG AI, all manually defined routes to this Virtual Router will be deleted from the Virtual System and should to be re-entered manually. 29. In VSX, the Phase 1 proposal for SecureClient is hardcoded. Therefore, changing the Phase 1 encryption method is not reflected in the client. 30. To avoid warning messages during policy installation, interfaces defined on a Virtual System or Virtual Router should be associated with a route. 31. The number of interfaces that can be assigned to a Virtual System is limited to 64. 32. When an VSX NG AI Virtual Device is created it is assigned a unique IP. If the unique IP is already in use, the operation will fail. To fix this problem cancel the operation and create the Virtual Device with a unique IP that is not being used. 33. On Nokia platforms running VSX NG AI in a cluster configuration, an issue may arise when changing the VLAN interface on a Virtual Device. If the operation fails at some point, the change may be applied to some cluster members and not others. VSX ClusterXL 34. To prevent a Virtual System in Bridge mode from creating loops in a clustered environment, a spanning tree protocol is required. 35. All Virtual System interfaces in bridge mode must have the same VLAN ID. Platform Specific — Nokia 36. When creating a NG AI VSX cluster on IPSO, delete from the physical interfaces list any interfaces which are not VRRP enabled. Remove these “unused” interfaces when using the VSX Wizard or immediately afterwards. 37. Encryption method AES128/MD5 is not supported for VPN. VPN-1/FireWall-1 NGX R65 Known Limitations Supplement. Last Update — February 4, 2008 5:37 pm 41
Page 1 and 2: Check Point NGX R65 Known Limitatio
Page 3 and 4: ClusterXL ClusterXL In This Section
Page 5 and 6: ClusterXL 2. Performing an SNMP que
Page 7 and 8: ClusterXL Platform Specific — Sol
Page 9 and 10: ClusterXL 39. The following Web Int
Page 11 and 12: Endpoint Security Endpoint Security
Page 13 and 14: Endpoint Security 18. Endpoint Secu
Page 15 and 16: Eventia Suite 15. To upgrade a dist
Page 17 and 18: Firewall 5. The name of the install
Page 19 and 20: Firewall 31. In a cluster environme
Page 21 and 22: Firewall SecureClient 56. Policy in
Page 23 and 24: Provider-1/SiteManager-1 3. After u
Page 25 and 26: Provider-1/SiteManager-1 In additio
Page 27 and 28: Provider-1/SiteManager-1 SmartUpdat
Page 29 and 30: SecureXL SecureXL In This Section G
Page 31 and 32: SmartCenter Server SmartCenter Serv
Page 33 and 34: SmartCenter Server Policy Installat
Page 35 and 36: SmartPortal Platform Specific - Nok
Page 37 and 38: SmartUpdate Miscellaneous 11. When
Page 39: VPN VPN VPN Communities 1. When man

NGX R65 Release Notes - Check Point

Create successful ePaper yourself

Delete template?

Save as template?