NGX R65 Release Notes - Check Point
NGX R65 Release Notes - Check Point
NGX R65 Release Notes - Check Point
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
VPN-1 Power VSX<br />
SmartCenter<br />
7. To establish trust with newly created Virtual Devices, the IP address of the management server<br />
must be routable from the VSX gateway. When a management server has more then one<br />
interface, make sure to select the IP address of the proper interface to serve as the<br />
management server's IP address.<br />
8. The Install Database operation is not supported on Virtual Devices.<br />
9. The Policy Uninstall operation is not supported on VSX clusters.<br />
SmartDashboard<br />
10. After creating a VSX gateway or cluster, its IP address cannot be changed.<br />
11. The name of a Virtual Device should not exceed 64 characters. In cluster scenarios, the<br />
Member Virtual Device name is a composite of the Member name and the Cluster Virtual<br />
Device name. This could result in a Virtual Device name which contains more than 64<br />
characters.<br />
12. After resetting the SIC for a VSX gateway or cluster member, reinstall policy.<br />
13. When adding NATed addresses to the topology of a Virtual System, only address ranges are<br />
supported. To add a single IP address or an IP subnet, define it as an address range.<br />
14. Editing the name of the VSX management interface is not supported.<br />
15. When editing a VSX gateway or cluster object using the Creation Templates tab, you can only<br />
switch to a Customized Virtual System. Please note that this act is irreversible.<br />
16. Propagating routes from Virtual Routers to Virtual Systems is not supported.<br />
17. When using the vsx_util reconfigure command line utility to reconfigure a VSX gateway, the SIC<br />
status of the network object does not change to Communicating. While this will result in<br />
warnings regarding trust establishment on VS/VR for this specific object, the messages can be<br />
safely ignored.<br />
18. When configuring a host object as a Web Server in a deployment that contains configured<br />
Virtual Systems, on the Web Server tab, set the Protected by field to contain targets that do not<br />
include Virtual Systems.<br />
19. When defining NAT routes on the Topology tab of the Virtual System, insert two IP addresses,<br />
the first and last address of the IP range used for NATing. Note that large ranges can result in<br />
a slow response from the SmartCenter server.<br />
20. When activating the "General HTTP Worm Catcher" SmartDefense protection on a VSX gateway,<br />
all HTTP traffic is scanned for worms, regardless of the scope.<br />
Policy Installation<br />
21. Policy cannot be installed on more then 10 Virtual Systems simultaneously.<br />
22. VSX does not support the SmartDefense Profiles feature.<br />
23. Virtual Systems cannot be managed from a Secondary management server.<br />
VSX NG AI Management Issues<br />
24. When creating a NG AI Virtual Device, the main IP address of the Virtual Device should be<br />
routable from the SmartCenter server.<br />
25. When two Virtual Systems with internal IP addresses that originate from identical subnets (that<br />
is, overlapping subnets) are connected through a Virtual Switch, the internal interface of one of<br />
the Virtual Systems cannot be propagated.<br />
26. To enable the synchronization of routing information between cluster members, the policy on<br />
the VSX cluster must allow communication between cluster members on TCP port 2010.<br />
VPN-1/FireWall-1 <strong>NGX</strong> <strong>R65</strong> Known Limitations Supplement. Last Update — February 4, 2008 5:37 pm 40