SlideShare a Scribd company logo

Cp r75.40 release_notes

Luiz Eduardo Improta
Luiz Eduardo Improta

 New SmartEvent Assistant to help configure SmartEvent. HTTPS Inspection  HTTPS Inspection supports TLS 1.1 and TLS 1.2 protocols.  Support for TLS 1.1 and TLS 1.2 in HTTPS Inspection is enabled by default. HTTP Proxy  HTTP Proxy supports TLS 1.1 and TLS 1.2 protocols.  Support for TLS 1.1 and TLS 1.2 in HTTP Proxy is enabled by default. IPsec VPN  Support for TLS 1.1 and TLS 1.2 in IPsec VPN is enabled by default. SmartLog  SmartLog now supports TLS 1.1 and TLS

1 of 30
Download to read offline
13 August 2012 Release Notes R75.40 Classification: [Protected]
© 2012 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks. Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of relevant copyrights and third-party licenses.
Important Information Latest Software We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks. Latest Documentation The latest version of this document is at: http://supportcontent.checkpoint.com/documentation_download?ID=13079 For additional technical information, visit the Check Point Support Center (http://supportcenter.checkpoint.com). For more about this release, see the R75.40 home page (http://supportcontent.checkpoint.com/solutions?id=sk76540). Revision History Date Description 13 August 2012 Updated: Support for Standalone Full High Availability Deployment, and Smart-1 does not support Standalone ("Check Point Appliances" on page 14). Updated: Open Server support for Appliance Hardware Health Monitoring (on page 15). Updated: SmartEvent Requirements (on page 23) Updated: Anti-Virus Software Blade is not supported on IPSO ("Security Gateway Software Blades" on page 26). Added: Bridge Mode supported platforms ("Security Gateway Bridge Mode" on page 27). This supersedes the information in the Firewall Administration Guide. 17 May 2012 Updated DLP data 15 May 2012 New SmartConsole ("Build Numbers" on page 12) 03 May 2012 Updated link to package ("Upgrade Package with CLI" on page 29) 30 April 2012 Updated What's New ("Operating System - Gaia" on page 7) and Upgrade Paths ("Upgrading to Gaia" on page 28) 23 April 2012 First release of this document Feedback Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments (mailto:cp_techpub_feedback@checkpoint.com?subject=Feedback on R75.40 Release Notes).
Contents Important Information.............................................................................................3 Introduction.............................................................................................................6 Important Solutions.............................................................................................. 6 Licensing............................................................................................................. 6 What's New..............................................................................................................7 Operating System - Gaia ..................................................................................... 7 New Appliances................................................................................................... 8 Anti-Bot ............................................................................................................... 8 New Anti-Virus..................................................................................................... 8 IPS ...................................................................................................................... 8 Application Control and URL Filtering.................................................................. 9 Data Loss Prevention .......................................................................................... 9 UserCheck .........................................................................................................10 Identity Awareness .............................................................................................10 SmartEvent ........................................................................................................10 HTTPS Inspection ..............................................................................................11 HTTP Proxy........................................................................................................11 IPsec VPN..........................................................................................................11 SmartLog............................................................................................................11 Enhancements ...................................................................................................11 Build Numbers ......................................................................................................12 System Requirements ..........................................................................................13 Check Point Appliance Naming Conventions......................................................13 Security Software Containers .............................................................................14 Check Point Operating Systems ....................................................................14 Check Point Appliances.................................................................................14 Other Platforms and Operating Systems........................................................15 Appliance Hardware Health Monitoring..........................................................15 Dedicated Gateways......................................................................................16 Platform Requirements.......................................................................................16 Gaia Requirements........................................................................................16 SecurePlatform..............................................................................................18 IPSO..............................................................................................................18 Linux..............................................................................................................19 Solaris ...........................................................................................................19 Microsoft Windows.........................................................................................20 Maximum Number of Interfaces Supported by Platform .................................20 Security Management Open Server Hardware Requirements........................21 Multi-Domain Security Management Requirements .......................................21 Security Gateway Open Server Hardware Requirements ..............................22 Mobile Access Blade Requirements...............................................................22 SmartEvent Requirements.............................................................................23 SmartReporter Requirements ........................................................................24 Console Requirements ..................................................................................24 UserCheck Client Requirements....................................................................25 Performance Pack .........................................................................................25 Security Management Software Blades..............................................................25 Security Gateway Software Blades.....................................................................26 Security Gateway Bridge Mode ..........................................................................27 Clients and Consoles by Windows Platform .......................................................27 Clients and Consoles by Mac Platform ...............................................................27 Check Point GO Secure Portable Workspace.....................................................28
Upgrade Paths and Interoperability.....................................................................28 Upgrading to Gaia ..............................................................................................28 Supported Management and Gateway Upgrade Paths.......................................28 Compatibility with Gateways and Clients ............................................................28 Upgrade Package with CLI.................................................................................29 Updating IPS Patterns........................................................................................29 Uninstalling...........................................................................................................30
Introduction R75.40 Release Notes | 6 Introduction Thank you for choosing to install Check Point version R75.40. Please read this document carefully before installing R75.40. Important Solutions For more about R75.40 and to download the software, go to the R75.40 Home Page (http://supportcontent.checkpoint.com/solutions?id=sk76540). For a list of open issues, see the Known Limitations (http://supportcontent.checkpoint.com/solutions?id=sk79260). For a list of fixes, see the Resolved Issues (http://supportcontent.checkpoint.com/solutions?id=sk67583). Licensing Important - Check Point software versions R75.10 or higher must have a valid Software Blades license. Users with NGX licenses cannot install the software. To migrate NGX licenses to Software Blades licenses, see Software Blade Migration (http://www.checkpoint.com/products/promo/software-blades/upgrade/index.html) or contact Account Services. If you manage GX gateways from a Security Management server, you must regenerate your GX licenses in the User Center to be compliant with Software Blades. This procedure is optional for Multi-Domain Servers and Domain Management Servers. IPS Software Blade License Virtual Systems with IPS Software Blades must have a current, valid IPS contract that is renewed annually. To manage your contracts, go to your UserCenter account or contact your reseller.  Notifications that IPS service contracts are expiring show in many locations, including:  The IPS SmartDashboard window  SmartUpdate  Product reports in your Check Point UserCenter account  If your service contract has expired, IPS continues to operate using the R70 (Q1/2009) signature set. Renew your IPS service contract to download and use the current signature set. For more about IPS contract enforcement, see sk44175 (http://supportcontent.checkpoint.com/solutions?id=sk44175).
What's New R75.40 Release Notes | 7 What's New New Terms: These product and technology names are changed. Name in R75.20 Name in R75.40 SmartDirectory (LDAP) User Directory Check Point Abra Check Point GO Operating System - Gaia Gaia is Check Point's next generation operating system for security applications. In Greek mythology, Gaia is the mother of all, representing closely integrated parts to form a single, efficient system. The Gaia Operating System supports the full portfolio of Check Point Software Blades, Gateway and Security Management products. Gaia is a single, unified network security Operating System that combines the best of Check Point's SecurePlatform operating system, and IPSO, the operating system from appliance security products. Gaia is available for all Check Point security appliances and open servers. Designed from the ground up for modern high-end deployments, Gaia includes support for:  IPv4 and IPv6 - fully integrated into the Operating System.  High Connection Capacity - 64bit support.  Load Sharing - ClusterXL and Interface bonding.  High Availability - ClusterXL, VRRP, Interface bonding.  Dynamic and Multicast Routing - BGP, OSPF, RIP, and PIM-SM, PIM-DM, IGMP.  Easy to use Command Line Interface - Commands are structured using the same syntactic rules. An enhanced help system and auto-completion further simplifies user operation.  Role Based Administration - Enables Gaia administrators to create different roles. Administrators can allow users to access features by adding those functions to the user's role definition. Each role can include a combination of administrative (read/write) access to some features, monitoring (read-only) access to other features, and no access to other features.  Simple and Easy upgrade - from IPSO and SecurePlatform. Gaia Software Updates  Get updates for licensed Check Point products directly through the operating system.  Download and install the updates more quickly. Download automatically, manually, or periodically. Install manually or periodically.  Get email notifications for newly available updates and for downloads and installations.  Easy rollback from new update. Gaia Web User Interface  The Gaia WebUI is an advanced, web-based interface for configuring Gaia platforms. Almost all system configuration tasks can be done through this Web-based interface.  Easy Access - Simply go to https://<Device IP Address>.  Browser Support - Internet Explorer, Firefox, Chrome and Safari.
What's New R75.40 Release Notes | 8  Powerful Search Engine - makes it easy to find features or functionality to configure.  Easy Operation - Two operating modes. 1) Simplified mode shows only basic configuration options. 2) Advanced mode shows all configuration options. You can easily change modes.  Web-Based Access to Command Line - Clientless access to the Gaia CLI directly from your browser. New Appliances New Check Point appliances support R75.40:  21400 Appliance  12000 Appliances  4000 Appliances  2200 Appliances Anti-Bot Check Point Anti-Bot prevents damage and blocks bot communication between infected hosts and a remote operator. The Anti-Bot Software Blade:  Uses the multi-layered ThreatSpect engine to analyze network traffic and identify bot infected machines in the organization.  Uses ThreatCloud repository Real-Time security intelligence to identify bot infections based on millions of bot command and control IP/DNS/URL addresses and bot initiated spam outbreaks.  Uses different views and reports to provide threat visibility for the organization and help assess damages and decide on corrective actions.  Integrates with other Software Blades for a unique Anti-Bot and Anti-Malware solution on a Security Gateway. New Anti-Virus Check Point Anti-Virus provides superior Anti-Virus protection against modern malware multiple attack vectors and threats. The Anti-Virus Software Blade:  Offers powerful security coverage by supporting millions of signatures.  Leverages the Check Point ThreatCloud repository to identify and block incoming malicious files (such as exe, doc, xls, pdf) from entering the organization.  Prevents web-based malware download from sites known to contain malware.  Uses different views and reports to provide threat visibility for the organization and help assess damages and decide on corrective actions.  Consolidated Anti-Bot and Anti-Virus approach for dealing with malware threats (including policy setting, event analysis, and malware reports).  Uses a separate policy installation (together with the Anti-Bot Software Blade) to minimize risk and operational impact. IPS  Significant reduction (about 90%) of false positives of non-compliant HTTP and TCP-streaming protections and of redundant logs.
What's New R75.40 Release Notes | 9  Increase pattern granularity - Header rejection, Http worm catcher and Cifs worm catcher patterns were converted into separate protections, giving more granularity in their settings. This feature is installed during the first IPS update process (online update, offline update or scheduled update).  Implied exceptions - Built-in exceptions to allow Check Point products trusted traffic.  New tool to control IPS functionality from the gateway through CLI  Improved TCP streaming infrastructure  Enhanced HTTP and Web Sockets protection  Improved TAP mode support  Granular TCP logging  New GEO database and additional countries and significantly improved accuracy Application Control and URL Filtering  Use the Limit action in rules to limit the bandwidth permitted for a rule  Add a Time object to a rule to make the rule active only during specified times.  The UserCheck client adds the option to send notifications for applications that are not in a web browser, such as Skype or iTunes.  New UserCheck features ("UserCheck" on page 10): Cancel button on messages and UserCheck Frequency.  If traffic is not detected by other applications, it is declared an unknown application. This lets you block all unknown traffic and better handle known traffic. Data Loss Prevention Watermarking: Add visible and hidden marks to Microsoft Office 2007 and 2010 documents when they are sent as email attachments (outgoing and internal emails).  Visible Watermarks alert users to sensitive document content when viewed or printed. Examples:  Add customized text footer to Power Point slides: "Highly Restricted, sent by John Smith on 7/7/11".  Add a large diagonal "Classified" visible watermark on the first page of Word documents that match a DLP rule.  Hidden Watermarks are encrypted and let DLP tag documents without affecting format.  Does not change the visible document layout.  The tag can be identified in DLP scans.  The tag can be used for forensic analysis to track leaked documents. Improved Privacy Options:  Can choose to not store original messages with the DLP incident.  Send the original email to the data owner.  Easy to view HTML-based messages include highlighted matched content and masked credit card numbers. Time Object:  Limit rules to certain times of the day, day of week or day of month.  Stop DLP rules on set date, when the data is no longer sensitive (for example, after financial data is publicly released). Improved Compliance and Matching:  Easily view and quickly apply multiple compliance-related rules.  Improved template matching identifies files by text and by embedded images (for example, upload company logo to match documents using the company template with that logo embedded).
What's New R75.40 Release Notes | 10  New Message Attributes data type to match based on overall message size, number of attachments, and number of words. UserCheck  In Application and URL Filtering, UserCheck Frequency lets you set the number of times that users get UserCheck messages for accessing applications that are not permitted by the policy. You can also set the notifications to be based on accessing the rule, application category, or the application itself.  UserCheck Scoping enhances notifications to match not only by rule, but also by category and site in the Application Control Rule Base.  A dedicated UserCheck agent on the endpoint gives users notifications and options, according to your rules, when their user actions match DLP or Application and URL Filtering rules.  If you don't need users to enter their reason for wanting to do an action that is caught by Application and URL Filtering rules, you can disable this requirement. See the UserCheck Interaction window > Conditions.  Cancel button added to the Inform and Ask web pages, to stop loading a requested page or to stop an email in progress.  UserCheck Revoke Page lets you delete (revoke) all UserCheck entries when you access the Revoke Page (https://<UserCheck Portal URL>/RevokePage). Identity Awareness  New Identity acquisition methods:  Terminal Servers / Citrix communicate with the gateway through one IP address, but are used to host multiple users. The gateway identifies the originating user behind connections from these multi-user hosts.  Transparent Portal Authentication redirects an unauthenticated user to a URL, for authentication (using Kerberos SSO) and then redirects the user back to the originally requested URL. If the transparent authentication fails, the user is redirected to the Captive Portal for manual authentication. The new Browser-Based Authentication lets you configure Captive Portal and Transparent Portal Authentication for Identity Awareness.  SSO with Remote Access Clients integrates the Mobile Access blade with the Identity Awareness blade. It adds identity data for VPN client users (coming from E75.x clients, E80.x clients, SecureClient, SSL Network Extender, and so on).  Identity Agent for MAC OS (10.6 and 10.7) on 32-bit and 64-bit. It can be downloaded from the Identity Awareness Captive Portal.  Nested Groups are enforced by the Identity Awareness blade. You can set a parent group as an Access Role in a rule, and it applies to all users in the sub groups. SmartEvent Reports:  Enhanced Reports tab, for richer management functionality of SmartEvent reports and ease of use.  Get reports in PDF format.  New layout for Anti-Malware reports. Anti-Malware:  Enhanced overall support for Anti-Malware.  SmartEvent Intro for Anti-Malware. Usability and Performance Enhancements:  Summary view of Grouped Events, for Application Control and Anti-Malware events.
What's New R75.40 Release Notes | 11  Easy to activate SmartEvent on a standalone environment - no configuration needed, just activate the Software Blade on the Security Management Server properties.  Enhanced SmartEvent performance: support for 2 Million events per day (8,000 to 15,000 users behind Application Control and URL Filtering). HTTPS Inspection  Support for HTTPS Inspection on inbound traffic.  Automatic update for Trusted CA list. HTTP Proxy You can configure a Security Gateway to be an HTTP/HTTPS web proxy, in transparent or non-transparent mode. IPsec VPN Support for Suite-B GCM encryption. See RFC 6379 for more information. SmartLog New SmartLog for full-text, ultra-fast search over billions of log records. SmartLog is a next generation solution for managing logs generated by Check Point Security Gateways. This solution is designed to answer the challenges of storing, searching and filtering logs in modern environments with continually increasing log volume. Enhancements General  Configure Multi Portal access through VPN clients (connected with Office Mode), to protect your portals from external network exposure. This new option applies to all portals: Mobile Access Portal, UserCenter Portal, Identity Awareness Captive Portal, Platform Portal, and DLP Portal.  SmartProvisioning supports Security Gateway 80 appliances. Performance  NAT and log templates in SecureXL  IPv6 acceleration, MultiCore and ClusterXL HA support on Gaia and SecurePlatform.  Accelerated Drop Rules, explained in sk67861 (http://supportcontent.checkpoint.com/solutions?id=sk67861). Licensing  R75.40 management servers do not need IPv6 licenses.  Gaia can automatically attach licenses for Security Gateways and management servers. SmartConsole  Hit count - shows number of instances a rule in the Application Control or Firewall Rule Bases was matched to traffic.  Improved performance and easier installation of SmartConsole.
Build Numbers R75.40 Release Notes | 12 Build Numbers This table shows the R75.40 software products and their build numbers as included on the product DVD. To verify each product build number, use the show command syntax or do the steps in the GUI. Software Blade / Product Build Number Verifying Build Number* Gaia OS build 338 show version all SecurePlatform 986000069 ver Security Gateway 986000275 Windows - 274 fw ver Security Management 986000064 fwm ver SmartConsole Applications 986000382 Help > About Check Point <Application name> Mobile Access 986000128 cvpn_ver Multi-Domain Server 986000210 fwm mds ver SmartDomain Manager 986000229 Help > About Check Point Multi-Domain Security Management Acceleration (Performance Pack) 986000044 sim ver -k Advanced Networking (Routing) 986000010 Gaia - 056 SecurePlatform: gated_ver Gaia: rpm -qf /bin/routed Server Monitoring (SVM Server) 986000010 rtm ver Management Portal 986000016 cpvinfo /opt/CPportal-R75.40/portal/bin/sma rtportalstart SmartReporter 986000227 SVRServer ver Compatibility Packages** CPNGXCMP-R75.40-00 020 /opt/CPNGXCMP-R75.40/bin/fw_loader ver CPV40Cmp-R75.40-00 976121001 cpvinfo /opt/CPV40Cmp-R75.40/bin/fw_loader | grep Build CPEdgecmp-R75.40-00 986000003 /opt/CPEdgecmp-R75.40/bin/fw ver CPR71CMP-R75.40-00 001 /opt/CPR71CMP-R75.40/bin/fw_loader ver CPR75CMP-R75.40-00 001 /opt/CPR75CMP-R75.40/bin/fw_loader ver
System Requirements R75.40 Release Notes | 13 Software Blade / Product Build Number Verifying Build Number* CPSG80CMP-R75.40-00 029 /opt/CPSG80CMP-R75.40/bin/fw_loader ver CPR7520CMP-R75.40-00 003 /opt/CPR7520CMP-R75.40/bin/fw_loade r ver CPCON66CMP-R75.40-00 Build 004 /opt/CPCON66CMP-R75.40/bin/fw_loade r ver * Some of the commands to see the installed build show only the last three digits of the build number. ** To see build numbers on Windows, look at C:Program FilesCheckPointR75.40 instead of /opt/../R75.40 System Requirements Important - Resource consumption is dependent on the scale of your deployment. The larger the deployment, the more disk space, memory, and CPU are required. In This Section Check Point Appliance Naming Conventions 13 Security Software Containers 14 Platform Requirements 16 Security Management Software Blades 25 Security Gateway Software Blades 26 Security Gateway Bridge Mode 27 Clients and Consoles by Windows Platform 27 Clients and Consoles by Mac Platform 27 Check Point GO Secure Portable Workspace 28 Check Point Appliance Naming Conventions An appliance model name that ends with 00 (two zeros) is the generic name of the model. Any other number shows the number of Software Blades on the appliance. Some model names end with one zero. This document uses the generic appliance names. For example:  Check Point 4800 is the generic name of the model.  Check Point 4810 is the model with 10 Software Blades.  Check Point IP2450 is the generic name of the model.  Check Point IP2457 has 7 Software Blades.
System Requirements R75.40 Release Notes | 14 Security Software Containers Management servers and gateways are supported on these operating systems and platforms. Check Point Operating Systems Software Blade Containers Gaia SecurePlatform IPSO Disk-based IPSO Flash-based Security Management    Security Gateway     * Multi-Domain Security Management  * On Flash-based Appliances, 1G of RAM is enough to run Firewall, IPS and VPN blades only. To activate more blades, 2G of RAM is required on IP290, IP390, and IP560 flash-based appliances. Check Point Appliances Appliance Security Management Security Gateway Standalone Deployment Standalone Full High Availability Deployment Multi-Domain Security Management 2200 Appliance    4000 Appliances    12000 Appliances    21400 Appliance    IP Appliances (IP150, IP280, IP290, IP390, IP560, IP690, IP1280, IP2450)   Smart-1 5  Smart-1 25  Smart-1 50   Smart-1 150  Power-1  UTM-1    IP Appliance platforms are available in disk-based, diskless flash-based and hybrid (flash-based systems with a supplemental hard disk for local logging, swap space and core file storage) configurations.
System Requirements R75.40 Release Notes | 15 Other Platforms and Operating Systems Microsoft Red Hat Linux Crossbeam Solaris Software Blade Containers Windows Server 2003, 2008 Windows XP, 7 RHEL 5.0, 5.4 X-series Ultra-SPARC 8, 9, 10 Security Management  1    Security Gateway   Multi-Domain Security Management   2 1. Security Management Server supports Windows Server 2008 R2. 2. We recommend that you install Multi-Domain Security Management on Sun M-Series servers. Sun T-Series servers are not supported. Operating System Versions These are the supported versions of Microsoft and RedHat operating systems. For Windows 2003 SP1, you must install the hotifx specified in Microsoft KB 906469 (http://support.microsoft.com/kb/906469). Windows 2008 Server 64-bit is supported for Security Management only. Operating System Editions Service Pack 32/64-bit Microsoft Windows XP Professional SP3 32-bit Windows 2003 Server N/A SP1, SP2 32-bit Windows 2008 Server N/A SP1, SP2 32-bit, 64-bit Windows 7 Professional, Enterprise, Ultimate N/A 32-bit, 64-bit RedHat RHEL 5.0 N/A 32-bit RHEL 5.4 kernel 2.6.18 N/A 32-bit Appliance Hardware Health Monitoring R75.40 supports these Hardware Health Monitoring features for Gaia and SecurePlatform:  RAID Health: Use SNMP to monitor the health of the disks in the RAID array, and be notified of the states of the volumes and disks.  Hardware Sensors: Use the WebUI or SNMP to monitor fan speed, motherboard voltages, power supply health, and temperatures. Open Servers are only supported when they have an IPMI card installed.
System Requirements R75.40 Release Notes | 16 Check Point Appliances 21000 12000 4000 and 2200 Power-1 UTM-1 Smart-1 Hardware sensors monitoring with SNMP (polling and traps)      (1)  Hardware sensors monitoring with the WebUI      (1)  RAID monitoring with SNMP    (2) Notes 1. Hardware sensors monitoring is supported on all UTM-1 models except the xx50 series. 2. RAID Monitoring with SNMP is supported on Power-1 servers with RAID card installed (Power-1 9070 and Power-1 11070). Open Servers  Hardware Sensors Monitoring: Use SNMP (polling and traps) or the WebUI to monitor hardware on IBM, HP, Dell, and Sun certified servers with an Intelligent Platform Management Interface (IPMI) card installed. The IPMI standard defines a set of common interfaces for a computer system, which system administrators can use to monitor system health. Note - IPMI is an open standard, and we cannot guarantee the Hardware Health Monitoring performance on all systems and configurations.  RAID Monitoring with SNMP: Use SNMP to monitor RAID on HP servers with HP Smart Array P400 Controller. Note the HP Smart Array P400i Controller is a different controller, which is not supported for hardware monitoring. Dedicated Gateways To install R75.40 on an R71 DLP-1 appliance or an R71 DLP open server, do a clean installation of R75.40. Note - To upgrade from DLP-1 9571 of version R71.x DLP, you must upgrade the BIOS. Then do a clean installation of R75.40. See sk62903 (http://supportcontent.checkpoint.com/solutions?id=sk62903) for details. You cannot upgrade these dedicated gateways to R75.40:  Open Server - IPS-1 Sensor, VSX  Appliances - Security Gateway 80, UTM-1 Edge, IPS-1 Sensor, VSX-1 Platform Requirements Gaia Requirements This release is shipped with the new Gaia operating system, which supports most Check Point appliance platforms, selected open servers, and selected network interface cards. If your open server has less than 6GB RAM, it can run in 32-bit mode only. You can run 64-bit compatible open servers with 6GB RAM or more in 64-bit mode.  Gaia Open Servers - All open servers in the Hardware Compatibility List are supported (http://www.checkpoint.com/services/techsupport/hcl/all.html).  Gaia and Performance Pack - Performance Pack is supported on all Gaia platforms.
System Requirements R75.40 Release Notes | 17 Gaia on Check Point Security Appliances Appliances 32-bit / 64-bit* 2200 32 4200 32 4600 32 4800 32, 64 12200 32, 64 12400 32, 64 12600 32, 64 21400 32, 64 * 64-bit is available with over 6GB RAM. Gaia on IP Appliances Important - Gaia is not supported on Flash-Based or Hybrid platforms at this time. These configurations are supported: IP Appliance Disk Based Platform 32-bit / 64-bit* IP150 32 IP280 32 IP290 32 IP390 32 IP560 32 IP690 32 IP1280 32, 64 IP2450 32, 64 * 64-bit is available on appliances with over 6GB RAM. The basic configuration for IP appliances includes 4GB of RAM.
System Requirements R75.40 Release Notes | 18 Gaia on Power-1, UTM-1 and Smart-1 Appliances Platform 32-bit / 64-bit Power-1 11000 32, 64 (default is 64) Power-1 9070 32 Power-1 5070 32 UTM-1 3070 32 UTM-1 2070 32 UTM-1 1070 32 UTM-1 570 32 UTM-1 270 32 UTM-1 130 32 Smart-1 5 32 Smart-1 25 32 Smart-1 50 * 32 Smart-1 150 * 32 * Not supported for Multi-Domain Security Management. Gaia WebUI The Gaia WebUI (also known as the Gaia Portal) is supported on these browsers:  Internet Explorer 8 or higher  Firefox 6 or higher  Chrome 14 or higher  Safari 5 or higher SecurePlatform This release is shipped with the latest SecurePlatform operating system, which supports a variety of appliances and open servers. See the list of certified hardware (http://www.checkpoint.com/services/techsupport/hcl/index.html) before installing SecurePlatform on the target hardware. IPSO  Only clean installation of R75.40 is supported on IPSO flash-based models:  IP290  IP390  IP560 Features: Advanced Routing and SecureXL are included by default. Clustering on IPSO supports VRRP and IP Clustering. All currently available IPSO platform types (Disk-based, Flash-based, and Hybrid) are supported. You can select 32-bit or 64-bit in the Boot Manager for IP appliances.
System Requirements R75.40 Release Notes | 19 Limitations: You cannot manage UTM-1 Edge devices from a Security Management server on an IPSO platform. R75.40 on IPSO flash-based models requires 2GB RAM. (Note - This is more required disk space than that required by versions before R75.20.) Linux Note - Cross-platform High Availability is not supported with a mix of Windows and non-Windows platforms. Before you install Security Management on Red Hat Enterprise Linux 5: 1. Install the sharutils-4.6.1-2 package. a) Make sure that you have the sharutils-4.6.1-2 package installed by running: rpm -qa | grep sharutils-4.6.1-2 b) If the package is not already installed, install it by running: rpm –i sharutils-4.6.1-2.i386.rpm This package can be found on CD 3 of RHEL 5. 2. Install the compat-libstdc++-33-3.2.3-61 package. a) Make sure that you have the compat-libstdc++-33-3.2.3-61 package by running: rpm –qa | grep compat-libstdc++-33-3.2.3-61 b) If the package is not already installed, install it by running: rpm –i compat-libstdc++-33-3.2.3-61.i386.rpm This package can be found on CD 2 of RHEL 5. 3. Disable SeLinux. a) Make sure that SeLinux is disabled by running: getenforce b) If SeLinux is enabled, disable it by setting SELINUX=disabled in the /etc/selinux/config file and rebooting the computer. Solaris Security Management Server and Multi-Domain Security Management are supported with Solaris running on UltraSPARC 64-bit platforms. See Management Products by Platform. Note - Cross-platform High Availability is supported if all of the platforms are SecurePlatform, Linux, or Solaris. It is not supported with Windows and non-Windows platforms (SecurePlatform, Linux, and Solaris). Required Packages  SUNWlibC  SUNWlibCx (except Solaris 10)  SUNWter  SUNWadmc  SUNWadmfw Required Patches The patches listed below are required to run Check Point software on Solaris platforms. They can be downloaded from: http://sunsolve.sun.com (http://sunsolve.sun.com). To display your current patch level, use the command: showrev -p | grep <patch number>
System Requirements R75.40 Release Notes | 20 Platform Required Recommended Notes Solaris 8 108528-18 109147-40 or higher If the patches 108528-17 and 113652-01 are installed, remove 113652-01, and then install 108528-18. 110380-03 109147-18 109326-07 108434-01 Required only for 32 bit systems 108435-01 Required only for 64 bit systems Solaris 9 112233-12 112963-25 or higher 112902-07 116561-03 Only if dmfe(7D) Ethernet driver is defined on the machine Solaris 10 117461-08 or higher Multi-Domain Security Management is not supported on Sun T-Series servers. Microsoft Windows High Availability Legacy mode is not supported on Windows. Note - Cross-platform High Availability is supported if all of the platforms are SecurePlatform, Linux, or Solaris. It is not supported with a mix of Windows and non-Windows platforms (SecurePlatform, Linux, and Solaris). Maximum Number of Interfaces Supported by Platform The maximum number of interfaces supported (physical and virtual) is shown by platform in this table. Platform Max Number of Interfaces Notes Gaia 1024 SecurePlatform 1015 1. SecurePlatform supports 255 virtual interfaces per physical interface. 2. When using Dynamic Routing on SecurePlatform, 200 virtual interfaces per physical interface are supported. IPSO 1024 Windows 32
System Requirements R75.40 Release Notes | 21 Security Management Open Server Hardware Requirements Component Windows Linux SecurePlatform on Open Servers Solaris Processor Intel Pentium Processor E2140 or 2 GHz equivalent processor Intel Pentium Processor E2140 or 2 GHz equivalent processor Intel Pentium Processor E2140 or 2 GHz equivalent processor Sun UltraSPARC IV and higher Free Disk Space 1GB 1.4GB 10GB (installation includes OS) 1GB Memory 1GB 1GB 1GB 512MB Optical Drive Yes Yes Yes (bootable) Yes Network Adapter One or more One or more One or more One or more Multi-Domain Security Management Requirements The minimum recommended system requirements for Multi-Domain Security Management are: Component Linux Solaris SecurePlatform CPU Intel Pentium Processor E2140 or 2 GHz equivalent processor UltraSPARC III 900MHz Intel Pentium Processor E2140 or 2 GHz equivalent processor Memory 4GB 4GB 4GB Disk Space 2GB 2GB 10GB (install includes OS) Optical Drive Yes Yes Yes (bootable) Important - We recommend that you install Multi-Domain Security Management on Sun M-Series servers. Sun T-Series servers are not supported. Multi-Domain Security Management Resource Consumption Resource consumption is dependent on the scale of your deployment. The larger the deployment, the more disk space, memory, and CPU are required. The Multi-Domain Security Management disk space requirements are:  For basic Multi-Domain Server installations: 2GB (1GB /opt, 1GB /var/opt).  For each Domain Management Server: 400MB (for the Domain Management Server directory located in /var/opt)
System Requirements R75.40 Release Notes | 22 Security Gateway Open Server Hardware Requirements Component Windows SecurePlatform on Open Servers Processor Intel Pentium IV or 1.5 GHz equivalent Intel Pentium IV or 2 GHz equivalent Free Disk Space 1GB 10GB Memory 512MB 512MB Optical Drive Yes Yes Network Adapter One or more One or more supported cards Mobile Access Blade Requirements Endpoint OS Compatibility Windows Linux Mac iOS Android Mobile Access Portal      Clientless access to web applications (Link Translation)      Endpoint Security on Demand    SecureWorkspace  SSL Network Extender - Network Mode    SSL Network Extender - Application Mode  Downloaded from Mobile Access applications    Clientless Citrix  File Shares - Windows File Explorer viewer (WebDAV)  File Shares - Web- based file viewer (HTML)      Web mail     
System Requirements R75.40 Release Notes | 23 Endpoint Browser Compatibility Internet Explorer Google Chrome Mozilla Firefox Macintosh Safari Opera for Windows Mobile Access Portal      Clientless access to web applications (Link Translation)      Endpoint Security on Demand     SecureWorkspace    SSL Network Extender - Network Mode     SSL Network Extender - Application Mode    Downloaded from Mobile Access applications     Clientless Citrix   File Shares - Windows File Explorer viewer (WebDAV)  IE6 only File Shares - Web- based file viewer (HTML)      Web mail      SmartEvent Requirements You can install SmartEvent on a Security Management Server or on a different, dedicated computer. These are the requirements for the SmartEvent Server and the SmartEvent Correlation Unit: Component Windows/Linux/SecurePlatform CPU Celeron-M 1.5 GHz Memory 2GB Disk Space 25GB SmartEvent is not supported on Solaris platforms. To optimize SmartEvent performance:  Use a disk available high RPM, and a large buffer size.  Increase the server memory.
System Requirements R75.40 Release Notes | 24 SmartReporter Requirements These hardware requirements are for a SmartReporter server that monitors at least 15GB of logs each day and generates many reports. For deployments that monitor fewer logs, you can use a computer with less CPU or memory. SmartReporter can be installed on a Security Management Server or on a dedicated machine. Component Windows & Linux Minimum Windows & Linux Recommended Solaris CPU Intel Pentium IV 2.0 GHz Dual CPU 3.0 GHz UltraSPARC III 900 MHz Memory 1GB 2GB 1GB Disk Space Installation: Database: 80MB 60GB (40GB for database, 20GB for temp directory) (on 2 physical disks) 80MB 100GB (60GB for database, 40GB for temp directory) 80MB 60GB (40GB for database, 20GB for temp directory) DVD Drive Yes Yes Yes Important - We recommend that you install Multi-Domain Security Management on Sun M-Series servers. Sun T-Series servers are not supported. Optimizing SmartReporter Performance We recommend these tips to optimize SmartReporter performance:  Disable DNS resolution. This can increase consolidation performance to as much as 32GB of logs for each day.  Configure the network connection between the SmartReporter server and the Security Management server to the optimal speed.  Install a disk with high RPM (revolutions per minute) and a large buffer size.  Use UpdateMySQLConfig to adjust the database configuration and adjust the consolidation memory buffers to use the more memory.  Increase memory for better performance. Console Requirements This table shows the minimum hardware requirements for console applications: SmartDashboard, SmartView Tracker, SmartView Monitor, SmartProvisioning, SmartReporter, SmartEvent, SmartLog, SecureClient Packaging Tool, SmartUpdate, SmartDomain Manager. Component Windows CPU Intel Pentium Processor E2140 or 2 GHz equivalent processor Memory 1024MB Available Disk Space 900MB Video Adapter Minimum resolution: 1024 x 768
System Requirements R75.40 Release Notes | 25 UserCheck Client Requirements  The UserCheck client can be installed on endpoint computers running Windows.  UserCheck for DLP client notification are supported on Gaia and SecurePlatform gateways.  UserCheck for Application and URL Filtering client notifications are supported on SecurePlatform, and Gaia gateways.  The UserCheck client is not compatible with Check Point GO or Secure Workspace. If a UserCheck client is installed on a machine and a violation occurs, the UserCheck client notification shows outside the Check Point GO or Secure Workspace environment. We recommend that you not install the UserCheck client on a machine that usually runs the Check Point GO or Secure Workspace environment.  The UserCheck client is not supported on clusters in a load sharing environment. Performance Pack Performance Pack is supported on:  Check Point UTM-1 and Power-1 appliances.  Open servers that meet requirements and have valid licenses. Security Management Software Blades Software Blade Operating System Check Point Microsoft Windows RedHat Linux Solaris Gaia Secure Platform IPSO 6.2 Disk- based Server 2003 Server 2008 XP, 7 RHEL 5.0, 5.4 Ultra- SP ARC Network Policy Management         Logging & Status         Monitoring         SmartProvisioning        Management Portal *        User Directory        SmartWorkflow       SmartEvent     **   SmartReporter        * Management Portal is supported on: Internet Explorer 7 and Firefox 1.5 - 3.0 ** SmartEvent is supported on 32-bit only.
System Requirements R75.40 Release Notes | 26 Security Gateway Software Blades Software Blade Check Point Operating System Microsoft Windows Crossbeam Gaia & SecurePl atform SecurePl atform IPSO 6.2 Disk- based IPSO 6.2 Flash- based Server 2003 Server 2008 X-series Firewall        Identity Awareness      IPSec VPN        IPS        Mobile Access   DLP   Application Control        URL Filtering        Anti-Bot      Anti-Virus   Anti-Spam & Email Security   Web Security        Advanced Networking - QOS       Advanced Networking - Dynamic Routing and Multicast Support    Acceleration & Clustering        Notes about Security Gateway Software Blades 1. DLP supports High-Availability clusters, including Full HA, on SecurePlatform and Gaia. DLP supports Load Sharing clusters in Detect and Prevent mode. On UTM-1 130/270, you can use DLP with Firewall and other Security Gateway software blades, or with Firewall and Security Management software blades. The DLP portal supports Internet Explorer 6, 7, 8, 9; Firefox 3, 4; Chrome 8; and Safari 5. DLP does not support VRRP on Gaia. 2. Application Control - HTTPS Inspection is not supported on Windows. 3. Acceleration & Clustering - Clustering is supported on Windows, but Acceleration is not. Only third-party clustering is supported on Crossbeam.
System Requirements R75.40 Release Notes | 27 Security Gateway Bridge Mode Bridge mode is supported on these platforms:  Gaia  SecurePlatform  Crossbeam Clients and Consoles by Windows Platform Check Point Product XP Home (SP3) 32-bit XP Pro (SP3) 32-bit Server 2003 (SP2) 32-bit Server 2008 (SP1-2) 32 / 64 Server 2008R2 (+SP1) Vista (SP2) 32-bit Vista (SP1) 64-bit Windows 7 Ult, Pro, Ent (+SP1) 32 / 64 SmartConsole        SmartDomain Manager        SecureClient     (32-bit only) Endpoint Security VPN      Remote Access Clients E75.x      SSL Network Extender      DLP UserCheck      DLP Exchange Agent  *  * Identity Agent        * DLP Exchange Agent supports Exchange Server 2007 and Exchange Server 2010 on Windows Server 2003 64-bit (SP1-2) and Windows Server 2008 64-bit (SP1-2). A 32-bit version is available for demo or educational purposes. Clients and Consoles by Mac Platform Check Point Product Mac OS X 10.6 Mac OS X 10.7 Identity Agent 32-bit / 64-bit 32-bit / 64-bit SecureClient 32-bit 32-bit Endpoint Security VPN E75 for Mac 32-bit / 64-bit 32-bit / 64-bit
Upgrade Paths and Interoperability R75.40 Release Notes | 28 Check Point GO Secure Portable Workspace R75.40 Security Gateways only support Check Point GO Secure Portable Workspace R75. Check Point GO R70.1 and R70 (formerly known as Check Point Abra) are not supported. Upgrade Paths and Interoperability R75.40 supports upgrading from lower software versions and management of lower Security Gateway versions. Upgrading to Gaia You can upgrade SecurePlatform and IPSO Security Management servers and Security Gateways to Gaia R75.40, according to the upgrade paths listed below. Note: Upgrade is not supported in an ISDN configuration. Supported Management and Gateway Upgrade Paths You can upgrade these Security Management Server and Security Gateway versions to R75.40:  R70.50  R71.40  R71.45  R75  R75.10  R75.20  R75.30 Note - If you upgrade a 32-bit appliance, it remains 32-bit by default. To change it to 64-bit, if the open server or appliance meets 64-bit requirements, use cpconfig, on all platforms except Gaia. On Gaia, run the command set edition default 64-bit and reboot. Compatibility with Gateways and Clients This release is compatible with these gateways and Endpoint clients. Release Version Gateways Security Gateway NGX R65, R70.x, R71.x, R75.x DLP-1 R71 and higher IPS-1 R71 Series 80 R71 and higher VSX VSX NGX R65, VSX NGX R67 Connectra Centrally Managed NGX R66
Upgrade Paths and Interoperability R75.40 Release Notes | 29 Release Version UTM-1 Edge 7.5.x and higher* GX 4.0 Endpoint Clients SecureClient up to SecureClient NGX R60 HFA 3 with support for Windows 7 32-bit Endpoint Connect up to Endpoint Security R73 HFA 1 Remote Access up to Remote Access Clients E75.20 for Windows up to Endpoint Security VPN E75 for Mac Endpoint Security up to Endpoint Security E80.31 * UTM-1 Edge and Safe@ devices that use locally configured VPN connections with download configuration settings, may experience VPN connectivity failure with R75.40 Security Gateways. To enable this configuration with R75.40, see sk65369 (http://supportcontent.checkpoint.com/solutions?id=sk65369). Upgrade Package with CLI Install R75.40 with an ISO file, with these commands, when WebUI is not available. To install R75.40 using the CLI: 1. Download the applicable ISO file from the R75.40 Home Page (http://supportcontent.checkpoint.com/solutions?id=sk76540). 2. Copy the ISO file to /var/tmp. 3. Run these commands: mount –o loop /var/tmp/<name>.iso /mnt/cdrom cd /mnt/cdrom patch add cd Updating IPS Patterns The IPS pattern granularity (converting patterns into protections) will be installed during the first IPS update procedure (online update, offline update, or scheduled update). Therefore, the first update after installation can take a few minutes longer than usual. Uninstallation of IPS pattern granularity is not supported. If you uninstall R75.40, the patterns remain, converted to protections.
Uninstalling R75.40 Release Notes | 30 Uninstalling Important - This does not remove Multi-Domain Security Management products. Use these procedures to install R75.40. Platform Procedure Windows 1. Open Start > Check Point > Uninstall R75.40 2. At the prompt, enter Y to continue. Linux IPSO Solaris 1. Change directory to: /opt/CPUninstall/R75.40/ 2. Run: ./UnixUninstallScript Example of Uninstall output: *********************************************************** Welcome to Check Point R75.40 Uninstall Utility *********************************************************** All R75.40 packages will be uninstalled. Uninstallation program is about to stop all Check Point processes. Do you want to continue (y/n) ? y Uninstalling Management Portal package...Done! Uninstalling SmartEvent and SmartReporter Suite package...Done! Uninstalling R75 Compatibility package...Done! Uninstalling R75.20 Compatibility package...Done! Uninstalling R71 Compatibility package...Done! Uninstalling CPSG 80 Series compatibility package...Done! Uninstalling Connectra R66 Compatibility package...Done! Uninstalling NGX Compatibility package...Done! Uninstalling V40 Compatibility package...Done! Uninstalling UTM-1 Edge compatibility package...Done! Uninstalling CPinfo package...Done! Uninstalling Security Gateway / Security Management package...Done! ************************************************************************ Package Name Status ------------ ------ Management Portal Succeeded SmartEvent and SmartReporter Suite Succeeded R75 Compatibility Succeeded R75.20 Compatibility Succeeded R71 Compatibility Succeeded CPSG 80 Series compatibility Succeeded Connectra R66 Compatibility Succeeded NGX Compatibility Succeeded V40 Compatibility Succeeded UTM-1 Edge compatibility Succeeded CPinfo Succeeded Security Gateway / Security Management Succeeded ************************************************************************ Uninstallation program completed successfully. Do you wish to reboot your machine (y/n) ? If any package fails to uninstall, the script generates a log file and prints its location on the screen.

Recommended

Viewse um006 -en-e (1)
Viewse um006 -en-e (1)Viewse um006 -en-e (1)
Viewse um006 -en-e (1)
Julio Antonio Guerrero Cofre
 
Cp r77 security_gateway_techadminguide_test
Cp r77 security_gateway_techadminguide_testCp r77 security_gateway_techadminguide_test
Cp r77 security_gateway_techadminguide_test
Pham Quoc Bao
 
Intrusion Monitoring Standard Content Guide
Intrusion Monitoring Standard Content GuideIntrusion Monitoring Standard Content Guide
Intrusion Monitoring Standard Content Guide
Protect724
 
Forwarding Connector User;s Guide for 5.1.7.6151 and 6154
Forwarding Connector User;s Guide for 5.1.7.6151 and 6154Forwarding Connector User;s Guide for 5.1.7.6151 and 6154
Forwarding Connector User;s Guide for 5.1.7.6151 and 6154
Protect724
 
Motorola solutions wing 4.4 wireless controller system reference guide (part ...
Motorola solutions wing 4.4 wireless controller system reference guide (part ...Motorola solutions wing 4.4 wireless controller system reference guide (part ...
Motorola solutions wing 4.4 wireless controller system reference guide (part ...
Advantec Distribution
 
Esm rel notes_6.0cp2
Esm rel notes_6.0cp2Esm rel notes_6.0cp2
Esm rel notes_6.0cp2
Protect724v3
 
ArcSight Connector Appliance 6.4 Patch 3 Release Notes
ArcSight Connector Appliance 6.4 Patch 3 Release NotesArcSight Connector Appliance 6.4 Patch 3 Release Notes
ArcSight Connector Appliance 6.4 Patch 3 Release Notes
Protect724tk
 
Esm scg intrusion_6.0c
Esm scg intrusion_6.0cEsm scg intrusion_6.0c
Esm scg intrusion_6.0c
Protect724v3
 

Recommended

Viewse um006 -en-e (1)
Viewse um006 -en-e (1)Viewse um006 -en-e (1)
Viewse um006 -en-e (1)
Julio Antonio Guerrero Cofre
 
Cp r77 security_gateway_techadminguide_test
Cp r77 security_gateway_techadminguide_testCp r77 security_gateway_techadminguide_test
Cp r77 security_gateway_techadminguide_test
Pham Quoc Bao
 
Intrusion Monitoring Standard Content Guide
Intrusion Monitoring Standard Content GuideIntrusion Monitoring Standard Content Guide
Intrusion Monitoring Standard Content Guide
Protect724
 
Forwarding Connector User;s Guide for 5.1.7.6151 and 6154
Forwarding Connector User;s Guide for 5.1.7.6151 and 6154Forwarding Connector User;s Guide for 5.1.7.6151 and 6154
Forwarding Connector User;s Guide for 5.1.7.6151 and 6154
Protect724
 
Motorola solutions wing 4.4 wireless controller system reference guide (part ...
Motorola solutions wing 4.4 wireless controller system reference guide (part ...Motorola solutions wing 4.4 wireless controller system reference guide (part ...
Motorola solutions wing 4.4 wireless controller system reference guide (part ...
Advantec Distribution
 
Esm rel notes_6.0cp2
Esm rel notes_6.0cp2Esm rel notes_6.0cp2
Esm rel notes_6.0cp2
Protect724v3
 
ArcSight Connector Appliance 6.4 Patch 3 Release Notes
ArcSight Connector Appliance 6.4 Patch 3 Release NotesArcSight Connector Appliance 6.4 Patch 3 Release Notes
ArcSight Connector Appliance 6.4 Patch 3 Release Notes
Protect724tk
 
Esm scg intrusion_6.0c
Esm scg intrusion_6.0cEsm scg intrusion_6.0c
Esm scg intrusion_6.0c
Protect724v3
 
MHK-ar1999_financial
MHK-ar1999_financialMHK-ar1999_financial
MHK-ar1999_financial
finance30
 
Axis%20 bank ru1qfy2012-220711
Axis%20 bank ru1qfy2012-220711Axis%20 bank ru1qfy2012-220711
Axis%20 bank ru1qfy2012-220711
Angel Broking
 
Investor presentation August 2013
Investor presentation August 2013Investor presentation August 2013
Investor presentation August 2013
Bank Vozrozhdenie IR Team
 
[Millward Brown] Brandz report 2014
[Millward Brown] Brandz report 2014[Millward Brown] Brandz report 2014
[Millward Brown] Brandz report 2014
Viet Le
 
Q3 fy15 earnings slides
Q3 fy15 earnings slidesQ3 fy15 earnings slides
Q3 fy15 earnings slides
ir_cisco
 
2013-11-MDS-meetup
2013-11-MDS-meetup2013-11-MDS-meetup
2013-11-MDS-meetup
Nikolay Anokhin
 
Mundo animal
Mundo animalMundo animal
Mundo animal
delokos
 
ESM Service Layer Developers Guide for ESM 6.8c
ESM Service Layer Developers Guide for ESM 6.8cESM Service Layer Developers Guide for ESM 6.8c
ESM Service Layer Developers Guide for ESM 6.8c
Protect724gopi
 
ArcSight Connector Appliance v6.3 Administrator's Guide
ArcSight Connector Appliance v6.3 Administrator's GuideArcSight Connector Appliance v6.3 Administrator's Guide
ArcSight Connector Appliance v6.3 Administrator's Guide
Protect724tk
 
ArcSight Connector Appliance 6.4 Administrator's Guide
ArcSight Connector Appliance 6.4 Administrator's GuideArcSight Connector Appliance 6.4 Administrator's Guide
ArcSight Connector Appliance 6.4 Administrator's Guide
Protect724tk
 
Cp r80.30 ga_threat_prevention_adminguide
Cp r80.30 ga_threat_prevention_adminguideCp r80.30 ga_threat_prevention_adminguide
Cp r80.30 ga_threat_prevention_adminguide
coolboyasif
 
Fastiron 08040-icx7250-installguide
Fastiron 08040-icx7250-installguideFastiron 08040-icx7250-installguide
Fastiron 08040-icx7250-installguide
MP Casanova
 
Fwd conn configguide_5.2.5.6403.0
Fwd conn configguide_5.2.5.6403.0Fwd conn configguide_5.2.5.6403.0
Fwd conn configguide_5.2.5.6403.0
Protect724v3
 
Motorolascanner sd kforwindows
Motorolascanner sd kforwindowsMotorolascanner sd kforwindows
Motorolascanner sd kforwindows
Burak Alp Bilkay
 
Cloud Forms Iaa S V2wp 6299847 0411 Dm Web 4
Cloud Forms Iaa S V2wp 6299847 0411 Dm Web 4Cloud Forms Iaa S V2wp 6299847 0411 Dm Web 4
Cloud Forms Iaa S V2wp 6299847 0411 Dm Web 4
Yusuf Hadiwinata Sutandar
 
ArcSight Express Release Notes Version 3.0 featuring ESM + CORR-Engine
ArcSight Express Release Notes Version 3.0 featuring ESM + CORR-EngineArcSight Express Release Notes Version 3.0 featuring ESM + CORR-Engine
ArcSight Express Release Notes Version 3.0 featuring ESM + CORR-Engine
Protect724
 
ArcSight Connector Appliance v6.3 Release Notes
ArcSight Connector Appliance v6.3 Release NotesArcSight Connector Appliance v6.3 Release Notes
ArcSight Connector Appliance v6.3 Release Notes
Protect724tk
 
Adf tutorial oracle
Adf tutorial oracleAdf tutorial oracle
Adf tutorial oracle
César Augusto Castillo Farfán
 
Samsung mdf admin guide v6.3
Samsung mdf admin guide v6.3Samsung mdf admin guide v6.3
Samsung mdf admin guide v6.3
BrainerQuintana
 
Whats New In Change Auditor - 5.5
Whats New In Change Auditor - 5.5Whats New In Change Auditor - 5.5
Whats New In Change Auditor - 5.5
Curtis Brenneman
 
Whats New In Change Auditor - 5.5
Whats New In Change Auditor - 5.5Whats New In Change Auditor - 5.5
Whats New In Change Auditor - 5.5
Curtis Brenneman
 
Forwarding Connector User's Guide for version 6.0.4.6830.0
Forwarding Connector User's Guide for version 6.0.4.6830.0 Forwarding Connector User's Guide for version 6.0.4.6830.0
Forwarding Connector User's Guide for version 6.0.4.6830.0
Protect724migration
 

More Related Content

Viewers also liked

MHK-ar1999_financial
MHK-ar1999_financialMHK-ar1999_financial
MHK-ar1999_financial
finance30
 
Axis%20 bank ru1qfy2012-220711
Axis%20 bank ru1qfy2012-220711Axis%20 bank ru1qfy2012-220711
Axis%20 bank ru1qfy2012-220711
Angel Broking
 
Q3 fy15 earnings slides
Q3 fy15 earnings slidesQ3 fy15 earnings slides
Q3 fy15 earnings slides
ir_cisco
 

Viewers also liked (7)

MHK-ar1999_financial
MHK-ar1999_financialMHK-ar1999_financial
MHK-ar1999_financial
 
Axis%20 bank ru1qfy2012-220711
Axis%20 bank ru1qfy2012-220711Axis%20 bank ru1qfy2012-220711
Axis%20 bank ru1qfy2012-220711
 
Investor presentation August 2013
Investor presentation August 2013Investor presentation August 2013
Investor presentation August 2013
 
[Millward Brown] Brandz report 2014
[Millward Brown] Brandz report 2014[Millward Brown] Brandz report 2014
[Millward Brown] Brandz report 2014
 
Q3 fy15 earnings slides
Q3 fy15 earnings slidesQ3 fy15 earnings slides
Q3 fy15 earnings slides
 
2013-11-MDS-meetup
2013-11-MDS-meetup2013-11-MDS-meetup
2013-11-MDS-meetup
 
Mundo animal
Mundo animalMundo animal
Mundo animal
 

Similar to Cp r75.40 release_notes

Fastiron 08040-icx7250-installguide
Fastiron 08040-icx7250-installguideFastiron 08040-icx7250-installguide
Fastiron 08040-icx7250-installguide
MP Casanova
 
Cloud Forms Iaa S V2wp 6299847 0411 Dm Web 4
Cloud Forms Iaa S V2wp 6299847 0411 Dm Web 4Cloud Forms Iaa S V2wp 6299847 0411 Dm Web 4
Cloud Forms Iaa S V2wp 6299847 0411 Dm Web 4
Yusuf Hadiwinata Sutandar
 
Rst4userguide
Rst4userguideRst4userguide
Rst4userguide
ali lemssefer
 
Hp man sm9.30_application_patch_mgr_pdf
Hp man sm9.30_application_patch_mgr_pdfHp man sm9.30_application_patch_mgr_pdf
Hp man sm9.30_application_patch_mgr_pdf
GLaDOS2199
 

Similar to Cp r75.40 release_notes (20)

ESM Service Layer Developers Guide for ESM 6.8c
ESM Service Layer Developers Guide for ESM 6.8cESM Service Layer Developers Guide for ESM 6.8c
ESM Service Layer Developers Guide for ESM 6.8c
 
ArcSight Connector Appliance v6.3 Administrator's Guide
ArcSight Connector Appliance v6.3 Administrator's GuideArcSight Connector Appliance v6.3 Administrator's Guide
ArcSight Connector Appliance v6.3 Administrator's Guide
 
ArcSight Connector Appliance 6.4 Administrator's Guide
ArcSight Connector Appliance 6.4 Administrator's GuideArcSight Connector Appliance 6.4 Administrator's Guide
ArcSight Connector Appliance 6.4 Administrator's Guide
 
Cp r80.30 ga_threat_prevention_adminguide
Cp r80.30 ga_threat_prevention_adminguideCp r80.30 ga_threat_prevention_adminguide
Cp r80.30 ga_threat_prevention_adminguide
 
Fastiron 08040-icx7250-installguide
Fastiron 08040-icx7250-installguideFastiron 08040-icx7250-installguide
Fastiron 08040-icx7250-installguide
 
Fwd conn configguide_5.2.5.6403.0
Fwd conn configguide_5.2.5.6403.0Fwd conn configguide_5.2.5.6403.0
Fwd conn configguide_5.2.5.6403.0
 
Motorolascanner sd kforwindows
Motorolascanner sd kforwindowsMotorolascanner sd kforwindows
Motorolascanner sd kforwindows
 
Cloud Forms Iaa S V2wp 6299847 0411 Dm Web 4
Cloud Forms Iaa S V2wp 6299847 0411 Dm Web 4Cloud Forms Iaa S V2wp 6299847 0411 Dm Web 4
Cloud Forms Iaa S V2wp 6299847 0411 Dm Web 4
 
ArcSight Express Release Notes Version 3.0 featuring ESM + CORR-Engine
ArcSight Express Release Notes Version 3.0 featuring ESM + CORR-EngineArcSight Express Release Notes Version 3.0 featuring ESM + CORR-Engine
ArcSight Express Release Notes Version 3.0 featuring ESM + CORR-Engine
 
ArcSight Connector Appliance v6.3 Release Notes
ArcSight Connector Appliance v6.3 Release NotesArcSight Connector Appliance v6.3 Release Notes
ArcSight Connector Appliance v6.3 Release Notes
 
Adf tutorial oracle
Adf tutorial oracleAdf tutorial oracle
Adf tutorial oracle
 
Samsung mdf admin guide v6.3
Samsung mdf admin guide v6.3Samsung mdf admin guide v6.3
Samsung mdf admin guide v6.3
 
Whats New In Change Auditor - 5.5
Whats New In Change Auditor - 5.5Whats New In Change Auditor - 5.5
Whats New In Change Auditor - 5.5
 
Whats New In Change Auditor - 5.5
Whats New In Change Auditor - 5.5Whats New In Change Auditor - 5.5
Whats New In Change Auditor - 5.5
 
Forwarding Connector User's Guide for version 6.0.4.6830.0
Forwarding Connector User's Guide for version 6.0.4.6830.0 Forwarding Connector User's Guide for version 6.0.4.6830.0
Forwarding Connector User's Guide for version 6.0.4.6830.0
 
ESM5.6_SCG_Configuration.pdf
ESM5.6_SCG_Configuration.pdfESM5.6_SCG_Configuration.pdf
ESM5.6_SCG_Configuration.pdf
 
ArcSight Connector Appliance 6.4 Patch 1 Release Notes
ArcSight Connector Appliance 6.4 Patch 1 Release NotesArcSight Connector Appliance 6.4 Patch 1 Release Notes
ArcSight Connector Appliance 6.4 Patch 1 Release Notes
 
Esm admin guide_5.5
Esm admin guide_5.5Esm admin guide_5.5
Esm admin guide_5.5
 
Rst4userguide
Rst4userguideRst4userguide
Rst4userguide
 
Hp man sm9.30_application_patch_mgr_pdf
Hp man sm9.30_application_patch_mgr_pdfHp man sm9.30_application_patch_mgr_pdf
Hp man sm9.30_application_patch_mgr_pdf
 

Cp r75.40 release_notes

  • 1. 13 August 2012 Release Notes R75.40 Classification: [Protected]
  • 2. © 2012 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks. Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of relevant copyrights and third-party licenses.
  • 3. Important Information Latest Software We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks. Latest Documentation The latest version of this document is at: http://supportcontent.checkpoint.com/documentation_download?ID=13079 For additional technical information, visit the Check Point Support Center (http://supportcenter.checkpoint.com). For more about this release, see the R75.40 home page (http://supportcontent.checkpoint.com/solutions?id=sk76540). Revision History Date Description 13 August 2012 Updated: Support for Standalone Full High Availability Deployment, and Smart-1 does not support Standalone ("Check Point Appliances" on page 14). Updated: Open Server support for Appliance Hardware Health Monitoring (on page 15). Updated: SmartEvent Requirements (on page 23) Updated: Anti-Virus Software Blade is not supported on IPSO ("Security Gateway Software Blades" on page 26). Added: Bridge Mode supported platforms ("Security Gateway Bridge Mode" on page 27). This supersedes the information in the Firewall Administration Guide. 17 May 2012 Updated DLP data 15 May 2012 New SmartConsole ("Build Numbers" on page 12) 03 May 2012 Updated link to package ("Upgrade Package with CLI" on page 29) 30 April 2012 Updated What's New ("Operating System - Gaia" on page 7) and Upgrade Paths ("Upgrading to Gaia" on page 28) 23 April 2012 First release of this document Feedback Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments (mailto:cp_techpub_feedback@checkpoint.com?subject=Feedback on R75.40 Release Notes).
  • 4. Contents Important Information.............................................................................................3 Introduction.............................................................................................................6 Important Solutions.............................................................................................. 6 Licensing............................................................................................................. 6 What's New..............................................................................................................7 Operating System - Gaia ..................................................................................... 7 New Appliances................................................................................................... 8 Anti-Bot ............................................................................................................... 8 New Anti-Virus..................................................................................................... 8 IPS ...................................................................................................................... 8 Application Control and URL Filtering.................................................................. 9 Data Loss Prevention .......................................................................................... 9 UserCheck .........................................................................................................10 Identity Awareness .............................................................................................10 SmartEvent ........................................................................................................10 HTTPS Inspection ..............................................................................................11 HTTP Proxy........................................................................................................11 IPsec VPN..........................................................................................................11 SmartLog............................................................................................................11 Enhancements ...................................................................................................11 Build Numbers ......................................................................................................12 System Requirements ..........................................................................................13 Check Point Appliance Naming Conventions......................................................13 Security Software Containers .............................................................................14 Check Point Operating Systems ....................................................................14 Check Point Appliances.................................................................................14 Other Platforms and Operating Systems........................................................15 Appliance Hardware Health Monitoring..........................................................15 Dedicated Gateways......................................................................................16 Platform Requirements.......................................................................................16 Gaia Requirements........................................................................................16 SecurePlatform..............................................................................................18 IPSO..............................................................................................................18 Linux..............................................................................................................19 Solaris ...........................................................................................................19 Microsoft Windows.........................................................................................20 Maximum Number of Interfaces Supported by Platform .................................20 Security Management Open Server Hardware Requirements........................21 Multi-Domain Security Management Requirements .......................................21 Security Gateway Open Server Hardware Requirements ..............................22 Mobile Access Blade Requirements...............................................................22 SmartEvent Requirements.............................................................................23 SmartReporter Requirements ........................................................................24 Console Requirements ..................................................................................24 UserCheck Client Requirements....................................................................25 Performance Pack .........................................................................................25 Security Management Software Blades..............................................................25 Security Gateway Software Blades.....................................................................26 Security Gateway Bridge Mode ..........................................................................27 Clients and Consoles by Windows Platform .......................................................27 Clients and Consoles by Mac Platform ...............................................................27 Check Point GO Secure Portable Workspace.....................................................28
  • 5. Upgrade Paths and Interoperability.....................................................................28 Upgrading to Gaia ..............................................................................................28 Supported Management and Gateway Upgrade Paths.......................................28 Compatibility with Gateways and Clients ............................................................28 Upgrade Package with CLI.................................................................................29 Updating IPS Patterns........................................................................................29 Uninstalling...........................................................................................................30
  • 6. Introduction R75.40 Release Notes | 6 Introduction Thank you for choosing to install Check Point version R75.40. Please read this document carefully before installing R75.40. Important Solutions For more about R75.40 and to download the software, go to the R75.40 Home Page (http://supportcontent.checkpoint.com/solutions?id=sk76540). For a list of open issues, see the Known Limitations (http://supportcontent.checkpoint.com/solutions?id=sk79260). For a list of fixes, see the Resolved Issues (http://supportcontent.checkpoint.com/solutions?id=sk67583). Licensing Important - Check Point software versions R75.10 or higher must have a valid Software Blades license. Users with NGX licenses cannot install the software. To migrate NGX licenses to Software Blades licenses, see Software Blade Migration (http://www.checkpoint.com/products/promo/software-blades/upgrade/index.html) or contact Account Services. If you manage GX gateways from a Security Management server, you must regenerate your GX licenses in the User Center to be compliant with Software Blades. This procedure is optional for Multi-Domain Servers and Domain Management Servers. IPS Software Blade License Virtual Systems with IPS Software Blades must have a current, valid IPS contract that is renewed annually. To manage your contracts, go to your UserCenter account or contact your reseller.  Notifications that IPS service contracts are expiring show in many locations, including:  The IPS SmartDashboard window  SmartUpdate  Product reports in your Check Point UserCenter account  If your service contract has expired, IPS continues to operate using the R70 (Q1/2009) signature set. Renew your IPS service contract to download and use the current signature set. For more about IPS contract enforcement, see sk44175 (http://supportcontent.checkpoint.com/solutions?id=sk44175).
  • 7. What's New R75.40 Release Notes | 7 What's New New Terms: These product and technology names are changed. Name in R75.20 Name in R75.40 SmartDirectory (LDAP) User Directory Check Point Abra Check Point GO Operating System - Gaia Gaia is Check Point's next generation operating system for security applications. In Greek mythology, Gaia is the mother of all, representing closely integrated parts to form a single, efficient system. The Gaia Operating System supports the full portfolio of Check Point Software Blades, Gateway and Security Management products. Gaia is a single, unified network security Operating System that combines the best of Check Point's SecurePlatform operating system, and IPSO, the operating system from appliance security products. Gaia is available for all Check Point security appliances and open servers. Designed from the ground up for modern high-end deployments, Gaia includes support for:  IPv4 and IPv6 - fully integrated into the Operating System.  High Connection Capacity - 64bit support.  Load Sharing - ClusterXL and Interface bonding.  High Availability - ClusterXL, VRRP, Interface bonding.  Dynamic and Multicast Routing - BGP, OSPF, RIP, and PIM-SM, PIM-DM, IGMP.  Easy to use Command Line Interface - Commands are structured using the same syntactic rules. An enhanced help system and auto-completion further simplifies user operation.  Role Based Administration - Enables Gaia administrators to create different roles. Administrators can allow users to access features by adding those functions to the user's role definition. Each role can include a combination of administrative (read/write) access to some features, monitoring (read-only) access to other features, and no access to other features.  Simple and Easy upgrade - from IPSO and SecurePlatform. Gaia Software Updates  Get updates for licensed Check Point products directly through the operating system.  Download and install the updates more quickly. Download automatically, manually, or periodically. Install manually or periodically.  Get email notifications for newly available updates and for downloads and installations.  Easy rollback from new update. Gaia Web User Interface  The Gaia WebUI is an advanced, web-based interface for configuring Gaia platforms. Almost all system configuration tasks can be done through this Web-based interface.  Easy Access - Simply go to https://<Device IP Address>.  Browser Support - Internet Explorer, Firefox, Chrome and Safari.
  • 8. What's New R75.40 Release Notes | 8  Powerful Search Engine - makes it easy to find features or functionality to configure.  Easy Operation - Two operating modes. 1) Simplified mode shows only basic configuration options. 2) Advanced mode shows all configuration options. You can easily change modes.  Web-Based Access to Command Line - Clientless access to the Gaia CLI directly from your browser. New Appliances New Check Point appliances support R75.40:  21400 Appliance  12000 Appliances  4000 Appliances  2200 Appliances Anti-Bot Check Point Anti-Bot prevents damage and blocks bot communication between infected hosts and a remote operator. The Anti-Bot Software Blade:  Uses the multi-layered ThreatSpect engine to analyze network traffic and identify bot infected machines in the organization.  Uses ThreatCloud repository Real-Time security intelligence to identify bot infections based on millions of bot command and control IP/DNS/URL addresses and bot initiated spam outbreaks.  Uses different views and reports to provide threat visibility for the organization and help assess damages and decide on corrective actions.  Integrates with other Software Blades for a unique Anti-Bot and Anti-Malware solution on a Security Gateway. New Anti-Virus Check Point Anti-Virus provides superior Anti-Virus protection against modern malware multiple attack vectors and threats. The Anti-Virus Software Blade:  Offers powerful security coverage by supporting millions of signatures.  Leverages the Check Point ThreatCloud repository to identify and block incoming malicious files (such as exe, doc, xls, pdf) from entering the organization.  Prevents web-based malware download from sites known to contain malware.  Uses different views and reports to provide threat visibility for the organization and help assess damages and decide on corrective actions.  Consolidated Anti-Bot and Anti-Virus approach for dealing with malware threats (including policy setting, event analysis, and malware reports).  Uses a separate policy installation (together with the Anti-Bot Software Blade) to minimize risk and operational impact. IPS  Significant reduction (about 90%) of false positives of non-compliant HTTP and TCP-streaming protections and of redundant logs.
  • 9. What's New R75.40 Release Notes | 9  Increase pattern granularity - Header rejection, Http worm catcher and Cifs worm catcher patterns were converted into separate protections, giving more granularity in their settings. This feature is installed during the first IPS update process (online update, offline update or scheduled update).  Implied exceptions - Built-in exceptions to allow Check Point products trusted traffic.  New tool to control IPS functionality from the gateway through CLI  Improved TCP streaming infrastructure  Enhanced HTTP and Web Sockets protection  Improved TAP mode support  Granular TCP logging  New GEO database and additional countries and significantly improved accuracy Application Control and URL Filtering  Use the Limit action in rules to limit the bandwidth permitted for a rule  Add a Time object to a rule to make the rule active only during specified times.  The UserCheck client adds the option to send notifications for applications that are not in a web browser, such as Skype or iTunes.  New UserCheck features ("UserCheck" on page 10): Cancel button on messages and UserCheck Frequency.  If traffic is not detected by other applications, it is declared an unknown application. This lets you block all unknown traffic and better handle known traffic. Data Loss Prevention Watermarking: Add visible and hidden marks to Microsoft Office 2007 and 2010 documents when they are sent as email attachments (outgoing and internal emails).  Visible Watermarks alert users to sensitive document content when viewed or printed. Examples:  Add customized text footer to Power Point slides: "Highly Restricted, sent by John Smith on 7/7/11".  Add a large diagonal "Classified" visible watermark on the first page of Word documents that match a DLP rule.  Hidden Watermarks are encrypted and let DLP tag documents without affecting format.  Does not change the visible document layout.  The tag can be identified in DLP scans.  The tag can be used for forensic analysis to track leaked documents. Improved Privacy Options:  Can choose to not store original messages with the DLP incident.  Send the original email to the data owner.  Easy to view HTML-based messages include highlighted matched content and masked credit card numbers. Time Object:  Limit rules to certain times of the day, day of week or day of month.  Stop DLP rules on set date, when the data is no longer sensitive (for example, after financial data is publicly released). Improved Compliance and Matching:  Easily view and quickly apply multiple compliance-related rules.  Improved template matching identifies files by text and by embedded images (for example, upload company logo to match documents using the company template with that logo embedded).
  • 10. What's New R75.40 Release Notes | 10  New Message Attributes data type to match based on overall message size, number of attachments, and number of words. UserCheck  In Application and URL Filtering, UserCheck Frequency lets you set the number of times that users get UserCheck messages for accessing applications that are not permitted by the policy. You can also set the notifications to be based on accessing the rule, application category, or the application itself.  UserCheck Scoping enhances notifications to match not only by rule, but also by category and site in the Application Control Rule Base.  A dedicated UserCheck agent on the endpoint gives users notifications and options, according to your rules, when their user actions match DLP or Application and URL Filtering rules.  If you don't need users to enter their reason for wanting to do an action that is caught by Application and URL Filtering rules, you can disable this requirement. See the UserCheck Interaction window > Conditions.  Cancel button added to the Inform and Ask web pages, to stop loading a requested page or to stop an email in progress.  UserCheck Revoke Page lets you delete (revoke) all UserCheck entries when you access the Revoke Page (https://<UserCheck Portal URL>/RevokePage). Identity Awareness  New Identity acquisition methods:  Terminal Servers / Citrix communicate with the gateway through one IP address, but are used to host multiple users. The gateway identifies the originating user behind connections from these multi-user hosts.  Transparent Portal Authentication redirects an unauthenticated user to a URL, for authentication (using Kerberos SSO) and then redirects the user back to the originally requested URL. If the transparent authentication fails, the user is redirected to the Captive Portal for manual authentication. The new Browser-Based Authentication lets you configure Captive Portal and Transparent Portal Authentication for Identity Awareness.  SSO with Remote Access Clients integrates the Mobile Access blade with the Identity Awareness blade. It adds identity data for VPN client users (coming from E75.x clients, E80.x clients, SecureClient, SSL Network Extender, and so on).  Identity Agent for MAC OS (10.6 and 10.7) on 32-bit and 64-bit. It can be downloaded from the Identity Awareness Captive Portal.  Nested Groups are enforced by the Identity Awareness blade. You can set a parent group as an Access Role in a rule, and it applies to all users in the sub groups. SmartEvent Reports:  Enhanced Reports tab, for richer management functionality of SmartEvent reports and ease of use.  Get reports in PDF format.  New layout for Anti-Malware reports. Anti-Malware:  Enhanced overall support for Anti-Malware.  SmartEvent Intro for Anti-Malware. Usability and Performance Enhancements:  Summary view of Grouped Events, for Application Control and Anti-Malware events.
  • 11. What's New R75.40 Release Notes | 11  Easy to activate SmartEvent on a standalone environment - no configuration needed, just activate the Software Blade on the Security Management Server properties.  Enhanced SmartEvent performance: support for 2 Million events per day (8,000 to 15,000 users behind Application Control and URL Filtering). HTTPS Inspection  Support for HTTPS Inspection on inbound traffic.  Automatic update for Trusted CA list. HTTP Proxy You can configure a Security Gateway to be an HTTP/HTTPS web proxy, in transparent or non-transparent mode. IPsec VPN Support for Suite-B GCM encryption. See RFC 6379 for more information. SmartLog New SmartLog for full-text, ultra-fast search over billions of log records. SmartLog is a next generation solution for managing logs generated by Check Point Security Gateways. This solution is designed to answer the challenges of storing, searching and filtering logs in modern environments with continually increasing log volume. Enhancements General  Configure Multi Portal access through VPN clients (connected with Office Mode), to protect your portals from external network exposure. This new option applies to all portals: Mobile Access Portal, UserCenter Portal, Identity Awareness Captive Portal, Platform Portal, and DLP Portal.  SmartProvisioning supports Security Gateway 80 appliances. Performance  NAT and log templates in SecureXL  IPv6 acceleration, MultiCore and ClusterXL HA support on Gaia and SecurePlatform.  Accelerated Drop Rules, explained in sk67861 (http://supportcontent.checkpoint.com/solutions?id=sk67861). Licensing  R75.40 management servers do not need IPv6 licenses.  Gaia can automatically attach licenses for Security Gateways and management servers. SmartConsole  Hit count - shows number of instances a rule in the Application Control or Firewall Rule Bases was matched to traffic.  Improved performance and easier installation of SmartConsole.
  • 12. Build Numbers R75.40 Release Notes | 12 Build Numbers This table shows the R75.40 software products and their build numbers as included on the product DVD. To verify each product build number, use the show command syntax or do the steps in the GUI. Software Blade / Product Build Number Verifying Build Number* Gaia OS build 338 show version all SecurePlatform 986000069 ver Security Gateway 986000275 Windows - 274 fw ver Security Management 986000064 fwm ver SmartConsole Applications 986000382 Help > About Check Point <Application name> Mobile Access 986000128 cvpn_ver Multi-Domain Server 986000210 fwm mds ver SmartDomain Manager 986000229 Help > About Check Point Multi-Domain Security Management Acceleration (Performance Pack) 986000044 sim ver -k Advanced Networking (Routing) 986000010 Gaia - 056 SecurePlatform: gated_ver Gaia: rpm -qf /bin/routed Server Monitoring (SVM Server) 986000010 rtm ver Management Portal 986000016 cpvinfo /opt/CPportal-R75.40/portal/bin/sma rtportalstart SmartReporter 986000227 SVRServer ver Compatibility Packages** CPNGXCMP-R75.40-00 020 /opt/CPNGXCMP-R75.40/bin/fw_loader ver CPV40Cmp-R75.40-00 976121001 cpvinfo /opt/CPV40Cmp-R75.40/bin/fw_loader | grep Build CPEdgecmp-R75.40-00 986000003 /opt/CPEdgecmp-R75.40/bin/fw ver CPR71CMP-R75.40-00 001 /opt/CPR71CMP-R75.40/bin/fw_loader ver CPR75CMP-R75.40-00 001 /opt/CPR75CMP-R75.40/bin/fw_loader ver
  • 13. System Requirements R75.40 Release Notes | 13 Software Blade / Product Build Number Verifying Build Number* CPSG80CMP-R75.40-00 029 /opt/CPSG80CMP-R75.40/bin/fw_loader ver CPR7520CMP-R75.40-00 003 /opt/CPR7520CMP-R75.40/bin/fw_loade r ver CPCON66CMP-R75.40-00 Build 004 /opt/CPCON66CMP-R75.40/bin/fw_loade r ver * Some of the commands to see the installed build show only the last three digits of the build number. ** To see build numbers on Windows, look at C:Program FilesCheckPointR75.40 instead of /opt/../R75.40 System Requirements Important - Resource consumption is dependent on the scale of your deployment. The larger the deployment, the more disk space, memory, and CPU are required. In This Section Check Point Appliance Naming Conventions 13 Security Software Containers 14 Platform Requirements 16 Security Management Software Blades 25 Security Gateway Software Blades 26 Security Gateway Bridge Mode 27 Clients and Consoles by Windows Platform 27 Clients and Consoles by Mac Platform 27 Check Point GO Secure Portable Workspace 28 Check Point Appliance Naming Conventions An appliance model name that ends with 00 (two zeros) is the generic name of the model. Any other number shows the number of Software Blades on the appliance. Some model names end with one zero. This document uses the generic appliance names. For example:  Check Point 4800 is the generic name of the model.  Check Point 4810 is the model with 10 Software Blades.  Check Point IP2450 is the generic name of the model.  Check Point IP2457 has 7 Software Blades.
  • 14. System Requirements R75.40 Release Notes | 14 Security Software Containers Management servers and gateways are supported on these operating systems and platforms. Check Point Operating Systems Software Blade Containers Gaia SecurePlatform IPSO Disk-based IPSO Flash-based Security Management    Security Gateway     * Multi-Domain Security Management  * On Flash-based Appliances, 1G of RAM is enough to run Firewall, IPS and VPN blades only. To activate more blades, 2G of RAM is required on IP290, IP390, and IP560 flash-based appliances. Check Point Appliances Appliance Security Management Security Gateway Standalone Deployment Standalone Full High Availability Deployment Multi-Domain Security Management 2200 Appliance    4000 Appliances    12000 Appliances    21400 Appliance    IP Appliances (IP150, IP280, IP290, IP390, IP560, IP690, IP1280, IP2450)   Smart-1 5  Smart-1 25  Smart-1 50   Smart-1 150  Power-1  UTM-1    IP Appliance platforms are available in disk-based, diskless flash-based and hybrid (flash-based systems with a supplemental hard disk for local logging, swap space and core file storage) configurations.
  • 15. System Requirements R75.40 Release Notes | 15 Other Platforms and Operating Systems Microsoft Red Hat Linux Crossbeam Solaris Software Blade Containers Windows Server 2003, 2008 Windows XP, 7 RHEL 5.0, 5.4 X-series Ultra-SPARC 8, 9, 10 Security Management  1    Security Gateway   Multi-Domain Security Management   2 1. Security Management Server supports Windows Server 2008 R2. 2. We recommend that you install Multi-Domain Security Management on Sun M-Series servers. Sun T-Series servers are not supported. Operating System Versions These are the supported versions of Microsoft and RedHat operating systems. For Windows 2003 SP1, you must install the hotifx specified in Microsoft KB 906469 (http://support.microsoft.com/kb/906469). Windows 2008 Server 64-bit is supported for Security Management only. Operating System Editions Service Pack 32/64-bit Microsoft Windows XP Professional SP3 32-bit Windows 2003 Server N/A SP1, SP2 32-bit Windows 2008 Server N/A SP1, SP2 32-bit, 64-bit Windows 7 Professional, Enterprise, Ultimate N/A 32-bit, 64-bit RedHat RHEL 5.0 N/A 32-bit RHEL 5.4 kernel 2.6.18 N/A 32-bit Appliance Hardware Health Monitoring R75.40 supports these Hardware Health Monitoring features for Gaia and SecurePlatform:  RAID Health: Use SNMP to monitor the health of the disks in the RAID array, and be notified of the states of the volumes and disks.  Hardware Sensors: Use the WebUI or SNMP to monitor fan speed, motherboard voltages, power supply health, and temperatures. Open Servers are only supported when they have an IPMI card installed.
  • 16. System Requirements R75.40 Release Notes | 16 Check Point Appliances 21000 12000 4000 and 2200 Power-1 UTM-1 Smart-1 Hardware sensors monitoring with SNMP (polling and traps)      (1)  Hardware sensors monitoring with the WebUI      (1)  RAID monitoring with SNMP    (2) Notes 1. Hardware sensors monitoring is supported on all UTM-1 models except the xx50 series. 2. RAID Monitoring with SNMP is supported on Power-1 servers with RAID card installed (Power-1 9070 and Power-1 11070). Open Servers  Hardware Sensors Monitoring: Use SNMP (polling and traps) or the WebUI to monitor hardware on IBM, HP, Dell, and Sun certified servers with an Intelligent Platform Management Interface (IPMI) card installed. The IPMI standard defines a set of common interfaces for a computer system, which system administrators can use to monitor system health. Note - IPMI is an open standard, and we cannot guarantee the Hardware Health Monitoring performance on all systems and configurations.  RAID Monitoring with SNMP: Use SNMP to monitor RAID on HP servers with HP Smart Array P400 Controller. Note the HP Smart Array P400i Controller is a different controller, which is not supported for hardware monitoring. Dedicated Gateways To install R75.40 on an R71 DLP-1 appliance or an R71 DLP open server, do a clean installation of R75.40. Note - To upgrade from DLP-1 9571 of version R71.x DLP, you must upgrade the BIOS. Then do a clean installation of R75.40. See sk62903 (http://supportcontent.checkpoint.com/solutions?id=sk62903) for details. You cannot upgrade these dedicated gateways to R75.40:  Open Server - IPS-1 Sensor, VSX  Appliances - Security Gateway 80, UTM-1 Edge, IPS-1 Sensor, VSX-1 Platform Requirements Gaia Requirements This release is shipped with the new Gaia operating system, which supports most Check Point appliance platforms, selected open servers, and selected network interface cards. If your open server has less than 6GB RAM, it can run in 32-bit mode only. You can run 64-bit compatible open servers with 6GB RAM or more in 64-bit mode.  Gaia Open Servers - All open servers in the Hardware Compatibility List are supported (http://www.checkpoint.com/services/techsupport/hcl/all.html).  Gaia and Performance Pack - Performance Pack is supported on all Gaia platforms.
  • 17. System Requirements R75.40 Release Notes | 17 Gaia on Check Point Security Appliances Appliances 32-bit / 64-bit* 2200 32 4200 32 4600 32 4800 32, 64 12200 32, 64 12400 32, 64 12600 32, 64 21400 32, 64 * 64-bit is available with over 6GB RAM. Gaia on IP Appliances Important - Gaia is not supported on Flash-Based or Hybrid platforms at this time. These configurations are supported: IP Appliance Disk Based Platform 32-bit / 64-bit* IP150 32 IP280 32 IP290 32 IP390 32 IP560 32 IP690 32 IP1280 32, 64 IP2450 32, 64 * 64-bit is available on appliances with over 6GB RAM. The basic configuration for IP appliances includes 4GB of RAM.
  • 18. System Requirements R75.40 Release Notes | 18 Gaia on Power-1, UTM-1 and Smart-1 Appliances Platform 32-bit / 64-bit Power-1 11000 32, 64 (default is 64) Power-1 9070 32 Power-1 5070 32 UTM-1 3070 32 UTM-1 2070 32 UTM-1 1070 32 UTM-1 570 32 UTM-1 270 32 UTM-1 130 32 Smart-1 5 32 Smart-1 25 32 Smart-1 50 * 32 Smart-1 150 * 32 * Not supported for Multi-Domain Security Management. Gaia WebUI The Gaia WebUI (also known as the Gaia Portal) is supported on these browsers:  Internet Explorer 8 or higher  Firefox 6 or higher  Chrome 14 or higher  Safari 5 or higher SecurePlatform This release is shipped with the latest SecurePlatform operating system, which supports a variety of appliances and open servers. See the list of certified hardware (http://www.checkpoint.com/services/techsupport/hcl/index.html) before installing SecurePlatform on the target hardware. IPSO  Only clean installation of R75.40 is supported on IPSO flash-based models:  IP290  IP390  IP560 Features: Advanced Routing and SecureXL are included by default. Clustering on IPSO supports VRRP and IP Clustering. All currently available IPSO platform types (Disk-based, Flash-based, and Hybrid) are supported. You can select 32-bit or 64-bit in the Boot Manager for IP appliances.
  • 19. System Requirements R75.40 Release Notes | 19 Limitations: You cannot manage UTM-1 Edge devices from a Security Management server on an IPSO platform. R75.40 on IPSO flash-based models requires 2GB RAM. (Note - This is more required disk space than that required by versions before R75.20.) Linux Note - Cross-platform High Availability is not supported with a mix of Windows and non-Windows platforms. Before you install Security Management on Red Hat Enterprise Linux 5: 1. Install the sharutils-4.6.1-2 package. a) Make sure that you have the sharutils-4.6.1-2 package installed by running: rpm -qa | grep sharutils-4.6.1-2 b) If the package is not already installed, install it by running: rpm –i sharutils-4.6.1-2.i386.rpm This package can be found on CD 3 of RHEL 5. 2. Install the compat-libstdc++-33-3.2.3-61 package. a) Make sure that you have the compat-libstdc++-33-3.2.3-61 package by running: rpm –qa | grep compat-libstdc++-33-3.2.3-61 b) If the package is not already installed, install it by running: rpm –i compat-libstdc++-33-3.2.3-61.i386.rpm This package can be found on CD 2 of RHEL 5. 3. Disable SeLinux. a) Make sure that SeLinux is disabled by running: getenforce b) If SeLinux is enabled, disable it by setting SELINUX=disabled in the /etc/selinux/config file and rebooting the computer. Solaris Security Management Server and Multi-Domain Security Management are supported with Solaris running on UltraSPARC 64-bit platforms. See Management Products by Platform. Note - Cross-platform High Availability is supported if all of the platforms are SecurePlatform, Linux, or Solaris. It is not supported with Windows and non-Windows platforms (SecurePlatform, Linux, and Solaris). Required Packages  SUNWlibC  SUNWlibCx (except Solaris 10)  SUNWter  SUNWadmc  SUNWadmfw Required Patches The patches listed below are required to run Check Point software on Solaris platforms. They can be downloaded from: http://sunsolve.sun.com (http://sunsolve.sun.com). To display your current patch level, use the command: showrev -p | grep <patch number>
  • 20. System Requirements R75.40 Release Notes | 20 Platform Required Recommended Notes Solaris 8 108528-18 109147-40 or higher If the patches 108528-17 and 113652-01 are installed, remove 113652-01, and then install 108528-18. 110380-03 109147-18 109326-07 108434-01 Required only for 32 bit systems 108435-01 Required only for 64 bit systems Solaris 9 112233-12 112963-25 or higher 112902-07 116561-03 Only if dmfe(7D) Ethernet driver is defined on the machine Solaris 10 117461-08 or higher Multi-Domain Security Management is not supported on Sun T-Series servers. Microsoft Windows High Availability Legacy mode is not supported on Windows. Note - Cross-platform High Availability is supported if all of the platforms are SecurePlatform, Linux, or Solaris. It is not supported with a mix of Windows and non-Windows platforms (SecurePlatform, Linux, and Solaris). Maximum Number of Interfaces Supported by Platform The maximum number of interfaces supported (physical and virtual) is shown by platform in this table. Platform Max Number of Interfaces Notes Gaia 1024 SecurePlatform 1015 1. SecurePlatform supports 255 virtual interfaces per physical interface. 2. When using Dynamic Routing on SecurePlatform, 200 virtual interfaces per physical interface are supported. IPSO 1024 Windows 32
  • 21. System Requirements R75.40 Release Notes | 21 Security Management Open Server Hardware Requirements Component Windows Linux SecurePlatform on Open Servers Solaris Processor Intel Pentium Processor E2140 or 2 GHz equivalent processor Intel Pentium Processor E2140 or 2 GHz equivalent processor Intel Pentium Processor E2140 or 2 GHz equivalent processor Sun UltraSPARC IV and higher Free Disk Space 1GB 1.4GB 10GB (installation includes OS) 1GB Memory 1GB 1GB 1GB 512MB Optical Drive Yes Yes Yes (bootable) Yes Network Adapter One or more One or more One or more One or more Multi-Domain Security Management Requirements The minimum recommended system requirements for Multi-Domain Security Management are: Component Linux Solaris SecurePlatform CPU Intel Pentium Processor E2140 or 2 GHz equivalent processor UltraSPARC III 900MHz Intel Pentium Processor E2140 or 2 GHz equivalent processor Memory 4GB 4GB 4GB Disk Space 2GB 2GB 10GB (install includes OS) Optical Drive Yes Yes Yes (bootable) Important - We recommend that you install Multi-Domain Security Management on Sun M-Series servers. Sun T-Series servers are not supported. Multi-Domain Security Management Resource Consumption Resource consumption is dependent on the scale of your deployment. The larger the deployment, the more disk space, memory, and CPU are required. The Multi-Domain Security Management disk space requirements are:  For basic Multi-Domain Server installations: 2GB (1GB /opt, 1GB /var/opt).  For each Domain Management Server: 400MB (for the Domain Management Server directory located in /var/opt)
  • 22. System Requirements R75.40 Release Notes | 22 Security Gateway Open Server Hardware Requirements Component Windows SecurePlatform on Open Servers Processor Intel Pentium IV or 1.5 GHz equivalent Intel Pentium IV or 2 GHz equivalent Free Disk Space 1GB 10GB Memory 512MB 512MB Optical Drive Yes Yes Network Adapter One or more One or more supported cards Mobile Access Blade Requirements Endpoint OS Compatibility Windows Linux Mac iOS Android Mobile Access Portal      Clientless access to web applications (Link Translation)      Endpoint Security on Demand    SecureWorkspace  SSL Network Extender - Network Mode    SSL Network Extender - Application Mode  Downloaded from Mobile Access applications    Clientless Citrix  File Shares - Windows File Explorer viewer (WebDAV)  File Shares - Web- based file viewer (HTML)      Web mail     
  • 23. System Requirements R75.40 Release Notes | 23 Endpoint Browser Compatibility Internet Explorer Google Chrome Mozilla Firefox Macintosh Safari Opera for Windows Mobile Access Portal      Clientless access to web applications (Link Translation)      Endpoint Security on Demand     SecureWorkspace    SSL Network Extender - Network Mode     SSL Network Extender - Application Mode    Downloaded from Mobile Access applications     Clientless Citrix   File Shares - Windows File Explorer viewer (WebDAV)  IE6 only File Shares - Web- based file viewer (HTML)      Web mail      SmartEvent Requirements You can install SmartEvent on a Security Management Server or on a different, dedicated computer. These are the requirements for the SmartEvent Server and the SmartEvent Correlation Unit: Component Windows/Linux/SecurePlatform CPU Celeron-M 1.5 GHz Memory 2GB Disk Space 25GB SmartEvent is not supported on Solaris platforms. To optimize SmartEvent performance:  Use a disk available high RPM, and a large buffer size.  Increase the server memory.
  • 24. System Requirements R75.40 Release Notes | 24 SmartReporter Requirements These hardware requirements are for a SmartReporter server that monitors at least 15GB of logs each day and generates many reports. For deployments that monitor fewer logs, you can use a computer with less CPU or memory. SmartReporter can be installed on a Security Management Server or on a dedicated machine. Component Windows & Linux Minimum Windows & Linux Recommended Solaris CPU Intel Pentium IV 2.0 GHz Dual CPU 3.0 GHz UltraSPARC III 900 MHz Memory 1GB 2GB 1GB Disk Space Installation: Database: 80MB 60GB (40GB for database, 20GB for temp directory) (on 2 physical disks) 80MB 100GB (60GB for database, 40GB for temp directory) 80MB 60GB (40GB for database, 20GB for temp directory) DVD Drive Yes Yes Yes Important - We recommend that you install Multi-Domain Security Management on Sun M-Series servers. Sun T-Series servers are not supported. Optimizing SmartReporter Performance We recommend these tips to optimize SmartReporter performance:  Disable DNS resolution. This can increase consolidation performance to as much as 32GB of logs for each day.  Configure the network connection between the SmartReporter server and the Security Management server to the optimal speed.  Install a disk with high RPM (revolutions per minute) and a large buffer size.  Use UpdateMySQLConfig to adjust the database configuration and adjust the consolidation memory buffers to use the more memory.  Increase memory for better performance. Console Requirements This table shows the minimum hardware requirements for console applications: SmartDashboard, SmartView Tracker, SmartView Monitor, SmartProvisioning, SmartReporter, SmartEvent, SmartLog, SecureClient Packaging Tool, SmartUpdate, SmartDomain Manager. Component Windows CPU Intel Pentium Processor E2140 or 2 GHz equivalent processor Memory 1024MB Available Disk Space 900MB Video Adapter Minimum resolution: 1024 x 768
  • 25. System Requirements R75.40 Release Notes | 25 UserCheck Client Requirements  The UserCheck client can be installed on endpoint computers running Windows.  UserCheck for DLP client notification are supported on Gaia and SecurePlatform gateways.  UserCheck for Application and URL Filtering client notifications are supported on SecurePlatform, and Gaia gateways.  The UserCheck client is not compatible with Check Point GO or Secure Workspace. If a UserCheck client is installed on a machine and a violation occurs, the UserCheck client notification shows outside the Check Point GO or Secure Workspace environment. We recommend that you not install the UserCheck client on a machine that usually runs the Check Point GO or Secure Workspace environment.  The UserCheck client is not supported on clusters in a load sharing environment. Performance Pack Performance Pack is supported on:  Check Point UTM-1 and Power-1 appliances.  Open servers that meet requirements and have valid licenses. Security Management Software Blades Software Blade Operating System Check Point Microsoft Windows RedHat Linux Solaris Gaia Secure Platform IPSO 6.2 Disk- based Server 2003 Server 2008 XP, 7 RHEL 5.0, 5.4 Ultra- SP ARC Network Policy Management         Logging & Status         Monitoring         SmartProvisioning        Management Portal *        User Directory        SmartWorkflow       SmartEvent     **   SmartReporter        * Management Portal is supported on: Internet Explorer 7 and Firefox 1.5 - 3.0 ** SmartEvent is supported on 32-bit only.
  • 26. System Requirements R75.40 Release Notes | 26 Security Gateway Software Blades Software Blade Check Point Operating System Microsoft Windows Crossbeam Gaia & SecurePl atform SecurePl atform IPSO 6.2 Disk- based IPSO 6.2 Flash- based Server 2003 Server 2008 X-series Firewall        Identity Awareness      IPSec VPN        IPS        Mobile Access   DLP   Application Control        URL Filtering        Anti-Bot      Anti-Virus   Anti-Spam & Email Security   Web Security        Advanced Networking - QOS       Advanced Networking - Dynamic Routing and Multicast Support    Acceleration & Clustering        Notes about Security Gateway Software Blades 1. DLP supports High-Availability clusters, including Full HA, on SecurePlatform and Gaia. DLP supports Load Sharing clusters in Detect and Prevent mode. On UTM-1 130/270, you can use DLP with Firewall and other Security Gateway software blades, or with Firewall and Security Management software blades. The DLP portal supports Internet Explorer 6, 7, 8, 9; Firefox 3, 4; Chrome 8; and Safari 5. DLP does not support VRRP on Gaia. 2. Application Control - HTTPS Inspection is not supported on Windows. 3. Acceleration & Clustering - Clustering is supported on Windows, but Acceleration is not. Only third-party clustering is supported on Crossbeam.
  • 27. System Requirements R75.40 Release Notes | 27 Security Gateway Bridge Mode Bridge mode is supported on these platforms:  Gaia  SecurePlatform  Crossbeam Clients and Consoles by Windows Platform Check Point Product XP Home (SP3) 32-bit XP Pro (SP3) 32-bit Server 2003 (SP2) 32-bit Server 2008 (SP1-2) 32 / 64 Server 2008R2 (+SP1) Vista (SP2) 32-bit Vista (SP1) 64-bit Windows 7 Ult, Pro, Ent (+SP1) 32 / 64 SmartConsole        SmartDomain Manager        SecureClient     (32-bit only) Endpoint Security VPN      Remote Access Clients E75.x      SSL Network Extender      DLP UserCheck      DLP Exchange Agent  *  * Identity Agent        * DLP Exchange Agent supports Exchange Server 2007 and Exchange Server 2010 on Windows Server 2003 64-bit (SP1-2) and Windows Server 2008 64-bit (SP1-2). A 32-bit version is available for demo or educational purposes. Clients and Consoles by Mac Platform Check Point Product Mac OS X 10.6 Mac OS X 10.7 Identity Agent 32-bit / 64-bit 32-bit / 64-bit SecureClient 32-bit 32-bit Endpoint Security VPN E75 for Mac 32-bit / 64-bit 32-bit / 64-bit
  • 28. Upgrade Paths and Interoperability R75.40 Release Notes | 28 Check Point GO Secure Portable Workspace R75.40 Security Gateways only support Check Point GO Secure Portable Workspace R75. Check Point GO R70.1 and R70 (formerly known as Check Point Abra) are not supported. Upgrade Paths and Interoperability R75.40 supports upgrading from lower software versions and management of lower Security Gateway versions. Upgrading to Gaia You can upgrade SecurePlatform and IPSO Security Management servers and Security Gateways to Gaia R75.40, according to the upgrade paths listed below. Note: Upgrade is not supported in an ISDN configuration. Supported Management and Gateway Upgrade Paths You can upgrade these Security Management Server and Security Gateway versions to R75.40:  R70.50  R71.40  R71.45  R75  R75.10  R75.20  R75.30 Note - If you upgrade a 32-bit appliance, it remains 32-bit by default. To change it to 64-bit, if the open server or appliance meets 64-bit requirements, use cpconfig, on all platforms except Gaia. On Gaia, run the command set edition default 64-bit and reboot. Compatibility with Gateways and Clients This release is compatible with these gateways and Endpoint clients. Release Version Gateways Security Gateway NGX R65, R70.x, R71.x, R75.x DLP-1 R71 and higher IPS-1 R71 Series 80 R71 and higher VSX VSX NGX R65, VSX NGX R67 Connectra Centrally Managed NGX R66
  • 29. Upgrade Paths and Interoperability R75.40 Release Notes | 29 Release Version UTM-1 Edge 7.5.x and higher* GX 4.0 Endpoint Clients SecureClient up to SecureClient NGX R60 HFA 3 with support for Windows 7 32-bit Endpoint Connect up to Endpoint Security R73 HFA 1 Remote Access up to Remote Access Clients E75.20 for Windows up to Endpoint Security VPN E75 for Mac Endpoint Security up to Endpoint Security E80.31 * UTM-1 Edge and Safe@ devices that use locally configured VPN connections with download configuration settings, may experience VPN connectivity failure with R75.40 Security Gateways. To enable this configuration with R75.40, see sk65369 (http://supportcontent.checkpoint.com/solutions?id=sk65369). Upgrade Package with CLI Install R75.40 with an ISO file, with these commands, when WebUI is not available. To install R75.40 using the CLI: 1. Download the applicable ISO file from the R75.40 Home Page (http://supportcontent.checkpoint.com/solutions?id=sk76540). 2. Copy the ISO file to /var/tmp. 3. Run these commands: mount –o loop /var/tmp/<name>.iso /mnt/cdrom cd /mnt/cdrom patch add cd Updating IPS Patterns The IPS pattern granularity (converting patterns into protections) will be installed during the first IPS update procedure (online update, offline update, or scheduled update). Therefore, the first update after installation can take a few minutes longer than usual. Uninstallation of IPS pattern granularity is not supported. If you uninstall R75.40, the patterns remain, converted to protections.
  • 30. Uninstalling R75.40 Release Notes | 30 Uninstalling Important - This does not remove Multi-Domain Security Management products. Use these procedures to install R75.40. Platform Procedure Windows 1. Open Start > Check Point > Uninstall R75.40 2. At the prompt, enter Y to continue. Linux IPSO Solaris 1. Change directory to: /opt/CPUninstall/R75.40/ 2. Run: ./UnixUninstallScript Example of Uninstall output: *********************************************************** Welcome to Check Point R75.40 Uninstall Utility *********************************************************** All R75.40 packages will be uninstalled. Uninstallation program is about to stop all Check Point processes. Do you want to continue (y/n) ? y Uninstalling Management Portal package...Done! Uninstalling SmartEvent and SmartReporter Suite package...Done! Uninstalling R75 Compatibility package...Done! Uninstalling R75.20 Compatibility package...Done! Uninstalling R71 Compatibility package...Done! Uninstalling CPSG 80 Series compatibility package...Done! Uninstalling Connectra R66 Compatibility package...Done! Uninstalling NGX Compatibility package...Done! Uninstalling V40 Compatibility package...Done! Uninstalling UTM-1 Edge compatibility package...Done! Uninstalling CPinfo package...Done! Uninstalling Security Gateway / Security Management package...Done! ************************************************************************ Package Name Status ------------ ------ Management Portal Succeeded SmartEvent and SmartReporter Suite Succeeded R75 Compatibility Succeeded R75.20 Compatibility Succeeded R71 Compatibility Succeeded CPSG 80 Series compatibility Succeeded Connectra R66 Compatibility Succeeded NGX Compatibility Succeeded V40 Compatibility Succeeded UTM-1 Edge compatibility Succeeded CPinfo Succeeded Security Gateway / Security Management Succeeded ************************************************************************ Uninstallation program completed successfully. Do you wish to reboot your machine (y/n) ? If any package fails to uninstall, the script generates a log file and prints its location on the screen.