Firewall - Check Point

More documents

Recommendations

Info

SecurePlatform34. BGP is not supported on interfaces that have a Cluster IP address configured to adifferent subnet than the physical IP addresses.35. Dynamic Routing protocols do not support cluster IP addresses defined on a subnetother than that of the physical IP addresses of the interfaces.General36. In legacy High Availability mode for ClusterXL, MAC address synchronization is notsupported for VLAN tagged interfaces. Use new High Availability mode, or manuallyconfigure the MAC addresses of the interfaces using the ifconfig CLI or WebUI.37. If you use a default subnet configuration, you should define the routing through thedevice and not the IP address.38. Network installation from a Windows-based FTP Server is not supported. Use aLinux-based FTP Server instead.39. The cpconfig command line interface of SecurePlatform versions R55 and earlierdisplayed the time zone GMT offset according to the POSIX standard, which is theopposite of the commonly accepted standard. For example, for GMT+2, thecommand line interface shows GMT -2.In this release, the time zone display in the command line uses the commonlyaccepted notation. Please pay attention to this change when configuring the systemtime zone from the command line.40. For optimal usage of memory on machines with more than 512MB of memory, addthe following configuration settings to /etc/fw.boot/modules/fwkern.conf and thenreboot the machine:fw_hmem_use_alternate_malloc=1fw_smem_use_alternate_malloc=1You should not assign more than 1700MB to the Maximum memory pool size. Thisvalue is set in the Capacity Optimization page of the module’s object inSmartDashboard.41. Files larger than 2 GB cannot be copied as is from SecurePlatform using ftp, tftp orSCP tools, due to current file size limitations in those tools. Split the files intosmaller chunks using utilities like "dd" before transferring them fromSecurePlatform.42. During the Backup/Restore operation, the Expert password is not backed up.43. SecurePlatform cannot be installed on a machine that has more than two SCSI harddrives, unless they are in a RAID configuration and can be seen as a single virtualdrive.Enterprise Suite NGX R61 Known Limitations Supplement Last Update — February 7, 2007 26
SecurePlatform44. After updating the time zone of SecurePlatform, make sure to reboot the computerto ensure that the new time zone is applied to all applications.45. Restoring the system settings via an SSH connection is not supported. Use aconsole that is locally connected to restore the system settings.46. When using multiple RADIUS servers, make sure that the servers are exact replicasof each other. When using multiple RADIUS servers that contain different users, thelogin failure or success depends on the listed order of the servers in theconfiguration file (i.e., when one RADIUS server denies access, SecurePlatform willdeny access, and does not try to authenticate the user against other RADIUSservers).47. When using RADIUS groups access and user lockout features at the same time,there is no way to see that users that accessed the system via RADIUS groups arelocked.48. When performing snapshot, revert, backup & restore operations, be sure that youhave at least 10% free space in the partition /var.49. Important Notice: This version modifies the way in which SecurePlatform handlesthe BIOS clock settings. For instance, it is no longer necessary to manually changethe BIOS clock when switching to or from daylight savings time. Make sure to setthe BIOS clock to UTC (GMT) time.50. When restoring system configuration from older versions of SecurePlatform, thetime zone configuration is not restored properly. Make sure to configure the timezone manually after restore.51. When using SNMP, enable the service prior to adding new users. The commandsnmp users show does not function as expected if the service is not enabled first.52. Under a high load, Advanced Routing messages are sometimes printed to theSecurePlatform console.53. SecurePlatform NGX (R60) can be configured to send system (syslog) messages toremote syslog servers. Note that system logs can include sensitive information likeIP addresses of the system, etc. Make sure that when you make use of this facilityyou are transferring logs only over encrypted or secured channels (e.g. trustednetworks or VPNs).54. Restart PPPoE and PPTP network connections if initial connection to the modemfails. When restarting the connection from the command line, you may need tore-enter PPP credentials.55. Deploying a DHCP server on a SecurePlatform machine running a VPN-1enforcement module is not supported. As a workaround, deploy the DHCP server ona SecurePlatform machine not running an enforcement module.Enterprise Suite NGX R61 Known Limitations Supplement Last Update — February 7, 2007 27
Page 1 and 2: ......Check Point Enterprise Suite.
Page 3 and 4: Firewall4. When the Web Intelligenc
Page 6 and 7: Firewall28. When using SmartDirecto
Page 8 and 9: Firewall47. When connecting to the
Page 10 and 11: FirewallDynamically Assigned IP Add
Page 12 and 13: SmartCenterSmartCenterIn This Secti
Page 14 and 15: SmartCenter10. When upgrading Smart
Page 16 and 17: SmartCenter23. In order to be able
Page 18 and 19: SmartCentersaved. The solution is t
Page 20 and 21: 1. Using a text editor, open the fi
Page 22 and 23: SecurePlatform1. Log into SecurePla
Page 24 and 25: SecurePlatform23. The Dynamic routi
Page 28 and 29: SecurePlatform56. In legacy High Av
Page 31 and 32: LicensingSmartView Monitor9. If a l
Page 33 and 34: Eventia ReporterEventia ReporterIns
Page 35 and 36: ClusterXLClusterXLIn This SectionUp
Page 37 and 38: ClusterXL11. When setting an interf
Page 39 and 40: • For other out of state messages
Page 41 and 42: ClusterXL37. If two or more interfa
Page 43 and 44: ClusterXLSave the file and chmod 77
Page 45 and 46: • For other OPSEC certified clust
Page 47 and 48: • For Flows acceleration, the mes
Page 49 and 50: SSL Network Extender7. To install S
Page 51 and 52: IntegrityIntegrityIn This SectionIn
Page 53 and 54: IntegrityWhen you change the settin
Page 55 and 56: IntegrityIn order to prevent contin
Page 57 and 58: IntegrityIntegrity clients that rec
Page 59 and 60: IntegrityIn search fields in the In
Page 61: Safe@Office firmware 5.0.82 or earl

Firewall - Check Point

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?