Firewall - Check Point
Firewall - Check Point Firewall - Check Point
SSL Network Extender7. When using Performance Pack in a cluster configuration, all members must havePerformance Pack installed and running.Supported Platforms8. For a list of the recommended platforms for Performance Pack on SecurePlatform,see the Hardware Compatibility List for SecurePlatform at:http://www.checkpoint.com/products/supported_platforms/secureplatform.html.SSL Network ExtenderIn This SectionClient Limitations page 48Gateway Limitations page 49Client Limitations1. SSL Network Extender is not supported in a Fast User Switch environment.2. While SSL Network Extender and SecureClient can be installed on the samemachine, they can not be activated at the same time.3. The Office Mode IP per User feature is not supported if a user connects using bothSSL Network Extender and SecureClient, in that order. This means that a user thatconnects to a VPN-1 Gateway using SSL Network Extender receives an Office modeIP address. When the user disconnects and connects again using SecureClient,he/she will not receive an Office mode IP address.4. SSL Network Extender may not work properly with pop-up blockers. It isrecommended to disable them, or to configure them to allow pop-ups on the SSLNetwork Extender site.5. To use SSL Network Extender with WindowsXP SP2:1. Click the Internet Explorer Information bar, and select Always allow Pop-upsfrom this site.2. Select Tools > Internet Options > Security > Web Content Zone > Custom Level andenable Automatic prompting for ActiveX controls.6. In some Windows 2000 systems, the High Encryption Pack is not installed. Thosesystems can only perform SSL-56 bit encryption, which is not supported by SSLNetwork Extender. The administrator must install the High Encryption Pack in orderto use those Windows 2000 systems with the SSL Network Extender.Enterprise Suite NGX R61 Known Limitations Supplement Last Update — February 7, 2007 48
SSL Network Extender7. To install SSL Network Extender, Microsoft Windows Installer (MSI) version 2.0must be installed on the client computer. While most Windows installations includeMSI 2.0, if it is not installed, it can be freely downloaded from Microsoft's website.Gateway Limitations8. If Secure Configuration Verification (SCV) is enabled in Global Properties, and youare working in a Simplified Mode Security Policy, packets from the SSL NetworkExtender will not be transferred.9. The Unique by Machine option, located in the Office Mode tab, is currently notsupported when Office Mode uses DHCP to allocate IP addresses. Enabling thisoption may lead to SSL Network Extender receiving different IP addresses whenconnecting from the same machine, or the same IP address when connecting fromdifferent machines.10. SSL Network Extender licenses are now installed on the management module, andnot on the enforcement modules as they were in R55. After installing the license onthe management module, activate the license by installing policy on allenforcement modules to which the clients will connect. Note that SSL NetworkExtender licenses installed on R55 modules must be retained after the upgrade, asthe management license does not apply to these modules.11. At present, the ICS Dynamic Upgrade feature is not supported.12. Under certain circumstances, the vpnd may not bind to the port designated as theVisitor Mode port, which will cause the SSL Network Extender not to work. Toresolve this issue, verify that the port is not taken by another process, and executethe command fw kill vpnd.13. The web page language does not change when selecting Hebrew. A workaround is toedit the file messages.js in $FWDIR/conf/extender/language/chkp/hebrew:1. on line 131 var MSG_RESTRICT_ACCESS ..., make sure the line ends with "; andnot just ;2. on line 133 var MSG_ASKUSER_ACCESS ..., add " in the beginning of the stringand "; at the end3. on line 181 install_required ..., add " in the beginning of the string and ";at the end4. on line 190 b64_alert ..., add " in the beginning of the string and "; at theend5. on line 202 browser_settings_error ..., add " in the beginning of the stringand "; at the endEnterprise Suite NGX R61 Known Limitations Supplement Last Update — February 7, 2007 49
- Page 1 and 2: ......Check Point Enterprise Suite.
- Page 3 and 4: Firewall4. When the Web Intelligenc
- Page 6 and 7: Firewall28. When using SmartDirecto
- Page 8 and 9: Firewall47. When connecting to the
- Page 10 and 11: FirewallDynamically Assigned IP Add
- Page 12 and 13: SmartCenterSmartCenterIn This Secti
- Page 14 and 15: SmartCenter10. When upgrading Smart
- Page 16 and 17: SmartCenter23. In order to be able
- Page 18 and 19: SmartCentersaved. The solution is t
- Page 20 and 21: 1. Using a text editor, open the fi
- Page 22 and 23: SecurePlatform1. Log into SecurePla
- Page 24 and 25: SecurePlatform23. The Dynamic routi
- Page 26 and 27: SecurePlatform34. BGP is not suppor
- Page 28 and 29: SecurePlatform56. In legacy High Av
- Page 31 and 32: LicensingSmartView Monitor9. If a l
- Page 33 and 34: Eventia ReporterEventia ReporterIns
- Page 35 and 36: ClusterXLClusterXLIn This SectionUp
- Page 37 and 38: ClusterXL11. When setting an interf
- Page 39 and 40: • For other out of state messages
- Page 41 and 42: ClusterXL37. If two or more interfa
- Page 43 and 44: ClusterXLSave the file and chmod 77
- Page 45 and 46: • For other OPSEC certified clust
- Page 47: • For Flows acceleration, the mes
- Page 51 and 52: IntegrityIntegrityIn This SectionIn
- Page 53 and 54: IntegrityWhen you change the settin
- Page 55 and 56: IntegrityIn order to prevent contin
- Page 57 and 58: IntegrityIntegrity clients that rec
- Page 59 and 60: IntegrityIn search fields in the In
- Page 61: Safe@Office firmware 5.0.82 or earl
SSL Network Extender7. When using Performance Pack in a cluster configuration, all members must havePerformance Pack installed and running.Supported Platforms8. For a list of the recommended platforms for Performance Pack on SecurePlatform,see the Hardware Compatibility List for SecurePlatform at:http://www.checkpoint.com/products/supported_platforms/secureplatform.html.SSL Network ExtenderIn This SectionClient Limitations page 48Gateway Limitations page 49Client Limitations1. SSL Network Extender is not supported in a Fast User Switch environment.2. While SSL Network Extender and SecureClient can be installed on the samemachine, they can not be activated at the same time.3. The Office Mode IP per User feature is not supported if a user connects using bothSSL Network Extender and SecureClient, in that order. This means that a user thatconnects to a VPN-1 Gateway using SSL Network Extender receives an Office modeIP address. When the user disconnects and connects again using SecureClient,he/she will not receive an Office mode IP address.4. SSL Network Extender may not work properly with pop-up blockers. It isrecommended to disable them, or to configure them to allow pop-ups on the SSLNetwork Extender site.5. To use SSL Network Extender with WindowsXP SP2:1. Click the Internet Explorer Information bar, and select Always allow Pop-upsfrom this site.2. Select Tools > Internet Options > Security > Web Content Zone > Custom Level andenable Automatic prompting for ActiveX controls.6. In some Windows 2000 systems, the High Encryption Pack is not installed. Thosesystems can only perform SSL-56 bit encryption, which is not supported by SSLNetwork Extender. The administrator must install the High Encryption Pack in orderto use those Windows 2000 systems with the SSL Network Extender.Enterprise Suite NGX R61 Known Limitations Supplement Last Update — February 7, 2007 48