http://www.fw-1.de/aerasec/index.html
Here you find some further information about Check Point
R70 and above, NGX and VPN-1/FireWall-1 Next Generation
Please note: To obtain a HFA for any version, you will need a valid Software
Subscription (CES) for all of your products registered in your UserCenter
Account!
R75:
In July 2012, Check Point has released R75.40VS. This version has integrated VSX which is now also
licensed by using Software Blades. Besides this, a modified GUI comes with this
version.
The latest regular version is R75.40. This release delivers many new features as well as the
new Operating System called GAIA. It includes all bufixes that were published
with R75.30. This version is stable. The release before (R75.20) started offering many improvements regarding URL
filtering combined with new features regarding DLP as well as SSL inspection for
IPS, APCL, URLF, and DLP. The earlier published R75.10 delivers some improvements like e.g. better performance
for the GUI, support of Edge Firmware 8.2 and SecuRemote R75.10.
R71:
In July 2011, version R71.45 has been published, delivering more
functionality and compatibility, as also R71.40 does. Both versions offer direct
upgrade to R75.40. When using the SSL VPN Software Blade (i.e. Mobile Access
Blade), please use at least version R71.10, since there is a security problem when using SSL VPN
in R71 without patch.
R70:
The latest version of R70 is R70.50.
If you plan an upgrade to R75.40, a direct upgrade is possible (but not to
earlier versions). Using R70.30 might still be useful if an upgrade to other version as
R75.40 is planned. Some important improvements as well as more features (to be
licensed) have been introduced with Version R70.20. It's available for all users
of R70. At least this version should be used in productive environments. As
usual, please regard that the GUI needs to be of the same version as the
Security Management, e.g. SmartConsole
70.30 for the corresponding versions of R70.
NGX R65:
When using this (outdated and no more supported) version, you
should use HFA_70 for NGX R65. Since December 2007 the corresponding GUI
für Microsoft Windows is SmartConsole NGX R65 HFA_01. Please be aware that neither this
nor elder versions are supported any more.
The latest version is R75, introducing the Application Control Software Blade,
Identity Awareness, the Integrated DLP Software Blade and Mobile Access blade.
In parallel, Endpoint Security E80 has been released at the very end of 2010.
Before, R71 has been published in May 2010. New Software Blades for
DLP and SmartEvent have been published with it. It's based on the latest major
release, published in March 2009: R70. This version introduced Software Blades, making the licensing very modular. Because
R7x is a new major release, a new license is needed to get access to all new
features. Please contact your reseller to obtain it.
Please be aware that Check Point has changed the licensing for RAS -
today, you need an Endpoint Security Container with Service Blades for the use
of e.g. VPN, Full Disk Encryption or Endpoint Security Secure Access.
Licenses for NGX and earlier will only work with R70. Since R71 the new
licensing scheme using Software Blades is strictly enforced. If you haven't
updated yet, please do it. In most cases you can do it for free in your Check
Point UserCenter account.
Other versions (NGX
R65, NGX R62, NGX
R61, and NGX R60) were officially supported until March 2011 and May
2009, respectively. If you cannot upgrade, please contact your reseller to
obtain (restricted) support. A quarterly fee per system is due. If you still
have NG AI (e.g. R54/R55) in production, please upgrade as soon as possible!
Version |
|
| Ports | |
| R70 | Ports used by Check Point R70 and above |
| R60-R65 | Ports used by Check Point NGX |
| R50-R55 | Ports used by Check Point VPN-1/FireWall-1 Next Generation (not supported any more) |
| 4.0/4.1 | Ports used by Check Point VPN-1/FireWall-1 4.x (not supported any more) |
| Further information Links to FAQ's, mailing lists and further information about Check Point FireWall-1/VPN-1 | |
| Licensing, Products and basic Installation | |
| R71/R75 | "Basic" License Features of R7x (software only) |
| R70 | "Basic" License Features of R70 (software only) |
| R60-R65 | "Basic" License Features of NGX (not supported any more) |
| R54/R55 | "Basic" License Features of NG AI and earlier versions (not supported any more) |
| R54/R55 | "Extended" License Features of NG AI (not supported any more) |
| NGX - R7x | Direct comparison of license features of NGX and R71/R75 |
| NGX - R70 | Direct comparison of license features of NGX and R70 |
| R70 | About licensing RAS clients for R70 |
| R70/R71 | About licensing Endpoint Security for R70 using Software Blades |
R65/R70 |
About Check Point Appliances for NGX R65 and R70 |
>R53 |
Terms used since Next Generation Feature Pack 3 |
| R70 | Terms used since Check Point R70 |
R70 |
About the use of computers with Dual Core or Quad Core Processors (outdated) |
| R70 | About the use of computers with Dual Core or Quad Core Processors since 2010 |
<R70 |
Compatibility between Nokia IPSO and Check Point VPN-1/FireWall-1 |
| R70 | Nokia Hardware compatible with Check Point R70 |
R54/R55 |
Installation fails on patched Sun Solaris 8 or 9 |
| Useful tools | |
| all | Tool for generating INSPECT code using a GUI: Ginspect |
| NG/NGX | Tool for State Tables in human readable form
fw1-tool.pl by AERAsec (supports SSH and some more features, covers Unix/Linux, SecurePlatform as well as Windows) |
| NG/NGX | Tool for Traffic Analysis "tcpdump"-like wrapper for "fw monitor": fw1-dump.sh (fw1-dump.sh.zip) by AERAsec Use the syntax of the well known command "tcpdump" to use "fw monitor". |
| all | Tool for Managing Check Point SecurePlatform Easier remote Management with SmartSPLAT |
| NG/NGX | Tools for Management of Check Point objects Ofiller and Odumper are used for editing Check Point object databases. |
| Authentication | |
| 4.1 | Using OpenLDAP to authenticate users with Check Point VPN-1/FireWall-1 4.1 |
| NG | Authentication using OpenLDAP with Check Point NG is described on the OPSEC server |
| 4.x/NG | To configure the LDAP server, you will need the correct schema file (4.1, NG AI R55) |
| R53 | How to integrate Novell eDirectory 8.7 with Check Point NG FP3 is described by Oren Green |
| R53 | The use of CRYPTOCard Authentication with Check Point NG FP3 is described by CRYPTOCard |
| Secure Computing describes how to authenticate users by SafeWord PremierAccess 3.0 | |
| all | Configuring Client Authentication using HTTPS |
| R52 | Authentication with SecurID/ACE-Server doesn't work |
| VPN | |
| all | Links to hints for VPN between Check Point and other products |
| VPN with Linux FreeS/WAN using pre-shared-secret or X.509 certificates | |
| VPN with Racoon (under Linux),VPN from Gateway to Gateway | |
| VPN with BinTec IPsec enabled router using pre-shared-secret or X.509 certificates | |
| R70 | Endpoint
Connect cannot download Topology |
| VPN-1 configuration for use of an external CA | |
| all | Problem with an overlapping encryption domain |
| R51 | Problem with Extranet under Linux |
| <R55 | Problem with Extranet when using the "Simplified Mode" |
| <R55 | How to configure an Extranet |
| Installation of rulebase, Objects, Services and Resources | |
| all | Rulebase will not install - atomic loading failed |
| R53 | Rulebase will not install - no memory |
| all | Check Point FireWall-1 acting as a Mail-Relay?! |
| all | What to do against sender-specific routing for E-Mail |
| R52.. | Problem when changing or creating a TCP Service |
| R53 | ICMP doesn't work sometimes |
| R53 | NG blocks HTTPS/SSL when using a Proxy |
| HTTP/HTTPS connections are being blocked by NG | |
| R54 | Timeout for Oracle Services SQL*Net2 not working |
| SYN Defender | |
| Short graphical description of SYNDefender Relay, Gateway and passive Gateway (PDF) | |
| Which kind of SYNDefender is supported by Check Point version X? | |
| NAT | |
| Problem with manual NAT on Microsoft Windows 2000 Server | |
| Logging | |
| R53 | Sending syslog messages to SmartView Tracker is possible now |
| R53 | Time of SmartView Tracker is one hour late |
| <R60 | Rule numbers in SmartView Tracker aren't in the rulebase |
| all | Negative Rule numbers in SmartView Tracker |
| Upgrade | |
| R51 | Upgrading Check Point VPN-1/FireWall-1 from 4.0 to Next Generation FP1 (outdated) |
| R51 | Upgrading Check Point VPN-1/FireWall-1 from 4.1 to Next Generation FP1 (outdated)
|
| Problem with Internal CA after upgrading from version 4.1 to Next Generation | |
| NG AI | Problem exporting a configuration using upgrade_export |
| R7x | Problem importing a configuration in a new version |
| R75.40 | Problem upgrading with fwkern.conf configured |
| Auditing | |
| 4.x | Lance Spitzner has published a good paper called "Auditing Your Firewall Setup", based on 4.x |
| all | Auditing NG AI, NGX, and R70 is offered by AERAsec |
4 comments
Nice blog..! I really loved reading through this article. Thanks for sharing such an amazing post with us and keep blogging...Well written article Thank You for Sharing with Us project management courses in chennai |pmp training class in chennai | pmp training near me | pmp training courses online |
Nice informative content. Thanks for sharing such worthy information.
How To Get Fluent in English
Steps To Learn English
Thanks for this blog keep sharing your thoughts like this...
What is Struts
Architecture Of Struts
You know your projects stand out of the herd. There is something special about them. It seems to me all of them are really brilliant! how to drag click
Post a Comment