Security Gateway Virtual Edition

Similar documents
Security Gateway Virtual Edition

How To Configure and Tune CoreXL on SecurePlatform

Endpoint Security. E80.30 Localized Version. Release Notes

How to Configure ClusterXL for L2 Link Aggregation

Endpoint Security Release Notes

How To Troubleshoot VPN Issues in Site to Site

Endpoint Security webrh

Remote Access Clients for Windows 32/64-bit

How To Import New Client MSI Files and Upgrade Profiles

Check Point GO R75. Release Notes. 21 December Classification: [Public]

R Release Notes. 6 March Classification: [Protected] [Restricted] ONLY for designated groups and individuals

Data Loss Prevention. R75.40 Hotfix. Getting Started Guide. 3 May Classification: [Protected]

VPN-1 Power VSX VSX NGX R65 HFA 10. Release Notes

R75.40VS. Release Notes. 20 January Protected

How to Connect with SSL Network Extender using a Certificate

How To Configure IPSO as a DHCP Server

Security Acceleration Module

Security Gateway for OpenStack

How To Configure OCSP

Remote Access Clients for Windows 32-bit/64-bit

Data Loss Prevention R71. Release Notes

SecuRemote for Windows 32-bit/64-bit

SmartWorkflow R Administration Guide. 29 May Classification: [Restricted]

R Release Notes. 18 August Classification: [Public]

How To Install SecurePlatform with PXE

Performance Pack. Administration Guide Version R70. March 8, 2009

ClusterXL R Administration Guide. 3 March Classification: [Protected]

Check Point Mobile VPN for ios

IPS R Administration Guide

VSEC FOR OPENSTACK R80.10

Check Point IPS R75. Administration Guide

Potpuna virtualizacija od servera do desktopa. Saša Hederić Senior Systems Engineer VMware Inc.

Securing the Data Center against

Securing the Virtualized Environment: Meeting a New Class of Challenges with Check Point Security Gateway Virtual Edition

Security Gateway 80 R Administration Guide

Check Point VSX. NGX R67 for R75. Administration Guide. 20 February Classification: [Protected]

vshield Administration Guide

Getting Started with ESXi Embedded

Quality of Service R75.40VS. Administration Guide. 15 July Classification: [Protected]

CoreXL Administration Guide

VMware vshield App Design Guide TECHNICAL WHITE PAPER

VMware ESX ESXi and vsphere. Installation Guide

ATA Infotech Ventures Pvt. Ltd.

New Features in VMware vsphere (ESX 4)

VMware vsphere with ESX 4.1 and vcenter 4.1

vshield Quick Start Guide

Check Point Document Security

VMware vsphere Administration Training. Course Content

Virtual Security Gateway Overview

WatchGuard XTMv Setup Guide Fireware XTM v11.8

Special Hotfix for R75.40VS

VIRTUAL APPLIANCES. Frequently Asked Questions (FAQ)

IPv6Pack R70. Administration Guide

Sophos for Virtual Environments. startup guide -- Sophos Central edition

SmartView Monitor R75. Administration Guide

Securing your Virtualized Datacenter. Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008

By the end of the class, attendees will have learned the skills, and best practices of virtualization. Attendees

WatchGuard XTMv Setup Guide

How To Install IPSO 6.2

Vmware VCP410. VMware Certified Professional on vsphere 4. Download Full Version :

McAfee Network Security Platform 9.2

VMware Exam VCP-511 VMware Certified Professional on vsphere 5 Version: 11.3 [ Total Questions: 288 ]

Check Point IPS. Administration Guide Version R70

Dell EMC. VxBlock Systems for VMware NSX 6.3 Architecture Overview

VMWARE SERVICE PROVIDER PROGRAM PRODUCT USAGE GUIDE Q2

Endpoint Security Management Server

VI3 to vsphere 4.0 Upgrade and New Technology Ultimate Bootcamp

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

Administering VMware vsphere and vcenter 5

Performance Tuning R76. Administration Guide. 26 February Classification: [Protected]

McAfee Next Generation Firewall 5.9.1

vrealize Operations Management Pack for NSX for vsphere 2.0

SAFEGUARDING YOUR VIRTUALIZED RESOURCES ON THE CLOUD. May 2012

VMware vsphere with ESX 4 and vcenter

PassTest. Bessere Qualität, bessere Dienstleistungen!

VMware vsphere 4. The Best Platform for Building Cloud Infrastructures

Next Generation Firewall

Stonesoft Next Generation Firewall. Release Notes Revision C

Introduction. Application Versions. Virtual Machine Defined. Other Definitions. Tech Note 656 Building Wonderware Solution Architectures on VMware

Dell EMC. VxBlock Systems for VMware NSX 6.2 Architecture Overview

vcenter Operations Management Pack for NSX-vSphere

The vsphere 6.0 Advantages Over Hyper- V

Installation and Upgrade Guide

Connectra Virtual Appliance Evaluation Guide

Stonesoft Next Generation Firewall

VMware vsphere 6.5 Boot Camp

VCP410 VMware vsphere Cue Cards

AltaVault Cloud Integrated Storage Installation and Service Guide for Virtual Appliances

Data collected by Trend Micro is subject to the conditions stated in the Trend Micro Privacy Policy:

Cisco ACI with Cisco AVS

RecoverPoint for Virtual Machines

vrealize Operations Management Pack for NSX for vsphere 3.0

ClusterXL. Administration Guide Version R70

Exam Name: VMware Certified Associate Network Virtualization

Deploy the ExtraHop Discover Appliance with VMware

A Dell Technical White Paper Dell Virtualization Solutions Engineering

VMware vsphere Replication Administration. vsphere Replication 8.1

vnetwork Future Direction Howie Xu, VMware R&D November 4, 2008

VMware vsphere with ESX 6 and vcenter 6

VMware Integrated OpenStack Quick Start Guide

Transcription:

Security Gateway Virtual Edition R71 Release Notes 9 February 2012 Classification: [Restricted]

2012 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks. Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of relevant copyrights and third-party licenses. VMware, VMware VMotion and VMware vsphere are registered trademarks and/or trademarks of VMware, Inc. in the United States and/or other jurisdictions.

Important Information Latest Version The latest version of this document is at: http://supportcontent.checkpoint.com/documentation_download?=11535 For more technical information, visit the Check Point Support Center (http://supportcenter.checkpoint.com). Revision History Date 6 September 2011 Abra is supported on Network Mode. 27 July 2011 Dynamic Routing is supported on Network Mode. 9 March 2011 Added known limitation 00649693. Updated known limitation 00525830. 6 February 2011 Added known limitation 00640862. 11 January 2011 Added supported platforms. Updated known limitations. New build number. 8 November 2010 Initial version. Feedback Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments (mailto:cp_techpub_feedback@checkpoint.com?subject=feedback on Security Gateway Virtual Edition R71 Release Notes).

Contents Important Information... 3 Introduction... 5 What's New... 5 Selecting an Operation Mode... 6 Supported Features and Software Blades... 6 System Requirements... 7 Supported Builds and Platforms... 7 Known Limitations... 8 Security Gateway Virtual Edition Limitations... 8 Non-supported R71 Features... 8 VMware Feature Limitations... 8 General Limitations... 8 Hypervisor Mode Limitations... 9 Non-supported R71 Features... 9 Network Limitations...10 ESX Configuration Limitations...10 General Limitations...11 Hypervisor Mode Cluster Deployment Limitations...11 Non-supported R71 Features...11 Network Limitations...11 General Limitations...12

Introduction Introduction Check Point Security Gateway Virtual Edition protects dynamic virtual environments and external networks from internal and external threats by securing virtual machines and applications. This solution uses proven Check Point security technologies: Software Blade architecture, Firewall with content inspection, IPS, central management, and more. Security Gateway Virtual Edition has different operation modes. Decide which is best for your environment and plan the installation accordingly. The Hypervisor Mode enforces VM security within the VMware Hypervisor by inspecting inter-vm traffic, without changing the virtual network topology. The Network Mode is deployed as a virtual network device to protect virtual networks and physical environments. You can configure it as a router or a bridge, in the same way as a physical gateway. Note - All references to ESX throughout the document are also relevant for ESXi unless specifically noted otherwise. What's New Hypervisor Mode: Protects VMs and traffic between VMs. Secures dynamic virtual environments without network topology changes. Supports VMware VMsafe. Protects against security breaches caused by configuration errors. Gives out-of-the-box protection with easy configuration. Supports R71 Software Blade architecture. Maximizes security granularity at the vswitch, port group, and VM levels. Supports ESX clusters for VM high availability and load sharing. Enforces security with no downtime during vmotion migration. Lets growing enterprises protect expanding virtual networks while reducing hardware investment, maintenance, energy, and site costs. Optimizes performance for virtual environments. Network Mode: Operates as a layer-2 or layer-3 Security Gateway for virtual network environments. Supports ClusterXL for high availability and load sharing. Enforces security with no downtime during vmotion migration. Supports vmotion on the Security Gateway Virtual Edition virtual machine. Lets growing enterprises protect expanding virtual networks while reducing hardware investment, maintenance, energy, and site costs. Optimizes performance for virtual environments. Security Gateway Virtual Edition Release Notes R71 5

Introduction Selecting an Operation Mode To select the mode that is optimal for your environment, compare VMware and Check Point features. VMware Features Hypervisor Mode Network Mode VMotion for 3rd party VMs Yes Yes VMotion for the Security Gateway Virtual Edition VM No Yes DRS Yes Yes VMSafe Integration Yes No vshield No No Fault Tolerance No No DVS Yes Yes Nexus 1000v Yes Yes Supported Features and Software Blades Features and Software Blades Hypervisor Mode Network Mode Firewall Yes Yes NAT No Yes IPsec VPN No Yes IPS Yes Yes URL Filtering Yes Yes Email Security and Anti-Spam No Yes CoreXL No Yes ClusterXL No Yes IPv6 No Yes SSL VPN No Yes SSL Network Extender No Yes Mobile Client No No QoS No Yes Dynamic Routing No Yes Web Security Yes Yes VoIP No Yes Security Gateway Virtual Edition Release Notes R71 6

System Requirements Features and Software Blades Hypervisor Mode Network Mode Abra No Yes Anti-Malware Limited* Yes * See 00525807 in Known Limitations ("Non-supported R71 Features" on page 9). System Requirements Item Minimum Recommended Notes Memory 512 MB 2.5 GB Add more memory to inspect many connections concurrently. Disk Space 12 GB 12 GB Number of Virtual CPUs 1 2 Supported Builds and Platforms This table shows the supported builds and platforms for Security Gateway Virtual Edition. Build, Platform, Server Version Security Gateway Virtual Edition Build 976141008 To verify: fw ver -k VMware Platform VMware vsphere ESX 4.0, 4.1. VMware vsphere ESXi 4.0, 4.1. Note: For ESX/ESXi 4.0, the recommended build is 171294 or above. Build 164009 is not supported Check Point Security Management Server or Multi- Domain Security Management Multi-Domain Server R71 or higher Note - Security Gateway Virtual Edition is based on the R71.10 Security Gateway. Security Gateway Virtual Edition Release Notes R71 7

Known Limitations Known Limitations Note - The numbers next to each known limitation are for your tracking information. Check Point constantly makes an effort to improve released products. Check the tracking numbers in the next release for fixes. Security Gateway Virtual Edition Limitations Note - All Security Gateway R71 and R71.10 limitations (http://supportcontent.checkpoint.com/solutions?id=sk44993) apply also to Security Gateway Virtual Edition. In this section: Non-supported R71 Features 8 VMware Feature Limitations 8 General Limitations 8 Non-supported R71 Features 00631146 The Check Point Mobile client is not supported in Security Gateway Virtual Edition. 00631234 Management High Availability and Log Server are not supported on a standalone Security Gateway Virtual Edition. 00527267 Performance Pack Heavy Load Quality of Service feature (HLQoS) is not supported. VMware Feature Limitations 00575640 Cloning and templates are supported for Security Gateway Virtual Edition VM, if: The VM is a newly deployed Security Gateway Virtual Edition (immediately following the first boot). You have not yet configured any Check Point products. You have not yet done any configuration steps, such as sysconfig or cpconfig. 00526862 VMware Tools are not supported on a Security Gateway Virtual Edition Virtual Machine. General Limitations 00525830 Upgrade to R71 is not supported. You must install Security Gateway Virtual Edition R71 as a clean installation. You cannot install Security Gateway R71 HFA packages or releases above R71 on top of the Security Gateway Virtual Edition. Security Gateway Virtual Edition Release Notes R71 8

Known Limitations 00566886 CPU consumption for the Security Gateway Virtual Edition might show inaccurate results. To resolve this issue, reserve CPU resources on the ESX: 1. In the vsphere client, right click the Security Gateway Virtual Edition. 2. Select Edit Settings. 3. On the Resources tab, move the Reservation slider to allocate a guaranteed CPU share (in MHz). 00568259 You can configure up to 2 virtual CPUs for the Security Gateway Virtual Edition. 00566045 The SecurePlatform WebUI is disabled until you assign an IP address to one of its network adapters. 00649693 In environments with more than one Security Gateway Virtual Edition on one ESX host, (where one is in Hypervisor mode and the others are in Network Mode), apply this configuration on the Security Gateway Virtual Edition in Hypervisor Mode: 1. Run sysconfig and configure the security of the Security Gateway Virtual Edition in Network mode instances to bypassed 2. Run sysconfig and configure the security of the VMs that are secured by one of the Security Gateway Virtual Editions in Network mode to bypassed. 3. Run sysconfig and configure the global failure setting to fail-open. Hypervisor Mode Limitations In this section: Non-supported R71 Features 9 Network Limitations 10 ESX Configuration Limitations 10 General Limitations 11 Non-supported R71 Features Unsupported Feature 00525721 Security Gateway Virtual Edition in Hypervisor Mode cannot operate as a layer 3 network device (router). Layer 3 features, such as NAT and VPN, are not supported. 00525807 The following features are not supported in the current version: E-mail Security HTTP/FTP/SMTP with resource User/client/session authentication Anti-Virus in the proactive mode Anti-Virus for FTP Anti-Virus by file direction 00525819 ClusterXL high availability and load sharing are not supported. 00525822 QoS is not supported. 00526867 Bridge mode is not supported. Security Gateway Virtual Edition Release Notes R71 9

Known Limitations Unsupported Feature 00527315 CoreXL is not supported. 00568687 VoIP is not supported. 00575642 Header spoofing protection is not supported. 00631143 The SSL VPN blade and SSL Network Extender are not supported. 00631138 IPv6 is not supported. Network Limitations 00557690 Dynamic Routing is not supported. 00518814 When a VM operates as a router for other VMs, you must configure these settings: 1. Run sysconfig to configure the routing VM security setting to bypassed. 2. Do not configure IP Anti-spoofing for VMs that use the routing VM as a default gateway. 00526860 When a VM operates as a bridge for other VMs, run sysconfig to configure the bridge-vm security setting to bypassed. 00525805 You cannot configure a VLAN using the VM guest operating system in an ESX environment. Configure the VLAN using a vswitch. 00526946 Hypervisor Mode does not support duplicate IP or MAC addresses for different VMs. 00552805 You cannot change a vnic MAC address using the guest operation system. 00560767 A Check Point management server cannot connect to a Security Gateway Virtual Edition if all of these cases are true: The management server is installed on an ESX cluster member. The management server uses a dedicated network. The Security Gateway Virtual Edition is not directly connected to this network. Workaround: Connect the management server VM to the ESX management network or connect the Security Gateway Virtual Edition to the management network. 00568517 Microsoft Network Load Balancing (NLB) is not supported for VMs. ESX Configuration Limitations 00863806 VMDirectPath I/O is not supported. 00526845 You can only install one Security Gateway Virtual Edition with Hypervisor Mode on an ESX host. 00528634 Security Gateway Virtual Edition supports a maximum of 100 VMs on an ESX host. 00527283 When using the VMware Distributed Resource Scheduler, you must disable it on the Security Gateway Virtual Edition. Security Gateway Virtual Edition Release Notes R71 10

Known Limitations 00640862 vnetwork Appliance products are not supported with Security Gateway Virtual Edition in Hypervisor Mode. General Limitations 00558889 After creating a Virtual Machine from a template or after cloning a Virtual Machine, the following entry may show in the SmartView Tracker logs: "A misconfigured filter was created due to VM import, deployment of VM from template or VM cloning. Traffic is blocked for this new VM. Please reset the newly created VM in order to fix this issue." If this occurs, reset the new Virtual Machine. This message may also occur when powering on the source (original) Virtual Machine after cloning it. If this occurs, reset both the source and the newly cloned Virtual Machines. 00629564 The Reinstall Hypervisor Connector operation might fail on ESXi 4.1. See the Troubleshooting section of the R71 Security Gateway Virtual Edition Administration Guide (http://supportcontent.checkpoint.com/documentation_download?=11534) for instructions. Hypervisor Mode Cluster Deployment Limitations In this section: Non-supported R71 Features 11 Network Limitations 11 General Limitations 12 Non-supported R71 Features Unsupported Feature 00527310 ISN scrambling (spoofing) protection in IPS is not supported. 00527312 The SYN attack protection in IPS is not supported. 00565933 vmac is not supported. Network Limitations 00527318 After a VM migrates from one ESX host (source) to another (destination), the source member continues to inspect existing connections. If the source member fails, existing connections are dropped. 00524634 If routers (virtualized or physical) are used to route traffic between virtual networks, only one of the virtual networks can be secured by the Security Gateway Virtual Edition. You must configure the other networks in Bypass. Security Gateway Virtual Edition Release Notes R71 11

Known Limitations General Limitations 00553212 Hypervisor Mode supports up to ten cluster members. 00528627 You must install Hypervisor Mode on all ESX Cluster members. Security Gateway Virtual Edition Release Notes R71 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback