Professional Documents
Culture Documents
30
Release Notes
16 April 2012
Classification: [Protected]
Important Information
Latest Software
We recommend that you install the most recent software release to stay up-to-date with the latest functional
improvements, stability fixes, security enhancements and protection against new and evolving attacks.
Latest Documentation
The latest version of this document is at:
http://supportcontent.checkpoint.com/documentation_download?ID=12964
For additional technical information, visit the Check Point Support Center
(http://supportcenter.checkpoint.com).
Revision History
Date
Description
16 April 2012
02 April 2012
14 March 2012
8 March 2012
26 February 2012
7 February 2012
29 January 2012
16 January 2012
12 January 2012
9 January 2012
5 January 2012
Feedback
Check Point is engaged in a continuous effort to improve its documentation.
Please help us by sending your comments
(mailto:cp_techpub_feedback@checkpoint.com?subject=Feedback on R75.30 Release Notes).
Contents
Important Information .............................................................................................3
Introduction .............................................................................................................5
What's New ......................................................................................................... 5
Important Solutions.............................................................................................. 5
Supported Upgrade Path ........................................................................................5
Compatibility with Gateways and Endpoint Clients .............................................. 6
Supported Security Products by Platform ............................................................7
Supported OS on Open Servers .......................................................................... 7
Supported Appliances ......................................................................................... 8
Security Gateway Software Blades ...................................................................... 9
Security Management Software Blades ..............................................................10
Clients and Consoles by Windows Platform .......................................................11
Required Disk Space ............................................................................................12
Console Requirements .........................................................................................12
Build Numbers ......................................................................................................13
Installing R75.30 ...................................................................................................14
New Installation ..................................................................................................14
Cleaning IPSO Flash-Based Gateways .........................................................14
Downloading the Clean Install Package .........................................................14
Clean Install on Flash-Based with CLI ...........................................................15
Clean Install on Flash-Based with Manual Download .....................................15
Clean Install on Disk-Based with Network Voyager ........................................15
Installing the Client Applications ....................................................................16
Upgrading ...........................................................................................................17
Before You Upgrade! .....................................................................................17
Downloading the Upgrade Package ...............................................................17
Upgrading with CLI ........................................................................................18
Upgrading with CLI for IPSO Flash-Based .....................................................19
Upgrading with SmartUpdate .........................................................................20
Upgrading with the SecurePlatform Web User Interface ................................20
Troubleshooting IPS-1 Sensor .............................................................................21
Uninstalling ...........................................................................................................22
Introduction
Introduction
Thank you for updating to Check Point version R75.30. This version resolves issues for R75.20. Please read
this document carefully before installing R75.30.
Important - Check Point software versions R75.10 or higher must have a valid
Software Blades license. Users with NGX licenses cannot install the software. To
migrate NGX licenses to Software Blades licenses, see Software Blade Migration
(http://www.checkpoint.com/products/promo/software-blades/upgrade/index.html) or
contact Account Services.
If you manage GX gateways from a Security Management server, you must regenerate
your GX licenses in the User Center to be compliant with Software Blades. This
procedure is optional for Multi-Domain Servers and Domain Management Servers.
What's New
This release has numerous resolutions to known limitations of earlier releases.
Important Solutions
Check Point R75.30 Home Page - sk66283 (http://supportcontent.checkpoint.com/solutions?id=sk66283)
R75.30 Resolved Issues - sk66286 (http://supportcontent.checkpoint.com/solutions?id=sk66286)
R75.30 Known Limitations - sk66284 (http://supportcontent.checkpoint.com/solutions?id=sk66284)
| 5
Version
Gateways
Security Gateway
NGX R65, R70, R70.1, R70.20, R70.30, R70.40, R71, R71.10, R71.20, R71.30,
R75, R75.10, R75.20
DLP-1
IPS-1
R71
Series 80
R71
VSX
Connectra
UTM-1 Edge
GX
4.0
Endpoint Clients
SecureClient
Endpoint Connect
Endpoint Security
up to R73 HFA1
*- UTM-1 Edge and Safe@ devices that use locally configured VPN connections with download
configuration settings, may experience VPN connectivity failure with R75.30 Security Gateways.
To enable this configuration with R75.30, see sk65369
(http://supportcontent.checkpoint.com/solutions?id=sk65369).
| 6
Security
Security Gateway
Management Server
SecurePlatform
32 or 64
32-bit
Multi-Domain Security
Management
MS Windows XP
Professional SP3 32-bit
MS Windows 7
Professional, Enterprise,
Ultimate, 32 or 64
Crossbeam X-series
Solaris Ultra-SPARC 8, 9, 10
* - For Windows 2003 SP1, you must install the hotifx specified in Microsoft KB 906469
(http://support.microsoft.com/kb/906469).
| 7
Supported Appliances
Platform
Security
Security Gateway
Management Server
2200 Appliance
4000 Appliances
12000 Appliances
21400 Appliance
Smart-1 Appliances
5, 25, 50
50, 150
Power-1 Appliances
UTM-1 Appliances
Multi-Domain Security
Management
* - 1G of RAM is enough to run Firewall, IPS and VPN blades only. To activate more blades, 2G of
RAM is required on IP290, IP390, and IP560 flash-based appliances.
You cannot upgrade these appliances to R75.30:
Series 80
UTM-1 Edge
IPS-1 Sensor
VSX-1
DLP-1
| 8
Operating System
Check Point
Microsoft
Secure
IPSO
Platform 6.2
Diskbased
IPSO 6.2
Flashbased
Crossbeam
Windows
Server 2003
Windows
Server 2008
X-series
Firewall
Identity Awareness
IPSec VPN
IPS
Mobile Access
DLP
Application Control
URL Filtering
Anti-Spam &
Email Security
Web Security
| 9
Operating System
Check Point
Microsoft
Secure
Platform
Windows
Server
2003
IPSO
6.2
Diskbased
Network Policy
Management
Endpoint Policy
Management
Monitoring
SmartProvisioning
Windows
Server
2008
Windows
XP, 7
RedHat
Solaris
Linux
RHEL 5.0, Ultra5.4
SPARC
Management Portal*
User Directory
SmartWorkflow
SmartEvent
SmartReporter
**
* Management Portal is supported on the following Web browsers: Internet Explorer 7, and
Firefox 1.5 - 3.0
** SmartEvent is supported on 32-bit only.
| 10
XP
Home
(SP3)
32-bit
XP
Pro
(SP3)
32-bit
Server
2003
(SP1-2)
32-bit
Server
2008
(SP1-2)
32-bit
SmartConsole
SmartDomain
Manager
Endpoint
Security VPN
SSL Network
Extender
SecureClient
DLP
User Check
DLP Exchange
Agent
Identity Agent
Remote Access
Clients E75.x
Windows 7
Ultimate &
Enterprise
64-bit
2
| 11
SecurePlatform/
root - 160 MB
root - 4.7 MB
Linux
/opt - 745 MB
/opt - 351 MB
/var - 300 MB
/var - 100 MB
/opt - 400 MB
/opt - 150 MB
/var - 540 MB
/var - 100 MB
/var - 100 MB
630 MB
690 MB
600 MB
/opt - 345 MB
/opt - 190 MB
/var - 400 MB
/var - 400 MB
/var - 700 MB
IPSO Disk-based
Windows
Solaris
/var - 300 MB
* During installation, the process may use additional disk space that will be released when installation ends.
SecurePlatform
root - 170 MB
root - 12 MB
/opt - 700 MB
/opt - 500 MB
/var - 1 GB
/var - 700 MB
/opt - 345 MB
/opt - 185 MB
/var 700 MB
/var - 500 MB
/var - 400 MB
/preserve - 295 MB
/preserve - 700 MB
/preserve - 6 MB
/opt - 20 MB
/opt - 16 MB
/var - 400 MB
/var - 170 MB
680 MB
520 MB
/var - 1.3 GB
IPSO Disk-based
IPSO Flash-based
Windows
590 MB
* During installation, the process may use additional disk space that will be released when installation ends.
Console Requirements
This table shows the minimum hardware requirements for console applications: SmartDashboard,
SmartView Tracker, SmartView Monitor, SmartProvisioning, SmartReporter, and SmartEvent, SecureClient
Packaging Tool, SmartUpdate, and SmartDomain Manager.
| 12
Build Numbers
Component
Windows
CPU
Memory
1024MB
Build Numbers
This table contains the R75.30 software products updated in this release and their build numbers. To
confirm that the hotfix is installed, run the version command for each product. If the command returns the
build number shown here, or the last three digits of the build number, the hotfix is installed.
*
Clean Install
Version Command
Security Gateway
983625066
983625126
fw ver -k
Security Management
983625008
983625008
fwm ver
SmartConsole
Applications
983625020
983625022
Multi-Domain Server
983625022
983625022
SmartDomain Manager
983625012
983625012
SecurePlatform
983625007
983625023
upgrade - splat_ver
clean install - ver
* When you run the command on a CLI, it shows only the last three digits of the build number.
| 13
Installing R75.30
Installing R75.30
In This Section
New Installation
Upgrading
14
17
Important - Check Point software versions R75.10 or higher must have a valid
Software Blades license. Users with NGX licenses cannot install the software. To
migrate NGX licenses to Software Blades licenses, see Software Blade Migration
(http://www.checkpoint.com/products/promo/software-blades/upgrade/index.html) or
contact Account Services.
If you manage GX gateways from a Security Management server, you must regenerate
your GX licenses in the User Center to be compliant with Software Blades. This
procedure is optional for Multi-Domain Servers and Domain Management Servers.
New Installation
R75.30 is released as:
a clean installation for IPSO Flash-based appliances, including 1GB and 2GB Flash appliances
(IP29x,IP39x and IP56x)
Click Configuration > System Configuration > Packages > Delete Packages.
Select an installation package to delete, and click Apply.
Delete TGZ files.
Click Apply.
| 14
Installing R75.30
Platform
Package
Check_Point_R75.30_Appliance.iso
Smart-1 Appliances
Check_Point_R75.30_Smart-1.iso
Check_Point_R75.30_IPSO6.2.tgz
Check_Point_R75.30_Fresh.IPSO6_2.tgz
Network Voyager - See "Installation on IPSO" in the R75.20 Installation and Upgrade Guide.
Command Line add package - Copy the file to an ftp server and run:
add package media ftp addr <ip_address> user <username> password
<password> name Check_Point_R75.30_Fresh.IPSO6_2_Flash.tgz
| 15
Installing R75.30
f)
Select the package .tgz file in the Site Listing window and click Apply.
g) When the <package name> downloaded to message shows, click it and then click Apply again.
Upload from a local disk:
(i) In the Voyager Install Package window, select Upload.
(ii) Click Browse and navigate to the package .tgz file.
(iii) Click Apply.
(iv) Select the package .tgz file in the Unpack Package window and click Apply.
6.
7.
8.
9.
Click the Click here to install/upgrade link to continue with the installation.
In the Package Installation and Upgrade pane, select Install and then click Apply.
Click the Install Package branch in the Voyager tree to see the installation progress.
Go to the Manage Packages page.
The R75.30 and Check Point CPInfo packages are automatically activated during installation (diskbased appliances only).
Enable other packages, with the compatibility packages, as needed for your deployment.
Important - When you install a package using Network Voyager, this message
shows:
Voyager environment has been updated with the latest package
info.
The telnet session environment will be updated by:
logging out and logging in again the telnet session.
This message can be misleading. Click Manage Packages to verify that the package
is actually installed correctly. Refresh the page periodically until you see that the
installation is complete.
| 16
Installing R75.30
Upgrading
Important - If you installed any hotfix post R75.20, run the Validation utility
(http://supportcontent.checkpoint.com/documentation_download?ID=13681).
We recommend that you back up your system before installing this release package. Save a manually
created image before you install.
Path
Gateway Configurations
$CVPNDIR/conf/cvpnd.C
$CVPNDIR/conf/httpd.conf
$CVPNDIR/conf/includes/*
$CVPNDIR/var/ssl/ca-bundle/
$CVPNDIR/conf/SmsPhones.lst
RSA configuration
/var/ace/sdconf.rec
Check_Point_R75.30_Upgrade.IPSO6_2.tgz
Upgrade Procedure
SecurePlatform
Web UI
CLI
SmartUpdate
CLI
SmartUpdate
| 17
Installing R75.30
Platform
Upgrade Procedure
Check_Point_R75.30_Upgrade.IPSO6_2_Flash.tgz
SmartUpdate
CLI
SmartUpdate
Windows
Check_Point_R75.30_Upgrade.Windows.tgz
Solaris
Check_Point_R75.30_Upgrade.Solaris.tgz
CLI
* This upgrade package is only for appliances with 4GB Flash (IP69x, IP128x and IP245x). For appliances
with 2GB Flash (IP29x, IP39x and IP56x), you must do a clean install.
To install on Check Point appliances with SecurePlatform, use the Web User Interface or
SmartUpdate.
To install on IPSO platforms, use the command line. Network Voyager is not supported.
You can safely delete the .tgz file after you extract the package (step 6).
7. Start installation:
8. Do the instructions on the screen to install the applicable components. Only those components required
for a specific target (management or gateway) are installed automatically.
When the installation finishes, each successfully installed component appears in a list followed by the
word Succeeded.
9. When prompted, reboot the computer.
10. Open SmartDashboard and log in to the R75.30 Security Management server that controls the upgraded
gateways.
11. Open the gateway object properties window for an upgraded gateway and change the version to
R75.30.
R75.30 Release Notes
| 18
Installing R75.30
12. Repeat the above steps for all management servers, log servers and gateways.
13. Install the security policy on upgraded gateways and servers.
14. Install the database on the Security Management server.
IPSO Flash-based platforms are supported for use as Security Gateways only.
Installation using Network Voyager is not supported and may result in system
instability. You must install this version using the CLI only.
Only use this upgrade procedure for appliances with 4GB Flash (IP69x, IP128x
and IP245x). For appliances with 2GB Flash (IP29x, IP39x and IP56x), you
must do a clean install.
| 19
Installing R75.30
Appliance: https://<IP>:4434
5.
6.
7.
8.
| 20
| 21
Uninstalling
Uninstalling
Notes
Windows platforms:
(i) Go to: C:\Program files\CheckPoint\CPUninstall\R75.30
(ii) Run: Uninstall.bat
Security Gateway
| 22