Download - CP R75.20 Releasenotes

Transcript
Page 1: CP R75.20 Releasenotes

5 October 2011

Release Notes

R75.20

Classification: [Public]

Page 2: CP R75.20 Releasenotes

© 2011 Check Point Software Technologies Ltd.

All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

RESTRICTED RIGHTS LEGEND:

Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19.

TRADEMARKS:

Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks.

Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of relevant copyrights and third-party licenses.

Page 3: CP R75.20 Releasenotes

Important Information Latest Software

We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks.

Latest Documentation

The latest version of this document is at: http://supportcontent.checkpoint.com/documentation_download?ID=12414

For additional technical information, visit the Check Point Support Center (http://supportcenter.checkpoint.com).

Revision History

Date Description

05 October 2011 Clarified IP appliance requirements ("Security Software Containers" on page 11) and 64-bit support on Windows ("Security Management Software Blades" on page 14).

28 September 2011 Added warning for UTM-1 Edge and Safe@ devices that use locally configured VPN connections with download configuration settings ("Compatibility with Gateways and Endpoint Clients" on page 16).

29 August 2011 Added instructions for upgrading via CLI ("Upgrade Package via CLI" on page 16)

17 August 2011 Added Multi-Domain Security Management to products that the new Uninstall does not remove

16 August 2011 Added Windows Server 2008 R2 to list of supported OS versions

4 August 2011 Fixed documentation of build numbers to show only the verification output part of the number

2 August 2011 First release of this document

Feedback

Check Point is engaged in a continuous effort to improve its documentation.

Please help us by sending your comments (mailto:[email protected]?subject=Feedback on R75.20 Release Notes).

Page 4: CP R75.20 Releasenotes

Contents

Important Information ............................................................................................. 3 Introduction to R75.20 ............................................................................................ 5

Important Solutions.............................................................................................. 5 What's New .............................................................................................................. 6

URL Filtering Software Blade .............................................................................. 6 Application Control Software Blade ..................................................................... 6 DLP Software Blade ............................................................................................ 7 Identity Awareness Software Blade ..................................................................... 7 Mobile Access and IPSec Software Blades ......................................................... 7 HTTPS Inspection ............................................................................................... 7 SmartEvent Overview Customization .................................................................. 8 SmartDashboard ................................................................................................. 8 SmartView Tracker .............................................................................................. 8 SmartEvent ......................................................................................................... 8 Management Servers .......................................................................................... 8 Uninstall Utility ..................................................................................................... 8 Minor Release Content ........................................................................................ 9

Supported Products ............................................................................................... 9 IPS Software Blade License Enforcement ....................................................... 9

Build Numbers ....................................................................................................10 Supported Security Products by Platform ...........................................................11

Security Software Containers .........................................................................11 Security Gateway Software Blades ................................................................13 Security Management Software Blades .........................................................14

Clients and Consoles by Windows Platform .......................................................15 Abra Secure Portable Workspace .......................................................................15 Upgrade Paths and Interoperability ....................................................................15

Supported Management and Gateway Upgrade Paths ..................................15 Compatibility with Gateways and Endpoint Clients .........................................16 IPS-1 Upgrade Paths and Interoperability ......................................................16 Upgrade Package via CLI ..............................................................................16

Platform Requirements ........................................................................................ 17 SecurePlatform ...................................................................................................17 IPSO ..................................................................................................................17 Linux ..................................................................................................................18 Microsoft Windows .............................................................................................18 Solaris ................................................................................................................19 Maximum Number of Interfaces Supported by Platform ......................................20

Minimum System Requirements .......................................................................... 21 Security Gateway Hardware Requirements ........................................................21 Security Management Hardware Requirements .................................................22 SmartConsole and SmartDomain Manager Hardware Requirements .................22 Multi-Domain Security Management Requirements ............................................23

Multi-Domain Security Management Resource Consumption ........................23 SmartEvent Requirements ..................................................................................23 SmartReporter Requirements .............................................................................24

Optimizing SmartReporter Performance ........................................................24 Performance Pack ..............................................................................................24

Uninstalling ........................................................................................................... 25

Page 5: CP R75.20 Releasenotes

Important Solutions

Introduction to R75.20 Page 5

Introduction to R75.20 Thank you for installing Check Point version R75.20. Please read this document carefully before installing R75.20.

Important - Check Point software versions R75.10 or higher must have a valid Software Blades license. Users with NGX licenses cannot install the software. To migrate NGX licenses to Software Blades licenses, see Software Blade Migration (http://www.checkpoint.com/products/promo/software-blades/upgrade/index.html) or contact Account Services.

If you manage IPv6 or GX gateways from a Security Management server, you must regenerate your IPv6 and GX licenses in the User Center to be compliant with Software Blades. This procedure is optional for Multi-Domain Servers and Domain Management Servers.

Important Solutions For more about R75.20 and to download the software, go to the R75.20 Home Page (http://supportcontent.checkpoint.com/solutions?id=sk64361).

For a list of open issues, see the Known Limitations (http://supportcontent.checkpoint.com/solutions?id=sk64362).

Page 6: CP R75.20 Releasenotes

URL Filtering Software Blade

What's New Page 6

What's New

In This Section

URL Filtering Software Blade 6

Application Control Software Blade 6

DLP Software Blade 7

Identity Awareness Software Blade 7

Mobile Access and IPSec Software Blades 7

HTTPS Inspection 7

SmartEvent Overview Customization 8

SmartDashboard 8

SmartView Tracker 8

SmartEvent 8

Management Servers 8

Uninstall Utility 8

Minor Release Content 9

URL Filtering Software Blade Integrated Rule Base for URL Filtering and Application Control policies.

User Check lets Security Gateways communicate with end users using the new "Inform" and "Ask" actions.

Cloud-based URL Filtering service dynamically categorizes Web traffic.

Lets users define new custom sites.

New tracking options: Extended Log and Complete Log for auditing all URLs accessed during a Web session.

You can define URL Filtering policies with granularity at the user and user group levels, integrating with Identity Awareness.

URL Filtering is supported on more platforms, including IPSO and Windows.

Enhanced URL Filtering integration with SmartEvent and SmartReporter.

Application Control Software Blade Integrated Rule Base for URL Filtering and Application Control policies.

User Check lets Security Gateways communicate with end users using the new "Inform" and "Ask" actions.

Lets users define new custom applications.

Download predefined application and category definitions from the Check Point Web site.

New tracking options: Extended Log and Complete Log for auditing all URLs accessed during a Web session.

Note - The term tags is changed to categories.

Page 7: CP R75.20 Releasenotes

DLP Software Blade

What's New Page 7

DLP Software Blade Enhanced email and Web enforcement:

Prevents data loss from HTTP/S traffic, such as Gmail and Facebook.

Inspects email messages between internal users and groups in an organization using the Check Point Microsoft Exchange agent.

Scans outgoing TLS (SMTPS) encrypted email using the Check Point Microsoft Exchange agent.

DLP HTTP/S inspection for non-standard ports.

Improved performance and high availability:

Web traffic performance improvements (connection rate, concurrent connections and throughput).

DLP-1 2571/9571 appliances have standalone and full high availability modes, in addition to the fail open NIC option.

ClusterXL load sharing (detect only).

150 new out-of-the-box data types (total of 500 data types) make it easier to get started.

Enhanced visibility and administrative tools:

Rich DLP status and statistics for SmartDashboard and SmartView Monitor.

Administrators can send or discard quarantined email using SmartView Tracker and SmartEvent.

More methods to prevent unintentional exposure of administrators to sensitive data:

Hide credit card numbers by showing only the last 4 digits in the logs.

Granular administrator permissions give more control over who can see DLP data.

Enhanced template data types:

New option to ignore empty templates during scanning.

Dynamically load many templates into one data type.

Custom data types and other enhancements to the CPcode scripting language.

Identity Awareness Software Blade Identity Acquisition (AD Query, Identity Agents and Captive Portal) is supported on IPSO platforms.

Mobile Access and IPSec Software Blades R75.20 supports VPN authentication from many different devices. Users can have more than one user certificate for authentication with VPN clients, iPhone, iPad, or the Mobile Access portal.

HTTPS Inspection Inspection of HTTPS/SSL traffic from enterprise networks to external destinations.

Granular inspection settings for different Software Blades.

Logging enhancements, including logs for IPS, DLP, Anti-Virus, URL Filtering and Application Control Software Blades.

New predefined queries.

Integrated into relevant event views and cards.

HTTPS inspection is supported on IPSO and SecurePlatform.

HTTPS Policies now include custom sites and URL Filtering categories.

Page 8: CP R75.20 Releasenotes

SmartEvent Overview Customization

What's New Page 8

SmartEvent Overview Customization You can customize your Overview window by adding, deleting, configuring, moving and resizing panels.

You can change between different preconfigured overviews for different Software Blades (IPS, DLP, and URL Filtering).

SmartDashboard Administrators can easily change the SmartDashboard access mode without closing and restarting

SmartDashboard.

Administrators currently logged in using the Read Only mode can receive a notification when the Read/Write access mode is available.

SmartView Tracker User names are shown by default for administrators with Read/Write permissions.

You can choose if identities are shown or hidden by default for customized administrators.

SmartEvent User names are shown by default for administrators with Read/Write permissions.

You can choose if identities are shown or hidden by default for customized administrators.

Management Servers These new features are in the Security Management Server and the Multi-Domain Server.

User and administrator expiration enhancements.

Notifications for expired and about to expire Users/Administrators.

Different procedures for configuring expiration dates.

New Permissions Profiles for Multi-Domain Security Management.

Uninstall Utility Before R75.20, it was necessary to uninstall each major release package separately. R75.20 includes a new command line utility that silently uninstalls the old release ("Uninstalling" on page 25).

The uninstall Utility is available for:

Windows

Linux

IPSO

Solaris

Note - To uninstall an old release on SecurePlatform, use the Backup and Revert functionality.

Page 9: CP R75.20 Releasenotes

Minor Release Content

Supported Products Page 9

Minor Release Content This release includes fixes and improvements that were initially included in R71.30 and R75.10. For more information, see:

R71.30 Release notes (http://supportcontent.checkpoint.com/documentation_download?ID=11714)

R75.10 Release notes (http://supportcontent.checkpoint.com/documentation_download?ID=12081)

Supported Products

In This Section

Build Numbers 10

Supported Security Products by Platform 11

Clients and Consoles by Windows Platform 15

Abra Secure Portable Workspace 15

Upgrade Paths and Interoperability 15

Important - Check Point software versions R75.10 or higher must have a valid Software Blades license. Users with NGX licenses cannot install the software. To migrate NGX licenses to Software Blades licenses, see Software Blade Migration (http://www.checkpoint.com/products/promo/software-blades/upgrade/index.html) or contact Account Services.

If you manage IPv6 or GX gateways from a Security Management server, you must regenerate your IPv6 and GX licenses in the User Center to be compliant with Software Blades. This procedure is optional for Multi-Domain Servers and Domain Management Servers.

IPS Software Blade License Enforcement Security Gateways with IPS Software Blades must have a current, valid IPS contract that is renewed annually. To manage your contracts, go to your UserCenter account or contact your reseller.

Notifications that IPS service contracts are expiring show in many locations, including:

The IPS SmartDashboard window

SmartUpdate

Product reports in your Check Point UserCenter account

If your service contract has expired, IPS continues to operate using the R70 (Q1/2009) signature set. Renew your IPS service contract to download and use the current signature set.

For more about IPS contract enforcement, see sk44175 (http://supportcontent.checkpoint.com/solutions?id=sk44175).

Page 10: CP R75.20 Releasenotes

Build Numbers

Supported Products Page 10

Build Numbers This table shows the R75.20 software products and their build numbers as included on the product DVD. To verify each product build number, use the show command syntax or do the steps in the GUI.

Software Blade / Product Build Number Verifying Build Number

Security Gateway 274 fw ver

Security Management 080 fwm ver

SmartConsole Applications 983000411 Help > About Check Point <Application name>

Mobile Access 163 cvpn_ver

Multi-Domain Server 214 fwm mds ver

SmartDomain Manager 983000230 Help > About Check Point Multi-Domain Security Management

SecurePlatform 095 ver

Acceleration (Performance Pack)

017 sim ver -k

Advanced Networking (Routing)

007 gated -ver

Server Monitoring (SVM Server) 008 rtm ver

Management Portal 015 cpvinfo /opt/CPportal-

R75/portal/bin/smartportalstart

SmartReporter 219 SVRServer ver

Endpoint Security Server 7.60.302.000 About

Compatibility Packages

CPNGXCMP-Flow-00 002 /opt/CPNGXCMP-R75/bin/fw_loader ver

CPV40Cmp-Flow-00 006 /opt/CPV40Cmp-R75/bin/fw_loader ver

CPEdgecmp-Flow-00 004 /opt/CPEdgecmp-R75/bin/fw ver

CPCON66CMP-Flow-00 001 /opt/CPCON66CMP-R75/bin/fw_loader ver

fl_cmp 008

Fox_Cmp 016

CPSG80CMP-Flow-00 005 /opt/CPSG80CMP-R75/bin/fw_loader ver

Page 11: CP R75.20 Releasenotes

Supported Security Products by Platform

Supported Products Page 11

Supported Security Products by Platform These tables show the security products related to this release and on which platforms they are supported.

Security Software Containers Software containers are supported on these operating systems and platforms.

Software Blade Containers

Check Point Platforms and Operating Systems

Secure Platform

Smart-1

Smart-1 SmartEvent

Power-1 UTM-1 IPSO

Disk-based

IPSO

Flash-based

Security Management

(5, 25, 50)

Security Gateway

1

Multi-Domain Security Management

(50, 150)

Software Blade Containers

Other Platforms and Operating Systems

For more about supported operating system versions, refer to Operating System Versions (on page 12).

Microsoft RedHat Linux Crossbeam Solaris

Windows Server

2003, 2008

Windows

XP, 7

RHEL

5.0, 5.4

X-series Ultra-SPARC

8, 9, 10

Security Management

3

Security Gateway

Multi-Domain Security Management

2

Notes about Security Software Containers

1. The supported IP Appliances models are IP150, IP290, IP390, IP560, IP690, IP1280, and IP2450. On Flash-based Appliances, 1G of RAM is enough to run Firewall, IPS and VPN blades only. To activate more blades, 2G of RAM is required on IP290, IP390, and IP560 flash-based appliances.

2. We recommend that you install Multi-Domain Security Management on Sun M-Series servers. We do not recommend that you install Multi-Domain Security Management on Sun T-Series servers.

3. Security Management Server supports Windows Server 2008 R2.

Page 12: CP R75.20 Releasenotes

Supported Security Products by Platform

Supported Products Page 12

Operating System Versions

The versions of the Microsoft and RedHat operating systems that are listed in the Security Software Containers table are:

Operating System Editions Service Pack 32 or 64-bit

Microsoft

Windows XP Professional SP3 32-bit

Windows 2003 Server N/A SP11, SP2 32-bit

Windows 2008 Server N/A SP1, SP2 32-bit, 64-bit2

Windows 7 Professional, Enterprise, Ultimate

N/A 32-bit, 64-bit

RedHat

RHEL 5.0 N/A 32-bit

RHEL 5.4 kernel 2.6.18 N/A 32-bit

Notes -

1. For Windows 2003 SP1, you must install the hotifx specified in Microsoft KB 906469 (http://support.microsoft.com/kb/906469).

2. Windows 2008 Server 64-bit is supported for Security Management only.

Dedicated Gateways

To install R75.20 on an R71 DLP-1 appliance or an R71 DLP open server, do a clean installation of R75.20.

Note - You can upgrade a DLP-1 9571 to R75.20, but you must first do a BIOS upgrade before installing R75.20 and then do a clean R75.20 installation. See sk62903 (http://supportcontent.checkpoint.com/solutions?id=sk62903) for details.

You cannot upgrade these dedicated gateways to R75.20:

Open Server - IPS-1 Sensor, VSX

Appliances - Series 80, UTM-1 Edge, IPS-1 Sensor, VSX-1

Page 13: CP R75.20 Releasenotes

Supported Security Products by Platform

Supported Products Page 13

Security Gateway Software Blades

Software Blade Operating System

Check Point Microsoft Crossbeam

Secure Platform

IPSO 6.2 Disk- based

IPSO 6.2 Flash- based

Windows Server 2003

Windows Server 2008

X-series

Firewall

Identity Awareness

IPSec VPN

IPS4

Mobile Access

DLP1

Application Control4

Anti-Virus & Anti-Malware

URL Filtering4

Anti-Spam & Email Security

Web Security

Advanced Networking - QOS

Advanced Networking - Dynamic Routing and Multicast Support

Acceleration & Clustering 2

2

3

Notes about Security Gateway Software Blades

1. DLP supports High-Availability clusters, including Full HA.

DLP supports Load Sharing clusters in the Detect mode.

On UTM-1 130/270, you can use DLP with Firewall and other Security Gateway software blades, or with Firewall and Security Management software blades.

The DLP portal supports these web browsers: Internet Explorer 6, 7, 8, 9; Firefox 3,4; Chrome 8; and Safari 5.

2. Only Clustering is supported on Windows. Acceleration is not supported.

3. Only third-party clustering is supported on Crossbeam.

4. HTTPS Inspection is supported only on SecurePlatform and IPSO.

Page 14: CP R75.20 Releasenotes

Supported Security Products by Platform

Supported Products Page 14

Security Management Software Blades

Software Blade Operating System

Check Point Microsoft RedHat Linux

Solaris

Secure Platform

IPSO 6.2 Disk- based

Windows Server 2003

Windows Server 2008

Windows XP, 7

RHEL 5.0, 5.4

Ultra- SPARC

Network Policy Management

Endpoint Policy Management

Logging & Status

Monitoring

SmartProvisioning

Management Portal*

User Directory

SmartWorkflow

SmartEvent **

SmartReporter

* Management Portal is supported on the following Web browsers: Internet Explorer 7, and Firefox 1.5 - 3.0

** SmartEvent is supported on 32-bit only.

Page 15: CP R75.20 Releasenotes

Clients and Consoles by Windows Platform

Supported Products Page 15

Clients and Consoles by Windows Platform

Check Point Product

XP Home (SP3) 32-bit

XP Pro (SP3) 32-bit

Server 2003 (SP1-2) 32-bit

Server 2008 (SP1-2) 32-bit

Vista (SP1) 32-bit

Vista (SP1) 64-bit

Windows 7

Ultimate & Enterprise 32-bit

Windows 7 Ultimate & Enterprise 64-bit

SmartConsole 1

2

2

SmartDomain Manager

SecureClient

Endpoint Security VPN

3

3

SSL Network Extender

3

3

DLP User Check

DLP Exchange Agent

Identity Agent 3

3

Notes about Clients and Consoles

1. SmartConsole supports Windows Server 2008 R2.

2. SmartConsole supports Windows 7 Professional (32 and 64 bit).

3. Endpoint Security VPN, SSL Network Extender, and Identity Agent clients support all editions of Windows 7.

Abra Secure Portable Workspace R75.20 Security Gateways support Abra Secure Portable Workspace R70.1 only. R70 is not supported.

Upgrade Paths and Interoperability R75.20 supports upgrading from lower software versions and management of lower Security Gateway versions.

Supported Management and Gateway Upgrade Paths You can upgrade these Security Management Server and Security Gateway versions to R75.20:

R71.30

R75

R75.10

Page 16: CP R75.20 Releasenotes

Upgrade Paths and Interoperability

Supported Products Page 16

Compatibility with Gateways and Endpoint Clients

Release Version

Gateways

Security Gateway NGX R65, R70, R70.1, R70.20, R70.30, R70.40, R71, R71.10, R71.20, R71.30, R75, R75.10

DLP-1 R71 and higher

IPS-1 R71

Series 80 R71

VSX VSX NGX R65, VSX NGX R67

Connectra Centrally Managed NGX R66

UTM-1 Edge 7.5.x and above *

GX 4.0

Endpoint Clients

SecureClient up to SecureClient NGX R60 HFA 3 with support for Windows 7 32-bit

Endpoint Connect up to Endpoint Security VPN R75 for Windows

Endpoint Security up to R73 HFA1

*- UTM-1 Edge and Safe@ devices that use locally configured VPN connections with download configuration settings, may experience VPN connectivity failure with R75.20 Security Gateways. To enable this configuration with R75.20, see sk65369 (http://supportcontent.checkpoint.com/solutions?id=sk65369).

IPS-1 Upgrade Paths and Interoperability R75 Security Management servers can only manage R71 IPS-1 Sensors. To upgrade pre-R71 IPS-1 Sensors, do a clean install of R71 IPS-1 Sensor software on the IPS-1 Sensor. (http://supportcontent.checkpoint.com/documentation_download?ID=10327)

Upgrade Package via CLI You can use these command line instructions to install R75.20 with an ISO file when WebUI is not possible.

To install R75.20 using the CLI:

1. Download the applicable ISO file from the R75.20 Home Page (http://supportcontent.checkpoint.com/solutions?id=sk64361).

2. Copy the ISO file to /var/tmp.

3. Run:

mount –o loop /var/tmp/<name>.iso /cdrom

4. Run:

patch add cd

Page 17: CP R75.20 Releasenotes

SecurePlatform

Platform Requirements Page 17

Platform Requirements

In This Section

SecurePlatform 17

IPSO 17

Linux 18

Microsoft Windows 18

Solaris 19

Maximum Number of Interfaces Supported by Platform 20

SecurePlatform This release is shipped with the latest SecurePlatform operating system, which supports a variety of hardware, including open servers and network interface cards.

Note - Cross-platform High Availability is supported if all of the platforms are SecurePlatform, Linux, or Solaris. It is not supported with Windows and non-Windows platforms (SecurePlatform, Linux, and Solaris).

See the list of certified hardware (http://www.checkpoint.com/services/techsupport/hcl/index.html) before installing SecurePlatform on the target hardware.

IPSO Only clean installation of R75.20 is supported on IPSO flash-based models:

IP290

IP390

IP560

Advanced Routing and SecureXL are included by default.

Clustering on IPSO supports VRRP and IP Clustering.

You cannot manage UTM-1 Edge devices from a Security Management server on an IPSO platform.

All currently available IPSO platform types (Disk-based, Flash-based, and Hybrid) are supported.

R75.20 on IPSO flash-based models requires 2GB RAM.

Note - This is more required disk space than that required by earlier versions.

Page 18: CP R75.20 Releasenotes

Linux

Platform Requirements Page 18

Linux

Note - Cross-platform High Availability is supported if all of the platforms are SecurePlatform, Linux, or Solaris. It is not supported with Windows and non-Windows platforms (SecurePlatform, Linux, and Solaris).

Before you install Security Management on Red Hat Enterprise Linux 5:

1. Install the sharutils-4.6.1-2 package.

a) Make sure that you have the sharutils-4.6.1-2 package installed by running: rpm -qa | grep sharutils-4.6.1-2

b) If the package is not already installed, install it by running: rpm –i sharutils-4.6.1-2.i386.rpm

This package can be found on CD 3 of RHEL 5.

2. Install the compat-libstdc++-33-3.2.3-61 package.

a) Make sure that you have the compat-libstdc++-33-3.2.3-61 package by running: rpm –qa | grep compat-libstdc++-33-3.2.3-61

b) If the package is not already installed, install it by running: rpm –i compat-libstdc++-33-3.2.3-61.i386.rpm

This package can be found on CD 2 of RHEL 5.

3. Disable SeLinux.

a) Make sure that SeLinux is disabled by running: getenforce

b) If SeLinux is enabled, disable it by setting SELINUX=disabled in the /etc/selinux/config file

and rebooting the computer.

Microsoft Windows

Note - Cross-platform High Availability is supported if all of the platforms are SecurePlatform, Linux, or Solaris. It is not supported with Windows and non-Windows platforms (SecurePlatform, Linux, and Solaris).

High Availability Legacy mode is not supported on Windows.

Page 19: CP R75.20 Releasenotes

Solaris

Platform Requirements Page 19

Solaris Security Management Server and Multi-Domain Security Management are supported with Solaris running on UltraSPARC 64-bit platforms. See Management Products by Platform ("Supported Security Products by Platform" on page 11).

Required Packages

SUNWlibC

SUNWlibCx (except Solaris 10)

SUNWter

SUNWadmc

SUNWadmfw

Required Patches

The patches listed below are required to run Check Point software on Solaris platforms. They can be downloaded from: http://sunsolve.sun.com (http://sunsolve.sun.com).

To display your current patch level, use the command: showrev -p | grep <patch number>

Platform Required Recommended Notes

Solaris 8

108528-18 If the patches 108528-17 and 113652-01 are installed, remove 113652-01, and then install 108528-18.

110380-03

109147-18

109326-07

108434-01 Required only for 32 bit systems

108435-01 Required only for 64 bit systems

109147-40 or higher

Solaris 9

112233-12

112902-07

116561-03 Only if dmfe(7D) Ethernet driver is defined on the machine

112963-25 or higher

Solaris 10 117461-08 or higher

We recommend that you install Multi-Domain Security Management on Sun M-Series servers. Multi-Domain Security Management is not supported on Sun T-Series servers.

Note - Cross-platform High Availability is supported if all of the platforms are SecurePlatform, Linux, or Solaris. It is not supported with Windows and non-Windows platforms (SecurePlatform, Linux, and Solaris).

Page 20: CP R75.20 Releasenotes

Maximum Number of Interfaces Supported by Platform

Platform Requirements Page 20

Maximum Number of Interfaces Supported by Platform

The maximum number of interfaces supported (physical and virtual) is shown by platform in this table.

Platform Max Number of Interfaces

Notes

SecurePlatform

1015 1. SecurePlatform supports 255 virtual interfaces per physical interface.

2. When using Dynamic Routing on SecurePlatform, 200 virtual interfaces per physical interface are supported.

IPSO 1024

Windows 32

Page 21: CP R75.20 Releasenotes

Security Gateway Hardware Requirements

Minimum System Requirements Page 21

Minimum System Requirements

In This Section

Security Gateway Hardware Requirements 21

Security Management Hardware Requirements 22

SmartConsole and SmartDomain Manager Hardware Requirements 22

Multi-Domain Security Management Requirements 23

SmartEvent Requirements 23

SmartReporter Requirements 24

Performance Pack 24

For SecureClient Requirements, see the SecureClient NGX R66 Release Notes (http://downloads.checkpoint.com/dc/download.htm?ID=8371).

For Endpoint Security Server and Client requirements, see the Endpoint Security R73 HFA1 Release Notes (http://supportcontent.checkpoint.com/documentation_download?ID=11547).

Security Gateway Hardware Requirements

For open servers:

Component Windows SecurePlatform on Open Servers

Linux

Processor Intel Pentium IV or

1.5 GHz equivalent

Intel Pentium IV or

2 GHz equivalent

Intel Pentium IV or

2 GHz equivalent

Free Disk Space 1GB 10GB 1.4GB

Memory 512MB 512MB 512MB

Optical Drive Yes Yes Yes

Network Adapter One or more One or more supported cards

One or more

Page 22: CP R75.20 Releasenotes

Security Management Hardware Requirements

Minimum System Requirements Page 22

Security Management Hardware Requirements

For open servers:

Component Windows Linux SecurePlatform on Open Servers

Solaris

Processor Intel Pentium Processor E2140 or 2 GHz equivalent processor

Intel Pentium Processor E2140 or 2 GHz equivalent processor

Intel Pentium Processor E2140 or 2 GHz equivalent processor

Sun UltraSPARC IV and higher

Free Disk Space 1GB 1.4GB 10GB (installation includes OS)

1GB

Memory 1GB 1GB 1GB 512MB

Optical Drive Yes Yes Yes (bootable) Yes

Network Adapter One or more One or more One or more One or more

SmartConsole and SmartDomain Manager Hardware Requirements

This table shows the minimum hardware requirements for console applications, including: SmartDashboard, SmartView Tracker, SmartView Monitor, SmartProvisioning, SmartReporter, and SmartEvent, SecureClient Packaging Tool, SmartUpdate, and SmartDomain Manager.

Component Windows

CPU Intel Pentium Processor E2140 or 2 GHz equivalent processor

Memory 512MB

Disk Space 500MB

Optical Drive Yes

Video Adapter minimum resolution: 1024 x 768

Page 23: CP R75.20 Releasenotes

Multi-Domain Security Management Requirements

Minimum System Requirements Page 23

Multi-Domain Security Management Requirements

The minimum recommended system requirements for Multi-Domain Security Management are:

Component Linux Solaris SecurePlatform

CPU Intel Pentium Processor E2140 or 2 GHz equivalent processor

UltraSPARC III 900MHz

Intel Pentium Processor E2140 or 2 GHz equivalent processor

Memory 4GB 4GB 4GB

Disk Space 2GB 2GB 10GB (install includes OS)

Optical Drive Yes Yes Yes (bootable)

Multi-Domain Security Management Resource Consumption

Resource consumption is dependent on the scale of your deployment. The larger the deployment, the more disk space, memory, and CPU are required.

The Multi-Domain Security Management disk space requirements are:

For basic Multi-Domain Server installations: 2GB (1GB /opt, 1GB /var/opt).

For each Domain Management Server: 400MB (for the Domain Management Server directory located in

/var/opt)

SmartEvent Requirements You can install SmartEvent on a Security Management Server or on a different, dedicated computer.

Component Windows/Linux/SecurePlatform

CPU Intel Pentium IV 2.8 GHz

Memory 4GB

Disk Space 25GB

SmartEvent is not supported on Solaris platforms.

To optimize SmartEvent performance:

Use a disk available high RPM, and a large buffer size.

Increase the server memory.

Page 24: CP R75.20 Releasenotes

SmartReporter Requirements

Minimum System Requirements Page 24

SmartReporter Requirements These hardware requirements are for a SmartReporter server that monitors at least 15GB of logs each day and generates many reports. For deployments that monitor fewer logs, you can use a computer with less CPU or memory.

SmartReporter can be installed on a Security Management Server or on a dedicated machine.

Component Windows & Linux Minimum

Windows & Linux Recommended

Solaris

CPU Intel Pentium IV 2.0 GHz Dual CPU 3.0 GHz UltraSPARC III 900 MHz

Memory 1GB 2GB 1GB

Disk Space Installation:

Database:

80MB

60GB (40GB for database, 20GB for temp directory)

(on 2 physical disks)

80MB

100GB (60GB for database, 40GB for temp directory)

80MB

60GB (40GB for database, 20GB for temp directory)

DVD Drive Yes Yes Yes

Optimizing SmartReporter Performance We recommend these tips to optimize SmartReporter performance:

Disable DNS resolution. This can increase consolidation performance to as much as 32GB of logs for each day.

Configure the network connection between the SmartReporter server and the Security Management server to the optimal speed.

Install a disk with high RPM (revolutions per minute) and a large buffer size.

Use UpdateMySQLConfig to adjust the database configuration and adjust the consolidation memory

buffers to use the more memory.

Increase memory for better performance.

Performance Pack The recommended platform configuration for Performance Pack a computer with a Quad-Core Intel Xeon Processor 5xxx with 6GB RAM, or more.

Check Point appliances with this configuration:

Power-1 11000 Series

Examples of open servers with these configurations:

HP ProLiant DL-360 G6

HP ProLiant DL-380 G6

Dell PowerEdge R610

Dell PowerEdge R710

IBM System x3550 M2

IBM System x3650 M2

Page 25: CP R75.20 Releasenotes

Performance Pack

Uninstalling Page 25

Uninstalling

Important - This uninstall procedure does not remove Endpoint Security or Multi-Domain Security Management Products.

Use these procedures to install R75.20.

Platform Procedure

Windows 1. Open Start > Check Point > Uninstall R75.20

2. At the prompt, enter Y to continue.

Linux IPSO Solaris

1. Change directory to: /opt/CPUninstall/R75.20/

2. Run: ./UnixUninstallScript

Example of Uninstall output:

***********************************************************

Welcome to Check Point R75.20 Uninstall Utility

***********************************************************

All R75.20 packages will be uninstalled.

Uninstallation program is about to stop all Check Point processes.

Do you want to continue (y/n) ? y

Stopping Check Point Processes...Done!

Uninstalling Mobile Access package...Done!

Uninstalling Management Portal package...Done!

Uninstalling SmartEvent and SmartReporter Suite package...Done!

Uninstalling Performance Pack package...Done!

Uninstalling R75 Compatibility Package package...Done!

Uninstalling R71 Compatibility Package package...Done!

Uninstalling CPSG 80 Series compatibility package package...Done!

Uninstalling Connectra R66 Compatibility Package package...Done!

Uninstalling NGX Compatibility Package package...Done!

Uninstalling V40 Compatibility Package package...Done!

Uninstalling UTM-1 Edge compatibility Package package...Done!

Uninstalling CPinfo package...Done!

Uninstalling Security Gateway / Security Management package...Done!

Package Name Status

------------ ------

Mobile Access Succeeded

Management Portal Succeeded

SmartEvent and SmartReporter Suite Succeeded

Performance Pack Succeeded

R75 Compatibility Package Succeeded

R71 Compatibility Package Succeeded

CPSG 80 Series compatibility package Succeeded

Connectra R66 Compatibility Package Succeeded

NGX Compatibility Package Succeeded

V40 Compatibility Package Succeeded

UTM-1 Edge compatibility Package Succeeded

CPinfo Succeeded

Security Gateway / Security Management Succeeded

*****************************************************

Uninstallation program completed successfully.

Do you wish to reboot your machine (y/n) ? n

If any package fails to uninstall, the script generates a log file and prints its location on the screen.