embedded ngx 7.5 release notes - check point...
TRANSCRIPT
1
Embedded NGX 8.1 Release Notes
Post General Availability Version
November 2010
2
Contents
CONTENTS .......................................................................................................... 2
INTRODUCTION .................................................................................................. 3
Highlights of This Version ............................................................................................ 3
Supported Platforms ................................................................................................... 4
Availability.................................................................................................................. 4
Copyright .................................................................................................................... 4
CHANGES FROM 8.1.37 TO 8.1.47 ................................................................................ 5
NEW FEATURES ................................................................................................. 9
New 802.11n Standard ................................................................................................ 9
Robust 3G Modem Support ......................................................................................... 9
Gigabit Ethernet Ports ................................................................................................. 9
Endpoint Connect ..................................................................................................... 10
Support for New USB Modems .................................................................................. 10
Improved Overall Firewall Throughput ...................................................................... 10
Increased Amount of Connections, Tunnels, and VPN Sites ........................................ 10
RADIUS Accounting ................................................................................................... 11
Internet Connection Swapping .................................................................................. 12
Time-Based Web Rules .............................................................................................. 12
Time-Based Web Filtering Categories ........................................................................ 13
VStream Antivirus Supports New Office 2007 Extensions ........................................... 13
Enhanced GUI Customizer Support .......................................................................... 13
Dynamic Routing (OSPF/BGP) ................................................................................... 13
3
Introduction
Highlights of This Version
Embedded NGX 8.1 incorporates a host of new and improved features, including:
Support for new wireless standard (802.11n) *
Robust 3G connectivity *
Gigabit Ethernet ports *
Endpoint Connect
Support for new USB modems
Improved overall firewall throughput *
Increased amount of connections, tunnels, and VPN sites *
Increased amount of connections per second *
Increased DHCP leases *
OSPF and BGP are offered within a single firmware*
RADIUS accounting
Swapping of primary and secondary connections
Time-based Web rules
Time-based Web Filtering categories
Enhanced GUI customizer
VStream Antivirus support for new Office 2007 extensions
*Available starting hardware version 1.4 Some release notes are license dependent
4
Supported Platforms
Embedded NGX 8.1 GA supports the following hardware platforms:
Check Point Safe@Office 100B series
Check Point Safe@Office 200 series
Check Point Safe@Office 400W series
Check Point Safe@Office 500 series
Check Point Safe@Office 1000N series
Check Point UTM-1 Edge X series
Check Point UTM-1 Edge W series
Check Point UTM-1 Edge N series
Check Point ZoneAlarm Z100G
NEC SecureBlade 300
Availability
Embedded NGX 8.1 is available to existing Embedded NGX customers with a valid software subscription contract. For additional information and documentation, click here.
Copyright
© Copyright 2010 SofaWare Technologies Ltd.
SofaWare is a registered trademark of SofaWare Technologies Ltd.
Check Point is a registered trademark of Check Point Software Technologies Ltd.
5
CHANGES FROM 8.1.37 TO 8.1.47
8.1.47
Issues resolved:
Any
Fix time change issue which causes the appliance to reboot
8.1.46
Issues resolved:
Any
Improve Firmware upgrade process
Fix general memory leak
Inspection
Fix caching mechanism when Anti-Virus and Anti-Spam are active
8.1.45
Any
Production Build
8.1.44
Features
Add optional random wait timer for VPN establishment
Issues resolved:
Any
Improve HotSpot performance
Network
Fix wireless functionality
Improve 3G connectivity upload speed (N series only)
6
When using WDS auto channel should not be allowed (N series only)
In some cases when appliance authenticates via SMP it restarts (N series only)
8.1.43
Issues resolved:
Any
Fix USB display in GUI
Fix wording on VPN page
Network
Fix PPTP Accelerator on N Series
8.1.42
Issues resolved:
Any
Add support for larger Firmware size (N series only)
Network
Fix DHCP Relay on the DMZ interface
8.1.41
Issues resolved:
Any
The size of topology file increased to 600K (N series only)
The size of policy file increased to 600K (N series only)
Network
When radius authentication failed the connection did not close properly
7
Improved DHCP packet processing
VPN
Enable Endpoint connect Termination on secondary internet connection
8.1.40
Network
Prevent potential DOS attacks for CLI via SMS
In some cases WDS does not act as it should (N series only)
Add sim validation when remote CLI function is activated (CLI via SMS)
VPN
Endpoint connect disconnects when the appliance tries to establish a remote VPN connection
8.1.39
Features
Network
Allow CLI access over SMS (text message), SMS Management
Issues resolved:
Network
Enable WPA Security with WDS feature on N series appliances
8.1.38
Network
Fix wrong behavior after 802.1x authentication
When disabling 802.1x feature, local switch becomes unusable until reboot
802.1x authentication table is not cleaned after reset to defaults
VPN – Server
8
Chap authentication might cause reboot when authentication fails with L2TP
Not able to bind office mode network to gateway when LAN network is assigned to non
9
New Features
New 802.11n Standard
Embedded NGX 8.1 supports the new 802.11n standard. This standard builds upon the previous 802.11g standard, by adding multiple-input and multiple-output (MIMO) features. MIMO is a technology that uses multiple antennas to coherently resolve more information than possible using a single antenna. The MIMO physical layer reduces problems with reflected signals.
Another feature that MIMO technology offers is Spatial Division Multiplexing (SDM). SDM spatially multiplexes independent data streams that are transferred simultaneously within one spectral channel of bandwidth. MIMO SDM can significantly increase data throughput, as the number of resolved special data streams is increased.
In addition to MIMO, 802.11n also supports channel bonding (40MHz channels), a channel width that is double the 20MHz available in previous 802.11 PHYs, allowing for doubling of the PHY data rate over a single 20 MHz channel. Channel bonding is only enabled in the 2.4 GHz range if there are no other 802.11 or non-802.11 systems (such as Bluetooth) using those same frequencies in the area.
802.11n provides a maximum theoretical data rate of 300 Mbps and a maximum range of 250 meters outdoors.
Robust 3G Modem Support
Embedded NGX 8.1 robust 3G modem support allows for a continuous strong connection in extreme environments where cellular signal is weak, and connection interference may occur.
Gigabit Ethernet Ports
Embedded NGX 8.1 supports Gigabit Ethernet ports that allow an accelerated transfer rate of 1 billion bits of data per second (1Gb per second). Such performance meets the increasing market demands for higher bandwidth.
10
Endpoint Connect
Check Point Endpoint Connect™ VPN client can connect to Embedded NGX 8.1 appliances. Endpoint Connect enables mobile users with seamless connectivity to corporate resources by encrypting and authenticating data transmitted during secure remote access sessions.
Notes:
When configuring “allow and forward” policy rule on TCP port 443, Endpoint Connect does not work.
When EPC is activated it allows access to the Web UI from the WAN
Support for New USB Modems
The new modems supported are:
HUAWEI E169
HUAWEI K3565*
HUAWEI E176G*
HUAWEI E182E*
Novatel Ovation MC996D
Novatel Ovation MC998D
Sierra Wireless 885*
Sprint U300*
*Available only with hardware version 1.4
Improved Overall Firewall Throughput
Embedded NGX 8.1 offers enhanced CPU capabilities, with a capacity for data transmission that far exceeds that of previous versions. Its enhanced CPU capabilities result in accelerated firewall throughput, increasing the amount of traffic transmitted per second.
Increased Amount of Connections, Tunnels, and VPN Sites
Embedded NGX 8.1's enhanced data transmission capabilities offer support for up to 400 VPN tunnels, and greatly increases number of supported VPN sites. Embedded NGX 8.1 multiplies the number of possible authenticated connections between client and/or server allowing up to 60,000 total connections.
11
RADIUS Accounting
RADIUS accounting is used to send accounting information to the RADIUS accounting server, in order to allow tracking network usage for auditing and billing purposes. Accounting information is sent to the server whenever a user logs in or logs out and whenever a subscriber activates or deactivates a subscription.
RADIUS accounting benefits include, centralized accounting data collection; and the use of third-party products to analyze RADIUS accounting data.
12
Internet Connection Swapping
Embedded NGX 8.1 includes the network connection swapping feature, an efficient and simple technique for managing network configuration. Network connection swapping allows exchanging the roles of primary and secondary internet connections, by shifting multiple ports' assignments between the primary and secondary internet connections.
Swapping internet connections is performed remotely, using the following CLI command:
swap wanconn
There is no need to alter physical connections.
Additionally, Internet Connection Swap can implement port assignment changes in batches, thereby remotely determining the connection status of numerous appliances with a single command and without changing a single physical cable connection.
Time-Based Web Rules
It is now possible to define Web rules that only take effect during certain hours of the day.
13
Time-Based Web Filtering Categories
The Automatic Snooze feature allows the system administrator to automatically suspend the Web Filtering service between certain hours of the day.
VStream Antivirus Supports New Office 2007 Extensions
Embedded NGX 8.1 facilitates users’ transition to Microsoft Office 2007, by upgrading the VStream Antivirus feature to accommodate the new Office 2007 file formats and security requirements. Embedded NGX 8.1 offers additional security functionality in order to guarantee compatibility and optimize security.
Enhanced GUI Customizer Support
The Embedded NGX appliance Secure HotSpot feature allows enabling your appliance as a public Internet access hotspot. The GUI customizer tool allows you to extensively customize the “My HotSpot” page using a customizer user interface file. Additionally, when using the Web Rules and Web Filtering Categories features, GUI customization capabilities allow the administrator to tailor pages that appear when URL’s are blocked.
Dynamic Routing (OSPF/BGP)
OSPF and BGP are now offered under a single firmware as of Hardware version 1.4.