here we go (copy / paste from the release-notes):
Resolved Issues in HFA_R55_06
Resolved issues for the current HFA.
TABLE 0-1 Resolved Issues: R55_06
R55_06 Description Installed On
R55_06-1 SmartCenter - Logging:
The following error message is displayed in SmartView Tracker:
"some log entries were not sent to log server <ip>
because of high load, but were instead..."
Log Server and
SmartCenter
Server
R55_06-2 SmartCenter - Logging:
SmartView Tracker and log export output present different log
types for the same log record.
Log Server and
SmartCenter
Server
R55_06-3 SmartCenter - Logging:
In certain scenarios a negative byte count for account logs is
displayed.
Log Server and
SmartCenter
Server
R55_06-4 SmartCenter - Logging:
In certain scenarios, the elapsed time field in fw.log shows a
negative number.
SmartCenter
Server,
Enforcement
Module, Log
Server
Check Point NG with Application Intelligence R55 (HFA_R55_06) Release
Notes. Last Update ? June 13, 2004 15
R55_06-5 FireWall-1 - Licensing:
The following informatory message is logged as an error in the
Event Viewer:
Informatory: the current VPN-1 & FireWall-1 license
allows only 100 internal hosts. If this is different from
the license you intended to purchase, ensure that you
have the correct license. See http://
usercenter.checkpoint.com for troubleshooting.
SmartCenter
Server and
Enforcement
Module
R55_06-6 FireWall-1 - Authentication:
When using client authentication over HTTP, the ahclientd
process may not succeed.
Enforcement
Module
R55_06-7 FireWall-1 - Authentication:
In the event that an Enforcement Module is also defined as a Log
Server, certificate registration traffic is not forwarded via the
Enforcement Module to the SmartCenter Server. Make sure that
you install the Security Policy.
SmartCenter
Server
R55_06-8 FireWall-1 - Security Servers:
When next proxy is defined in the GUI, connections with a
destination other than the next proxy may result in performance
issues.
Enforcement
Module
R55_06-9 FireWall-1 - Security Servers:
Improved stability when using manual client authentication.
Enforcement
Module
R55_06-10 FireWall-1 - Security Servers:
Improved stability when working with radius and http security
servers.
Enforcement
Module
R55_06-11 FireWall-1 - Security Servers:
When the user database is larger than 1500 users, the ahttpd
process (of the HTTP Security Server) may not initialize.
Enforcement
Module
R55_06-12 FireWall-1 - Policy Installation:
When fetching a Security Policy after SIC initialization and after
installing the first Security Policy, the fetch operation remains
incomplete.
Enforcement
Module
R55_06-13 FireWall-1 - Miscellaneous:
Connectivity issue arises when an interface is enabled after it was
disabled after Security Policy installation.
Enforcement
Module
R55_06-14 FireWall-1 - Authentication:
When authenticating with client authentication over port 443 the
user may receive a window requesting a certificate, even though
no certificates are installed.
See Special Instructions for ?R55_06? on page 13.
Enforcement
Module
TABLE 0-1 Resolved Issues: R55_06
R55_06 Description Installed On
Check Point NG with Application Intelligence R55 (HFA_R55_06) Release
Notes. Last Update ? June 13, 2004 16
Resolved Issues in Previous HFAs
In This Section
R55_06-15 FireWall-1 - Authentication:
Add support of Non-TCP protocols when using Client
Authentication SSO and Session Authentication. This fix should
be applied together with SHF_FW1_R55_0070. Contact Check
Point support (support AT ts.checkpoint DOT com) to obtain the fix.
Enforcement
Module
R55_06-16 FireWall-1 - SAM
Increased SAM monitor table size.
Enforcement
Module
R55_06-17 VPN-1 - PKI, PKCS
When fetching a very large CRL, processing it will result in high
CPU utilization.
Enforcement
Module
R55_06-18 VPN-1 - PKI, PKCS
If a CRL URI was encoded (e.g "=" is encoded to "=") then
CRL fetch would not succeed.
Enforcement
Module
R55_06-19 VPN-1 - L2TP Clients
After continuos traffic between the L2TP client and the FireWall,
L2TP connections were sometimes closed.
Enforcement
Module
R55_06-20 ClusterXL - Configuration
Added the ability to work with more than 50 virtual IPs for a
single cluster.
Enforcement
Module
R55_06-21 ClusterXL - General
After several system reboots the ClusterXL daemon experiences
functionality issues.
Enforcement
Module
R55_06-22 ClusterXL - Load Sharing
ARP outgoing packets are sent with multicast MAC.
Enforcement
Module
R55_06-23 ClusterXL - Load Sharing
Improved stability when working with ClusterXL and dual CPU
(SMP) machine.
Enforcement
Module
TABLE 0-1 Resolved Issues: R55_06
R55_06 Description Installed On
HFA_R55_05 page 17
HFA_R55_04 page 19
HFA_R55_03 page 19
HFA_R55_02 page 22
HFA_R55_01 page 24
Check Point NG with Application Intelligence R55 (HFA_R55_06) Release
Notes. Last Update ? June 13, 2004 17
HFA_R55_05
TABLE 0-2 Resolved Issues: R55_05
R55_05 Description Installed On
R55_05-1 Fragmenting packets correctly when
ipsec_dont_fragment is set to false in objects_5_0.C.
Security
Gateway
R55_05-2 Resolved issue where udp_response_nat table did not
sync upon every IKE keep alive. In certain
circumstances this may lead for issues in Quick Mode
(when initiated by the gateway).
Security
Gateway
R55_05-3 Resolved issue where if subnet support is disabled, then
each connection to a different server by the user, was
considered as a connection from a different user. This
caused excessive logs, such as "user connected ..." and
"user disconnected ...", and when SCV was in use then
the connections were sporadically cut.
Security
Gateway
R55_05-4 Improved system stability during startup. SmartCenter
Server
and Security
Gateway
R55_05-5 Resolved issue where DCE-RPC data packets were
dropped.
See Special Instructions for ?R55_04? on page 12.
SmartCenter
Server
R55_05-6 Resolved issue where FTP did not work properly with
NAT in a cluster environment.
Security
Gateway
R55_05-7 Added new ARP mechanism. Make sure to use
periodic gratuitous ARPs from the Active machine.
See Special Instructions for ?R55_05? on page 13.
Security
Gateway
R55_05-8 Resolved error in $FWDIR/log/ahttpd.elg file: ?HTTP:
s_to_c_read called with NULL pointer?
Security
Gateway
R55_05-9 Resolved major delays in loading a web page, when
using SCV and HTTP Security Servers.
Security
Gateway
R55_05-10 Resolved issue that full sync does not occur on
Windows platforms, on account of the fact that one of
the members is not ready for sync.
Security
Gateway
Check Point NG with Application Intelligence R55 (HFA_R55_06) Release
Notes. Last Update ? June 13, 2004 18
R55_05-11 Resolved VPN tunnel failure after Security Policy
installation when robo_ranges values are set to zero.
SmartCenter
Server and
Security
Gateway
R55_05-12 Resolved the ability to install RTSP rule on an VPN-1
Edge object.
SmartCenter
Server
R55_05-13 Resolved issue that changing the profile of an Edge
Device in SmartLSM is not reflected on the gateway
SmartCenter
Server and
Security
Gateway
R55_05-14 Resolved HTTP data corruption, when defining cross
site scripting in SmartDefense or on a Web Server
object in SmartDashboard.
Security
Gateway
R55_05-15 Improved stability in in.aufpd daemon when installing
a Security Policy that uses an enhanced UFP resource.
Security
Gateway
R55_05-16 Ignore UFP server after connection failure works when
Enhance UFP Performance is selected on the General tab
of a URI resource.
Security
Gateway
R55_05-17 Improved memory consumption of in.auftpd process
when using enhance UFP performance.
Security
Gateway
R55_05-18 Improved stability FireWall-1 during Security Policy
installation.
Security
Gateway
R55_05-19 Resolved Base64 mail encoding corruption.
See Special Instructions for ?R55_05? on page 13.
Security
Gateway
TABLE 0-2 Resolved Issues: R55_05
R55_05 Description Installed On
Check Point NG with Application Intelligence R55 (HFA_R55_06) Release
Notes. Last Update ? June 13, 2004 19
HFA_R55_04
HFA_R55_03
TABLE 0-3 Resolved Issues: R55_04
R55_04 Description Installed On
R55_04-1 Resolved: time consuming policy installation on VPN-1
Edge profile.
SmartCenter
Server and
Security
Gateway
R55_04-2 Resolved: an error message that should have been
displayed in the Installation window during a policy
installation, is now displayed.
SmartCenter
Server
R55_04-3 Fixed: VPN-1 issues between VPN-1 Edge and VPN-1/
FireWall-1 that were caused when an additional host/
node that was created with the same main IP as that of
VPN-1/FireWall-1. As a result of the identical IP, the
incorrect topology information was downloaded to the
VPN-1 Edge device.
SmartCenter
Server
TABLE 0-4 Resolved Issues: R55_03
R55_03 Description Installed On
R55_03-1 Resolved SmartCenter Server with NAT issue. Security
Gateway
R55_03-2 FireWall-1 now sends the entire chain of certificates in
case of a certificate chain.
Security
Gateway
R55_03-3 Policy fetch from a module now always chooses to work
with the correct IP of the SmartCenter Server.
Security
Gateway
R55_03-4 Fetch policy now uses the IP address explicitly specified. Security
Gateway
R55_03-5 Resolved issue where the following error message is
displayed on the console: ?fwhandle_get(fwmspi.c:1758):
Table kbufs - Null handle requested?
Security
Gateway
R55_03-6 Resolved issue where MemberOf attribute for OPSEC_DS
profile was unavailable for use.
SmartCenter
Server
R55_03-7 Resolved issue where fw1pwdLastMod attribute was not
updated whenever the user changes his or her password.
Security
Gateway
Check Point NG with Application Intelligence R55 (HFA_R55_06) Release
Notes. Last Update ? June 13, 2004 20
R55_03-8 Resolved issue where DCE-RPC packets were dropped
on rules 997 and 999 following multiple map replies
from the End Point Mapper.
See Special Instructions for ?R55_05? on page 13.
SmartCenter
Server
R55_03-9 Resolved issue where DCE-RPC Alter Context to End
Point Mapper UUID on port 135 fails.
See Special Instructions for ?R55_05? on page 13.
SmartCenter
Server
R55_03-10 Resolved issue where segmented DCE-RPC packets
were dropped on rule 998.
See Special Instructions for ?R55_05? on page 13.
SmartCenter
Server
R55_03-11 Resolved issue where DCE-RPC packets were
incorrectly logged when receiving multiple map replies
from the End Point Mapper.
See Special Instructions for ?R55_05? on page 13.
SmartCenter
Server
R55_03-12 Resolved issue where DCE-RPC repeated BIND fails
after BIND NAK.
SmartCenter
Server
R55_03-13 Resolved issue where a crash would result when
validating a connection.
Security
Gateway
R55_03-14 Resolved issue where active connections were frozen
when using NAT hide.
Security
Gateway
R55_03-15 Resolved issue where the FireWall-1 version is
incorrectly displayed.
Security
Gateway
R55_03-16 Resolved issue where the wrong IP address is selected as
the synch interface.
Security
Gateway
R55_03-17 Resolved issue where connections were deleted after
timeout.
Security
Gateway
R55_03-18 Updated the TCP state from the client FIN to the
established state.
Security
Gateway
R55_03-19 The feature block cphwd_drop_conn_traffic now works
with SecureXL on cluster.
Security
Gateway
R55_03-20 Resolved issue where on failure to get user information
via trap, the wrong log message output is received.
Security
Gateway
R55_03-21 Allow for blocking of all no valid SA logs for user peers. Security
Gateway
TABLE 0-4 Resolved Issues: R55_03
R55_03 Description Installed On
Check Point NG with Application Intelligence R55 (HFA_R55_06) Release
Notes. Last Update ? June 13, 2004 21
R55_03-22 Resolved issue where 3rd party SEP solutions with
IPSec_cluster_nat set to "false" translated IKE.
Security
Gateway
R55_03-23 Resolved issue where a misleading log message is sent
when SA for IPsec packet that is to be decrypted cannot
be found.
Security
Gateway
R55_03-24 Resolved issue where uninformative event is logged in
the Windows Event log: "Logging in".
SmartCenter
Server
R55_03-25 CPMI client tries to connect to 127.0.0.1 applying RA
server add-on.
SmartCenter
Server
R55_03-26 fwlic_count_hosts counts global broadcast addresses. Security
Gateway
R55_03-27 ISP redundancy support with SmartView Monitor and
FloodGate-1.
Security
Gateway
R55_03-28 Support shared licenses in Management High
Availability.
SmartCenter
Server and
Security
Gateway
R55_03-29 Leveraged fwmaddon mechanism. SmartCenter
Server
R55_03-30 Resolved display of unnecessary messages on the
Console.
Security
Gateway
R55_03-31 Leveraged streaming mechanism. Security
Gateway
R55_03-32 Improved license management handling. Security
Gateway
R55_03-33 Leveraged filtering abilities in SmartView Tracker. SmartCenter
Server
R55_03-34 Leveraged security servers stability. Security
Gateway.
R55_03-35 Leveraged sequence verifier functionality. Security
Gateway
R55_03-36 Solved creating site issues on account of "invalid id"
message.
SmartCenter
Server and
Security
Gateway
TABLE 0-4 Resolved Issues: R55_03
R55_03 Description Installed On
Check Point NG with Application Intelligence R55 (HFA_R55_06) Release
Notes. Last Update ? June 13, 2004 22
HFA_R55_02
R55_03-37 Improved VPN-1 stability when invalid certificate is
used.
Security
Gateway
R55_03-38 Improved VPN-1 memory management. Security
Gateway
R55_03-39 Improved SecureXL functionality on BGE Interfaces Security
Gateway
R55_03-40 Leveraged support in RoamAdmin. Security
Gateway
TABLE 0-4 Resolved Issues: R55_03
R55_03 Description Installed On
TABLE 0-5 Resolved Issues: R55_02
R55_02 Description Installed On
R55_02-1 Enabled VPN-1 tunnel to and/or from a VPN-1 Edge
Device after Dec 31 2003.
SmartCenter
Server
R55_02-2 Resolved cpstat command from returning incorrect
Active Virtual Memory and Total Real Memory values
on IPSO machines.
Security
Gateway
R55_02-3 Resolved failure to create a VPN tunnel between Check
Point VPN-1 gateway and a VPN-1 Edge device.
SmartCenter
Server
R55_02-4 Avoid rejecting FTP PORT command with \n but no
\r.
Security
Gateway
R55_02-5 Enabled Windows 95 client, to use Windows File
Sharing through FireWall-1.
Security
Gateway
R55_02-6 Improved stability of Security Servers Security
Gateway
R55_02-7 Improved memory utilization in a SecureXL
configuration.
Security
Gateway
R55_02-8 Avoid dropping Update PDP context packets when GTP
tunnel is open for longer than 1 hour.
See Special Instructions for ?R55_02? on page 12.
SmartCenter
Server
R55_02-9 Resolved LEA sessions from closing immediately when
there are multiple networks.
SmartCenter
Server
Check Point NG with Application Intelligence R55 (HFA_R55_06) Release
Notes. Last Update ? June 13, 2004 23
R55_02-10 Improved memory consumption of the Security Servers
URI filtering. Resolved error "resource: http://
xxx.xxx.xxx.xxx:80/pc2/;reason:internal error" in
SmartView Tracker.
Security
Gateway
R55_02-11 When using SYNDefender, preventing connection entry
for "syn-syn/ack-fin/ack-ack-fin/ack-ack" connections,
from remaining in the tables even after the connection is
finished.
Security
Gateway
R55_02-12 FireWall-1 HTTP Security Server Vulnerability, refer to
Check Point Alert site for further information.
Security
Gateway
R55_02-13 Improved stability of VPN-1 daemon during key
exchange
Security
Gateway
R55_02-14 Resolved VPN tunnel util from ignoring all but the first
20 SAs.
Security
Gateway
R55_02-15 Avoid dropping non-first segments of DCE-RPC
datagram (packets) on rule 998.
SmartCenter
Server
R55_02-16 fw_rst_expired_conn parameter may now be modified
permanently, and survives a policy change.
SmartCenter
Server
R55_02-17 Resolved failure to compile security policy when
managing a VPN-1/FireWall-1 NG FCS gateway.
SmartCenter
Server
R55_02-18 DCE-RPC connections are no longer dropped on rule
997 when server runs the same DCE-RPC service on
two different ports.
SmartCenter
Server
R55_02-19 SecurePlatform Backup Utility Hotfix. Refer to the
Check Point site for further explanation.
http://www.checkpoint.com/techsupport/
downloadsng/utilities.html#backup_hotfix
SmartCenter
Server and
Security
Gateway
R55_02-20 Added specification of expert password before
performing Restore of backups and Revert of snapshot
images, operations. This added authentication is to
ensure that only expert users are allowed to override the
current working settings with external backup files or a
snapshot image.
SmartCenter
Server and
Security
Gateway
TABLE 0-5 Resolved Issues: R55_02
R55_02 Description Installed On
Check Point NG with Application Intelligence R55 (HFA_R55_06) Release
Notes. Last Update ? June 13, 2004 24
HFA_R55_01
TABLE 0-6 Resolved Issues: R55_01
R55_01 Description Installed On
R55_01-1 Resolved LPD connections issues when using Hide
NAT.
See Special Instruction
SmartCenter
Server
R55_01-2 Resolved deletion of /dev/null after installing policy on
VPN-1 Edge device.
SmartCenter
Server
R55_01-3 Improved IKE - vpnd stability when getting a XAUTH
packet from PIX.
Security
Gateway
R55_01-4 When connections table reaches 80%, an alert is issued. Security
Gateway
R55_01-5 Resolved a problem that forced the re-creation of UFP
groups for each change to the group or its members. All
changes are applied immediately.
Security
Gateway
R55_01-6 Resolved Pattern engine from stopping to look for
match when it meets NULL at the middle of the
matching Sentence.
Security
Gateway
R55_01-7 Resolved DOS attack due to log bloating when
attacking SMS server.
Security
Gateway
R55_01-8 A particular combination of two fw sam commands
results in an additional IP address (not of either network)
being blocked.
Security
Gateway
R55_01-9 Resolved Outbound SSO from Citrix client to work
when using CVP resource.
Security
Gateway
R55_01-10 Resolved failure to ping to cluster IP and dedicated IP
simultaneously.
Security
Gateway
R55_01-11 Improved stability and performance of the Security
Server.
Security
Gateway
R55_01-12 Improved stability of the VPND when creating site with
long display name.
Security
Gateway
Check Point NG with Application Intelligence R55 (HFA_R55_06) Release
Notes. Last Update ? June 13, 2004 25
R55_01-13 Resolved entrust certificate creation failure because of a
missing file, when using CMP method.
Security
Gateway
R55_01-14 H.323 vulnerabilities published by NISCC at: http://
www.uniras.gov.uk/vuls/2004/006489/h323.htm. For
further information, refer to http://
www.checkpoint.com/techsupport/alerts/h323.html
Security
Gateway and
SmartCenter
Server
R55_01-15 Resolved a maliciously malformatted certificate from
causing connectivity issues.
Security
Gateway and
SmartCenter
Server
TABLE 0-6 Resolved Issues: R55_01
R55_01 Description Installed On
cheers
reinhard
At 17:42 29.06.2004, you wrote:
Greetings,
I've head on this list that Checkpoint has R55 HFA-05 and HFA-06 available
but you have to ask for it. Can anyone tell me what the Release Notes says
that it fixes?
-- Joe
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
--
Reinhard Stich ASSIST R.Stich AT internet-security DOT at
Internet Security AG, 1150 Wien, Johnstrasse 29
Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
