Information about Check Point VPN-1/FireWall-1

Service provided by AERAsec Network Services and Security GmbH, D-85662 Hohenbrunn, Germany


AERAsec Network Services and Security GmbH Check Point *** Partner Check Point CCSP


Here you find some further information about Check Point R70 and above, NGX and VPN-1/FireWall-1 Next Generation.


Version

Ports
R70 Ports used by Check Point R70 and above
R60-R65 Ports used by Check Point NGX
R50-R55 Ports used by Check Point VPN-1/FireWall-1 Next Generation (not supported any more)
4.0/4.1 Ports used by Check Point VPN-1/FireWall-1 4.x (not supported any more)


Further information
Links to FAQ's, mailing lists and further information about Check Point FireWall-1/VPN-1

Licensing, Products and basic Installation
R71/R75 "Basic" License Features of R7x (software only)
R70 "Basic" License Features of R70 (software only)
R60-R65 "Basic" License Features of NGX (not supported any more)
R54/R55 "Basic" License Features of NG AI and earlier versions (not supported any more)
R54/R55 "Extended" License Features of NG AI (not supported any more)
NGX - R7x Direct comparison of license features of NGX and R71/R75
NGX - R70 Direct comparison of license features of NGX and R70
R70 About licensing RAS clients for R70
R70/R71 About licensing Endpoint Security for R70 using Software Blades  

R65/R70

About Check Point Appliances for NGX R65 and R70

>R53

Terms used since Next Generation Feature Pack 3
R70 Terms used since Check Point R70

R70

About the use of computers with Dual Core or Quad Core Processors (outdated)
R70 About the use of computers with Dual Core or Quad Core Processors since 2010 

<R70

Compatibility between Nokia IPSO and Check Point VPN-1/FireWall-1
R70 Nokia Hardware compatible with Check Point R70

R54/R55

Installation fails on patched Sun Solaris 8 or 9

Useful tools 
all Tool for generating INSPECT code using a GUI: Ginspect
NG/NGX Tool for State Tables in human readable form
fw1-tool.pl by AERAsec
(supports SSH and some more features, covers Unix/Linux, SecurePlatform as well as Windows)
NG/NGX
Tool for Traffic Analysis
"tcpdump"-like wrapper for "fw monitor": fw1-dump.sh (fw1-dump.sh.zip) by AERAsec
Use the syntax of the well known command "tcpdump" to use "fw monitor".
all Tool for Managing Check Point SecurePlatform
Easier remote Management with SmartSPLAT
NG/NGX Tools for Management of Check Point objects
Ofiller and Odumper are used for editing Check Point object databases.

Authentication
4.1 Using OpenLDAP to authenticate users with Check Point VPN-1/FireWall-1 4.1
NG Authentication using OpenLDAP with Check Point NG is described on the OPSEC server
4.x/NG To configure the LDAP server, you will need the correct schema file (4.1, NG AI R55)
R53 How to integrate Novell eDirectory 8.7 with Check Point NG FP3 is described by Oren Green
R53 The use of CRYPTOCard Authentication with Check Point NG FP3 is described by CRYPTOCard
Secure Computing describes how to authenticate users by SafeWord PremierAccess 3.0
all Configuring Client Authentication using HTTPS
R52 Authentication with SecurID/ACE-Server doesn't work

VPN 
all Links to hints for VPN between Check Point and other products
VPN with Linux FreeS/WAN using pre-shared-secret or X.509 certificates
VPN with Racoon (under Linux),VPN from Gateway to Gateway
VPN with BinTec IPsec enabled router using pre-shared-secret or X.509 certificates
R70 Endpoint Connect cannot download Topology
R75.4x Endpoint Client does not follow configuration for Hotel/Hotspot Registration
VPN-1 configuration for use of an external CA
all Problem with an overlapping encryption domain
R51 Problem with Extranet under Linux
<R55 Problem with Extranet when using the "Simplified Mode"
<R55 How to configure an Extranet

Installation of rulebase, Objects, Services and Resources
all Rulebase will not install - atomic loading failed
R53 Rulebase will not install - no memory
all Check Point FireWall-1 acting as a Mail-Relay?!
all What to do against sender-specific routing for E-Mail
R52.. Problem when changing or creating a TCP Service
R53 ICMP doesn't work sometimes
R53 NG blocks HTTPS/SSL when using a Proxy
HTTP/HTTPS connections are being blocked by NG
R54 Timeout for Oracle Services SQL*Net2 not working

SYN Defender
Short graphical description of SYNDefender Relay, Gateway and passive Gateway (PDF)
Which kind of SYNDefender is supported by Check Point version X?

NAT
Problem with manual NAT on Microsoft Windows 2000 Server

Logging
R53 Sending syslog messages to SmartView Tracker is possible now
R53 Time of SmartView Tracker is one hour late
<R60 Rule numbers in SmartView Tracker aren't in the rulebase
all Negative Rule numbers in SmartView Tracker

Upgrade
R51 Upgrading Check Point VPN-1/FireWall-1 from 4.0 to Next Generation FP1 (outdated)
R51 Upgrading Check Point VPN-1/FireWall-1 from 4.1 to Next Generation FP1 (outdated)
Problem with Internal CA after upgrading from version 4.1 to Next Generation
NG AI Problem exporting a configuration using upgrade_export
R7x Problem importing a configuration in a new version
R75.40 Problem upgrading with fwkern.conf  configured
R7x Upgrading Check Point Appliances

Auditing
4.x Lance Spitzner has published a good paper called "Auditing Your Firewall Setup", based on 4.x
all Auditing NG AI, NGX, and R7x is offered by AERAsec


We provide these information freely. If you have corrections, comments or suggestions, please feel free to contact us by E-Mail.
All information is provided "as is" and might be used at your own risk only. There is no guarantee at all and we are not liable for any consequential direct or indirect damage which might occur when using these hints. All mentioned names and products are protected by international law, esp. Check Point Software Technologies, Ltd.

Your Feedback is welcome!
2001-2018 AERAsec Network Services and Security GmbH, last change 2018-05-01
Imprint and data privacy statement
back to http://www.vpn-1.de/