Security Gateway Virtual

Edition – Network Mode

R75.40
Release Notes

Classification: [Protected]
1
© 2012 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyright and distributed under
licensing restricting their use, copying, distribution, and decompilation. No part of this product or related
documentation may be reproduced in any form or by any means without prior written authorization of Check
Point. While every precaution has been taken in the preparation of this book, Check Point assumes no
responsibility for errors or omissions. This publication and features described herein are subject to change
without notice.
RESTRICTED RIGHTS LEGEND:
Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph
(c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR
52.227-19.
TRADEMARKS:
Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks.
Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of
relevant copyrights and third-party licenses.

VMware, VMware VMotion and VMware vSphere are registered trademarks and/or trademarks of VMware,
Inc. in the United States and/or other jurisdictions.

2
Important Information
Latest Software
We recommend that you install the most recent software release to stay up-to-date with the latest functional
improvements, stability fixes, security enhancements and protection against new and evolving attacks.

Latest Documentation
The latest version of this document is at:
(http://supportcontent.checkpoint.com/documentation_download?ID=17864)
For additional technical information, visit the Check Point Support Center
(http://supportcenter.checkpoint.com).

Revision History
Date Description

21 June 2012 First release of this document

Feedback
Check Point is engaged in a continuous effort to improve its documentation.
Please help us by sending your comments
(mailto:cp_techpub_feedback@checkpoint.com?subject=Feedback on Security Gateway Virtual Edition
R75.40Release Notes).

3
 Contents

Important Information .............................................................................................3

Introduction .............................................................................................................5
What's New ..............................................................................................................5
Operating System - Gaia ..................................................................................... 5
Gaia Software Updates ................................................................................... 6
Gaia Web User Interface ................................................................................ 6
New Software Blades .......................................................................................... 6
Enhanced Software Blades ................................................................................. 6
Enhancements .................................................................................................... 6
System Requirements ............................................................................................8
Supported Builds and Platforms .......................................................................... 8
Known Limitations ..................................................................................................9
Security Gateway Virtual Edition Limitations ........................................................ 9
Non-supported R75.40 Features ..................................................................... 9
VMware Feature Limitations ........................................................................... 9
General Limitations ......................................................................................... 9
Resolved Issues ....................................................................................................10
 Introduction

Introduction
Check Point Security Gateway Virtual Edition protects dynamic virtual environments and external networks
from internal and external threats by securing virtual machines and applications. This solution uses proven
Check Point security technologies: Software Blade architecture, Firewall with content inspection, IPS,
central management, and more.
Security Gateway Virtual Edition has different operation modes. Decide which is best for your environment
and plan the installation accordingly.
 Hypervisor Mode enforces VM security within the VMware Hypervisor by inspecting inter-VM traffic,
without changing the virtual network topology.
 The Network Mode is deployed as a virtual network device to protect virtual networks and physical
environments. You can configure it as a router or a bridge, in the same way as a physical gateway.
Important –
 This release only supports Network mode running on the Gaia OS

Note –
 All references to ESX throughout the document are also relevant for ESXi
unless specifically noted otherwise.

What's New
For a more detailed list of new features, see the R75.40 Release Notes
(http://downloads.checkpoint.com/dc/download.htm?ID=13079).

Operating System - Gaia

Gaia is a single, unified network security Operating System that combines the best of Check Point's
SecurePlatform operating system, and IPSO, the operating system from appliance security products.
Designed from the ground up for modern high-end deployments, Gaia includes support for:
 IPv4 and IPv6 - fully integrated into the Operating System.
 High Connection Capacity - 64bit support.
 Load Sharing - ClusterXL and Interface bonding.
 High Availability - ClusterXL, VRRP, Interface bonding.
 Dynamic and Multicast Routing - BGP, OSPF, RIP, and PIM-SM, PIM-DM, IGMP.
 Easy to use Command Line Interface - Commands are structured using the same syntactic rules. An
enhanced help system and auto-completion further simplifies user operation.
 Role Based Administration - Enables Gaia administrators to create different roles. Administrators can
allow users to access features by adding those functions to the user's role definition. Each role can
include a combination of administrative (read/write) access to some features, monitoring (read-only)
access to other features, and no access to other features.

5
 What's New

Gaia Software Updates

 Get updates for licensed Check Point products directly through the operating system.
 Download and install the updates more quickly. Download automatically, manually, or periodically. Install
manually or periodically.
 Get email notifications for newly available updates and for downloads and installations.
 Easy rollback from new update.

Gaia Web User Interface

 The Gaia WebUI is an advanced, web-based interface for configuring Gaia platforms. Almost all system
configuration tasks can be done through this Web-based interface.
 Easy Access - Go to https://<Device IP Address>.
 Browser Support - Internet Explorer, Firefox, Chrome and Safari.
 Powerful Search Engine - makes it easy to find features or functionality to configure.
 Easy Operation - Two operating modes. 1) Simplified mode shows only basic configuration options. 2)
Advanced mode shows all configuration options. You can easily change modes.
 Web-Based Access to Command Line - Clientless access to the Gaia CLI directly from your browser.

New Software Blades

 Anti-Bot
 New Anti-Virus
 SmartLog

Enhanced Software Blades

 IPS
 Application Control and URL Filtering
 Data Loss Prevention
 UserCheck
 Identity Awareness
 SmartEvent
 HTTPS Inspection
 HTTP Proxy
 IPsec VPN

Enhancements
General

Configure Multi Portal access through VPN clients (connected with Office Mode), to protect your portals
from external network exposure. This new option applies to all portals: Mobile Access Portal,
UserCenter Portal, Identity Awareness Captive Portal, Platform Portal, and DLP Portal.

6
Performance

 NAT and log templates in SecureXL

 IPv6 acceleration, MultiCore and ClusterXL HA support.
 Accelerated Drop Rules, explained in sk67861
(http://supportcontent.checkpoint.com/solutions?id=sk67861).

Licensing

 R75.40 management servers do not need IPv6 licenses.

 Gaia can automatically attach licenses for Security Gateways and management servers.

SmartConsole

 Hit count - shows number of instances a rule in the Application Control or Firewall Rule Bases was
matched to traffic.
 Improved performance and easier installation of SmartConsole

7
 System Requirements

System Requirements
Item Minimum Recommended Notes

Memory Add more memory to inspect many

connections concurrently.
32-bit 1024 MB 2.5 GB
64-bit 6GB -

Disk Space 21 GB 21GB + 16GB Add additional 16GB storage for

backup.
(For more, see the
Troubleshooting section of the
Administration Guide).

Number of Virtual CPUs 1 2

Supported Builds and Platforms

This table shows the supported builds and platforms for Security Gateway Virtual Edition.
Build, Platform, Server Version

Security Gateway Virtual Edition Build R75.40 - Build 275

To verify: fw ver -k

VMware Platform VMware vSphere ESX 4.0, 4.1

VMware vSphere ESXi 4.0, 4.1, 5.0

Check Point Security Management Server or Multi- R75.40 or higher

Domain Security Management Multi-Domain
Server

Note - Security Gateway Virtual Edition is based on the R75.40 Security Gateway.

8
 Known Limitations

Known Limitations
Note - Use the ID numbers of known limitations to track the status of improvements and to discuss
issues with your vendor or Check Point Technical Support.

Security Gateway Virtual Edition Limitations

Note - All Security Gateway R75.40 limitations apply also to Security Gateway Virtual Edition.

Non-supported R75.40 Features

ID Description

00631234 Management High Availability and Log Server are not supported on a standalone Security
Gateway Virtual Edition.

00527267 Performance Pack Heavy Load Quality of Service feature (HLQoS) is not supported.

00922922 This release supports Network mode only. Hypervisor mode isn’t available.

00922914 This release supports Gaia OS only.

VMware Feature Limitations

ID Description

00575640 Cloning and templates are supported for Security Gateway Virtual Edition VM, if:
 The VM is a newly deployed Security Gateway Virtual Edition (immediately following
the first boot).
 You have not yet configured any Check Point products.
 You have not yet completed the first time wizard

General Limitations
ID Description

00526862 VMware Tools are not supported on a Security Gateway Virtual Edition Virtual Machine.

00566886 CPU consumption for the Security Gateway Virtual Edition might show inaccurate results.
To resolve this issue, reserve CPU resources on the ESX:
1. In the vSphere client, right click the Security Gateway Virtual Edition.
2. Select Edit Settings.
3. On the Resources tab, move the Reservation slider to allocate a guaranteed CPU
share (in MHz).

00568259 You can configure up to 2 virtual CPUs for the Security Gateway Virtual Edition.

9
 Resolved Issues

Resolved Issues
ID Description

00525830 You can install Security Gateway R75 HFA packages or releases above R75.40 on top of
the Security Gateway Virtual Edition.

10