CP R77 ReleaseNotes

20 February 2014

Release Notes

R77

Protected

2014 Check Point Software Technologies Ltd.

All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

RESTRICTED RIGHTS LEGEND:

Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19.

TRADEMARKS:

Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks.

Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of relevant copyrights and third-party licenses.

Important Information Latest Software

We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks.

Latest Documentation

The latest version of this document is at: (http://supportcontent.checkpoint.com/documentation_download?ID=24827)

To learn more, visit the Check Point Support Center (http://supportcenter.checkpoint.com).

For more about this release, see the R77 home page (http://supportcontent.checkpoint.com/solutions?id=sk92965).

Revision History

Date Description

20 February 2014 Corrected Licensing (on page 6)

Added R76SP as supported Chassis Security System in Compatibility with Gateways (on page 33)

16 February 2014 Added Threat Emulation support on SecurePlatform to Security Gateway Software Blades on Check Point OS (on page 23)

30 December 2013 Added Endpoint Policy Management Requirements (on page 21)

Updated Notes on Gateway Blades on Check Point Blades (on page 24)

Updated Security Gateway Software Blades on Other OS (on page 24)

10 December 2013 Improved formatting and document layout

26 November 2013 Corrected Supported Upgrade Paths (on page 33), since 64-bit SecurePlatform is not supported

10 October 2013 The Gaia, SecurePlatform, and Windows images for fresh installation and upgrade have been replaced, resolving sk95056 (http://supportcontent.checkpoint.com/solutions?id=sk95056) and sk95245 (http://supportcontent.checkpoint.com/solutions?id=sk95245)

06 October 2013 Added ClusterXL Support (on page 14)

Added Check Point 4400 Appliance to Gaia on Check Point Security Appliances (on page 16)

Added Crossbeam support for Threat Emulation ("Security Gateway Software Blades on Other OS" on page 24)

12 September 2013 The Gaia and SecurePlatform images have been replaced with a resolution to sk94990 (http://supportcontent.checkpoint.com/solutions?id=sk94990). See the Build Numbers (on page 9) to verify you have the fix.

03 September 2013 First release of this document

Feedback

Check Point is engaged in a continuous effort to improve its documentation.

Please help us by sending your comments (mailto:[email protected]?subject=Feedback on R77 Release Notes).

Contents

Important Information ............................................................................................................ 3 Introduction ............................................................................................................................ 6

Important Note! .................................................................................................................... 6 Important Solutions.............................................................................................................. 6 Licensing ............................................................................................................................. 6

What's New ............................................................................................................................. 7 New Threat Emulation Software Blade ................................................................................ 7 New Check Point Compliance Blade ................................................................................... 7 HyperSPECT Technology.................................................................................................... 7 Gaia Operating System Enhancements ............................................................................... 7 Enhanced Gaia Software Updates ....................................................................................... 7 Enhanced Identity Awareness ............................................................................................. 7 Enhanced Endpoint Security ............................................................................................... 8 Security Gateway Virtual Edition.......................................................................................... 8 Enhanced VSX .................................................................................................................... 8 Enhanced SAM Card Support ............................................................................................. 9 Mobile Access ..................................................................................................................... 9

Build Numbers ....................................................................................................................... 9 Check Point Appliance Requirements ................................................................................ 10

Check Point Appliances ..................................................................................................... 11 Check Point Appliances in Virtual System Mode ............................................................... 11 VPN Acceleration for 21000 Appliances with SAM Cards .................................................. 12 Appliance Hardware Health Monitoring .............................................................................. 12

Operating System Requirements ........................................................................................ 13 Check Point Operating Systems ........................................................................................ 13 Other Platforms and Operating Systems ........................................................................... 13 ClusterXL Support ............................................................................................................. 14 Security Management Open Server ................................................................................... 14 Multi-Domain Security Management Requirements ........................................................... 15 Security Gateway Open Server Hardware Requirements .................................................. 15 Virtual System Open Server Hardware Requirements ....................................................... 15 Maximum Number of Interfaces Supported by Platform ..................................................... 16 Gaia .................................................................................................................................. 16

Gaia on Check Point Security Appliances ..................................................................... 16 Gaia on IP Appliances .................................................................................................. 17 Gaia on Power-1, UTM-1 and Smart-1 Appliances ....................................................... 17 Gaia WebUI .................................................................................................................. 17

SecurePlatform .................................................................................................................. 17 Linux ................................................................................................................................. 18 IPSO ................................................................................................................................. 18 Microsoft Windows ............................................................................................................ 18 Security Gateway Bridge Mode ......................................................................................... 19 Legacy Hardware Platforms - Solaris ................................................................................ 19

Management Software Blade Requirements ...................................................................... 20 Security Management Software Blades ............................................................................. 20 SmartLog Requirements .................................................................................................... 21 Endpoint Policy Management Requirements ..................................................................... 21 SmartEvent Requirements ................................................................................................. 22 SmartReporter Requirements ............................................................................................ 22 Maximum Number of Gateway Cluster Members .............................................................. 23

Gateway Software Blade Requirements ............................................................................. 23 Security Gateway Software Blades on Check Point OS ..................................................... 23

Notes on Gateway Blades on Check Point Blades ........................................................ 24 Security Gateway Software Blades on Other OS ............................................................... 24

Notes on Gateway Blades on Microsoft Windows ......................................................... 25 Mobile Access Blade Requirements .................................................................................. 25 DLP Blade Requirements .................................................................................................. 26 Identity Awareness Blade Requirements ........................................................................... 26

Management Console Requirements ................................................................................. 27 Console Hardware Requirements ...................................................................................... 27 Consoles by Windows Platform ......................................................................................... 27

Client Requirements ............................................................................................................ 28 Clients by Windows Platform ............................................................................................. 28 Clients by Mac Platform ..................................................................................................... 29 Client Support on VSX ....................................................................................................... 29 UserCheck Client Requirements........................................................................................ 30 Endpoint Security Client Requirements ............................................................................. 30

Media Encryption & Port Protection Support ................................................................. 30 Full Disk Encryption Requirements ............................................................................... 30 Endpoint Security Client Hardware Requirements ........................................................ 32 WebCheck .................................................................................................................... 32 Check Point GO Secure Portable Workspace ............................................................... 32

Upgrade Paths and Interoperability .................................................................................... 32 Supported Upgrade Paths ................................................................................................. 33 Compatibility with Gateways .............................................................................................. 33

61000 Security System Management ........................................................................... 34 Updating IPS Patterns ....................................................................................................... 34 Dedicated Gateways ......................................................................................................... 34

Uninstalling .......................................................................................................................... 34

Introduction

R77 Release Notes | 6

Introduction Thank you for choosing Check Point R77. Please read this document carefully before installing.

Important Note! Effective October 10, 2013, the Gaia, SecurePlatform, and Windows images for fresh installation and upgrade have been replaced, resolving sk95056 (http://supportcontent.checkpoint.com/solutions?id=sk95056) and sk95245 (http://supportcontent.checkpoint.com/solutions?id=sk95245). By installing the new images of Gaia and SecurePlatform, the R77 machine will automatically install these hotfixes on top of the R77 installation.

Important Solutions For more about R77 and to download the software, see the R77 Home Page: sk92965 (http://supportcontent.checkpoint.com/solutions?id=sk92965)

For a list of open issues, see the Known Limitations: sk92967 (http://supportcontent.checkpoint.com/solutions?id=sk92967)

For a list of fixes, see the Resolved Issues: sk92966 (http://supportcontent.checkpoint.com/solutions?id=sk92967)

This release includes features, enhancements, and fixes from earlier versions:

R76

R75.46

Earlier Known Limitations are still open, unless documented in Resolved Issues.

Licensing

Important - Check Point software versions R75.10 or higher must have a valid Software Blades license. Users with NGX licenses cannot install the software. To migrate NGX licenses to Software Blades licenses, see Software Blade Migration (http://www.checkpoint.com/products/promo/software-blades/upgrade/index.html) or contact Account Services.

If you manage GX gateways from a Security Management Server, you must regenerate your GX licenses in the User Center to be compliant with Software Blades. This procedure is optional for Multi-Domain Servers and Domain Management Servers.

What's New


What's New

New Threat Emulation Software Blade The new Threat Emulation Software Blade blocks attacks which cannot be detected by signatures. It opens inspected files inside secure emulation environments to detect malicious behavior. It can be deployed as a cloud service or as a private (local) cloud.

New Check Point Compliance Blade This new Software Blade analyzes your environment for compliance with major regulations and international standards. Check Point Compliance Blade generates detailed reports, with best practice recommendations taken from the large Check Point library. Check Point Compliance Blade sends alerts for policy changes that can affect compliance.

HyperSPECT Technology Improvements to deep packet inspection engines boost performance for IPS and for Application and URL Filtering Software Blades.

Supports SMT (Hyper-Threading)

Optimizations to DPI engines including streamers, parsers and pattern matching engines

Gaia Operating System Enhancements Centrally manage basic network configuration

Back up and restore, run scripts, remote shell, and more, from a central console

Synchronize cluster members with Gaia OS configuration cloning

Enhanced Gaia Software Updates Update the Gaia operating system with the enhanced Automated Software Updates tool:

Clean install of full image and upgrade of optimally sized package from the Check Point Cloud

Up to 90% less downtime for Security Gateway upgrade

Export and import of Gaia software update packages

New WebUI features with enhanced usability

Enhanced Identity Awareness New identity acquisition method: RADIUS Accounting

Automatic update of LDAP group membership changes

Improved Identity Agent installation, with support for repair tools

New MSI configuration tool for Agent distribution

What's New


Enhanced Endpoint Security

Full Disk Encryption

Unlock on LAN (UOL) is a new automatic network-based authentication method for the Pre-boot environment. It provides a secure logon without requiring end-user interaction to unlock the encrypted system.

UEFI "Absolute Pointer" Keyboard-less Tablet Touch Support (Touchscreen)

Support for user acquisition after a computer is fully protected and its deployment is finished

Support for SED (Self Encrypting Drives) based on the TCG Opal Standard

Smart Card support for systems running on UEFI enabled computers

Support for Single Sign-On (SSO) when resuming from a hibernated state in Windows

Improved usability for Full Disk Encryption recovery for Mac - unified with the Windows version

Endpoint Security Client - General

Push operations for granular repair of Endpoint Security client, remote shut-down, and remote log collection without policy installation.

Anti-Malware

Central management for Anti-Malware, to manage scans, updates, and quarantine features

Firewall

Firewall support for Desktop Security firewall policy enforcement

Media Encryption & Port Protection

Support for unauthorized and authorized file type scan configuration

Full support for classifying data, which is written to a removable device, as business data or non-business data. This applies to all applications that might trigger the file operation.

Security Gateway Virtual Edition Security Gateway Virtual Edition has different operation modes.

Hypervisor Mode enforces VM security in the VMware Hypervisor with inter-VM traffic inspection, without virtual network topology changes.

Network Mode is a virtual network device that protects virtual networks and physical environments. You can configure it as a router or a bridge, with the same procedure as a physical gateway.

Important Notes for R77 Security Gateway Virtual Edition:

This release supports only Network Mode on Gaia and is available with the R77 Gaia Open Server ISO file.

You can install Security Gateway supplements and hotfixes higher than R77 on top of Security Gateway Virtual Edition.

Each Security Gateway Virtual Edition instance requires its own license. See the R77 Security Gateway Virtual Edition Administration Guide (http://supportcontent.checkpoint.com/documentation_download?ID=25138).

Enhanced VSX Each Virtual System can support up to 128 interfaces

Build Numbers


Enhanced SAM Card Support Jumbo frames support

Bonding support

Multi-queue support for back-plane interfaces

Mobile Access R77 Mobile Access Portal supports Outlook Web App 2013 with the Path Translation (PT) method. The Hostname Translation (HT) method is supported when cookies on the endpoint machine are configured. The URL Translation (UT) method is not supported.

Build Numbers This table shows the R77 software products and their build numbers as included on the product DVD.

Note: Some of the Verifying Build Number commands show only the last three digits of the build number.

Software Blade / Product Build Number Verifying Build Number

Gaia OS build 237 show version all

Gaia Software Updates agent Build 502 cpvinfo /opt/CPda/bin/DAService | grep Build

SecurePlatform Build 363 ver

Security Gateway Gaia Build 348 fw ver

Security Gateway SecurePlatform and Windows

Build 349 fw ver

Security Management Build 087 fwm ver

SmartConsole Applications 990000402 Help > About Check Point

Mobile Access Build 204 cvpn_ver

Multi-Domain Server Build 176 fwm mds ver

SmartDomain Manager 990000178 Help > About Check Point SmartDomain Manager

Acceleration (Performance Pack)

Build 227 sim ver -k

Advanced Networking (Routing)

Build 009

SecurePlatform: gated_ver

Gaia: rpm -qf /bin/routed (in expert mode)

Server Monitoring (SVM Server) Gaia

Build 169 rtm ver

Server Monitoring (SVM Server) SecurePlatform and Windows

Build 171 rtm ver

Check Point Appliance Requirements


Software Blade / Product Build Number Verifying Build Number

Management Portal 990000021 cpvinfo /opt/CPportal-R77/portal/bin/smartp

ortalstart

SmartReporter Build 218 SVRServer ver

Compatibility Packages (To see build numbers on Windows: C:\Program Files\CheckPoint\R77)

CPNGXCMP-R77-00 Build 011 /opt/CPNGXCMP-R77/bin/fw_loader ver

CPV40VSCmp-R77-00 986000010 cpvinfo /opt/CPV40Cmp-R77/bin/fw_loader |

grep Build

CPEdgecmp-R77-00 990000008 /opt/CPEdgecmp-R77/bin/fw ver

CPR71CMP-R77-00 Build 013 /opt/CPR71CMP-R77/bin/fw_loader ver


CPSG80CMP-R77-00 Build 005 /opt/CPSG80CMP-R77/bin/fw_loader ver


Check Point Appliance Requirements An appliance model name that ends with 00 (two zeroes) is the generic name of the model. Any other number shows the number of Software Blades on the appliance. Some model names end with one zero.

This document uses the generic appliance names.

For example:

Check Point 4800 is the generic name of the model.

Check Point 4810 is the model with 10 Software Blades.

Check Point IP2450 is the generic name of the model.

Check Point IP2457 has 7 Software Blades.



Check Point Appliances

Appliance Security Management

Security Gateway

Standalone Deployment

Full Standalone High Availability Deployment

Multi-Domain Security Management

2200 Appliance

4000 Appliances

12000 Appliances

13500

21000 Appliance

IP Appliances Disk-based

Only

Disk-based

Only

Smart-1 5

Smart-1 25

Smart-1 50

Smart-1 150

Power-1

UTM-1

Check Point Appliances in Virtual System Mode

VSX Appliances 21000 VSX Appliances

12000 VSX Appliances

VSX-1 11000 series

VSX-1 9000 series

VSX-1 3070

These appliances can be used only in Virtual System mode.

VSX Support 21000 Appliance

13500 Appliances

12000 Appliances

4000 Appliances

2200 Appliances

Power-1 11000 and 9070

UTM-1 3070

IP 2450 and 1280 (Gaia only)

These appliances be converted to, or used in, Virtual System mode.



VPN Acceleration for 21000 Appliances with SAM Cards These algorithms are hardware accelerated by SAM cards in Check Point 21000 Appliances:

AES 128 with MD5 or SHA-1

AES 256 with MD5 or SHA-1

DES with MD5 or SHA-1

3DES with MD5 or SHA-1

NULL with MD5 or SHA-1

Other combinations are software accelerated by SecureXL.

Appliance Hardware Health Monitoring R77 supports these Hardware Health Monitoring features for Gaia and SecurePlatform Check Point appliances:

RAID Health: Use SNMP to monitor the health of the disks in the RAID array, and be notified of volume and disk states.

Hardware Sensors: Use the WebUI or SNMP to monitor fan speed, motherboard voltages, power supply health, and temperatures. Open Servers are only supported with an IPMI card.

Check Point Appliances 21000 13500 12000 4000 and 2200

Power-1 UTM-1 Smart-1

SNMP Hardware sensor monitoring (polling and traps)

(1)

WebUI hardware sensor monitoring

(1)

RAID monitoring with SNMP (2)

1. Hardware sensors monitoring is supported on all UTM-1 models other than the xx50 series.

2. RAID Monitoring with SNMP is supported on Power-1 servers with RAID card (Power-1 9070 and Power-1 11070).

Open Servers

Hardware Sensors Monitoring: Use SNMP (polling and traps) or the WebUI to monitor hardware on IBM, HP, Dell, and Sun certified servers with an Intelligent Platform Management Interface (IPMI) card. The IPMI standard defines a set of interfaces to monitor system health.

Note - IPMI is an open standard. We cannot guarantee the Hardware Health Monitoring performance on all systems and configurations.

RAID Monitoring with SNMP: Use SNMP to monitor RAID on HP servers with HP Smart Array P400 Controller. The HP Smart Array P400i Controller is a different controller, not supported for hardware monitoring.

Operating System Requirements



In This Section: Check Point Operating Systems 13

Other Platforms and Operating Systems 13

ClusterXL Support 14

Security Management Open Server 14

Multi-Domain Security Management Requirements 15

Security Gateway Open Server Hardware Requirements 15

Virtual System Open Server Hardware Requirements 15

Maximum Number of Interfaces Supported by Platform 16

Gaia 16

SecurePlatform 17

Linux 18

IPSO 18

Microsoft Windows 18

Security Gateway Bridge Mode 19

Legacy Hardware Platforms - Solaris 19

Important - Resource consumption is dependent on the scale of your deployment. The larger the deployment, the more disk space, memory, and CPU are required.

Check Point Operating Systems

Software Blade Containers

Gaia SecurePlatform IPSO (Requires IPSO 6.2 MR4)

Security Management

Security Gateway

Multi-Domain Security Management

VSX Gateway

Other Platforms and Operating Systems

Microsoft Windows

Software Blade Containers

Windows Server 2003

Windows Server 2008

Windows Server 2008 R2

Windows 7

Security Management SP1, SP2

32-bit SP1, SP2 32/64 bit

SP1 Professional,

Enterprise, Ultimate 32/64 bit

Security Gateway SP1, SP2 32-bit

SP1, SP2 32-bit



VMware

Software Blade Containers VMware ESX VMware ESXi

Security Management 4.0, 4.1 4.0, 4.1, 5.0, 5.1

Security Gateway Virtual Edition - Network Mode 4.0, 4.1 4.0, 4.1, 5.0, 5.1

Multi-Domain Security Management 4.0, 4.1 4.0, 4.1, 5.0, 5.1

Other

Software Blade Containers Red Hat Enterprise Linux

Crossbeam X-series

Security Management 5.0, 5.4

Security Gateway

Multi-Domain Security Management 5.0, 5.4

VSX Gateway

ClusterXL Support These operating systems support ClusterXL:

Gaia

SecurePlatform

IPSO (Requires IPSO 6.2 MR4a, or MR3a and below)

Windows Server 2008 (32-bit) SP1, SP2

Windows Server 2003 (32-bit) SP1, SP2

Note - VLANs are supported on all interfaces

Security Management Open Server The minimum recommended hardware requirements for open server Security Management Servers are:

Component Windows Linux Gaia & SecurePlatform

Processor Intel Pentium Processor E2140 or 2 GHz equivalent processor

Free Disk Space 1GB 1.4GB 10GB (installation includes OS)

Memory 1GB 1GB 1GB

Optical Drive Yes Yes Yes (bootable)

Network Adapter One or more One or more One or more



Multi-Domain Security Management Requirements The minimum recommended system requirements for Multi-Domain Security Management are:

Component Linux Gaia & SecurePlatform

CPU Intel Pentium Processor E2140 or 2 GHz equivalent processor

Memory 4GB 4GB

Disk Space 2GB 10GB (install includes OS)

Optical Drive Yes Yes (bootable)

Multi-Domain Security Management Resource Consumption

Resource consumption is dependent on the scale of your deployment. The larger the deployment, the more disk space, memory, and CPU are required.

The Multi-Domain Security Management disk space requirements are:

For basic Multi-Domain Server installations: 2GB (1GB /opt, 1GB /var/opt).

For each Domain Management Server: 400MB (for the Domain Management Server directory located in

/var/opt)

Security Gateway Open Server Hardware Requirements

Component Windows SecurePlatform on Open Servers

Processor Intel Pentium IV or 1.5 GHz equivalent Intel Pentium IV or 2 GHz equivalent

Free Disk Space 1GB 10GB

Memory 4GB 512MB

Optical Drive Yes Yes

Network Adapter One or more One or more supported cards

Virtual System Open Server Hardware Requirements

Component Gaia on Open Servers

Processor Intel Pentium IV or 2 GHz equivalent

Free Disk Space 12 GB

Memory 2 GB



Maximum Number of Interfaces Supported by Platform The maximum number of interfaces supported (physical and virtual) is shown by platform in this table.

Platform Max Interfaces Notes

Gaia 1024

SecurePlatform 1015 255 virtual interfaces per physical interface, or 200 virtual interfaces per physical interface with Dynamic Routing

Windows 32

Virtual System 128 Includes VLANs and Warp Interfaces

VSX Gateway 4096 Includes VLANs and Warp Interfaces

Gaia This release is shipped with the Gaia operating system, which supports most Check Point appliance platforms, selected open servers, and selected network interface cards.

If a 64-bit compatible open server has at least 6GB RAM, it can run in 64-bit mode. If it has less, it can run in 32-bit mode only.

Gaia Open Servers - All open servers in the Hardware Compatibility List are supported (http://www.checkpoint.com/services/techsupport/hcl/all.html).

Gaia and Performance Tuning - Performance Tuning is supported on all Gaia platforms.

Gaia on Check Point Security Appliances

Appliances 32-bit / 64-bit Notes

2200 32

4200 32

4400 32

4600 32

4800 32, 64

64-bit is available with at least 6GB RAM

12000 32, 64

13500 32, 64

21000 32, 64

Note - 13500 runs only on Gaia. It does not support SecurePlatform.



Gaia on IP Appliances

Important - Gaia is not supported on Flash-Based or Hybrid platforms at this time. It is only supported on Disk-Based IP-systems.

IP Appliance Disk-Based Platform

32-bit / 64-bit

IP150 32

IP280 32

IP290 32

IP390 32

IP560 32

IP690 32

IP1280 32, 64 64-bit is available on appliances with at least 4GB RAM. If the appliance is set to 32-bit, it needs at least 6GB to reconfigure to 64-bit. IP2450 32, 64

Gaia on Power-1, UTM-1 and Smart-1 Appliances

Platform 32-bit / 64-bit Notes

Power-1 11000 32, 64 default is 64

Power-1 9070 and 5070 32, 64

UTM-1 3070, 2070, 1070, 570, 270, 130 32, 64

Smart-1 150, 50, 25, 5 32, 64

Gaia WebUI

The Gaia WebUI (also known as the Gaia Portal) is supported on these browsers:

Internet Explorer 8 or higher Firefox 6 or higher

Chrome 14 or higher Safari 5 or higher

Note - Gaia WebUI is not supported for VSX Gateway.

SecurePlatform This release is shipped with the latest SecurePlatform operating system, which supports a variety of appliances and open servers.

The SecurePlatform WebUI is not supported on Chrome.

See the list of certified hardware (http://www.checkpoint.com/services/techsupport/hcl/index.html) before installing SecurePlatform on the target hardware.



Linux

Note - Cross-platform High Availability is not supported with a mix of Windows and non-Windows platforms.

Before you install Security Management on Red Hat Enterprise Linux 5:

1. Install the sharutils-4.6.1-2 package:

a) Make sure that you have the package installed. Run: rpm -qa | grep sharutils-4.6.1-2

b) If the package is not installed, find the package on CD 3 of RHEL 5 and run: rpm i sharutils-4.6.1-2.i386.rpm

2. Install the compat-libstdc++-33-3.2.3-61 package:

a) Make sure that you have the package installed. Run: rpm qa | grep compat-libstdc++-33-3.2.3-61

b) If the package is not installed, find the package on CD 2 of RHEL 5 and run: rpm i compat-libstdc++-33-3.2.3-61.i386.rpm

3. Disable SeLinux:

a) Make sure that SeLinux is disabled. Run: getenforce

b) If SeLinux is enabled:

(i) Edit the file: /etc/selinux/config

(ii) Set: SELINUX=disabled

c) Reboot.

IPSO IP Appliances (IP150, IP280, IP290, IP390, IP560, IP690, IP1280, IP2450) can run R77 with IPSO 6.2

(MR4 and later) OS.

IPSO systems are available in diskless flash-based and hybrid (Flash-based systems with a supplemental hard disk for local logging).

Standalone deployment is only supported on Disk-based systems. Standalone deployment and Security Management Server deployment require at least 2G of RAM.

Only clean installation of R77 is supported on all IPSO Flash-based models. Upgrade to R77 is not supported on Flash-based IPSO Appliances.

On Flash-based IPSO Appliances, upgrades to RAM and Flash may be required to run R77. For details, see sk94625 (http://supportcontent.checkpoint.com/solutions?id=sk94625).

Microsoft Windows

Note - Cross-platform High Availability is not supported with a mix of Windows and non-Windows platforms.

High Availability Legacy mode is not supported on Windows.



Security Gateway Bridge Mode Bridge mode is supported on:

Gaia

SecurePlatform

IPSO

Crossbeam

See the R77 Security Gateway Technical Administration Guide (http://supportcontent.checkpoint.com/documentation_download?ID=24836) and How To Set Up Bridge Mode on IPSO (http://supportcontent.checkpoint.com/documentation_download?ID=15361).

Legacy Hardware Platforms - Solaris Solaris is a legacy platform, unsupported for new installations. You can migrate a Solaris database to Windows, SecurePlatform, and Gaia, from Check Point versions in the Supported Upgrade Paths (on page 33).

Security Management Server - The database migration procedure for Solaris is the same as for SecurePlatform and Gaia as described in the chapter on Advanced Upgrade and Database Migration in the R77 Installation and Upgrade guide.

Multi-Domain Security Management - To export the Multi-Domain Security Management database from a legacy platform, use the R77 SecurePlatform CD. Only two menu options are available:

Pre-upgrade verification

mds export

Management Software Blade Requirements



In This Section: Security Management Software Blades 20

SmartLog Requirements 21

Endpoint Policy Management Requirements 21

SmartEvent Requirements 22

SmartReporter Requirements 22

Maximum Number of Gateway Cluster Members 23

Security Management Software Blades

Check Point OS Microsoft Windows RedHat Linux

Software Blade Gaia SecurePlatform

IPSO 6.2 Disk- based

Server 2003

Server 2008

7 RHEL 5.0, 5.4

Network Policy Management

Endpoint Policy Management

Logging & Status

Monitoring

SmartProvisioning

Management Portal

User Directory

SmartWorkflow

SmartEvent

SmartReporter

Compliance

Management Portal is supported on: Internet Explorer 7 and Firefox 1.5 - 3.0.

Check Point Compliance Blade on IPSO 6.2 Disk-based requires at least 2 GB RAM.



SmartLog Requirements SmartLog collects log entries from Security Management Server and log servers that are R75.40 or higher, on Gaia, SecurePlatform, or Windows.

Component Recommended

CPU Intel Pentium IV 2.0 GHz

Memory 1GB

Disk Space 20GB

Endpoint Policy Management Requirements These are the minimum requirements to install Endpoint Policy Management on a Security Management Server:

Component Windows Gaia and SecurePlatform

CPU Intel Pentium E2140 2.0 GHz Intel Pentium E2140 2.0 GHz

Memory 2048MB 2048MB

Disk Space 10GB 10GB (current partition)

Note - The network Security Management Server can also be an Endpoint Policy Management server. All deployments support this, other than:

Standalone

Multi-Domain Server

This Endpoint Policy Management version supports R77 SmartEvent

Endpoint Policy Management is not supported on RedHat Enterprise Linux releases

Additional Requirements for Windows

Important - Disable SNMP services before you install the Endpoint Policy Management server.

Make sure that these ports are available on the server:

80 Apache HTTP

443 Apache SSL

8005 Tomcat server

8009 Tomcat AJP

8080 Tomcat HTTP

1080 CPTNL client proxy (relevant for Policy server only)

18193 CPTNL server proxy (relevant for EPS server only)

81 CPTNL server (relevant for EPS server only)

61616 AMQ TCP access



SmartEvent Requirements You can install SmartEvent on a Security Management Server or on a different, dedicated computer.

These are the requirements for the SmartEvent Server and for the SmartEvent Correlation Unit:

Component Windows/Linux/SecurePlatform

CPU Celeron-M 1.5 GHz

Memory 2GB

Disk Space 25GB

To optimize SmartEvent performance:

Use a disk available high RPM, and a large buffer size.

Increase the server memory.

SmartReporter Requirements These hardware requirements are for a SmartReporter server that monitors at least 15GB of logs each day and generates many reports. For deployments that monitor fewer logs, you can use a computer with less CPU or memory.

SmartReporter can be installed on a Security Management Server or on a dedicated machine.

Component Windows & Linux Minimum Windows & Linux Recommended

CPU Intel Pentium IV 2.0 GHz Dual CPU 3.0 GHz

Memory 1GB 2GB

Disk Space Installation:

Database:

80MB

60GB (40GB for database, 20GB for temp directory)

(on 2 physical disks)

80MB

100GB (60GB for database, 40GB for temp directory)

DVD Drive Yes Yes

Optimizing SmartReporter Performance

We recommend these tips to optimize SmartReporter performance:

Disable DNS resolution. This can increase consolidation performance to as much as 32GB of logs for each day.

Configure the network connection between the SmartReporter server and the Security Management Server to the optimal speed.

Install a disk with high RPM (revolutions per minute) and a large buffer size.

Use UpdateMySQLConfig to adjust the database configuration and adjust the consolidation memory

buffers to use the more memory.

Increase memory for better performance.

Gateway Software Blade Requirements


Maximum Number of Gateway Cluster Members

Cluster Type Maximum Number of Supported Cluster Members

ClusterXL 5

Virtual System Load Sharing 13

Third-party 8


In This Section: Security Gateway Software Blades on Check Point OS 23

Security Gateway Software Blades on Other OS 24

Mobile Access Blade Requirements 25

DLP Blade Requirements 26

Identity Awareness Blade Requirements 26

Security Gateway Software Blades on Check Point OS

Software Blade Gaia Virtual Systems Mode (VSX)

Gaia Security Gateway Mode

SecurePlatform IPSO 6.2 Disk-based

Firewall

Identity Awareness

IPsec VPN

IPS

URL Filtering

Application Control

Mobile Access

Threat Emulation

Anti-Bot

Anti-Virus

Web Security

Acceleration & Clustering



Software Blade Gaia Virtual Systems Mode (VSX)

Gaia Security Gateway Mode

SecurePlatform IPSO 6.2 Disk-based

Advanced Networking - Dynamic Routing and Multicast Support

Advanced Networking - QoS

Native QoS

Data Loss Prevention

Anti-Spam & Email Security

Notes on Gateway Blades on Check Point Blades

Mobile Access - See Client Support on VSX (on page 29).

Threat Emulation - The requirements are different according to the emulation location:

ThreatCloud - Gaia or SecurePlatform operating system (64 or 32-bit)

Local or Remote emulation - Threat Emulation Private Cloud Appliance on the Gaia operating system (64-bit only)

Advanced Networking Dynamic Routing - To use Security Gateways as IPv6 BGP peers, you cannot configure the BGP peers in passive mode.

Advanced Networking QoS Software Blade - VSX has native QoS support. It does not use the QoS Software Blade.

Security Gateway Software Blades on Other OS

Software Blade Microsoft Windows Crossbeam

Server 2003 Server 2008 X-Series

Firewall

Identity Awareness

IPSec VPN

IPS

URL Filtering

Application Control

Acceleration & Clustering

Mobile Access

Threat Emulation

Anti-Bot

Anti-Virus



Software Blade Microsoft Windows Crossbeam

Server 2003 Server 2008 X-Series

Web Security

Advanced Networking - QoS

Notes on Gateway Blades on Microsoft Windows

Acceleration & Clustering Software Blade - Clustering is supported on Windows, but Acceleration is not. Only third-party clustering is supported on Crossbeam.

Anti-Bot, Anti-Virus, IPS, Application and URL Filtering Software Blades

HTTPS Inspection is not supported on Windows.

Application and URL Filtering, Identity Awareness, DLP Software Blades - UserCheck notifications are not supported on Windows.

Mobile Access Blade Requirements OS Compatibility

Endpoint OS Compatibility Windows Linux Mac iOS Android

Mobile Access Portal

Clientless access to web applications (Link Translation)

Endpoint Security on Demand

SecureWorkspace

SSL Network Extender - Network Mode

SSL Network Extender - Application Mode

Downloaded from Mobile Access applications

Clientless Citrix

File Shares - Web-based file viewer (HTML)

Web mail

Browser Compatibility

Endpoint Browser Compatibility Internet Explorer

Google Chrome

Mozilla Firefox

Macintosh Safari

Opera for Windows


Clientless access to web applications (Link Translation)

Endpoint Security on Demand



Endpoint Browser Compatibility Internet Explorer

Google Chrome

Mozilla Firefox

Macintosh Safari

Opera for Windows

SecureWorkspace

SSL Network Extender - Network Mode

SSL Network Extender - Application Mode

Downloaded from Mobile Access applications

Clientless Citrix

File Shares - Web- based file viewer (HTML)

Web mail

DLP Blade Requirements DLP supports High Availability clusters and Full High Availability clusters, on SecurePlatform and Gaia.

DLP supports Load Sharing clusters in Detect, Inform and Prevent mode.

On UTM-1 130/270, you can use DLP with Firewall and other Security Gateway Software Blades, or with Firewall and Security Management Software Blades.

The DLP portal supports Internet Explorer 6 through 9, Firefox 3 and 4, Chrome 8, and Safari 5.

DLP supports VRRP on Gaia in Detect, Inform and Prevent mode.

Identity Awareness Blade Requirements Identity Agents

See Clients by Windows Platform (on page 28) and Clients by Mac Platform (on page 29) for supported platforms for:

Identity Agent (Light and Full)

Identity Agent for Terminal Servers

AD Query

Active Directory for AD Query is supported on: Microsoft Windows Server 2003, 2008, 2008 R2, 2012.

Management Console Requirements


Management Console Requirements

Console Hardware Requirements This table shows the minimum hardware requirements for console applications: SmartDashboard, SmartEndpoint, SmartView Tracker, SmartView Monitor, SmartProvisioning, SmartReporter, SmartEvent, SmartLog, SecureClient Packaging Tool, SmartUpdate, SmartDomain Manager.

Component Windows

CPU Intel Pentium Processor E2140 or 2 GHz equivalent processor

Memory 2048MB

Available Disk Space 2GB

Video Adapter Minimum resolution: 1024 x 768

Consoles by Windows Platform Microsoft Windows Server

Check Point Product Server 2003 (SP2) 32-bit

Server 2008 (SP1,SP2) 32/64 -bit

Server 2008 R2 (SP1)

Server 2012

SmartConsole

SmartDomain Manager

SmartEndpoint

Microsoft Windows Vista, 7, and 8

In this table, Windows 7 support is true for Ultimate, Professional, and Enterprise editions. Windows 8 support is true for Professional and Enterprise editions. All the marked consoles and clients support 32-bit and 64-bit, unless the table shows 32-bit only.

Check Point Product Vista (SP2) 32-bit

Windows 7 (SP1) 32/64-bit

Windows 8 32-bit

Windows 8 Pro

64-bit

SmartConsole

SmartDomain Manager

SmartEndpoint

Microsoft Windows XP

Check Point Product XP Home (SP3) 32-bit XP Pro (SP3) 32-bit

SmartConsole

SmartDomain Manager

SmartEndpoint

Client Requirements


Client Requirements

In This Section: Clients by Windows Platform 28

Clients by Mac Platform 29

Client Support on VSX 29

UserCheck Client Requirements 30

Endpoint Security Client Requirements 30

Clients by Windows Platform Microsoft Windows XP

Check Point Product XP Home (SP3) 32-bit XP Pro (SP3) 32-bit

Endpoint Security Client

Remote Access Clients E75.x

SSL Network Extender

UserCheck Client


SecureClient

Microsoft Windows Server

Check Point Product Server 2003 (SP2) 32-bit

Server 2008 (SP1-2) 32 / 64

Server 2008R2 (+SP1)

Server 2012

Endpoint Security Client Supported Endpoint Security blades:

Compliance and

Anti-Malware

Compliance, Firewall and Anti-Malware

Compliance, Firewall, and Anti-Malware

UserCheck Client

DLP Exchange Agent


Note: DLP Exchange Agent supports Microsoft Exchange Server 2007 and 2010 on Windows Servers 64-bit. A 32-bit version is available for demonstration or educational purposes. DLP Exchange Agent supports Microsoft Exchange Server 2013 on Windows Server 2012 64-bit.

Microsoft Windows Vista, 7, and 8

In this table, Windows 7 support is true for Ultimate, Professional, and Enterprise editions. Windows 8 support is true for Professional and Enterprise editions. All the marked consoles and clients support 32-bit and 64-bit, unless the table shows 32-bit only.

Client Requirements


Check Point Product Vista (SP2) 32-bit

Vista (SP1) 64-bit

Windows 7 (+SP1) Windows 8

Endpoint Security Client

E80.41 and higher

Remote Access Clients E75.x/E80.x

E75.30 and higher

SSL Network Extender

R75 and higher

UserCheck Client

R75.40 and higher


R76 and higher


R76 and higher

SecureClient

(32-bit only)

Note - Identity Agent for Terminal Servers is also supported on Citrix version 6.

Clients by Mac Platform

Check Point Product Mac OS X 10.6 Mac OS X 10.7 Mac OS X 10.8

Identity Agent (Light and Full) 32-bit / 64-bit 32-bit / 64-bit 64-bit

Endpoint Security VPN E75 or higher 32-bit / 64-bit 32-bit / 64-bit 64-bit

Endpoint Security Client E80.40 or higher 32-bit / 64-bit 32-bit / 64-bit 64-bit

SecureClient 32-bit 32-bit No

Client Support on VSX Mobile Access support of Virtual System (VSX) mode is not full. These are the clients and their support of Virtual Systems:

Client Support in Virtual System Mode

Endpoint Security Suite R73, E80.x

Check Point Mobile for Windows E75 and higher

Endpoint Security VPN for Windows E75 and higher

Endpoint Security VPN for MacOS E75 and higher

IPSec VPN SSL Network Extender mode R77: Windows, Linux, and Mac

Mobile VPN for iOS/Android Supported

Check Point GO R75 and higher

Client Requirements


Client Support in Virtual System Mode

SecureRemote E75 and higher

These clients are not supported in Virtual System mode:


Check Point Mobile for iOS and Android

UserCheck Client Requirements The UserCheck client can be installed on endpoint computers running Windows, but UserCheck is not

supported on a Windows Security Gateway.

UserCheck client notifications are supported for these blade and gateway combinations:

Blade Gateway

DLP Gaia, SecurePlatform

Anti-Bot and Anti-Virus Gaia, SecurePlatform

Application Control and URL Filtering Gaia, SecurePlatform, IPSO disk-based

The UserCheck client is not compatible with Check Point GO or Secure Workspace.

If a UserCheck client is installed on a computer, and a violation occurs, the UserCheck client notification shows outside the Check Point GO or Secure Workspace environment. We recommend that you not install the UserCheck client on a computer or device that usually runs the Check Point GO or Secure Workspace environment.

The UserCheck client is not supported on clusters in a Load Sharing environment.

Endpoint Security Client Requirements Endpoint Security, enabled with the Endpoint Policy Management Software Blade, includes multiple security blades. Some of the blades have their own requirements that are listed here.

Media Encryption & Port Protection Support

Media Encryption & Port Protection can create encrypted storage of up to 2TB.

Storage Devices

Standard USB 2.0 and 3.0 devices

eSATA devices

CD/DVD devices

SD cards

Supported Thin Clients

Citrix XenDesktop 5.6 with Provisioning Services 5.6 SP2

Full Disk Encryption Requirements

Upgrades

You can upgrade to Full Disk Encryption in R77 from FDE EW 6.3.1, and from R73 and higher.

Client Requirements


UEFI Requirements

The new UEFI firmware that replaces BIOS on some computers contains new functionality that is used by Full Disk Encryption. Full Disk Encryption in UEFI mode requirements are:

Windows 8 64-bit (Windows 8 32-bit UEFI is not supported, Windows 7 UEFI is not supported)

Windows 8 logo certified hardware with UEFI version 2.3.1

Unlock on LAN Requirements

MacOS - On Mac, you can use Unlock on LAN on computers that are shipped with OSX Lion or higher. You can also use Unlock on LAN with some earlier computers, if a firmware update is applied to the computer (http://support.apple.com/kb/HT4904).

Windows - On Windows, you can use Unlock on LAN on computers that support UEFI Network Protocol. UEFI Network Protocol is on Windows 8 logo certified computers that have a built in Ethernet port. The computer must be running Windows 8 in native UEFI mode and Compatibility Module Support (CSM) must not be enabled. On some computers, UEFI Network support must be manually enabled in the BIOS setup.

See sk93709 to troubleshoot UEFI network connectivity (http://supportcontent.checkpoint.com/solutions?id=sk93709).

UEFI "Absolute Pointer" Keyboard-less Tablet Touch Requirements

Support for Pre-boot touch input on tablets (64-bit) requires:

A Windows 8 logo certified computer

The UEFI firmware must implement the UEFI Absolute Pointer protocol

You can use sk93032 to test your device for touch support (http://supportcontent.checkpoint.com/solutions?id=sk93032).

Supported Self Encrypting Drives (SED)

You can use Self Encrypting Drives with Full Disk Encryption. The requirements are:

Windows 8 UEFI

UEFI firmware that implements the UEFI ATA Pass-through protocol.

TCG Opal compliant drives version 1.0 or 2.0

These hard disk drives have been tested and verified with Full Disk Encryption:

Hard Disk Drive Name Model Firmware Opal Version

Seagate 250 GB Momentus Thin ST250LT014-9YK14C 0004LVM7 1

Hitachi Travelstar ZK7320 HITACHI HTS723225A7A365 OPAL

ECB6B80P 1

Crucial M500 120 GB Crucial_CT120M500SSD1 MU02 2

Seagate 500 GB Momentus Thin ST500LT025-1A5142 0001SDM7 2

Seagate 500 GB Momentus Thin (FIPS 140-2)

ST500LT015-9WU142 0001SDM7 2

You can use sk93345 (http://supportcontent.checkpoint.com/solutions?id=sk93345), to test a UEFI computer for compatibility with SED Opal encryption for Check Point Full Disk Encryption.

Upgrade Paths and Interoperability


Support for Single Sign-On (SSO) When Resuming from a Hibernated State

To use SSO from a hibernated state in Windows, the requirements are:

Windows Vista or higher (Windows XP is not supported with this feature)

Windows GPO Interactive logon: Do not require CTRL+ALT+DEL must not be disabled.

Endpoint Security Client Hardware Requirements

The minimum hardware requirements for client computers that run the Total Endpoint Security Package are:

1 GB RAM

1 GB free disk space

The Endpoint Security client can be installed on localized Windows Operating Systems in these languages:

German

French

Spanish

Italian

Russian

Japanese

WebCheck

WebCheck is only supported in upgrades from earlier releases.

Check Point GO Secure Portable Workspace

R77 Security Gateways only support Check Point GO Secure Portable Workspace R75. Check Point GO R70.1 and R70 (formerly known as Check Point Abra) are not supported.

Upgrade Paths and Interoperability R77 supports:

Upgrading from lower software versions

Managing earlier Security Gateways from R77 management

Upgrading SecurePlatform and IPSO Security Management Servers and Security Gateways to Gaia R77 (for supported upgrade paths)

Note: Upgrade is not supported in an ISDN configuration.

Upgrade Paths and Interoperability


Supported Upgrade Paths You can upgrade these Security Management Server and Security Gateway versions to R77:

R71.50

R75, R75.10, R75.20, R75.30, R75.40, R75.45, R75.46, R75.40VS

R76

E80.40, E80.41

You can upgrade IP appliances to R77:

Disk-based IPSO 6.2 MR4, for physical gateways (not Virtual Systems). Only a fresh installation of R77 is supported on Flash-based IPSO.

Disk-based appliances on Gaia, for physical gateways or Virtual Systems. To learn more about upgrading IPSO to Gaia, see sk69640 (http://supportcontent.checkpoint.com/solutions?id=sk69640).

You can upgrade these versions of SecurePlatform VSX gateways to R77 Security Gateways in VSX mode:

VSX R65, VSX R65.10, VSX R65.20

VSX R67, VSX R67.10

See the VSX upgrade instructions in the R77 Installation and Upgrade Guide.

Important - To upgrade to R77 Gaia, make sure there is enough free disk space in /var/log.

To upgrade a Security Gateway on a 32-bit appliance to 64-bit Virtual System mode:

1. Upgrade to the Gaia OS.

2. Run: set edition default 64-bit

3. Reboot.

Compatibility with Gateways The R77 Security Management Server can manage gateways of these versions.

Release Version

Security Gateway NGX R65

R70, R70.1, R70.20, R70.30, R70.40, R70.50

R71, R71.10, R71.20, R71.30, R71.40, R71.50

R75, R75.10, R75.20, R75.30, R75.40, R75.45, R75.40VS, R75.46, R75.47, R76

Security Gateway 80 R71.45

61000 Security System 61000 R75.035 61000 R75.05x R75.40VS for 61000

R76SP

DLP-1 R71 and higher

IPS-1 R71

VSX VSX R65, VSX R65.10, VSX R65.20, VSX R67, VSX R67.10

Uninstalling


Release Version

Connectra Centrally Managed NGX R66

UTM-1 Edge 7.5.x and higher*

GX 4.0, 5.0

* UTM-1 Edge and Safe@ devices that use locally configured VPN connections with download configuration settings, may experience VPN connectivity failure with R77 Security Gateways. To enable this configuration with R77, see sk65369 (http://supportcontent.checkpoint.com/solutions?id=sk65369).

61000 Security System Management

These Security Management Server versions can manage the 61000 Security System of these releases.

Security Management Server Version 61000 Security System Release

R75, R75.10, R75.20, R75.30, R75.40, R75.45, R75.40VS, R76, R77

61000 R75.035,

61000 R75.05x

R75.40VS, R76, R77 R75.40VS for 61000

Updating IPS Patterns IPS pattern granularity (converting patterns into protections) is installed during the first IPS update: online update, offline update, or scheduled update. This first update after installation can take a few minutes longer than usual, if R77 is:

a new installation

an upgrade from R75.30, R75.20, R75.10, R75, R71.30 or earlier

an upgrade from R75.40 or higher, or R71.40 or higher, without an online update before the upgrade

Uninstallation of IPS pattern granularity is not supported. If you uninstall R77, the patterns remain, converted to protections.

Dedicated Gateways To install R77 on an R71 DLP-1 appliance or an R71 DLP open server, do a clean installation of R77.

Note - To upgrade from DLP-1 9571 of version R71.x DLP, you must upgrade the BIOS. Then do a clean installation of R77. See sk62903 (http://supportcontent.checkpoint.com/solutions?id=sk62903) for details.

You cannot upgrade these dedicated gateways to R77:

Open Server - IPS-1 Sensor

Appliances - Security Gateway 80, UTM-1 Edge, IPS-1 Sensor

Uninstalling To uninstall R77, see the R77 Installation and Upgrade Guide (http://supportcontent.checkpoint.com/documentation_download?ID=24831).

Important InformationIntroductionImportant Note!Important SolutionsLicensing

What's NewNew Threat Emulation Software BladeNew Check Point Compliance BladeHyperSPECT TechnologyGaia Operating System EnhancementsEnhanced Gaia Software UpdatesEnhanced Identity AwarenessEnhanced Endpoint SecuritySecurity Gateway Virtual EditionEnhanced VSXEnhanced SAM Card SupportMobile Access

Build NumbersCheck Point Appliance RequirementsCheck Point AppliancesCheck Point Appliances in Virtual System ModeVPN Acceleration for 21000 Appliances with SAM CardsAppliance Hardware Health Monitoring

Operating System RequirementsCheck Point Operating SystemsOther Platforms and Operating SystemsClusterXL SupportSecurity Management Open ServerMulti-Domain Security Management RequirementsSecurity Gateway Open Server Hardware RequirementsVirtual System Open Server Hardware RequirementsMaximum Number of Interfaces Supported by PlatformGaiaGaia on Check Point Security AppliancesGaia on IP AppliancesGaia on Power-1, UTM-1 and Smart-1 AppliancesGaia WebUI

SecurePlatformLinuxIPSOMicrosoft WindowsSecurity Gateway Bridge ModeLegacy Hardware Platforms - Solaris

Management Software Blade RequirementsSecurity Management Software BladesSmartLog RequirementsEndpoint Policy Management RequirementsSmartEvent RequirementsSmartReporter RequirementsMaximum Number of Gateway Cluster Members

Gateway Software Blade RequirementsSecurity Gateway Software Blades on Check Point OSNotes on Gateway Blades on Check Point Blades

Security Gateway Software Blades on Other OSNotes on Gateway Blades on Microsoft Windows

Mobile Access Blade RequirementsDLP Blade RequirementsIdentity Awareness Blade Requirements

Management Console RequirementsConsole Hardware RequirementsConsoles by Windows Platform

Client RequirementsClients by Windows PlatformClients by Mac PlatformClient Support on VSXUserCheck Client RequirementsEndpoint Security Client RequirementsMedia Encryption & Port Protection SupportFull Disk Encryption RequirementsEndpoint Security Client Hardware RequirementsWebCheckCheck Point GO Secure Portable Workspace

Upgrade Paths and InteroperabilitySupported Upgrade PathsCompatibility with Gateways61000 Security System Management

Updating IPS PatternsDedicated Gateways

Uninstalling

Documents

CP R77 ReleaseNotes