• No results found

Endpoint Security VPN for Mac

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Endpoint Security VPN for Mac"

Copied!
10
0
0

Loading.... (view fulltext now)

Download now ( 10 Page )

Full text

(1)

16 January 2013

Release Notes

Endpoint Security VPN for

Mac

E80.41

(2)

© 2013 Check Point Software Technologies Ltd.

All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

RESTRICTED RIGHTS LEGEND:

Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19.

TRADEMARKS:

Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks. Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of relevant copyrights and third-party licenses.

Important Information

Latest Software

We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks.

Latest Documentation

The latest version of this document is at:

http://supportcontent.checkpoint.com/documentation_download?ID=22002

For additional technical information, visit the Check Point Support Center (http://supportcenter.checkpoint.com).

For more about this release, see the E80.41 home page (http://supportcontent.checkpoint.com/solutions?id=sk91181).

Revision History

Date Description

16 January 2013 First release of this document

Feedback

Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments

(3)

Contents

Important Information ... 2

Introduction ... 4

What's New ... 4

Migrating from SecureClient ... 4

Remote Access Clients Comparison ... 5

System Requirements ... 7

Client Requirements ... 7

VPN Gateway Requirements ... 7

Build Numbers ... 7

Supported Upgrades ... 7

Installation and Configuration ... 8

Installing the Endpoint Security VPN Hotfix ... 8

Uninstalling this Hotfix ... 9

Installing the Client ... 9

Uninstalling the Client ... 9

Automatic Upgrade from the Gateway ... 9

Known Limitations and Resolved Issues ... 10

(4)

Introduction

Endpoint Security VPN for Mac Release Notes E80.41 | 4

Introduction

E80.41 is a hotfix for E75 Endpoint Security VPN for Mac. For a list of the new features included in E75, see the Endpoint Security VPN for Mac Release Notes

(http://supportcontent.checkpoint.com/solutions?id=sk69622).

What's New

This release provides enhancements and resolves issue for Endpoint Security VPN for Mac E75.

This release aligns Endpoint Security VPN for Mac with the Mac Endpoint Security client that is part of the full Endpoint Security E80.41 Suite. You can upgrade from this release to Endpoint Security E80.41 and higher for more Endpoint Security functionality.

Migrating from SecureClient

(5)

Remote Access Clients Comparison

Endpoint Security VPN for Mac Release Notes E80.41 | 5

Remote Access Clients Comparison

Feature Endpoint Security VPN for Windows Check Point Mobile for Windows SecuRemote Endpoint Security VPN for Mac Description

Client Purpose Secure connectivity with desktop firewall & compliance checks Secure connectivity & compliance checks Basic secure connectivity Secure connectivity with desktop firewall

Replaces Client SecureClient NGX R60 Endpoint Connect R73 Endpoint Connect R73 SecuRemote NGX R60 SecureClient for Mac IPSEC VPN Tunnel

All traffic travels through a secure VPN tunnel. Security

Compliance Check (SCV)

Monitor remote computers to confirm that the configuration complies with organization's security policy.

Integrated Desktop Firewall

Integrated endpoint firewall centrally managed from a Security Management Server

Split Tunneling Encrypt only traffic targeted to

the VPN tunnel.

Hub Mode Pass all connections through

the gateway. Dynamic

Optimization of Connection Method

When NAT-T connectivity is not possible, automatically connect over TCP port 443 (HTTPS port).

Multi Entry Point (MEP)

Manual only

Client seamlessly connects to an alternative site when the primary site is not available. Secondary

Connect

End-users can connect once and get transparent access to resources, regardless of their location.

Office Mode IP Each VPN client is assigned an

(6)

Remote Access Clients Comparison

Endpoint Security VPN for Mac Release Notes E80.41 | 6 Feature Endpoint Security VPN for Windows Check Point Mobile for Windows SecuRemote Endpoint Security VPN for Mac Description Back Connection Protocols

Support protocols where the client sends its IP to the server and the server initiates a connection back to the client using the IP it receives. These protocols include: Active FTP, X11, some VoIP protocols. Auto Connect

and Location Awareness

Intelligently detect if the user is outside the internal office network, and automatically connect as required. If the client senses that it is inside the internal network, the VPN connection is terminated.

Roaming Tunnel and connections remain

active while roaming between networks.

Always Connected

VPN connection is established whenever the client exits the internal network.

Secure Domain Logon (SDL)

VPN tunnel and domain connectivity is established as part of Windows login allowing GPO and install scripts to execute on remote machines.

Split DNS Resolves internal names with

the SecuRemote DNS Server configuration.

Hotspot Detection and

Registration Detection

only

Makes it easier for users to find and register with hot spots to connect to the VPN through local portals (such as in hotels or airports).

Secure Authentication API (SAA)

(7)

System Requirements

Endpoint Security VPN for Mac Release Notes E80.41 | 7

System Requirements

Read all requirements carefully.

Client Requirements

Endpoint Security VPN E80.41 can be installed on these Mac platforms in 32 and 64 bit:

 Mac OS X 10.6 Snow Leopard

 Mac OS X 10.7 Lion

 Mac OS X 10.8 Mountain Lion

VPN Gateway Requirements

For remote VPN access by the client:

Check Point Version Version Supported for E80.41 Security Gateway R71 R71.30 and higher

Security Gateway R75 R75 and higher

VSX R65 Not Supported

VSX R67 R67.10

UTM-1 Edge 8.2.33

Build Numbers

The build number for this release is 835017207.

Supported Upgrades

Upgrade to this release from:

 Endpoint Security VPN for Mac E75

 Endpoint Security VPN for Mac E75.01

(8)

Installation and Configuration

Endpoint Security VPN for Mac Release Notes E80.41 | 8

Installation and Configuration

Before you install this release, make sure that you have supported gateways, and if necessary, a required Hotfix.

If Visitor mode is configured on port 443 and WebUI is enabled on the gateway, the WebUI must listen on a port other than 443. Otherwise, Endpoint Security VPN cannot connect.

Installing the Endpoint Security VPN Hotfix

Install the Endpoint Security VPN E80.41 Hotfix on gateways or standalone, self-managed gateway deployments. In a Multi-Domain Security Management environment install the Hotfix on the Multi-Domain Server.

If you have R71.30 and higher or R75 and higher installed on a gateway, Security Management Server, or Multi-Domain Server, it can support Endpoint Security VPN. It is not necessary to install a Hotfix. See the

System Requirements section of the Release Notes for exact details.

For other supported gateway versions, install the Hotfix. (http://supportcontent.checkpoint.com/solutions?id=sk69622)

Before you install the Hotfix:

This Hotfix has possible conflicts with other installed Hotfixes. If you can, it is safest to uninstall all Hotfixes installed on the Security Management Server or gateways. See Uninstalling a Hotfix ("Uninstalling this Hotfix" on page 9). If you cannot uninstall a Hotfix, contact Check Point Technical Support.

To install the Hotfix on a Security Gateway or Security Management Server:

1. Download the Hotfix.

2. Copy the Hotfix package to the Security Gateway or Security Management Server. 3. Run the Hotfix:

On SecurePlatform, Disk-based IPSO, and Solaris: a) tar -zxvf <name_of_file>.tgz

b) ./UnixInstallScript

On Windows platforms: double-click the installation file and follow the instructions. 4. Reboot the Security Gateway or Security Management Server.

To install the Hotfix on a Multi-Domain Server:

1. On the Multi-Domain Server, run: mdsenv. 2. Download the Endpoint Security VPN Hotfix

(http://supportcontent.checkpoint.com/solutions?id=sk69622) to the Multi-Domain Server. 3. Run the Hotfix on SecurePlatform and Solaris:

a) tar -zxvf <name_of_file>.tgz b) ./UnixInstallScript

(9)

Installation and Configuration

Endpoint Security VPN for Mac Release Notes E80.41 | 9

Uninstalling this Hotfix

If you need to uninstall a Hotfix, use this procedure.

To uninstall a Hotfix from a gateway:

1. Go to the installation directory: cd /opt/CPsuite-version/

For example, the installation directory on an R70.40 gateway is: /opt/CPsuite-R70/ 2. Run: ./uninstall_<name_of_original_Hotfix_file>

The name of the Hotfix is different for gateway version and for Hotfix functionality. 3. Enter y at the prompt.

4. Reboot the Security Gateway.

Installing the Client

Install the client on a supported Mac platform booted in 64-bit or 32-bit mode.

To install Endpoint Security VPN for Mac on a client computer:

1. Download the Endpoint_Security_VPN.dmg file to the client computer. 2. Double-click the file.

After the disk image mounts to the file system, a Finder window opens with the contents of the package. 3. Double-click the Endpoint_Security_VPN.pkg file to start the installation.

4. Follow the on-screen instructions.

Uninstalling the Client

If necessary, you can uninstall the Endpoint Security VPN client.

To install Endpoint Security VPN for Mac from a client computer:

1. Double-click the Endpoint_Security_VPN.dmg file.

After the disk image mounts to the file system, a Finder window opens with the contents of the package. 2. Double-click the Uninstaller to start the uninstall process.

3. Do the on-screen instructions.

Automatic Upgrade from the Gateway

You can configure your Security Gateway to automatically upgrade Remote Access VPN clients the next time that they connect. When this occurs, the Security Gateway downloads the applicable package to the client. Endpoint users must have administrator permissions to install an upgrade.

You can have packages for different versions of the VPN client for Windows and Mac OS X on your Security Gateway at the same time. For example, you can have E75.01 for Mac and E75.20 for Windows at the same time.

To set up a gateway to automatically install client upgrades:

1. Download Endpoint Security VPN E80.41 Automatic Upgrade file.

2. Rename the Endpoint_Security_VPN.pkg, Endpoint_Security_VPN.pkg.signature and ver.ini files to TRAC.pkg, TRAC.pkg.signature and trac_ver_osx.txt respectively. 3. Upload these files to this directory on the gateway:

$FWDIR/conf/extender/CSHELL

 For version R71.x only, copy the TRAC.pkg and TRAC.pkg.signature files also to: $CVPNDIR/htdocs/SNX/CSHELL.

4. On a non-Windows gateway, run:

 chmod 750 TRAC.pkg

 chmod 750 TRAC.pkg.signature

(10)

Known Limitations and Resolved Issues

Endpoint Security VPN for Mac Release Notes E80.41 | 10 5. In SmartDashboard, go to Policy > Global Properties > Remote Access > Endpoint Connect.

6. Select one of these Client upgrade mode options:

Do not upgrade - This option disables automatic upgrades from the gateway. Automatic upgrades are not available for endpoint users.

Ask user - The user receives a prompt and can install immediately or at a later time.

If the user does not install the upgrade immediately, the prompt will show again in one week.

Always upgrade - The new package installs silently without user intervention. The user receives a notification once the upgrade completes successfully.

7. Install the policy.

Known Limitations and Resolved

Issues

Known limitations for this release are in sk91183

(http://supportcontent.checkpoint.com/solutions?id=sk91183). Resolved issues for this release are in sk91184

(http://supportcontent.checkpoint.com/solutions?id=sk91184). All limitations for E80.40 Mac Clients in sk82101

References

Download now ( PDF - 10 Page - 334.43 KB )

Related documents

Screening subclinical keratoconus with Placido-based corneal indices

To assess in a sample of normal, keratoconic and keratoconus suspect eyes the performance of a set of new topographic indices computed directly from the

The enactment of knowledge translation: a study of the Collaborations for Leadership in Applied Health Research and Care initiative within the English National Health Service.

CLAHRC: Collaborations for Leadership in Applied Health Research and Care; KT: knowledge translation; NHS: National Health Service.. J Health Serv Res Policy.. Europe PMC Funders

Future Oriented Strategy for SMEs

At the same time the available results of the research conducted in Germany (Andriopoulos, &amp; Gotsi, 2006) regarding the expectations and experiences of German small

0 25 Disability Service. Equality Impact Assessment and Analysis (EqIAA)

Joint commissioning in the context of the 0-25 Disability Service requires local partners to identify outcomes that matter to children and young adults with special educational needs

Corporate environmental responsibility

As stated earlier, this thesis concentrates on the environmental policies and strategies of some major companies, that is corporate environmental responsibility (CER); the drivers

Dell Endpoint Security Suite Enterprise for Mac

Endpoint Security Suite Enterprise for Mac Technical Advisories Endpoint Security Suite Enterprise for Mac offers advanced threat prevention at the operating system and memory

Fabrication, development and characterization of a waveguide microscopy device for biological applications

Here we present ongoing efforts to further develop a waveguide‐based platform  for  evanescent  light‐scattering  microscopy.  By  adopting  the  fabrication 

Social Security Commission National Medical Benefit Fund

Given that the Social Security Act of 1994 specifies that the NMBF will cover every employee of every employer, except if he or she is a member of a private