You are on page 1of 8

17 February 2013

Release Notes
IPSO 6.2 MR4



Classification: [Protected]




2013 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyright and distributed under
licensing restricting their use, copying, distribution, and decompilation. No part of this product or related
documentation may be reproduced in any form or by any means without prior written authorization of Check
Point. While every precaution has been taken in the preparation of this book, Check Point assumes no
responsibility for errors or omissions. This publication and features described herein are subject to change
without notice.
RESTRICTED RIGHTS LEGEND:
Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph
(c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR
52.227-19.
TRADEMARKS:
Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks.
Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of
relevant copyrights and third-party licenses.



Important Information
Latest Software
We recommend that you install the most recent software release to stay up-to-date with the latest functional
improvements, stability fixes, security enhancements and protection against new and evolving attacks.
Latest Documentation
The latest version of this document is at:
http://supportcontent.checkpoint.com/documentation_download?ID=23661
For additional technical information, visit the Check Point Support Center
(http://supportcenter.checkpoint.com).
For more about this release, see the R76 home page
(http://supportcontent.checkpoint.com/solutions?id=sk91140).
Revision History
Date Description
17 February 2013 First release of this document
Feedback
Check Point is engaged in a continuous effort to improve its documentation.
Please help us by sending your comments
(mailto:cp_techpub_feedback@checkpoint.com?subject=Feedback on IPSO 6.2 MR4 Release Notes).



Contents
Important Information ............................................................................................. 3
Introduction ............................................................................................................. 5
Supported Versions ................................................................................................ 5
Known Limitations .................................................................................................. 5
Resolved Issues ...................................................................................................... 6

Introduction

IPSO 6.2 MR4 Release Notes | 5

Introduction
Thank you for updating to Check Point IPSO 6.2 MR4. This version resolves issues for the IPSO operating
system used on Check Point IP Appliance platforms, and supports R76.
Please read this document carefully before installing IPSO 6.2 MR4.
For installation instructions, supported IP Appliance platforms, and other information about this release other
than supported versions and resolved issues see the IPSO 6.2 MR3a (Build GA055B06) Release Notes and
Getting Started Guide (http://downloads.checkpoint.com/dc/download.htm?ID=12461).

Supported Versions
You can install or upgrade to the following Check Point releases on IPSO 6.2 MR4:
R65 HFA70
R70 and R70.x releases
R71 and all R71.x releases
R75 and all R75.x releases, except for R75.40VS.
R76
Download the releases and the release notes from the Check Point Support Center
(http://supportcenter.checkpoint.com).

Known Limitations

ID Symptoms
01055516 R75 and R75.20: The fwaccel conns command shows incorrect information in the
connections table.

Resolved Issues

IPSO 6.2 MR4 Release Notes | 6

Resolved Issues
The ID is the tracking numbers for the issues in the Check Point internal database of problem resolutions.
Refer to the number if you contact Check Point about these issues.
ID Symptoms
00259668 Enhancement: ICMP is used to detect the nexthop failure so that a route can be
updated to use correct nexthops
00754147 Resolved: The HTTP restore option for backup that was available in IPSO 4.2 is not
included.
00825323 Resolved: Voyager does not allow Delete to be selected from the "Delete Manual
Backup Files" section.
00841433 Resolved: On the Backup and Restore Voyager page, if the HTTP is selected by
default, the other fields are not displayed.
00760350 Resolved: The configuration migrator on a flash based system does not change the log
file to /var/log/messages
00260433 Resolved: SecureClient connections are dropped after upgrading from R65 to R70.30
00667396 Resolved: System stability issues when using IPv6 in IPv4 tunnels with R71.
00936344 Resolved: When trying to add IPv6 address on an interface, this error shows "< IPv6
address > conflicts with destination network of < another interface >" even though the
two addresses do not have any conflict or overlap.
00760828 Resolved: Changes to a Transparent mode group that has a VLAN interface are not
handled correctly.
00259259 Resolved: The system is not stable when removing or adding VLAN interfaces on two
10 GIG aggregated ports.
00782464 Resolved: Proxy ARP entries are removed when the link state changes to up or down.
00755966 Resolved: Clish does not allow the ethernet ring descriptor to be increased past 1024.
For example 4096 entries cannot be used: set interface eth-s2/s1p1 rx-ringsize 4096.
00262748 Resolved: Aggregated Interfaces (LAG and LRE) do not show under Add interfaces in
the ACL.
00840073 Resolved: It is not possible to configure preempt in Simplified VRRP from Voyager.
00825748 Resolved: The secondary VRRP cluster members sends out Gratuitous ARP requests
on boot up. Only the master should do that.
00817693 Resolved: The Master member of an IP cluster is not stable when a member with a
loopback interface tries to join the cluster, if the loopback interface is one of the
clustered interfaces.
00259074 Resolved: The SA (Security Association) is not updated with the cluster IP when the
firewall updates the interface with a cluster IP. IPSO does not monitor address updates
to the interfaces or update the SAs with the new address.
00261680 Resolved: The "set cluster vpn-interop" command does not work.
Resolved Issues

IPSO 6.2 MR4 Release Notes | 7

ID Symptoms
00849715 Resolved: If TACACS is configured, user authorization is not performed with the
TACACS server if the user is configured locally.
00936369 Resolved: A TACACS non-local user gets an error when assigning roles to users via
Voyager.
00261127 Resolved: A locally defined user on IPSO 6.2 cannot get authorized by a TACACS
server.
00754169 Resolved: show ssh server Password-authentication command does not show on/off
correctly.
00667824 Resolved: Running the "clish -o structured" command at the same time as "Acquire
configuration lock" from Voyager or another CLISH session, leads to 100% CPU
usage.
00262745 Resolved: Running the clish command "show sysenv slot-status" shows an output for
components that are not supported. For example, in the following, Driver and ID are
not supported:
clish > show sysenv slot-status
slot1 Status:
State: empty
Driver:
ID:
00739118 Resolved: The messages log file log switch happens for log files that are smaller than
1024 KB.
00836898 Resolved: Using Voyager > Monitor > Performance Monitoring > custom dashboard,
create a dashboard containing the "VPN Connection Map". Display data older than one
week is not shown correctly.
00260972 Resolved: IPSO uses bash version 3.1. Should be upgraded to bash version 4.1.
00746289 Resolved: Stability issues in the Real time monitor (RTM) process of SmartView
Monitor.
00780331 Resolved: Cannot use PBR (Policy Based Routing) with ACLs (Access Control Lists).
00840194 Resolved: IPv4 BGP inbound NLRI (Network Layer Reachability Information) is not
stable when using IPv6-only BGP.
00777831 Resolved: IPSRD is not stable when RIP routes packets that are not RIP.
00661836 Resolved: IPSRD stability issues when there is a change in the link state of an IPSO
sync interface.
00856585 Resolved: ipsrd:instance:default:vrrp:interface:delay 30 is not set by default.
00788052 Resolved: "RTGRTG0019 tclproc: syntax error" in "show route destination" clish
command.
00516571 Resolved: PBR table missing from the routing table after the IP Appliance platform is
rebooted.
00821944 Resolved: Netflows incorrectly reports the amount of data being passed.
00260244 Resolved: The SNMP MIBs NOKIA-IPSO-SYSTEM-MIB and NOKIA-IPSO-
LINKAGGREGATION-MIB do not compile properly.
Resolved Issues

IPSO 6.2 MR4 Release Notes | 8

ID Symptoms
00764095 Resolved: SNMP reports incorrect values for HOST-RESOURCES-
MIB::hrProcessorLoad.
00844899 Resolved: SNMP does not report correct values for hrProcessorLoad.
00260734 Resolved: SNMP daemon stability issues.
00834937 Resolved: When SecureXL is enabled the ESP packets leave the firewall with the
physical interface as the source instead of the VRRP interface.
00818810 Resolved: SecureXL does not properly free up memory on the IPSO sxlfxp structure.
00875125 Resolved: "ipsctl -w net:sxl:tunables:autoexpire_notif_limit" is reset to the default value
when the policy is installed.
00932472 Resolved: The system reboots if too many global firewall parameters are defined.