Firmware 8.0.35 released

[dantro]

SofaWare has just released a new major firmware version 8.0.35 to the general public.

Make sure to read the Embedded_NGX_8_GA_ReleaseNotes.pdf (General Availability Version) carefully for all the new features and resolved issues.
Check Point recommends to update to this firmware version asap.

Embedded NGX 8.0 incorporates a lot of new and improved features, including:

- VStream Antispam
- Firewall Monitor
- Enhanced Policy Editors
- Built-in 802.1x and WPA Authenticator
- Built-in RS-232 Terminal Server
- Built-in DNS Server
- BGP Dynamic Routing
- Enhanced SNMP MIB
- New Status Dashboard

[hotice_]

Dantro,
I also got this from one of my contacts...however, have you seen a download link to the GA version yet?

[dantro]

You can grab it directly from Check Point.
Firmware Version 8.0.35x
Firmware Version 8.0.35a for ADSL
8.0.35 libsw for Linux and Solaris
8.0.35 libsw for Windows

[hotice_]

Ah, the files are filed under Safe@Office and not UTM1-Edge devices..that's why I couldn't find them...

I imagine its the same firmware?

[Thorpuse]

Finally! Thanks for the update dantro!

[melipla]

Quote:

Originally Posted by hotice_

I imagine its the same firmware?

Yes, sofaware makes the Edge devices & releases the firmware for them.

[dantro]

ATTENTIONE !!

There is a slight issue I encountered on nearly every UTM-1 Edge that was updated to 8.0.35. The DMZ port assignment was lost. This causes address spoofings in the security log as requests from the DMZ network appear on your UTM-1 Edge appliance but it doesn't expect them on its DMZ interface.

Always check the Port assignments under Network > Ports after an update to this firmware!

[lammbo]

2 more issues to report: (My best friend sells safe@office for small businesses)

Since the firmware is identical for Edge an Safe@Office, I thought these may apply equally.

1) Automatic Update = bad - he had 2 customers that got the firmware update in mid-afternoon and it rebooted. He THOUGHT he only had anti-virus updates turned on.

Why would CP do mid-afternoon automatic upgrades? You would think they would program something to do Midnight in the local time zone or something if a reboot is required...


2) Anti-SPAM. Even though this was set to disabled and the screen with the scanning rules says something along the lines of "Anti-SPAM is disabled and these rules do not apply". I had to disable the default SMTP scanning rule because it stopped SMTP connections following the firmware upgrade.

Very reminiscent of SmartDefense dropping packets when in Monitor Only mode in FW-1. When he called me to ask for help troubleshooting, this was my first thought and sure enough, as soon as I disabled the rule, I was able to telnet to port 25.

[msjouw]

One more major problem found, we run a lot of older Nokia IP40's which run fine with libsw up to version 7.5.55 however with the 8.0.35 libsw we had been locked out completely from these boxes, the only thing still allowed was the Smartcenter connection.

[dantro]

Just go to Services > Connect and uncheck the Service Center connection. Next > Next > Finish. Connect the IP40 to the Service Center again and everything should be fine. You should have an IP or network configured under Setup > Management for such emergency cases.

Update: The above steps can also done by a small script configured centrally on your SmartCenter Server or via remote scripting.

[msjouw]

Dantro, I don't see this as a solution for the 50+ IP4x's we have devided over 20 CMA's.
LIBSW is not supposed to lock us out and when I go back to 7.5.55 LIBSW the problem is gone.
We HAVE the network access limited on the Management HTTPS and SSH page.
These boxes are all around the world and although I don't mind going to almost all of theses countries, however Mumbai is not on my wishlist this week

[dantro]

See update posted above. This is an old issue/behaviour I encountered with older versions as well. Maybe it's by design of the product.

Get some hands-on training and blaim Nokia, not me.

[geetarman]

anyone else having issues with libsw upgrade leading to odd errors?
This is SmartCenter R65 HFA30 on SPLAT.

I went from 8019 (incl in HFA30 I guess) to 8.0.35
Edge is running 8.0.35 fine.

Now when I try to push policy I get this error:

"Advanced Security VPN-1 UTM Edge/Embedded Gateway cpp: line 547, Fatal error: Cannot open include file "fwui_head.def" Advanced Security VPN-1 UTM Edge/Embedded Gateway cpp: line 547, Fatal error: Cannot open include file "fwui_head.def":

Funny thing is the file is there, looks fine too. Why is cpp choking?

I did cpstop/cpstart.. no change.

I chmoded all files to root:root to see if that would help (they came out of tar with numeric user & group ID's..) and root has read on this file as you can see:

[Expert@myfirewall]# whoami
root
[Expert@myfirewall]# head fwui_head.def
#define __WIN32
#ifndef __fwui_head__
#define __fwui_head__

//
// (c) Copyright 1993-2000 Check Point Software Technologies Ltd.
// All rights reserved.
//
// This is proprietary information of Check Point Software Technologies
// Ltd., which is provided for informational purposes only and for use
[Expert@PALCPMSRV01]#

any thoughts? Did not see any sk's which related. Checked sofaware boards too.

Thx

[cpgoof]

Doesn't seem to work on an X-series Industrial...