R55 with Integrity 6.5

[EAP56]

Hi,

Has anyone been successfull at implementing Integrity 6.5 with Check Point Firewall-1 NG R55?

Thanks.

[RobertGraham]

If you mean SmartCenter integration - no. That's not until R61 I believe.

Otherwise, it should be possible to run them together as long as you don't intend to have SecureClient desktop policies AND Integrity Client/Flex at the same time. CheckPoint has specifically said this isn't supported.

If this doesn't answer your question, please be more specific.

[EAP56]

I apologize for not being clear. I am currently testing the following;

Checkpoint Integrity Server 6.5
Integrity Client 6.5

I would like to start testing Checkpoint VPN-1 SecurClient that is packaged with the above. To my understanding SecurClient integrates to some extent with the Checkpoint perimeter firewall. Our version of the Checkpoint firewall is R55.

Will this work?

Thanks.

[Zlata]

Integrity Agent 6.5 and SecureClient are sold (pricewise) as a package, but they are 2 separate engines when you install and manage. I believe only version 7.0 of Integrity will have VPN and endpoint security (Integrity) in one client.

[chillyjim]

Quote:

Originally Posted by Zlata

Integrity Agent 6.5 and SecureClient are sold (pricewise) as a package, but they are 2 separate engines when you install and manage. I believe only version 7.0 of Integrity will have VPN and endpoint security (Integrity) in one client.

You are correct. With 6.5 you can put together a "package" hat will install both, but personally at this point I think you are better building/installing the two separately (SecureClient first).

[EAP56]

Can I assume that this package will work well with Checkpoint Firewall-1 R55?

Thanks.

[EAP56]

I was able to get in touch with a Checkpoint Engineer who provided me with the following information;

"The SmartCenter must always be of the highest code revision that your gateways are running. So for example, if you want to run R60 Hotfix 03 on your gateways, you must be at that revision for your SmartCenter. The SmartCenter is backwards compatible so it can manage gateways that go as far back as FP3.

In order for the Integrity logs to be forwarded to the SmartCenter, Integrity must be at 6.5 and the SmartCenter must be at R60."

[RobertGraham]

I would like to append to Jim's message that the two software packages should be installed separately.

However, I would mention that you want to make sure that SCC is only used for client based VPN connections and no desktop policy is installed when Integrity is running. This would seem to be obvious, but a customer that already has SCC deployed with desktop policies may not be able to migrate immediately.

In such a situation, my reading suggests, that a single cut-over would be absolutely mandatory.