Secure Client and Compatible FireWall-1 Versions/Features

[roadrunner]

Secure Client and Compatible FireWall-1 Versions/Features



Any version of FireWall-1 2.1c or later is compatible with any version of the SecuRemote Client. Older versions of FireWall-1 tend to work with newer versions of SecuRemote, but newer versions of FireWall-1 do not always support older versions of SecuRemote. NG requires you to use the NG version of SecuRemote. I've also heard reports that 4.1 versions of FireWall-1 do allow 4.0 or earlier versions of SecuRemote to connect. One should always be running the most current version of SecuRemote, especially since you can download it from Check Point's Download Page without a password.

Certain functionality requires certain versions of FireWall-1 and/or SecuRemote. See the table below for specific functionality:

Desired Functionality SecuRemote? Version FireWall?-1 Version Unencapsulated FWZ w/FireWall-1 Password Authentication 2.1 through NG FP1 2.1c through NG FP1 Encapsulated FWZ 3.0 through NG FP1 3.0 through NG FP1 Authentication with SecurID or S/Key using FWZ 3.0 or later 3.0a.p1 or later Authentication with SecurID or S/Key using IKE (special setup for 4.1) 4.1 SP1 build or later 4.1SP1 or later IKE (ISAKMP/OAKLEY) 4.0 build 4003 or later 4.0 SP1 or later Authenticated Topology Downloads for IKE 4.0 build 4003 or later 4.0 SP1 or later Win95B (OSR2) Support 3.0 or later n/a Win98 Support 4.0 build 4003 or later n/a WinME Support 4.1 SP2 build 4165 or later n/a Win2k Support 4.1 SP2 build 4166 n/a WinXP Support 4.1 SP5 build 4199 (NG Recommended) n/a Overlapping Encryption Domains (Encryption Domains Must Entirely Overlap) 4.1 build 4111 or later 4.1 SP1 Secure Domain Login (NT Domain Logon across SecuRemote) 4.1 SP1 build 4153 or later n/a UDP Encapsulation Mode for IKE 4.1 SP2 build 4165 or later 4.1 SP2 or later Office Mode NG FP1 NG FP1 with Office Mode Supplement or FP2 and above Visitor Mode (access via HTTPS) NG AI R54 NG AI R54

If using the Policy Server component, your client must be the same major version as your firewall (e.g. a 4.1 client cannot use an NG Policy Server).

Note that if you wish for FireWall-1 4.0 or later to support 3.x SecuRemote clients, you will need to make sure the "Respond to unauthenticated cleartext topology requests" option is checked in Rulebase Properties under the Encryption tab.

-- PhoneBoy - 13 Apr 2004

FAQForm FAQs.Class: SecureClientFAQs FAQs.OS: FAQs.Version: