1


Embedded NGX 7.5 Release Notes
General Availability Version

March 2008 – Document Revision 11




2
Contents
CONTENTS ......................................................................................................... 2

INTRODUCTION.................................................................................................. 3

Highlights of This Version ........................................................................................... 3

Supported Platforms .................................................................................................. 3

Availability................................................................................................................. 4

Copyright ................................................................................................................... 4

CHANGES FROM 7.5 TO 7.5.55......................................................................... 5

7.5.55......................................................................................................................... 5

7.5.51......................................................................................................................... 6

7.5.48......................................................................................................................... 7

7.5.45......................................................................................................................... 7

NEW FEATURES ................................................................................................ 9

New Security Features................................................................................................ 9

New Networking Features ........................................................................................ 14

New Usability Features ............................................................................................ 19

APPENDIX A: SUPPORTED PERIPHERALS ...................................................21






3
Introduction
Highlights of This Version

Embedded NGX 7.5 incorporates a host of new and improved features, including:
• Internet Connection Load Balancing
• Advanced Firewall Rules

• Advanced NAT Rules
• Reusable Network Service Objects
• Service-Based Routing
• Web Rules
• Enhanced SIP VoIP Support

Supported Platforms
Embedded NGX 7.5 EA supports the following hardware platforms:
• Check Point Safe@Office 100B series
• Check Point Safe@Office 200 series
• Check Point Safe@Office 400W series
• Check Point Safe@Office 500 series
• Check Point UTM-1 Edge (VPN-1 UTM Edge) X series
• Check Point UTM-1 Edge (VPN-1 UTM Edge) W series
• Check Point ZoneAlarm Z100G
• NEC SecureBlade 300
• Nokia IP60





4
Availability
• Embedded NGX 7.5 is available to existing Embedded NGX customers with a valid
software subscription contract.
For additional information and documentation,
click here.

Copyright

© Copyright 2007 SofaWare Technologies Ltd.
SofaWare is a registered trademark of SofaWare Technologies Ltd.
Check Point is a registered trademark of Check Point Software Technologies Ltd.




5
Changes from 7.5 to 7.5.55
7.5.55
New Features
Additional USB modems
Support was added for the following USB modems:
- Teltonika U3G15S
- Qualcomm ZTE MF622 HSDPA
Issues resolved
Firewall
•
Resolved issue:
When handling large packets, requiring fragmentation, over PPP
Internet links, some packets are handled incorrectly.
Connectivity
•
Resolved issue:
Dead Connection Detection set on the primary Internet
connection coupled with a secondary PPP Internet connection in Connect-on-
Demand mode, may fail to operate as expected.
VPN
•
Resolved issue:

DHCP relay does not function as expected when used from a
bridged network over a VPN link.


•
Resolved issue
: In rare cases, remote HTTPS and SSH connections to the
appliance IP address over VPN may be abnormally terminated.
•
Resolved issue
: When using more than 10 VPN tunnels simultaneously,
connections scanned by VStream Antivirus are sometimes cut.


HTTPS
•
Resolved Issue:
In the web user interface, the logout button now appears in
HTTPS mode, when using Internet Explorer or Firefox.


Wireless




6
•
Resolved Issue:
When using WPA security, Windows Vista clients may fail

obtaining an IP address using DHCP, and certain broadcast packets may be
encrypted with an incorrect key.
7.5.51
Issues resolved
Management
•
Resolved issue:
Upgrade from firmware 6.0 directly to 7.5 may cause certain
settings to be reset to their default values.
•
Resolved issue
: During an appliance reboot, the gateway continues to appear as
“connected” in the Service Center (SMP/SmartCenter).
•
Resolved issue
: When downloading a

CLI scripts from the Service Center, the
managed items are not correctly marked as “Remotely Managed”.

Firewall and Smart Defense
•
Resolved issue:
SIP ALG does not work correctly through a VPN tunnel.
•
Resolved issue:
SIP support for Cisco VoIP phones improved.
•
Resolved issue:
As a normal side effect, SIP ALG processing or IPSEC decryption

may sometimes cause shortening of packets. In rare cases, fragmented packets
that were shortened, may be silently dropped or incorrectly transmitted.
VPN
•
Resolved issue:
In certain cases, IKE Phase1 failures may cause a memory leak.
•
Resolved issue:
Disconnects

when using L2TP VPN with Apple IPhone clients.
•
Resolved issue: W
hen using VPN in “Route all Traffic” mode, certain connections
are not established correctly.
•
Resolved issue:
When configured in a managed VPN community (Enterprise Site),
the appliance may fail to connect to externally managed gateways requiring
shared secret authentication.

Wireless
•
Resolved issue:
Wireless LAN

may operate unreliably when using certain wireless
devices supporting power save mode (such as Blackberry).





7

7.5.48
Issues resolved
Firewall and Smart Defense
•
Resolved issue:
In certain cases, the appliance may restart when processing SIP IP
telephony packets.
Vstream Anti-Virus
•
Resolved issue:
Specific EXE files are scanned slowly.
Management and settings
•
Resolved issue:
When upgrading from firmware, 7.0 VPN sites and SNMP settings
revert to disabled.
•
Resolved issue:
A potential security vulnerability corrected in the SNMP server.
7.5.45
New Features

Additional USB modems
Support was added for the following USB modems:
- Novatel Ovation MC950D
- Novatel U727

SIP support
The SIP application level gateway (ALG) can now be optionally disabled.
ADSL
Norway's ISPs details were added to the ADSL wizard.
Enhanced HTTPS Support
To increase security, the following changes were done to the HTTPS web
configuration portal (
ewall):




8
- HTTPS web server cookies are now marked as “secure cookies”.
- HTTPS clients are no longer permitted to select weak 40 and 56 bit
ciphers.
Enhanced L2TP Support
The L2TP server has been enhanced to support the following cases:
- Windows Vista VPN clients behind a NAT device.
- Apple iPhone VPN clients.

Issues resolved
HTTP/HTTPS
•
Resolve issue:
low severity cross side scripting (XSS) attack potentially possible
against the configuration web portal. This issue is unlikely to be successfully
exploited.
Vstream Anti-Virus
Resolved issue:

in certain cases, VStream Antivirus may block valid connections.
Firewall
•
Resolved issue:
A memory issue when using DHCP relay.
ADSL
•
Resolved issue:
ANNEX B DSL modems support for G.DMT standard.
IP60
•
Resolved

issue: Nokia IP60 GUI layout appears incorrectly.