1 Embedded NGX 7.5 Release Notes
General Availability Version

March 2008 – Document Revision 11

2
Contents
CONTENTS ......................................................................................................... 2

INTRODUCTION.................................................................................................. 3

Highlights of This Version ........................................................................................... 3

Supported Platforms .................................................................................................. 3

Availability................................................................................................................. 4

Copyright ................................................................................................................... 4

CHANGES FROM 7.5 TO 7.5.55......................................................................... 5


• Advanced NAT Rules
• Reusable Network Service Objects
• Service-Based Routing
• Web Rules
• Enhanced SIP VoIP Support

Supported Platforms
Embedded NGX 7.5 EA supports the following hardware platforms:
• Check Point Safe@Office 100B series
• Check Point Safe@Office 200 series
• Check Point Safe@Office 400W series
• Check Point Safe@Office 500 series
• Check Point UTM-1 Edge (VPN-1 UTM Edge) X series
• Check Point UTM-1 Edge (VPN-1 UTM Edge) W series
• Check Point ZoneAlarm Z100G
• NEC SecureBlade 300
• Nokia IP60 4
Availability
• Embedded NGX 7.5 is available to existing Embedded NGX customers with a valid
software subscription contract.
For additional information and documentation,
click here.

Copyright

DHCP relay does not function as expected when used from a
bridged network over a VPN link.•
Resolved issue
: In rare cases, remote HTTPS and SSH connections to the
appliance IP address over VPN may be abnormally terminated.
•
Resolved issue
: When using more than 10 VPN tunnels simultaneously,
connections scanned by VStream Antivirus are sometimes cut. HTTPS
•
Resolved Issue:
In the web user interface, the logout button now appears in
HTTPS mode, when using Internet Explorer or Firefox. Wireless

6
•
Resolved Issue:
When using WPA security, Windows Vista clients may fail

may sometimes cause shortening of packets. In rare cases, fragmented packets
that were shortened, may be silently dropped or incorrectly transmitted.
VPN
•
Resolved issue:
In certain cases, IKE Phase1 failures may cause a memory leak.
•
Resolved issue:
Disconnects

when using L2TP VPN with Apple IPhone clients.
•
Resolved issue: W
hen using VPN in “Route all Traffic” mode, certain connections
are not established correctly.
•
Resolved issue:
When configured in a managed VPN community (Enterprise Site),
the appliance may fail to connect to externally managed gateways requiring
shared secret authentication.

Wireless
•
Resolved issue:
Wireless LAN

may operate unreliably when using certain wireless
devices supporting power save mode (such as Blackberry).
SIP support
The SIP application level gateway (ALG) can now be optionally disabled.
ADSL
Norway's ISPs details were added to the ADSL wizard.
Enhanced HTTPS Support
To increase security, the following changes were done to the HTTPS web
configuration portal (
ewall):

8
- HTTPS web server cookies are now marked as “secure cookies”.
- HTTPS clients are no longer permitted to select weak 40 and 56 bit
ciphers.
Enhanced L2TP Support
The L2TP server has been enhanced to support the following cases:
- Windows Vista VPN clients behind a NAT device.
- Apple iPhone VPN clients.

Issues resolved
HTTP/HTTPS
•
Resolve issue:
low severity cross side scripting (XSS) attack potentially possible
against the configuration web portal. This issue is unlikely to be successfully
exploited.
Vstream Anti-Virus
Resolved issue: