What are the Release Notes for VigilEnt Security Agent for VPN -1/Firewall -1 1.1? (NETIQKB25147)

  • 7725147
  • 02-Feb-2007
  • 07-Jul-2008

Resolution

goal
What are the Release Notes for VigilEnt Security Agent for VPN -1/Firewall -1 1.1?

fact
VigilEnt Security Manager 3.0 SR1

fact
VigilEnt Security Agent for VPN-1/Firewall ? 1 1.1

fix

New Features and Enhancements

 

Check Point Provider -1 Installation

When VigilEnt Security Agent for VPN-1/FireWall-1 and Check Point Provider-1 are installed on the same computer, you must follow the guidelines below to ensure communication between these devices.

Follow these guidelines when you install VigilEnt Security Agent for VPN-1/FireWall-1 on a computer hosting Check Point Provider-1:

  1. Install VigilEnt Security Agent for VPN-1/FireWall-1 as if it is installed on a computer remote from Check Point Provider-1. Use the virtual IP address of the Customer Management Add-on (CMA) as the destination IP address for NETIQ agent communication.
  2. Once VigilEnt Security Agent for VPN-1/FireWall-1 is installed, remove the "auth_type" line from the opseclea.conf and opsec-sam.conf files. You can find these files in the following locations:
    • On Windows:
      • \Program Files\Pentasafe\Vsaf\conf\opsec-lea.conf
      • \Program Files\Pentasafe\Vsaf\conf\opsec-sam.conf
    • On Solaris:
      • /opt/PentaSafe/VSAF/conf/opsec-lea.conf
      • /opt/PentaSafe/VSAF/conf/opsec-sam.conf
  3. The putkey command does not function for authentication in this instance. Verify connectivity by using the psDetect -B | lc -c 5 command.

 

Firewall -1 5.0 (NG) does not use current account log

FireWall-1 version 5.0 (NG) no longer uses the Current Account Log (as version 4.1 did). If you run a task in VigilEnt Security Manager with Current Account Log selected for a FireWall-1 5.0 (NG) device, the report returns without data. For version 5.0, CheckPoint has moved the data from Current Account Log to the Current Security Log.
Enter Task Parameters of the Run Task Suite Wizard, ensure that the Log File parameter for reports run against FireWall-1 5.0 (NG) modules is set to Current Security Log.

 

Firewall -1 5.0 (NG) requires a lower-case ?u? in ?user?

To enable the Unknown User report to function, you must edit the file supporting the report.

You can find these files in the following locations:

  • On Windows: \Program Files\Pentasafe\Vsaf\bin\FILTER-users-unknown
  • On Solaris: /opt/PentaSafe/VSAF/bin/FILTER-users-unknown

Replace the capital ?U? in ?User? with a lower-case ?u? (?user?). Ensure that you save the file FILTER-users-unknown. Now the Users-Unknown report and the Users-Unknown Summary report, which require the FILTER-users-unknown file, will function for FireWall-1 5.0 (NG).

 

Service Release VigilEnt Security Manager 3.0, SR-1

The VigilEnt Security Agent for VPN-1/FireWall-1 Installation Guide (printed February 18, 2002) incorrectly states the name of the VigilEnt Security Manager (VSM) service release as ?VSM 3.0 (version 1.0 SR1)? on page 4 and ?VigilEnt Security Manager 3.0 (version 1.0 RS1)? on page 8.

The correct name of the service release is ?VSM 3.0, SR-1.? Apply this service release to VigilEnt Security Manager as instructed in the installation guide.



Additional Information

Formerly known as NETIQKB25147