Patch-ID# 105582-04
Keywords: FireWall-1 Secure Remote SecuRemote 4.0 95 NT
Synopsis: Solstice FireWall-1 4.0: Windows 95/NT SecuRemote Upgrade/Jumbo (VPN+DES)
Date: Aug/27/98

Solaris Release: 

SunOS Release: 

Unbundled Product: Firewall-1

Unbundled Release: 3.0b

Relevant Architectures: i386 

BugId's fixed with this patch:

Changes incorporated in this version: 

Patches accumulated and obsoleted by this patch: 

Patches which conflict with this patch: 

Patches required with this patch: 

Obsoleted by: 

Files included with this patch: 

	./README
	./sr40des95.exe
	./sr40desnt.exe

Problem Description:

Patch Installation Instructions:
--------------------------------

This is a Check Point distribution of SecuRemote version 4.0. This page includes
the Release Notes for SecuRemote 4.0 .

Table of Contents:
------------------

      Unpacking and Installing SecuRemote 
      New Features 
      Fixed Bugs 
      Restrictions 
      Known Bugs (Please read) 
      Downloading SecuRemote 

 

Unpacking and Installing SecuRemote
-----------------------------------

Having downloaded SecuRemote from the network as a single self-extracting file, you should first unpack it: 

    1.Create a temporary directory for installation, C:\TEMP, for instance. 
    2.Save the .exe files to your temporary directory and unzip it (double-
      click each file and follow wizard's instructions). 
    3.Enter the unzipped directory Disk1 (now located in your temporary 
      directory) and run Setup.exe. 
    4.You should now define at least one site (for more information, run the 
      program help). 

New Features 
------------

      IKE (previously known as ISAKMP/OAKLEY) key exchange with IPSec encryption
      is now supported. This applies only to encryption with version 4.0 
      gateways. Two authentication methods are supported: pre-shared secret 
      (password) and certificate authentication. The user must choose how to 
      authenticate, based on the credentials supplied. At present, for 
      certificate authentication, Entrust certificates are supported for use 
      with Entrust PKI. 

      Certificates may reside on local file system, or on supported hardware 
      tokens. 

      Authenticated and encrypted topology download: In previous versions, if a 
      management site was configured to "export" its topology, the information 
      was conveyed to any SecuRemote client, in the clear. In version 4.0, the 
      management may be configured to demand user authentication before 
      divulging the information. SecuRemote 4.0 supports this. The 
      authentication is done by means of the IKE credentials (password or 
      certificate). In this case, the information is encrypted. 

      FWZ key exchange and encryption are still supported. 

Fixed Bugs 
----------

    1.In some cases, if a user was tardy responding to an authentication pop-up,
      and entered a password a few minutes after the window popped-up, an 
      "Internal Error" would result (in some cases SecuRemote would crash). This
      has been fixed. 
    2.Windows 95 users could experience memory problems. If you are running on 
      Windows 95 with sever memory restrictions (less than 16M), or with many 
      drivers installed, you may be able to customize SecuRemote memory 
      allocation. See README file for details. 

Restrictions 
------------

    1.The new encryption features can only be utilized when encrypting with 
      Firewall-1 version 4.0 (or later). However, this version is fully backward
      compatible with Firewall-1 version 3.0. 
    2.FWZ ICMP encryption: there are two "versions" of ICMP encryption, and for
      ICMP packets to be encrypted and decrypted successfully, the SecuRemote 
      client and the firewall must agree on which version to use. FireWall-1 
      version 4.0 will, by default, use version "1" (new), as will SecuRemote 
      version 4.0. SecuRemote can be forced to use version "0" (old), to be 
      compatible with older firewalls, by editing the state/userc.set file in 
      the SecuRemote directory. 
    3.NT 3.51 is no longer supported, though in all likelihood, SecuRemote will 
      work correctly on this platform as well. 

Known Bugs 
----------

    1.Using this version of SecuRemote for Windows 95, the Installation program
      is unable to overwrite existing files. To work-around it, please uninstall
      your current SecuRemote version and then reboot, before installing 
      SecuRemote 4.0. This work-around has to be done regardless of whether you 
      choose 'overwrite' or 'update'. 

