I discovered fairly serious upgrade bug with NGX. After I upgraded my SPLAT management server (R55 HFA08) I noticed that there is no longer a "Support key exchange for subnets" option on my interoperable devices. Instead this is replaced with the "VPN Tunnel Sharing" option which allows you to do the same thing by selecting "One VPN tunnel per each pair of hosts". The problem with the upgrade is that all VPN communities and interoperable devices are set to "One VPN tunnel per subnet pair" during the upgrade, regardless of what your "Support key exchange for subnets" setting was. Luckily for me I had documented which VPNs required "Support key exchange for subnets" to be disabled, so I could manually change this back. For those who aren't aware of this bug this could become a real problem. Looking at the old DB revisions with the new NGX SmartConsole won't show you what the old setting was either. The only way I knew which VPNs needed this changed is that I had this documented in a text file.
Has anyone else seen this bug, or am I the only lucky one? ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
