Check Point IPv6 support

Some customers asked for Check Point policy in supporting IPv6 protocol. They usually receive a positive answer from vendor partners but few of them knows that at today supporting IPv6 doesn't really mean providing complete set of features actually applied to IPv4.
This leads to a lot of confusion, unnecessary expenses and painful troubleshooting.

Check Point is offering a very limited IPv6 support in its flagship product, the VPN-1 firewall, since the release NG [R54], aka VPN-1 NG with Application Intelligence.
The product has already embedded the kernel but to enable it you have to request a special license from the UserCenter portal (automatically and immediately issued) and import it into the Check Point Configuration (manually or by the Smart Update client).

Since the release of new products family dubbed NGX [R60], this IPv6 support has been extended with a special IPv6Pack, to be downloaded separately but still free of charge.

It still misses a lot of features. Among others:

• No support for Microsoft Windows 2000 / 2003, Sun Solaris 10 and Linux (excepted the Check Point SecurePlatform) platforms


• No support for the RSH protocol


• No support for Client Authentication in Nokia IPSO platforms


• No strict Security Policy Verification


• Obligation to define IPv4 addresses for objects


• Problems at various levels with log filtering


• Problems at various levels with object creation within the GUI


• Problems at various levels with SmartDefense

Also note that at the moment enabling IPv6 support double the memory usage.

To survive in this partially-supported nightmare be sure to read the whole set of documents Check Point released for IPv6Pack:

• Release Notes


• What's New


• Getting Started Guide


• Upgrade Guide


• User Guide

All downloads will require authentication.