Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

OPSEC Support Policy

  1. Compatibility issues with OPSEC certified products versions listed on www.opsec.com
  2. Backwards Compatibility issues
  3. The relationships between OPSEC application certifications and the various CP software versions
  4. Applying Hotfixes or Hotfixes accumulator (HFA) to Secured by Check Point appliances
  5. Our policy regarding opening support cases through OPSEC vendors' support
  6. What portion of the OPSEC vendor's product is actually certified?
  7. OS and platform certification related issues
  8. The OPSEC SDK Support - who is eligible for OPSEC SDK support?
  9. What to do when encountering issues with a certified OPSEC product?
  10. Which applications can run on SecurePlatform?
  11. What CP products (other than VPN-1/FW-1) are certified on a Secured By appliance?
  12. How does certification occur on the Nokia IPSO Platform?
  13. Which of the OPSEC APIs are supported to work with FireWall-1 VSX?
  14. What version of the OPSEC SDK is required for OPSEC applications to work with FireWall-1 VSX?
  1. Compatibility issues with OPSEC certified product versions listed on www.opsec.com

    There are two possible scenarios

    1. The version you want to use is a previous version of the partner product.

      In this case it is recommended you upgrade to the latest partner certified version - However if this isn't possible you should contact Check Point technical services (Check Point Technical Services contact info: 1-817-606-6600 or email) as we maintain a database of previous certifications. If the version you wish to use has ever been certified before we can tell you. We don''t keep all certified versions posted on opsec.com because the intent of the website is to give information about the latest certified solutions not to be a database of historic integrations.

    2. The version you want to use is later than the version we used during certification testing.

      Every OPSEC Partner is asked to keep their product certification up to date - they are given free product recertification's and are always encouraged to contact us when they make a change to the version we certified. We will make every attempt to work with them to make sure the latest version is certified. Note that you can always submit a request or contact the partner directly regarding certification updates.

      Check Point technical services will make the 'best effort' support whenever a version of a partner product is later than used during certification - If we can solve the problem we will do so - if however after reasonable attempts have been made we still can't resolve the issue we reserve the right to ask you to fall back to the certified version before we escalate the support service request. You can of course contact the partner for support to try and resolve the issue.

  2. Backwards Compatibility issues

    Except where stated differently, OPSEC SDK APIs maintain the functionality of previous OPSEC SDK versions and are platform independent. For example, a LEA client application using OPSEC SDK NG FP3 and running on Windows 2000 can obtain log information from a NG FP2 VPN-1/FireWall-1 system running on Solaris.

    Note:

    • CPMI is not fully backwards compatible. An OPSEC SDK NG FP3 Client is not able to connect to pre-NG FP3 Smart Center Servers. Furthermore, CPMI is not supported in CP2000 (VPN-1/FireWall-1 4.1) environments.
    • Products using OMI are no longer supported.
    • LEA applications compiled with the 4.1 SDK may not work correctly with NG based Firewall's (each LEA partner has been asked to recertify their product with NG).

  3. The relationships between OPSEC application certifications and the various CP software versions

    An OPSEC partner is required to re-certify their product every year or when a major release of their code is released.

    Unless the OPSEC partner page states otherwise the certification for their product is good for any of the released versions of Check Point software (note the stipulations above for API support across the product range).

    Only in case of HA/LB 3rd party products is there a requirement to run a new set of certification tests for every Check Point release. Thus, for the HA/LB products we dictate exactly which version of Check Point is supported.

    Other OPSEC applications are able to work seamlessly because the OPSEC API's are not changed from release to release of Check Point software. When there are exceptions they are noted in the partner documentation / release notes and where applicable the OPSEC.com posting.

  4. Applying Hotfixes or Hotfix accumulator (HFA) to Secured by Check Point appliances

    Hotfixes as well as Hotfixe accumulators released by Check Point technical services won't render a Secured By Check Point appliance un-supportable.

  5. Our policy regarding opening support cases through OPSEC vendors' support

    There are cases where a support service request that was opened by a customer through Check Point's technical services also involves an OPSEC certified product and there is uncertainty regarding 'who's to blame' the CP product or the OPSEC product?

    When a ticket is opened in Check Point support we will make every effort to resolve the issue especially if it appears the problem lies in the integration of the products - we may however defer customers to the relevant partner support organization when the issue is something outside our scope.

    We do communicate with many partner support organizations to make sure our products work together properly and encourage customers to report any issues they see.

  6. What portion of the OPSEC vendor's product is actually certified?

    When the OPSEC team certifies a product they primarily test the OPSEC integration points (i.e. CVP, UFP, LEA etc.) and not all the product's features and functionalities. We are focused on verifying the product interoperability is compliant and the use of our APIs is done correctly.

    We do make reasonable efforts to evaluate all the product's aspects and overall user experience as a part of every certification test and will fail products that don't meet acceptable levels of quality.

    We customize our test plans for each product submitted for certification and this enables us to find a tremendous amount of bugs before products are certified (on the average 2 builds are needed from a partner with fixes before they are certified).

  7. OS and platform related certification issues

    An OPSEC application certification is tied to the platform (i.e. Windows, Linux, Solaris, SecurePlatform) within that platform you must use what is supported by the partner.

    For example if an OPSEC application partner certifies their product on the Windows platform we will tie the certification to Windows (i.e. the certification of their product on Windows doesn't imply it is certified on Linux they must submit separately for Linux certification) - However within the Windows product line the certification is good for all iterations (service packs etc.) supported by that partner.

    Also note just because a partner product is certified on Windows it doesn''t mean it won''t work across the network fine with all other platforms we support. An OPSEC application certified and running on Windows is certified to work against Check Point components that may be on any platform (IPSO, SecurePlatform, Linux etc.) this is because the network calls and protocols are platform independent.

  8. The OPSEC SDK Support - who is eligible for OPSEC SDK support

    The OPSEC SDK support is a unique program intended only for signed
    OPSEC partners who develop product integrations with one or more of the OPSEC interfaces or for appliance partners building 'Secured By Check Point' appliances.

    Regular customers who wish to use the SDK for their own purposes cannot get free OPSEC SDK support.

  9. What to do when encountering issues with a certified OPSEC product?

    It the problem resides on the OPSEC product itself then obviously one should contact the relevant OPSEC vendor for support. If the issue relates to the interoperation with one of Check Point's products then contact Check Point's Technical Services through 1-817-606-6600 or Email.

    In case someone would like to share any comments or suggestions regarding an integration or partnership please contact us and someone will get back to you via Email.

  10. Which applications can run on SecurePlatform?

    Only OPSEC applications which have passed the certification tests for SecurePlatform are eligible to be installed and used on a SecurePlatform. Any non-certified application placed on SecurePlatform will likely result in our support team being unable to handle a reported issue.

    The partners who certified their application for SecurePlatform will add the exact version of SecurePlatform they are certified against as one of their supported platforms on the OPSEC.com web site listing and in their documentation.

    Note that because of upgrade complexities SecurePlatform certification is specific to the exact version (i.e. a partner can't get certified against SecurePlatform NG AI and then claim certification for subsequent or prior releases - without first passing our testing procedures).

  11. What CP products (other than VPN-1/FW-1) are certified on a Secured By appliance?

    Some partners will select to not ship all the possible CP products on their appliance (i.e some might not include FloodGate-1 or UserAuthority) - In general all features of our products are certified to work when an appliance is purchased (for example ClusterXL, Performance Pack etc.) - when there are exceptions they will be noted in the partner documentation and/or release notes.

  12. How does certification occur on the Nokia IPSO Platform?

    Nokia has their own certification program called Nokia Security Developers Alliance. Partners wishing to run OPSEC applications on IPSO products must get the OPSEC SDK for IPSO after approval from Nokia and join the Nokia program to pursue Nokia OK certification.

  13. Which of the OPSEC APIs are supported to work with FireWall-1 VSX?

Currently none of the OPSEC interfaces are supported with VSX.

  1. What version of the OPSEC SDK is required for OPSEC applications to work with FireWall-1 VSX?

    Only NG based compiled applications are supported with FireWall-1 VSX. 4.1 complied applications are not certified nor supported to work with VSX.