Check Point VPN-1 SecuRemote/SecureClient NG with Application Intelligence (R54) build 023 Readme File 
==============================================================================================================

Contents
========
1. New features in NG with Application Intelligence (R54)
2. Connectivity troubleshooting
3. Note for Windows XP users
4. Note for AOL users


New features in NG with Application Intelligence (R54)
======================================================

Connect mode:
1. A green dot in the SecuRemote/SecureClient systray icon indicates that the client is
   connected.
2. In network environments in which there are frequent disconnections (e.g. wireless network),
   when a disconnection from the network occurs, the client will stay in a connected
   state for 3 minutes. When the network connection resumes, if SecuRemote/SecureClient
   receives the same IP address within 3 minutes, then the connection will be maintained.
3. SDL (Secure Domain Logon) is supported in Connect Mode.
4. It is possible to establish a dialup connection from the SecuRemote/SecureClient 
   connect dialog.
5. Remote Access VPN from restricted locations is now enabled. Remote VPN clients
   that are located at sites with limited access to Internet protocols (e.g. enabling only 
   web browsing over HTTP/HTTPS) can now use Visitor Mode (the ability to send VPN traffic
   inside a TCP tunnel).
6. Automatic Path MTU discovery.
7. Client-to-Client encryption - sessions with peers can be encrypted, please contact your
   system administrator for details.


Transparent mode:
Suspend Popup Messages - enables authentication pop-ups to be suppressed, so that 
SecuRemote/SecureClient will not interfere with the user's desktop.
To suspend popup messages, use the Tools menu option, or right click on the systray icon.

Certificates:
1. Internal CA certificates can now be stored on Microsoft CAPI compliant hardware token.
2. Internal CA certificates can now be renewed from SecuRemote/SecureClient menu item 
   Certificate>Check Point Certificates>Renew.


Connectivity troubleshooting
============================
1. Verify that your computer has network connectivity by pinging a website (for example,
   ping www.checkpoint.com). If this fails, contact your ISP or network provider.

2. If your computer is connected to the network via a NAT device, try to set Force UDP
   encapsulation and/or Office mode. 

3. Where certificates are used for authentication, and you cannot establish a VPN connection, 
   you may want to try setting Support IKE over TCP. 

4. If in your current location the enabled outgoing traffic is very limited (enabling mostly
   web browsing over HTTP) you can use Visitor Mode.
   To define Visitor Mode:
	a. Check "Visitor Mode" option,
	   from the menu item Tools>Configure connection profile>Advanced,
	   or by clicking Properties in the Connect window. 
	b. In case of HTTP proxy, define the proxy settings,
           from the menu item Tools>Visitor Mode settings
   NOTE: Visitor Mode availability is depending on your network configuration   


The options, Force UDP encapsulation, Support IKE over TCP and Office mode can be set as follows:

- When working in Transparent mode - from menu item Tools>Advanced IKE Settings.
- When working in Connect mode - 
  from the menu item Tools>Configure connection profile>Advanced,
  or by clicking Properties in the Connect window. 

If the above suggestions fail, please contact your system administrator.


Important Note for Windows XP users
===================================

SecureClient Office Mode does not function when the Windows XP feature "Internet Connection Firewall"
(ICF) is enabled. (Note that ICF is enabled by default when creating a dialup account
in Windows XP).
To disable ICF:
1. Right click on My Network Places on the desktop and select Properties from the popup menu. 
2. Right click on your network connection, and select Properties from the popup menu. 
3. When the Connection Properties dialog box is displayed, click the Advanced tab.
4. Make sure that the Internet Connection Firewall box is unchecked, and click OK. 


Important Note for AOL users
============================
If you experience SecuRemote/SecureClient connectivity problems when using AOL dialer from
outside the USA, please select an access point that supports AOLnet connections, and avoid 
GlobalNet connections. The type of connection, by geographical location, can be viewed at 
http://intlaccess.web.aol.com/ . You can browse to this location by selecting the "Access" 
keyword in your AOL browser.

If AOLnet connections cannot be used, please use MtuAdjust.exe (located in the 
SecuRemote/SecureClient installation directory, under \bin) and reduce the MTU to 800, prior 
to using SecuRemote/SecureClient. MtuAdjust.exe is available for Windows 2000/XP only.