Support Center > Search Results > SecureKnowledge Details
Check Point R75.20 HFA 60 (R75.20.60) for 600 / 1100 Appliance and Security Gateway 80
Solution

Table of Contents

  • What's New in Check Point R75.20 HFA 60 for 600 / 1100 Appliance and Security Gateway 80
  • Check Point R75.20 HFA 60 Downloads
  • Check Point R75.20.x Documentation
  • Check Point R75.20 HFA 60 Enhancements
  • Check Point R75.20 HFA 60 Resolved Issues

 

For more information, see the Check Point 1100 Appliance Product Page and Check Point 600 Appliance Product Page. You can also visit our 2012 Models Security Appliances forum or any other Check Point discussion forum to ask questions and get answers from technical peers and Support experts.

 

What's New in Check Point R75.20 HFA 60 for 600 / 1100 Appliance and Security Gateway 80

  • Allows Check Point 600 Appliance to be managed by SMP R11
  • Added NAT support for non TCP/UDP traffic
  • Performance improvements


Note
: R75.20 HFA 60 should not be installed on appliances connected to Cloud Management.

Check Point R75.20 HFA 60 Downloads

Note: To download these packages you will need to have a Software Subscription or Active Support plan.

 

Check Point R75.20.x Documentation

 

Check Point R75.20 HFA 60 Enhancements

The following enhancements were incorporated into Check Point R75.20 HFA 40 for 600 / 1100 Appliance and Security Gateway 80:

ID Symptoms
Networking
        - Added support for 4G/LTE modem UML290
Configuration
 01206118
  1. Manual NAT rules now support non TCP/UDP traffic (such as ICMP or GRE). In these rules, the source or destination IP address can be translated but not the service (as there are no ports to translate). This enables the administrator, for example, to forward incoming GRE traffic destined for the external IP address of the device to an internal server (for example a PPTP server).

  2. A new PPTP server object has been added. This object lets you define an internal PPTP server with automatic access and NAT rules to enable PPTP (TCP:1723) and GRE (IP:47) traffic to it.
Note: When defining a manual rule to forward GRE traffic to an internal server from the external IP address of the device, or when defining a PPTP server object with forwarding NAT - it is not possible to use a PPTP-Type internet connection (as the device will not be able to distinguish between GRE traffic of the internet connection and GRE traffic intended for the internal server).
01412259 You can configure DHCP Custom Options (for internal interfaces) that override existing DHCP options.


Check Point R75.20 HFA 60 Resolved Issues

The following issues have been resolved with Check Point R75.20 HFA 60 for 600 / 1100 Appliance and Security Gateway 80:

Table of Contents

  • Networking
  • Configuration
  • VPN
  • WebUI
ID Symptoms
Networking
01205298
A system error is shown when creating a NAT rule that uses a forward slash ("/") in the Original Source field.
01338983  Cannot create a route when there is a specific host in the Destination field.
01392478 When you use a server object with a static NAT IP address in the Source or Destination of a Firewall Policy rule, you get an error 351 message. 
Configuration
01380081 In some instances, logs show UTC time and not the configured GMT.
01383863  When defining a server object with static NAT, NAT does not apply to outgoing traffic. 
01375176  The license status in the CLI is not compatible with the license status in the WebUI. 
01364593  In some instances, unnecessary limiting of traffic occurs when Application Control is enabled. 
01402474 Using the pipe character ("|") in DHCP custom configuration options causes an error in clish.
01405719  When several servers are hidden behind a gateway's IP address on different ports, only the first server can be reached. 
01409892  Dynamic objects are not maintained during a firmware upgrade.
01377048 In some instances, following an upgrade of a 600 Appliance to R75.25.50, customers occasionally receive a web server error message. 
01371572 When country is set to Malaysia in Device Details, the only option available for Operation Mode in Wireless-Network / Wireless-Radio is 802.11b (you cannot set 802.11g or 802.11n). 
VPN
01370155 Site to Site VPN with a 3rd party gateway over NAT-T fails on first packet of second phase (IPSec) during IKE negotiation.
WebUI
01405377 In some instances, the status of updates are not visible on the Status Bar.



This solution is about products that are no longer supported and it will not be updated

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment