Support Center > Search Results > SecureKnowledge Details
Check Point R77.20 HFA 10 (R77.20.10) for 600 / 1100 / 1200R Appliance Resolved Issues Technical Level
Solution

The following issues have been resolved with Check Point R77.20 HFA 10 for 600 / 1100 / 1200R Appliance:

Table of Contents

  • General
  • Upgrade
  • Networking
  • NAT
  • VPN
  • WebUI
  • SecureXL
  • ClusterXL
  • Dynamic Routing
  • Reports
  • IPS
  • Anti-Virus
  • Logging
  • SmartProvisioning
  • Identity Awareness

 

ID Symptoms
General
01620651 When you reboot after a high traffic load through the gateway, the CPU idle does not recover and stays at 0% idle.
01778320 Gateway might crash in some scenarios when inspecting H.323 traffic. Refer to sk107184.
Upgrade
01681962 When upgrading from version R75.20.60 or lower to R77.20, the Anti-Bot license in locally managed appliances is shown as inactive in the WebUI.
Networking
01675365 In 1200R appliances, for deployments that use a bridge, when you click Get Topology in SmartDashboard, the gateway also shows the brX interface. Ignore the brX interface and we recommend that you delete it.
01779796, 01782611, 01780458, 01782994, 01781560, 01749108, 01749088 Long connections with many HTTP sessions, that transfer files to the server and back, cause a high memory consumption.
01687181, 01695020 HTTPS traffic that is assigned the hold configuration sometimes drops big URLs.
01463675 If more than 1024 individual users are reserved an IP address in the ipassignment.conf file, they may not receive their assigned address, and will instead get an address from the general pool.
01517463, 01517185 600 / 1100 appliance fails to connect to Cloud Services Server with log "Web server error ... attempt to perform arithmetic on local 'hbInterval' (a nil value)". Refer to sk103497.
01656126, 01481770, 01490698 When there are two bridges in the system - one for a LAN and one for the Internet - Web browsing fails.
01664588 When the WAN Internet connection is configured as PPPoE, an anti-spoofing warning appears in SmartView Tracker. You can safely ignore the warning.
01803277 When the WAN Internet connection is configured as PPPoE, an Anti-Spoofing warning appears in SmartView Tracker. You can safely ignore the warning.
01679176 In the local networks page in the local WebUI, the status of a wireless network for wireless appliances shows as UP even if the wireless radio is off.
NAT
01696905 Incoming connections to a server NATed behind the Locally Managed 600 / 1100 appliance are rejected. Refer to sk106580.
01695016 The NAT behind the external bridge fails because the LocalMachine_External_Interfaces property is not updated correctly.
01429214 The local IP address is used in Hide NAT on a cluster environment instead of the VIP when there is accelerated traffic (ftp, telnet, http). Refer to sk108153.
VPN
01581375, 01581810, 01656147 The VPN Tunnel page in the WebUI sometimes is stuck on Loading, which can cause functionality issues.
01455936, 01654750 Authentication to SSL VPN / CheckPoint Mobile VPN with 3rd party certificate fails. Refer to sk33319.
01689598, 01689635 In the Security Management Portal (SMP), in the Trusted CAs page, Certificate Authority (CA) objects that should not be allowed to be edited, can be edited.
01717741 When you connect to the appliance with Remote Access VPN, the appliance only uses the default internal certificate.
01663162 When using Aggressive mode with peer ID in VPN site to site in locally managed appliances, the VPN Remote Access bladed must be turned on (even if no users are defined with remote access privileges).
01663202 The combined use of IKEv2 and aggressive mode is not supported.
01723265 The VPN does not work reliably when failover happens from one Gateway interface to another, and the traffic is not TCP or UDP.
WebUI
01511583 Certificate for the appliance WebUI is signed with SHA-1 instead of the newer SHA-256.
01667323 The Identity Awareness portal sometimes does not show correctly in a Chrome browser. Refer to sk106125.
01675566 In locally managed appliances, in the Threat Prevention Exception page -> Malware Exceptions section, if the "Scope" field is not configured to "Any" it may result in the exception not being matched.
01645183 When customizing the Terms of Use for a Hotspot, only 8K characters are allowed.
01709828 In the First time Configuration Wizard, the password maximum length was 32 characters. It is now 256 characters.
SecureXL
01687743 When SecureXL is enabled on 1200R appliances, sometimes traffic on VLAN interfaces is blocked.
ClusterXL
01679081 In deployments that use centrally managed appliances, if you use a Threat Prevention rule and the "install on" column includes a cluster object of 1100 or 1200R gateways. Refer to sk106367.
Dynamic Routing
01601293, 01545720, 01601468 For locally managed appliances, when dynamic routing is configured on the gateway, sometimes the route is missing.
Reports
01687556, 01688308 3D reports may show that more data passed through the appliance than actually did, especially for RDP traffic.
IPS
01578807, 01627049, 01629010, 01571753, 01634746, 01600189, 01654753 The IPS protection "Non compliant HTTP" drops a valid HTTP reply containing an empty zip file.
Anti-Virus
01460428 The Anti-Virus engine supports these protocols only: HTTP, SMTP, and POP3. FTP is not supported.
Logging
01628654 In locally managed appliances, multiple logs from different blades' engines can be shown for a single event (specifically Anti-Bot, Anti-Virus, and Application Control).
SmartProvisioning
01702223,
01701981
In SmartProvisioning, running the "Push Dynamic Objects" operation when there is NAT rule in the Policy, which includes a dynamic object, causes a loss of connectivity to the appliance.
Identity Awareness
01707911, 01504506, 01376945, 01690819, 01688505, 01585397, 01688636, 01531342, 01705586, 01690816, 01706262, 01381372 There are memory leaks in a process related to AD queries.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment