Support Center > Search Results > SecureKnowledge Details
R77.20.20 for Small and Medium Business Appliances Known Limitations Technical Level

This article lists all of the Check Point R77.20.20 for 600 / 700 / 1100 / 1200R / 1400 Small and Medium Business (SMB) Appliances specific known limitations

This is a live document that may be updated without special notice. We recommend registering to our weekly updates in order to stay up to date. To register go to UserCenter > ASSETS / INFO > My Subscriptions.

For more information, see the Check Point R77.20.20 for Small and Medium Business Appliances Home Page, Check Point R77.20.20 for Small and Medium Business Appliances Resolved Issues, Check Point 700 Appliances Product Page and Check Point 1400 Appliance Product Page.
You can also visit our 2012 Models Security Appliances forum or any other Check Point discussion forum to ask questions and get answers from technical peers and Support experts.

Table of Contents

  • Hardware and Configuration
  • Networking
  • Wireless
  • Logging
  • Multi-Domain Management Server
  • SmartProvisioning
  • WebUI
  • VPN
ID Symptoms
Hardware and Configuration
- In 600 / 1100 / 1200R / 700 appliances, any change to the MTU setting on any LAN port will be implemented on all other LAN ports.
- In 600 / 1100 appliances, the DMZ port shares the global MTU with the LAN ports. 
01999780 If a cable is connected to the serial console in the 770 / 790 / 1470 / 1490 appliances, a wide USB stick might not connect well. Use the front USB or a USB extension cord in this case. 
02008258 Reimaging of the 770 / 790 / 1470 / 1490 appliance by TFTP method can only be done through the DMZ port. 
02015436 Rack mount installation requires the removal of the rubber feet on the appliance.
02001273 If cables are connected to both the SFP and copper ports of DMZ, after reboot, the LED may incorrectly indicate traffic passes through the copper port instead of the SFP port. 
02024712 The Factory Default reset button does not work on the 1100 and 600 appliances. To reset the appliance to factory default use the WEB local management, the Clish or the Uboot menu when connected with a console. 

On 770 / 790 / 1470 / 1490 appliances, burning a new firmware via USB2 when SD or USB1 ports are also in use, results in the following error after reboot: 

Error: cannot open image file /mnt/usb3/<image name>.
Image verification failed
Appliance was not configured yet - Checking Zero Touch service... 

Workaround: when burning a new firmware, use the USB1 port

After frequent reboots, some ISP connections can take up to several minutes to be established.
1973308 "An internal error has occurred while accessing the database" message is shown when the accumulative number of local networks (virtual switch, tag based VLANs and virtual wireless access points) exceeds 32.
01973498 Limit of the total number of VAPs + Switches (Ports-based VLANs) + Tag-based VLANs + VTIs + Loopback interfaces in R77.20.20 appliances:
  • 730 / 750 / 1430/ 1450 appliances: 26 
  • 770 / 790 / 1470/ 1490 appliances: 16
- The ethtool command is not supported on the 770 / 790 / 1490 / 1470 appliances on WAN and all LAN ports.
 - Alias IP configuration is not supported on any of the SMB appliances.
In the 770/790 and 1470/1490 appliances: When creating a single network between 2 wireless networks on different WiFi bands, a bridge configuration is required.
01953356 The CLI command "set wlan radio operation-mode" to set up wireless radio in the 600/1100 appliances shows the option to select 5GHz operation modes. These operation modes are not supported in these appliances and should not be selected. In addiiton, any channel over 14 is not relevant for the supported 2.4GHz operation modes. 
01965802 Syslog over TLS is not supported when redirecting security logs to the syslog server.
01964316 Maximum of 8 external syslog servers is supported.
SMB-1935 Security logs can be exported to an external syslog server only in locally/SMP managed appliances. 
Multi-Domain Management Server
01630970  Multiple Global assignments are inserted into a queue. Only 5 tasks run at the same time. 

Relevant only for R77.30: When 1400 appliances are centrally managed by SmartProvisioning and SmartUpdate, the gateways must be configured as 1100 appliances. The 1430/1450 appliances ignore settings for LAN7 and LAN8. In 1470/1490 appliances, you can not configure settings for LAN9 and higher through R77.30 SmartProvisioning. You can not configure 5GHz wireless networks through R77.30 SmartProvisioning.

To use SmartProvisioning and SmartUpdate with 1400 appliances, you must use the firmware upgrade package CP1400AS1100* if the Management version is R77.30. If you do not use the CP1400AS1100, you can not select the package in the view.

Refer to sk111292.

02005233 "404 Not Found" error may appear when the user clicks on the Online Help page for "Security Management" in a locally managed 1470/1490 appliance.
02106220 Changing the value of "VPN Remote Access - Endpoint Connect re-authentication timeout" parameter on Locally Managed SMB appliance does not have any affect on Check Point Mobile VPN / Capsule Connect / Capsule VPN client once Client-to-Site VPN connection is established.
Refer to sk112574.
SMB-7421 If an authenticated user connected through VPN capsule (mobile application client for Android/iOS) disconnects, that user is still shown on the "Remote Access active connected users" page until the authentication times out.

Give us Feedback
Please rate this document