Support Center > Search Results > SecureKnowledge Details
R77.20.51 for Small and Medium Business Appliances Technical Level
Solution

This article is suitable for Check Point 600 / 700 / 1100 / 1200R / 1400 Small and Medium Business (SMB) Appliances

Table of Contents

  • What's New in Check Point R77.20.51 for SMB Appliances
  • Resolved Issues
  • Downloads
  • Known Limitations
  • Documentation    

For more information, see the Check Point 600, Check Point 700, Check Point 1100, Check Point 1200R and Check Point 1400 Appliance Product Pages.

You can also visit our 2012 Models Security Appliances forum, Small and Medium Business Appliances forum or any other Check Point discussion forum to ask questions and get answers from technical peers and Support experts.

Important Note: This may not be the latest firmware release. To see the latest firmware release, refer to sk97766.

What's New in Check Point R77.20.51 for SMB Appliances Appliances

    • SandBlast Zero-day Protection Threat Emulation  

      • Support Threat Emulation blade for 700 / 1400 / 1200R Appliances
      • For Locally Managed Appliances, files are emulated in Check Point Threat Cloud
      • For Centrally Managed appliances, files are emulated in Check Point Threat Cloud or in a remote SandBlast appliance
      • Support for Centrally managed Appliances in R77.30 Security Management Server requires HotFix (refer to sk117113), and is available on R80.10 Security Management Server
        Note: Threat Emulation Blade requires additional license (refer to the Products DataSheets or Product Catalog for SKU details)


    • VPN Dead Peer Detection

      Dead Peer Detection (DPD) is an additional keepalive mechanism supported by the Check Point Security Gateway to test if VPN tunnels are active.

    • Split DNS (On Centrally Managed)  

      Support configuration of two (or more) zones for the same domain. Each zone can be resolved by a separate DNS server. 

    • Exclude Specific Networks from DNS proxy

    • View and Disconnect Users Connected via Hotspot
    • MAC override for local network interfaces on 700/1400 appliances 

    • SSL Network Extender connection requires an Extender upgrade to support TLS 1.2. See sk115854 for instruction 


    R77.20.51 for SMB Appliances Resolved Issues

    For the list of issues resolved in R77.20.51, refer to Check Point R77.20.51 for SMB Appliances Resolved Issues.

     

    R77.20.51 for SMB Appliances Downloads

    Important: check the MD5 string before installing the downloaded file.

    Download Package 700 Appliance 1400 Appliance 600 Appliance 1100 Appliance 1200R Appliance
    R77.20.51 Image (IMG) (IMG) (IMG) (IMG) (IMG)
    R77.20.51 package for SmartUpdate - For R77.30 SmartUpdate
    (TGZ)    		 - (TGZ) (TGZ)
    For R80 SmartUpdate
    (TGZ)

    Note: To download these packages you will need to have a Software Subscription or Active Support plan.


    R77.20.51 for SMB Appliances Known Limitations

    ID Symptoms
    Threat Emulation
    02407978 In locally managed appliances, it is not possible to create a Threat Prevention exception rule that applies only to the Threat Emulation blade.
    02431813 When running the tecli show statistics command, under "Last Day", the data is from the beginning of the day and not the last 24 hours in a rotating calculation.
    02421870 Threat Emulation is included in the Threat Prevention profile. However, the Threat Emulation engine results are not affected by the confidence level settings. If you set the tracking options for the confidence level to inactive, this does not affect the Threat Emulation logs. 
    02410874  In Small and Mediurm Business Appliances, the configuration of "fail close" behavior when the emulation fails cannot be applied when the engine settings are set to "background" mode, as the file already passed during the emulation attempt.
    02417673 Use Threat Emulation only if your device internet connection has enough bandwidth to upload files to the SandBlast emulation in the cloud. We do not recommend you use Threat Emulation if your internet connection has slow upload speeds such as those found in 3G modems.
    02444614 The options for the CLISH command "tecli a" are not supported.
    02397066 Small Office appliances send archived files in full to the cloud, where they are unzipped to test their content. Logs for archived files will not detail the content of the archive. 
    02397042  Local emulation mode is not supported in Small Office appliances. See sk106210 for specific Check Point appliances that are recommended for local emulation. 
    02397047  In Centrally managed appliances, the MTA configuration is not available. Therefore, when the device is set to prevent, emails over SMTP traffic might not be blocked when passing for the first time, as there is a very limited amount of time the connection can be held until the cloud provides an answer post-emulation.
    If a device passes for the second time, there's local cache on both the gateway side the cloud side who gains data from files passed to it from around the world. 
    02414088 The maximum file size that can be inspected by the Threat Emulation blade in 770/790/1470/1490 appliances is 15M.
    The maximum file size that can be inspected by the Threat Emulation blade in 1200R/730/750/1430/1450 appliances is 10M. 
    02452918 If you perform simultaneous emulation on multiple files, you may exceed the available space. This results in emulation failure with the log "failed to process a file." This is less likely to occur on the more powerful 770/790/1470/1490 appliances due to the larger file storage size.
    VPN Remote Access
    02427882 The default VPN Remote Access cryptography protocol is TLSv1.2. You cannot use Check Point VPN clients prior to EPS E80.62 unless the configuration is altered manually.
    See sk115775 for information on how to change the default protocol.

     

    R77.20.51 for SMB Appliances Documentation

    Release Notes
    Check Point R77.20.51 Release Notes
    Administration Guides
    Check Point R77.20.51 600/700 Administration Guide
    Check Point R77.20.51 1100/1200R/1400 Locally Managed Administration Guide
    Check Point R77.20.51 1100/1200R/1400 Centrally Managed Administration Guide
    Check Point R77.20.51 600/700/1100/1200R/1400 CLI and Advanced Routing Guide
    Japanese R77.20.51 600/700 Administration Guide
    Related Solutions
    sk97766 - Check Point 600 / 1100 / 1200R /700 / 1400 Appliances Releases
    sk105380 - Check Point R77.20 for 600 / 700 /1100 / 1200R / 1400 Appliance Known Limitations
    Applies To:
    • This solution supersedes the R77.20.50 firmware.

    Give us Feedback
    Please rate this document
    [1=Worst,5=Best]
    Comment