Support Center > Search Results > SecureKnowledge Details
R77.20.51 for SMB Appliances Resolved Issues
Solution

The following issues have been resolved with Check Point R77.20.51 for 600 / 700 / 1100 / 1200R / 1400 Small and Medium Business (SMB) Appliances.

For more information, see the Check Point R77.20.51 for Small and Medium Business Appliances Home Page, Check Point 600, Check Point 700, Check Point 1100, Check Point 1200R and Check Point 1400 Appliance Product Pages.
You can also visit our 2012 Models Security Appliances forum, Small and Medium Business Appliances forum or any other Check Point discussion forum to ask questions and get answers from technical peers and Support experts.

Table of Contents

  • General
  • Firmware Upgrades
  • WebUI
  • Command Line Interface (CLI)
  • VPN
  • IPS
  • Threat Emulation
  • Anti-Malware
  • Reports
  • DHCP
  • QoS
  • Dynamic Routing
  • Logging and Monitoring
  • Security Management Portal (SMP)
  • SNMP
  • NAT
  • Internet Traffic and Connectivity
  • VoIP
  • Radius Authentication

 

ID Symptoms
General
02437367 In centrally managed appliances, configuring a VIP mask of 255.255.255.255 on a cluster interface can cause high CPU.
02350690 Centrally managed appliances located behind a proxy do not use the proxy configuration set in SmartDashboard to check the cloud for new firmware. 
02393879 In 700/1400/1200R appliances, multicast packets are not forwarded on a bridge interface. 
Firmware Upgrades
02379123  It is not possible to upgrade from R75.x based firmwares to R77.20.51.
WebUI
02380066 In the Web Administration portal, an incorrect error message which states that allowed characters are "A-F" appears for device name, even though all alphanumerical characters are allowed.
02433216 When the gateway is configured to use multiple Internet connections, accessing the administration portal WebUI from external interfaces sometimes fails.
02363999 The WebUI becomes inaccessible due to incorrect handling of a session timeout.
Command Line Interface (CLI)
02302362  Output of the cpsat ha -f all command shows the status of some VLAN interfaces as Partially up (scenario 2 in sk106488).
01317473  The fgate command is not available from the CLISH interface and requires Expert mode.
VPN
02355091 When there is no Internet connectivity during boot, Tunnel Test packets for VPN tunnel monitoring may not be sent.
01936521  VPN Remote Access through L2TP to a gateway with multiple ISP Internet connections, or to a cluster, sometimes fails.
02417439 When using VPN site-to-site with an LSV peer, SAs are not deleted properly upon Internet connection failover. 
02411479 In locally managed devices, if you have a VPN site-to-site with a cluster gateway, an ESP packet sent with a non-VIP source can cause the VPN tunnel to go down. 
02379544 An attempt to route all traffic to a remote VPN site configured with the hostname, fails.
02363997 VoIP over VPN does not work when PBX is behind the appliance.
02281455 When IKEv2 is configured, VPN has a high memory usage.
02015190 SNMP monitoring of the VPN tunnel state sometimes provides invalid data.
IPS
02361144 Several IPS attacks appear in the logs and reports, but not in the local monitoring page.
02370933 In locally managed appliances, the Block page does not provide a link to report an incorrect classification.
Threat Emulation
- Threat Emulation is supported starting in R77.20.51 for the 700 / 1400 appliance series and the 1200R appliance.
Threat Emulation is not supported on the 600/1100 appliances.
02403653
Files are emulated even though their MD5 is added as 'Exception' to Threat Prevention policy. Refer to sk109438.
Anti-Malware
02397048 In locally managed appliances, when the Anti-Spam blade is enabled, the UI does not validate proper strings for the domain allow/block list. The strings must start with the "@" character.
02281718 Running cpstop while the Anti-Malware blade is active can cause the system to crash.
02393880 "Invalid format for domain or email" error in Gaia Portal of SMB appliance when adding a Top-Level Domain to the Anti-Spam Block List. Refer to sk114638.
Reports
02399902 Monthly reports from a specific gateway connected to the SMP are sometimes sent twice.
DHCP
02431134 DHCP connections that pass through a configured bridge interface in the appliance, may be dropped.
QoS
02398633 When defining a Tag based VLAN external connection and activate QoS, the bandwidth limit is not always enforced.
Dynamic Routing
02364967 BGP routes that were previously reachable are still advertised to BGP peers on ClusterXL when the switch goes down, even though those routes are no longer reachable.
02364972 BGP routes sometimes do not send out the correct community attributes.
02364970 Some advertised eBGP routes are sent with the original nexthop instead of the configured nexthop in the routemap. 
Logging and Monitoring
02437866 Configuring site-to-site VPN to use SHA-384, can cause corruption of the data shown in local reports.
02434086 Periodic reports sent from a gateway connected to the SMP are sent at a different time of day each day.
02221075 Sending logs to the Log server stops after the HA Internet connection failover and resumes after 15-30 minutes.
02410927 In 700/1400 appliances, using the cpstat os -f multi_disk CLISH command or SNMP OID .1.3.6.1.4.1.2620.1.6.7.6.1 to monitor partition sizes does not provide the necessary data.
02398674 Reports that contain Japanese characters are sometimes not sent from a specific gateway that is connected to the SMP. 
Security Management Portal (SMP)
02165912 Failure to resolve the SMP hostname shows a misleading error message: "Could not reach Cloud Services (missing registration data)"
02392344 When managed by SMP, site-to-site VPN on a gateway that uses dynamically allocated IP addresses sometimes fails to use a locally configured certificate. 
SNMP
02356921 SNMP OID 1.3.6.1.4.1.2620.1.1.27.1.3 returns integer values instead of IP addresses.
NAT
02409938 A host configured as accessible via NAT behind a gateway may sometimes experience momentary random outages for a few seconds.
Internet Traffic and Connectivity
02405088 In locally managed devices, a manual local encryption domain configuration may cause web/SSH traffic to be blocked when no VPN sites are defined.
02364423 In 700/1400/1200R appliances, the MSS clamping configuration causes SSH/WebUI connectivity issues because of bad TCP checksum. 
02355723 In 600/1100 applliances, the PPPoE Internet connection is sometimes incorrectly reported as disconnected: "WAN cable disconnected" or "Waiting for previous connection to terminate."
VoIP
02016540 VoIP SIP traffic experiences connectivity issues when the device internal network is hidden behind an external IP address. 
Radius Authentication
02457458 Permissions for Radius users groups are not supported.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment