Support Center > Search Results > SecureKnowledge Details
R77.20.60 for SMB Appliances Resolved Issues Technical Level

The following issues have been resolved with Check Point R77.20.60 for 600 / 700 / 1100 / 1200R / 1400 Small and Medium Business (SMB) Appliances.

For more information, see the Check Point R77.20.60 for Small and Medium Business Appliances Home Page, Check Point 600, Check Point 700, Check Point 1100, Check Point 1200R and Check Point 1400 Appliance Product Pages.
You can also visit our 2012 Models Security Appliances forum, Small and Medium Business Appliances forum or any other Check Point discussion forum to ask questions and get answers from technical peers and Support experts.

Table of Contents

  • Firewall
  • Anti-Virus / Anti-Spam
  • Application Control & URL Filtering
  • IPS
  • VPN
  • Cluster
  • Connectivity
  • QoS
  • Logging and Monitoring
  • SmartProvisioning
  • SmartDashboard
  • WebUI
  • Command Line Interface (CLI)
  • User Authentication
  • Firmware and Configuration
  • NAT
ID Symptoms
SMB-1089 Syslogs are sometimes not sent after a firmware upgrade.
After configuring, Netflow interface numbers are shown as 0. 
Undefined dynamic objects cause traffic to be dropped when attempting a match in the firewall Rule Base instead of treating them as empty lists. 
Anti-Virus / Anti-Spam
SMB-2800 Fixed in Build 990171684: On locally managed appliances, POP3 connections sometimes fail when using the Anti-Virus or Anti-Spam blades with a bridged interface.
Anti-Virus incidents over POP3 traffic are not counted correctly in the security reports.
Refer to sk115993
SMB-1612 An incorrect "bypassed (General Error)" log may appear in addition to the correct log when content-based Anti-Spam is activated over POP3 traffic and a large email is blocked by the "Blocked senders" configuration.
Application Control & URL Filtering
SMB-1713 Offline license activation for Application Control requires at least one successful entitlement check against the User Center. This means that a device which is completely offline cannot be activated.
Fixed in Build 990171652: In locally managed appliances, rules based on certificate categorization for HTTPS traffic may not be enforced when attempting to access the same site more than once (after being initially blocked), due to certificate caching made by some browsers.
On 1490 appliances, policy installation with all blades active and a full recommended/optimized IPS policy may fail. 
SMB-2927 Fixed in Build 990171684: The default profile is deleted if you set a custom VPN Encryption profile. 
In 700/1400 series gateways, incoming traffic through a VPN tunnel whose destination is the gateway itself is sometimes dropped due to an incorrect checksum. 
Tag-based VLAN traffic through a bridge is dropped. 
Locally managed appliances sometimes fail to send traffic from the gateway through a VPN tunnel if the internal IP address (part of the encryption domain) is not used as a source.
  • Resolution: advanced setting available in R77.20.60. 
SMB-2124 Fixed in Build 990171652: In the "VPN Tunnels" monitoring page, when resetting the tunnel, the IP addresses may be displayed incorrectly.
SMB-2694 Fixed in Build 990171684: In a centrally managed cluster, SIC communications between the Security Management server and the cluster members, and between cluster members, fail after the CRL caching timeout (24 hours).
In 770/790/1470/1490 appliances, VMAC configuration for ClusterXL failover does not work correctly. 
SMB-2256 Fixed in Build 990171684: Various connectivity and stability issues may result when using multiple internet connections for High Availability or Load Sharing. 
Connectivity problem when tag-based VLAN is configured as an internet connection and QoS is configured on the same interface. 
Logging and Monitoring
In centrally managed appliances: after configuration changes where an administrator can locally override the IP address of a log server, the device sometimes continues to send logs based on the previous configuration and the log buffer becomes full. 
Security reports produced for gateways that handle traffic using "monitor mode" configured on local interfaces sometimes create incorrect data.
SMB-1705 The "Push Dynamic Objects" command in SmartProvisioning fails randomly. 
SMB-1677 In Small Office appliances whose management supports IPv6, a manual "Get topology" configuration sometimes shows IPv6 addresses for interfaces even when the gateway is in IPv4-only mode.
  • Best Practice: use the "automatic topology" configuration to avoid the need to use manual "get topology" in each topology change.
SMB-3003 Fixed in Build 990171684: When attempting to add a remote access VPN user from the AD server, the "Apply" button cannot be clicked.
SMB-515 An unsupported search using Japanese characters causes the WebUI session to fail. 
SMB-1419 Several tables in the web administration portal, such as the "Network Objects" table, cannot be sorted according to IP address.
Command Line Interface (CLI)
Adding a Virtual Tunnel interface (VTI) via the CLISH command "add vpn tunnel" fails with an "Invalid IP address" message. 
SMB-2186 Fixed in Build 990171652: In IPv6 mode, you can only configure a bridge to the internet through the WebUI, and not CLISH.
User Authentication
SMB-1017 A gateway sends one of its local network IP address as its NAS-IP field to the RADIUS server without the ability to control this field.
  • Use the advanced CLISH command: "set global-radius-conf nas-ip-address"
SMB-2723 Resolved in Build 990171654: Permissions for RADIUS users groups are not supported when connecting via SSH. 
Firmware and Configuration
The time is incorrect when using the GMT+7 Novosibirsk timezone.
SMB-2449 Fixed in Build 990171652: Creating a manual NAT rule with a server object in the Access Policy > NAT page may cause NAT failure.

Give us Feedback
Please rate this document