Support Center > Search Results > SecureKnowledge Details
R77.20.75 for Small and Medium Business Appliances
Solution

This article is suitable for Check Point 600 / 700 / 1100 / 1200R / 1400 Small and Medium Business (SMB) Appliances

Table of Contents

  • What's New in Check Point R77.20.75 for SMB Appliances
  • Resolved Issues
  • Downloads
  • Known Limitations
  • Documentation

For more information, see the Check Point 600, Check Point 700, Check Point 1100, Check Point 1200R and Check Point 1400 Appliance Product Pages.
Visit Check Point CheckMates Community and the SMB Forum to ask questions or start a discussion and get our experts assistance.

 

What's New in Check Point R77.20.75 for SMB Appliances

  • New hardware model available for 730/750 and 1430/1450 appliances with a built in ADSL2+/VDSL2 modem

    • VDSL: G.993.1 (VDSL), G.993.2 (VDSL2), G.993.5 (VDSL2 Vectoring), G.998.4 (G.INP)
    • VDSL2 profiles: 8a, 8b, 8c, 8d, 12a, 12b, and 17a
    • ADSL: Annex A (POTS), Annex B (ISDN), G.992.1 (ADSL), G.992.3 (ADSL2), G.992.5 (ADSL2+), Annex M (ADSL2/2+), Annex L Reach-extended (ADSL2)
    • DSL Forum TR-067, TR-100, TR-114 conformity
    • IPoE or PPPoE Internet connection
    • Multiple connections over DSL
    • Static or dynamic IP
    • VDSL over PTM (EFM) with optional VLAN tagging

  • VPN Enhancements

    • Route all traffic via VPN Site-to-Site to an SMB gateway

  • SandBlast Threat Emulation Enhancements

    • E-mails received over POP3 protocol will now be scanned using SandBlast Threat Emulation

  • Support administrator roles via RADIUS server authentication


R77.20.75 for SMB Appliances Resolved Issues

The below table lists R77.20.75 resolved issues:

ID Symptoms
General
SMB-3593,
SMB-3589

An increasing number of "Zombie" processes are presented in the output of ps command.
Zombies are created with a parent process ID which is the process ID of the 'sfwd' daemon. Usually there is 1 "Zombie" process every 24 hours.
SMB-4077

POP3 session disconnects and the next attempt to fetch emails fails when:

  • POP3 AV/TE is enabled in locally-managed mode
  • Email was detected as malicious after more than 400Kb of data have passed to the POP3 client
  • Resolved in build 990172286
SMB-4342 

TCP traffic dropped by the gateway is logged under IPS "TCP Segment Limit Enforcement" log.

  • Resolved in build 990172286
SMB-4417

Cluster configuration fails when using VLAN-associated interfaces.

  • Resolved in build 990172286
SMB-3734  Device crashes if SecureXL is enabled and a network cable connected to a 700/1400/1200R gateway, on an interface which was configured with a tag based VLAN, is unplugged while there is traffic on the interface.
WebUI / GUI
SMB-3424,
SMB-3048		 When the Windows AD has more than 1000 groups, not all the groups can be seen on the SMB appliance outgoing rule/attach the appliance to the AD server. When the Windows AD has more than 500 groups, only 500 groups can be seen on the SMB appliance.
Refer to sk121442.
SMB-3632 In the DHCP settings tab (or DHCP/SLAAC settings in IPv6 mode), when adding any custom DHCP option and save, if you try to edit this local network object again, an "Invalid Input - Unknown Field" error message appears. 
SMB-4688

When creating a custom URL, it appears in the list of custom applications but is not saved. 

  • Resolved in build 990172286
Logging and Monitoring
SMB-3594 In locally managed appliances, when logs are forwarded to an R80.x Log Server / SmartLog, the origin column in the SmartLog / R80.x Log Server shows "myown_obj" instead of the gateway name
SMB-5278

Previously, the ability to export security logs to an external syslog server was only available in locally/SMP managed appliances. It is now possible to export security logs to an external syslog server in centrally managed appliances. The external syslog server is configured in the WebUI and CLI. 

  • Added in build 990172286
Anti-Virus
SMB-3909 Video on demand (VOD) service in YES satellite TV fails to play content when Anti-Virus is configured in Hold mode. 
IPS / User Awareness
SMB-3135 With IPS enabled, in some scenarios a kernel panic or freeze occurred.
This fix prevents that from happening. Specifically the "Adobe Acrobat Reader PDF catalog handling" protection, if enabled, would trigger the issue under certain traffic.
SMB-3946

If User Awareness blade is disabled but Browser-Based authentication is enabled, hosts behind the appliance are unable to reach web sites.
SMP
SMB-3917,
SMB-3916		 The "Test Cloud Services Ports" test tool shows "Unreachable" for some of the ports even when all Cloud services are reachable.
Cluster
SMB-4926 In a cluster, when SFWD process is restarted on the active member (e.g. as a result of RSS limit exceeded), it restarts the kernel sync mechanism, causing the member to failover without need.
VPN
SMB-3542
 The external IP address of the gateway is also part of its local VPN encryption domain by default. This may cause conflicts with IP addresses of peers when the gateway is behind NAT or uses a dynamic Internet Connection IP address.
  • To exclude the external IP of the gateway from the encryption domain, use this Аdvanced setting: "VPN Site to Site global settings - Do not encrypt connections originating from the local gateway".
    For the Permanent VPN Tunnels feature to work properly in this mode, use the Аdvanced setting: "VPN Site to Site global settings - Perform Tunnel Tests using an internal IP address".
01498635 In a locally managed appliance, you can define a remote VPN site and route all traffic through that site. The option to define a remote VPN site that routes all traffic to the gateway itself is not support. 
01571378 In centrally managed appliances, when the appliance takes part in site-to-site VPN with route all traffic, access to SSH and WebUI fails. 
SMB-4604

VPN Site-to-Site connection cannot be established between a centrally managed SMB gateway and an Azure cloud VPN gateway.

  • Resolved in build 990172286
SMB-4390,
SMB-3155 

On SMB gateways with Dynamic IP, it takes a long time to establish a VPN permanent tunnel (DPD) after reboot. 

  • Resolved in build 990172286
SMB-4664

In locally-managed mode, Remote Access users are not able to connect when using a certificate trusted by a CA installed on the gateway. (Degradation from previous versions).

  • Resolved in build 990172286
SMB-3968

Added option to turn off the logging of the IKE key exchange in Advanced Settings -> VPN Site-to-Site global settings -> Successful key exchange tracking.

  • Resolved in build 990172286

 

R77.20.75 for SMB Appliances Downloads

Important: check the MD5 string before installing the downloaded file.

  • Effective June 12th, 2018, build 990172320 of R77.20.75 image has been released for 700/1400 appliances with a fix for SMB-5269

  • Effective May 24th, 2018, build 990172286 of R77.20.75 image has been released

    Download Package 700 Appliance 1400 Appliance 600 Appliance 1100 Appliance 1200R Appliance
    R77.20.75 Image (IMG) (IMG) (IMG) (IMG) (IMG)
    R77.20.75 package for SmartUpdate - For R77.30 SmartUpdate and SmartProvisioing
    (TGZ)    		 - (TGZ) (TGZ)
    For R80.10 SmartUpdate
    (TGZ)

    •  

  • Effective April 15th, 2018, build 990172239 of R77.20.75 image has been released

    Show / Hide the Download Table
    Download Package 700 Appliance 1400 Appliance 600 Appliance 1100 Appliance 1200R Appliance
    R77.20.75 Image (IMG) (IMG) (IMG) (IMG) (IMG)
    R77.20.75 package for SmartUpdate - For R77.30 SmartUpdate and SmartProvisioing
    (TGZ)    		 - (TGZ) (TGZ)
    For R80.10 SmartUpdate
    (TGZ)

Note: To download these packages you will need to have a Software Subscription or Active Support plan.


R77.20.75 for SMB Appliances Known Limitations

The below table lists R77.20.75 known limitations:

ID Symptoms
WebUI
SMB-3644 When finish running the First Time Configuration Wizard, the time that is displayed in the System Information page of the WebUI is 2 hours earlier than the actual time.
SMB-4115 In a centrally managed gateway, when the VPN certificate is pushed from SmartDashboard and used by the SSL Network Extender, the WebUI displays the internal VPN certificate even though it is not in use. 
DSL
SMB-3546 In non-DSL appliances, the 'show diag' CLISH command provides information about DSL-related fields, such as DSL MAC address, DSL firmware version and DSL Annex.
SMB-3545 In a non-DSL appliance, when running the 'add internet-connection interface' CLISH command, the list of suggested interfaces includes DSL even though this interface does not exist.
SMB-3407

In 730/750/1430/1450 VDSL appliances, 'ADSL' is included in the options for the CLISH command 'add internet-connection interface' even though this is not supported in these appliances.

  • Use the DSL option to configure either ADSL or VDSL Internet Connection in this models. 
SMB-3286 In 730/750/1430/1450 appliances, the DSL modes EoA and PPPoA are included in the options for the CLISH command 'set internet connection internet1 type' even though these are not supported. 
SMB-4134 QoS is not supported for DSL interfaces. In centrally managed appliances, it is possible to configure QoS settings in SmartDashboard, but the settings will not be applied. 
QoS
SMB-4149 No logs are generated for QoS rules enforcement.
Wireless
SMB-5269

In R77.20.75 build 990172286, the 5Ghz wireless radio does not work in 770/790/1470/1490 appliances.

  • Resolved in In R77.20.75 build 990172320.

 

R77.20.75 for SMB Appliances Documentation

Release Notes
Check Point R77.20.75 SMB Appliances Release Notes
Administration Guides
Check Point R77.20.75 600/700 Administration Guide
Check Point R77.20.75 1100/1200R/1400 Locally Managed Administration Guide
Check Point R77.20.75 1100/1200R/1400 Centrally Managed Administration Guide
Check Point R77.20.75 600/700/1100/1200R/1400 Appliance CLI Reference Guide
Related Solutions
sk97766 - Check Point 600 / 1100 / 1200R /700 / 1400 Appliances Releases
sk105380 - Check Point R77.20 for 600 / 700 /1100 / 1200R / 1400 Appliance Known Limitations

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment