R77.20.75 for Small and Medium Business Appliances

Support Center > Search Results > SecureKnowledge Details

Solution ID	sk121758
Product	Small and Medium Business Appliances, Branch Office Appliances, Ruggedized Appliances
Version	R77.20
OS	Gaia Embedded
Platform / Model	600, 700, 1100, 1200R, 1400
Date Created	30-Jan-2018
Last Modified	18-Oct-2018

Solution

This article is suitable for Check Point 600 / 700 / 1100 / 1200R / 1400 Small and Medium Business (SMB) Appliances

Table of Contents

What's New in Check Point R77.20.75 for SMB Appliances
Resolved Issues
Downloads
Known Limitations
Documentation

For more information, see the Check Point 600, Check Point 700, Check Point 1100, Check Point 1200R and Check Point 1400 Appliance Product Pages.
Visit Check Point CheckMates Community and the SMB Forum to ask questions or start a discussion and get our experts assistance.

What's New in Check Point R77.20.75 for SMB Appliances

New hardware model available for 730/750 and 1430/1450 appliances with a built in ADSL2+/VDSL2 modem
- VDSL: G.993.1 (VDSL), G.993.2 (VDSL2), G.993.5 (VDSL2 Vectoring), G.998.4 (G.INP)
- VDSL2 profiles: 8a, 8b, 8c, 8d, 12a, 12b, and 17a
- ADSL: Annex A (POTS), Annex B (ISDN), G.992.1 (ADSL), G.992.3 (ADSL2), G.992.5 (ADSL2+), Annex M (ADSL2/2+), Annex L Reach-extended (ADSL2)
- DSL Forum TR-067, TR-100, TR-114 conformity
- IPoE or PPPoE Internet connection
- Multiple connections over DSL
- Static or dynamic IP
- VDSL over PTM (EFM) with optional VLAN tagging
VPN Enhancements
- Route all traffic via VPN Site-to-Site to an SMB gateway
SandBlast Threat Emulation Enhancements
- E-mails received over POP3 protocol will now be scanned using SandBlast Threat Emulation
Support administrator roles via RADIUS server authentication

R77.20.75 for SMB Appliances Resolved Issues

The below table lists R77.20.75 resolved issues:

ID	Symptoms
General
SMB-3593, SMB-3589	An increasing number of "Zombie" processes are presented in the output of ps command. Zombies are created with a parent process ID which is the process ID of the 'sfwd' daemon. Usually there is 1 "Zombie" process every 24 hours.
SMB-4077	POP3 session disconnects and the next attempt to fetch emails fails when: POP3 AV/TE is enabled in locally-managed mode Email was detected as malicious after more than 400Kb of data have passed to the POP3 client Resolved in build 990172286
SMB-4342	TCP traffic dropped by the gateway is logged under IPS "TCP Segment Limit Enforcement" log. Resolved in build 990172286
SMB-4417	Cluster configuration fails when using VLAN-associated interfaces. Resolved in build 990172286
SMB-3734	Device crashes if SecureXL is enabled and a network cable connected to a 700/1400/1200R gateway, on an interface which was configured with a tag based VLAN, is unplugged while there is traffic on the interface.
WebUI / GUI
SMB-3424, SMB-3048	When the Windows AD has more than 1000 groups, not all the groups can be seen on the SMB appliance outgoing rule/attach the appliance to the AD server. When the Windows AD has more than 500 groups, only 500 groups can be seen on the SMB appliance. Refer to sk121442.
SMB-3632	In the DHCP settings tab (or DHCP/SLAAC settings in IPv6 mode), when adding any custom DHCP option and save, if you try to edit this local network object again, an "Invalid Input - Unknown Field" error message appears.
SMB-4688	When creating a custom URL, it appears in the list of custom applications but is not saved. Resolved in build 990172286
Logging and Monitoring
SMB-3594	In locally managed appliances, when logs are forwarded to an R80.x Log Server / SmartLog, the origin column in the SmartLog / R80.x Log Server shows "myown_obj" instead of the gateway name
SMB-5278	Previously, the ability to export security logs to an external syslog server was only available in locally/SMP managed appliances. It is now possible to export security logs to an external syslog server in centrally managed appliances. The external syslog server is configured in the WebUI and CLI. Added in build 990172286
Anti-Virus
SMB-3909	Video on demand (VOD) service in YES satellite TV fails to play content when Anti-Virus is configured in Hold mode.
IPS / User Awareness
SMB-3135	With IPS enabled, in some scenarios a kernel panic or freeze occurred. This fix prevents that from happening. Specifically the "Adobe Acrobat Reader PDF catalog handling" protection, if enabled, would trigger the issue under certain traffic.
SMB-3946	If User Awareness blade is disabled but Browser-Based authentication is enabled, hosts behind the appliance are unable to reach web sites.
SMP
SMB-3917, SMB-3916	The "Test Cloud Services Ports" test tool shows "Unreachable" for some of the ports even when all Cloud services are reachable.
Cluster
SMB-4926	In a cluster, when SFWD process is restarted on the active member (e.g. as a result of RSS limit exceeded), it restarts the kernel sync mechanism, causing the member to failover without need.
VPN
SMB-3542	The external IP address of the gateway is also part of its local VPN encryption domain by default. This may cause conflicts with IP addresses of peers when the gateway is behind NAT or uses a dynamic Internet Connection IP address. To exclude the external IP of the gateway from the encryption domain, use this Аdvanced setting: "VPN Site to Site global settings - Do not encrypt connections originating from the local gateway". For the Permanent VPN Tunnels feature to work properly in this mode, use the Аdvanced setting: "VPN Site to Site global settings - Perform Tunnel Tests using an internal IP address".
01498635	In a locally managed appliance, you can define a remote VPN site and route all traffic through that site. The option to define a remote VPN site that routes all traffic to the gateway itself is not support.
01571378	In centrally managed appliances, when the appliance takes part in site-to-site VPN with route all traffic, access to SSH and WebUI fails.
SMB-4604	VPN Site-to-Site connection cannot be established between a centrally managed SMB gateway and an Azure cloud VPN gateway. Resolved in build 990172286
SMB-4390, SMB-3155	On SMB gateways with Dynamic IP, it takes a long time to establish a VPN permanent tunnel (DPD) after reboot. Resolved in build 990172286
SMB-4664	In locally-managed mode, Remote Access users are not able to connect when using a certificate trusted by a CA installed on the gateway. (Degradation from previous versions). Resolved in build 990172286
SMB-3968	Added option to turn off the logging of the IKE key exchange in Advanced Settings -> VPN Site-to-Site global settings -> Successful key exchange tracking. Resolved in build 990172286

R77.20.75 for SMB Appliances Downloads

Important: check the MD5 string before installing the downloaded file.

Effective June 12th, 2018, build 990172320 of R77.20.75 image has been released for 700/1400 appliances with a fix for SMB-5269

Effective May 24th, 2018, build 990172286 of R77.20.75 image has been released

Download Package	700 Appliance	1400 Appliance	600 Appliance	1100 Appliance	1200R Appliance
R77.20.75 Image	(IMG)	(IMG)	(IMG)	(IMG)	(IMG)
R77.20.75 package for SmartUpdate	-	For R77.30 SmartUpdate and SmartProvisioing (TGZ)	-	(TGZ)	(TGZ)
R77.20.75 package for SmartUpdate	-	For R80.10 SmartUpdate (TGZ)	-	(TGZ)	(TGZ)

Effective April 15th, 2018, build 990172239 of R77.20.75 image has been released

Show / Hide the Download Table

Download Package	700 Appliance	1400 Appliance	600 Appliance	1100 Appliance	1200R Appliance
R77.20.75 Image	(IMG)	(IMG)	(IMG)	(IMG)	(IMG)
R77.20.75 package for SmartUpdate	-	For R77.30 SmartUpdate and SmartProvisioing (TGZ)	-	(TGZ)	(TGZ)
R77.20.75 package for SmartUpdate	-	For R80.10 SmartUpdate (TGZ)	-	(TGZ)	(TGZ)

Note: To download these packages you will need to have a Software Subscription or Active Support plan.

R77.20.75 for SMB Appliances Known Limitations

The below table lists R77.20.75 known limitations:

ID	Symptoms
WebUI
SMB-3644	When finish running the First Time Configuration Wizard, the time that is displayed in the System Information page of the WebUI is 2 hours earlier than the actual time.
SMB-4115	In a centrally managed gateway, when the VPN certificate is pushed from SmartDashboard and used by the SSL Network Extender, the WebUI displays the internal VPN certificate even though it is not in use.
DSL
SMB-3546	In non-DSL appliances, the 'show diag' CLISH command provides information about DSL-related fields, such as DSL MAC address, DSL firmware version and DSL Annex.
SMB-3545	In a non-DSL appliance, when running the 'add internet-connection interface' CLISH command, the list of suggested interfaces includes DSL even though this interface does not exist.
SMB-3407	In 730/750/1430/1450 VDSL appliances, 'ADSL' is included in the options for the CLISH command 'add internet-connection interface' even though this is not supported in these appliances. Use the DSL option to configure either ADSL or VDSL Internet Connection in this models.
SMB-3286	In 730/750/1430/1450 appliances, the DSL modes EoA and PPPoA are included in the options for the CLISH command 'set internet connection internet1 type' even though these are not supported.
SMB-4134	QoS is not supported for DSL interfaces. In centrally managed appliances, it is possible to configure QoS settings in SmartDashboard, but the settings will not be applied.
QoS
SMB-4149	No logs are generated for QoS rules enforcement.
VPN
SMB-5982, SMB-5981	When configuring client to site VPN (Remote Access ) using Endpoint Security VPN toward a 700 Security Gateway installed with R77.20.75, and the interface that accepts the connection is checked as VLAN, passing traffic to the LAN, may cause the appliance to crash.
Wireless
SMB-5269	In R77.20.75 build 990172286, the 5Ghz wireless radio does not work in 770/790/1470/1490 appliances. Resolved in In R77.20.75 build 990172320.

R77.20.75 for SMB Appliances Documentation

Release Notes

Check Point R77.20.75 SMB Appliances Release Notes

Administration Guides

Check Point R77.20.75 600/700 Administration Guide

Check Point R77.20.75 1100/1200R/1400 Locally Managed Administration Guide

Check Point R77.20.75 1100/1200R/1400 Centrally Managed Administration Guide

Check Point R77.20.75 600/700/1100/1200R/1400 Appliance CLI Reference Guide