R77.20.81 for Small and Medium Business Appliances

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk137212
Technical Level
Product	Quantum Spark Appliances
Version	R77.20 (EOL)
OS	Gaia Embedded
Platform / Model	700, 1400, 1200R, 900
Date Created	24-Oct-2018
Last Modified	17-Aug-2022

Solution

This article applies to Check Point 700 / 1200R / 1400 / 910 Small and Medium Business (SMB) Appliances

Table of Contents

What's New in Check Point R77.20.81 for SMB Appliances
Resolved Issues
Downloads
Known Limitations
Documentation

For more information, see the Check Point 700, Check Point 1200R, Check Point 1400 and Check Point 910 Appliance Product Pages.

Visit Check Point CheckMates Community to ask questions or start a discussion and get our experts assistance.

Important Note: This may not be the latest firmware release. To see the latest firmware release, refer to sk97766.

What's New in Check Point R77.20.81 for SMB Appliances

Multi-WAN (FleXi Ports)
- Ability to configure LAN ports as internet access WAN ports.
Blocking Applications and Categories from the SMP
- Central policy configuration of applications and application categories in Security Management Portal (SMP).
  For details, refer to sk135433.
Download CA certificate (Portal) for SSL/TLS inspection
- Download the gateway CA via the ICA Portal without the need to enter the WebUI (connect from an internal or wireless network]: https://my.firewall/ica or https://Firewall_IP/ica
Support for new 910 model

The supported appliances are:

700
910
1400
1200R

Important: 600/1100 appliances will continue to be supported with important bug and security fixes. Firmware for 600/1100 appliances will be released as necessary.

R77.20.81 for SMB Appliances Resolved Issues

The below table lists R77.20.81 resolved issues:

ID	Symptoms
General
SMB-14401	1200R devices are vulnerable to DNSPooQ on internal (LAN, Wi-Fi) networks. This issue was resolved in Build 990172611.
SMB-6237, SMB-6080	When you enable VMAC failover mode in a gateway cluster environment and attempt to change the virtual IP configuration, this error message appears on the console: "BUG: scheduling while atomic" The box will go non-responsive until reboot.
SMB-6038	When you create a numbered VTI through CLI, the VTI interface is created with a subnet mask of 24 instead of 32.
SMB-5744	On locally managed appliances: A log message warns about inconsistencies between policies in a cluster environment: "Synchronization: Inconsistencies exist between policies installed on the cluster members. Please reinstall the policy on the cluster." This message is false and can be disregarded.
SMB-6071, SMB-5827	Gateway becomes unresponsive during Microsoft Office 365 web install due to memory issues.
SMB-5985, SMB-5986, SMB-5583	The serial port baud rate is not restored to the default value after restoring to factory defaults. Refer to sk135332.
SMB-5837	Gateway monitoring via SNMP queries fails due to file descriptor depletion.
SMB-5957, SMB-5057	Appliance configuration of Threat Emulation with remote private SandBlast completes successfully but does not take effect when the gateway is restarted.
SMB-5992, SMB-5993	Firmware upgrade via WebUI might fail due to a timeout.
SMB-6592	After installing R77.20.81 firmware on the appliance, the firmware upgrade check fails with this error message: "No valid internet connection." (Fixed in GA replacement, as well)
SMB-6560	Trial mode starts as soon as the appliance is factory reset even if FTW was not performed.
SMB-6597	When QoS is configured on a dual internet connection (two Internet connections on a single physical interface), the QoS policy may be applied incorrectly or not applied at all.
Web Framework
SMB-6207, SMB-6223	When using the User Awareness blade, if you connect to an Active Directory that contains a '&' character in its NetBios name (pre Windows 2000) (<server&name\username>) and click Discover, the authentication fails. Refer to sk135872.
SMB-5903, SMB-5904, SMB-5016	When configuring automatic / periodic backup, the backup is not performed in the requested time frame.
Logging & Monitoring
SMB-5804, SMB-5792, SMB-5723, CP-221	In locally managed SMB appliances: When the remote access VPN port (Visitor mode default port in Advanced Settings) is changed from its default port 443 to any other port, the security logs on the RA-VPN connection remain on the default port 443 instead of the updated port.
VPN
SMB-6063, SMB-6064	Importing certificates signed by intermediate or sub-CAs fails with "CA certificate for this certificate not found" error. Refer to sk135133.
SMB-6018, SMB-6033	Selecting "Remote Access Permissions" for a Local User Group does not work. Users are blocked even if they belong to a group with RA permissions.
SMB-5894	When more then one L2TP user attempts to connect to the gateway and the connection originates behind the same public IP or a router, the L2TP session is overridden and the previous L2TP user is disconnected.
SMB-5586	A locally managed gateway can establish a VPN tunnel using aggressive mode negotiation (instead of main mode) even if aggressive mode is enabled only on one site.

R77.20.81 for SMB Appliances Downloads

Effective Nov 18, 2018: Build 990172541 for R77.20.81 image has been released for 700/900/1400/1200R appliances with 2 fixes: SMB-6592 and SMB-6560.

Effective Oct 18, 2018: Build 990172525 for R77.20.81 image has been released.

Effective Aug 18, 2022: Build 990172625 for R77.20.81 image has been released for 1200R appliances.

Important Notes:

Check the MD5 string before installing the downloaded file.
To download these packages you must have a Software Subscription or Active Support plan.

Download Package	700 Appliance	910 Appliance	1400 Appliance	1200R Appliance
R77.20.81 Image	(IMG)	(IMG)	(IMG)	(IMG)
R77.20.81 package for SmartUpdate	-	-	For R77.30 SmartUpdate and SmartProvisioing (TGZ)	(TGZ)
R77.20.81 package for SmartUpdate	-	-	For R80.x SmartUpdate (TGZ)	(TGZ)

Known Limitations

The below table lists R77.20.81 known limitations:

ID	Symptoms
SMB-6358	Multiple WAN interfaces are not supported on 600, 1100, and 1200R appliances.
SMB-6357	SMB appliances can support a maximum of 32 Internet connections.
SMB-6356	Cannot configure an internet connection over a LAN port using the First Time Configuration Wizard. This type of connection can only be configured from the WebUI or CLISH commands after completing the First Time Configuration Wizard.
SMB-6354	You can only create an Internet connection over a LAN port if the LAN port is not assigned to a network and has no VLANS defined.
SMB-747	After pulling out the SD card and then re-inserting it in its slot, the SD card LED does not turn on and it is impossible to use the SD card until a system reboot is performed. Workaround: Unmount the SD before it is ejected: In the WebUI, under 'Logs & Monitoring', select 'Security Logs'. From the Options menu, select 'Eject SD card safely'.
SMB-6360	Adding more than one internet connection (WAN port or a LAN port assigned to an internet connection) to a bridge is not supported.
SMB-6359	Multiple WAN interfaces (assigning LAN ports as WAN interfaces) are not supported for centrally managed gateways
SMB-6440	Assigning multiple PPPoE Internet connections to a LAN port is currently not supported. Multiple PPPoE Internet connections can only be assigned to WAN/DMZ ports.
SMB-6436	Multiple WAN interfaces are not supported on 730/750/1430/1450 appliances with boot-loader version 82 or older. For more information see sk138912.
SMB-6382	In the WebUI, you cannot configure an Internet connection over a LAN port for IPv4 and IPv6 at the same time. Therefore, an IPv6 Internet connection is currently not supported for the multi WAN feature.
SMB-6291	When creating an Internet connection on a LAN port, changing the fields of the default MAC address, port speed, and auto-negotiation affects all the external LAN ports and not just the specific LAN port.
SMB-11163	Gateways configured with multiple Internet connections that are running R77.20.81 firmware (build 990172537 or higher) may experience very high CPU usage. This results in high network latency, possible network outage, and may sometimes make the appliance inaccessible.

R77.20.81 for SMB Appliances Documentation

Release Notes

Check Point R77.20.81 SMB Appliances Release Notes

Administration Guides

Check Point R77.20.81 700/900 Administration Guide

Check Point R77.20.81 1200R/1400 Locally Managed Administration Guide

Check Point R77.20.81 1200R/1400 Centrally Managed Administration Guide