Support Center > Search Results > SecureKnowledge Details
R77.20.81 for Small and Medium Business Appliances
Solution

This article applies to Check Point 700 / 1200R / 1400 / 910 Small and Medium Business (SMB) Appliances


Table of Contents

  • What's New in Check Point R77.20.81 for SMB Appliances
  • Resolved Issues
  • Downloads
  • Known Limitations
  • Documentation

For more information, see the Check Point 700, Check Point 1200R, Check Point 1400 and Check Point 910 Appliance Product Pages.
Visit Check Point CheckMates Community to ask questions or start a discussion and get our experts assistance.

What's New in Check Point R77.20.81 for SMB Appliances

  • Multi-WAN (FleXi Ports)

    • Ability to configure LAN ports as internet access WAN ports.
  • Blocking Applications and Categories from the SMP

    • Central policy configuration of applications and application categories in Security Management Portal (SMP).
      For details, refer to sk135433.

  • Download CA certificate (Portal) for SSL/TLS inspection

  • Support for new 910 model

The supported appliances are:

  • 700
  • 910
  • 1400
  • 1200R

Important: 600/1100 appliances will continue to be supported with important bug and security fixes. Firmware for 600/1100 appliances will be released as necessary. 

R77.20.81 for SMB Appliances Resolved Issues

The below table lists R77.20.81 resolved issues:

ID Symptoms
General
SMB-6237,
SMB-6080
When you enable VMAC failover mode in a gateway cluster environment and attempt to change the virtual IP configuration, this error message appears on the console: "BUG: scheduling while atomic" The box will go non-responsive until reboot. 
SMB-6038 When you create a numbered VTI through CLI, the VTI interface is created with a subnet mask of 24 instead of 32.
SMB-5744

On locally managed appliances: A log message warns about inconsistencies between policies in a cluster environment: "Synchronization: Inconsistencies exist between policies installed on the cluster members. Please reinstall the policy on the cluster."

  • This message is false and can be disregarded.
SMB-6071,
SMB-5827
Gateway becomes unresponsive during Microsoft Office 365 web install due to memory issues.
SMB-5985,
SMB-5986,
SMB-5583
The serial port baud rate is not restored to the default value after restoring to factory defaults.
Refer to sk135332
SMB-5837 Gateway monitoring via SNMP queries fails due to file descriptor depletion. 
SMB-5957,
SMB-5057
Appliance configuration of Threat Emulation with remote private SandBlast completes successfully but does not take effect when the gateway is restarted. 
SMB-5992,
SMB-5993
Firmware upgrade via WebUI might fail due to a timeout.  
SMB-6592 After installing R77.20.81 firmware on the appliance, the firmware upgrade check fails with this error message: "No valid internet connection."

(Fixed in GA replacement, as well)

SMB-6560

Trial mode starts as soon as the appliance is factory reset even if FTW was not performed. 

SMB-6597 When QoS is configured on a dual internet connection (two Internet connections on a single physical interface), the QoS policy may be applied incorrectly or not applied at all. 
Web Framework
SMB-6207,
SMB-6223
When using the User Awareness blade, if you connect to an Active Directory that contains a '&' character in its NetBios name (pre Windows 2000) (<server&name\username>) and click Discover, the authentication fails. 
Refer to sk135872.
SMB-5903,
SMB-5904,
SMB-5016
When configuring automatic / periodic backup, the backup is not performed in the requested time frame. 
Logging & Monitoring
SMB-5804,
SMB-5792,
SMB-5723,
CP-221
In locally managed SMB appliances: When the remote access VPN port (Visitor mode default port in Advanced Settings) is changed from its default port 443 to any other port, the security logs on the RA-VPN connection remain on the default port 443 instead of the updated port.
VPN
SMB-6063,
SMB-6064
Importing certificates signed by intermediate or sub-CAs fails with "CA certificate for this certificate not found" error. Refer to sk135133.
SMB-6018,
SMB-6033
Selecting "Remote Access Permissions" for a Local User Group does not work. Users are blocked even if they belong to a group with RA permissions. 
SMB-5894 When more then one L2TP user attempts to connect to the gateway and the connection originates behind the same public IP or a router, the L2TP session is overridden and the previous L2TP user is disconnected. 
SMB-5586 A locally managed gateway can establish a VPN tunnel using aggressive mode negotiation (instead of main mode) even if aggressive mode is enabled only on one site. 

 

R77.20.81 for SMB Appliances Downloads

Effective Nov 18, 2018, build 990172541 of R77.20.81 image has been released for 700/900/1400/1200R appliances with 2 fixes: SMB-6592 and SMB-6560. 

Effective Oct 18, 2018, build 990172525 of R77.20.81 image has been released.

Important: check the MD5 string before installing the downloaded file.

Download Package 700 Appliance 910 Appliance 1400 Appliance 1200R Appliance
R77.20.81 Image (IMG) (IMG) (IMG) (IMG)
R77.20.81 package for SmartUpdate - - For R77.30 SmartUpdate and SmartProvisioing
 (TGZ)
 (TGZ)
For R80.x SmartUpdate
 (TGZ)

Note: To download these packages you will need to have a Software Subscription or Active Support plan.

Known Limitations

The below table lists R77.20.81 known limitations:

ID Symptoms
SMB-6358 Multiple WAN interfaces are not supported on 600, 1100, and 1200R appliances.
SMB-6357 SMB appliances can support a maximum of 32 Internet connections.
SMB-6356 Cannot configure an internet connection over a LAN port using the First Time Configuration Wizard. This type of connection can only be configured from the WebUI or CLISH commands after completing the First Time Configuration Wizard. 
SMB-6354 You can only create an Internet connection over a LAN port if the LAN port is not assigned to a network and has no VLANS defined. 
SMB-747 After pulling out the SD card and then re-inserting it in its slot, the SD card LED does not turn on and it is impossible to use the SD card until a system reboot is performed.

Workaround:
Unmount the SD before it is ejected:
  1. In the WebUI, under 'Logs & Monitoring', select 'Security Logs'. 
  2. From the Options menu, select 'Eject SD card safely'. 
SMB-6360 Adding more than one internet connection (WAN port or a LAN port assigned to an internet connection) to a bridge is not supported. 
SMB-6359 Multiple WAN interfaces (assigning LAN ports as WAN interfaces) are not supported for centrally managed gateways 
SMB-6440 Assigning multiple PPPoE Internet connections to a LAN port is currently not supported. Multiple PPPoE Internet connections can only be assigned to WAN/DMZ ports. 
SMB-6436 Multiple WAN interfaces are not supported on 730/750/1430/1450 appliances with boot-loader version 82 or older. For more information see sk138912
SMB-6382 In the WebUI, you cannot configure an Internet connection over a LAN port for IPv4 and IPv6 at the same time. Therefore, an IPv6 Internet connection is currently not supported for the multi WAN feature.
 SMB-6291 When creating an Internet connection on a LAN port, changing the fields of the default MAC address, port speed, and auto-negotiation affects all the external LAN ports and not just the specific LAN port.

 

R77.20.81 for SMB Appliances Documentation

Release Notes
Check Point R77.20.81 SMB Appliances Release Notes
Administration Guides
Check Point R77.20.81 700/900 Administration Guide
Check Point R77.20.81 1200R/1400 Locally Managed Administration Guide
Check Point R77.20.81 1200R/1400 Centrally Managed Administration Guide
Related Solutions
sk97766 - Check Point 600 / 1100 / 1200R / 700 / 1400 / 910 Appliances Releases
sk105380 - Check Point R77.20 for 600 / 700 /1100 / 1200R / 1400 Appliance Known Limitations

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment