Support Center > Search Results > SecureKnowledge Details
R77.20.85 for Small and Medium Business Appliances Technical Level

This article applies to Check Point 700 / 1400 / 910 Small and Medium Business (SMB) Appliances. 

Table of Contents

  • What's New in Check Point R77.20.85 for SMB Appliances
  • Supported Appliances
  • Enhancements
  • Resolved Issues
  • Downloads
  • Known Limitations
  • Documentation

For more information, refer to the following Product Pages: Check Point 700Check Point 1400 and Check Point 910.

Visit Check Point CheckMates Community to ask questions, start a discussion, and get expert assistance.

Important Note: This may not be the latest firmware release. To see the latest firmware release, refer to sk97766.

What's New in Check Point R77.20.85 for SMB Appliances

    • IPS, Anti-Virus and Threat Emulation inspection for IMAP and IMAPS e-mail protocols

    • Events View
        • Infected host in the network
        • Malicious file detected\prevented
        • Malicious email detected\prevented
        • Internet High Availability - Failover/Restore
        • License notifications – about to expire/expired/reactivated
        • Reboot
        • New device in the network
        • New firmware available
    • VPN Remote Access connected users view

  • New SD card files system
    • Support ext4 as a default SD-card file system to increase work reliability with SD card

R77.20.85 Supported Appliances

The supported appliances are:

  • 700
  • 910
  • 1400

Important: 600/1100/1200R appliances will continue to be supported with important bug and security fixes. Firmware for 600/1100/1200R appliances will be released as necessary.

    R77.20.85 Enhancements

    The table below lists R77.20.85 Enhancements:

    ID Description
    SMB-6608 New Advanced option to avoid packet drop of applications that have a low TTL value.
    SMB-5377 In centrally managed appliances, security logs can be exported to an external syslog server.
    SMB-5578 The 'show diag' command shows the secondary and default image name/version in addition to the current one.
    SMB-5750 Added an option to monitor all internet connections with software watchdog. This option was previously available only with a USB based internet connection.


    R77.20.85 Resolved Issues

    The table below lists R77.20.85 Resolved Issues:

    ID Description
    SMB-6480 On locally managed SMB appliances, configuring a cluster with 2 or more VLANs and syncing the secondary member causes all interfaces to appear as "non HA."
    SMB-6500 When working with multiple ISPs in High Availability mode and there is a static route for the host/service through a non-primary interface, when you enable HTTPS inspection, the route is ignored and all traffic passes through the primary interface.

    Timezone for users in Brazil is incorrect due to the changed start of Daylight Savings. 

      SMB-6791 Access to HTTPS sites signed by specific trusted root CAs may fail when SSL inspection is enabled.
      SMB-6597 High CPU load and excessive logs may occur when two PPP Internet connections are configured on a single DSL interface with QoS configured on both connections, and both connections have difficulties due to the DSL line quality.
      Editing a bridged internet connection in the Local Network tab deletes the internet connection. Refer to sk144732.
      SMB-7402 The user receives a false Non-Compliant DNS logs error message (illegal EDNS0 RR) due to an Illegal Resource Record format in the debug and Bad Resource Record format. This results in dropped legitimate DNS queries (DNS flag day compliance).
      SMB-7442 Gateways configured with multiple Internet connections that are running R77.20.85 (build 990172731) firmware may experience very high CPU usage, which results in high network latency, possible network outage, and may sometimes make the appliance inaccessible.
      SMB-7982 In HFA version R77.20.85, with build numbers lower than 990172755, when HTTPS inspection is enabled in the policy, memory consumption may increase gradually until available memory is depleted, causing a network outage. 
      SMB-8415, SMB-8456 VLAN tags are removed when passed through bridge interfaces.
      SMB-8487 If a PPPoE connection is defined over the WAN, a PADT frame is not sent to the connected peer before the connection is disabled or deleted.
      SMB-6832 Firmware upgrade to R77.20.85 does not succeed when an external syslog server is configured.
      SMB-6763 Attempting to add a bridge through the CLI using the command "> add bridge name br0" fails.
      SMB-6808 In 1400 appliances: Adding a switch with high ports (ports LAN10-LAN16) via CLI creates the switch with the wrong pivot port.


      R77.20.85 for SMB Appliances Downloads

      Effective 05 March 2019: Build 990172755 for R77.20.85 image has been released for 700/900/1400 Appliances. 

      Effective 11 February 2019: Build 990172751 for R77.20.85 image has been released for 700/900/1400 appliances. 

      Important: check the MD5 string before installing the downloaded file.

      Download Package 700 Appliance 910 Appliance 1400 Appliance
      R77.20.85 Image (IMG) (IMG) (IMG)
      R77.20.85 package for SmartUpdate - - For R77.30 SmartUpdate and SmartProvisioing
      For R80.x SmartUpdate

      Note: To download these packages you will need to have a Software Subscription or Active Support plan.

      R77.20.85 for SMB Appliances Known Limitations

      The table below lists R77.20.85 Known Limitations:

      ID Description
      SMB-6961 When the IMAP or IMAPS service deletes malicious mail, an email notification is not sent to the client. Logs on the deleted mail can be seen on the Security Logs page
      SMB-4401 IMAP/S:
      • Does not support Anti-Spam
      • Is not supported on centrally managed appliances
      • Is not supported for IPv6 traffic
      • Threat Prevention inspection requires SSL Inspection to be fully enabled.
      • Does not support STARTTLS
      SMB-7029 Manually upgrading the embedded Gaia firmware from R77.20.80 and older versions to R77.20.85 and higher via the web portal may fail during the file upload phase due to timeout. Refer to sk143274.  
      SMB-7085 When One Touch provisioning via the WebUI is completed, an error message shows and it is not possible to retry. This is not a real error, as the configuration was fetched. After refreshing the WebUI, the user can continue to manage the appliance.


      R77.20.85 for SMB Appliances Documentation

      Release Notes
      Check Point R77.20.85 SMB Appliances Release Notes
      Administration Guides
      Check Point 700/900 Appliances R77.20.85 Administration Guide
      Check Point 1400 Appliances Locally Managed R77.20.85 Administration Guide
      Check Point 1400 Appliances Centrally Managed R77.20.85 Administration Guide
      Check Point 700/900/1400 Appliances R77.20.85 CLI Guide
      Check Point 730/750 Appliance Locally Managed Getting Started Guide
      Check Point 770/790 Appliance Locally Managed Getting Started Guide
      Check Point 1430/1450 Appliance Centrally Managed Getting Started Guide
      Check Point 1470/1490 Appliance Centrally Managed Getting Started Guide
      Related Solutions
      sk97766 - Check Point 600 / 1100 / 1200R / 700 / 1400 / 910 Appliances Releases
      sk105380 - Check Point R77.20 for 600 / 700 /1100 / 1200R / 1400 / 910 Appliance Known Limitations

      Give us Feedback
      Please rate this document