R80.20.20 for Small and Medium Business Appliances

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk170534
Technical Level
Product	Quantum Spark Appliances
Version	R80.20
OS	Gaia Embedded
Platform / Model	1500, 1570R, 1600, 1800
Date Created	07-Jan-2021
Last Modified	11-May-2021

Solution

Table of Contents

What's New
Supported Appliances
Downloads
Resolved Issues
Known Limitations
Documentation
Revision History

Important Note: This may not be the latest firmware release. To see the latest firmware release, refer to sk97766.

What's New in R80.20.20

Introducing 1600 and 1800 Appliances for medium size business (up to 500 employees):
- QUANTUM SPARK 1600 and 1800 security appliances deliver enterprise-grade security in simple, affordable, all-in-one security solution.
- Powerful 1U 19” SMB platforms – Deliver up to 2Gbps of Threat Prevention.
- High-density Ethernet ports, including copper and fiber ports, up to 2 x 2.5GbE high speed ports and 1x 10GbE port.
- Dual power supplies with power redundancy, embedded SSD, 2 x USB3 ports, and more.
- For more information, see sk168880.
SFP DSL - External DSL modem connected to the DMZ SFP port in non-VDSL 1570 / 1590 appliances.
Stability Improvements
Performance Enhancements

Supported Appliances

1500 Series: 1530, 1550, 1570, 1570R, and 1590 appliances
1600/1800 appliances

Downloads

Check the MD5 string before installing the downloaded file.
To download these packages, you need a Software Subscription or Active Support Plan.
February 3, 2021: R80.20.20 Build 992001869 for 1500/1600/1800 appliances is the latest General Availability release that can be directly downloaded from this article:

Download Package 1500 Appliance 1600/1800 Appliance

R80.20.20 Build 992001869

R80.20.20 Build 992001869 for R80.20 SmartUpdate

Resolved Issues

ID Description

Build 992001869

SMB-14393 Enhancement: Two new fields added to the cellular modem status CLI command show cellular-modem-status:

IMSI - SIM card identification number

MSISDN - The phone number of that SIM card

SMB-14304 Occasionally, after you insert the SIM tray, the cellular connection is not restored and the message "Detecting SIM" shows repeatedly.

SMB-14292 Use of the show diag command causes irrelevant error messages to appear.

SMB-14401 SMB 1500 devices are vulnerable to DNSPooQ on internal (LAN, Wi-Fi) networks. The issue is resolved in R80.20.20 B992001850 and higher for 1500.

SMB-14303 The SMB appliance may generate logs in which the Origin field shows "0.0.0.0" even though the correct value shows in the MGMT console. This may occur when using Log Exporter or when filtering logs.

SMB-14293 In a rare scenario in locally managed 1500 appliances, a gateway crash may occur during email inspection in the IMAP protocol.

SMB-14395 In a locally managed cluster, if a custom port number is defined for Remote Access connections, these connections to the cluster Virtual IP address are not allowed by default.

SMB-14325 Use of SmartConsole to perform a firmware upgrade is not supported in 1600/1800 appliances.

SMB-14407 In locally-managed mode, when the Anti-Spam Software Blade is configured to scan outgoing emails, SMTP traffic is dropped if the mail server is behind a VPN peer.

SMB-14381 HTTPS inspection cannot be opened on some sites because the gateway does not trust the CA.

Build 992001844

SMB-13620 When you configure the Virtual MAC address feature on a 1500 cluster, a kernel panic may occur.

SMB-14095 In rare scenarios in locally-managed mode (such as an unexpected reboot during signature updates), the command

fw_configload
fails during boot. As a result, you must manually reboot the appliance.

SMB-13930
In R80.20, commands with adlog a query used to provide output with adlog information result in an error message: wrong number of arguments.

For example:
adlog a query ip 1.1.1.1
wrong number of arguments

SMB-13549 SSL traffic that is matched on one or more rules listed in the SSL exceptions is inspected instead of bypassed.

SMB-13922 In R80.20.15: When full SSL inspection is enabled, the 'sfwd' daemon might exit or hang. This may cause issues with VPN, URL filtering and security logs.

SMB-13742 VoIP (SIP) call initiation over a bridged internet connection may fail.

SMB-14035 Capsule VPN and Linux VPN client users are unable to connect unless Two-Factor Authentication is enabled.

SMB-13885 In Locally Managed 1500 appliances, the HTTPS URL Filtering may not be enforced properly when the full SSL inspection is enabled.
This issue was fixed in R80.20.15 Jumbo HF.

SMB-13975 When a primary Internet port is down, the connection drops and the secondary Internet connection takes over but the immediate network route is not removed. As a result, traffic to hosts on that network are not sent out from the default route on the secondary connection.

Known Limitations

ID Description

SMB-13424 In 1600 and 1800 appliances, if auto-negotiation is disabled on a port, the port supports only the speeds of 10 Mbps and 100 Mbps.

SMB-14226 If an interface is a Bond slave, the Clish commands set interface <Name of Interface> state off and set interface <Name of Interface> down fail and this error message appears: Could not set interface: Internal Error.

SMB-14246 On Locally Managed appliances, the VPN Aggressive mode is not supported.

Resolved in Build 992001961

SMB-13373 In 1800 appliances: When working in manual mode on the DMZ port, only 100Mbps and 10Mbps link speed are supported.

SMB-13454 If you create a new Application Group that contains one application that does not require SSL inspection and another application that does, the custom application group icon shows a lock icon even after you delete application signatures that require SSL inspection.

SMB-14228 The 1600/1800 appliances support up to 1000 routes of all types.

SMB-14272 Global Configuration of DSL is not supported for SFP-DSL connections.

SMB-14263 To disable the "Connect to the appliance by name from the Internet (DDNS)" option, it is necessary to enter the DDNS password again.

SMB-13713 If the email client is configured with IMAP with STARTTLS then the emails will get stuck when they are downloaded from the email server.

SMB-14106
If it is necessary to change the default value of the "Multiple ISP Route Refresh" setting, you must do only in one of these ways:

In WebUI > Advanced Settings > the parameter "Multiple ISP Route Refresh"

In Clish with the set misp-refresh-route command

Important - It is not supported to change the value of the kernel parameter "cphwd_misp_refresh_routing" with the fw ctl set int cphwd_misp_refresh_routing command.

SMB-13955 These statistics are not available from the SFP DSL modem:

RS Code Words

RS Corrected Errors

Configured G.Inp

Vectoring

HEC Errors

Documentation

User Guides

Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.20 Release Notes

Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.20 Locally Managed Administration Guide (English)

Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.20 Locally Managed Administration Guide (Japanese)

Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.20 Centrally Managed Administration Guide (English)

Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.20 Centrally Managed Administration Guide (Japanese)

Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.20 CLI Reference Guide

Related Solutions

sk97766: Check Point 600 / 700 / 910 / 1100 / 1200R / 1400 / 1500 SMB Appliances Releases

sk159173: Check Point R80.20 for Small and Medium Business Appliances

sk157412: 1500 Series Security Gateways

sk166654: Check Point 1570R Ruggedized Appliances

sk159772: Check Point SMB R80.20 Appliances Features and Known Limitations

sk168880: 1600 and 1800 Series Security Gateways

Revision History

Show / Hide this section

Date Description

Feb. 3 2021 Release of Build 992001869

Jan. 7 2021 First release of this document.

Give us Feedback

Please rate this document

[1=Worst,5=Best]

Comment
	Submitting rating