Support Center > Search Results > SecureKnowledge Details
R80.20.20 for Small and Medium Business Appliances Technical Level
Solution

Table of Contents

  • What's New
  • Supported Appliances
  • Downloads
  • Resolved Issues
  • Known Limitations
  • Documentation
  • Revision History 
Important Note: This may not be the latest firmware release. To see the latest firmware release, refer to sk97766.

What's New in R80.20.20 

  • Introducing 1600 and 1800 Appliances for medium size business (up to 500 employees):
    • QUANTUM SPARK 1600 and 1800 security appliances deliver enterprise-grade security in simple, affordable, all-in-one security solution.
    • Powerful 1U 19” SMB platforms – Deliver up to 2Gbps of Threat Prevention.
    •  High-density Ethernet ports, including copper and fiber ports, up to 2 x 2.5GbE high speed ports and 1x 10GbE port.
    •  Dual power supplies with power redundancy, embedded SSD, 2 x USB3 ports, and more.
    •  For more information, see sk168880
  •  SFP DSL - External DSL modem connected to the DMZ SFP port in non-VDSL 1570 / 1590 appliances.
  • Stability Improvements
  • Performance Enhancements

Supported Appliances  

Downloads

  • Check the MD5 string before installing the downloaded file.
  • To download these packages, you need a Software Subscription or Active Support Plan.
  • February 3, 2021: R80.20.20 Build 992001869 for 1500/1600/1800 appliances is the latest General Availability release that can be directly downloaded from this article:
Download Package 1500 Appliance 1600/1800 Appliance
R80.20.20 Build 992001869
R80.20.20 Build 992001869 for R80.20 SmartUpdate          

Resolved Issues

ID Description 
Build 992001869
SMB-14393 Enhancement: Two new fields added to the cellular modem status CLI command show cellular-modem-status:
  • IMSI - SIM card identification number
  • MSISDN - The phone number of that SIM card
SMB-14304 Occasionally, after you insert the SIM tray, the cellular connection is not restored and the message "Detecting SIM" shows repeatedly.
SMB-14292 Use of the show diag command causes irrelevant error messages to appear.
SMB-14401 SMB 1500 devices are vulnerable to DNSPooQ on internal (LAN, Wi-Fi) networks. The issue is resolved in R80.20.20 B992001850 and higher for 1500.
SMB-14303 The SMB appliance may generate logs in which the Origin field shows "0.0.0.0" even though the correct value shows in the MGMT console. This may occur when using Log Exporter or when filtering logs.
SMB-14293 In a rare scenario in locally managed 1500 appliances, a gateway crash may occur during email inspection in the IMAP protocol.
SMB-14395 In a locally managed cluster, if a custom port number is defined for Remote Access connections, these connections to the cluster Virtual IP address are not allowed by default.
SMB-14325 Use of SmartConsole to perform a firmware upgrade is not supported in 1600/1800 appliances.
SMB-14407 In locally-managed mode, when the Anti-Spam Software Blade is configured to scan outgoing emails, SMTP traffic is dropped if the mail server is behind a VPN peer.
SMB-14381 HTTPS inspection cannot be opened on some sites because the gateway does not trust the CA.
Build 992001844 
SMB-13620 When you configure the Virtual MAC address feature on a 1500 cluster, a kernel panic may occur.
SMB-14095 In rare scenarios in locally-managed mode (such as an unexpected reboot during signature updates), the command

fw_configload

fails during boot. As a result, you must manually reboot the appliance.
SMB-13930
 
In R80.20, commands with adlog a query used to provide output with adlog information result in an error message: wrong number of arguments

For example:
adlog a query ip 1.1.1.1
wrong number of arguments
SMB-13549 SSL traffic that is matched on one or more rules listed in the SSL exceptions is inspected instead of bypassed.
SMB-13922 In R80.20.15: When full SSL inspection is enabled, the 'sfwd' daemon might exit or hang. This may cause issues with VPN, URL filtering and security logs.
SMB-13742 VoIP (SIP) call initiation over a bridged internet connection may fail.
SMB-14035 Capsule VPN and Linux VPN client users are unable to connect unless Two-Factor Authentication is enabled.
SMB-13885 In Locally Managed 1500 appliances, the HTTPS URL Filtering may not be enforced properly when the full SSL inspection is enabled.
This issue was fixed in R80.20.15 Jumbo HF.
SMB-13975 When a primary Internet port is down, the connection drops and the secondary Internet connection takes over but the immediate network route is not removed. As a result, traffic to hosts on that network are not sent out from the default route on the secondary connection.

Known Limitations

ID Description 
SMB-13424 In 1600 and 1800 appliances, if auto-negotiation is disabled on a port, the port supports only the speeds of 10 Mbps and 100 Mbps.
SMB-14226 If an interface is a Bond slave, the Clish commands set interface <Name of Interface> state off and set interface <Name of Interface> down fail and this error message appears: Could not set interface: Internal Error.
SMB-14246 On Locally Managed appliances, the VPN Aggressive mode is not supported.
  • Resolved in Build 992001961
SMB-13373 In 1800 appliances: When working in manual mode on the DMZ port, only 100Mbps and 10Mbps link speed are supported.
SMB-13454 If you create a new Application Group that contains one application that does not require SSL inspection and another application that does, the custom application group icon shows a lock icon even after you delete application signatures that require SSL inspection.
SMB-14228 The 1600/1800 appliances support up to 1000 routes of all types.
SMB-14272 Global Configuration of DSL is not supported for SFP-DSL connections.
SMB-14263 To disable the "Connect to the appliance by name from the Internet (DDNS)" option, it is necessary to enter the DDNS password again.
SMB-13713 If the email client is configured with IMAP with STARTTLS then the emails will get stuck when they are downloaded from the email server. 
SMB-14106
 
If it is necessary to change the default value of the "Multiple ISP Route Refresh" setting, you must do only in one of these ways:
  • In WebUI > Advanced Settings > the parameter "Multiple ISP Route Refresh"
  • In Clish with the set misp-refresh-route command
Important - It is not supported to change the value of the kernel parameter "cphwd_misp_refresh_routing" with the fw ctl set int cphwd_misp_refresh_routing command.
SMB-13955 These statistics are not available from the SFP DSL modem:
  • RS Code Words
  • RS Corrected Errors
  • Configured G.Inp
  • Vectoring
  • HEC Errors

Documentation

User Guides
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.20 Release Notes
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.20 CLI Reference Guide
Related Solutions
sk97766: Check Point 600 / 700 / 910 / 1100 / 1200R / 1400 / 1500 SMB Appliances Releases
sk159173: Check Point R80.20 for Small and Medium Business Appliances
sk157412: 1500 Series Security Gateways
sk166654: Check Point 1570R Ruggedized Appliances
sk159772: Check Point SMB R80.20 Appliances Features and Known Limitations
sk168880: 1600 and 1800 Series Security Gateways


Revision History

Show / Hide this section
Date Description
Feb. 3 2021 Release of Build 992001869
Jan. 7 2021  First release of this document.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment