Support Center > Search Results > SecureKnowledge Details
Check Point R77
Solution

Table of Contents

  • R77 downloads for users running Gaia OS
  • What's New in R77
  • R77 Tools
  • CPUSE Offline Packages
  • R77 Released Hotfixes
  • R77 Downloads for other platforms
  • R77 Documentation
  • Revision History

 

Click Here to Show the Entire Article

 

For more information on Check Point releases see: release map, upgrade map, backward compatibility map.
For more information on R77, see the R77 Release Notes, R77 Known Limitations and R77 Resolved Issues. You can also visit our Firewall and VPN Blades forum or any other Check Point discussion forum to ask questions and get answers from technical peers and Support experts.

R77 downloads for users running Gaia OS

Use CPUSE in the Gaia Portal to quickly and easily update Check Point products. Offline mode CPUSE packages are available in the CPUSE Offline Packages table.

Hardware / Appliance, Gaia OS Fresh Install Upgrade
All Check Point Appliances and Open Servers
Check_Point_Install_and_Upgrade_R77_T237.Gaia.iso
(ISO)
(TGZ)
IP Appliances Disk-Based (running Gaia) and
or
and
VMWare Virtual Machine OVF Template
Check_Point_Security_Gateway_R77_T238_OVF_Template_Gaia.tgz
-

Note: Effective October 10, 2013, the images have been replaced resolving sk95056 and sk95245. By installing the new images the R77 machine will automatically install these hotfixes on top of the R77 installation.

For more information about R77 images updates see sk96115 - R77 images updates FAQ.

Click here to see images for other platforms. Click here for upgrade wizard.

 

GUI

Platform / Package Link
Windows - SmartConsole and SmartDomain Manager (EXE)

For file revision history and MD5 see Check_Point_R77_File_Revision_History.

 

See sk91060: Removing old Check Point packages and files after an upgrade.

 

What's New in R77

Show All
  • New Threat Emulation Software Blade
    The new Threat Emulation Software Blade blocks attacks, which cannot be detected by signatures. It opens inspected files inside secure emulation environments to detect malicious behavior. It can be deployed as a cloud service, or as a Private Cloud, via local emulation appliance.
  • New Check Point Compliance Blade
    This new Software Blade analyzes your environment for compliance with major regulations and international standards. Check Point Compliance Blade generates detailed reports, with best practice recommendations taken from the large Check Point library. Check Point Compliance Blade sends alerts for policy changes that can affect compliance.
  • HyperSPECT Technology

    Improvements to deep packet inspection engines boost performance for IPS and for Application and URL Filtering Software Blades.

    • Supports SMT (Hyper-Threading)
    • Optimizations to DPI engines including streamers, parsers and pattern matching engines
  • Gaia Operating System Enhancements
    • Centrally manage basic network configuration (sk93969)
    • Back up and restore, run scripts, remote shell, and more, from a central console (sk93969)
    • Synchronize cluster members with Gaia OS configuration cloning (Cloning Group)
  • Enhanced Gaia Software Updates

    Update the Gaia operating system with the enhanced Automated Software Updates tool:

    • Clean install of full image and upgrade of optimally sized package from the Check Point Cloud
    • Up to 90% less downtime for Security Gateway upgrade
    • Export and import of Gaia software update packages
    • New WebUI features with enhanced usability
  • Enhanced Identity Awareness
    • New identity acquisition method: RADIUS Accounting
    • Automatic update of LDAP group membership changes
    • Improved Identity Agent installation, with support for repair tools
    • New MSI configuration tool for Agent distribution
  • Enhanced Endpoint Security
    • Full Disk Encryption
      • Unlock on LAN (UOL) is a new automatic network-based authentication method for the Pre-boot environment. It provides a secure logon without
      • requiring end-user interaction to unlock the encrypted system
      • UEFI "Absolute Pointer" Keyboard-less Tablet Touch Support (Touchscreen)
      • Support for user acquisition after a computer is fully protected and its deployment is finished
      • Support for SED (Self Encrypting Drives) based on the TCG Opal Standard
      • Smart Card support for systems running on UEFI enabled computers
      • Support for Single Sign-On (SSO) when resuming from a hibernate state in Windows
      • Improved usability for Full Disk Encryption recovery for Mac - unified with the Windows version
    • Endpoint Security Client - General
      • Push operations for repair, shut-down, and remote log collection
    • Anti-Malware
      • Central management for Anti-Malware, to manage scans, updates, and quarantine features
    • Firewall
      • Firewall support for Desktop Security firewall policy enforcement
    • Media Encryption & Port Protection
      • Support for unauthorized and authorized file type scan configuration
      • Full support for classifying data, which is written to a removable device, as business data or nonbusiness data. This applies to all applications that might trigger the file operation.
  • Security Gateway Virtual Edition

    You can install Security Gateway supplements and hotfixes higher than R77 on top of Security Gateway Virtual Edition.

    Important Notes for R77 Security Gateway Virtual Edition:

  • Enhanced VSX
    Each Virtual System can support up to 128 interfaces.
  • Enhanced SAM Card Support
    • Jumbo frames support
    • Bonding support
    • Multi-queue support for back-plane interfaces
  • Mobile Access
    Mobile Access Portal supports Outlook Web App 2013 with the Path Translation (PT) method. The Hostname Translation (HT) method is supported when cookies on the endpoint machine are configured. The URL Translation (UT) method is not supported.

 

R77 Tools

Show / Hide the download matrix

Tools

Management Tools Gaia SecurePlatform & Linux IPSO Windows Solaris
Management Server Migration Tool (TGZ) (TGZ) (TGZ) (TGZ) (TGZ)
See R77 Release Notes
Multi-Domain Server Export Tool - - - - (ISO)
See R77 Release Notes
Bootmanager (for IP Appliances) (SH) - (SH) - -
Gaia Upgrade Verifier from IPSO - - (SH) - -
Gaia Upgrade Package for
IPSO 6.2 IP Appliances
- - (TGZ)
(TGZ)
- -

Important Note: Effective Sep 23, 2014, the Management Server Migration Tool Package has been replaced resolving sk102486.

Agents

Agent Windows
DLP Exchange agent (MSI)

 

CPUSE Offline Packages

You can use R77 Gaia Offline Packages for CPUSE upgrade, on Security Gateways and Management Servers that are not connected to the Internet.

Show / Hide the download matrix

Download and install the latest build of Gaia Software Updates Agent.

Hardware / Appliance, Gaia OS R77 Fresh Install and Upgrade from R71.50 / R75.X / R76
All Check Point Appliances, Disk-Based IP Appliances and Open Servers

 

R77 Released Hotfixes

Released Hotfixes
sk103839 - Check Point update and online services migration to SHA-256 based certificates
sk103683 - Check Point response to TLS 1.x padding vulnerability (CVE-2014-8730)
sk102989 - Check Point response to the POODLE Bites vulnerability (CVE-2014-3566)
sk102673 - Check Point Response to CVE-2014-6271 & CVE-2014-7169 Bash Code Injection vulnerability
sk100195 - Potential Denial of Service (DoS) which might be triggered by a certain traffic condition on Security Gateways when Anti-Virus or Anti-Bot blades are enabled
sk94990 - SmartLog may crash after upgrade to R77
(This hotfix is a part of Gaia, SecurePlatform images effective Sep 12, 2013)
sk95056 - Security Gateways prior to R76 drop UDP traffic on non-standard ports after upgrading Security Management Server to R77
(This hotfix is a part of Gaia, SecurePlatform and Window images effective Oct 10, 2013)
sk95245 - When using Threat Emulation to scan mail content, some files encoded in MIME may be incorrectly decoded causing a 'False-Negative' result of the emulated file
(This hotfix is a part of Gaia, SecurePlatform and Window images effective Oct 10, 2013)
sk96269 - E-mails might not be scanned by the Threat Emulation blade in some specific scenarios depending on the e-mail client behavior
sk96124 - Path MTU Discovery (PMTUD) issues with Check Point Active Streaming (CPAS)
sk97566 - Certain subnets and hosts behind NAT cannot obtain or renew IP addresses over DHCP in R77
sk97987 - Some SSL VPN functionality breaks as a result of a Java update to version 7 update 51 (7u51) and above
sk98814 - Some protections may not work for specific HTTP evasions in R77.10 / R77 / R76
sk100431 - Important security and stability enhancements for Security Gateway
sk101186 - SSL/TLS MITM vulnerability (CVE-2014-0224)

 

R77 Downloads for other platforms

Download Wizard - Find your download file with just few clicks.

Show / Hide the download matrix

Note: In order to download some of the packages you will need to have a Software Subscription or Active Support plan.

Platform Hardware / Appliance Fresh Install Upgrade
SecurePlatform 2012 Models Appliances,
Data Center Appliances,
UTM-1 Appliances
(ISO) (TGZ)
Power-1 Appliances (ISO) (TGZ)
Smart-1 Appliances (ISO) (TGZ)
(ISO)
(Multi-Domain)
Open Servers (ISO)
(ISO)
(Multi-Domain)
(ISO)
(TGZ)
(ISO)
(Multi-Domain)
RHEL 5.0 /
RHEL 5.4
Open Servers (ISO)
(ISO)
(Multi-Domain)
(ISO)
(ISO)
(Multi-Domain)
IPSO 6.2 Disk Based * IP150, IP280, IP290, IP390, IP560, IP690, IP1280, IP2450 and and
IPSO 6.2 Flash Based * IP290, IP390, IP560, IP690, IP1280, IP2450 and -
Windows   (ISO)
(ZIP)
(ISO)
(ZIP)

* Important: Upgrade on IPSO 6.2 requires IPSO 6.2 MR4. See sk92306.

Note: Effective October 10, 2013, the Gaia / SecurePlatform / Windows images for fresh installation and upgrade have been replaced resolving sk95056 and sk95245. By installing the new images of Gaia & SecurePlatform, the R77 machine will automatically install these hotfixes on top of the R77 installation.

For file revision history and MD5 see Check_Point_R77_File_Revision_History.

 

R77 Documentation

Show / Hide the documentation

R77 Documentation
Release Notes and Upgrade Guides
R77 Release Notes
R77 Documentation Package
R77 Installation and Upgrade Guide for Gaia Platforms
R77 Installation and Upgrade Guide for Non-Gaia Platforms
E80.50 Upgrade Guide for SecuRemote
Administration Guides
R77 Firewall Administration Guide
R77 Security Gateway Technical Administration Guide
R77 Security Gateway Virtual Edition Administration Guide
R77 Threat Prevention Administration Guide
R77 Compliance Administration Guide
R77 Performance Tuning Administration Guide
R77 Gaia Administration Guide
R77 Gaia Advanced Routing Administration Guide
R77 SecurePlatform Administration Guide
R77 VSX Administration Guide
R77 Application Control and URL Filtering Administration Guide
R77 IPS Administration Guide
R77 Data Loss Prevention Administration Guide
R77 Identity Awareness Administration Guide
R77 Mobile Access Administration Guide
R77 VPN Administration Guide
R77 ClusterXL Administration Guide
R77 VoIP Administration Guide
R77 QoS Administration Guide
R77 Security Management Administration Guide
R77 Multi-Domain Security Management Administration Guide
R77 SmartProvisioning Administration Guide
R77 SmartView Monitor Administration Guide
R77 SmartView Tracker Administration Guide
R77 SmartLog Administration Guide
R77 SmartEvent Administration Guide
R77 SmartReporter Administration Guide
R77 SmartWorkflow Administration Guide
E80.50 Endpoint Security Client for Windows User Guide
E80.50 Check Point Mobile for Windows User Guide
E80.50 Remote Access Clients Release Notes
E80.50 Endpoint Security Client for Mac User Guide
E80.50 Remote Access Clients Administration Guide
E80.50 Endpoint Security Administration Guide
E80.50 SecuRemote User Guide
E80.50 Endpoint Security VPN for Windows User Guide
Additional / Reference Guides
R77 CLI Reference Guide
R77 CPcode for DLP Reference Guide
R77 SecurePlatform Advanced Routing Suite CLI Reference Guide

 

Revision History

Show / Hide the revision history

Date Description
19 Apr 2015 Added sk103839 to "R77 Released Hotfixes" section
21 Dec 2014 Added sk103683 to "R77 Released Hotfixes" section.
Added sk102989 to "R77 Released Hotfixes" section.
Added sk102673 to "R77 Released Hotfixes" section.
23 Sep 2014 Management Server Migration Tool Package has been replaced resolving sk102486.
09 Jun 2014 Added sk101186 to "R77 Released Hotfixes" section.
20 May 2014 Added sk100431 to "R77 Released Hotfixes" section.
10 Apr 2014 Added sk100195 to "R77 Released Hotfixes" section.
10 Mar 2014 Added sk98814 to "R77 Released Hotfixes" section.
23 Jan 2014 Added sk97987 to "R77 Released Hotfixes" section.
21 Jan 2014 Updated links to "Installation and Upgrade Guide" in "R77 Documentation" section.
01 Jan 2014 Added sk97566 to "R77 Released Hotfixes" section.
18 Nov 2013 Added 'VMWare Virtual Machine OVF Template' to "Gaia Downloads" section.
03 Oct 2013 Added sk96124 to "R77 Released Hotfixes" section.
07 Nov 2013 Added sk96269 to "R77 Released Hotfixes" section.
31 Oct 2013 Solution look & feel was changed, providing simpler download table and data in collapsable format.
10 Oct 2013 Added a note that the Gaia / SecurePlatform / Windows images for fresh installation and upgrade have been replaced resolving sk95056 and sk95245.
08 Oct 2013 Added Threat Emulation Appliance to "Software Download Matrix" - Fresh Installation.
03 Oct 2013 Added sk95245 to "R77 Released Hotfixes" section.
30 Sep 2013 Added sk95056 to "R77 Released Hotfixes" section.
30 Sep 2013 Added sk94990 to "R77 Released Hotfixes" section.
12 Sep 2013 Added a note that the Gaia / SecurePlatform images for fresh installation have been replaced with resolution to sk94990 (SmartLog may crash after upgrade to R77).
02 Sep 2013 First release of this document.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment