R77.20.86 for Small and Medium Business Appliances

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk144852
Technical Level
Product	Small and Medium Business Appliances, Branch Office Appliances
Version	R77.20
Platform / Model	700, 900, 1400
Date Created	20-Mar-2019
Last Modified	23-Jul-2020

Solution

This article applies to Check Point 700 / 1400 / 910 Small and Medium Business (SMB) Appliances.

Table of Contents

What's New in Check Point R77.20.86 for SMB Appliances
Supported Appliances
Downloads
Resolved Issues
Known Limitations
Documentation
Revision History

For more information, refer to the following Product Pages: Check Point 700, Check Point 1400 and Check Point 910.

Visit Check Point CheckMates Community to ask questions, start a discussion, and get expert assistance.

Important Note: This may not be the latest firmware release. To see the latest firmware release, refer to sk97766.

What's New in Check Point R77.20.86 for SMB Appliances?

New Mobile Application
- Push notifications for immediate reaction to security and network events.
- Easily manage and switch between multiple Security Gateways with a single login.
- Monitor your network and security status with simplified pages of statistics for traffic, events, and more.
- In addition to the above, R77.20.86 includes many other important features. For more information, refer to the SMB WatchTower App Release Notes.

Send security logs to an on-premise LogServer when connected to vSMP.
- For details, refer to sk148672.

The VPN remote access user password can now consist of more than eight characters.

Supported Appliances

The supported appliances are:

700
910
1400

Downloads

Effective 1 April 2019: Build 990172855 for R77.20.86 image has been released for 700/900/1400 appliances.

Resolved issue in Build 990172855: When a new firmware is suggested through the WebUI, clicking the "update now" button does not work.

Important Note: Check the MD5 string before installing the downloaded file.

Important Note: To download these packages, you will need a Software Subscription or Active Support plan.

Download Package	700 Appliance	910 Appliance	1400 Appliance
R77.20.86 Image	(IMG)	(IMG)	(IMG)
R77.20.86 package for SmartUpdate	-	-	For R77.30 SmartUpdate and SmartProvisioing (TGZ)
R77.20.86 package for SmartUpdate	-	-	For R80.x SmartUpdate (TGZ)

WatchTower App Download:

Download the WatchTower App from Google Play.
Download the WatchTower App from the App Store.

Resolved Issues

The table below lists the resolved issues in R77.20.86:

ID	Description
General
SMB-7199, SMB-7368	QoS load configuration fails when the name of the Internet connection contains a space.
SMB-7402	The user receives a false Non-Compliant DNS logs error message (illegal EDNS0 RR) due to an Illegal Resource Record format in the debug and Bad Resource Record format. This results in dropped legitimate DNS queries (DNS flag day compliance).
SMB-7442	Gateways configured with multiple Internet connections that are running R77.20.85 (build 990172731) firmware may experience very high CPU usage, which results in high network latency, possible network outage, and may sometimes make the appliance inaccessible.
SMB-7394	A server object with the hide NAT option enabled in a locally managed cluster is not accessible from external networks via the cluster's external virtual IP. It can only be accessed via the member's external physical IP.
SMB-7982	In HFA version R77.20.85, with build numbers lower than 990172755, when HTTPS inspection is enabled in the policy, memory consumption may increase gradually until available memory is depleted, causing a network outage.
SMB-7852	When HTTPs inspection is enabled and the Threat Prevention blades are configured to inspect the IMAPS email protocol, the IMAPS traffic is dropped.
SMB-7710	When creating a new server object in the WebUI (Users & Objects > Servers > New), in step 4 of the wizard, entering an IP address in the Static NAT field results in this error message: `"Invalid object name"`
SMB-7473	When creating a Firewall policy rule or a NAT manual rule in the WebUI, setting the source or destination as an IP address results in this error message: `"Invalid object name"`
SMB-8149	The user cannot generate reports from the WebUI if the report data includes an apostrophe character. See sk148473.
SMB-6647	Traffic accelerated by SecureXL does not reach its destination if the MAC address is zero.
SMB-7497	A Web server error appears on the 'Connected Remote Users' page if hotspot users are connected.
SMB-7183	An image upgrade may fail in the rare event that the last block in the kernel partition is bad.
SMB-6462	VPN tunnel initiation fails when using IKE v2 with 3rd party peers which only accept IPv4 as IDi (instead of IKE_ID) during the key exchange process.

Known Limitations

The table below lists known limitations in R77.20.86:

ID	Description
General
SMB-7461	In locally managed mode, when you configure Site to Site VPN and select the "Route All Traffic" option, security logs will not be sent to an external Log Server.
SMB-6915	IPv6 related events are not included in gateway notifications for the web portal and mobile application.
SMB-7323	When a user blocks a device via the mobile application, only new connections are blocked.

Documentation

Release Notes

Check Point SMB Appliances R77.20.86 Release Notes

SMB Check Point WatchTower Release Notes

Administration Guides

Check Point 700/900 Appliances R77.20.86 Administration Guide

Check Point 1400 Appliances Locally Managed R77.20.86 Administration Guide

Check Point 1400 Appliances Centrally Managed R77.20.86 Administration Guide

Check Point 700/900/1400 Appliance R77.20.86 CLI Guide

SMB WatchTower App User Guide

Revision History

Show / Hide this section

Date Description

20 March 2019 First release of this document.

Give us Feedback

Please rate this document

[1=Worst,5=Best]

Comment
	Submitting rating