Support Center > Search Results > SecureKnowledge Details
Jumbo Hotfix Accumulator for R77.20.87
Solution

Table of Contents:

  • Introduction
  • Availability
  • List of resolved issues per HotFix
  • Revision History

Introduction

R77.20.87 Jumbo Hotfix Accumulator is an accumulation of stability and quality fixes. This Incremental Hotfix and this article are periodically updated with new fixes.

The list below describes each resolved issue and provides a Take number, in which the fix was included. A resolved issue is included in the Incremental Hotfix starting from the Take number listed in this table (inclusive). In addition, you can find the date when the take was published in the table below.

 

Availability

General Availability Build

Build 2960 is the latest R77.20.87 Jumbo Hotfix Accumulator General Availability release that can be directly downloaded from this article:

Download Package 700 Appliance 910 Appliance 1400 Appliance
R77.20.87 Image
(IMG) (IMG) (IMG)
R77.20.87
package for
SmartUpdate



For R77.30 SmartUpdate and SmartProvisioing
(TGZ)
For R80.x SmartUpdate
(TGZ)

 

Resolved Issues per Build

ID Description
Available in Private Builds (contact Check Point Support to receive private builds)
SMB-10549

Read-only and networking admins do not have permissions to create a mobile invitation. 

SMB-10749

After upgrading to version R77.20.87 pre-build 966, it is not possible to browse to websites that use certain CAs when SSL inspection is turned on.

SMB-10783 Two new wireless monitoring pages were added to the WebUI:
  1. Access points list
  2. Wireless active devices list
SMB-10684

When URL Filtering is enabled, if there is a proxy that uses a port other than 8080, the Gateway still tries to use port 8080 to open HTTP connections to http://cws.checkpoint.com/URLF. As a result, the URL Filtering blade may not function as expected. 

SMB-9759 New Advanced Settings option: "IPS engine settings - Allow protocol unknown commands" Normally, the IPS engine blocks protocols (e.g. POP3, IMAP,...) commands that it does not recognize. When the advanced setting is set to "true", IPS allows the traffic. 
SMB-10581 Drag and drop of SSL inspection exceptions is not supported. 
SMB-10784 When using the mobile or WebUI login, Radius admin session timeout is not according to the configuration.  
R77.20.87 Jumbo Hotfix 
SMB-9662 TCP SACK PANIC - Linux Kernel vulnerabilities - CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479. Refer to sk156192
SMB-9998
The error message that appears when editing a switch, "Could not set interface network-ports: Only ports higher than the port the switch is named after can be added to the switch," appears when adding a LAN with a higher number, but should only appear when adding a LAN with a lower number.
SMB-9742 You cannot edit a configuration in which LAN10 acts as a pivot (LAN10_Switch).
SMB-9839 Locally managed clusters are sometimes not synced when a fail-over is triggered by the 'force member down' button in the WebUI.
SMB-9811 In the WebUI, an active static route may appear twice in the Routing page, once as disabled and once as enabled. 
SMB-9856 In version R77.20.85 and higher, some e-mails that contain attachments and are sent via SMTP to a mail server behind the Gateway, might not reach the mail server if Threat Emulation, IPS, and Anti-Spam are all enabled.
SMB-9934 The "Active Devices" page might not display data and appear to be empty.
SMB-9916 When Anti-Spam or Anti-Virus are enabled, a rare issue in the e-mail parsing I/S might lead to a crash, and clients are not able to send or receive emails for a period of time. This issue existed in all previous releases and was resolved in R77.20.87 Jumbo HF.
SMB-9908 You cannot configure the advanced fields of default system services via CLI commands.
SMB-9997 In some rare environments, if Anti-Spam or Anti-Virus are enabled, clients behind a 700/1400 appliance are unable to reach a POP3 mail server outside the Gateway. In such a scenario, the client receives packets containing a bad TCP checksum.
SMB-9711 Locally managed appliances do not support subordinate certificates. Resolved in R77.20.80 for *.P12 files only. For .crt files, refer to sk157413.
SMB-9427 In specific scenarios, the WebUI did not load properly on Internet Explorer 11, Windows 7.
SMB-9312 IKEv1 aggressive mode does not work in HFA85 and HFA86
SMB-9204 Added a new advanced option in locally managed appliances ("Connection Persistence") which prevents VPN disconnections after changing any VPN-related configuration. Refer to sk155352
SMB-9377 Implemented a stronger admin password hash algorithm than the one present in version R77.20.85 and higher. See sk155172.
SMB-9352 When a WAN-LAN bridge is configured, infected hosts do not appear in reports.
SMB-9232 The user cannot configure gateway load thresholds in the WebUI. Applying threshold settings results in an "Unknown field" error.
SMB-9227 Added a CLI option for "keep-connections-open-after-policy-installation" for UDP/TCP services.
SMB-9710 MEP is not supported in Remote Access VPN.
SMB-9621 Added support for the sicRenewal tool to re-create the SIC certificate. For more information, see sk158333.
SMB-9926 Improved detection of the correct USB cellular modem serial interface when there is more than one interface available.
SMB-10842  When a cluster member is down after using the command 'cpstop', the command 'cpstart' does not bring it back up.

 

Revision History

Show / Hide revision history

Date Description
18 August 2019 First release of this document

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment