Support Center > Search Results > SecureKnowledge Details
Jumbo Hotfix Accumulator for R77.20.87 Technical Level
Solution

Table of Contents:

  • Introduction
  • Availability
  • List of resolved issues per HotFix
  • Revision History
Important Note: This may not be the latest firmware release. To see the latest firmware release, refer to sk97766.

Introduction

R77.20.87 Jumbo Hotfix Accumulator is an accumulation of stability and quality fixes. This Incremental Hotfix and this article are periodically updated with new fixes.

The list below describes each resolved issue and provides a Take number, in which the fix was included. A resolved issue is included in the Incremental Hotfix starting from the Take number listed in this table (inclusive). In addition, you can find the date when the take was published in the table below.

Availability

B990173042 is the latest R77.20.87 Jumbo Hotfix Accumulator release that can be directly downloaded from this article:

Download Package 700 Appliance 910 Appliance 1400 Appliance
R77.20.87 Image (IMG) (IMG) (IMG)
R77.20.87
package for
SmartUpdate
For R80.x SmartUpdate
(TGZ)
R77.30 SmartUpdate and SmartProvisioning
(TGZ)

 

Resolved Issues per Build

ID Description
Available in Private Builds (contact Check Point Support to receive private builds)
SMB-12773 When the user upgrades a 700, 900, or 1400 Security Gateway from R77.20.80 or R77.20.81 to R77.20.85 and higher, the session timeout for IMAPS changes from 3600 seconds to 40 seconds. Refer to sk167693
SMB-12919 The appliance firmware fails after accessing websites whose certificate fails to be decoded.
SMB-13319 Remote access clients fail to connect with a PFX file that contains multiple CRLs.
R77.20.87 Jumbo Hotfix build B990173042
SMB-12856 When the Firewall policy is in strict mode, DHCP does not work on the bridge interface and the users cannot connect to WiFi.
SMB-12632 IP does not work when the "call id" field (usually generated randomly) of the SIP packets includes the IP address of the phone.
SMB-11853 A vulnerability in the code enables an attacker to cause a buffer overflow which can lead to a Denial of Service condition.
SMB-12158
 
You cannot create a LAN switch configured with LAN port numbers that are a combination of a single digit and 2 digits.

Examples:
  • LAN9 +LAN10+LAN11
  • LAN8 +LAN10+LAN11
SMB-11592 Starting from version R77.20.87 B3006, the Security Gateway generates certificates with a 2048 bit public key (instead of a 1024 bit key).
R77.20.87 Jumbo Hotfix build 990173004
SMB-10549 Read-only and networking admins do not have permissions to create a mobile invitation.
SMB-11585 Azure traffic passing via VPN tunnel is dropped for 30 seconds when renewing or renegotiating IKE keys, and then resumes.
SMB-10749 After upgrading to version R77.20.87 pre-build 966, it is not possible to browse to websites that use certain CAs when SSL inspection is turned on.
SMB-11514 DHCP domain name (option 15) does not work from the DHCP custom options table. The date is saved properly but not propagated to the network.
SMB-11493 APPI and URL categorization block outgoing VPN traffic.
SMB-10783 Two new wireless monitoring pages were added to the WebUI:
  1. Access points list
  2. Wireless active devices list
SMB-10684 When URL Filtering is enabled, if there is a proxy that uses a port other than 8080, the Gateway still tries to use port 8080 to open HTTP connections to http://cws.checkpoint.com/URLF. As a result, the URL Filtering blade may not function as expected.
SMB-10581 Drag and drop of SSL inspection exceptions is not supported. 
SMB-10784 When using the mobile or WebUI login, Radius admin session timeout is not according to the configuration.  
SMB-10842  When a cluster member is down after using the command 'cpstop', the command 'cpstart' does not bring it back up.
SMB-11352 Enhancement: Increase the maximum allowed length of special SIP requests from 4096 to 8192 bytes.
SMB-11284 In rare cases, centrally managed appliances switched to local management without administrative intervention.
R77.20.87 Jumbo Hotfix build 990172960
SMB-9662 TCP SACK PANIC - Linux Kernel vulnerabilities - CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479. Refer to sk156192
SMB-9998 The error message that appears when editing a switch, "Could not set interface network-ports: Only ports higher than the port the switch is named after can be added to the switch," appears when adding a LAN with a higher number, but should only appear when adding a LAN with a lower number.
SMB-9742 You cannot edit a configuration in which LAN10 acts as a pivot (LAN10_Switch).
SMB-9759 New Advanced Settings option: "IPS engine settings - Allow protocol unknown commands" Normally, the IPS engine blocks protocols (e.g. POP3, IMAP,...) commands that it does not recognize. When the advanced setting is set to "true", IPS allows the traffic. 
SMB-9839 Locally managed clusters are sometimes not synced when a fail-over is triggered by the 'force member down' button in the WebUI.
SMB-9811 In the WebUI, an active static route may appear twice in the Routing page, once as disabled and once as enabled. 
SMB-9856 In version R77.20.85 and higher, some e-mails that contain attachments and are sent via SMTP to a mail server behind the Gateway, might not reach the mail server if Threat Emulation, IPS, and Anti-Spam are all enabled.
SMB-9934 The "Active Devices" page might not display data and appear to be empty.
SMB-9916 When Anti-Spam or Anti-Virus are enabled, a rare issue in the e-mail parsing I/S might lead to a crash, and clients are not able to send or receive emails for a period of time. This issue existed in all previous releases and was resolved in R77.20.87 Jumbo HF.
SMB-9908 You cannot configure the advanced fields of default system services via CLI commands.
SMB-9997 In some rare environments, if Anti-Spam or Anti-Virus are enabled, clients behind a 700/1400 appliance are unable to reach a POP3 mail server outside the Gateway. In such a scenario, the client receives packets containing a bad TCP checksum.
SMB-9621 Added support for the sicRenewal tool to re-create the SIC certificate. For more information, see sk158333.
SMB-9926 Improved detection of the correct USB cellular modem serial interface when there is more than one interface available.

 

Revision History

Show / Hide revision history

Date Description
29 July 2020 Release of Build 990173042
10 Feb 2020 Release of Build 990173004
18 August 2019 First release of this document

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment