Support Center > Search Results > SecureKnowledge Details
Jumbo Hotfix Accumulator for R77.20.87

Table of Contents:

  • Introduction
  • Availability
  • List of resolved issues per HotFix
  • Revision History


R77.20.87 Jumbo Hotfix Accumulator is an accumulation of stability and quality fixes. This Incremental Hotfix and this article are periodically updated with new fixes.

The list below describes each resolved issue and provides a Take number, in which the fix was included. A resolved issue is included in the Incremental Hotfix starting from the Take number listed in this table (inclusive). In addition, you can find the date when the take was published in the table below.



General Availability Build

Build 2960 is the latest R77.20.87 Jumbo Hotfix Accumulator General Availability release that can be directly downloaded from this article:

Download Package 700 Appliance 910 Appliance 1400 Appliance
R77.20.87 Image
package for

For R77.30 SmartUpdate and SmartProvisioing
For R80.x SmartUpdate


Resolved Issues per Build

ID Description
R77.20.87 Jumbo Hotfix Build 2960 
SMB-9662 TCP SACK PANIC - Linux Kernel vulnerabilities - CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479. Refer to sk156192
The error message that appears when editing a switch, "Could not set interface network-ports: Only ports higher than the port the switch is named after can be added to the switch," appears when adding a LAN with a higher number, but should only appear when adding a LAN with a lower number.
SMB-9742 You cannot edit a configuration in which LAN10 acts as a pivot (LAN10_Switch).
SMB-9839 Locally managed clusters are sometimes not synced when a fail-over is triggered by the 'force member down' button in the WebUI.
SMB-9811 In the WebUI, an active static route may appear twice in the Routing page, once as disabled and once as enabled. 
SMB-9856 In version R77.20.85 and higher, some e-mails that contain attachments and are sent via SMTP to a mail server behind the Gateway, might not reach the mail server if Threat Emulation, IPS, and Anti-Spam are all enabled.
SMB-9934 The "Active Devices" page might not display data and appear to be empty.
SMB-9916 When Anti-Spam or Anti-Virus are enabled, a rare issue in the e-mail parsing I/S might lead to a crash, and clients are not able to send or receive emails for a period of time. This issue existed in all previous releases and was resolved in R77.20.87 Jumbo HF.
SMB-9908 You cannot configure the advanced fields of default system services via CLI commands.
SMB-9997 In some rare environments, if Anti-Spam or Anti-Virus are enabled, clients behind a 700/1400 appliance are unable to reach a POP3 mail server outside the Gateway. In such a scenario, the client receives packets containing a bad TCP checksum.
SMB-9711 Locally managed appliances do not support subordinate certificates. Resolved in R77.20.80 for *.P12 files only. For .crt files, refer to sk157413.
SMB-9837 The "Force Member Down" button does not work in a local cluster configuration when the internet connection interface is set to "Monitored" and the cluster members do not have similar internet connection names.

Workaround: Rename the internet connections so they are the same for both cluster members.

SMB-9427 In specific scenarios, the WebUI did not load properly on Internet Explorer 11, Windows 7.
SMB-9312 IKEv1 aggressive mode does not work in HFA85 and HFA86
SMB-9204 Added a new advanced option in locally managed appliances ("Connection Persistence") which prevents VPN disconnections after changing any VPN-related configuration. Refer to sk155352
SMB-9377 Implemented a stronger admin password hash algorithm than the one present in version R77.20.85 and higher. See sk155172.
SMB-9352 When a WAN-LAN bridge is configured, infected hosts do not appear in reports.
SMB-9232 The user cannot configure gateway load thresholds in the WebUI. Applying threshold settings results in an "Unknown field" error.
SMB-9227 Added a CLI option for "keep-connections-open-after-policy-installation" for UDP/TCP services.
SMB-9759 New Advanced Settings option: "IPS engine settings - Allow protocol unknown commands" Normally, the IPS engine blocks protocols (e.g. POP3, IMAP,...) commands that it does not recognize. When the advanced setting is set to "true", IPS allows the traffic.
SMB-9710 MEP is not supported in Remote Access VPN.
SMB-9621 Added support for the sicRenewal tool to re-create the SIC certificate. For more information, see sk158333.
SMB-10549 Read-only and networking admins do not have permissions to create a mobile invitation.
SMB-9926 Improved detection of the correct USB cellular modem serial interface when there is more than one interface available.
SMB-10581 Drag and drop of SSL inspection exceptions is not supported. Resolved in R77.20.87 Jumbo Hotfix.


Revision History

Show / Hide revision history

Date Description
18 August 2019 First release of this document

Give us Feedback
Please rate this document