Support Center > Search Results > SecureKnowledge Details
R80.20.10 for Small and Medium Business Appliances Technical Level
Solution

Table of Contents

  • What's New
  • Supported Appliances
  • Downloads
  • Resolved Issues
  • Known Limitations
  • Documentation
  • Revision History 
Important Note: This may not be the latest firmware release. To see the latest firmware release, refer to sk97766.

What's New

VPN Remote Two-Factor Authentication via SMS (Locally Managed)

  • Extra layer of security to prevent unauthorized access to your system.
  • Two factor user authentication with username and password, plus an authorization code sent via SMS.

Geo Protection (Locally Managed)

  • Select a specific country as a source or destination for any firewall rule.

Default Firmware definition

  • Set a specific firmware as the factory default firmware instead of the one set as part of the production line.

SMP Cluster Management

  • Configure a cluster in which both SMB Security Gateways are managed by SMP.

POP3s Email Inspection Protocol

  • Inspect TLS encrypted POP3 protocol.

LTE APN Configuration

  • Set a user and password to use a cellular SIM card according to the cellular carrier policy.

SNMP Traps for VPN Tunnels

  • Provide better monitoring of VPN permanent tunnel status and alert users when VPN tunnels go down.

Internet Link Quality Enhancements

  • Configure each internet configuration link quality separately.
  • LTE internet connection link quality default thresholds are less strict to fit the nature of the LTE connection.

Hardware Sensors SNMP Trap

Supported Appliances  

  • 1500 Series: 1530, 1550, 1570, 1570R, and 1590 appliances.

Downloads

  • Check the MD5 string before installing the downloaded file.
  • To download these packages, you will need a Software Subscription or Active Support Plan.
  • 21 September 2020: Build 1491 for R80.20.10 image has been released for 1500 appliances, replacing Build 1433.
  • Build 1491 includes stability and memory management enchantments. We recommend that all users who are experiencing stability issues install this build.
Download
Package
1500 Appliance
R80.20.10 Build 992001491 for 1500 appliances
1500 appliance package R80.20.10 build 992001491 for R80.20 SmartUpdate     

Resolved Issues

ID Description 
Build 1491
SMB-13015 When using "Hide internal networks behind the Gateway's external IP" in addition to a destination NAT for a server behind the gateway, the connection is routed incorrectly.
SMB-13006 In 1500 appliances, users are not shared from the PEP to PDP in Identity Awareness.
SMB-13031 Potential NAT issues occur when you use "Hide internal networks behind the Gateway's external IP" with a destination NAT due to route change.
SMB-13120 The rule numbering is incorrect for the last rule (cleanup rule "any,any.accept").
For example if you have 5 rules, the traffic that matches rule 5 is logged with rule number 6.
SMB-13077 When you configure a Geo policy rule with negated objects, the source address in the log is matched to the country in the policy instead of the country of origin.
SMB-12955 In cluster gateways which are managed as part of an LSM cluster profile, implied rules are not enforced correctly. This may lead to one of the cluster members being down.
SMB-13013 In locally-managed 1500 appliances, a leak in kernel memory may cause out-of-memory to occur when POP3 Anti-Virus/Threat Emulation inspection is enabled. 
SMB-12961 After an upgrade to R80.20.05 and higher, mail send/receive over POP3S operation frequently times out.
SMB-13319 Remote access clients fail to connect with a PFX file that contains multiple CRLs.
SMB-13276 Every time "dsa_rcv: Got invalid source port" is seen in the kernel logs (dmesg), a small kernel memory leak occurs. This may eventually result in out-of-memory and a reboot of 1500 appliances. 
SMB-13002 In 1500 appliances, you cannot add services to the "Web Browsing" Service group because no spaces are allowed in the service group name.
SMB-13183 Applying user or user group objects in Threat Prevention exceptions is possible but not supported.
SMB-13230 On 1500 appliances, NAT is not done correctly for VoIP SIP traffic from an external PBX to phones in the internal network. This issue was solved in R80.20.10 Jumbo HF.
SMB-13100 A rare memory corruption may lead to unexpected reboots on 1500 appliances.
Build 992001433
SMB-11786 Enhancement: Added the ability to automatically renew the SIC certificate before it expires.
SMB-12332 Missing icons in the Security Logs page which is part of the appliance portal.
SMB-12284 The first attempt to fetch policy from the LSM server may fail.
SMB-12734 SIP does not work with non-standard ports (ports other than 5060).
SMB-12786 Creating a server object and network object with the same name is not allowed, but succeeds with an error message "00351" if you use one of the objects in an access rule.
SMB-12100 Connectivity failures occur when the internal network is configured in bridge mode and the IP address is assigned to one of these bridge types: LAN port or multiple LAN ports + wireless interface(s), LAN port(s) + WAN.
SMB-12588 In 1530/1570 appliances with a valid licence, an SNMP query fails to get CPU and memory stats.
SMB-12721 Use of the SNMP to collect serial numbers is not supported in 1500 devices.
SMB-12288 When the user opens the Device Details page in the WatchTower application, a gateway permission error appears.
SMB-12604 In appliances running R80.20.05 firmware in locally-managed mode, direct connections to the appliance (e.g. SNMP) might be rejected even when an Incoming policy rule is defined for the relevant service.
SMB-12923 In centrally managed mode: If you use SmartProvisioning to configure 802.1q VLAN interfaces on a base LAN interface which has no IP address configured on it, those interfaces may become disabled.

In addition, if you use SmartProvisioning to configure several static routes, some static routes may be deleted.
SMB-12426 The administrator can not log in to the WebUI after logging out multiple times while browsing the Active Devices page.
SMB-12798 A Threat Prevention exception for an attachment specified by the MD5 of the file does not work for POP3 connections and the email is blocked.
SMB-12431 If you change the MAC address of a port (MAC clone), it reverts back to the previous address after a reboot.
SMB-12723 In a specific scenario for 1500 appliances running version R80.20.05: When emails are inspected in the SMTP protocol (Anti-Spam or Anti-Virus), the appliance may reboot due to a kernel panic.
SMB-12643 If you add a NAT rule which uses the Web Browsing service, this error message appears: "Error has occurred while applying the NAT setting."
SMB-12733 When you create an internet connection with a static IP, the default gateway field does not appear in the WebUI if the appliance's DNS servers are configured manually.
SMB-12742 SIP does not work when the "call id" field (usually generated randomly) of the SIP packets includes the IP address of the phone.
SMB-12555 Outgoing VPN traffic is blocked by APPI due to wrongfully applied policy.
SMB-12358 VoIP rule supports the following for the service column:
  1. SIP_UDP built-in service.
  2. Custom-service based on the SIP_UDP service (has SIP_UDP as protocol-type).
  3. Service Group that contains (1) or (2).

Known Limitations

ID Description
SMB-11641 Static routes and source based routing are fully supported, but service based routing does not work on all 1500 appliances.
SMB-12802 L2TP does not work when two-factor authentication is turned on.
SMB-13645 Access policy rules with Updatable Objects are not enforced correctly on SmartLSM SMB Security Gateways.

Documentation

User Guides
1500 Appliance Series R80.20.10 Release Notes
1500 Appliance Series R80.20.10 Locally Managed Administration Guide ( English / Japanese )
1500 Appliance Series R80.20.10 Centrally Managed Administration Guide ( English / Japanese )
1500 Appliance Series R80.20.10 Locally Managed Help (Japanese)
1500 Appliance Series R80.20.10 Centrally Managed Help (Japanese)
SMB 1500 Appliance Series R80.20.10 CLI Reference Guide
Related Solutions
sk97766: Check Point 600 / 700 / 910 / 1100 / 1200R / 1400 / 1500 SMB Appliances Releases
sk165734: Small and Medium Business Appliances R80.20
sk159173: Check Point R80.20 for Small and Medium Business Appliances
sk157412: 1500 Series Security Gateways
sk166654: Check Point 1570R Ruggedized Appliances
sk159772: Check Point R80.20 for 1500 Appliances Features and Known Limitations
sk165936: Small and Medium Business Appliances R80.20 Resolved Issues
sk163612: R80.20.01 for Small and Medium Business Appliances
sk165454: R80.20.02 for Small and Medium Business Appliances
sk164912: R80.20.05 for Small and Medium Business Appliances
sk167876: Jumbo Hotfix Accumulator for R80.20.05

Revision History

Show / Hide this section
Date Description
21 September 2020 Release of Build 992001491 (GA Replacement)
16 July 2020 First release of this document (Build 992001433)

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment