- Local User Groups
Welcome to CheckMates
Journey to the Cloud with Confidence!
Webinar: Wed 10 June @ 8am PT | 11am ET
I am Gil Shwed
Ask Me Anything!
for working from home
APT41 and Living Off The Land
what do you mean with jumbo hotfix? Did Check Point provide a newer build of R77.20.85? We are experiencing a similar problem with Gaia Embedded and R&D is still investigating.
Yes, it is new R77.20.85 build.
I notified guys from R&D I worked with about your question. I hope they will reply to you here.
Hristo was helping us during the last days to detect the issue and we provided him a possible fixed image on top R77.20.85 that seems to solve the issue.
We're currently working to make sure this image can be provided to all customers ASAP (QA cycle, automation..).
Keren Greenblat -
SMB Field Solutions Team Leader.
Hi Karen can we confirm this fix was also validating the slow GUI response for standalone. There has been cases reported to this and the two may have correlation due to the high cpu load.
Agreed and simply highlighting to make sure QA covers all validation as the high CPU was not just on cental managed devices but local as well
I do have the information that one customer got rid of high CPU load on locally managed SMB after upgrade to R77.20.85 - so what is true for one user / one model / one production environment must not be true for others 🙂
I recommend that you open SR about the GUI issues you are experiencing. It is the right way to bring CheckPoint attention on it. This case was exceptional and brought directly to R&D's attention because it was totally preventing us from running the build in production environment. What I call "showstopper" case. Even so most software divisions won't allow this at all.
Hereby I want to thank R&D for the quick response and being flexible on investigating and fixing this. It was pleasure working with them.
Thank you everyone, I will test the jumbo fix this weekend first and if issue persist than SR will be initiated. The fact the fix did result positive to a customer on standalone, hoping for the same result. Plus there is already an SR for this w/other customers.
To close this thread:
CheckPoint have already released R77.20.85 build 751 that included fix for the above mentioned performance issue.
Thanks for the info, was hoping to see it updated on the original d/l page as it as still display build 731. I assume you installed this firmware build 751 in your environment and all is good?
build 751 is still available and downloadable. I agree that the firmware upgrade feature on the firewall adds no value. I believe CP has no way to distinguish firewalls with valid subscription vs. out of subscription and hence it never prompts you that a new build is available. That is my two cents, could be wrong.
New firmware versions are announced in CP UserCenter and in Embedded GAiA WebGUI. CPUSE on GAiA appliances is a very different engine and ecosystem that does not include SMB devices!
To "believe that CP has no way to distinguish firewalls with valid subscription vs. out of subscription and hence it never prompts you that a new build is available" is both very wrong and building maybe on a great lack of experience - i have seen the message that there is a new firmware available on SMS rather very often during the last years 😉
No lack of experience my friend, simply providing facts as it relates to me hence the statement I believe. I've been with CP since 96 and evolved with there echo-system on different platforms.
For the rare times SMB displays new firmware, I still have fingers left to count with. Consistency for this functionality to alert on new firmware needs to be improved. Again there may be a reason for this behaviour vs. design. My devices are still stating build 541 on r77.20.81 is up to date. Appreciate the feedback and glad to see the firmware functionality is working to your desired expectation.
I can still see it and download it even in a different browser.
I suggest you steer clear of this build until it is actually documented. Remember what happened to me and build 701, which should not have been available.
That's because you are not blacklisted. May be only EU is
But you are certainly right. And I wonder how it happens that non-GA build slips through and appears on download page.. second time now.
Keren indicated build r77.20.85 build 751 is still going QA cycle and in a few days to be released, unclear if it's going to be a different build or same? Keren Greenblat are you able to clarify?, Appreciate it, as always.
Now that you've been running with build 751, has it been stable for you? also if you ssh into the box and do the top command do you notice any zombies processes, just curious.
Yes, build 751 is very stable for me and also performance is good. I keep an eye on 'top' from time to time and haven't noticed any zombie processes. But notice that my one is centrally managed while I think yours is not.
Noticed today that I have 5 zombies and all are related to HTTPD, looking at the ps aux it shows zero memory/cpu. Anyone else seeing zombies?