- Products
- Learn
- Local User Groups
- Partners
- More
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Ask Check Point Threat Intelligence Anything!
October 28th, 9am ET / 3pm CET
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
In sk165875: Check Point Response to CVE-2020-8597 (PPP buffer overflow vulnerability) we found the latest 77.20.xx firmware builds for SMB appliances - but now in response to DNSpooQ (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685), CP TAC provided fixed versions also for older models (2021-02):
With sk176148: Check Point response to CVE-2021-26414 - "Windows DCOM Server Security Feature Bypass" customers using MS DC/AD received fixed firmware versions that are available from TAC only (01-Nov-2021):
Trying to get it now.
let me know how it goes.
The supporter doesnt find anything newer than 3072 for 1400 or 2500 for 1100...
You need to advise them you're looking for the custom build as advised on website associated to SMB's I provided you. They will than talk to a Sr. tech and provide you with a link to download it. It's there and available. I've ran into that same issue in the past with Tier 1 support, checkpoint needs to improve training for those folks.
Do you have any of the issues fixed in the custom build ? Or why is a build > R77.20.87 (990173072) necessary ?
unfortunately site is not allowing me to repost the fixes for B3077, they are listed on page 1.
I see no immediate need for this version as long as i do not have one of the resolved issues ! If i have one of these, i can always get it from TAC - but a prefer a version without reboots every week 8)
makes sense. Are your reboot still happening with B3072? This weekend am testing to see how well it holds up after 30 days and logging into GUI if it cores or not.
Currently no frequent reboots 8), but i remember a firmware version i do not want to speak of....
There is new exciting JHF released: 990173081
Yes, including the fix for DNSPooQ on internal (LAN, Wi-Fi) networks.
It is removed from the JHFA again and it did contain the old dnsmasq, I guess tehre will be another one soon.
Did anyone install B3083 yet?
yes seems fine
Updated with new versions in response to DNSpooQ
Removed 1200R SmartUpdate package.
Hi everyone,
Since I've upgraded my SG750 with the latest build (3083), the gateway is constantly having memory leaks and needs rebooted within 2 weeks. Anyone else having this issue?
Thanks.
I do not - but i have a Lab 730 without a workload...
I have build B3083 on my CP1400 and it had it's issues were I needed to reboot the device monthly otherwise, when I would log into the GUI and navigate the logs or anything it would core and restart the sfwd. So rebooting it monthly is a workaround. Was given a custom build B3105 and while it should promising results, the GUI core still occurs so back with R&D. Hopefully one day before am out of support in 2024 they will get it right.
Point here, open a TAC and see if there is a custom firmware and maybe you'll have better results. As B3083 is very buggy.
Thanks for the reply. Ok, I figured I couldn't be the only one with issues. I'm not doing anything crazy with it either. Using it at home (disabled wifi) with DHCP, and using an Asus wireless router plugged into the LAN port for all my wireless devices.
For the meantime, I flashed it back to B2960 just to keep it stable.
I'll go ahead and contact TAC about the issue and see if they have a newer build.
Thank you.
Definitely not you, i am also using it at home with basic setup, only logging what is required and only using the IPS and antibot. Have the App control, URL disabled and antivirus disabled found those to be more problematic than useful so I use DNS entry that controls the URL sites for virus/malware. shame as it's a powerful box but software is buggy.
I though this https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.DCFileAction&eventSubmit_d... is the latest official build (2913).
yes and no. different branch to only address the wifi vulnerability nothing more. All other fixes are sitting on custom firmware and have it B3105. As I understood by TAC they are to bring it all to the same branch level so unclear why they did this? it's just as buggy.
Ok so 3105 (where can I get it) is the continuation of the jumbo branch?
it's custom firmware and believe it's to the jumbo branch and next GA should have all wifi fixes incorporated and other stuff but ETA unknown. Open a TAC and request it, they will send you a link to d/l.
OK thanks
I am told R77.20.87 990173120_20 is the latest release. Would this be a reliable choice for an SMB 1450 non-wifi appliance?
Yes this is the latest GA release per: sk153433: Jumbo Hotfix Accumulator for R77.20.87
(sk176148 also notes R77.20.87 build 990173127 for 700/1400.)
There is another firmware but it's custom build B135 that addresses issues with watchtower and am sure other minor tweaks that are never disclosed. Call into TAC for a copy.
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
4 | |
3 | |
3 | |
2 | |
2 | |
2 | |
1 | |
1 | |
1 |
Wed 22 Oct 2025 @ 11:00 AM (EDT)
Firewall Uptime, Reimagined: How AIOps Simplifies Operations and Prevents OutagesTue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewWed 22 Oct 2025 @ 11:00 AM (EDT)
Firewall Uptime, Reimagined: How AIOps Simplifies Operations and Prevents OutagesTue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewWed 05 Nov 2025 @ 11:00 AM (EST)
TechTalk: Access Control and Threat Prevention Best PracticesAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY