Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
K__P__Kennedy
Employee Alumnus
Employee Alumnus

R77.20.80 for Small and Medium Business Appliances released!

R77.20.80 for Small and Medium Business Appliances 

What's New in Check Point R77.20.80 for SMB Appliances

  • Support additional deployments with ZeroTouch

    • Option to configure Internet connection before ZeroTouch deployment
    • Dynamic change of the default LAN subnet in case of a conflict with WAN IP address (provided by DHCP server), to allow connection to ZeroTouch server
  • Intermediate CA

    • Option to replace the gateway WebUI certificate and VPN certificate with a certificate signed by an intermediate CA
  • Logs management

    • Added an option to configure the gateway to log only outgoing blocked traffic
  • SMP connection

    • Retry mechanism in case of a failure in connection to the cloud services (SMP)
  • Performance and stability fixes

6 Replies
HristoGrigorov

I wonder if the problem with the frequently crashing sfwd process is fixed now....

Aidan_Luby1
Participant

I think sfwd will always have some issues of sorts due to the fact it handles so much on the SMB appliances. I believe this process is unique to SMB appliances and seems to handle a lot all in one process, I also do not think its multithreaded.

If you look at the CheckPoint Processes and Daemons sk you'll see it handles:

  • Logging
  • Policy installation
  • VPN negotiation
  • Identity Awareness enforcement
  • UserCheck enforcement
  • etc.

Some issues I've seen have been related to stuff like the fact some blades will fail to update (namely AV) if the memory usage goes above a certain threshold and it will just keep trying to update while giving sfwd issues. There is lots you can see if you debug sfwd or if you look at the log file ($FWDIR/log/sfwd.elg).

What I find annoying is when sfwd starts having issues I find I often lose vpn's, security log access, and for some reason some https sites break.

I do hope that sfwd is made to be multithreaded with the newer SMB appliances or at least some functions carried out by sfwd are broken into new processes.

HristoGrigorov

Absolutely agree with you!

Btw, build 990172239 of R77.20.75 has stable sfwd process. It is not crashing here at all. But in the builds after that (including R77.20.80 ) it crashes as hell. TAC told me they know about this problem but I have no idea if it is going to be fixed at all.

I have the feeling that CheckPoint is kind of tackling R77.20 because much of the effort of R&D is now dedicated to R80.20 release. 

0 Kudos
Pedro_Espindola
Advisor

Hello Hristo,

About these crashes, are those in a cluster or single appliances?

For me they seem to happen more frequently in locally managed clusters.

0 Kudos
HristoGrigorov

It is centrally managed cluster. May have something to do with that but I believe the real issue is what Aidan already described. 

0 Kudos
Pedro_Espindola
Advisor

Yes, he might be right.

I had an issue a while back in which SFWD crashed for 6 minutes every 1 hour when it tried to check for firmware updates.

Months of investigation resulted in nothing.

One day I saw that despite having NGTP, AppControl blade had a "No license" status. After opening a ticket for the correction in the user center and reactivating the license in the appliance the issue was solved.

I would never have imagined this could be connected, but it was.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events