Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
G_W_Albrecht
Legend
Legend

R77.20.87 Jumbo Hotfix Accumulator

They did it again - in addition to sk151574: R77.20.87 for Small and Medium Business Appliances, we now have the fresh new sk153433: R77.20.87 Jumbo Hotfix Accumulator with the new firmware image Build 2960.

Nice to have a new build and a list of resolved issues - but for what reason name it Jumbo HF (which it is not, just a plain installation image containing fixed components) ? Or will R77.20.87 stay as a kind of final version for 7x0/9110/14x0 models that will get updated this Jumbo HF way from now on ?

CCSE CCTE SMB Specialist
0 Kudos
32 Replies

I think the answer is hidden in this sentence: "This Incremental Hotfix and this article are periodically updated with new fixes."

0 Kudos
G_W_Albrecht
Legend
Legend

Yes, i did read it - but this is not a Hotfix, but a (some bugs fixed) firmware image. But i do not like this terminology here because - technically speaking - it is just wrong... Sounds like a marketing McGuffin - we now even have a Jumbo for SMB appliances (broad smile) !

CCSE CCTE SMB Specialist

Yeah, sounds a bit funny to have JHF for SMBs 🙂 But I think this comes from the CheckPoint internal development process for releasing hotfixes and it is more or less unified for all kind of devices. Only the way it is delivered is different. 

0 Kudos
G_W_Albrecht
Legend
Legend

I see a basic difference between them - a current CPUSE HFA / Jumbo contains fixed software pieces (e.g. rpms, scripts, binaries) and a lot of installation intelligence. The R77.20.87 Jumbo Hotfix Accumulator is a (sequence of) new firmware image(s), nothing else.

CCSE CCTE SMB Specialist
0 Kudos
the_rock
Champion
Champion

Ah yes, good old "terminology"...I hear ya brother ; - )

0 Kudos
G_W_Albrecht
Legend
Legend

Some time ago i gave feedback in sk156192 TCP SACK PANIC requesting a link to the - available - SMB firmware version. Now it has been updated as follows:

SMB (700/900/1400) - R77.20.87 Jumbo Hotfix Accumulator- Build 2960 (and higher).

SMB (600/1100/1200R) - Contact Check Point Support to get a Hotfix for this issue. A Support Engineer will make sure the Hotfix is compatible with your environment before providing the Hotfix.

CCSE CCTE SMB Specialist
0 Kudos
Pedro_Espindola
Advisor

Did anyone here test build 2960? Is it good? Can I move from 2929 with no worries?

0 Kudos

I run it for few days already. It is super stable for me. Centrally managed cluster of 1470s.

0 Kudos
Pedro_Espindola
Advisor

Great! Thanks

0 Kudos
Greg_Harbers
Contributor

FYI,

I have been supplied build 965 of R77.20.87.

This was to fix an issue where the defined proxy port was being overwritten by a default port of 8080. It is running on at least 4 devices currently without issue.

 

0 Kudos

Latest available for download is R77.20.87 Build 990172972 but there is no info what was changed.
PhoneBoy
Admin
Admin

A version increase usually implies new features and functionality whereas a jumbo hotfix is just bugfixes.
In the case of SMBs, there really isn't a "patch" mechanism like on non-SMB gateways.
As such, we have to distribute patches as a new firmware image.
We did the same thing in IPSO, using the "FCS" or "Build" moniker to differentiate within the same version.
G_W_Albrecht
Legend
Legend

Not only IPSO was  distributed that way, but also the predecessor of GAiA Embedded running on Safe@Office / Edge appliances called Embedded NGX. We also had the separate bootloader and ADSL firmware files in Embedded NGX. But installation was only possible using TFTP 😞...

CCSE CCTE SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin

Modern-day SMB appliances have a similar bootloader, but it can be loaded via USB.
0 Kudos
Steffen_Appel
Advisor

Now the reason became obvious, R80.20 for SMB is out (https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...), but it does not support the 1400, but they willstay on R77.20 - not good.

0 Kudos
PhoneBoy
Admin
Admin

You are correct that we are not planning to release R80.20 SMB code for the 700/1200R/1400 appliances.
R77.20.87 will continue to be supported and receive bugfixes for the 700/1200R/1400 appliances per our Support Lifecycle Policy.
0 Kudos
Greg_Harbers
Contributor

I have got to say, that is cr*p. We have customers who have been purchasing 1400 series appliances to be centrally managed and that one day the R80.x features like layered policies etc would be available. At CPX earlier earlier this year it was indicated that it was planned for by the end of 2019. Now as the year draws to a close you are telling all of your customers who have purchased these that they have bought a lemon.

I believe the release of R80 only for the new SMB line is purely for marketing and support reasons because technically they are not that much different than the current 1470/1490 one. These devices will always be with a short support period. 

I do not have the CPX presentation around here to check but I remember it talked about R80 for SMB not promising that it will be the 14** series that will get it. Might be wrong actually. 

But let's face it. If you really need layered policies, multi-core support and so on then it is likely that you have traffic that requires more powerful appliance then what SMB is offering. And the performance stated by CheckPoint for the SMB line is a bit more than what they can really handle. 

Don't get me wrong here. I support that the lack of clear statement when and for what devices R80 will be released brought some confusion. But I am happy with the current firmware and so far R80 for SMB does not offer that much more to really want to upgrade.

Steffen_Appel
Advisor

One open question is, when the 1400s will go end of sale.

 

 

Steffen_Appel
Advisor

0 Kudos
Steffen_Appel
Advisor

0 Kudos
G_W_Albrecht
Legend
Legend

Now all is becoming much more unclear - a new firmware has been released, R77.20.87 Build 990172972 for 700/900/1400 Appliances. But there is neither any documentation about this build nor is it listed under R77.20.87 Jumbo Hotfix Accumulator- so i really do not know what to think about this...

CCSE CCTE SMB Specialist
0 Kudos

Come on... 🙂 This is an old story. Sometimes JHAs made to fix particular problem(s) for particular customer(s) make their way to download server. Like mine here:

# ver

This is Check Point's 1470 Appliance R77.20.87 - Build 973

 

0 Kudos
G_W_Albrecht
Legend
Legend

Not so very old story - as there is no documentation at all and new firmware versions should be included in sk153433: Jumbo Hotfix Accumulator for R77.20.87 page!

> This is Check Point's 1470 Appliance R77.20.87 - Build 973

This is not available by the CP download server.

CCSE CCTE SMB Specialist
0 Kudos
G_W_Albrecht
Legend
Legend

Another strange error in the R77.20.87 Jumbo Hotfix Accumulator page is in resolved bugs listed as Available in Private Builds only. See SMB-9759 New Advanced Settings option: PS engine settings - Allow protocol unknown commands. This Advanced Setting is already available in R77.20.87 (990172960), so we need no private build to use it. I have given the fitting feedback...

CCSE CCTE SMB Specialist
Naftali_Oziel
Collaborator

Anyone tried the latest jumbo fix r77.20.87 build 120 ?  

0 Kudos
G_W_Albrecht
Legend
Legend

Not me, still happy using 990172913.

CCSE CCTE SMB Specialist
0 Kudos
Naftali_Oziel
Collaborator

Thanks will give it a bit to see if any issues are reported.   After all CP1400/700 after Oct-2022 will no longer receive any firmware updates (jumbo fixes) as its EOL.   EOS is good until 2024 if you have the subscription to that time period. 

 

If I don't see much of reported issues, will install and try to stay to latest with my issues having with GUI coring but after disabling antibot blade seemed to make a huge difference of that issue not reoccurring.  So something is with that blade affecting memory.  Anyhow, thanks for the response.

0 Kudos
nmelay
Contributor

Not yet, but I will.

The previous public build (990173083) has an annoying bug with the cluster wizard.
If you don't complete the wizard or cancel it, next time you come back, the Configure Cluster button is broken, and you can't start the wizard again.
Nothing I tried could fix this, backup/restore to a new unit even brought the issue in.
TAC's solution was to upgrade to a later private build, which at first seemed to fix the issue, but really only reset the wizard's state.
Learned it the hard way when I (re)scheduled the cluster setup with my customer, checked remotely the day before that the wizard button was OK, did not cleanly disconnect, then could not use it again on D day...

Also, the same units were highly unstable for a while, which was seemingly due to running the DHCP service for a /23 network.
(What pointed me to this direction was ugly errors in the DHCP log, and an UI bug which forbid using a 192.168.0.A to 192.168.1.B range with B lower than A).
I did not really investigate it, moved the DHCP service back to the NAS where it was running before, and they've been stable since then.

I like seeing things like "General stability fixes and performance improvements" in a changelog.
Let's hope this new build lives up to it.

0 Kudos