This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
G_W_Albrecht
Legend Legend
Legend
‎2019-08-19 01:36 AM

R77.20.87 Jumbo Hotfix Accumulator

They did it again - in addition to sk151574: R77.20.87 for Small and Medium Business Appliances, we now have the fresh new sk153433: R77.20.87 Jumbo Hotfix Accumulator with the new firmware image Build 2960.

Nice to have a new build and a list of resolved issues - but for what reason name it Jumbo HF (which it is not, just a plain installation image containing fixed components) ? Or will R77.20.87 stay as a kind of final version for 7x0/9110/14x0 models that will get updated this Jumbo HF way from now on ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
32 Replies
HristoGrigorov
Mentor
Mentor
‎2019-08-19 11:47 PM

I think the answer is hidden in this sentence: "This Incremental Hotfix and this article are periodically updated with new fixes."

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2019-08-19 11:50 PM
In response to HristoGrigorov

Yes, i did read it - but this is not a Hotfix, but a (some bugs fixed) firmware image. But i do not like this terminology here because - technically speaking - it is just wrong... Sounds like a marketing McGuffin - we now even have a Jumbo for SMB appliances (broad smile) !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
HristoGrigorov
Mentor
Mentor
‎2019-08-19 11:59 PM
In response to G_W_Albrecht

Yeah, sounds a bit funny to have JHF for SMBs 🙂 But I think this comes from the CheckPoint internal development process for releasing hotfixes and it is more or less unified for all kind of devices. Only the way it is delivered is different. 

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2019-08-20 12:07 AM
In response to HristoGrigorov

I see a basic difference between them - a current CPUSE HFA / Jumbo contains fixed software pieces (e.g. rpms, scripts, binaries) and a lot of installation intelligence. The R77.20.87 Jumbo Hotfix Accumulator is a (sequence of) new firmware image(s), nothing else.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
Legend
Legend
‎2022-01-09 06:14 PM
In response to G_W_Albrecht

Ah yes, good old "terminology"...I hear ya brother ; - )

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2019-08-20 12:09 AM

Some time ago i gave feedback in sk156192 TCP SACK PANIC requesting a link to the - available - SMB firmware version. Now it has been updated as follows:

SMB (700/900/1400) - R77.20.87 Jumbo Hotfix Accumulator- Build 2960 (and higher).

SMB (600/1100/1200R) - Contact Check Point Support to get a Hotfix for this issue. A Support Engineer will make sure the Hotfix is compatible with your environment before providing the Hotfix.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Pedro_Espindola
Advisor
‎2019-08-22 09:57 AM

Did anyone here test build 2960? Is it good? Can I move from 2929 with no worries?

0 Kudos
HristoGrigorov
Mentor
Mentor
‎2019-08-22 11:37 AM
In response to Pedro_Espindola

I run it for few days already. It is super stable for me. Centrally managed cluster of 1470s.

0 Kudos
Pedro_Espindola
Advisor
‎2019-08-23 09:56 AM
In response to HristoGrigorov

Great! Thanks

0 Kudos
Greg_Harbers
Collaborator
‎2019-10-10 04:28 PM
In response to Pedro_Espindola

FYI,

I have been supplied build 965 of R77.20.87.

This was to fix an issue where the defined proxy port was being overwritten by a default port of 8080. It is running on at least 4 devices currently without issue.

 

0 Kudos
HristoGrigorov
Mentor
Mentor
‎2019-10-10 08:05 PM
In response to Greg_Harbers

Latest available for download is R77.20.87 Build 990172972 but there is no info what was changed.
PhoneBoy
Admin
Admin
‎2019-08-25 07:34 PM

A version increase usually implies new features and functionality whereas a jumbo hotfix is just bugfixes.
In the case of SMBs, there really isn't a "patch" mechanism like on non-SMB gateways.
As such, we have to distribute patches as a new firmware image.
We did the same thing in IPSO, using the "FCS" or "Build" moniker to differentiate within the same version.
G_W_Albrecht
Legend Legend
Legend
‎2019-08-25 10:52 PM
In response to PhoneBoy

Not only IPSO was  distributed that way, but also the predecessor of GAiA Embedded running on Safe@Office / Edge appliances called Embedded NGX. We also had the separate bootloader and ADSL firmware files in Embedded NGX. But installation was only possible using TFTP 😞...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin
‎2019-09-03 09:05 AM
In response to G_W_Albrecht

Modern-day SMB appliances have a similar bootloader, but it can be loaded via USB.
0 Kudos
Steffen_Appel
Advisor
‎2019-10-17 11:15 PM

Now the reason became obvious, R80.20 for SMB is out (https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...), but it does not support the 1400, but they willstay on R77.20 - not good.

0 Kudos
PhoneBoy
Admin
Admin
‎2019-10-21 01:37 PM
In response to Steffen_Appel

You are correct that we are not planning to release R80.20 SMB code for the 700/1200R/1400 appliances.
R77.20.87 will continue to be supported and receive bugfixes for the 700/1200R/1400 appliances per our Support Lifecycle Policy.
0 Kudos
Greg_Harbers
Collaborator
‎2019-10-21 01:48 PM
In response to PhoneBoy

I have got to say, that is cr*p. We have customers who have been purchasing 1400 series appliances to be centrally managed and that one day the R80.x features like layered policies etc would be available. At CPX earlier earlier this year it was indicated that it was planned for by the end of 2019. Now as the year draws to a close you are telling all of your customers who have purchased these that they have bought a lemon.
HristoGrigorov
Mentor
Mentor
‎2019-10-21 08:39 PM
In response to Greg_Harbers

I believe the release of R80 only for the new SMB line is purely for marketing and support reasons because technically they are not that much different than the current 1470/1490 one. These devices will always be with a short support period. 

I do not have the CPX presentation around here to check but I remember it talked about R80 for SMB not promising that it will be the 14** series that will get it. Might be wrong actually. 

But let's face it. If you really need layered policies, multi-core support and so on then it is likely that you have traffic that requires more powerful appliance then what SMB is offering. And the performance stated by CheckPoint for the SMB line is a bit more than what they can really handle. 

Don't get me wrong here. I support that the lack of clear statement when and for what devices R80 will be released brought some confusion. But I am happy with the current firmware and so far R80 for SMB does not offer that much more to really want to upgrade.

Steffen_Appel
Advisor
‎2019-10-23 02:35 AM
In response to HristoGrigorov

One open question is, when the 1400s will go end of sale.

 

 

Steffen_Appel
Advisor
‎2019-10-23 05:24 AM
In response to PhoneBoy

Per https://community.checkpoint.com/t5/SMB-Appliances-and-SMP/Gaia-Embedded-R80-10/m-p/3434#M3 it was planned for 700/1400.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2019-10-21 05:10 AM

Now all is becoming much more unclear - a new firmware has been released, R77.20.87 Build 990172972 for 700/900/1400 Appliances. But there is neither any documentation about this build nor is it listed under R77.20.87 Jumbo Hotfix Accumulator- so i really do not know what to think about this...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
HristoGrigorov
Mentor
Mentor
‎2019-10-21 05:15 AM
In response to G_W_Albrecht

Come on... 🙂 This is an old story. Sometimes JHAs made to fix particular problem(s) for particular customer(s) make their way to download server. Like mine here:

# ver

This is Check Point's 1470 Appliance R77.20.87 - Build 973

 

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2019-10-21 07:04 AM
In response to HristoGrigorov

Not so very old story - as there is no documentation at all and new firmware versions should be included in sk153433: Jumbo Hotfix Accumulator for R77.20.87 page!

> This is Check Point's 1470 Appliance R77.20.87 - Build 973

This is not available by the CP download server.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2019-10-29 03:21 AM
In response to G_W_Albrecht

Another strange error in the R77.20.87 Jumbo Hotfix Accumulator page is in resolved bugs listed as Available in Private Builds only. See SMB-9759 New Advanced Settings option: PS engine settings - Allow protocol unknown commands. This Advanced Setting is already available in R77.20.87 (990172960), so we need no private build to use it. I have given the fitting feedback...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Naftali_Oziel
Collaborator
‎2022-01-08 06:27 AM

Anyone tried the latest jumbo fix r77.20.87 build 120 ?  

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2022-01-09 12:51 AM
In response to Naftali_Oziel

Not me, still happy using 990172913.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Naftali_Oziel
Collaborator
‎2022-01-09 01:33 PM
In response to G_W_Albrecht

Thanks will give it a bit to see if any issues are reported.   After all CP1400/700 after Oct-2022 will no longer receive any firmware updates (jumbo fixes) as its EOL.   EOS is good until 2024 if you have the subscription to that time period. 

 

If I don't see much of reported issues, will install and try to stay to latest with my issues having with GUI coring but after disabling antibot blade seemed to make a huge difference of that issue not reoccurring.  So something is with that blade affecting memory.  Anyhow, thanks for the response.

0 Kudos
nmelay
Collaborator
‎2022-01-19 12:17 PM
In response to Naftali_Oziel

Not yet, but I will.

The previous public build (990173083) has an annoying bug with the cluster wizard.
If you don't complete the wizard or cancel it, next time you come back, the Configure Cluster button is broken, and you can't start the wizard again.
Nothing I tried could fix this, backup/restore to a new unit even brought the issue in.
TAC's solution was to upgrade to a later private build, which at first seemed to fix the issue, but really only reset the wizard's state.
Learned it the hard way when I (re)scheduled the cluster setup with my customer, checked remotely the day before that the wizard button was OK, did not cleanly disconnect, then could not use it again on D day...

Also, the same units were highly unstable for a while, which was seemingly due to running the DHCP service for a /23 network.
(What pointed me to this direction was ugly errors in the DHCP log, and an UI bug which forbid using a 192.168.0.A to 192.168.1.B range with B lower than A).
I did not really investigate it, moved the DHCP service back to the NAS where it was running before, and they've been stable since then.

I like seeing things like "General stability fixes and performance improvements" in a changelog.
Let's hope this new build lives up to it.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events