Yes, i did read it - but this is not a Hotfix, but a (some bugs fixed) firmware image. But i do not like this terminology here because - technically speaking - it is just wrong... Sounds like a marketing McGuffin - we now even have a Jumbo for SMB appliances (broad smile) !

Yeah, sounds a bit funny to have JHF for SMBs 🙂 But I think this comes from the CheckPoint internal development process for releasing hotfixes and it is more or less unified for all kind of devices. Only the way it is delivered is different. 

I see a basic difference between them - a current CPUSE HFA / Jumbo contains fixed software pieces (e.g. rpms, scripts, binaries) and a lot of installation intelligence. The R77.20.87 Jumbo Hotfix Accumulator is a (sequence of) new firmware image(s), nothing else.

Ah yes, good old "terminology"...I hear ya brother ; - )

I run it for few days already. It is super stable for me. Centrally managed cluster of 1470s.

Great! Thanks

FYI,

I have been supplied build 965 of R77.20.87.

This was to fix an issue where the defined proxy port was being overwritten by a default port of 8080. It is running on at least 4 devices currently without issue.

Not only IPSO was  distributed that way, but also the predecessor of GAiA Embedded running on Safe@Office / Edge appliances called Embedded NGX. We also had the separate bootloader and ADSL firmware files in Embedded NGX. But installation was only possible using TFTP 😞...

I believe the release of R80 only for the new SMB line is purely for marketing and support reasons because technically they are not that much different than the current 1470/1490 one. These devices will always be with a short support period. 

I do not have the CPX presentation around here to check but I remember it talked about R80 for SMB not promising that it will be the 14** series that will get it. Might be wrong actually. 

But let's face it. If you really need layered policies, multi-core support and so on then it is likely that you have traffic that requires more powerful appliance then what SMB is offering. And the performance stated by CheckPoint for the SMB line is a bit more than what they can really handle. 

Don't get me wrong here. I support that the lack of clear statement when and for what devices R80 will be released brought some confusion. But I am happy with the current firmware and so far R80 for SMB does not offer that much more to really want to upgrade.

One open question is, when the 1400s will go end of sale.

5/20/2020: https://www.checkpoint.com/press/2019/check-point-revamps-small-and-medium-businesses-security-to-pr...

Per https://community.checkpoint.com/t5/SMB-Appliances-and-SMP/Gaia-Embedded-R80-10/m-p/3434#M3 it was planned for 700/1400.

Come on... 🙂 This is an old story. Sometimes JHAs made to fix particular problem(s) for particular customer(s) make their way to download server. Like mine here:

# ver

This is Check Point's 1470 Appliance R77.20.87 - Build 973

Not so very old story - as there is no documentation at all and new firmware versions should be included in sk153433: Jumbo Hotfix Accumulator for R77.20.87 page!

> This is Check Point's 1470 Appliance R77.20.87 - Build 973

This is not available by the CP download server.

Another strange error in the R77.20.87 Jumbo Hotfix Accumulator page is in resolved bugs listed as Available in Private Builds only. See SMB-9759 New Advanced Settings option: PS engine settings - Allow protocol unknown commands. This Advanced Setting is already available in R77.20.87 (990172960), so we need no private build to use it. I have given the fitting feedback...

Not me, still happy using 990172913.

Thanks will give it a bit to see if any issues are reported.   After all CP1400/700 after Oct-2022 will no longer receive any firmware updates (jumbo fixes) as its EOL.   EOS is good until 2024 if you have the subscription to that time period. 

If I don't see much of reported issues, will install and try to stay to latest with my issues having with GUI coring but after disabling antibot blade seemed to make a huge difference of that issue not reoccurring.  So something is with that blade affecting memory.  Anyhow, thanks for the response.

Not yet, but I will.

The previous public build (990173083) has an annoying bug with the cluster wizard.
If you don't complete the wizard or cancel it, next time you come back, the Configure Cluster button is broken, and you can't start the wizard again.
Nothing I tried could fix this, backup/restore to a new unit even brought the issue in.
TAC's solution was to upgrade to a later private build, which at first seemed to fix the issue, but really only reset the wizard's state.
Learned it the hard way when I (re)scheduled the cluster setup with my customer, checked remotely the day before that the wizard button was OK, did not cleanly disconnect, then could not use it again on D day...

Also, the same units were highly unstable for a while, which was seemingly due to running the DHCP service for a /23 network.
(What pointed me to this direction was ugly errors in the DHCP log, and an UI bug which forbid using a 192.168.0.A to 192.168.1.B range with B lower than A).
I did not really investigate it, moved the DHCP service back to the NAS where it was running before, and they've been stable since then.

I like seeing things like "General stability fixes and performance improvements" in a changelog.
Let's hope this new build lives up to it.