Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Naftali_Oziel
Collaborator

R77.20.87 build 3042

Curious if anyone installed the r77.20.87 B3042?   

 

Any observations ?

0 Kudos
16 Replies
G_W_Albrecht
Legend
Legend

Yes i did - no observation yet 😎!  As this is from sk165875: Check Point Response to CVE-2020-8597 (PPP buffer overflow vulnerability) i think it a good idea...

0 Kudos
Naftali_Oziel
Collaborator

Agree, had B3004 prior but encountered core during navigating of the GUI, not all the time.  I do local management so wondering if this is an issue you ever encountered?

0 Kudos
G_W_Albrecht
Legend
Legend

I will uninstall it now - look what it did to me:

0 Kudos
Naftali_Oziel
Collaborator

Thanks for sharing, is yours local or central managed? 

0 Kudos
G_W_Albrecht
Legend
Legend

730 locally managed.

0 Kudos
Naftali_Oziel
Collaborator

which one did you revert back to?  I will monitoring and if needed go back to B3034

0 Kudos
G_W_Albrecht
Legend
Legend

I had a hard time returning to the stable R77.20.87 (990173004) firmware ! I tried to upload the firmware for install in vain as the update process was failing every time. I then managed to do the revert using CLI which is quite easy !

# pfrm2.0/opt/fw1/bin/firmware_ver.sh
Usage: firmware_ver.sh [-d   |-r|-v]
        -d : Download from given URL to given path and verify checksum
        -r : Revert to saved image
        -v : Display firmware versions

I currently have:

[Expert@seven-eleven]# pfrm2.0/opt/fw1/bin/firmware_ver.sh -v

77 20 87 990173004 /dev/mtd2 77 20 87 990173042 /dev/mtd4

The first one shown is active, and "Revert to saved image" installs the older firmware shown on the right hand while keeping the current configuration - pretty simple...

Naftali_Oziel
Collaborator

Did the firewall prevent you from doing revert to previous firmware (config stays the same) from GUI?  vs. uploading the B3004? 

0 Kudos
G_W_Albrecht
Legend
Legend

No, in fact i used CLI as the WebGUI did not work anymore at that time, but ssh did...

0 Kudos
Naftali_Oziel
Collaborator

Glad you were able to resolve and never used the CLI to revert back the previous firmware.   I'll have to check the syntax to do so.  

I've had mine running on B3042 for 9 days and used it to login into GUI for a few changes.  Am using the 1490 w/some blades enabled IPS, Anti-bot, APP/URL, though for APP/URL have no policy defined using more so for reporting capture.  

How long did you have your firewall with this firmware before it gave you the issue?  wondering if it's environment specific issue or build itself? 

0 Kudos
Naftali_Oziel
Collaborator

 I believe I've head issues with 700 devices every 2-3 days that they can experience a hang due to a ted_local_db file size is huge?  Believe it's related to threat emulation.  again, not sure but worth finding out from TAC.   Believe this issue was presented in the later builds after B3004.  

Appreciate you keeping me in the loop and pls continue to do so.  I'll be closely monitoring my firewall.   

 

0 Kudos
G_W_Albrecht
Legend
Legend

Just after installing the firmware, i had frequent autonomous reboots until i reverted (see above). This is a Lab GW for testing only, but it uses IPv4 and IPv6 for WAN with not much traffic...

0 Kudos
Naftali_Oziel
Collaborator

Are you opening a TAC for this?

0 Kudos
Naftali_Oziel
Collaborator

There is a new build fw1_sx_dep_R77_990173054_20.    You'll have to open a case and got this based on sk167693.   Am sure it has other fixes outside of what is documented.

0 Kudos
G_W_Albrecht
Legend
Legend

No need - Relevant only for SMB appliances that run firmware versions below R77.20.81 (inclusive) and R80.20.01 (inclusive) sk167693.

990173004 has no issues or reboots so i keep this version 😎

 

0 Kudos
Naftali_Oziel
Collaborator

Correct, I took the hotfix as it contains more fixes than advertised for the SK.   Unfortunately B3004 has not been very stable.

0 Kudos