Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Amir_Ayalon
Employee
Employee

R80.20.35 JHF

Jump to solution

Hi All

We released R80.20.35 Jumbo Hotfix for SMB 1500\1600\1800 Appliances
The Release includes stability Improvements and Security Enhancements

Security enhancements
  • Update SSL Inspection CA list
  • Improved handling of large CRL's
  • Allow VPN Aggressive Mode with any cypher on locally managed GW's
  • Aggressive Mode support Diffie-Hellman 20 and 19 groups in locally managed GW's
  • Add "authtype cryptographic" option to OSPF CLI
  • Add Re-initialize certificate command from SMP
  • Enable Light SSL on bypassed traffic when SSL inspection is on
  • VoIP - added FW rule when users uses case #5 configuration

Stability improvements
  • Portfixes from R80.20 JHF that includes:
     o SSL Inspection performance improvement
     o VPN memory leak
     o SSL Inspection memory leak
  • Fix rare sfwd crash due to corrupted log
  • Fix rare scenario which might eventually leads to reverts to factory defaults.
  • Fix rare Multicast traffic crash
  • Fix rare WiFi-related memory corruption
  • Fix internal error which might occurs with WAN link aggregation
  • Fix issue that Bond cannot be edited
  • Increase tmp and fwtmp sizes in 1600/1800
  • Improved Backup - Restore from R77 to R80.XX

LTE Related fixes
  • Fix rare LTE connectivity issue when working with Verizon
  • Fix rare vmcore created when cellular connection keeps flapping
  • Fix AT&T carrier package handling

For additional info and download links, please visit sk174683

1 Solution

Accepted Solutions
Chris_Atkinson
Employee
Employee

No, not necessarily though R81.X alignment is planned.

View solution in original post

8 Replies
Ted_Serreyn
Collaborator

Any chance on releasing patch numbers so we could import these ourselves into a Quantum Gateway management instance aka SMP?

0 Kudos
Amir_Ayalon
Employee
Employee
  • 14 December 2021: R80.20.35 Build 992002577 for 1500/1600/1800 appliances is the latest General Availability release that can be downloaded directly from this article. It replaces Build 992002467.   

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos
Ted_Serreyn
Collaborator

Yes, I was looking for the file id numbers to be posted.  Since this appears to be what is required to import to a SMP Quantum Spark Management instance to upgrade the file.  I know how to get this file id, but I was expecting it to be a bit more easily obtained.

0 Kudos
G_W_Albrecht
Legend
Legend

News in sk174683:

  • 10 February 2022: These are the latest General Availability releases that can be downloaded directly from this article. They replace Build 992002577. Refer to the "Revision History" section for older versions.  
    • Build 992002613 for 1500 appliances
    • Build 992002614 for 1600/1800 appliances

sk159772 lists as resolved issues:

Networking
 
SMB-16800
RTP traffic may be dropped with this message displayed: "CPAS: failed to init streamh"
R80.20 GA
R80.20.35 JHF Build 2613
 
SMB-16992
The appliance responds to TCP/5060-5061 connections even though no explicit SIP rule exists in the incoming policy.
R80.20GA
R80.20.35 JHF Build 2613
 
Application Control
 
SMB-16846 Websites that are set to blocked by URL categorization may not be blocked the first time they are accessed.
R80.20GA
R80.20.35 JHF Build 2613
 
But sk159772 also lists new issues encountered first in R80.20.35 JHF Build 2613:
 
SecureXL
SMB-17073 Internal traffic for which the source and destination are both bridges is dropped when SXL is enabled.
R80.20.35 JHF Build 2613
-
 
Access Policy
SMB-16848 Using dynamic objects in the firewall policy may cause general system errors.
R80.20.35 JHF Build 2613
-

 

CCSE CCTE SMB Specialist
0 Kudos
Steffen_Appel
Advisor

Does the availibility of a JHFA for mean, that (like r77.20.87) the branch will not be followed further and that r80.20.35 will be the last release in that branch and the next release will be R81.X?

Chris_Atkinson
Employee
Employee

No, not necessarily though R81.X alignment is planned.

Steffen_Appel
Advisor

Ok thank you!

0 Kudos
G_W_Albrecht
Legend
Legend

This is a SMB issue - we always deal with new firmware versions, but often they are called JHF:

sk167876   Jumbo Hotfix Accumulator for SMB R80.20.05
sk167012   R80.20.10 for Quantum Spark Appliances
sk168333   Jumbo Hotfix Accumulator for SMB R80.20.15
sk170534   Jumbo Hotfix Accumulator for SMB R80.20.20
sk171824   R80.20.25 for Quantum Spark Appliances
sk173185   R80.20.30 for Quantum Spark Appliances
sk174683   R80.20.35 for Quantum Spark Appliances

CCSE CCTE SMB Specialist
0 Kudos