R81.20 Jumbo Hotfix Take 26
|
Note - This Take contains all fixes from all earlier Takes. |
ID |
Product |
Description |
---|---|---|
Take 26 Released on 14 August 2023 and moved to Recommended on 13 September 2023 |
||
PRJ-44227, |
Compliance |
NEW: Compliance Blade is enhanced with 5 new Firewall Best Practices:
|
PRJ-44577, |
Internal CA |
NEW: Previously, the Internal CA certificate required manual renewal process. Now it will be automatically renewed one year before its expiration date. |
PRJ-44672, |
Security Management |
NEW:
|
PRJ-44359, |
Security Management |
NEW: Added a new Management API "mgmt_cli show ha-status". It provides synchronization information for the currently active domain.
|
PRJ-44747, |
Security Management |
NEW: Added support for multiple languages in the Change Report. |
PRJ-44421, |
Security Management |
NEW: Added a new field to the output of "mgmt_cli show updatable-objects-repository-content" command. This field displays the object's unique name as it is saved in the updatable objects repository. |
PRJ-43522, |
Security Management |
NEW: It is now possible to add tags to Access rules and sections. A new field "tags" is added to the existing "add/set rule & section" Management APIs . For example:
|
PRJ-44421, |
Security Management |
NEW: Added a new field to the output of "mgmt_cli show updatable-objects-repository-content" command. This field displays the object's unique name as it is saved in the updatable objects repository. |
PRJ-45679, |
CloudGuard Network |
NEW: CloudGuard Controller for NSX-T
Note: Importing Virtual Machines can be enabled only using Policy Mode APIs. When enabled, the amount of API requests toward the NSX-T manager increased. |
PRJ-45491, |
Security Management |
UPDATE: Significant performance improvement for policy installation when using many layers (up to four times faster). |
PRJ-46243, |
Security Management |
UPDATE: A Security Management Server/Domain Management Server can now manage up to 500 Security Gateways/Cluster members, allowing concurrent policy installation on all Security Gateways/Cluster members at once. |
PRJ-45204, ODU-843 |
Web SmartConsole |
UPDATE: New features and improvements are released in Take 76 via self-updatable package. Refer to sk170314. |
PRJ-45473, |
CPView |
UPDATE: First release of CPviewExporter Release Updates. Refer to sk180521. |
PRJ-45466, |
CPView |
UPDATE: First release of CPotelcol (OpenTelemetry Collector) Release Updates. Refer to sk180522. |
PRJ-44609, |
Threat Emulation |
UPDATE: FakeServer will now listen for packets coming from the Virtual Machine during Threat Emulation to port 18443 instead of port 8443. |
PRJ-44321, |
Threat Prevention |
UPDATE: The DCE-RPC kernel tables will now be global instead of local. This adjustment helps avoid issues with syncing between firewall instances and keeps data connections stable. |
PRJ-45463, |
Threat Prevention |
UPDATE: Added Update 18 and Update 19 of Autonomous Threat Prevention Management integration Release. Refer to sk167109. |
PRJ-46429, |
Threat Prevention |
UPDATE: IPS bypass triggers will now be activated based on the average CPU load exceeding the high threshold, as opposed to the previous implementation, where a single CPU load triggered the bypass. The change will result in more effective security measures without unnecessary bypasses. |
PRJ-43784, |
Threat Prevention |
UPDATE: Ability to send packet capture on IPS / Anti-Bot silent protections to the research team to enhance the security. |
PRJ-45912, |
Identity Awareness |
UPDATE: Implemented monitoring functionality and alerts for tracking the expiration date of Identity Broker certificates. |
PRJ-46224, PMTR-92426 |
ClusterXL |
UPDATE: Added support for IPv6 traffic synchronization in Multi-Version Clusters (MVC). See the Important Notes section. |
PRJ-44719, PRHF-22566 |
SecureXL |
UPDATE: Added a new kernel parameter allowing to control the size of fragments table in SecureXL. To use it, set the kernel parameter "sim_frag_limit_override" with the new value and install policy. This can prevent fragment drops when having multiple instances in the Firewall. |
PRJ-42862, PMTR-88750 |
Zero Phishing |
UPDATE:
|
PRJ-44762, |
Gaia OS |
UPDATE: Increased the size of the scheduled snapshot database binding, allowing longer paths and passwords to be defined. |
PRJ-47227, |
Gaia OS |
UPDATE: Upgraded OpenSSL from 1.1.1t to 1.1.1u to include the latest security improvements. Refer to sk181427. |
PRJ-44354, |
CloudGuard Network |
UPDATE: Added support for Data Centers in AWS ap-southeast-4 Melbourne region. |
PRJ-43926, |
CloudGuard Network |
UPDATE: Added support for sending Data Center updates from the CloudGuard Controller to the main IP address of Active member on the Management Plane instead of the cluster VIP address on the Data Plane. Refer to the "updateClusterMemberAndNotVip" section in CloudGuard Controller R81.20 Administration Guide > Configuration Parameters. This change prevents scenarios when CloudGuard Controller fails to connect to Cluster with MDPS enabled (sk180981). |
PRJ-46550 |
CloudGuard Network |
UPDATE: Added new Security Management APIs for the CloudGuard Central License Utility:
|
PRJ-45214, |
Scalable Platforms |
UPDATE: Added Management Data Plane Separation (MDPS) support for Maestro Orchestrator and Chassis scalable platforms. |
PRJ-43863, |
Scalable Platforms |
UPDATE: Added a new log file - /var/log/pull_config_report.log. It includes the summary of the "pull_config" action when it is performed on a member to indicate the reason for pull_config pnote/failures. |
PRJ-45908, |
Scalable Platforms |
UPDATE: Added Take 23 of Check Point Support Data Collector (CPSDC) for Scalable Platforms and Maestro Security Appliances. Refer to sk164414. |
PRJ-44959, |
Scalable Platforms |
UPDATE: Added a new log file to indicate the reason of member reboots if they are triggered by configuration mismatch - /var/log/configuration_reboot_info.log. |
PRJ-45389, |
HCP |
UPDATE: Added Update 12 of HealthCheck Point (HCP) Release. Refer to sk171436. |
PRJ-44461, |
Security Management |
In some scenarios, the "run-script" Management API command may fail with "Null Pointer Exception" when using root user permissions. |
PRJ-45874, |
Security Management |
In some scenarios, Access Policy Verification fails but the name of the failed rule is not specified. |
PRJ-43569, |
Security Management |
After Full synchronization, SmartConsole login from a Domain Management Server to the Security Management Server that is configured as High Availability may fail. |
PRJ-45156, |
Security Management |
APP_ID may not be initialized when adding a new Check Point application via API, this may cause blocked access to several websites. |
PRJ-42040, |
Security Management |
Editing an object in SmartConsole may fail with "Server error is: Object not found (Code: x08003001D, Could not access file for write operation)". |
PRJ-44086, |
Security Management |
Login with SmartConsole to a Security Management Server may fail if using a DNS name instead of an IP address. Refer to sk180514. |
PRJ-46630, |
Security Management |
In the Infinity Services view, the Log Sharing status may not be correct. |
PRJ-44625, |
Security Management |
In the Accelerated Policy Installation flow, there is no validation for the scenarios when there are DAIP Security Gateways in the Destination column of the Access policy. |
PRJ-44984, |
Security Management |
When using SmartTasks to send a mail before or after publishing the operation, the value inserted into the Changes and Description fields does not take effect as expected. |
PRJ-44594, |
Security Management |
In some scenarios, running the Management API "delete-exception-group" fails if the exception group is automatically attached. |
PRJ-43813, |
Security Management |
Login to SmartConsole with a RADIUS administrator from the SmartEvent Server may fail if this Server was upgraded. Refer to sk180584. |
PRJ-46399, PRJ-46725, PRHF-28962 |
Security Management |
In rare scenarios, policy installation fails with "Operation failed, install/uninstall has been improperly terminated". Refer to sk180448. |
PRJ-46183, |
Security Management |
The "verify-policy" Management API command may fail when performed on the Multi-Domain Security Management Server. |
PRJ-43917, |
Security Management |
In the Object Explorer window in SmartConsole, the IP address column is sorted alphabetically, although it should be sorted in numerical order. |
PRJ-44592, |
Security Management |
The "show object" command fails when running it on nat-section objects. It returns a "null pointer exception" message, which occurs in calculations related to the overview objects meta-info. |
PRJ-44596, |
Security Management |
When adding/setting an access rule, setting certain fields to "Any" or "None" may fail because of case sensitivity. |
PRJ-44897, |
Security Management |
Policy installation gets stuck if the known proxy group contains the policy target. |
PRJ-45655, |
Security Management |
Packet mode search in SmartConsole may show rules that do not match the query if the query contains source, destination, and service. |
PRJ-44996, |
Security Management |
In rare scenarios, login to SmartConsole fails, and opening Security Gateway objects times out. |
PRJ-44473, |
Security Management |
Excluding a network with anti-spoofing by name on the Security Gateway using the "set simple-gateway" Management API command fails with an "Anti spoofing: excluded network object must be defined." validation error message. |
PRJ-43267, |
Security Management |
When creating several LSM objects (Security Gateways or clusters) via both Management API and SmartConsole, the LSM objects IP addresses may be duplicated. |
PRJ-45878, |
Security Management |
If an empty Network Group is linked in the source or destination fields of an Access Rule, policy verification may not generate an error. Instead, it may treat the empty group as if there is an "Any" object. |
PRJ-42423, |
Security Management |
In some scenarios, an upgrade may fail when a Network object Group contains more than 32000 members. |
PRJ-43187, |
Security Management |
If a Security Gateway is added to a group after configuring an installation policy preset, the policy may not be installed on that Security Gateway. Refer to sk181461. |
PRJ-42553, |
Security Management |
After restoring a Multi-Domain Security Management Server, High Availability synchronization may fail with "The Security Management Servers contain different Hotfixes". |
PRJ-43192, |
Security Management |
If the Security Management Server is behind NAT, remote Management API login fails. |
PRJ-45159, |
Security Management |
APP_ID may not be initialized when adding a new Check Point application via API, this may cause blocked access to several websites. |
PRJ-43963, |
Security Management |
In rare scenarios, the Security Gateway accepts all IP addresses as approved "gui_clients", although it was provided with a list of specific trusted IP addresses. |
PRJ-46088, |
Multi-Domain Security Management |
A scheduled Install Policy Preset may not have its next run time updated when:
|
PRJ-44970, |
Multi-Domain Security Management |
In rare scenarios, in Multi-Domain Security Management environments with over 500K network objects, login to SmartConsole fails with "Connection timed out" or "Unable to connect to server" messages. |
PRJ-45069, PRJ-47051, |
Multi-Domain Security Management |
In rare scenarios, in a Multi-Domain Security Management environment:
|
PRJ-43785, |
Multi-Domain Security Management |
Deleting a Domain from SmartConsole fails after a Domain Server was removed and the Domain has no Domain Servers. |
PRJ-43599, |
SmartConsole |
Typo in the Compliance report - "OSFP" instead of "OSPF". |
PRJ-46531, |
SmartConsole |
SmartConsole may crash while checking for updates.
|
PRJ-46510, |
SmartConsole |
Data Center objects may not appear as unused objects in the Object Explorer view, although they should. |
PRJ-45593, |
SmartConsole |
In some scenarios, in SmartConsole, when clicking the picker to add Security Gateway to a Threat Prevention policy "Install On" column, no Security Gateway objects appear. Refer to sk180964. |
PRJ-46171, |
CPUSE |
When working in a Scalable Platforms environment, a member may get in a bootloop. The issue occurs after consequent upgrade of this member to R81.10, Deployment Agent (DA) update and enabling image auto cloning. |
PRJ-43473 |
CPUSE |
In some scenarios, the task progress bar is missing during Jumbo installation from SmartConsole. |
PRJ-43477, |
Logging |
The Non-Transparent Proxy configuration is missing the IP address of the destination website in the URL Filtering logs. Refer to sk180403. |
PRJ-45670, |
Logging |
In specific network configurations, after installing a policy, the target IP address of the Log Server may differ from what was configured. |
PRJ-41667, |
Logging |
In some scenarios, in the Logs & Monitor view, no results are shown when filtering updatable object names by the "dst_uo_name" field. |
PRJ-41595, |
Logging |
SmartEvent may generate false Anti-Bot / Anti-Virus related logs which do not contain any information. |
PRJ-45418, |
Logging |
Source and destination IP addresses in SmartLog may not be shown correctly for duplicate packets of fragmented traffic. |
PRJ-46074, |
Logging |
After an upgrade of the Security Management Server, the "cp_log_export show" command may return the "found an ambiguous value" error in the "export_log_position" field. |
PRJ-44408, |
Security Gateway |
Global tables (ghtab) may not be synchronized between members, this can lead to instability of traffic. |
PRJ-46054, |
Security Gateway |
The Security Gateway may crash while inspecting non-HTTP traffic. |
PRJ-44190, |
Security Gateway |
The Security Gateway may crash due to a memory issue. |
PRJ-45804, |
Security Gateway |
Resolved an issue where CPD would consume a large amount of CPU in VSX with a large number of interfaces configured (greater than 1024). Refer to sk181588. |
PRJ-47118, |
Security Gateway |
In some scenarios, after an upgrade, the FWD process may unexpectedly exit. |
PRJ-45001, |
Security Gateway |
In a Maestro environment where members are VSXs, connection over SSH or RDP from a host behind Maestro to a peer may be dropped. |
PRJ-45091, PMTR-90992 |
Security Gateway |
It is impossible to configure the total number of IPv4 CoreXL Firewall instances and IPv6 CoreXL Firewall instances to more than 64 when the Security Gateway with more than 64 CPU cores runs in the USFW mode. Refer to sk181408. |
PRJ-43849, |
Security Gateway |
Stack buffer overflow may occur in the FWGTP process. |
PRJ-46677, PRJ-46680, |
Security Gateway |
After an upgrade, GTP traffic and memory issues may occur. |
PRJ-46335, |
Security Gateway |
The Security Gateway may crash after a failure in policy installation. |
PRJ-46139, |
Security Gateway |
The "g_tcpdump -mcap" command may not merge traffic capture outputs. Refer to sk181032. |
PRJ-44312, |
Security Gateway |
In rare scenarios, modifying the "fwmultik_temp_conns_enabled" parameter on-the-fly leads to the Security Gateway crash. |
PRJ-46688, |
Security Gateway |
When adding a new connection, the "Smart Connection Reuse" feature may cause errors in fwk.elg and connection drops. |
PRJ-42788, |
Security Gateway |
In some scenarios, the Security Gateway may crash. |
PRJ-44605, |
Security Gateway |
The FWK process may unexpectedly exit while processing the mail flow and generate a core dump. |
PRJ-45497, |
Security Gateway |
On the Security Gateway with Management Data Plane Separation (MDPS) enabled:
|
PRJ-42531, |
Security Gateway |
In some scenarios, while processing H323 traffic, the Security Gateway may unexpectedly restart. |
PRJ-45479, |
Security Gateway |
Security Gateway may crash when running kernel debugs of the "UP" module. |
PRJ-44252, |
Security Gateway |
When setting "cphwd_enable_ecmp = 1" (to route by the source and destination IP address), the Security Gateway may route the traffic to the wrong MAC. |
PRJ-45450, |
Security Gateway |
When the Security Gateway handles specific HTTP requests, memory failure may occur. CPView registers SMEM failure. |
PRJ-44753, |
Security Gateway |
Policy installation may fail with "Error 2000240" because of an IPv6 flow issue. |
PRJ-41879, |
Security Gateway |
On supported Open Servers (sk167052), after changing the Firewall mode from Kernel Space (KSFW) to User Space (USFW) and reboot, the Security Gateway continues to boot in the Kernel Space mode. |
PRJ-45187, |
Security Gateway |
Traffic stops working after a Security Gateway Member recovers from a failure. Refer to sk180705. |
PRJ-44106, |
Threat Prevention |
Fetching custom intelligence feeds via CLI may fail because of SSL certificate issues. |
PRJ-44571, |
Threat Prevention |
After an upgrade, adding an IoC feed with IP range indicator type may fail with "Feed format problem. Bad or Empty Feed". |
PRJ-44152, |
Threat Prevention |
In a rare scenario, policy installation may fail because of IoC observables overrides. |
PRJ-44201, PMTR-89130 |
Threat Prevention |
When IPS Blade is enabled, the Security Gateway may crash. |
PRJ-45925, |
Identity Awareness |
In a rare scenario, the PDPD process may unexpectedly exit during user authentication flow. |
PRJ-43748, |
Identity Awareness |
The output of the "pdp monitor cv_le <agent-version>" command may be incorrect. |
PRJ-45429, |
Application Control |
Some TLS1.3 applications without SNI do not match the rules. |
PRJ-43976, |
URL Filtering |
When applying the "appi_urlf_ssl_cn_use_sni_without_validation" kernel parameter, only the first notified application may be considered for Rule Base matching, and the rest of the apps are not detected. |
PRJ-44181, |
IPS |
In some scenarios, the FWK process may unexpectedly exit, while Threat Prevention Blades inspect HTTP traffic. |
PRJ-45658, |
SSL Inspection |
In a VSX environment, the WSTLSD process run by Virtual Systems may ignore proxy configuration on VS0. |
PRJ-46280, |
Anti-Virus |
Importing a custom intelligence feed containing IP ranges may fail. |
PRJ-44671, |
Anti-Virus |
Anti-Virus Blade may bypass inspection of URLs with sub-domain portion. |
PRJ-46606, |
Anti-Virus |
The DLPU process may stop working, creating a User Space core dump file on the Security Gateway. Refer to sk181026. |
PRJ-44234, |
Anti-Virus |
The RAD process CPU utilization may be high when Anti-Virus engine processes many reverse DNS queries. |
PRJ-45195, |
Mobile Access |
In rare scenarios, IOS users are unable to send emails using Capsule Workspace business mail. |
PRJ-45100 |
Mobile Access |
SSL Network Extender (SNX) may randomly disconnect after a version upgrade. Refer to sk173765. |
PRJ-45852, |
Mobile Access |
Mobile Access Security Gateway does not recognize Office 365 URL This can cause OAuth 2.0 authorization to fail, it may not be possible to view the mail. |
PRJ-46403, |
Mobile Access |
Sending emails with attachments via Capsule Workspace may fail on iOS. |
PRJ-46506, |
ClusterXL |
Some IPv6 connections randomly stop passing through ClusterXL in High Availability mode. Refer to sk180969. |
PRJ-45163, |
ClusterXL |
A VRRP cluster member may be stuck in boot after a cluster upgrade. |
PRJ-42772, |
ClusterXL |
Asymmetric UDP traffic may be dropped with "First Packet isn´t Syn". |
PRJ-43640, |
SecureXL |
In some scenarios, incorrect MSS value calculation may lead to traffic drops and performance instability. |
PRJ-44365, |
SecureXL |
When running tcpdump on the Multi-Domain Security Server, an "error /bin/cp-tcpdump.sh: line 11: sxlmode: command not found" message is shown. The issue is cosmetic only. |
PRJ-41959, |
Routing |
In some scenarios, a Security Group Member failover can trigger routes to be lost on other members in the Security Group. |
PRJ-44710, |
Routing |
An IGMP group with an expiration time of 7101 weeks should be deleted when it reaches 0 seconds, but instead, it may remain at 7101 weeks until a membership report is sent, then it resets to the interval of that interface. |
PRJ-44706, |
Routing |
Multicast receivers send IGMP membership reports, but the outbound interfaces are missing from the routing table. |
PRJ-45380, |
Routing |
A VRRP/VRRP6 interface may go into Master/Master state. |
PRJ-46133, |
Routing |
When two interfaces with the same local address are configured, BGP may use an incorrect interface to reach a peer. |
PRJ-41962, |
Routing |
Routing log messages generated when Standby cluster members reconnect to members in Master state are not clear. |
PRJ-43828, PRHF-27339 |
VPN |
In a Site to Site VPN, when one of the sites is a cluster in Load Sharing mode, it can cause incorrect destination member calculation for asymmetric connection and the traffic might be dropped. Refer to sk180855. |
PRJ-44313, |
VPN |
The "failed to terminate session" error is displayed when using RAsession_util to terminate Endpoint client. |
PRJ-44992, PRJ-46303 PRJ-44830, |
VPN |
|
PRJ-45469, PRHF-28353 |
VPN |
StrongSWAN Remote Access authentication fails when the LDAP lookup type is not the default method. |
PRJ-44219, |
VPN |
The "vpn/ike debug ikeon/ikefail" commands may fail when used with the "-s" flag. |
PRJ-45920, |
VPN |
The FWM process may unexpectedly exit at startup because of an incorrect VPN key initiation. |
PRJ-46952, |
VSX |
An upgrade of VSX cluster members configured as VSLS from SmartConsole may fail. |
PRJ-45146, |
VSX |
Some packets may disappear when using the i40e driver, and VMAC is configured on the cluster. |
PRJ-45006, |
VSX |
A VSX Security Gateway may crash while attempting to collect statistics after running the "cpstop" command. |
PRJ-44123, |
VSX |
Changing the main IP address of a Virtual Router may cause the FWM process to exit. |
PRJ-44746, |
VSX |
Virtual System's interfaces may be missing when running the Clish command "show/save configuration". |
PRJ-44090, |
VSX |
Values provided by the VSX OID tree: 1.3.6.1.4.1.2620.1.16.22.5.1 may be incorrect. |
PRJ-45402, |
VSX |
Warp interfaces may appear in VS0 and disrupt connectivity when editing a Virtual Switch with a bond and VLANs. |
PRJ-45864, |
Gaia OS |
Gaia backup may fail, leaving a temporary partition behind. Any new attempt to create a new backup returns an error. |
PRJ-41910, |
Gaia OS |
Gaia WebUI logs are printed with "info" severity. |
PRJ-45566, ACCHA-2110 |
Gaia OS |
The $FWDIR/log/fwd.elg file may get corrupted during log rotation. Refer to sk180728. |
PRJ-42780, |
Gaia OS |
Scheduled SCP snapshots to a Windows Server may fail with the "Failed to connect to remote server. Please validate connection". |
PRJ-43199, |
Gaia OS |
Appliance with a Dual Image installed cannot reboot after restoring to the factory default of a Dual Image. Refer to sk180331. |
PRJ-46945, |
Harmony Endpoint |
KAV updater on the Server may fail to receive updates when proxy is used. |
PRJ-45541, |
CloudGuard Network |
AWS Data Center mapping fails when an interface subnet is missing from the list of subnets. |
PRJ-44479, |
CloudGuard Network |
Azure scan fails if a Virtual Machine Scale Set (VMSS) is deleted after the scan started. |
PRJ-44615, |
VoIP |
In rare cases, SIP UDP traffic may cause Security Gateway to crash because of a memory allocation issue. |
PRJ-46476, |
VoIP |
SIP traffic may be dropped and "kiss_htab_bl_infra_slink: failed "earlynat_sport_ghtab_bl":3 reason: KISS_HTAB_BL_SLINK_LIMIT_REACHED" is printed in the fwk.elg file. |
PRJ-43719, |
VoIP |
After an upgrade, VoIP, and SIP / H323 traffic may be dropped in the VPN tunnel. Refer to sk179651. |
PRJ-42783, |
Scalable Platforms |
Adding more than 250 VLANs on an Orchestrator MHO-175 Maestro Uplink interface causes intermittent traffic outages. Refer to sk180340. |
PRJ-45253, |
Scalable Platforms |
Excessive "cphwd_get_device_accelerated_ifs: too many interfaces (32,XXX)" messages may log to $FWDIR/log/fwk.elg. Refer to sk180439. |
PRJ-44548, |
Scalable Platforms |
The "orch_info" command may freeze, when running it on Maestro Orchestrator. |
PRJ-45696, |
Scalable Platforms |
Querying the HW status via SNMP (OIDs .1.3.6.1.4.1.2620.1.6.7.*) or via the "cpstat os -f sensors" command may fail on Maestro Orchestrator. |
PRJ-45302, |
Scalable Platforms |
In rare scenarios, the Single Management Object (SMO) may go to Down state after clicking a packet capture link in the IPS log in SmartConsole. |
PRJ-47985, PRJ-47745 |
Scalable Platforms |
Uninstalling Jumbo Hotfix Take 106/107 on Maestro Orchestrator (MHO) may cause an outage. |
PRJ-45363, |
Scalable Platforms |
Maestro Orchestrator sx_api scripts (e.g. sx_api_ports_dump.py) return the "/usr/bin/env: python: No such file or directory" error. |
PRJ-44437, |
Scalable Platforms |
WRP interfaces cannot be used for Source / Destination in a specific Fast Forward rule. |
PRJ-44022, |
Scalable Platforms |
Policy validation may fail if the Fast Forward feature is enabled. |
PRJ-44288, |
Scalable Platforms |
The "set/show trace" command may fail in gClish. |
PRJ-45886, |
Scalable Platforms |
In VSLS mode, SNMP traffic may incorrectly be forwarded to SMO instead of DR manager of the corresponding Virtual System. |
PRJ-46646, |
Carrier Security |
Incorrect parsing of GTP-U traffic may cause anti-spoofing drops. |
PRJ-43225, |
Carrier Security |
Security Gateway drops GTP Echo Response traffic with the reason "Wrong Destination Port". See sk181507. |
PRJ-43221, |
Carrier Security |
Security Gateway drops GTP traffic with the reason "Static IP not allowed". See sk181506. |
PRJ-46674, |
Carrier Security |
Packet corruption, leading to traffic and performance issues. |
PRJ-43358, |
Carrier Security |
GTP traffic may be dropped and tunnels are not registered in gtp_tunnels. |