Known Limitations

  • Refer to sk109141 for more information on supported Jumbo Hotfix Accumulators.

  • Refer to sk157492 for more information about CME limitations.

  • To manage R80.20 VMSS with R80.10 Management Server, you must install R80.10 Jumbo Hotfix Accumulator - Take 169 and above.

  • IPv6 is not supported.

  • Only Azure Resource Manager (ARM) deployments are supported.

    Deployment in the Azure classic environment is not supported.

  • Azure Load Balancers have limits. There is a limit on the number of front-end IP addresses it supports.

    See Microsoft documentation on Azure Networking Limits.

  • East-West inspection between peered VNETs is supported only for RFC 1918 private networks (,,

  • Anti-Spoofing is disabled by default on the VMSS instances eth0 and eth1 and must not be enabled.

  • CloudGuard Metrics are available in a subset of Azure regions. For more information, see the Azure Monitor Supported Regions documentation.

  • If the Endpoint Policy Management Software Blade is enabled on the Security Management Server, then the Autoprovision feature is not supported,

  • Azure DNS does not replace the client's DNS Servers. It can be used in addition to public and ISP DNS servers. For more information, see Microsoft Azure DNS documentation.

  • Policy Server (Desktop Policy) is not supported.

  • For Endpoint Security managed clients, Enforcement of the Firewall policy from the SmartConsole is not supported.

  • For Endpoint Security managed clients, configuration of SCV checks from the Gateway is not supported.

  • Hub Mode (Route-All-Traffic) is not supported.

  • Edit of Login Options and Legacy Authentication is not supported.

  • Automatic MEP Topology is not supported.

  • Machine Authentication is not supported.

  • For Endpoint Security VPN, SecuRemote flavor is not supported.

  • Edit of office mode configuration is not supported. This includes Office Mode IP Address for each User (IPAssignment.conf).

  • Edit of Link Selection configurations is not supported.

  • To do Anti-Spoofing on Office Mode addresses is not supported.

  • Connection enhancements for gateways with multiple external interfaces (also knows as "magic button") are not supported.

  • Site to Site VPN is not supported.

  • Creating a VMSS environment with a name for the Load Balancer that is different from the default ("frontend-lb" or "backend-lb") is not supported.