List of All Resolved Issues and New Features

Note - This version reached its End of Support. If you are using this version (or lower), we strongly recommend you to upgrade your environments. Check Point Recommended version for all deployments is R81.10 Take 335 with its Recommended Jumbo Hotfix Accumulator Take.


ID

Product

Description

Take 230

Released on 4 September 2022 and declared as General Availability on 3 November 2022

PRJ-38397,
PRHF-23290

Security Management

An Application Control and URL Filtering update may get stuck because of a lock object duplicate issue.

PRJ-36187,

PRHF-22004

Logging

UPDATE: Amended the override_server_setting.sh script to support changes in the values of

RFL_SOLR_MAX_MERGE_COUNT and  RFL_SOLR_MAX_MERGE_THREAD_COUNT.

PRJ-30961,

EPS-562

Logging

In some scenarios, the Forensics report fails to open from Harmony Endpoint logs.

PRJ-39952,

PRHF-22814

Security Gateway

UPDATE: Added support for RADIUS UPN authentication with MS-CHAPv2. To use it, enable the registry configuration in ckp_regedit -a SOFTWARE/Checkpoint/VPN1 RADIUS_MSCHAPV2_UPN -n 1.

PRJ-40506,
PMTR-85083

Security Gateway

UPDATE: Added a defense mechanism against partial header attacks known as "Slowloris DoS" (CVE-2007-6750).

PRJ-40134,

PMTR-84236

Security Gateway

When Strict Hold is enabled, traffic is logged with the log "HTTP parsing error detected. Bypassing the request as defined in the Inspection Settings". Refer to sk169995.

PRJ-40643,

PRJ-38912

Security Gateway

When Anti-Virus blade is enabled, there may be a continuous high memory consumption which can lead to latency.

PRJ-41003,

PRJ-40954

Security Gateway

In a VSX environment, SNMP queries to OSPF OIDs may fail.

PRJ-31455,
PRHF-16136

Security Gateway

The CPD process may unexpectedly exit and create core dump files.

PRJ-34167,
PRHF-20978

Security Gateway

After an upgrade, in a setup with a single Virtual System (VS), the Security Gateway may crash.

PRJ-34884,

PMTR-77524

Threat Prevention

Traffic bypassed due Threat Prevention exception is not accelerated.

PRJ-40045,
PRJ-34088

Threat Prevention

IPS and other Threat Prevention logs may not contain packet capture. And dmesg may be flooded with related errors.

PRJ-36430,

PMTR-77653

IPS

When ClusterXL is configured, a file may pass without inspection during a failover.

PRJ-37722,
PRHF-22465

DLP

DLP logs for files uploaded to Microsoft OneDrive may not show the initial file names and extensions. Refer to sk178290.

PRJ-39835,

PMTR-84079

ClusterXL

When reconnecting the OSPF interface on both members in a cluster, a failover may occur when receiving a ROUTED PNOTE on the Active member.

PRJ-39069,

PRHF-22676

SecureXL

UPDATE: Added a new kernel parameter "fw_allow_reverse_syn" for Smart Connection Reuse. This parameter allows or drops SYN packets coming from the reverse direction. The parameter is set to 0 by default, the Security Gateway drops such packets. Refer to sk24960.

PRJ-36854,
PRHF-21863

SecureXL

Policy installation may cause cluster failover and impact the traffic flowing through the cluster.

PRJ-40847,
PMTR-85427

VPN

UPDATE: Added a configurable protection for blocking brute-force attacks on VPN SNX portal. Refer to sk180271.

PRJ-40659,
PRHF-24446

VPN

There may be a low throughput in a Site-to-Site VPN tunnel between two VSX Gateways with enabled.

PRJ-27467,
PRHF-18056

Gaia OS

UPDATE: A description was added to the output of the "show backup logs" command with information about each column. Refer to sk173970.

PRJ-29070,
PRHF-16407

Gaia OS

UPDATE: Added support for the Excluded Files feature (sk116679) for XFS file system on Kernel 3.10.

PRJ-40305,

ODU-454

HCP

Added Update 9 of HealthCheck Point (HCP) Release. Refer to sk171436.

PRJ-40667,

ODU-478

HCP

Added Update 10 of HealthCheck Point (HCP) Release. Refer to sk171436.

Take 220

Released on 30 June 2022 and declared as General Availability on 2 August 2022

PRJ-37799,
PRHF-22885

Security Management

In some scenarios, deleting a Security Gateway object fails with the "Action failed due to an internal error" error.

PRJ-36846,
PRHF-22352

Security Management

In rare scenarios, the Management Server may fail to start due to incorrect session handling.

PRJ-35947,
PRHF-21894

Security Management

Compliance results for some rules are not available after changing the "Policy Range" of a user-defined rule to a value below 100%. Refer to sk177544.

PRJ-36917,
PRHF-22479

Security Management

When a Security Gateway is removed from a VPN community, it may still be seen under the permanent tunnel configuration. The issue is scoped to the Management side and does not impact the Gateway.

PRJ-35651,
PRHF-21996

Security Management

The Security Cluster Wizard is not shown again after a Management restart in a Full High Availability cluster environment.

PRJ-37501,
PRHF-22597

Security Management

In rare scenarios, Global Domain Assignment may fail with the "class name not found for object" error message.

PRJ-35057,
PRHF-21753

Security Management

Renaming the Security Management Server may fail with the "Failed to save object" error. Refer to sk177224.

PRJ-37760,
PRHF-22671

Security Management

The FWM process on the Management Server may unexpectedly exit creating a core dump file.

PRJ-37196,
PRHF-22299

Security Management

The Management API command "show-vpn-communities-star" for Diffie-Hellman groups 15-18 and group 24 fails with the "Invalid DH-Group in VPN Reply" error. Refer to sk27054.

PRJ-35014,
PRHF-21705

Security Management

Install Policy Verification may fail with the "Rule has security zone objects that are not attached to any interface used" error when configuring cluster's interfaces on only one member. Refer to sk177129.

PRJ-38738,

PRHF-23467

Security Management

In a rare scenario, the FWM process may unexpectedly exit and create a core dump.

PRJ-39174,

PRHF-23750

SmartConsole

In some scenarios, the Management API command "show-packages" with "details-level full" may fail with the "Could not commit JPA transaction" error.

PRJ-37985,

PRHF-22589

SmartConsole

After an Application Control update, some application control objects may disappear from SmartConsole, although they are not deprecated.

PRJ-37691,
PMTR-79023

Logging

UPDATE: SmartView reports will now show the new Check Point logo.

PRJ-37098,
PRHF-22528

Logging

UPDATE: Scheduled email reports will now use TLS1.2 instead of TLS1.0. Refer to sk178125.

PRJ-34803,
PRHF-21554

Logging

In some scenarios, Logs related to Content Awareness are missing.

PRJ-29171,
PRHF-18866

Logging

Removed unnecessary debug messages: "fwbintabreplace: table svm_range_gateways not found and " fwbintabreplace: table svm_range_gateways_valid not found" from the fwd debug log.

PRJ-30142,
PMTR-60786

Logging

Recurring "Unable to open '/dev/fw0': No such file or directory" may be printed in the fwd.elg file.

PRJ-32577,
PRHF-20447

Logging

In some scenarios, it is not possible to add the "Policy Rule UID" column to the Logs view in the SmartView Web Application.

PRJ-32370,
PRHF-18699

Logging

When running CPinfo in a large scale environment, the SmartEventCollectLogs process may get stuck..

PRJ-34247,
PRHF-21188

Logging

There may be an incorrect error message related to MakeConnection method.

PRJ-34139,
PRHF-21218

Logging

When SmartConsole is connected to a Domain Management Server, in the Logs&Monitor view:

  • When filtering logs with the query "service:", SmartConsole does not show a drop-down list with available services.

  • When filtering logs with the query "origin: <Name of Security Gateway Object>", SmartConsole shows "No matches found for your search".

Refer to sk178904.

PRJ-37894,

PRHF-22858

Logging

Logs may be missing from SmartConsole after upgrading the Log Server if a VS object is configured without an IP.

PRJ-36458,
PRHF-22152

Logging

When running the "cp_log_export filter-blade-in" command with the value "Endpoint" and restarting the LOG_EXPORTER process, LOG_EXPORTER may fail to start.

PRJ-19031,
PMTR-61532

Security Gateway

UPDATE: In CPView overview, the "FW" field will now show physical memory used instead of virtual memory used. The change is only cosmetic.

PRJ-34597,
PRHF-21561

Security Gateway

The log for the NAT second rule match shows an incorrect rule number.

PRJ-35100,
PRHF-16013

Security Gateway

Policy installation may fail when there is a heavy load on memory on the Security Gateway.

PRJ-33926,
PRHF-20845

Security Gateway

Cluster failover may trigger the FWK process to exit, with no traffic impact.

PRJ-36116,
PMTR-71654

Security Gateway

In CPView, under Network, Bytes Per Sec value in Traffic Rate may be incorre

PRJ-36564,
PMTR-79569

Internal CA

UPDATE: In SmartConsole, added an alert to inform that the ICA certificate will be expired in less than one year. Refer sk158096.

PRJ-36161,
PRHF-21680

Identity Awareness

The PDP process may unexpectedly exit with a core dump file.

PRJ-35848,
PRHF-22037

Identity Awareness

The PEP process may unexpectedly exit

PRJ-38039,
PMTR-81714

IPS

In very rare scenarios, a traffic outage may occur.

PRJ-37276,
PMTR-77922

IPS

Improved detection in some IPS protections.

PRJ-39059,

PRHF-12660

IPS

In a VSX setup, the IP address used as the origin SIC name in the IPS address log may differ from the IP address in other reports.

PRJ-36295,
PMTR-76171

SSL Inspection

A memory leak related to TLS probe may occur in the WSTLSD process.

PRJ-35288,
PRHF-21849

Mobile Access

In some scenarios, when Mobile Access Blade is enabled, the Security Gateway may crash.

PRJ-37431,
PMTR-80319

ClusterXL

There may be connectivity issues for multicast traffic in PIM Sparse Mode.

PRJ-37878,

PMTR-81375

ClusterXL

Local connection from a Standby member may fail when packets are not fragmented even if the interface MTU is smaller than the packet size.

PRJ-36173,
PMTR-51050

ClusterXL

In Virtual Device Status table, in vs0 context, the output shows the Active-Active status on two members instead of Active-Standby.

PRJ-35592,
PRHF-19273

ClusterXL

In a rare scenario, after an upgrade and reboot, a Standby member is set to down with a FullSync pnote and cannot synchronize.

PRJ-37810,

PRJ-37001

SecureXL

NEW: In some scenarios, the Security Gateway may not forward traffic to a client if its IP address is changed by DHCP. Added a global parameter "cphwd_refresh_nh", disabled by default. It determines whether or not the Security Gateway will invoke its own refresh ARP mechanism after a successful route lookup. Refer to sk175603.

PRJ-39005,

PRHF-22881

SecureXL

SYN Defender may not properly handle the S2C traffic related to Allow List. As a result, this traffic may be dropped.

PRJ-38999,

PRHF-23644

SecureXL

SYN Defender may change MSS in an SYN packet to a larger value, potentially causing traffic drop.

PRJ-36467,
PRHF-21775

SecureXL

The VSX Gateway may crash when trying to route traffic from a VS to a Virtual Switch (VSW).

PRJ-30710,
PRHF-18975

Routing

Connectivity issues may occur after configuration of route based VPN (VTI interface). Refer to sk176368.

PRJ-34762,

PRHF-21568

VPN-1

When using Link Selection probing, the VPND process may unexpectedly exit and create a core dump file.

PRJ-34668,
PMTR-77130

VSX

UPDATE: The "vsx_util reconfigure" operation is not supported on a VSX cluster member or VSX Gateway which has no virtual systems configured. The operation will now alert about the absence of virtual systems.

PRJ-29579,
PRHF-16144

VSX

UPDATE: Decreased the time to edit routes in topologies where multiple Virtual Systems are connected to a Virtual Switch (VSW).

PRJ-34997,
PMTR-77287

VSX

The "vsx_util reconfigure" command may fail without printing the cause of the error.

PRJ-32076,
PMTR-74295

VSX

When creating a static route on a virtual system, some network objects may be created with the same name inside the network group which causes failure in writing the object to the database.

PRJ-38290,
PMTR-41352

VSX

When deleting a physical interface that was added with a VLAN trunk to a VSX cluster or a VSX Gateway, it is not removed correctly from the management side and may still be seen if running the "vsx_util show_interfaces" command.

PRJ-35500,
PMTR-62860

VSX

There may be a mismatch of policy name on virtual switch when using the "fw stat" and "vsx stat -v" commands. The issue is only cosmetic

PRJ-33468,
PMTR-73998

VSX

In some scenarios, the "vsx_util reconfigure" command cannot fetch the policy installed previously.

PRJ-32473,
PRHF-20437

VSX

When using the VSX Provisioning Tool, it may not be possible to create a new warp interface and then change the main IP address of the VS in the same transaction.

PRJ-28542,
PMTR-65366

VSX

Latency and packet loss issues may occur when traffic goes through external VS connected to Virtual switch (VSW). Refer to sk177344.

PRJ-32702,
PRHF-20553

VSX

After restoring the VSX Gateway backup, the SNMP agent stops responding when the context is set for a specific VS.

PRJ-35274,
PMTR-76457

VSX

In some scenarios, if VSX Gateway creation fails and rollback is done, the default route of the Security Gateway that was configured via clish is deleted without validation

PRJ-32403,
PMTR-74557

VSX

The OID "Syslocation" can now be configured in the context of a virtual system as described in the article (IV-1) Advanced SNMP configuration in sk90860.

PRJ-33312,
PRHF-20561

VSX

The FWM process may unexpectedly exit after using the VSX Provisioning tool.

PRJ-33037,
PMTR-69098

VSX

In a VSX cluster, after pushing Bridge configuration, the state may change from Active/Active to Active/Standby.

PRJ-38824,

PMTR-82551

VSX

The FWK process of Virtual Switch (VSW) may consume a high CPU.

PRJ-38199,

PRHF-23118

VSX

In some scenarios, the VSX Security Gateway may not decrease the packet's TTL.

PRJ-36764,
PMTR-52576

VSX

VSX Cluster Internal Communication Network IP address is shown in ifconfig after changing the name or VLAN of a VR physical interface.

PRJ-38404,

PMTR-73704

VSX

When creating a virtual system, the "Failed to create Virtual System directories" error is displayed.

PRJ-38790,

PMTR-82492

VSX

In some scenarios, it is not possible to start a vsx_util upgrade/downgrade after a failed attempt.

PRJ-36774,
PRJ-36756

Gaia OS

NEW: Gaia API (version 1.6 with Python3 support) will now be deployed via Jumbo Hotfix. Refer to sk143612.

PRJ-35581,
PRHF-21922

Gaia OS

UPDATE: It is now possible to use Gaia proxy addresses with more than 16 characters.

PRJ-36083,
PMTR-78169

Gaia OS

WebUI session may end when creating a Role with full permissions.

PRJ-37344,
PMTR-80176

Gaia OS

When adding and deleting a neighbor-entry ipv6-address, an error message is displayed, although the operation is successful.

PRJ-39092,

PRHF-23641

Gaia OS

Dynamic routing SNMP OID polling may work only in VSX mode.

PRJ-36357,
PMTR-58250

Gaia OS

In some scenarios, like defected LOM card, or when LOM port exists, but no LOM is connected, the CONFD process may stop working.

PRJ-36783,

PMTR-79249

Gaia OS

The "snmpwalk" command may time out after reaching SNMPv2-SMI::mib-2.68.1.2.0.

PRJ-38226,

PMTR-81516

Gaia OS

When running the "save configuration" command on a VSX device, other interfaces besides the Management interface are still presented. This is a cosmetic issue.

PRJ-27906,
PRHF-17814

Harmony Endpoint

In some scenarios, logs related to Harmony Endpoint may be missing.

PRJ-37114,
PRHF-18358

VoIP

When static NAT is configured, VoIP calls may not work.

PRJ-26370,
PMTR-68629

Scalable Platforms

NEW: Added ability to create and manage VSX objects of R80.30SP version via vsx_util and vsx_provisioning_tool.

PRJ-38033,

ODU-341

Scalable Platforms

Added Take 21 of Check Point Support Data Collector (CPSDC) for Scalable Platforms and Maestro Security Appliances. Refer to sk164414.

PRJ-38020,

ODU-342

Public Cloud CA Bundle

Added Take 18 of Public Cloud CA Bundle. Refer to sk172188.

PRJ-38220,

ODU-349

HCP

Added Update 8 of HealthCheck Point (HCP) Release. Refer to sk171436.

Take 211

Released on 27 April 2022 and declared as General Availability on 24 May 2022

PRJ-28215,
PRHF-15223

Identity Awareness

There may be connectivity issues and high CPU spikes on the PDPD, VPND processes, and on the Security Gateway when installing policy. Refer to sk174144.

Take 210

Released on 13 April 2022

PRJ-38295,
PMTR-82069

SmartConsole

In some scenarios when R80.20 Jumbo Hotfix Accumulator Take 208 is installed:

  • Install Policy Preset invokes policy installation on Gateways different from those that are defined.

  • Policy installation on multiple Gateways on MDS level triggers installation on one Gateway only.

Refer to sk178590.

PRJ-38232,
PMTR-81910

Security Gateway

UPDATE: Apache HTTPD version was updated from 2.4.51 to 2.4.53.

Take 208

Released on 23 March 2022

PRJ-24928,
PRHF-16947

Security Management

UPDATE: Added a warning message in SmartConsole, alerting if during policy installation memory utilization of the FWM process exceeded 3.5GB.

PRJ-30404,
PRHF-19450

Security Management

UPDATE:

  • Added the "--help" and "-h" flags to "mdsstop", "mdsstart" and "mdsstat".
  • It is no longer possible to run the "mdsstop" and "mdsstart" commands with wrong parameters.

PRJ-21874,
PRHF-15460

Security Management

In some scenarios, applying the "Where used" action may show incorrect data when an object exists more than once in an Inline Layer.

PRJ-26778,
PRHF-17767

Security Management

In some scenarios, in Override Categorization, it may not be possible to sort or to find objects by name using Object Explorer. Refer to sk175245.

PRJ-22420,
PRHF-15598

Security Management

Domain Server Migration between different Multi-Domain Management Servers may fail if a previous migration attempt of the same Domain already failed and a different Domain name is used for the second attempt.

PRJ-20590,
PRHF-14327

Security Management

In rare scenarios, if one of the Multi-Domain Servers is down, reconfiguring VSX may fail.

PRJ-30051,
PRHF-18928

Security Management

In some scenarios, the FWM process is down and fails to start. Core dumps are created in /var/log/dump/usermode.

PRJ-29196,
PRHF-18782

Security Management

After an upgrade from R77.x. in a multi-site environment, High Availability full synchronization may fail with an "NGM failed to load data" message.

PRJ-28898,
PRHF-18508

Security Management

When searching IP addresses using logical operators (AND / OR), the results may be incorrect:

  • in SmartConsole in the Object Explorer view
  • with the Management API command "show objects" and the "filter" field

Some matched objects may be missing, while some unmatched objects may be present.

PRJ-29965,
PRHF-19308

Security Management

In some scenarios, simultaneous policy installation on multiple Gateways may fail if there is at least one Gateway on R77.X and one Gateway on R80.X.

PRJ-29895,
PRHF-18828

Security Management

In some scenarios, login to a Domain from the System Domain dashboard may fail with "Failed to connect to server".
Refer to sk174910.

PRJ-29907,
PRHF-18974

Security Management

In some scenarios, it is possible to disable a shared layer, although it is used in more than one rule.

PRJ-28813,
PRHF-18712

Security Management

In some scenarios, the "show gateways-and-servers" Management API command fails with "generic_error" when running it with "details-level full".

PRJ-30880,
PMTR-62059

Security Management

In rare scenarios, during an upgrade, the FWM process may unexpectedly exit with a core dump file.

PRJ-25194,
PMTR-68090

Security Management

The "Packet capture is not supported on this platform" warning appears after policy installation for SMB Gateways, although no packet capture is used.

PRJ-27483,
PRHF-18079

Security Management

Global Policy reassignment may fail with "An internal error has occurred" due to duplicated Access Policy Assignment object. Refer to sk174183.

PRJ-25277,
PRHF-17037

Security Management

In rare scenarios, login to Multi-Domain Management fails with the "No Valid Domains were found for [username]" error. Refer to sk175005.

PRJ-30097,
PRHF-19248

Security Management

In rare scenarios, a Multi-Domain administrator's profile may be changed after deleting a Domain if the administrator had custom permissions for it.

PRJ-30388,
PRHF-16024

Security Management

In rare scenarios, editing a cluster object fails with the "Code: 0x8003001D, Could not access file for write operation" error. Refer to sk176930.

PRJ-22263,
PRHF-15674

Security Management

In some scenarios, the user may fail to connect to VPN Remote Access if there are expiration dates saved in a non-English date format. The issue can occur when SmartConsole is installed on a Windows client that uses a non-English locale.

PRJ-28166,
PRHF-18380

Security Management

In rare scenarios, the Management Server may fail to start due to incorrect sessions handling.

PRJ-32089,
PRHF-20162

Security Management

When searching an IP in Object Explorer, network objects with both IPv6 and IPv4 configured, may not reflect in the results, although they match the IP.

PRJ-32106,
PMTR-63070

Security Management

Policy installation may fail if more than 20,000 objects are created and added to rules.

PRJ-30333,
PRHF-18150

Security Management

When one Server in a logical Server group is down, the second Server keeps trying to access it, no matter how long the Server is down.

PRJ-31078,
PRHF-19251

Security Management

In rare scenarios, the FWM process on the Security Management Server unexpectedly exits.

PRJ-30419,
PRHF-18883

Security Management

Scheduled IPS updates data may not be shown in the IPS update report.

PRJ-29509,
PRHF-18890

Security Management

In some scenarios, the Management API command "show-packages" with "details-level full" may fail with an error. Refer to sk176805.

PRJ-30678,
PRHF-19185

Security Management

Policy installation with Directional VPN rules may fail with a verification error.

PRJ-30065,
PRHF-19326

Security Management

  • The High Availability status on Security Management Server may be incorrect and performing failover is not possible.
  • On Multi-Domain Server, after performing failover in the Global Domain and restarting services, the former active Global Domain Server still appears as active (although it is standby).

PRJ-32426,
PRHF-20440

Security Management

In rare scenarios, adding a service to a rule in Access Policy:

  • may take a long time (more than several seconds)
  • may cause SmartConsole to unexpectedly exit

Refer to sk176004.

PRJ-25707,
PRHF-17010

Security Management

Deleting a network group may fail because it is being used, although "Where Used" shows no usage.

PRJ-34223,
PRHF-21356

Security Management

When performing IPS Update or Global Domain Assignment, creating a Domain at the same time may fail with "Internal Error".

PRJ-33284,
PRHF-20525

Security Management

When reassigning Global policy after an IPS update on the Global Domain, the updated IPS version in the Audit Logs view may appear with "-1" value instead of the actual IPS version number.

PRJ-32666,
PRHF-20485

Security Management

When searching for tags usage, the "where-used" action may fail with "Requested object not found".

PRJ-33976,
PRHF-21115

Security Management

Policy installation from the Multi-Domain Server level may trigger installation of two policies for the same VS.

PRJ-34484,
PRHF-20961

Security Management

When using the API to create an OPSEC CPMI application with a custom permissions profile, the default Super User profile is chosen instead.

PRJ-33861,
PRHF-21129

Security Management

When creating or updating a service object via Management API, it is not possible to specify a custom aggressive-aging timeout.

PRJ-30056,
PRHF-19250

Security Management

In rare scenarios, after a Management Server upgrade, importing the database may fail with "Tried to persist object".

PRJ-33398,
PRHF-20866

Security Management

When automatic purge is configured in a local Domain, and there is an assignment between the Global Domain to that Domain, the "show-automatic-purge" API command may fail in the Global Domain with the "Can't build automatic purge reply" error. Refer to sk176443.

PRJ-33362,
PRHF-20847

Security Management

Global Domain Assignment fails with "An internal error has occurred" when there are more than 32K Threat Prevention Overrides in the local Domain. Refer to sk176464.

PRJ-32715,
PRHF-20332

Security Management

If there is a Global Domain Assignment, some results may be missing when searching in Packet Mode. Refer to sk178491.

PRJ-36954,
PRHF-22500

Security Management

Policy installation and "where used" operation may take a long time if there are many inline layers and the "Install On" targets in the Rule Base are not defined as "Any". Refer to sk177928.

PRJ-32743,
PRHF-20512

Security Management

In a rare scenario, the FWM process unexpectedly exits.

PRJ-30348,
PRHF-19421

Multi-Domain Management

During a CPUSE upgrade of a Multi-Domain Server, if there are multiple external interfaces defined, the Domain Servers may be assigned to an incorrect interface.

PRJ-25008,
SL-5634

Logging

NEW:SmartEvent can now skip indexing of firewall session logs to reduce load on the Log Server device. The feature is disabled by default. To enable it, see Issue #4 in sk150452.

PRJ-30685,
PMTR-69181

Logging

UPDATE: The default timeframe for logs queries using the SmartConsole Logs tab is set to "Last 24 Hours".

  • Requires R80.20 SmartConsole Build 127 (or higher)

PRJ-25620,
PMTR-68809

Logging

In environments with more than 500K network objects, the LOG_INDEXER process on SmartEvent and Correlation Unit Server may unexpectedly close with the "Out of memory" error and a dump core file, although limited resolving is enabled (according to sk164452).

PRJ-29027,
PRHF-17596

Logging

In rare scenarios, SmartEvent may show no results or partial results in the Audit Log report.

PRJ-28338,
PMTR-69859

Logging

In some scenarios, Log Exporter configured to export in TLS cannot authenticate a certificate from an external certificate authority.

PRJ-28321,
PRHF-17811

Logging

In some scenarios, in SmartLog, free-text search does not work for some inspection settings logs and their description is missing.

PRJ-31211,
PRJ-30722

Logging

In a rare scenario, logs export from SmartView web view to CSV may fail. Refer to sk175545.

PRJ-26305,
PRHF-17314

Logging

In rare scenarios, in SmartConsole, some logs are not shown.

PRJ-25438,
PRHF-17184

Logging

On a Management Server, with SmartEvent enabled and many Networks configured in the database, login to SmartConsole may fail with an "Error: the operation timeout" message and the FWM process is running with a high CPU. Refer to sk167239.

PRJ-14120,
PRHF-11778

Logging

Syslog messages are not shown in SmartConsole, when syslog_free_text_parser.C contains references to ".ini" files which are located in Syslog folder $FWDIR/conf/syslog.

PRJ-26678,
PRHF-17724

Logging

Logs that are sent by Log Exporter in CEF format, cannot be displayed if they include non-digit characters in the "dst_phone_number" field.

PRJ-26028,
PRHF-17325

Logging

In a rare scenario, after an NSX Gateway upgrade, enforcement details/identities are not pushed by the controller to the Gateway automatically. It can be done only by manual update. Refer to sk173323.

PRJ-17258,
PRHF-12617

Logging

In SmartConsole:

  • In Gateways and Servers view, IP statuses may not be accurate
  • In the Threat Prevention Policy tab, under "Updates", Gateways IPS update status may not be up-to-date, although the new IPS package was received successfully.

PRJ-19835,
PRHF-14286

Logging

On Gateways with many interfaces, after policy installation or after reboot, Real-Time Monitor (RTM) may consume a high CPU on the Gateway. Refer to sk170928.

PRJ-1688,
PMTR-22797

Logging

In SmartConsole, machine statuses in "Gateways and Servers" may disappear and reappear.

PRJ-32082,
PMTR-74297

Logging

A duplicate entry appears /etc/cpshell/log_rotation.conf. This issue is only cosmetic.

PRJ-28314,
PRHF-18428

Logging

The "Last Update Time" field of a Session Log may show incorrect values.

PRJ-34688,
PMTR-75532

Logging

In some scenarios, in an environment that includes the SmartEvent Server, the LOG_INDEXER process restarts at midnight, producing a core dump file. Refer to sk177805.

PRJ-30089,
PRHF-18939

Logging

In rare scenarios, the LOG_INDEXER process stops working and logs are missing. Refer to sk176403.

PRJ-14117,
PRHF-11778

Logging

Syslog messages are not shown in SmartConsole when syslog_free_text_parser.C contains references to ".ini" files which are located directly syslog folder $FWDIR/conf/syslog.

PRJ-29120,
PRHF-18445

Logging

SmartEvent may not show some of the Anti-Virus logs.

PRJ-32584,
PRHF-20276

Logging

There may be empty values in the "Office Mode IP" field in the Logs view.

PRJ-30660,
PRHF-19620

Logging

  • The "fw log" and "fwm logexport" commands may fail with "Error: Failed to read field".
  • The exported log file may not contain all logs.
    Refer to sk176644.

PRJ-32025,
PRHF-19715

Logging

In some scenarios, the "vpn_user" field is empty in the Logs view and SmartEvent Reports, even though it contains values in the raw log.

PRJ-32015,
PRHF-20117

Logging

When running the "show_logs" API command with "query-id argument" and the session is expired, the command ends with a timeout instead of presenting an error.

PRJ-31614,
PRHF-19834

Logging

Non-English letters in SmartView reports exported as CSV may be displayed incorrectly. Refer to sk175543.

PRJ-25651,
PRHF-17000

Logging

When SmartView Web is configured to not return empty values, a query may fail with a "query failed" message.

PRJ-30546,
PRHF-19084

Logging

In rare scenarios, when QoS blade is enabled, the FWD process may unexpectedly exit. Refer to sk177783.

PRJ-32306,
PRHF-18539

Logging

When configuring an Email alert as an Automatic Reaction in SmartEvent, and the alert contains data from the event, some fields may be missing in the generated email.

PRJ-34688,
PMTR-75532

Logging

In some scenarios, in an environment that includes the SmartEvent Server, the LOG_INDEXER process restarts at midnight, producing a core dump file. Refer to sk177805.

PRJ-31909,
PRHF-19710

Security Gateway

NEW: Added a new kernel parameter "cphwd_medium_path_qid_by_cpu_id". The parameter is disabled by default. Refer to sk175890.

PRJ-32069,
STRM-737

Security Gateway

UPDATE: Check Point Active Streaming (CPAS) TCP Window scale factor is now increased up to 6.

PRJ-31662,
PMTR-68092

Security Gateway

UPDATE: Adding Connection and Packet Distribution statistics in CPView.

PRJ-31964,
PMTR-74144

Security Gateway

In a rare scenario, "Connection/sec" data for accelerated traffic in CPView may differ from the statistics in SNMP.

PRJ-31214,
PRHF-19896

Security Gateway

When a large number of VPN tunnels is configured and each one is used by a static route with ping, the ROUTED process may get incorrect cluster IPs for those tunnels. Refer to sk175887.

PRJ-30610,
PRHF-19614

Security Gateway

In rare scenarios, when SACK is enabled, there may be connectivity issues.

PRJ-20624,
PRHF-14374

Security Gateway

Running the threshold_config command may cause the CPD process to consume a high CPU.

PRJ-22834,
PRJ-22407

Security Gateway

In some scenarios, the "rad_kernel_service_container_add_service" error is printed to dmesg.

PRJ-29626,
PRHF-19049

Security Gateway

In a rare scenario, Security Gateway may crash.

PRJ-30085,
PRHF-18938

Security Gateway

In a rare scenario, when QoS is enabled, Security Gateway may crash while interfaces go down and up.

PRJ-26667,
PRHF-17760

Security Gateway

In a rare scenario, traffic outage may occur. It is caused by a memory leak related to delayed logs.

PRJ-29739,
PMTR-72615

Security Gateway

In a rare scenario, due to TCP connection reuse, a TCP connection may not be initiated Refer to sk11088.

PRJ-29501,
PRHF-18863

Security Gateway

In some scenarios, using automatic Network Static NAT/Address range objects may cause connectivity issues.

PRJ-30247,
PMTR-70219

Security Gateway

Added a translation of the error exit code of cprid_util in $CPDIR/log/cprid_util.elg debug log.

PRJ-30038,
ODU-103

Security Gateway

If wstunnel loses connectivity, after several attempts, it may unexpectedly exit and not restart. Refer to sk166056.

PRJ-32571,
PMTR-74852

Security Gateway

When deleting connection table entries with "fw ctl conntab -x", and using "rule", "service", "type", "flags" or "state" filters, entries that do not match these filters may still be deleted.

PRJ-33902,
PMTR-58175

Security Gateway

In rare scenarios, the LOG_INDEXER process may unexpectedly exit with a core dump file.

PRJ-33270,
PMTR-26836

Security Gateway

The control connection may not be refreshed together with the data connection if the data connection is accelerated. Refer to sk168952.

PRJ-21486,
PMTR-57716

Security Gateway

The FWD process may unexpectedly exit due to a rare race condition. Refer to sk173424.

PRJ-31204,
PRHF-19333

Security Gateway

The Security Gateway may crash during policy installation due to memory allocation problems.

PRJ-29694,
PRHF-19097

Security Gateway

In rare a scenario, a memory leak may occur with a "cpas_streamh_init_from_cookie failed" message printed in /var/log/messages.

PRJ-33994,
PRHF-18340

Security Gateway

In rare scenarios, slow path connections that should be terminated/aborted may remain open until the timeout.

PRJ-33608,
PRHF-20810

Security Gateway

In a rare scenario, the FWD process may unexpectedly exit.

PRJ-33509,
PMTR-75878

Security Gateway

CPView may show corrupted numbers in "F2V-Reasons". This issue is only cosmetic.

PRJ-34265,
PRHF-19587

Security Gateway

The log_exporter process may consume a high CPU.

PRJ-33246,
PRHF-20709

Internal CA, VPN

Creating a certificate for a third party Gateway with Check Point Internal CA may fail on the third party side. Refer to sk176468.

PRJ-33548,
PMTR-74799

Threat Prevention

When IPS Automatic update is enabled, a memory leak may occur in the FWD process. Refer to sk176947.

PRJ-31013,
PRHF-19772

Internal CA

In a rare scenario, when CRL files are created, some of them may be generated with a large number in the filename. When deleting CRL files, CPCA repeatedly fails to start.

PRJ-37471,
PMTR-80602

Identity Awareness,

Identity Logging

UPDATE: Adjusted AD-Query and Identity Logging solutions to work with Microsoft hardening changes in DCOM which were required for CVE-2021-26414. Refer to sk176148.

PRJ-30944,
IDA-4253

Identity Awareness

In some scenarios, persistent high CPU is caused by ADQuery due to a large number of authentication requests.

PRJ-35817,
PRHF-21396

Identity Awareness

On Scalable Platforms\Cluster LS, the Identity Database may become corrupted when an identity session is revoked from a non-master member.

PRJ-29610,
PRHF-18943

Identity Awareness

In a rare scenario, some IPv6 sessions may get deleted due to an incorrect update of Identity Gateway (PEP) kernel tables.

PRJ-32217,
PRHF-20264

Identity Awareness

In some scenarios, access roles are not enforced when using an identity tag.

PRJ-20710,
PRHF-13454

IPS

In rare scenarios, policy installation fails due to duplicate ID in IPS Snort protections.

PRJ-29937,
PRHF-18992

IPS

In rare scenarios, if IPS Geolocation is enabled, the Security Gateway may crash.

PRJ-32502,
PRJ-32415

IPS

In some scenarios, when IPS Automatic update is enabled, a memory leak may occur in the FWD process.

PRJ-30441,
PRHF-17552

DLP

In a rare scenario, the DLP process may leave several open unused file descriptors in the $FWDIR/tmp/dlp directory which may take up a large amount of disk space.

PRJ-36397,
PMTR-31108

Anti-Malware

In some scenarios, dmesg may show the following errors: "cmik_loader_fw_context_match_cb: m atch_cb for CMI APP 3 failed on context 56, executing context 366 and adding the app to apps in exception".

PRJ-32998,
PMTR-75153

SSL Inspection

UPDATE: Upgraded the default Infrastructure for local communication between some processes to TLS 1.2.

PRJ-33403,
PMTR-72934

SSL Inspection

In rare scenarios, TLS probing connections may remain open for extended periods.

PRJ-34157,
PMTR-75807

SSL Inspection

In some scenarios, the WSTLSD daemon may unexpectedly exit during TLS probing.

PRJ-32897,
PRHF-20458

SSL Inspection

In a rare scenario, the WSTLSD process may unexpectedly exit and produce a core dump file.

PRJ-32880,
PMTR-75079

SSL Inspection

When TLS 1.3 support is disabled, a memory leak may occur in the WSTLSD process during TLS session renegotiation.

PRJ-34970,
PMTR-77321

SSL Inspection

In rare scenarios, the WSTLSD daemon may unexpectedly restart.

PRJ-31169,
PMTR-72409

SSL Inspection

A memory leak, related to TLS probing, may occur in the WSTLSD process.

PRJ-31163,
PMTR-72136

SSL Inspection

In some scenarios, the WSTLSD process may unexpectedly close, or a memory leak may occur.

PRJ-30456,
PRHF-19516

SSL Inspection

In rare scenarios, HTTPS connections may hang indefinitely during the TLS handshake, causing timeout.

PRJ-29472,
PMTR-72234

SSL Inspection

In some scenarios, a memory leak may occur when creating ECDHE keys.

PRJ-35938,

PRJ-35934

SSL Network Extender

UPDATE: SSL Network Extender was updated to version 800008304. It provides TLS 1.2 cipher suites support on macOS.

PRJ-31228,
SNX-67

SSL Network Extender

SSL Network Extender (SNX) may fail during large file transfers. Refer to sk87760.

PRJ-25146,
PRHF-14366

SecureXL

In a rare scenario, the TCP Half Closed timer (sk137672) may fail when configured for medium/fast connections.

PRJ-28213,
PRJ-28054

SecureXL

In a rare scenario, DoS/Rate Limiting when using rules with country codes (CC) or autonomous system numbers (ASN) may not update Geo IP files correctly.

PRJ-26949,
PMTR-70242

SecureXL

TCP packets may be dropped as "TCP out of state" although following sk11088.

PRJ-36070,
PRJ-34902

SecureXL

In some scenarios related to sending multicast packets, the ICMP errors may be shown.

PRJ-32936,
PMTR-75157

SecureXL

In some scenarios, when configuring internal/external enforcement for DOS/Rate limiting, a syslog error message may be displayed.

PRJ-28641,
PMTR-67800

SecureXL

A redundant message "ACC: Accelerator started. " is printed in dmesg logs.

PRJ-33352,
PMTR-75438

Routing

  • Security Gateway may crash when OSPF inserts or removes an LSA from its database.
  • Neighbor dead timers may have negative values.

PRJ-31483,
PRHF-19472

Routing

In some scenarios, the Security Gateway may not forward traffic to a client if its IP address is changed by DHCP. Refer to sk175603.

PRJ-31123,
PMTR-73496

Routing

In rare scenarios, if Graceful Restart is not configured on the BGP peer, BGP routes may be lost near the Graceful Restart ending.

PRJ-24053,
PRHF-10260

Routing

In some scenarios, when using DHCP, the Security Gateway may not correctly route traffic to hosts.

PRJ-31470,
PMTR-68362

VPN

UPDATE: In policy installation, the type of messages related to VPN certificate expiration is changed from "info" to "warning". This issue is only cosmetic.

PRJ-29479,
PMTR-72463

VPN

A memory leak may occur in the VPND process in IKEv2 Site to Site VPN.

PRJ-28261,
PRHF-18295

VPN

A memory leak may occur when clearing the CRL cache file.

PRJ-25309,
PRHF-17101

VPN

In rare scenarios, all traffic is dropped with "Rulebase Internal Error" in SmartLog.

PRJ-36234,
PRHF-22206

VPN

A memory leak may occur in the VPND process.

PRJ-32530,
PMTR-74770

VSX

UPDATE: It is now possible to define interface topology as "defined by routes" using the VSX provisioning tool.

PRJ-27966,
PMTR-35890

VSX

When querying a VS for "sysObjectID" via SNMP, a generic net SNMP value is returned ("NET-SNMP-MIB::netSnmpAgentOIDs.10") instead of Check Point value ("SNMPv2-SMI::enterprises.2620.1.6.123.1.62").

PRJ-29549,
PRHF-18753

VSX

After reboot, the VS's clish static arps configurations exist, but the static arps may be missing.

PRJ-22474,
PRHF-15744

VSX

In some scenarios, running the snmpwalk command may fail with incorrect OSPF-MIB information for VSX. Refer to sk172064.

PRJ-30311,
PMTR-72515

Gaia OS

NEW: Gaia API (version 1.6) will now be deployed via Jumbo Hotfix. Refer to sk143612.

PRJ-30291,
PMTR-72997

Gaia OS

UPDATE: Fixed CVE-2021-3711 and CVE-2021-3712.

PRJ-37954,

PMTR-81489

Gaia OS

UPDATE: Upgraded OpenSSL to fix CVE-2022-0778. Refer to sk178411.

PRJ-33684,
PMTR-75891

Gaia OS

Potential vulnerability related to a specific Gaia API command on VSX systems.

PRJ-33504,
PMTR-75443

Gaia OS

Fixed CVE-2021-30361 - Gaia Portal Authenticated Command Injection. Refer to sk179128.

PRJ-30208,
PRHF-19017

Gaia OS

  • VLAN IPv6 address disappears after setting the parent interface state "off" and "on".
  • IPv6 address disappears after enabling Layer 3 bridge interface monitoring.

Refer to sk174969.

PRJ-28691

Gaia OS

When configuring Bond Load Sharing mode, the Security Gateway may restart several times and create vmcore files.

PRJ-34524,
PRHF-21383

CloudGuard

When a Gateway's object name was changed, CloudGuard Central License Tool may fail to distribute licenses to the Gateway.

PRJ-32228,
CGIS-636

CloudGuard

The "vsec_lic_cli update" command now supports IP change in the license string.

PRJ-30231,
PRHF-18342

QoS

In a rare scenario, the FWD process may unexpectedly exit due to invalid QoS logs.

PRJ-27031,
PRHF-16098

QoS

In a rare scenario, when SecureXL is enabled, in SmartView Monitor, some QoS traffic may be shown as "No Match".

PRJ-35155,
ODU-199

Scalable Platforms

NEW: Added a self-updatable package of Check Point Support Data Collector (CPSDC) for Scalable Platforms and Maestro Security Appliances. Refer to sk164414.

PRJ-34439,
ODU-217

HCP

Added Update 6 of HealthCheck Point (HCP) Release. Refer to sk171436.

PRJ-30017,
ODU-181

HCP

Added Update 5 of HealthCheck Point (HCP) Release. Refer to sk171436.

PRJ-22350,
INFRA-528

Infrastructure

UPDATE: Updated Python 2.7.17 to 2.7.18, Python 3.7.7 to 3.7.12, added Python 3.9.7 and a Python3 alias.

PRJ-31765,
PRHF-19016

Infrastructure

Policy installation fails with "Operation failed, install/uninstall has been improperly terminated" when a CMA name is more than 36 characters long. Refer to sk175452.

Take 205

Released and declared as General Availability on 3 January 2022

PRJ-32153,
PMTR-74372

Security Gateway

UPDATE: Apache HTTPD version was updated from 2.4.41 to 2.4.51.

Take 203

Released on 20 October 2021

PRJ-26243,
PRJ-26233

Diagnostics

NEW: Added the Check Point Performance Sizing Utility (CPSizeMe) v5.2.

PRJ-29101,
PMTR-70942

Security Management

In some scenarios, the Administrators view may not filter domain names according to the permission profile of the connected administrator.

PRJ-28646,
PRHF-18202

Security Management

In some scenarios, when using a VPN community, the status of the Global Domain Assignment may change to "not up to date", although no changes were made in the Global Domain.

PRJ-26733,
PRHF-17606

Security Management

In a rare scenario, in the Management API, the "show hosts" command with "details-level full" fails with a "java.util.InputMismatchException: got at least one duplicate UID in requested list, duplicates UIDs:" message.

PRJ-26674,
PRHF-17744

Security Management

The "show gateways and servers" Management API command does not show policy information for cluster members.

PRJ-29185,
PRHF-18470

Security Management

In a rare scenario, High Availability full synchronization may fail due to a large number of records.

PRJ-28296,
PRHF-18362

Security Management

In rare scenarios, High Availability on the Global Domain may fail to synchronize the Multi-Domain Log Server if IPS protection was added or removed in the Threat Prevention rulebase.

PRJ-28533,
PRHF-18063

Security Management

In rare scenarios, Global Policy Assignment may fail with the "class name not found for object" error.

PRJ-29155,
PRHF-18883

Security Management

Scheduled IPS updates data may not be shown in the IPS update report.

PRJ-23125,
PRHF-15939

Security Management

Migration of Security Management Server to a Domain on a Multi-Domain Server may be blocked if there are multiple Certificate Authority objects. Refer to sk174270.

PRJ-28567,
PRHF-18422

Security Management

In some scenarios, the Purge Revisions operation fails with the "An error has occurred while performing revisions purge operation, Incident ID - xxxxx-xxxxxxx-xxxxx-xxxxx" error. Refer to sk174645.

PRJ-25563,
PRHF-17182

Security Management

In rare scenarios, an upgrade may fail when there is an OPSEC Server object configured.

PRJ-27998,
PRHF-18245

Security Management

If Brute Force Password Guessing Protection is set to the value of more than 25 seconds, login to SmartConsole fails.

  • Requires R80.20 SmartConsole Build 124 (or higher).

PRJ-28290,
PRHF-18210

Security Management

In rare scenarios, High Availability incremental synchronization may fail with a wrong status message.

PRJ-25625,
PRHF-17284

Security Management

In rare scenarios, a Management Server upgrade may fail with the "Object not found - [UID]" error message in the cpm.elg log file.

PRJ-24947,
PRHF-16976

Security Management

If there is an Administrator named "Endpoint", an upgrade of Endpoint Security Server from R77.30 version fails.

PRJ-24999,
PRHF-17007

Security Management

After migrating a Domain to a Multi-Domain Management and assigning a Global Policy, if there are objects with the same name in the Domain and Global Domain, the assignment succeeds, although it must fail due to name duplication.

PRJ-25684,
PRHF-17286

Security Management

In some scenarios, a policy installation failure message may show "ReferenceObject" instead of the actual object's name.

PRJ-26181,
PRHF-17487

Security Management

When running the "fwm logexport" command multiple times, the FWM process may unexpectedly exit producing a core file.

PRJ-22382,
PRHF-15325

Security Management

User may fail to connect to SmartConsole after the administrator changed the RADIUS Server host IP address. Refer to sk172065.

PRJ-25515,
PRHF-14000

Security Management

The Management API command "get-attachment" may fail with an error. Refer to sk170894.

PRJ-26504,
PMTR-69683

Security Management

Policy verification may incorrectly fail with a NAT verification error "The range size of Original and Translated columns must be the same".

PRJ-26978,
SMCUPG-1675

Security Management

After migrating a Domain to Security Management Server, the FWM process may be shown as "down" in watchdog, although it is up and running. Refer to sk163814.

PRJ-26121,
PRHF-17476

Security Management

In some scenarios, High Availability synchronization fails in the Global Domain after an IPS update.

PRJ-26627,
PRHF-17230

Security Management

In rare scenarios, during a system startup, a cleanup operation may cause high CPU on multiple Postgres processes and prevent login to SmartConsole. Refer to sk175189.

PRJ-21965,
PRHF-15471

Security Management

Packet Mode search in rulebase ignores matching of inline layer parent rules. In some scenarios, this may retrieve inline layer rules that should not be matched.

PRJ-26903,
PRHF-17725

Security Management,
SmartConsole

In some scenarios, loading the Access Control policy causes SmartConsole to close unexpectedly. Refer to sk175405.

  • Requires R80.20 SmartConsole Build 124 (or higher)

PRJ-26908,
PRHF-16657

Security Management

Policy installation to multiple Gateways from Install Policy Presets may fail if each policy has its own HTTPS Inspection policy.

PRJ-22131,
PMTR-63108

Security Management

In some scenarios, a high load on the Management Server may cause SmartConsole slowness.

PRJ-25797,
PRHF-17324

Security Management

In rare scenarios, if the CPM process is up for many days, CPU and memory consumption may continue to grow until a reboot is performed.

PRJ-23451,
PRHF-16065

Security Management

After upgrade from R77.x, "Cannot assign a Domain more than once" errors may appear in the validations pane.

PRJ-13709,
PMTR-28931

Security Management

In rare scenarios, the SmartEvent Server fails to read from the external Log Server.

PRJ-26899,
PRHF-17584

Security Management

In some scenarios, copying a rule from one Access Control policy to another fails due to a mismatch in the policy Traditional VPN mode.

PRJ-26191,
PMTR-69529

Security Management

In a rare scenario, the FWM process may unexpectedly exit.

PRJ-28380,
PMTR-10273

Security Management

Virtual session timeout for a TCP service cannot exceed 86400 seconds. Refer to sk168872.

PRJ-21785,
PRHF-15257

Security Management

In some scenarios, the output of the "cpmistat" command may contain partial information.

PRJ-28154,
PRHF-17926

Security Management

In rare scenarios, if Domain migration fails, the operation may not revert fully and leave some remnants in the database of the Management Server.

PRJ-15875,
PRHF-11539

Multi-Domain Management

OS information for Domain Servers may not be shown correctly at the MDS level.

PRJ-19979,
PRHF-14468

Multi-Domain Management

In some scenarios, a migration of a Security Management Server into a Domain Management Server fails at the import phase. Refer to sk170758.

PRJ-18905,
PMTR-61579

Multi-Domain Management

In some scenarios, size of MDS backup file increases after each policy installation.

PRJ-24231,
PMTR-64142

Licensing

UPDATE: If there is no license installed, an error message is printed when running the "cpstart" command.

PRJ-28530,
PRJ-28522

Licensing

In a very rare scenario, SmartConsole login attempt mail fail due to high CPU usage of the CPD process.

PRJ-21774,
PMTR-63316

Licensing

In some scenarios, the total number of "sr" licenses may be counted incorrectly.

PRJ-27342,
PMTR-64049

Licensing

In a rare scenario, the licensing status in SmartConsole is displayed incorrectly.

PRJ-26869,
PRHF-17640

SmartConsole

In some scenarios, the Gateway hardware change in SmartConsole fails with a "Changing the hardware to <New_Selected_Check_Point_Appliance> Appliances is blocked." warning.

PRJ-25927,
PMTR-69007

SmartView

NEW:

  • It is now possible to set the default timeframe for all the SmartView web application functionalities.
  • The default value is "Last 24 hours".

Note: The default time frames on the SmartView web application and SmartConsole are not synchronized.

  • Requires R80.20 SmartConsole Build 124 (or higher).

PRJ-23487,
SL-5368

Logging

NEW:

  • In SmartEvent GUI added new products: "Behavioral Guard", "Anti-Exploit", "Anti-Bot" and "Anti-Ransomware"
  • For Endpoint logs correlation, added a new pre-defined event: "Harmony Endpoint" under Legacy -> Endpoint Security.

PRJ-21422,
PMTR-61503

Logging

NEW: The Log Exporter now supports formatting for RSA SIEM application.

PRJ-18858,
SL-4613

Logging

NEW: Added support for Endpoint Forensics reports to get-attachment API.

PRJ-25573,
SL-5164

Logging

UPDATE: The Log Server now supports up to 2700 Gateways (previously was 1024). Refer to sk163413.

PRJ-24436,
SL-5577

Logging

When a Management Server manages more than 1024 Gateways, the connectivity status may show "N/A" for several Gateways.

PRJ-26112,
PMTR-69276

Logging

In a Multi-Domain Management environment, log queries may fail to retrieve results from a CMA or CLM, if there is another CMA or CLM with the same sic_name.

PRJ-24281,
PMTR-66677

Logging

In rare scenarios, when exporting logs to Check Point Infinity Portal, the Log Exporter may unexpectedly exit.

PRJ-26691,
PMTR-70010

Logging

When adding the "UC Block" action, log queries may not show UserCheck logs. Refer to sk174543.

PRJ-25451,
PMTR-68670

Logging

In rare scenarios, logs generated at the same second, with the same ID, may not show up in SmartConsole's Logs tab.

PRJ-15229,
PRHF-12075

Logging

In SmartView, when creating a statistical table and grouping by Time, the query may fail.

PRJ-23761,
PRHF-16328

Logging

In rare scenarios, SmartConsole may unexpectedly close if the pre-defined VPN columns profile in the Logs view was modified and saved.

PRJ-16645,
PMTR-58979

Logging

In the SmartConsole Logs tab, the "IKE IDs" field cannot be added to column profiles.

PRJ-23577,
PMTR-65203

Logging

In some scenarios following a Multi-Domain Management Server upgrade, logs queries may not retrieve results from some CMAs\CLMs.

PRJ-23818,
PRHF-12659

Logging

In rare scenarios, when querying logs with a timeframe larger than 1 day, only 50 logs from each day will be shown.

PRJ-25643,
PMTR-68886

Logging

In SmartView (Reports and Web Logs view), the value of the file size is displayed differently from the Logs view in SmartConsole (GB instead of GiB).

PRJ-23677,
PMTR-62763

Logging

In rare scenarios, in environments with many network objects, when typing a query in the Logs tab Search bar, SmartConsole may close unexpectedly.

PRJ-27298,
PMTR-70643

Logging

After upgrade, SmartView scheduled export to Excel of Reports and Views stop running and users are unable to edit the scheduled tasks Refer to sk174047.

PRJ-22646,
PRHF-15710

Logging

Threat Emulation log description for HTTP emulation is incorrect.

PRJ-21320,
PRHF-15198

Logging

In the Method field, logs with the following values are not shown in the SmartConsole's Logs tab. They are only shown when opening a single log record.

The values are: MOVE, TEXT, XGET, UNDEFINED, VTTEST, ABCD, SEARCH, RPC_CONNECT, PRONECT, TRACK, CFYZ, BADMETHOD, DEBUG, MGET, GET, MKCOL, QUALYS, RNDMMTD, PRI, NESSUS, BDMT, BADMTHD.

PRJ-14236,
PRHF-11770

Logging

In some scenarios, in SmartView, grouping or filtering by the field "Total Bytes" causes the query to fail.

PRJ-20617,
PRHF-14608

Logging

In SmartView, when filtering with specific time filters, the result may include more logs than were requested.

PRJ-27047,
PRHF-17285

Logging

In rare scenarios, Management object changes may not be reflected in the Logs view. When the issue occurs, the CPM process may also consume a high CPU.

PRJ-26723,
PRHF-17205

Logging

In some scenarios, the FWD process on Security Gateway may cause high memory consumption when Log Forwarding is configured or when running the "fw fetchlogs" command.

PRJ-23865,
PRHF-16183

Logging

In SmartView reports, the "Show only icon" option for table widgets does not work as expected.

PRJ-22342,
PRHF-15696

Logging

In SmartView, the "Duration" field is missing from Reports and Views.

PRJ-16982,
PRHF-12847

Logging

In a rare scenario, Application Control events may not be displayed in SmartEvent.

PRJ-27618,
PRHF-18157

Logging

The CPSEMD process on SmartEvent Server may unexpectedly exit when trying to send two automatic reactions simultaneously for the same event.

PRJ-25830,
PMTR-68506

Logging

The LOG_INDEXER process on the SmartEvent Server may consume a high CPU when the Mobile Access blade is enabled on the Gateway.

PRJ-24521,
PMTR-67575

Logging

In a low log rate, there may be a delay in exporting logs using the Log Exporter.

PRJ-30583,
PMTR-63927

Logging

In some scenarios, in Multi-Domain Servers, heavy API requests may fail after an upgrade.

PRJ-16279,
PRHF-11939

Logging

In some scenarios, emails of DLP blade may be sent with obfuscated information, with no option to present the full data. Refer to sk106430.

PRJ-13740,
PRHF-11391

Logging

The "Could not connect to Monitoring Blade" error is displayed when trying to show the "Top Interfaces" view in SmartConsole or SmartView Monitor for a Gateway that has more than 100 interfaces.

PRJ-20495,
PMTR-63033

CPUSE

The "Recommended" Package value is not changed from true to false in SmartConsole while installing Jumbo Hotfix. Refer to sk174508.

PRJ-29416,
PMTR-71855

Security Gateway

In a rare scenario, policy installation on the Security Gateway may fail with an "Error code: 0-2000108" message. Refer to sk170673.

PRJ-28826,
PRHF-18098

Security Gateway

Improved the ICAP Server internal memory allocation logic.

PRJ-27647,
PMTR-70634

Security Gateway

Negative values may appear in the output of the "fw tab -t connections -s" command and under the NAT section.

PRJ-27945,
PRHF-13493

Security Gateway

In some scenarios, the CPD process may consume high CPU because of the memory leak in FDT (File Download Tool).

PRJ-26389,
PRHF-17436

Security Gateway

The WSDNSD process unexpectedly exits and creates a core dump file. Refer to sk173627.

PRJ-26820,
PRHF-17872

Security Gateway

A duplicate entry appears in the /etc/cpshell/log_rotation.conf file. This issue is only cosmetic.

PRJ-26547,
MBS-12769

Security Gateway

In some scenarios, a "fwauthd_init: got known service port XXX ... choosing another one" message appears repeatedly in the $FWDIR/log/fwd.elg file.

PRJ-28439,
PMTR-67536

Security Gateway

A "fw_xlate_rule_count_dec: refcount is negative" message may be displayed in dmesg when IP pool NAT is used on a cluster environment.

PRJ-25025,
PRHF-16667

Security Gateway

In a rare scenario, the FWK process unexpectedly exits on the Security Gateway.

PRJ-22947,
PMTR-55080

Security Gateway

In rare scenarios, policy installation fails with a "gen_rpc_service_inspect_func: service mismatch in service_arr" error message. Refer to sk174165.

PRJ-27159,
PRHF-16851

Security Gateway

In rare scenarios, running the kernel debug "fw ctl debug -m fw1 + misp" on cluster may cause the cluster members to crash.

PRJ-25389,
PRHF-17173

Security Gateway

In some scenarios, there is no match on URL Filtering rules.

PRJ-25549,
PMTR-67991

Security Gateway

In some scenarios, connections are dropped with a "Virtual defragmentation error: fragment table is full" message. Refer to sk180404.

PRJ-25153,
PMTR-67534

Security Gateway

When running the "fwaccel stats -r" command to reset SXL statistics, the statistics may become corrupted.

PRJ-25597,
PRHF-12228

Security Gateway

In some scenarios, packets are dropped due to incorrect SACK translation when SACK and sequence translation are being used together.

PRJ-24006,
PRHF-16196

Security Gateway

In rare scenarios, when the "sd_global_monitor_only" property is set to "true", there is no HTTP inspection.

PRJ-26615,
PRHF-17663

Security Gateway

In some scenarios, "[INFO] encode resource in base64 failed" messages generated by the RAD process are shown in /var/log/messages file.

PRJ-26592,
PMTR-70023

Security Gateway

Configuring the "Virtual Activation Timeout" option above 65535 may lead to an incorrect timeout definition. Refer to sk172464.

PRJ-27073,
PMTR-70300

Security Gateway

In rare scenarios, using IP Pool NAT with only IPv4/IPv6 addresses configured may cause Security Gateway to crash.

PRJ-26376,
PRJ-26257

Security Gateway

In a rare scenario, incorrect error messages regarding the ICAP client flow appear in dmesg. Refer to sk173546.

PRJ-24339,
PRHF-15781

Security Gateway

In some non-VPN scenarios, MSS Adjustment (Clamping) does not work.

PRJ-24739,
PRHF-16868

Security Gateway

In rare scenarios on versions earlier than R80.40, the FWK process may unexpectedly exit.

PRJ-18864,
PRHF-13722

Security Gateway

In rare scenarios, DynamicID authentication fails with a "server_code 403 log_msg General HTTP error" message in vpnd.elg. Refer to sk170303.

PRJ-16918,
PRHF-12897

Security Gateway

In rare scenarios, SmartView Monitor shows an "Error code: 2147483647" message when viewing data from a VSX Gateway. Refer to sk174206.

PRJ-23062,
PMTR-63142

Security Gateway

Improved displayed drop log messages on the Security Gateway:

  1. To see drops since the last reboot, use the "fw ctl drop" command.
  2. To see drops in real time, use the CPView tool.

Refer to sk172232.

PRJ-14622,
PRHF-11760

Security Gateway

After policy installation, Security Gateway may stop responding due to memory leaks.

PRJ-25813,
PRHF-16364

Security Gateway

Added Dynamic Anti-Spoofing stability enhancements.

PRJ-26475,
PMTR-66746

Security Gateway

In some rare scenarios, when IPv6 is configured and Office Mode Anti-Spoofing is enabled, running "cpstop;cpstart" may cause a Security Gateway to crash.

PRJ-26148,
PMTR-69312

Security Gateway

In a rare scenario, a memory leak may occur when IPS / Anti-Bot / Anti-Virus blade is enabled.

PRJ-25734,
PRHF-16886

Security Gateway

In some scenarios, Security Gateway may crash when ICAP client is enabled.

PRJ-25619,
PRHF-15688

Security Gateway

In a rare scenario, Security Gateway may crash when handling some DNS packets.

PRJ-21267,
PMTR-56012

Security Gateway

In some scenarios, emails may be stuck in the MTA queue.

PRJ-24374,
SMB-10515

Security Gateway

A memory leak may occur in a DNS resolving Infrastructure.

PRJ-27556,
PRHF-17949

Security Gateway

In some scenarios, configuring an un-numbered virtual interface may cause ARP requests to stay not answered by the interface. Refer to sk174188.

PRJ-19767,
PRHF-14017

Security Gateway

Security Gateway may crash after policy installation.

PRJ-13162,
PRHF-11027

Security Gateway

The show-global-assignment command may ignore the limit request and return the default limit.

PRJ-29135,
PRHF-18403

Security Gateway

The cpsicdemux process may unexpectedly exit, causing Secure Internal Communication (SIC) connection to fail.

PRJ-26136,
PMTR-69466

Internal CA

UPDATE: Added automatic extension for Internal CA database to support more than 100,000 certificates.

PRJ-26646,
PMTR-70065

Internal CA

UPDATE: Expired certificates are now cleaned from the Internal CA database every three weeks and after reboot. Refer to sk42424.

PRJ-26706

Internal CA

In some scenarios, it is not possible to remove expired certificates via the ICA Management tool.

PRJ-24990,
PMTR-61787

Threat Prevention

UPDATE: Added support for more than 20 CIFS objects in rulebase. Refer to sk170300.

PRJ-26539,
PMTR-69186

Threat Prevention

In some scenarios, the IPS update status in SmartConsole is incorrect after the automatic update fails with the "Update failed. Failed to load database" error.

PRJ-23264,
PMTR-49906

Threat Prevention

In rare scenarios, the "fw load_sigs" command fails to exit appropriately after completing.

PRJ-26991,
PMTR-67597

Identity Awareness

NEW: Added a new Auto-Tune feature for Nested Groups to select the optimal nested state for maximum performance.
The feature is disabled by default. To enable it, refer to sk128212.

PRJ-29492,
IDA-4049

Identity Awareness

UPDATE:

  • Increased the default timeout values of entries: connected_pdp_refresh_interval is now set to 240 seconds and connected_pdp_grace_period is now set to 360 seconds.
  • Added the "Identity information / Network information will be deleted" alert to SmartConsole.

PRJ-26230,
IDA-4019

Identity Awareness

When the PDP Gateway is connected to multiple pre-R81 PEP Gateways, the CPU consumption may be high. Refer to sk173709.

PRJ-26800,
MBS-13669

Identity Awareness

In a rare scenario, the Security Gateway may crash.

PRJ-25922,
PMTR-68088

Identity Awareness

Optimized the PDP expired timers mechanism performance.

PRJ-22280,
PMTR-35594

Identity Awareness

In rare scenarios, the PDPD process unexpectedly exits.

PRJ-29403,
IDA-4087

Identity Awareness

Improved the Identity Server (PDP) performance for publishing new network on Identity Sharing with SmartPull.

PRJ-27189,
PRHF-17768

Application Control

UPDATE: Improved matching of URLs for custom applications.

PRJ-69657,
PRHF-16635

IPS

An HTTP download of a large file may unexpectedly stop with an error message.

PRJ-25206,
IPS-352

IPS

In some scenarios, the DNS response message with record type 0 may be dropped by "Non-compliant DNS" protection.

PRJ-26103,
PRHF-17301

IPS

Security Gateway may crash when the IPS profile name is very long (more than 256 characters). Refer to sk174025.

PRJ-27955,
PRHF-18158

IPS

In some scenarios for HTTP, Gateway closes a connection from the Server side, but the user side may remain open.

PRJ-25754,
PRHF-14540

SSL Inspection

A table hash size may be too small for some environments and cause an increased CPU usage.

PRJ-25213,
PRHF-14178

SSL Inspection

In some scenarios, when HTTPS Inspection is enabled, overall memory consumption may gradually increase. Refer to sk171280.

PRJ-26744,
PRHF-4657

SSL Inspection

Added an option to bypass Name Constraints extension on certificates using a registry flag. Refer to sk159692.

PRJ-22585,
AVIR-527

Anti-Malware

In some scenarios, in a cluster environment, policy installation fails with "Error code: 0-2000049". Refer to sk163257.

PRJ-24627,
TEX-2201

UserCheck

In rare scenarios, in the UserCheck portal for Threat Extraction, when clicking the "Send Original Mail to me" button, the action fails with the "An unexpected error has occurred" error. Refer sk140214.

PRJ-22803,
SNX-61

Mobile Access

When the administrator adds more than 30 native applications, users may fail to connect via SSL Network Extender Application mode.

PRJ-24385,
MBS-12759

ClusterXL

In rare scenarios, a Load Sharing cluster can experience DHCP Relay drops with a "dropped by fw_post_vm_chain_handler Reason: Handler 'dhcp_reply_code' drop" message.

PRJ-27221,
PRHF-17921

SecureXL

In some scenarios, SYN Defender log messages in SmartConsole show "*** MISSING ***" instead of the real log.

PRJ-24538,
PMTR-67556

SecureXL

In a VSX environment, the SYN Defender configuration may not be applied correctly.

PRJ-22787,
PMTR-65162

SecureXL

In a rare scenario, Security Gateway may crash after running the "fwaccel tab -t connections" command.

PRJ-28391

Routing

The checksum of PIM "register" packets may be calculated incorrectly, causing the RP router to discard a "register" packet.

PRJ-25315,
PMTR-68232

Routing

In some scenarios, CPView displays incorrect values of RIP statistics.

PRJ-27056,
PRHF-17925

Routing

In some scenarios, the ROUTED process may unexpectedly exit when there is a static route and a kernel route to the same destination.

PRJ-26958,
PMTR-65589

Routing

The ROUTED process may unexpectedly exit when candidate RP is enabled, and a rapid failover occurs or when the candidate RP interface is disconnected.

PRJ-26966,
PMTR-66574

Routing

In some scenarios, the ROUTED process may produce a core dump when it receives IGMPv3 Membership Reports over a long period of time.

PRJ-28836,
PMTR-51501

Routing

In some scenarios, an outage may occur because of premature graceful-restart exit.

PRJ-26750,
PRJ-26751

Routing

In some scenarios, the NetFlow Packet may report a wrong source IP Address.

PRJ-28954,
PRHF-17739

Routing

The ROUTED process may unexpectedly exit.

PRJ-29493,
ROUT-1745

Routing

BGP sessions may unexpectedly close because of unrecognized AFI/SAFI pairs in multiprotocol capability advertisements from a peer.

PRJ-29316,
ROUT-1721

Routing

AS path loops may occur, although BGP multihop is configured.

PRJ-30697,
PMTR-72756

VPN,
HTTPS Inspection

A memory leak in HTTPS Inspection and HTTPS portals may occur when using ECDHE ciphers.

PRJ-22115,
PMTR-31204

VPN

In rare scenarios, after policy installation, the VPND process may unexpectedly exit with core dump.

PRJ-31026,
PRHF-19776

VPN

Many "remote access client IP address and port were changed" logs are generated after an upgrade.

PRJ-28502,
PRHF-18400

VPN

A memory leak may occur in the VPND process.

PRJ-28509,
PRHF-18408

VPN

In some scenarios, a memory leak may occur on the Security Gateway.

PRJ-29279,
PRHF-18818

VPN

In rare scenarios, re-configuring a trusted CA bundle may cause a memory leak in the VPND process.

PRJ-26396,
PRHF-17622

VPN

Policy installation may fail when VPN community is not configured on the Security Gateway. Refer to sk174235.

PRJ-23964,
PRHF-16338

VSX

UPDATE: Added ability to change the Management and Sync interfaces via vsx_util change_interfaces.

PRJ-22688,
PMTR-65535

VSX

This fix allows create/change a VSX cluster/Gateway to have up to 32 CoreXL instances with VSX Provisioning Tool. Currently, it is possible to do this only in SmartConsole.

PRJ-26129,
PMTR-53985

VSX

After upgrade, the VS names may be displayed incorrectly in the output of the "vsx stat -v" command.

PRJ-25021,
PRHF-14371

VSX

In some scenarios, the "cpstat vsx" command does not show the correct output. Refer to sk170793.

PRJ-27040,
PMTR-67834

VSX

VSX provisioning may fail to commit changes to the VSX database. Refer to sk173683.

PRJ-27974,
PMTR-69876

Gaia OS

A memory leak may occur on a Security Gateway while configuring Secure Internal Communication (SIC).

PRJ-24593,
PRJ-26110,
PRHF-16780

Gaia OS

When the RADIUS Server uses a multi-pool "Access Challenge", the system sends many authentication requests without waiting.

PRJ-25004,
PMTR-49877

Gaia OS

In some scenarios, the force-password-change option does not work.

PRJ-28793,
PRHF-18683

Gaia OS

In a rare scenario, a memory leak may occur in the monitord process.

PRJ-25247,
PMTR-68435

Harmony Endpoint

In some scenarios, the Policy Server fails to synchronize with Endpoint primary Management after installing a hotfix for local E1 signature updates.

PRJ-25387,
PRHF-17170

CloudGuard IaaS

CloudGuard Controller with Cisco ACI Data Center sends updates without IP addresses to Security Gateways.

PRJ-25725,
PMTR-68887

QoS

A memory leak may occur when using domain names in QoS policy rules. Refer to sk174904.

PRJ-27246,
ODU-123

HCP

Added Update 3 of HealthCheck Point (HCP) Release. Refer to sk171436.

PRJ-24085,
ODU-91

HCP

Added Update 2 of HealthCheck Point (HCP) Release. Refer to sk171436.

PRJ-22796,
ODU-81

HCP

Added Update 1 of HealthCheck Point (HCP) Release. Refer to sk171436.

PRJ-22319,
PRHF-15689

Infrastructure

In some scenarios, the cpmiquerybin and dbedit processes may unexpectedly exit causing buffer overflow.

Take 202

Released on 30 May 2021 and declared as General Availability on 7 July 2021

PRJ-25035,
SMCUPG-1653

Security Management

UPDATE: If there is no license on the Security Management Server, a new verification blocks an attempt to migrate a domain.

PRJ-22073,
PRHF-15725

Security Management

In rare scenarios, the Management Server may fail to start because Solr fails to initialize.

PRJ-24484,
PRHF-16631

Security Management

In very large Management environments, Policy verification and installation may fail with FWM process core dump. Refer to sk173722.

PRJ-24910,
PMTR-67937

Security Management

"Unauthorized client" error on login failure from an IP address that is not explicitly defined in the Trusted Clients list. Refer to sk173026.

PRJ-22439,
PRHF-15754

Security Management

Upgrade or migration from R80.10 and lower to R80.20 and higher may fail with "Scheme adjustment had failed" error in logs. Refer to sk172003.

PRJ-13068,
PRHF-11089

Security Management

In rare scenarios, during a Global Policy Reassignment, the Management Server may unexpectedly exit and fail to start again.

PRJ-21397,
PRHF-15001

Security Management

In rare scenarios, deleting an object fails with "Can't reach source object, maybe it already deleted" error. Refer to sk172828.

PRJ-22209,
PMTR-61168

Security Management

In rare scenarios, concurrent update operations performed by several administrators on the Management Server may fail.

PRJ-20807,
PMTR-62949

Security Management

On Security Management with connected Endpoint Security Server, the SICTUNNEL process may unexpectedly exit and start again every few minutes with core file ~4gb in size. Refer to sk173704.

PRJ-15903,
PRHF-12367

Security Management

Security policy compilation fails if the Domain network object name (FDQN name) contains space.

PRJ-23771,
PMTR-66072

Security Management

"Query failed" error is displayed in Security Gateway Device & License Information view in SmartConsole when canceling the "Export to PDF/CSV" operation.

PRJ-23920,
PMTR-64482

Security Management

SmartConsole Extensions fail to load with "Error: unable to retrieve read-only session" if login with SmartConsole is performed with an IP address that is not defined as the primary IP of the Management Server.

PRJ-22870,
PRHF-15786

Security Management

In some scenarios, policy installation fails with "Error code 0-2000077" message.

PRJ-21255,
PMTR-62918

Security Management

In some scenarios, the log file of PostgreSQL (postgres.elg) may become very large.

PRJ-22610,
SMCUPG-1375

Security Management

In some scenarios, a Domain migration may fail during the Access Policy import with the "Object not found" error in cpm.elg file.

PRJ-17226,
PRHF-12911

Security Management

In some scenarios, Apache does not start and shows a "No space left on device" message if the user runs "cprestart" frequently.

PRJ-23541,
PMTR-66182

Security Management

In some scenarios, HA sync in a Multi-Domain environment may fail with the "Failed to import data" error message after the user creates new Permission Roles.

PRJ-9514,
PRHF-8550

Security Management

The Rule UID is hidden in Audit logs. Refer to sk165016.

PRJ-22844,
PMTR-61785

Security Management

Running override_server_setting.sh may not update settings correctly when updating a setting multiple times.

PRJ-22128,
PMTR-61861

Security Management

In a rare scenario, Management HA synchronization fails after the Purge Revisions operation.

PRJ-21916,
PRHF-15491

Security Management

In some scenarios, Desktop policy fails with "Policy installation had failed due to an internal error. If the problem persists please contact Check Point support". Refer to sk171970.

PRJ-24757,
PRHF-16660

Multi-Domain Management

Global Policy Assignments may be missing in Multi-Domain environment after upgrade from R77.x.

PRJ-23695,
PRHF-16119

Multi-Domain Management

Global Policy Reassignment may take a long time to complete after an IPS Update in the Global Domain.

PRJ-22636,
PRHF-15727

Multi-Domain Management

In rare scenarios, the Multi-Domain Management Server may fail to start if Domains were previously deleted.

PRJ-24213,
PMTR-65200

Multi-Domain Management

In Multi-Domain environment, the same Domain may appear twice in the Domains view of the SmartEvent application.

PRJ-22136,
PMTR-64481

Multi-Domain Management

A Multi-Domain Server with dozens of Domains may take a long time to start.

PRJ-21910,
PMTR-64572

Multi-Domain Management

In some scenarios, installation of Jumbo Hotfix on Multi-Domain Server may fail after running restore from backup.

PRJ-24018,
PMTR-66953

Multi-Domain Management

In some scenarios, after an upgrade of a Multi-Domain environment that has active Domains on multiple Multi-Domain servers, some objects may not be visible in the System Domain.

PRJ-22520,
PMTR-65290

Multi-Domain Management

In some scenarios, Reassign Global Domain for a Domain that is active on another Multi-Domain Server may fail with "An internal error has occurred" message. Refer to sk172704.

PRJ-22580,
SMCUPG-1625

Multi-Domain Management

In some scenarios, HA Full Sync on the System Domain fails after an upgrade on a Multi-Site environment with multiple Multi-Domain Servers. Refer to sk171059.

PRJ-13188,
PRHF-11482

Multi-Domain Management

In a rare scenario, Advanced upgrade from R80.10 may fail.

PRJ-22594,
PRHF-15856

Multi-Domain Management

Create Domain action may fail with a "License violation detected" error even though CPSM-DOMAINS-1 license is applied on the Management Server.

PRJ-22201,
PMTR-32568

SmartConsole

In some scenarios, a validation warning may appear on an updatable object with the following message: "Object is no longer supported. Enforcing security for this object is not possible." However, the object is still available in the updatable objects picker.

PRJ-19497,
PMTR-61526

SmartConsole

"The object specified in 'Always send alerts to' field, has no active 'Logging & Status' blade" error may be displayed after running the "add-simple-gateway" command in Management HA environments where one of the Security Management servers has the "Logging & Status" blade disabled. Refer to sk172226.

PRJ-21621,
PRHF-15156

SmartConsole

In some scenarios, FWM process logs show Provisioning/LSM activity even though LSM is not in use. Refer to sk171905.

PRJ-17274,
PMTR-59746

SmartConsole

The "Recent Tasks" view allows only Super Users to view other administrators' tasks.

PRJ-21600,
PRHF-13197

Compliance

In some scenarios, an incorrect Compliance status for Gaia OS Best Practices is displayed.

PRJ-16049,
PRHF-11884

Compliance

Deactivated Compliance Best Practices appear in the Compliance report.

PRJ-21183,
PMTR-61750

Logging

NEW: Resource pools for log queries and report generation have been separated to ensure query responsiveness while multiple reports are generated.

PRJ-25143,
PRJ-25135

Logging

NEW: Added support for JSON format in Log exporter.

PRJ-20255,
PMTR-57895

Logging

NEW: Log exporter allows the re-export of logs based on starting and end positions provided by the user, to close possible gaps. Refer to sk122323.

PRJ-23646,
PMTR-64536

Logging

In some scenarios, when exporting logs using the Log exporter tool and filtering on all Threat Prevention blades, logs of "Anti Spam" blade are not exported.

PRJ-24892,
PRJ-24893

Logging

Starting from Jumbo Take 183, logs exported in LogRhythm format via the Log Exporter, appear in an incorrect format.

PRJ-12424,
PRHF-10612

Logging

In some scenarios, exported FireWall logs from a Security Gateway to an external syslog serve (sk87560) contain a redundant new line character.

PRJ-24227,
PRJ-21113

Logging

In some scenarios, when declaring a filter in Log Exporter, logs may not be exported. Refer to sk173025.

PRJ-23202,
PMTR-65244

Logging

In rare scenarios, when creating a Log server object and establishing SIC, log queries from the newly created Log server object may fail.

PRJ-15324,
PMTR-52927

Logging

In some scenarios in SmartView, exporting a report or view to PDF duplicates the item and displays it twice in the Catalog until the export is done.

PRJ-23006,
PRHF-15886

Logging

In rare scenarios, when the user exports logs to Excel using SmartView web, the action fails when the exported logs contain special characters, like emojis.

PRJ-23413,
PMTR-60082

Logging

In SmartView's "Cyber Attack View - Endpoint", the widgets Active/Dormant Attacks and Cleaned/Blocked Attacks show clean hosts as infected (false positive results).

PRJ-15782,
PRHF-11889

Logging

In SmartView, when the user exports a container widget with charts to PDF, some data may be missing, and the charts may be shown in a distorted manner.

PRJ-21364,
PMTR-63927

Logging

In some scenarios, in Multi-Domain servers with many domains, the Solr process for logs may unexpectedly exit.

PRJ-20816,
PMTR-59484

Logging

In SmartView, chart and timeline widgets may show a "Query Failed" error.

PRJ-23155,
PMTR-62454

Logging

When viewing an Access log card that was matched on both a Network layer (firewall) rule and an Application layer rule, and both actions are "Accept", the application layer rule will be presented in the card instead of the network layer rule. Refer to sk172763.

PRJ-22182,
PMTR-58496

Logging

In SmartView, when the user exports multiple PDF/CSV/Templates of the same view/report at the exact same time, the second export to complete may overwrite the first one.

PRJ-22246,
PMTR-65133

Logging

In some scenarios, in the "Views and Reports" of SmartView, it is not possible to use the field "Roles".

PRJ-21143,
PMTR-51637

Logging

In SmartView, when opening a log card popup in lower resolutions, the text in the header may be cut off.

PRJ-18557,
PRHF-13614

Logging

In the "Logs" view in SmartConsole, when the query filter contains "time:yesterday" as a literal, the query fails with a "Query resolution failed" error. The pre-defined time filter "Yesterday" shows results from today. Refer to sk170999.

PRJ-21292,
PMTR-62117

Logging

  • In environments with more than 500K network objects, the log_indexer process may lead to a memory leak.
  • In some scenarios, when there are offline logs to index, queries are slower than expected.

PRJ-2291,
PRHF-4121

Logging

A super user connected to SmartConsole in the context of the Domain Management Server cannot see search suggestions for global objects.

PRJ-21899,
PMTR-64675

Security Gateway

NEW: Added new troubleshooting tool to cplic command for Entitlement manager.

PRJ-22692,
PRHF-14534

Security Gateway

UPDATE: Security Gateway performance optimizations for specific scenarios. Refer to sk174607.

PRJ-10987,
PRHF-8504

Security Gateway

UPDATE: Added L3 routing support for bridge interface assigned with IP address. To enable it, set fw_bridge_with_ip_routing=1 in the $FWDIR/fwkern.conf file. Refer to sk165560.

PRJ-20979,
PRHF-14104

Security Gateway

In rare scenarios, the CPD process unexpectedly exits when the VPN is enabled, and statuses are not sent to the Management Server.

PRJ-23945,
PMTR-66474

Security Gateway

In a rare scenario, Security Gateway may crash when running in USFW (User-Space Firewall) mode.

PRJ-22621,
PRHF-15835

Security Gateway

In some scenarios, the VSX Cluster switch may cause a core dump.

PRJ-704,
MCFG-159

Security Gateway

In rare scenarios, the FWD process on the Security Gateway may unexpectedly exit when the user configures a non-existing log server.

PRJ-23424,
PMTR-65909

Security Gateway

The VPND process may consume high CPU because of ECDHE use, which affects multi-portal functionality. Refer to sk173145.

PRJ-23455,
PMTR-66212

Security Gateway

In some scenarios, values set in fwkern.conf may not be applied correctly.

PRJ-23038,
PMTR-65729

Security Gateway

In a rare scenario, Security Gateway may crash during the Application Control / IPS / Anti-Bot package update.

PRJ-25908,
PMTR-69241

Security Gateway

In a rare scenario, machine hangs and the user is unable to run any command. Refer to sk173405.

PRJ-19797,
PMTR-60336

Security Gateway

Improved the policy enforcement of the ZIP archive inner files.

PRJ-23397,
PRHF-15802

Security Gateway

Added support for "Other" services configured with IP protocol, but without advanced "Match" expression.

PRJ-21669,
PRJ-8275

Security Gateway

In some scenarios, a Security policy installation fails during high CPU utilization.

PRJ-19409,
PMTR-60877

Security Gateway

The "new-conn-rate" DOS/Rate limiting rules may not be enforced in usermode when enforcement for internal interfaces is disabled.

PRJ-21469,
PRHF-14963

Security Gateway

When the Security Gateway is configured as a proxy, some network objects may not be matched correctly.

PRJ-21309,
PMTR-63867

Security Gateway

Allow automatic configuration of Identity Awareness nested group state 4 for Security Gateways with a previously installed fix for IDA-754.

PRJ-24296,
PMTR-67184

Security Gateway

In a rare scenario, the FWK process unexpectedly exits on the Security Gateway.

PRJ-11764,
PMTR-41719

Security Gateway

"cpas_glue_psync_h: No synced opaque" error messages may appear in dmesg as a result of the synchronization of the members in the cluster. Refer to sk167033.

PRJ-23098,
PRHF-13417

Security Gateway

The connection may not exist in SecureXL connection table when configuring Smart Connection Reuse kernel parameters and allow out of state TCP packets.

PRJ-22935,
PRHF-13912

Security Gateway

When using "User Alert 3" in the code alert, cosmetic error "FW-1: fwdrv_get_string_id_from_code: illegal parameters for code 8" appears in the /var/log/messages file.

PRJ-22370,
PRHF-15705

Security Gateway

In some scenarios, the Security Gateway attempts to access the Management Server through the server's NAT IP address (defined in the "NAT" section of the server object), while the server is reachable only through the main IP address (defined in the "General Properties" section of the server object).

Refer to sk171665 to configure the required parameter SKIP_NATTED_IP.

PRJ-22452,
PMTR-64448

Security Gateway

In a rare scenario, Security Gateway may crash with fwk and fwk_wd core dump files.

PRJ-25269,
PMTR-68358

Internal CA, VPN, Multi-Portal

UPDATE: The IKE certificates validity period is set to 1 year by default. Refer to sk176527.

PRJ-22078,
PMTR-64650

Internal CA

In a rare scenario, "This operation is not supported on STANDBY members" message is displayed and the cpca_client process unexpectedly exits when trying to renew a certificate on a standby Domain.

PRJ-23140,
PMTR-65727

Internal CA

The output of the "lscert" command has duplicate lines for all certificates that are not in "pending" status

PRJ-21723,
PMTR-64420

Content Awareness

In a rare scenario, Security Gateway may crash when CPcode is running within Content Awareness or parser flow.

PRJ-21969

Identity Awareness

In a rare scenario, the PDPD process may unexpectedly exit due to synchronization issues in CaptivePortalManager.

PRJ-26474

Identity Awareness

There may be enforcement issues with Terminal Servers agent (MUH Agent) sessions.

PRJ-22356,
IDA-3759

Identity Awareness

In some scenarios, output of "pdp conn pep" command may show wrong PEP names.

PRJ-21496,
IDA-3194

Identity Awareness

Added optimization for PDP when handling Terminal servers Multi-User Host Agent (MUH).

PRJ-21454,
PRHF-14980

Identity Awareness

In some scenarios, VPN Remote Access client fails to connect if a certificate contains a DN with an asterisk (*).

PRJ-23515,
PMTR-20344

Application Control

The fw_full (FWD daemon) unexpectedly exits, producing a core dump file and causing a cluster failover.

PRJ-21768,
PMTR-58795

Application Control

A failure log may be generated when inspecting connections to servers with certificates without a Common Name (CN) field.

PRJ-21293,
PMTR-63495

URL Filtering

UPDATE: Improved RAD event output to provide additional information on events, such as detailed timing This update also activates the retry mechanism by default.

PRJ-14540,
PMTR-52079

IPS

UPDATE: Exceptions are now enforced for these IPS protections:

  • ASCII Request Response
  • ASCII Response Response
  • HTTP Header Patterns
  • HTTP URL Patterns
  • CIFS File Patterns

Refer to sk166222.

PRJ-23305,
PRJ-23295

IPS

UPDATE: Added support for PM statistics when IPS is disabled.

PRJ-19940,
PMTR-58379

SSL Inspection

UPDATE: Avoid sending the TLS probe during inbound inspection when it is not necessary for the SNI-based categorization.

PRJ-21690,
PMTR-63310

SSL Inspection

UPDATE: Avoid sending the TLS probe during the inbound inspection when a rule is matched according to the IP address.

PRJ-21707,
PMTR-64263

SSL Inspection

In rare scenarios, a memory leak may occur in a crypto module.

PRJ-24464,
PMTR-66181

SSL Inspection

In rare scenarios, the WSTLSD daemon may unexpectedly exit during TLS probing.

PRJ-19853,
PMTR-61029

SSL Inspection

TLS probing failures generate logs with a general description in SmartLog: "Internal system error in HTTPS Inspection (Error Code: 2)". With this fix, more descriptive logs will be generated.

PRJ-24461,
PMTR-65718

SSL Inspection

In some scenarios, memory leaks may occur after policy installation.

PRJ-19775,
PMTR-57233

SSL Inspection

In some scenarios, the WSTLSD process may unexpectedly exit when browsing to certain websites.

PRJ-19779,
PMTR-58480

SSL Inspection

A memory leak may occur during policy installation.

PRJ-20266,
PRHF-14501

Anti-Malware

Packet capture may not be generated for certain IPS protections.

PRJ-21060,
PMTR-54248

Anti-Malware

In a rare scenario, HTTP connections are timed-out.

PRJ-22018,
PMTR-63963

Anti-Malware

In rare scenarios, the Threat Prevention Blade Exception used for performance optimization does not work as expected.

PRJ-24142,
PMTR-67140

SecureXL

UPDATE: Firewall debug drop template message now indicates the rule ID the template was created from.

PRJ-24649,
PMTR-67738

SecureXL

In some scenarios, the "reached the limit of maximum enqueued packets!" log is printed in the /var/log/messages file.

PRJ-21696,
PMTR-64360

SecureXL

NEW: Added the fwha_disable_ccp_on_monitor global kernel parameter. The parameter turns on/off the sending of CCP packets on link monitor interfaces.

PRJ-22165,
PRHF-15607

SecureXL

Rate limiting rules using concurrent-connection counters may cause connections to be blocked.

PRJ-22286,
PMTR-62849

SecureXL

TCP reset packets may be dropped with an invalid sequence.

PRJ-19369,
PRHF-14133

SecureXL

Security Gateway may crash when the user runs "fwaccel tab -t" to view certain rate limiting tables that have a large number of entries.

PRJ-22913,
PRHF-15478

SecureXL

Improved the Smart Connection Reuse feature to be consistent with the user configuration. Refer to sk24960.

PRJ-22433,
PRHF-15755

SecureXL

In some scenarios, the concurrent-conns rate limiting count may be inaccurate for FTP data connections.

PRJ-20698,
PRJ-20682

SecureXL

In some scenarios, not all IP addresses listed in Deny List file $FWDIR/conf/deny_lists are loaded.

PRJ-23457,
PRHF-16084

SecureXL

A race condition in the DOS/Rate limiting policy's install logic may cause incorrect counter values for "concurrent-conns".

PRJ-23057,
PMTR-60766

SecureXL

In some scenarios, SecureXL drops the TCP traffic for the particular connection for invalid state reasons. This fix enables the new property per specific VS in VSX environment. Refer to sk147093.

PRJ-16531,
PMTR-54703

Routing

UPDATE: The user does not have to enable logging/accounting in SmartConsole to generate the Netflow records. A new 'NetFlow Firewall rule' option was added to configure NetFlow to report per Firewall rule by turning it on and enabling Log/Accounting per rule.

PRJ-24788,
PMTR-48384

Routing

In some scenarios, OSPF configured with unnumbered VTI on cluster frequently moves between "Full" and "EXSTART" status.

PRJ-24713,
PRHF-16801

Routing

In OSPF environment, the routed process may unexpectedly exit when a VPN tunnel is flapped leading to a temporary connectivity loss.

PRJ-23246

Routing

Gaia VRRP member freezes when deleting a VLAN interface. Refer to sk106226.

PRJ-13303,
PMTR-63247

VPN

NEW: Added 3 new views to SmartView for Remote Access, providing visibility for Remote Access users, users login summary, failed login attempts, used clients, top login options, number of users, operating systems, authentication methods and login activity.

PRJ-15566

VPN

In some scenarios, NAT-T traffic is sent to the wrong next-hop MAC address. Refer to sk116453.

PRJ-25486,
PMTR-68687

VPN

In VSX environments, Anti-Spoofing in SecureXL may cause Remote Access VPN drops. Refer to sk173266.

PRJ-22410,
PMTR-60014

VPN

In some scenarios, L2TP tunnel is not deleted completely upon disconnection.

PRJ-22540,
PRHF-14102

VPN

Added stability fix in validation checks for ECDSA certificates.

PRJ-25096,
PRHF-11938

VPN

Tunnel Test packets may be dropped by the Secure Configuration Verification (SCV) check when implied rules are disabled. Refer to sk168033.

PRJ-23300,
PMTR-66146

VPN

In rare scenarios, the VPND process may unexpectedly exit in an L2TP-related flow.

PRJ-7475,
VPNRA-297

VPN

The VPND process may unexpectedly exit during policy installation when the Mobile Access blade is used.

PRJ-21540,
PMTR-64128

VPN

Added VPN Remote Access stability improvement.

PRJ-17113,
PMTR-62229

VPN

Remote Access VPN policy installation optimization. Refer to sk173947.

PRJ-22179,
PMTR-34300

VPN

In a rare scenario, there may be an incorrect IKE ID in an ID payload with 3rd party peers in IKEv1 and IKEv2.

PRJ-19901,
PRHF-14090

VPN

Mobile Access SNX may fail to connect to the Security gateway when the realm used by the client is different for the SSL VPN realm.

PRJ-22303,
PRHF-15006

VPN

When static NAT is configured on a destination, the SCV may fail to access the internal resources and "No scv status from client..." drops appear in SmartConsole. Refer to sk171550.

PRJ-21258,
VSX-2520

VSX

Allow the addition of routes with specific group of type "Group with Exclusion" when using VSX Provisioning tool.

PRJ-21426,
PRJ-21427,
PRJ-21424

Gaia OS

NEW: Added support for hardware (sensors/NICs) data auto-update.

PRJ-19563,
PRJ-19562,
PRJ-19531

Gaia OS

NEW: Gaia API (version 1.5) will now be deployed via Jumbo Hotfix.

PRJ-24192,
PRHF-15900

Gaia OS

In rare scenarios, "show asset network" command may lead to memory leak. Refer to sk174823.

PRJ-24370,
PMTR-49877

Gaia OS

In some scenarios, the force-password-change option does not work.

PRJ-10194

Gaia OS

Entering diacritic characters in the Expert password may cause Clish to unexpectedly exit, resulting in a core dump.

PRJ-25175,
PRJ-25087

Gaia OS

In some scenarios, when adding a "#" in the login banner, the banner becomes corrupted.

PRJ-17585

Gaia OS

The "set snmp usm user" command fails if it has more then 8 characters. This fix increases the characters limit to 31.

PRJ-22000,
PRJ-22001,
PMTR-56379

Gaia OS

In rare scenarios, SNMP user details may be visible in /var/log/messages file.

PRJ-21926,
PRJ-17304

Gaia OS

Unable to set MTU on Igb cards.

PRJ-20918,
PRHF-14900

QoS

Security gateway may crash in QoS flow when interface goes down and up during packet processing.

PRJ-24288,
ODU-83

Smart-1 Cloud

Added Update #1 of Quantum Smart-1 Cloud. Refer to sk166056.

Take 190

Released on 28 February 2021 and declared as General Availability on 12 April 2021

PRJ-7662,
PMTR-46091

CPview

CPview may show partial information, if there are more than 256 interfaces configured on the system.

PRJ-18836,
PRHF-13728,
PRJ-21003,
PRHF-14969

Security Management

NEW: Improved FWM process performance during Security policy or database installation.

PRJ-19949,
PMTR-62429

Security Management

NEW: Added new Management HA utility to schedule automatic full syncs to peers that failed to be synchronized incrementally.

PRJ-20070,
MCFG-229

Security Management

NEW: Optimized the Solr build time to improve performance in the following operations:

  • Restore of the entire MDS/MLM from backup
  • Upgrade from R80.10
  • Solr Cure

PRJ-19998,
PRHF-14293

Security Management

UPDATE: Added improvements in policy load process, to reduce the policy installation time when having large amount of objects.

PRJ-19698,
PRJ-13465

Security Management

UPDATE: If a Management HA synchronization stalls (displaying "Peer is busy"), it will be released within 2 hours instead of 24 hours.

PRJ-20029,
PMTR-61770

Security Management

UPDATE: When purging revisions, task notifications will also be purged if created before the last revision to purge was published.

PRJ-21589,
PRHF-15244

Security Management

Although the Access Settings of the Management API is set to "All IP addresses", the API server does not accept requests from any IP address unless the IP is defined explicitly as a Trusted Client.

PRJ-20885,
PRHF-14946

Security Management

In some scenarios, when connecting to an existing session in SmartConsole from a different IP address, a wrong "Client IP" is shown in Audit Logs view.

PRJ-18473,
PRHF-13644

Security Management

In some scenarios, the first environment variable configured using sk165938 is not loaded and not used by the CPM process.

PRJ-18896,
PRHF-13860

Security Management

Policy installation may fail after migration from Domain Management to Security Management Server.

PRJ-20115,
PMTR-60541

Security Management

In a rare scenario, the FWM process unexpectedly exits.

PRJ-18815,
PRHF-13819

Security Management

Management HA synchronization between Multi-Domain Management Servers may fail with "Failed to import data" error due to manual or automatic updates of contracts.

PRJ-19023,
PMTR-61616

Security Management

In rare scenarios, FWM process may unexpectedly exit after a login attempt to the Management server.

PRJ-18490,
PRHF-13681

Security Management

In rare scenarios, a policy installation task may never complete.

PRJ-20852,
SMCUPG-1316

Security Management

Management Server upgrade from R80.20 to R80.40 may fail if a Network Interface object refers to a Gateway object that does not exist.

PRJ-20840,
SMCUPG-1454

Security Management

When migrating a Domain Management Server to a Security Management Server:

  • SmartEvent blade cannot be activated on the migrated domain
  • If the Domain had standby Domain Servers , it may cause inconsistencies in the database, that may result in different failures. For example, policy installation may fail.

PRJ-20302,
PRHF-14634

Security Management

In some scenarios, deleting a Domain Server may fail with "Got at least one duplicate UID in requested list" error.

PRJ-17690,
PRHF-13332

Security Management

In some scenarios, HA temporary sub-directories under $FWDIR/tmp are not deleted if sync fails. Refer to sk170972.

PRJ-16472,
PMTR-58630

Security Management

Login with SmartConsole is blocked while the purge revisions task is running.

PRJ-19953,
PRHF-14394

Security Management

The Management HA window in SmartConsole may mistakenly show the "Peer is busy" warning message for a few seconds.

PRJ-18286,
PMTR-61010

Security Management

In rare scenarios, the CPU and memory usage of the CPM process may be abnormally high. Refer to sk170672.

PRJ-20763,
PRHF-14399

Security Management

High load may occur on the Management Server when searching for a prefix of IP address that has more than 10 thousand matches.

PRJ-20802,
PRHF-14691

Security Management

In some scenarios, delete partial domain with createDomainRecovery.sh script fails when there are several RadiusGroup objects with the same name in different domains.

PRJ-21584,
PRHF-15222

Security Management

In rare cases, the CPM Solr process may not be stopped when running cpstop or mdsstop.

PRJ-21187,
PMTR-63358

Security Management

In rare scenarios, logout from a session fails with "An internal error has occurred" message.

PRJ-21357,
PRHF-14606

Security Management

In some scenarios, the Purge Revisions task may stop and show 0% for hours or fail with the "An error has occurred while performing revision purge operation" message in SmartConsole.

PRJ-17787,
PRHF-13382

Security Management

In some scenarios, policy verification for static NAT rules succeeds even though the source subnet NAT is bigger than the destination subnet NAT.

PRJ-16470,
PMTR-58631

Multi-Domain Management

UPDATE: When reassigning Global Domain for a Domain that is active on another Multi-Domain Server, the task is immediately relayed to the remote Multi-Domain Server without waiting in queue of the local server due to other tasks that are running.

PRJ-17211,
PRHF-12851

Multi-Domain Management

UPDATE: With this fix, mds_backup will backup the Upgrade Tools package(s) and mds_restore will restore them on a Multi-Domain Server.

PRJ-22273,
PMTR-65110

Multi-Domain Management

In some scenarios, updating a Domain Server may fail with the "<IP> already in use" message. Refer to sk171916.

PRJ-18688,
PRHF-13744

Multi-Domain Management

Database installation to the newly created Domain Log Server may fail.

PRJ-19723,
PMTR-62272

Multi-Domain Management

The Multi-Domain session APIs "view sessions" and "show last-published-session" results may include sessions that were not filtered according to the administrator's permissions profile.

  • A Domain manager running the API will be notified when the results will be filtered and will be asked to run the command again with the "ignore-warnings" flag.

PRJ-19275,
PRHF-13977

Multi-Domain Management

In rare scenarios, Management Server becomes inaccessible after a Global Policy reassign operation.

PRJ-19645,
PMTR-62201

Multi-Domain Management

In rare scenarios, a Domain is shown in the Domains view without any Domain Server or a Domain is shown with Domain Server that was deleted and does not exist anymore. Refer to sk170556.

PRJ-17560,
PRHF-12885

Multi-Domain Management

In some scenarios, reassigning a Global Policy may fail if the Global and local domains are not active on the same Multi-Domain Server.

PRJ-21342,
PRJ-16910

Multi-Domain Management

When running many Reassign Global Domain operations for Domains that are not active on the current Multi-Domain Server, the load on the Server may increase and result in slowness of user and automation work.

PRJ-21277,
SMCUPG-1625

Multi-Domain Management

In some scenarios, HA Full Sync on the System Domain fails after upgrade on a Multi-Site environment with multiple Multi-Domain Servers. Refer to sk171059.

PRJ-19992,
PRHF-14349

Multi-Domain Management

After importing two (or more) Security Management servers into a Multi-Domain Server, the Gateway objects may not be functional:

  • The editor may not show configuration correctly
  • Security Gateway update may fail.

PRJ-19317,
PMTR-61346

SmartConsole

NEW: Added support for Python 3 in Management API scripts.

PRJ-20244,
PMTR-62490

SmartConsole

UPDATE: A pop-up warning will be displayed every time a "Custom Application" object with a performance impacting URL is edited (instead of being displayed only once).

PRJ-13810,
PRJ-13808

SmartConsole

In some scenarios, the Administrators view shows all administrators in all domains regardless to specific permission profile of the connected administrator.

PRJ-20145,
PRJ-20146

SmartConsole

SmartConsole may disconnect when searching in the Object Explorer for the text with an odd number of double quotes.

PRJ-20784,
PRHF-13556

SmartConsole

When the user creates an Access Role, the AD organization tree may show duplicate branches, and some branches may be missing.

PRJ-19831,
PMTR-50205

SmartConsole

The "show objects" command returns all objects in Global domain with any filter when "ip-only" flag is set to "true".

PRJ-13121,
PRHF-11105

SmartConsole

In some scenarios, the "Update operation failed" error is displayed when attempting to delete a Gateway from the VPN community. Refer to sk167212.

PRJ-19200,
PRHF-13955

SmartConsole

In some scenarios, when using the "set simple-gateway" API command with "logs-settings.forward-logs-to-log-server", it fails with "Generic server error". Refer to sk170352.

PRJ-14104,
PRHF-11590

SmartConsole

Search in Threat Prevention Exceptions in Protection/Site/File/Blade column may not return all expected results.

PRJ-18882,
PRHF-13818

SmartConsole

Setting values for the environment variables of the Management API as per sk165938 does not work: the values are neither loaded nor used by the API process.

PRJ-19059,
PMTR-34323

SmartConsole

Upgrade may fail due to IPS protections comment that is exceeding the comment length limit.

PRJ-13815,
PMTR-19017

SmartConsole

In some scenarios, when the user attempts to delete a VSX Gateway / VSX Cluster, an error message may appear and the operation may not be completed successfully. Refer to sk167492.

  • Requires R80.20 SmartConsole Build 121 (or higher).

PRJ-18380,
PRHF-13609

SmartConsole

In some scenarios, running an action on a ROBO Gateway behind NAT does not work during sync on SMB appliances.

PRJ-20313,
PRHF-14637

SmartConsole

In some scenarios, the "show gateways-and-servers" Management API command fails when running it with details-level full and when connected to the Global Domain. Refer to sk170895.

PRJ-21523

SmartConsole

In a rare scenario, Automatic NAT rules are not visible in SmartConsole.

PRJ-20238,
PRHF-14533

SmartConsole

When there are no search results, search in Access Control Policy displays "An error occurred while searching" instead of "No Items Found".

PRJ-18920,
PRHF-13879

SmartConsole

In some scenarios, the "show-access-rulebase" Management API command fails when running it with details-level "full" and there is a network group with more than 50000 objects on one of the rules. Refer to sk170435.

PRJ-17480,
PRHF-12997

SmartProvisioning

In some scenarios, when recreating a ROBO object with the same name, the new object receives the previous status.

PRJ-17998,
SL-2106

Logging

NEW:

  1. Log Exporter can now schedule a recurring reconnection to the target 3rd party server periodically. This allows usage of a Load Balancer component for target servers.
  2. The target 3rd party server can be declared as a DNS name also when using UDP protocol.

PRJ-12199,
PRHF-10306

Logging

In some scenarios, the "Failed to fetch the file" error is displayed when trying to open Threat Emulation summary reports generated by VSX Gateways.

PRJ-17354,
PMTR-59205

Logging

FWM and\or log_indexer processes may repeatedly stop when there are more than ~500K network objects declared. Refer to sk164452.

PRJ-1651,
SL-1901

Logging

UPDATE: Added ability to SOLR process running on the Log server to prevent TLS1.1 and below in port 8211. Refer to sk168472.

PRJ-19714,
PMTR-53967

Logging

When installing a newer Jumbo Hotfix, the Log Exporter filtering configuration may not persist and set to default.

PRJ-16174,
PMTR-55550

Logging

In some scenarios, the cpsemd process on the log server may close unexpectedly during a restart, shutdown or upgrade.

PRJ-17162,
PMTR-59241

Logging

The "show-log" API command may fail with the "GENERIC_SERVER_ERROR" error.

PRJ-7952,
PRHF-7415

Logging

In rare scenarios, a log may display incorrect values in the Action and Rule field. Refer to sk170676.

PRJ-19008,
PRHF-13936

Logging

In a rare scenario, CPD process may use a random port for AMON communication instead of port 18196.

PRJ-21157,
PRJ-21078

Logging

In rare scenarios, the FWD process on the Security gateway may be blocked for several seconds due to processing of log attachments.

PRJ-11310,
PMTR-51802

Logging

In Multi-Domain Management environments, some of the LOG_INDEXER processes may fail to start due to an occupied port.

PRJ-19820,
SL-4358

Logging

In rare scenarios, the log_indexer process may unexpectedly exit when reading a specific log format. Refer to sk116117.

PRJ-7523,
SL-2989

Logging

Connection between the Gateway and the Log Server may go down, with the following error message in the fwd.elg file on the Gateway: "Log server xxx.xxx.xxx.xxx went down".

PRJ-5872,
PRHF-3460

Logging

In rare scenarios, when the user configures a custom event with a script based automatic reaction in SmartEvent, the SmartEvent client may show the following error: "Server is not responding. Please try to reconnect later". Refer to sk155192.

PRJ-20561,
PMTR-58714

Logging

In rare scenarios, the Log Exporter fails to connect to external destination when using the TLS protocol.

PRJ-19843,
PMTR-62010

SmartView

UPDATE: Improved the time resolutions usability (formally known as samples) of the Timeline widgets.

PRJ-20872,
PMTR-62957

SmartView

UPDATE: To improve performance, SmartView now exports data in CSV format instead of Excel.

PRJ-18778,
PMTR-56281

SmartView

In rare scenarios, "Critical attacks allowed by policy widgets" in "General Overview" view may show no results while actual data exists. Refer to sk171001.

PRJ-9548,
PRJ-9381

Security Gateway

NEW: Added DNS Passive Learning feature for enhanced non-FQDN domain objects & updatable objects matching. Refer to sk161612.

PRJ-11341,
PRHF-9582

Security Gateway

NEW: Added support for authentication with a RADIUS server that expects to receive an empty password on the first message. VPN client will receive 2 dialogs instead of 3.

PRJ-20335,
PMTR-57101

Security Gateway

NEW: Added Performance improvement when IP Pool NAT is used.

PRJ-13344,
PRHF-8408

Security Gateway

In a rare scenario, the FWD process opens connections to port 111.

PRJ-20735,
PRJ-20058

Security Gateway

In rare scenarios, Security Gateway memory consumption may increase.

PRJ-21609,
PRHF-14715

Security Gateway

Security Gateway may crash when "Categorize HTTPS Websites" feature is enabled and categorization mode is set to "Hold".

PRJ-11203,
PRHF-9029

Security Gateway

In some scenarios, traffic that is matched on implied rule is dropped while it should not.

PRJ-20382,
PRHF-13431

Security Gateway

In a rare scenario, Access Control policy installation may fail after upgrade of Security Gateway from R80.10 or below to R80.20 or higher.

PRJ-21242,
PRHF-12746

Security Gateway

In rare scenarios, proxy ARP entries may be deleted when installing a policy.

PRJ-20629,
PRHF-14378

Security Gateway

In rare scenarios, high memory consumption in CPD may occur due to a memory leak in authentication flow with an LDAP server.

PRJ-21108,
PRHF-14953

Security Gateway

Authentication may fail when LDAP branch name contains "\".

PRJ-11404,
PMTR-24679

Security Gateway

In some scenarios, dmesg shows "up_manager_resume_chain: fwhold_send failed. chain will be dropped by the fwhold API" error messages when the connection was already dropped and cannot be resumed. Refer to sk133253.

PRJ-20652,
PMTR-63092

Security Gateway

Accept logs with reason "Connection terminated before detection: Insufficient data passed. To learn more see sk113479." may be wrongly generated when the matched action is user authentication and the wrong username/password is provided by the user.

PRJ-18627,
PRHF-11912

Security Gateway

Wrong memory (hmem) values may be reported by specific SNMP OID. Refer to sk168992.

PRJ-11792,
AVIR-479

Security Gateway

False "alert" logs may be displayed in some Anti-Spam events.

PRJ-20720,
PRJ-20057

Security Gateway

In rare scenarios, Security Gateway memory consumption may increase.

PRJ-20897,
PRHF-14824

Security Gateway

In some scenarios, the DNS requests from the Security gateway may fail.

PRJ-19701,
PMTR-62215

Security Gateway

In rare scenarios, a memory leak may occur in TOPOD process.

PRJ-14446,
PMTR-10041

Security Gateway

In some scenarios, large number of interfaces defined on Security gateway may cause high CPU utilization by CPD process. Refer to sk168674.

PRJ-17366,
PRHF-858

Security Gateway

DynamicID via SMTP does not work when an HTTP proxy server is defined.

PRJ-19954,
PMTR-62477

Security Gateway

Half-closed accelerated TCP connections may take too long time to expire.

PRJ-19064,
PRJ-18831

Security Gateway

In a rare scenario, Security Gateway memory consumption may increase and lead to a memory leak.

PRJ-13374,
PMTR-54887

Security Gateway

The TCP State Logging feature may not work as expected. Refer to sk101221.

PRJ-19582,
PMTR-61102

Security Gateway

In some scenarios, "email_unified_cmi_get_attribs: not valid caller: up_log_get_user_hash" error appears in dmesg for SMTP traffic.

PRJ-19848,
PRHF-14268

Security Gateway

In some scenarios, a memory leak may appear after sending a packet from the kernel.

PRJ-19158,
TEX-1482

Threat Extraction

UPDATE: Threat Extraction will no longer attempt to perform "Convert to PDF" if the file is corrupted, because the resulting files in these cases are usually unreadable.

To reactivate this behavior, set the "enable_alternative_scrub_method" variable in $FWDIR/conf/scrub_debug.conf file to 1 and install the Security policy.

PRJ-9943,
PRHF-8315

Anti-Malware

In some scenarios, multiple files called "ckp_mutex" are created on the Security Gateway.

PRJ-17841,
PMTR-58416

Anti-Malware

In some scenarios, Threat Prevention logs appear half full (not unified).

PRJ-19736,
PRJ-17439

Anti-Malware

In some scenarios, users may fail to access a web site with many malicious URLs.

PRJ-12467,
PMTR-38976

Anti-Malware

In rare scenarios, Security Gateway crashes during CIFS traffic when the Anti-Virus blade is in Hold mode and the CIFS feature is enabled for Anti-Virus or Threat Extraction (see sk101606).

PRJ-19742,
PRHF-13998

Anti-Bot

Dynamic Global Network Object usage inside a Network Group object may cause an Access Policy installation failure.

PRJ-18124

Identity Awareness

NEW: Added Identity Sharing SmartPull mechanism performance and functionality improvements. Refer to sk170516.

PRJ-13173,
PMTR-53443

Identity Awareness

UPDATE: Optimized memory usage in the PDP process's LDAP operations.

PRJ-19748,
PRHF-14338

Identity Awareness

In some scenarios, the Security Gateway may not recognize an IP address as a local address, resulting in wrong drops.

PRJ-19636,
PMTR-61982

Identity Awareness

In some scenarios, when a standby cluster member receives RADIUS accounting updates, there may be high CPU on the PDP process.

PRJ-16169,
IDA-754

Identity Awareness

After changing 'pdp nested_groups __set_state 2' ,flat groups are fetched correctly, but nested groups are not fetched. Refer to sk166199.

PRJ-12501,
PRHF-10481

Identity Awareness

In some scenarios, Identity Awareness counters in cluster environments show zero.

PRJ-20844,
PRHF-14347

Identity Awareness

In some scenarios, running pdpd commands results in "daemon did not respond or not running!" error. Refer to sk171136.

PRJ-20093,
PMTR-59101

DLP

UPDATE: Added support for multi-part data to DLP.

PRJ-17871,
PRHF-10279

HTTPS Inspection

UPDATE: "Categorize HTTPS websites" feature enhancements when "Categorize HTTPS Sites" feature is enabled:

  • Improved enforcement of first connection when URL Filtering setting is in 'Hold' mode
  • Added SNI information to connection logs when connection is matched on rule with "Extended Log"
  • Hold mode granularity

For configuration, refer to sk173633.

PRJ-18822,
PRHF-13605

HTTPS Inspection

Cannot browse with Chrome when using mixed chain with ECDSA subordinate CA in HTTPS Inspection. Refer to sk170332.

PRJ-19468,
PMTR-58086

HTTPS Inspection

In some scenarios, the HTTPS Inspection CA bundle is not created on the Security Gateway.

PRJ-18702,
PRHF-12299

UserCheck

When using the UserCheck agent, the original URL attribute variable $orig_url$ may appear on URL field of log details.

PRJ-19038,
PRHF-13886

UserCheck

In some scenarios, users cannot restore original attachment via UserCheck portal and receive the "An unexpected error has occurred" error message.

PRJ-13968,
PRHF-11634

IPS

UPDATE: The "ips stat" command now shows all active Threat Prevention profiles with IPS enabled on the Security Gateway.

PRJ-13497,
PRHF-10943

IPS

In some scenarios, a non-compliant IMAP traffic is dropped.

PRJ-14059,
PRHF-5061

IPS

In some scenarios, SmartEvent does not create IPS events based on the "Critical severity" field.

PRJ-19297,
PRHF-13560

IPS

In some scenarios, log output shows the Origin/Source as "0.0.0.0" in VSX 3rd party IPS logs.

PRJ-20345,
PRHF-14266

IPS

In rare scenario, the SmartConsole shows the "IPS is not responding" message even though IPS is functioning normally.

PRJ-10921,
HP-97

IPS

In some scenarios, "cmik_loader_fw_context_match_cb: match_cb for CMI APP 10 failed" error appears in dmesg for HTTP traffic.

PRJ-18177,
MBS-12220

URL Filtering

In some scenarios, the wstlsd process may unexpectedly exit and produce a core dump.

PRJ-20583,
VPNRA-642

Mobile Access

Removed potential XSS vulnerability in the MAB Login page.

PRJ-19233,
PRHF-14046

Mobile Access

There may be a delay when connecting to HTTPS based SMS portal over a non-standard proxy port. Refer to sk170497.

PRJ-17323,
PRHF-13031

Mobile Access

A user may not connect with Remote Access Client if this user belongs to many groups defined in SmartConsole.

PRJ-20532,
PRHF-14728

ClusterXL

In some scenarios, data connections are dropped with "First packet isn't SYN" message on ClusterXL Load Sharing.

PRJ-14358

ClusterXL

Same MAC Magic configuration on different clusters in Unicast mode may cause flapping in switch. Refer to sk167206.

PRJ-16513,
MBS-11708

SecureXL

NEW: Added the ability to enable monitor-only mode for penalty box independently of other DOS/Rate limiting features.

PRJ-14937,
PMTR-56844

SecureXL

UPDATE: "fwaccel dos blacklist" and "fwaccel dos whitelist" commands are deprecated and replaced by "fwaccel dos deny" and "fwaccel dos allow". Refer to sk112454.

PRJ-18320,
PRHF-13474

SecureXL

UPDATE: Drop templates can be generated for connections with matched action Reject. For additional information and configuration, refer to sk171146.

PRJ-20024,
PRHF-14228

SecureXL

Server may not reuse the TCP connection when the user allows out of state TCP packets.

PRJ-16580,
PRHF-12716

SecureXL

In some scenarios, traffic with the destination IP address as the broadcast address configured according to sk98810 is dropped.

PRJ-18081,
RHF-13507

SecureXL

SNMP may show wrong values for the number of bytes and packets accepted by Security gateway. Refer to sk170132.

PRJ-20052,
PRHF-14417

SecureXL

In rare scenarios, SecureXL may crash due to NULL handling.

PRJ-891,
PRHF-2914

SecureXL

In some scenarios, output of "fwaccel stat" command does not display the layer name that disables the templates (only "Layer ---" is displayed). Refer to sk145533.

PRJ-19661,
PRHF-13929

SecureXL

In some scenarios, connections are dropped when SYN Defender and ISN Defender are both enabled on the same interface.

PRJ-19403,
PMTR-60870

SecureXL

In some scenarios, Rate Limiting rules for DoS do not work after reboot. Refer to sk170148.

PRJ-17401,
PRHF-13153

SecureXL

In some scenarios, PPTP or GRE traffic may be dropped. Refer to sk170293.

PRJ-16353,
PRJ-16349

CoreXL

In a rare scenario, CPU consuming on some instances is high. Refer to sk168513.

PRJ-20468,
PRHF-14653

Gaia OS

In some scenarios, the Security Gateway attempts to fetch the policy from / send logs to the real IP address of the Management Server (defined in the "General Properties" section of the server object) instead of the server's NAT IP address (defined in the "NAT" section of the server object).

Refer to sk171055 to configure the required parameter FORCE_NATTED_IP.

PRJ-19143,
PMTR-55383

Gaia OS

UPDATE: Added the option to bind IP addresses to sockets using the udp_connect API. Refer to sk171019.

PRJ-18240,
PRHF-13451

Gaia OS

"cphaprob -h" shows wrong explanation for "cphaprob show_bond [<bond_name>]" command.

PRJ-18078,
PRHF-13504

Gaia OS

On environments with large IP routing tables, the SNMPD process may consume 100% CPU when running a scan from an external tool. Refer to sk170150.

PRJ-20940,
PMTR-63343

Gaia OS

Upgrade process may fail due to corrupted sic_local_cert.p12 certificate. Refer to sk171253.

PRJ-18086,
PRHF-13504

Gaia OS

Query routing info via SNMP may consume 100% CPU in case of a massive IP routing table. Refer to sk170150.

PRJ-18937,
PRHF-13812

Gaia OS

In some scenarios, the "... fwldbcast_handle_retrans_request: Updated bchosts_mask to 1" message may be printed in /var/log/messages file.

PRJ-20745,
PMTR-63201

Gaia OS

CVE-2020-25705: ICMP reply rate.

PRJ-15659,
PMTR-57216

Routing

UPDATE: Display of routing CPview results is limited to 30 lines.

PRJ-18798,
PMTR-46178

Routing

In some scenarios, the ROUTED process unexpectedly exits when removing an OSPF interface that had authentication configured. Refer to sk170272.

PRJ-19460,
PMTR-60878

Routing

Routed logs may incorrectly state that routemaps that export to OSPF cannot set the OSPF manual tag, even though the functionality works.

PRJ-19626,
PRHF-14280

Routing

ip-reachability-detection ping marks a target IP address as "unreachable" if the path goes via a VPN tunnel, although pinging this IP address directly works.

PRJ-20441,
ROUT-1325

Routing

The old route may be not removed when an BGP ECMP route was changed.

PRJ-20436,
PMTR-45014

Routing

ECMP route nexthops learned from BGP peers may be not properly updated in the kernel, resulting in network connectivity loss.

PRJ-18785,
PMTR-60976

VPN

NEW: Added VPN command line mechanism stability enhancement and VPN improvements in IKEv2.

PRJ-17484,
PMTR-40127

VPN

NEW: Added Anti-Spoofing functionality for Remote Access Office Mode IPs in SecureXL.

PRJ-16429

VPN

UPDATE: Added support for fetching CRL with proxy in Site-to-site VPN configuration.

PRJ-19087,
PMTR-61752

VPN

UPDATE: Remote Access VPN stability improvement.

PRJ-15547,
PRHF-11629

VPN

UPDATE: Added the TTM-per-group feature improvement that allows it to work with more client types (for example Nemo client).

PRJ-15739,
PRHF-12010

VPN

In some scenarios, findSAByPeer does not validate the peer IP address for DAIP peer behind NAT.

PRJ-18750,
PRHF-2209

VPN

In some scenarios, the Dynamic ID configuration in SmartConsole (SMS/Email) is ignored. Refer to sk144933.
With this fix, an administrator will be able to choose for each login option separately which protocol (HTTP/SMTP) will be used to send the one-time code.

PRJ-20330,
PMTR-62776

VPN

Security Gateway may crash when you install policy on a MAB Gateway and a policy file is corrupted.

PRJ-20865,
PMTR-56565

VPN

In some scenarios, the VPND process keeps re-downloading the same CRL, which can cause performance issues.

PRJ-20945,
PMTR-63287

VPN

In some scenarios, L2TP clients disconnect from the Security gateway after 10 minutes of the connection.

PRJ-17491,
PRHF-13007

VPN

In IKEv2 renegotiation scenario, IPSec SAs may be deleted on a standby cluster member during post sync causing a VPN traffic outage. Refer to sk172926.

PRJ-7479,
GAIA-6504

VPN

Policy installation with VPN enabled may take a long time.

PRJ-19421,
PRHF-13784

VPN

In some scenarios, the vpnd process unexpectedly exits with Segmentation fault.

PRJ-20824

VPN

In IKEv2, the renegotiation of IKE SA may fail.

PRJ-20646,
PMTR-63280

VPN

In some scenarios, the VPND process may unexpectedly exit.

PRJ-20272,
PRHF-14308

VPN

In a rare scenario, a memory leak may appear when RASession_util is active.

PRJ-20519,
PRHF-14766

VPN

In a rare scenario, the FWM process unexpectedly exits when enrolling a certificate using the SCEP protocol.

PRJ-16338,
PRHF-12447

VPN

The user may be unable to connect with Remote Access when the username or user field in the certificate is too long.

PRJ-13093,
PRHF-11004

VPN

RADIUS packet sent by Security gateway, may show the Framed-IP-Address field in the reverse order. Refer to sk167361.

PRJ-19213,
PRHF-13685

VPN

Site to Site VPN fails to establish with IKEv2 on GCP when NAT-t is enabled.

PRJ-18268,
PRHF-13543

VPN

The VPND process on a standby cluster member may unexpectedly exit when VPN peer has a probing link selection configured. Refer to sk170136.

PRJ-12240,
PRHF-10370

VPN

When clicking "View" in Trusted CA object's OPSEC PKI tab, this may show the "Failed to get a certificate of <object name> from keyset" error. Refer to sk166496.

PRJ-13819,
PRHF-10420

VPN

Access roles do not recognize Remote Access SNX CLI clients.

PRJ-18500,
PMTR-60820

VSX

UPDATE: Added support for VSX SecureXL tabs on CPView. Refer to sk167903.

PRJ-18292,
PMTR-53549

VSX

VSX VSLS with 3 Members may fail to connect to Identity Collector. Refer to sk170836.

PRJ-20962,
VSX-2519

VSX

After running "vsx_util vsls" and selecting option #6, the operation may fail with the "Internal Error: got empty reply set" error. Refer to sk171352.

PRJ-18612,
PMTR-55887

VSX

In some scenarios, there may be high CPU utilization in a VSX environment with several instances.

PRJ-18575,
PMTR-59637

Compliance

UPDATE: Added ability to select 'Any' in the Service column when creating a custom firewall Best practice.

  • Requires R80.20 SmartConsole Build 121 (or higher).

PRJ-14100,
PRJ-14100

Compliance

In some scenarios, Compliance Blade does not scan inline layers for Application Control and URL Filtering Best Practices.

PRJ-20601,
PRHF-14400

VoIP

VoIP RTP can cause overload on global instance (CoreXL instance 0).

PRJ-16454,
PRHF-12691

VoIP

SIP parser may cause the wrong RTP dynamic connection to be opened. Refer to sk169373.

Take 188

Released on 8 December 2020 and declared as General Availability on 28 December 2020

PRJ-20083,
PMTR-60885

CloudGuard IaaS

UPDATE: Added new certificates for Microsoft Azure. For details, refer to this Microsoft article.