Take 117 - Ongoing
List of Resolved Issues and New Features
|
Note - This Take contains all fixes from all earlier Takes. |
ID |
Product |
Description |
---|---|---|
Take 117 Released on 27 October 2019 |
||
PRJ-2725, |
Upgrade |
Added a pre-upgrade verification that Global network objects with NAT configuration are not supported. |
PRJ-3605, |
Security Management |
Added ability to automatically determine the API process memory allocation to avoid "Out of memory" errors. Refer to sk119553. |
PRJ-2983, |
Security Management |
In some scenarios, the show generic-objects API command fails with "Management Server failed to execute command". Refer to sk157693. |
PRJ-2338, |
Security Management |
In some scenarios, user cannot discard or publish a worksession, receiving the general message "Internal error". |
PRJ-4305, |
Security Management |
Added a mechanism to prevent the Management Server from starting if an import process was interrupted. |
PRJ-3872, |
Security Management |
In some scenarios, size of the shadow_object.C file increases after each policy installation, eventually causing a failure in installing a policy. |
PRHF-3242, |
Security Management |
In a rare scenario, the policy verifier ignores rules with object named "Internet" used with negate operator. |
PRJ-4515, |
Security Management |
Cannot export a .pdf file from the Licence inventory view after Jumbo HotFix installation on the Management server. |
PRJ-1374, |
Security Management |
High Availability synchronization between Management Servers fails with "Couldn't get peers for peers ids" message in the cpm.elg file. |
PRJ-4240, |
Security Management |
When many users are connected to and actively working in the same domain in SmartConsole, they may experience:
|
PRJ-3690, |
Security Management |
New policy creation may fail when there are no installation targets defined in this policy. |
PRJ-5025, |
Security Management |
In some scenarios, policy verification process fails after reaching memory size of 4GB. Refer to sk161412. |
PRJ-1517, |
Security Management |
Performance and stability improvements in large High Availability setups. |
PRJ-2646, |
Security Management |
In a rare scenario, the Security Management server does not start due to a missing object, or a duplication of objects. |
PRJ-5250 |
Multi-Domain Management |
NEW: Added the Domain Management Migration, Backup and Upgrade feature:
For more information see sk156072. |
PRJ-2787, |
Multi-Domain Management |
In some scenarios, upgrade from R80 fails due to an internal error related to deprecated application objects. Refer to sk157752. |
PRJ-3880, |
Compliance |
In some scenarios, some of the Best Practices show "N\A" status in the Compliance Blade dashboard. |
PRJ-2644, |
Logging |
Running views and reports with a filter fails if the filter contains a "NOT" operator combined with parentheses. |
PRJ-395, |
Logging |
In some scenarios, lea_session processes consume 100% CPU causing the machine to slow down. Refer to sk142632. |
PRJ-1324, |
Logging |
In some scenarios, when running mdsstart, the following error message is shown: "/opt/CPSmartLog-R80.20/bin/smartlogstop: line 65: /opt/CPmds-R80.20/customers/<name>/CPSmartLog-R80.20/log/smartlogRun.log: No such file or directory". |
PRHF-4497, |
Logging |
In some Full HA environment scenarios, the "Logserver <Cluster virtual IP> is disconnected" error pops up in SmartConsole log view. |
PRJ-1310, |
Logging |
In the Logs & Monitor view, the "File size" field is missing from the logs generated by Media Encryption & Port Protection Blade. Refer to sk157952. |
PRHF-4975, |
Logging |
In some scenarios, when exporting logs with "Visible columns" option selected from SmartView, some columns return empty record. Refer to sk161712. |
PRJ-3642, |
Logging |
In some scenarios, when SAM activity is defined and a Log server receives a high amount of packets, the FWD process on the Log server unexpectedly exits. |
PRJ-3011, |
Logging |
In some scenarios, the log maintenance mechanism deletes the earliest logs due to mistake in Emergency mode maintenance. Refer to sk163813. |
PRJ-3363, |
Multi-Domain Management |
In some scenarios, Administrator does not see that a revision was created in its Domain (on Domain level) after a Global policy was assigned to it. |
PRJ-798 |
Multi-Domain Management |
In some scenarios, the "Unable to connect to server. Please make sure the server is up and running." error appears when trying to log into single Domain from SmartConsole. Refer to sk153293. |
PRJ-3687, |
Multi-Domain Management |
"dleserver.utils.UidManager" errors on cma_migrate failure on Multi-Domain Server upgraded from R80. |
PRJ-4413, |
Multi-Domain Management |
In a rare scenario, FWM process unexpectedly exits on the Domain level during login. |
PRJ-1881, |
SmartConsole |
In some scenarios, user cannot delete a VS object since it is referenced by an automatically generated exception rule. Refer to sk167272. |
PRJ-4135, |
SmartConsole |
Administrators with "\" in their username receive the "Error Occurred" pop-up when trying to view a packet capture. Refer to sk140992. |
PRJ-4430, |
SmartConsole |
In some scenarios, when there is a large quantity of unused permission profiles in the system, the CPM server takes a long time to start. |
PRHF-2194, |
SmartConsole |
In some scenarios, Client certificate is removed when deleting Domain that is included in certificate's permissions. |
PRJ-1969, |
SmartConsole |
In setups with a large quantity of network object, users may experience slowness when editing the HTTPS Inspection policy. Refer to sk147134.
|
PRJ-4531, |
SmartConsole |
In a rare scenario, the DNS Maximum Reply Length IPS protection is not enforced.
|
PRJ-3869, |
SmartConsole |
In a rare scenario, when user clicks on Mail Transfer Agent (MTA) options in the Security gateway settings or on 'Next hop' column inside MTA settings, SmartConsole shows "Not Responding" and freezes. Refer to sk161232
|
PRJ-777 |
SmartConsole |
In a rare scenario, the FTP Bounce, Port Overflow and Known Ports IPS protections are not enforced.
|
MCFG-199, |
SmartProvisioning |
SmartUpdate generates audit log even when no action was taken. |
PROV-2068, |
SmartProvisioning |
In some scenarios in SmartProvisioning:
|
PRJ-5512, |
Security Gateway |
In some scenarios, fw monitor on Security gateway shows some packets that are handled by SecureXL and not FireWall-1. |
PRJ-5502, |
Security Gateway |
In a rare scenario, using "kill" or pressing Ctrl+C on the "fw monitor" process does not finish it. |
PRJ-5509, |
Security Gateway |
In some scenarios, fw monitor fails to show IPv6 traffic in SecureXL. |
PRJ-5504, |
Security Gateway |
In some scenarios, the "fwmonitor_kiss_add_to_global_buf: all the buffers are full" error is displayed even after the heavy traffic is stopped. |
PRJ-5506, |
Security Gateway |
In a rare scenario, Secure Network Distributor (SND) consumes high CPU when running fw monitor. |
PRJ-5507, |
Security Gateway |
In some scenarios, when running "fw monitor" with "-e" flag, SecureXL traffic is not filtered, and all traffic is displayed. |
PRJ-5503, |
Security Gateway |
In some scenarios, incorrect chain number and name are displayed by "fw monitor -p all". |
PRJ-5497, |
Security Gateway |
Added ability for fw monitor to support monitoring traffic on Acceleration Card. |
PRJ-4310, |
Security Gateway |
In some scenarios, a remote client disconnects after one hour although the session is not idle. Refer to sk160213. |
PRJ-770, |
Security Gateway |
In a rare scenario, memory usage may rise on Security gateway, when using service with resource with "Optimize URL logging" feature enabled. Refer to sk153052. |
SWG-2174, |
Security Gateway |
Some Web sites cannot be opened when Content Awareness or Anti-Virus/Anti-Bot is enabled, and Security gateway is configured as proxy. |
PRJ-2918, |
Security Gateway |
In a rare scenario, Security gateway may crash due to NULL pointer dereference. |
PMTR-40937, |
Security Gateway |
In some scenarios, VoIP traffic is dropped with "allocate_port_impl: could not find a free port;" error in dmesg. |
PRJ-697, |
Security Gateway |
In a rare scenario, Security gateway crashes during QoS policy installation. |
PMTR-35854, |
Security Gateway |
In a rare scenario, changing the xmit-hash-policy of the bonding group while machine handling traffic, causes it to crash. Refer to sk154573. |
PRJ-4806, |
Security Gateway |
Added ability to enable NAT over specific IP address avoiding a source port allocation. |
PRJ-1016, |
Security Gateway |
In some scenarios, packets with TTL1 are dropped when using security zones in the Access rulebase. |
PRJ-3562, |
Security Gateway |
Disabling connections timestamp does not work on active streaming connections. Refer to sk62700. |
PRJ-4760, |
IPS |
In some scenarios, IPS update fails as a result of error in management server installation. |
PRJ-3766, |
Content Awareness |
In some scenarios, when the Content Awareness Blade is enabled, uploading files via ShareFile stucks at 100%. |
PRJ-5764 |
HTTPS Inspection |
Improved TLS implementation for TLS Inspection and Categorization - Server Name Indications (SNI). TLS 1.2 support for additional cipher suites:
In addition, improved the fail open/close mechanism and logging for validations. For the complete list of supported cipher suites, see sk104562. |
PRJ-4839, |
SSL Inspection |
In a rare scenario, when SSL Inspection is enabled and there is big latency, Microsoft websites (for example Azure) may not respond. Refer to sk150175. |
PRJ-3368, |
Threat Prevention |
Deleting a Threat Prevention profile may fail if the IPS profile has many overrides. Refer to sk136552. |
PRJ-689, |
Application Control |
In some scenarios, custom Application Object that was initiated with wrong "Application Risk" value may cause connectivity problems. Refer to sk140892. |
PRJ-4517, |
ClusterXL |
Added support for Cluster Load Sharing without IPSec VPN. To enable the support, refer to sk162637. |
PRJ-1205, |
ClusterXL |
In some scenarios, after adding a vlan to the subordinate bond cluster member may go down. |
PRJ-3298, |
ClusterXL |
In some scenarios, when changing cluster topology and installing the policy, the cluster fails over. Refer to sk156335. |
PRJ-3315, |
ClusterXL |
In some scenarios, pushing policy in order to update the cluster topology during high load, causes the members to fail-over. Refer to sk154575. |
PRJ-480, |
ClusterXL |
In some scenarios, the xmit-hash-policy of a Bond interface with the vlan causes the cluster member to go down. Refer to sk151412. |
PRJ-3294, |
CoreXL |
In a rare scenario, custom affinity configuration is overwritten when HT is enabled. Refer to sk158112. |
PRJ-1201, |
SecureXL |
In some scenarios, Policy Based Routing (PBR) does not work properly when acceleration is enabled. |
PRJ-3598, |
SecureXL |
In a rare scenario, a VSX gateway may crash. Refer to sk160912. |
PRJ-1640, |
SecureXL |
In some scenarios, packets with IP options are not forwarded across bridge interfaces. Refer to Issue #3 in sk154892. |
PMTR-40703, |
SecureXL |
In some scenarios, sending IP fragmented traffic through a Virtual Switch or Virtual Router fails with "Virtual defragmentation error". |
PRJ-2114, |
Routing |
In a rare scenario, the Standby member of ClusterXL incorrectly calculates the routing protocol priorities, causing the routes to be synchronized in the wrong way. |
PRJ-306, |
Routing |
In some scenarios, Routed Pnote in 'Problem' state and ClusterXL member is down after enabling OSPF. Refer to sk123317. |
PRJ-307, |
Routing |
Enhancement: Improved the memory handling mechanism in Routed. |
GAIA-4695, |
Gaia OS |
When running "service vmtoolsd restart" command on Gaia installation with VMware, the "Installing memory driver: FATAL: Module vmmemctl not found. [FAILED]" error is displayed although the vmw_balloon.ko driver is loaded. |
PRJ-3793, |
Gaia OS |
Enhancement: The maximum size of the arp table was increased to 4096. |
PRJ-440, |
Gaia OS |
"Authentication failure" error when authenticating with TACACS+ user that has special characters in their password. Refer to sk101332. |
PRJ-3625 |
Gaia OS |
On Smart-1 525/5050/5150, user cannot open the iDRAC without installing a dedicated Hotfix. |
PRJ-3141, |
Gaia OS |
In some scenarios, the IGB driver interfaces are occasionally down after reboot of a Management machine. Refer to sk135532. |
PRJ-1029, |
Gaia OS |
Changing the xmit-hash-policy of the bond may cause all static arp entries to disappear from the arp -a output. Refer to sk152892. |
PRJ-1604, |
VPN |
NEW: Connectivity enhancements for Remote Access clients using internal Office mode allocation with a long timeout. |
PRJ-4152, |
VPN |
In some scenarios, the Phase-2 negotiation fails with "Reason: Wrong value for: Encapsulation Mode" after upgrade. Refer to sk157092. |
PRJ-2874, |
VPN |
Connectivity improvement for Remote Access clients in environments with 3rd party VPN tunnels. |
PRJ-2347, |
VPN |
Remote Access client randomly disconnect / unable to connect when DHCP multi-homed server is configured. |
PRJ-2434, |
VSX |
Added the option to configure reject routes via vsx_provisioning_tool on Scalable Platforms Appliances. Refer to sk151473. |
PRJ-5304, |
VSX |
Running fw monitor with -v flag on a VSX gateway may cause the fw monitor to quit with the "Segmentation fault" error. Refer to sk162402. |
PRJ-3433, |
VSX |
In some scenarios, traffic is dropped on VSX when using SecureXL. Refer to sk160352. |
PRJ-4265, |
VSX |
In a rare scenario, machine crashes when using VSX with Virtual Switch (VSW). |
PRJ-4955, |
VSX |
In some scenarios, traffic does not pass in VSX setup with VS-VSW-VS topology and some Threat Prevention Blades enabled on VSs. |
PRJ-4683, |
VSX |
In some scenarios, running the "fw vsx resctrl monitor disable" command or disabling VSX Resource Monitor via CPView causes crash of the VSX Gateway. Refer to sk144432. |
PRJ-4960, |
Hardware |
In a rare scenario, the watchdog process of Falcon Acceleration Card unexpectedly exits. |