Take 117 - Ongoing

List of Resolved Issues and New Features

Note - This Take contains all fixes from all earlier Takes.

ID	Product	Description
Take 117 Released on 27 October 2019
PRJ-2725, PMTR-38948	Upgrade	Added a pre-upgrade verification that Global network objects with NAT configuration are not supported.
PRJ-3605, PMTR-39644	Security Management	Added ability to automatically determine the API process memory allocation to avoid "Out of memory" errors. Refer to sk119553.
PRJ-2983, API-744	Security Management	In some scenarios, the show generic-objects API command fails with "Management Server failed to execute command". Refer to sk157693.
PRJ-2338, PRHF-4046	Security Management	In some scenarios, user cannot discard or publish a worksession, receiving the general message "Internal error".
PRJ-4305, PMTR-40468	Security Management	Added a mechanism to prevent the Management Server from starting if an import process was interrupted.
PRJ-3872, PRHF-3463	Security Management	In some scenarios, size of the shadow_object.C file increases after each policy installation, eventually causing a failure in installing a policy.
PRHF-3242, PRJ-658	Security Management	In a rare scenario, the policy verifier ignores rules with object named "Internet" used with negate operator.
PRJ-4515, PMTR-39361	Security Management	Cannot export a .pdf file from the Licence inventory view after Jumbo HotFix installation on the Management server.
PRJ-1374, CPM-2242	Security Management	High Availability synchronization between Management Servers fails with "Couldn't get peers for peers ids" message in the cpm.elg file.
PRJ-4240, PMTR-38720	Security Management	When many users are connected to and actively working in the same domain in SmartConsole, they may experience: Slowness in SmartConsole responses Long duration of operations High load on the Management Server
PRJ-3690, PMTR-36555	Security Management	New policy creation may fail when there are no installation targets defined in this policy.
PRJ-5025, PRHF-4877	Security Management	In some scenarios, policy verification process fails after reaching memory size of 4GB. Refer to sk161412.
PRJ-1517, CPM-2264	Security Management	Performance and stability improvements in large High Availability setups.
PRJ-2646, PMTR-38095	Security Management	In a rare scenario, the Security Management server does not start due to a missing object, or a duplication of objects.
PRJ-5250	Multi-Domain Management	NEW: Added the Domain Management Migration, Backup and Upgrade feature: Backup and restore an individual Domain Management Server on a Multi-Domain Server. Migrate a Multi-Domain Security Management from one Multi-Domain Server to a different Multi-Domain Server. Migrate a Security Management Server to become a Domain Management Server on a Multi-Domain Server. Migrate a Domain Management Server to become a Security Management Server. For more information see sk156072.
PRJ-2787, PMTR-41157	Multi-Domain Management	In some scenarios, upgrade from R80 fails due to an internal error related to deprecated application objects. Refer to sk157752.
PRJ-3880, PRHF-5177	Compliance	In some scenarios, some of the Best Practices show "N\A" status in the Compliance Blade dashboard.
PRJ-2644, SL-2509	Logging	Running views and reports with a filter fails if the filter contains a "NOT" operator combined with parentheses.
PRJ-395, PMTR-28518	Logging	In some scenarios, lea_session processes consume 100% CPU causing the machine to slow down. Refer to sk142632.
PRJ-1324, PRHF-3690	Logging	In some scenarios, when running mdsstart, the following error message is shown: "/opt/CPSmartLog-R80.20/bin/smartlogstop: line 65: /opt/CPmds-R80.20/customers/<name>/CPSmartLog-R80.20/log/smartlogRun.log: No such file or directory".
PRHF-4497, PRJ-3209	Logging	In some Full HA environment scenarios, the "Logserver <Cluster virtual IP> is disconnected" error pops up in SmartConsole log view.
PRJ-1310, PRHF-3681	Logging	In the Logs & Monitor view, the "File size" field is missing from the logs generated by Media Encryption & Port Protection Blade. Refer to sk157952.
PRHF-4975, PRJ-4061	Logging	In some scenarios, when exporting logs with "Visible columns" option selected from SmartView, some columns return empty record. Refer to sk161712.
PRJ-3642, PRHF-2607	Logging	In some scenarios, when SAM activity is defined and a Log server receives a high amount of packets, the FWD process on the Log server unexpectedly exits.
PRJ-3011, PRHF-1554	Logging	In some scenarios, the log maintenance mechanism deletes the earliest logs due to mistake in Emergency mode maintenance. Refer to sk163813.
PRJ-3363, PMTR-34580	Multi-Domain Management	In some scenarios, Administrator does not see that a revision was created in its Domain (on Domain level) after a Global policy was assigned to it.
PRJ-798 PMTR-36765	Multi-Domain Management	In some scenarios, the "Unable to connect to server. Please make sure the server is up and running." error appears when trying to log into single Domain from SmartConsole. Refer to sk153293.
PRJ-3687, PMTR-7744	Multi-Domain Management	"dleserver.utils.UidManager" errors on cma_migrate failure on Multi-Domain Server upgraded from R80.
PRJ-4413, PRHF-3285	Multi-Domain Management	In a rare scenario, FWM process unexpectedly exits on the Domain level during login.
PRJ-1881, PRJ-783	SmartConsole	In some scenarios, user cannot delete a VS object since it is referenced by an automatically generated exception rule. Refer to sk167272.
PRJ-4135, PRHF-1847	SmartConsole	Administrators with "\" in their username receive the "Error Occurred" pop-up when trying to view a packet capture. Refer to sk140992.
PRJ-4430, PMTR-27392	SmartConsole	In some scenarios, when there is a large quantity of unused permission profiles in the system, the CPM server takes a long time to start.
PRHF-2194, PRJ-4433	SmartConsole	In some scenarios, Client certificate is removed when deleting Domain that is included in certificate's permissions.
PRJ-1969, PRJ-4546, PRHF-3268	SmartConsole	In setups with a large quantity of network object, users may experience slowness when editing the HTTPS Inspection policy. Refer to sk147134. This fix requires R80.20 SmartConsole Build 081 to be installed.
PRJ-4531, PRJ-965	SmartConsole	In a rare scenario, the DNS Maximum Reply Length IPS protection is not enforced. This fix requires R80.20 SmartConsole Build 081 to be installed.
PRJ-3869, PRHF-4655	SmartConsole	In a rare scenario, when user clicks on Mail Transfer Agent (MTA) options in the Security gateway settings or on 'Next hop' column inside MTA settings, SmartConsole shows "Not Responding" and freezes. Refer to sk161232 This fix requires R80.20 SmartConsole Build 081 to be installed.
PRJ-777	SmartConsole	In a rare scenario, the FTP Bounce, Port Overflow and Known Ports IPS protections are not enforced. This fix requires R80.20 SmartConsole Build 081 to be installed.
MCFG-199, PRJ-2383	SmartProvisioning	SmartUpdate generates audit log even when no action was taken.
PROV-2068, PRJ-4671	SmartProvisioning	In some scenarios in SmartProvisioning: When executing Run Script on SmartProvisioning profile, the application disconnects from the server and is closed. When executing Push Settings and Actions the "The action was not performed due to maintenance mode" error appears.
PRJ-5512, PMTR-42219	Security Gateway	In some scenarios, fw monitor on Security gateway shows some packets that are handled by SecureXL and not FireWall-1.
PRJ-5502, PMTR-40456	Security Gateway	In a rare scenario, using "kill" or pressing Ctrl+C on the "fw monitor" process does not finish it.
PRJ-5509, PMTR-38750	Security Gateway	In some scenarios, fw monitor fails to show IPv6 traffic in SecureXL.
PRJ-5504, PMTR-40523	Security Gateway	In some scenarios, the "fwmonitor_kiss_add_to_global_buf: all the buffers are full" error is displayed even after the heavy traffic is stopped.
PRJ-5506, PMTR-40455	Security Gateway	In a rare scenario, Secure Network Distributor (SND) consumes high CPU when running fw monitor.
PRJ-5507, PMTR-41300	Security Gateway	In some scenarios, when running "fw monitor" with "-e" flag, SecureXL traffic is not filtered, and all traffic is displayed.
PRJ-5503, PMTR-39556	Security Gateway	In some scenarios, incorrect chain number and name are displayed by "fw monitor -p all".
PRJ-5497, PMTR-39046	Security Gateway	Added ability for fw monitor to support monitoring traffic on Acceleration Card.
PRJ-4310, STRM-149	Security Gateway	In some scenarios, a remote client disconnects after one hour although the session is not idle. Refer to sk160213.
PRJ-770, SWG-1922	Security Gateway	In a rare scenario, memory usage may rise on Security gateway, when using service with resource with "Optimize URL logging" feature enabled. Refer to sk153052.
SWG-2174, PRJ-4179	Security Gateway	Some Web sites cannot be opened when Content Awareness or Anti-Virus/Anti-Bot is enabled, and Security gateway is configured as proxy.
PRJ-2918, UP-293, PRHF-4494	Security Gateway	In a rare scenario, Security gateway may crash due to NULL pointer dereference.
PMTR-40937, PRJ-4613	Security Gateway	In some scenarios, VoIP traffic is dropped with "allocate_port_impl: could not find a free port;" error in dmesg.
PRJ-697, QOS-22	Security Gateway	In a rare scenario, Security gateway crashes during QoS policy installation.
PMTR-35854, PRJ-3040	Security Gateway	In a rare scenario, changing the xmit-hash-policy of the bonding group while machine handling traffic, causes it to crash. Refer to sk154573.
PRJ-4806, PMTR-41392	Security Gateway	Added ability to enable NAT over specific IP address avoiding a source port allocation.
PRJ-1016, PRHF-5456	Security Gateway	In some scenarios, packets with TTL1 are dropped when using security zones in the Access rulebase.
PRJ-3562, STRM-109	Security Gateway	Disabling connections timestamp does not work on active streaming connections. Refer to sk62700.
PRJ-4760, PMTR-40677	IPS	In some scenarios, IPS update fails as a result of error in management server installation.
PRJ-3766, MUX-174	Content Awareness	In some scenarios, when the Content Awareness Blade is enabled, uploading files via ShareFile stucks at 100%.
PRJ-5764	HTTPS Inspection	Improved TLS implementation for TLS Inspection and Categorization - Server Name Indications (SNI). TLS 1.2 support for additional cipher suites: TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 X25519 Elliptic Curve P-521 Elliptic Curve Full ECDSA support In addition, improved the fail open/close mechanism and logging for validations. For the complete list of supported cipher suites, see sk104562.
PRJ-4839, PMTR-4178	SSL Inspection	In a rare scenario, when SSL Inspection is enabled and there is big latency, Microsoft websites (for example Azure) may not respond. Refer to sk150175.
PRJ-3368, PMTR-13884	Threat Prevention	Deleting a Threat Prevention profile may fail if the IPS profile has many overrides. Refer to sk136552.
PRJ-689, PMTR-26827	Application Control	In some scenarios, custom Application Object that was initiated with wrong "Application Risk" value may cause connectivity problems. Refer to sk140892.
PRJ-4517, PMTR-38645, GAIA-5872	ClusterXL	Added support for Cluster Load Sharing without IPSec VPN. To enable the support, refer to sk162637.
PRJ-1205, PRHF-3633	ClusterXL	In some scenarios, after adding a vlan to the subordinate bond cluster member may go down.
PRJ-3298, PMTR-38208	ClusterXL	In some scenarios, when changing cluster topology and installing the policy, the cluster fails over. Refer to sk156335.
PRJ-3315, PMTR-37812	ClusterXL	In some scenarios, pushing policy in order to update the cluster topology during high load, causes the members to fail-over. Refer to sk154575.
PRJ-480, PRHF-3328	ClusterXL	In some scenarios, the xmit-hash-policy of a Bond interface with the vlan causes the cluster member to go down. Refer to sk151412.
PRJ-3294, PRHF-4301	CoreXL	In a rare scenario, custom affinity configuration is overwritten when HT is enabled. Refer to sk158112.
PRJ-1201, PRJ-1843, PRHF-3487	SecureXL	In some scenarios, Policy Based Routing (PBR) does not work properly when acceleration is enabled.
PRJ-3598, PMTR-39660	SecureXL	In a rare scenario, a VSX gateway may crash. Refer to sk160912.
PRJ-1640, PRJ-1637, PMTR-37736, PMTR-37727	SecureXL	In some scenarios, packets with IP options are not forwarded across bridge interfaces. Refer to Issue #3 in sk154892.
PMTR-40703, PRJ-4620	SecureXL	In some scenarios, sending IP fragmented traffic through a Virtual Switch or Virtual Router fails with "Virtual defragmentation error".
PRJ-2114, PMTR-29033, PRHF-4050	Routing	In a rare scenario, the Standby member of ClusterXL incorrectly calculates the routing protocol priorities, causing the routes to be synchronized in the wrong way.
PRJ-306, ROUT-318	Routing	In some scenarios, Routed Pnote in 'Problem' state and ClusterXL member is down after enabling OSPF. Refer to sk123317.
PRJ-307, ROUT-209	Routing	Enhancement: Improved the memory handling mechanism in Routed.
GAIA-4695, PRJ-614	Gaia OS	When running "service vmtoolsd restart" command on Gaia installation with VMware, the "Installing memory driver: FATAL: Module vmmemctl not found. [FAILED]" error is displayed although the vmw_balloon.ko driver is loaded.
PRJ-3793, PRHF-1778	Gaia OS	Enhancement: The maximum size of the arp table was increased to 4096.
PRJ-440, PRJ-4541, 02473276	Gaia OS	"Authentication failure" error when authenticating with TACACS+ user that has special characters in their password. Refer to sk101332.
PRJ-3625	Gaia OS	On Smart-1 525/5050/5150, user cannot open the iDRAC without installing a dedicated Hotfix.
PRJ-3141, GAIA-2861	Gaia OS	In some scenarios, the IGB driver interfaces are occasionally down after reboot of a Management machine. Refer to sk135532.
PRJ-1029, GAIA-5047	Gaia OS	Changing the xmit-hash-policy of the bond may cause all static arp entries to disappear from the arp -a output. Refer to sk152892.
PRJ-1604, PMTR-27831	VPN	NEW: Connectivity enhancements for Remote Access clients using internal Office mode allocation with a long timeout.
PRJ-4152, PMTR-38041	VPN	In some scenarios, the Phase-2 negotiation fails with "Reason: Wrong value for: Encapsulation Mode" after upgrade. Refer to sk157092.
PRJ-2874, PMTR-38894	VPN	Connectivity improvement for Remote Access clients in environments with 3rd party VPN tunnels.
PRJ-2347, PMTR-38631	VPN	Remote Access client randomly disconnect / unable to connect when DHCP multi-homed server is configured.
PRJ-2434, VSX-1866	VSX	Added the option to configure reject routes via vsx_provisioning_tool on Scalable Platforms Appliances. Refer to sk151473.
PRJ-5304, PMTR-42418	VSX	Running fw monitor with -v flag on a VSX gateway may cause the fw monitor to quit with the "Segmentation fault" error. Refer to sk162402.
PRJ-3433, PRHF-5371	VSX	In some scenarios, traffic is dropped on VSX when using SecureXL. Refer to sk160352.
PRJ-4265, PRHF-5105	VSX	In a rare scenario, machine crashes when using VSX with Virtual Switch (VSW).
PRJ-4955, GAIA-6397	VSX	In some scenarios, traffic does not pass in VSX setup with VS-VSW-VS topology and some Threat Prevention Blades enabled on VSs.
PRJ-4683, SPC-1903	VSX	In some scenarios, running the "fw vsx resctrl monitor disable" command or disabling VSX Resource Monitor via CPView causes crash of the VSX Gateway. Refer to sk144432.
PRJ-4960, PMTR-38779, MUX-186	Hardware	In a rare scenario, the watchdog process of Falcon Acceleration Card unexpectedly exits.