Take 127 - Ongoing

List of Resolved Issues and New Features

Note - This Take contains all fixes from all earlier Takes.

ID	Product	Description
Take 127 Released on 3 December 2019
PRJ-4929, PMTR-41602	Upgrade	In some scenarios, the FWM process fails to start after a successful upgrade with the "Found an indication that the current domain was migrated, and the migration had failed. Cannot start after a migration failure" message in fwm.elg file.
PRJ-5664, PRHF-6087	Security Management	In some scenarios, purge revisions fails and blank lines, that cannot be deleted, appear in SmartConsole Revisions view. Refer to sk163116.
PRJ-5660, PRHF-5965	Security Management	Blank lines may appear in SmartConsole Purge Revisions view after purging a large database>
PRJ-4834, PRHF-5419	Security Management	The FWM process may unexpectedly exit when an incorrect license SKU with a specific format is applied.
PRJ-5756, PMTR-43497	Security Management	High Availability synchronization between Management Servers may fail when there is no enough disk space in the root partition.
PRJ-4728, PMTR-41157	Security Management	After deleting a network object that is part of a network group, the audit log of the group modification does not show who is the removed member. Refer to sk164057.
PRJ-5412, PRHF-5815	Security Management	In some scenarios, policy Installation fails with "Operation failed, install/uninstall has been improperly terminated" error. Refer to sk162855.
PRJ-5556, PMTR-43278	Security Management	In some scenarios, policy installation fails with "Policy installation failed on gateway. If the problem persists contact Check Point support (Error code: 0-2000117)". Refer to sk162554.
PRJ-5655, PRHF-5776	Security Management	In some scenarios, cpm_status.sh reports incorrect CPM status. Refer to sk162633.
PRJ-4874, PRHF-5274	Security Management	In some scenarios, when setting or modifying the Email/Phone fields of an administrator, the old values still appear at the bottom pane under "View Sessions" instead of the updated values.
PRJ-5426, PMTR-41518	Security Management	In some scenarios, policy fetch fails if name of the Security gateway that tries to fetch this policy is not defined in DNS. Refer to sk150472.
PRJ-3392, PMTR-40003	Multi-Domain Management	Objects on Domain level that should be shown on the Multi-Domain Server level, sometimes are not shown correctly.
PRJ-6669, PMTR-44148	Multi-Domain Management	In some scenarios, traffic outage may happen after policy installation from Multi-Domain SmartConsole. Refer to sk163712.
PRJ-6992	Multi-Domain Management	The Gaia restore of Multi-Domain Server fails when using Take 103, 117 and 118 of R80.20 Jumbo Hotfix Accumulator. Refer to sk163473.
PRJ-4665, PMTR-41210	Multi-Domain Management	The FWM process may unexpectedly exit when there is no valid license on the Multi-Domain Server.
PRJ-103, PRHF-3002	SmartConsole	Cannot delete Global Host object from the Global Domain if the name matches the name of Multi-Domain Management. Refer to sk151192.
PRJ-5526, PRHF-5527	SmartConsole	In some scenarios, applying "Where used" from the local Domain on an object that is used in global policies, may return results from the global policies that are not assigned to the local Domain. Refer to sk162753.
PRJ-3949, PRJ-7071	SmartConsole	In a rare scenario, when editing a Star VPN community, SmartConsole terminates.
PRJ-6127, PRHF-6532	SmartConsole	In some scenarios, the "Installed IPS Version" information is empty in the "Gateways and Servers" view.
PRJ-1676, SL-1890	SmartView	In some scenarios, Hit Count on specific rules does not increment after they were recently created or re-ordered. Refer to sk138033.
PRJ-5629, PRHF-5810	SmartView	In SmartView, when exporting logs to Excel after drill-down, the amount of logs is less than expected. Refer to sk162621.
PRJ-4201, PMTR-40076	Logging	NEW: Added support for "SmartView for QRadar" extension. Refer to sk122323.
PRJ-5295	Logging	NEW: Added new Log Exporter feature to export links to the relevant log and log attachments (such as Forensics\TE report).
PRJ-870, PRHF-2806	Logging	In a rare scenario, SmartConsole does not show indexed logs because the LOG_INDEXER process stopped working. Refer to sk152934.
PRJ-4964, SL-2456	Logging	In a rare scenario, a specific log fails to be written and an alert informing on this is displayed in SmartConsole.
PRJ-5936, PRHF-5344	Logging	In some scenarios, when retrieving the UserCheck logs, FWD process on the Security gateway may unexpectedly exit.
PRJ-1157, PRHF-3561	Logging	In SmartView, if a view contains 2 map widgets, one displaying source countries and the other displaying destination countries, drilling down on one of them may display incorrect data.
PRJ-5783, PRHF-6117	Compliance	In some scenarios, the Compliance Blade treats a non-existing rule as if it was a real rule and shows the rule index in the Firewall Best Practices relevant objects.
PRJ-5316, NAT-137	Security Gateway	In a rare scenario, Security gateway freezes when IP pool NAT and VPN are used. Refer to sk165953.
PRJ-5810, PMTR-37949	Security Gateway	In some scenarios, traffic is dropped with 'up_transaction_notify_clob failed' error in dmesg when Application Control is enabled.
PRJ-1871, PRHF-3940	Security Gateway	In some scenarios, when using Hide NAT with GRE tunnel, packets going through this GRE tunnel may get dropped. Refer to sk154492.
PRJ-5432, PMTR-42553	Security Gateway	Non-FQDN domain objects may not be enforced correctly when used in the Access policy along with updatable objects.
PRJ-1700, PRJ-4482	Security Gateway	In some scenarios, the /var/log/messages file is flooded with ICAP related errors.
PRJ-5987, PMTR-10094	Security Gateway	In a rare scenario, some commands on Security gateway fail and traffic may be dropped.
PRJ-5869, SWG-2208	Security Gateway	In a rare scenario, Security gateway crashes when proxy is enabled.
PRJ-4106, PRHF-2796	Security Gateway	In some scenarios, logs cannot be seen because the LOG_INDEXER process stopped working.
PRJ-5085, PMTR-41407	Security Gateway	Access Rule Base may not be enforced properly when wildcard objects are used in source and destination columns. Refer to sk162692.
PRJ-4748, PRHF-5313	Security Gateway	In a rare scenario, the FWK process unexpectedly exits during debug.
PRJ-3349, SWG-2013	Security Gateway	In some scenarios, a designated interface may drop packets.
PRJ-6660, PRJ-6655	Security Gateway	Performance enhancement for gzip traffic on VSX environment.
PRJ-2989, PMTR-34813	Security Gateway	In some scenarios, traffic is dropped with "[ERROR]: network_classifier_handle_dag: failed to get uuid of DAG bogus_ip" error in dmesg.
PRJ-5483, NAT-110	Security Gateway	NEW: Enhancement: NAT port exhaustion logs mechanism was updated. Refer to sk156852.
PRJ-1782, PRHF-3890	SSL Inspection	NEW: Added support of RDP over SSL inspection as part of Inbound HTTPS Inspection Blade. (Relevant for Remote Desktop Protocol Vulnerability CVE-2019-0708.)
PRJ-5468, PMTR-38358	HTTPS Inspection	In some scenarios, several applications are not matched correctly when HTTPS Inspection enabled and URL Filtering is in HOLD mode.
PRJ-5610, PRJ-5609	HTTPS Inspection	In a rare scenario, Security Gateway may crash during non-compliant HTTP traffic.
PRJ-5490, PRJ-4758	URL Filtering	NEW: Improved scalability and resiliency of URL Filtering service.
PRJ-7463, PMTR-45826	IPS	Cannot update the Geo Policy IPToCountry database on Security Gateways. Refer to sk163672.
PRJ-4359, PMTR-40826	SecureXL	In a rare scenario, Security gateway may crash if cpinfo reads from the /proc/ppk/cpls directory before SecureXL is initialized.
PRJ-6107, PRHF-5706	SecureXL	In some scenarios, connection does not to expire correctly when NAT and some Software Blades are enabled.
PRJ-4782, PMTR-40553	SecureXL	NEW: "sim if" and "sim nonaccel" commands will be deprecated. Instead, "fwaccel if" and "fwaccel nonaccel" commands will be used to accommodate multiple SecureXL instances.
PRJ-1251, PRHF-3608	SecureXL	On cluster, Drop templates are disabled on reboot. Refer to sk153412.
PRJ-7175	SecureXL	Cannot configure or use the "SecureXL Fast Accelerator" feature after installing R80.20 Jumbo HotFix Take 117 or 118.
PRJ-6099, PRHF-5450	SecureXL	In some scenarios, SecureXL drops TCP packets with "Out of state" reason.
PRJ-4590, PMTR-41002	ClusterXL	In some scenarios, arp table is not synchronized with master MAC address after fail-over.
PRJ-5895, PRHF-6145	Endpoint Security	Exported from SmartEndpoint .xlsx files may produce a warning when opened in Excel.
PRJ-586, EPS-20841	Endpoint Security	In some scenarios, SmartEndpoint shows "Unknown Error" when trying to open the "User and Computers" Tab "Top Bots" and software deployment by policy reports. Refer to sk151932.
PRJ-2915, EPS-21658	Endpoint Security	In some scenarios, when searching for a machine in SmartEndpoint and selecting it, a "Server Error" message appears. Refer to sk158432.
PRJ-2322, EPS-21609	Endpoint Security	If there is a large amount of devices which are going to be removed from the Deleted Container, the server may fail to process the epmCommands, returning "FATAL: remaining connection slots are reserved for non-replication superuser connections" error.
PRJ-6055, PRJ-1757, PRHF-3943	Gaia OS	A network interface may restart when changing its properties from WebUI if the interfaces configuration was performed via CLISH.
PRJ-6685, PRJ-6990, PMTR-44076	Gaia OS	In some scenarios, Gaia restore on Multi-Domain Server fails with error "failed to edit update registry". Refer to sk163312.
PRJ-1260, PRHF-3675	Gaia OS	CPD process may unexpectedly exit when attempting to query sensor values on Smart-1 525, Smart-1 5050 and Smart-1 5150 appliances.
PRJ-6037, GAIA-6587	Gaia OS	In some scenarios, the Smart-1 3150 appliance becomes unresponsive after enabling the optical interface. To upgrade to R80.20 using the Jumbo Hotfix, make sure all the interfaces are in state OFF. Refer to sk146512.
PRJ-407, PRJ-5595, PRHF-1739	Gaia OS	In some scenarios, Smart-1 405 and 410 appliances may show high voltage due to incorrect VBat thresholds.
PRJ-3361	Gaia OS	'\|' and '-' characters cannot be used in the message banner.
PRJ-963, PRHF-2474	Gaia OS	In some scenarios, user cannot access terminal from WebUI in monitor role mode.
PRJ-5999, ROUT-445	Routing	In a rare scenario, last two (or more) nexthops of a BGP ECMP route disappear simultaneously and are not removed from the forwarding database. Refer to sk153552.
PRJ-6109, PRHF-6139	Routing	In a rare scenario, the ROUTED process may unexpectedly exit during ClusterXL failover when BGP is configured. Refer to sk165682.
PRJ-3613, ROUT-679	Routing	In some scenarios, OSPFv3 LS updates of the default route are not accepted by the Security gateway for Stub/TSA areas. Refer to sk161472.
PRJ-6061, PRHF-2798	Routing	In a rare scenario, the routed process may unexpectedly exit when a route with a local address as a nexthop is received.
PRJ-4848, ROUT-484	Routing	In some scenarios, legitimate subnets of 0.0.0.0 (for example 0.0.0.0/1) cannot be configured for certain routing features, like static routes, PBR, routemaps, etc.
PRJ-4675, PMTR-41221	VSX	VSX configuration cannot not be applied after upgrade from R77.x to R80.x, due to duplicated VSX routes.
PRJ-5921, PRHF-6345	VSX	In some scenarios, IGMP traffic is dropped by "local interface address spoofing" in VSX HA. Refer to sk162953.
PRJ-4647, PRHF-4819	VPN	In some scenarios, traffic is not working over Site-to-Site VPN after an upgrade.