Take 134 - Ongoing
List of Resolved Issues and New Features
|
Note - This Take contains all fixes from all earlier Takes. |
ID |
Product |
Description |
---|---|---|
Take 134 Released on 14 January 2020 |
||
PRJ-7660 |
Upgrade Tools |
In some scenarios, migration with R80.20 Migration Tool fails with "Database export was done with migration tools for different version" error. |
PRJ-6821, |
Upgrade Tools |
In some scenarios, cannot export a database using the migration tools of the current version while there are open sessions in the database. |
PRJ-3378, |
Security Management |
In a rare scenario, the $CPDIR/tmp/ directory is filled with "CKP_mutex::_opt_CPsuite-RXX_fw1_log__..." files. Refer to sk36754. |
PRJ-5494, |
Security Management |
NEW: Added the policy verifier memory enhancement and additional debugging options. Refer to sk162453. |
PRJ-4970, |
Security Management |
In some scenarios, disconnected sessions with no changes or locks appear in SmartConsloe session view. |
PRJ-3038, |
Security Management |
In some scenarios, the Management Server takes a long time to start or even fails to start. |
PRJ-8094, |
Security Management |
In some scenarios, policy installation fails when installation target is Check Point Host. |
PRJ-7917, |
Security Management |
When installing policy to a Cisco router, an automatic ACL number change may cause networking issues. |
PRJ-7412, |
Security Management |
In a rare scenario, all users connected to the Management Server get disconnected and new logins fail until the Management Server is restarted. |
PRJ-5096, |
Security Management |
When an administrator edits the description of a revision, he becomes the publisher of the revision. |
PRJ-7039, |
Security Management |
The 'fwm sic_reset' command does not print which object still has an IKE certificate. |
PRJ-7105, |
Multi-Domain Management |
The cma_migrate may fail if the IPS version does not exist on the R80.x Multi-Domain Management Server. |
PRJ-7832, |
Multi-Domain Management |
In some scenarios, upgrade of R7x secondary Multi-Domain Management Server or Multi-Domain Log Server fails. |
PRJ-6694, |
Multi-Domain Management |
Improved Domain/CMA logs visibility. |
PRJ-4261, |
SmartConsole |
When performing login using mgmt_cli as root admin (with '-r' set to "true"), session timeout is not set. |
PRJ-6842, |
SmartConsole |
NEW: Added integration of Management API with Ansible 2.9. For more info, see: https://galaxy.ansible.com/check_point/mgmt |
PRJ-7944, |
SmartConsole |
In some scenarios, when running the "show-mdss" command with "details-level full" option, not all Domains are retrieved. |
PRJ-6941, |
SmartConsole |
In a rare scenario, policy installation fails with "Policy installation had failed due to an internal error". Refer to sk163482. |
PRJ-6643, |
SmartConsole |
In some scenarios, administrator cannot open the 'RemoteAccess' - VPN community object for editing. |
PRJ-6933, |
SmartConsole |
Threat prevention policy installation may include wrong topology warning on VSX cluster interfaces. |
PRJ-5373, |
SmartConsole |
In Multi-Domain environment, IPS protections become staging on each domain after global policy assignment while the protection does have override/staging status in the global domain. |
PRJ-2437, |
SmartConsole |
When disabling NAT for a network object and searching for the NAT IP address, the network object is still shown as part of the search results even though it should not be. |
PRJ-6046, |
Security Gateway |
Improved misleading log for connections that terminate before detection. |
PRJ-5889, |
Security Gateway |
In some scenarios, enabling the Multi-Queue on a line card enables the Multi-Queue also on the on-board interfaces. Refer to sk162622. |
PRJ-7486, |
Security Gateway |
Connectivity issues on some HTTPS sites (as login pages) when Security gateway is configured as proxy. Refer to sk147878. |
PRJ-8196, |
Security Gateway |
Since R80.20, in some scenarios, predictable TCP sequences are generated by the Security Gateway. Refer to sk164775. |
PRJ-7869, |
Security Gateway |
Improved DNS caching and negative DNS response handling. |
PRJ-8097, |
Security Gateway |
Improved a Proxy connectivity while Anti-Virus Blade works in Hold mode. |
PRJ-7338, |
Security Gateway |
In a rare scenario, Security gateway may crash. |
PRJ-7243 |
Security Gateway |
In some scenarios, connectivity issues may appear when ISP redundancy is configured. |
PRJ-7751, |
Security Gateway |
In some scenarios, no SIC after applying the ICA certificate replacement procedure. |
PRJ-7622, |
Logging |
In a rare scenario, when exporting logs to Excel, the resulted file is smaller than expected. |
PRJ-7814, |
Logging |
In a rare scenario involving multiple disconnections and reconnections between Security gateway and Log Server, connection is not automatically restored and logs may not be written locally. Refer to sk164852. |
PRJ-6854, |
Logging |
In a rare scenario, the "Logs & Monitor" view in SmartConsole freezes while scrolling down the results. |
PRJ-6639, |
Logging |
In some scenarios, the user cannot see his Check Point logs in the LogRhythm platform using Log Exporter. |
PRJ-5880, |
QoS |
QoS Time Objects are not enforced in R80.20. Refer to sk163074. |
PRJ-1020, |
DLP |
DLP activation was optimized to reduce the CPU consumption. |
PRJ-8195, |
URL Filtering |
In some scenarios, HTTPS traffic is not categorized as expected. |
PRJ-7718, |
Application Control |
In some scenarios, HTTP traffic is blocked with "HTTP parsing error occurred (2)" and "parameters are undecodable in request" errors. Refer to sk160092. |
PRJ-7637, |
ClusterXL |
The "set router-options auto-restore-iface-routes" command is now deprecated. |
PRJ-7552, |
ClusterXL |
In a rare scenario in a ClusterXL environment, SYN Defender may incorrectly drop a valid traffic. |
PRJ-2546 |
SecureXL |
In some scenarios, SNMP queries for SecureXL OIDs return incorrect values. |
PRJ-6946, PRHF-6356 |
SecureXL |
Some traffic may not pass when Policy Based Routing (PBR) and SecureXL are enabled. Refer to sk163252. |
PRJ-4827, |
SecureXL |
With SecureXL enabled, after VRRP cluster failover all TCP connections become expired. Refer to sk162052. |
PRJ-7560, |
SecureXL |
In some scenarios, SecureXL drops the TCP traffic for the particular connection for invalid state reasons. Refer to sk147093. |
PRJ-6747, |
SecureXL |
In a rare scenario, FTP Data connections do not pass while SYN Defender is active and enforcing. |
PRJ-6750, |
SecureXL |
Drop templates are not disabled for USFW (User space Firewall mode). |
PRJ-1544, |
Gaia OS |
In some scenarios, the VSX Management fails to be properly restored from backup. |
PRJ-6789, |
Gaia OS |
"Gaia Web-UI recognized a non-valid input data" error when creating a scheduled backup in WebUI via SCP or FTP with special characters used. |
PRJ-6589, |
Gaia OS |
16000 and 26000 Appliances with CPAC-4-1/10F-C NICs (using i40e driver) connected to some specific Cisco switches are flapping. Refer to sk163267. |
PRJ-7406, |
Routing |
When MaaS tunnels are added, the ROUTED process may unexpectedly exit. |
PRJ-6577, |
Routing |
For compliance and interoperability with BGP peers implementing older RFC, no BGP capability is advertised if peer does not advertise it first. |
PRJ-5883, |
VSX |
The "vsx_util vsls" command does not display in full the long names of the VSX server name. Refer to sk163073. |
PRJ-6964, |
VSX |
In some scenarios, when running the 'cphaprob show_bond' command, one of the bond's subordinates may be missing from the output. Refer to sk163333. |
PRJ-3403, |
VPN |
SmartView Monitor VPN tunnel status may show incorrect or missing tunnels status for a cluster object. |
PRJ-1993, |
VPN |
NEW: Improved supernetting handling with 3rd party peers in IKEv2. |
PRJ-7265, |
VPN |
In some scenarios, connectivity issue may appear in VPN and HTTPS portals. Refer to sk109140. |
PRJ-7121, |
VPN |
Packets from SSL Network Extender are dropped: "Reason: decrypted and user methods are not identical (VPN Error code 01)". Refer to sk163636. |
PRJ-2603, |
VPN |
If the VPN tunnel is configured with GCM ciphers for Phase 2, encrypted traffic may be dropped. Refer to sk152832. |
PRJ-7182, |
CloudGuard |
Public IP addresses for Virtual Machines and Virtual Machines Scale Sets may be missing. |
PRJ-7065 |
CloudGuard |
In some scenarios, subnet objects may not contain all the relevant IP addresses for VMSS VMs. |
PRJ-7381, |
CloudGuard |
During a license pool creation, when a Blade service is shared between different licenses, the vsec_lic_cli tool may create multiple pools instead of one. |
PRJ-5940, |
Endpoint Security |
NEW: Added the feature to use epmCommands with object nids. |
PRJ-5754, |
Endpoint Security |
Endpoint Management may fail on FileVault recovery for MacOS clients when a computer re-joins a domain. |
PRJ-5942, |
Endpoint Security |
Some messages in self-help portal are not properly localized in Japanese. |
PRJ-7302, |
Mobile Access |
In a rare scenario, when Mobile Access Blade is enabled, Security gateway may crash with vmcore. |