Take 134 - Ongoing

List of Resolved Issues and New Features

Note - This Take contains all fixes from all earlier Takes.

ID

Product

Description

Take 134

Released on 14 January 2020

PRJ-7660

Upgrade Tools

In some scenarios, migration with R80.20 Migration Tool fails with "Database export was done with migration tools for different version" error.

PRJ-6821,
PMTR-37053

Upgrade Tools

In some scenarios, cannot export a database using the migration tools of the current version while there are open sessions in the database.

PRJ-3378,
PMTR-39797

Security Management

In a rare scenario, the $CPDIR/tmp/ directory is filled with "CKP_mutex::_opt_CPsuite-RXX_fw1_log__..." files. Refer to sk36754.

PRJ-5494,
PRHF-5881

Security Management

NEW: Added the policy verifier memory enhancement and additional debugging options. Refer to sk162453.

PRJ-4970,
PRHF-5435

Security Management

In some scenarios, disconnected sessions with no changes or locks appear in SmartConsloe session view.

PRJ-3038,
PMTR-39305

Security Management

In some scenarios, the Management Server takes a long time to start or even fails to start.

PRJ-8094,
PRHF-7729

Security Management

In some scenarios, policy installation fails when installation target is Check Point Host.

PRJ-7917,
PRHF-7614

Security Management

When installing policy to a Cisco router, an automatic ACL number change may cause networking issues.

PRJ-7412,
CPM-2541

Security Management

In a rare scenario, all users connected to the Management Server get disconnected and new logins fail until the Management Server is restarted.

PRJ-5096,
PMTR-41712

Security Management

When an administrator edits the description of a revision, he becomes the publisher of the revision.

PRJ-7039,
PRHF-6722

Security Management

The 'fwm sic_reset' command does not print which object still has an IKE certificate.

PRJ-7105,
PRHF-6605

Multi-Domain Management

The cma_migrate may fail if the IPS version does not exist on the R80.x Multi-Domain Management Server.

PRJ-7832,
PMTR-43461

Multi-Domain Management

In some scenarios, upgrade of R7x secondary Multi-Domain Management Server or Multi-Domain Log Server fails.

PRJ-6694,
PMTR-44390

Multi-Domain Management

Improved Domain/CMA logs visibility.

PRJ-4261,
PMTR-45046

SmartConsole

When performing login using mgmt_cli as root admin (with '-r' set to "true"), session timeout is not set.

PRJ-6842,
API-841

SmartConsole

NEW: Added integration of Management API with Ansible 2.9. For more info, see: https://galaxy.ansible.com/check_point/mgmt

PRJ-7944,
PMTR-46715

SmartConsole

In some scenarios, when running the "show-mdss" command with "details-level full" option, not all Domains are retrieved.

PRJ-6941,
PRHF-6754

SmartConsole

In a rare scenario, policy installation fails with "Policy installation had failed due to an internal error". Refer to sk163482.

PRJ-6643,
PRHF-6606

SmartConsole

In some scenarios, administrator cannot open the 'RemoteAccess' - VPN community object for editing.

PRJ-6933,
PRHF-6842

SmartConsole

Threat prevention policy installation may include wrong topology warning on VSX cluster interfaces.

PRJ-5373,
PMTR-43427

SmartConsole

In Multi-Domain environment, IPS protections become staging on each domain after global policy assignment while the protection does have override/staging status in the global domain.

PRJ-2437,
PRHF-4184

SmartConsole

When disabling NAT for a network object and searching for the NAT IP address, the network object is still shown as part of the search results even though it should not be.

PRJ-6046,
PMTR-43654

Security Gateway

Improved misleading log for connections that terminate before detection.

PRJ-5889,
PRHF-6029

Security Gateway

In some scenarios, enabling the Multi-Queue on a line card enables the Multi-Queue also on the on-board interfaces. Refer to sk162622.

PRJ-7486,
GAIA-4638

Security Gateway

Connectivity issues on some HTTPS sites (as login pages) when Security gateway is configured as proxy. Refer to sk147878.

PRJ-8196,
PMTR-47784

Security Gateway

Since R80.20, in some scenarios, predictable TCP sequences are generated by the Security Gateway. Refer to sk164775.

PRJ-7869,
SWG-2361

Security Gateway

Improved DNS caching and negative DNS response handling.

PRJ-8097,
PMTR-46330

Security Gateway

Improved a Proxy connectivity while Anti-Virus Blade works in Hold mode.

PRJ-7338,
MUX-193

Security Gateway

In a rare scenario, Security gateway may crash.

PRJ-7243

Security Gateway

In some scenarios, connectivity issues may appear when ISP redundancy is configured.

PRJ-7751,
PRHF-7389

Security Gateway

In some scenarios, no SIC after applying the ICA certificate replacement procedure.

PRJ-7622,
PMTR-31257

Logging

In a rare scenario, when exporting logs to Excel, the resulted file is smaller than expected.

PRJ-7814,
PMTR-42519

Logging

In a rare scenario involving multiple disconnections and reconnections between Security gateway and Log Server, connection is not automatically restored and logs may not be written locally. Refer to sk164852.

PRJ-6854,
PMTR-42177

Logging

In a rare scenario, the "Logs & Monitor" view in SmartConsole freezes while scrolling down the results.

PRJ-6639,
SL-2819

Logging

In some scenarios, the user cannot see his Check Point logs in the LogRhythm platform using Log Exporter.

PRJ-5880,
QOS-67

QoS

QoS Time Objects are not enforced in R80.20. Refer to sk163074.

PRJ-1020,
PRHF-2795

DLP

DLP activation was optimized to reduce the CPU consumption.

PRJ-8195,
MBS-8939

URL Filtering

In some scenarios, HTTPS traffic is not categorized as expected.

PRJ-7718,
PMTR-39944

Application Control

In some scenarios, HTTP traffic is blocked with "HTTP parsing error occurred (2)" and "parameters are undecodable in request" errors. Refer to sk160092.

PRJ-7637,
PMTR-46064

ClusterXL

The "set router-options auto-restore-iface-routes" command is now deprecated.

PRJ-7552,
PRHF-7071

ClusterXL

In a rare scenario in a ClusterXL environment, SYN Defender may incorrectly drop a valid traffic.

PRJ-2546

SecureXL

In some scenarios, SNMP queries for SecureXL OIDs return incorrect values.

PRJ-6946, PRHF-6356

SecureXL

Some traffic may not pass when Policy Based Routing (PBR) and SecureXL are enabled. Refer to sk163252.

PRJ-4827,
PRHF-5032

SecureXL

With SecureXL enabled, after VRRP cluster failover all TCP connections become expired. Refer to sk162052.

PRJ-7560,
PRHF-7247

SecureXL

In some scenarios, SecureXL drops the TCP traffic for the particular connection for invalid state reasons. Refer to sk147093.

PRJ-6747,
PMTR-42788

SecureXL

In a rare scenario, FTP Data connections do not pass while SYN Defender is active and enforcing.

PRJ-6750,
GAIA-5914

SecureXL

Drop templates are not disabled for USFW (User space Firewall mode).

PRJ-1544,
GAIA-4880

Gaia OS

In some scenarios, the VSX Management fails to be properly restored from backup.

PRJ-6789,
PRJ-6159,
PRHF-6143

Gaia OS

"Gaia Web-UI recognized a non-valid input data" error when creating a scheduled backup in WebUI via SCP or FTP with special characters used.

PRJ-6589,
GAIA-6588

Gaia OS

16000 and 26000 Appliances with CPAC-4-1/10F-C NICs (using i40e driver) connected to some specific Cisco switches are flapping. Refer to sk163267.

PRJ-7406,
PMTR-45530

Routing

When MaaS tunnels are added, the ROUTED process may unexpectedly exit.

PRJ-6577,
PRHF-6603

Routing

For compliance and interoperability with BGP peers implementing older RFC, no BGP capability is advertised if peer does not advertise it first.

PRJ-5883,
VSX-2190

VSX

The "vsx_util vsls" command does not display in full the long names of the VSX server name. Refer to sk163073.

PRJ-6964,
PMTR-44031

VSX

In some scenarios, when running the 'cphaprob show_bond' command, one of the bond's subordinates may be missing from the output. Refer to sk163333.

PRJ-3403,
VPNS2S-417

VPN

SmartView Monitor VPN tunnel status may show incorrect or missing tunnels status for a cluster object.

PRJ-1993,
PMTR-37912

VPN

NEW: Improved supernetting handling with 3rd party peers in IKEv2.

PRJ-7265,
CRYPTOIS-903

VPN

In some scenarios, connectivity issue may appear in VPN and HTTPS portals. Refer to sk109140.

PRJ-7121,
VPNRA-300

VPN

Packets from SSL Network Extender are dropped: "Reason: decrypted and user methods are not identical (VPN Error code 01)". Refer to sk163636.

PRJ-2603,
PMTR-25655

VPN

If the VPN tunnel is configured with GCM ciphers for Phase 2, encrypted traffic may be dropped. Refer to sk152832.

PRJ-7182,
PMTR-44859

CloudGuard

Public IP addresses for Virtual Machines and Virtual Machines Scale Sets may be missing.

PRJ-7065
PMTR-45006

CloudGuard

In some scenarios, subnet objects may not contain all the relevant IP addresses for VMSS VMs.

PRJ-7381,
PRHF-7119

CloudGuard

During a license pool creation, when a Blade service is shared between different licenses, the vsec_lic_cli tool may create multiple pools instead of one.

PRJ-5940,
PRHF-5289

Endpoint Security

NEW: Added the feature to use epmCommands with object nids.

PRJ-5754,
EPS-22621

Endpoint Security

Endpoint Management may fail on FileVault recovery for MacOS clients when a computer re-joins a domain.

PRJ-5942,
PRHF-5936

Endpoint Security

Some messages in self-help portal are not properly localized in Japanese.

PRJ-7302,
PRHF-4371

Mobile Access

In a rare scenario, when Mobile Access Blade is enabled, Security gateway may crash with vmcore.