Take 149 - Ongoing

List of Resolved Issues and New Features

Note - This Take contains all fixes from all earlier Takes.

ID	Product	Description
Take 149 Released on 1 April 2020
PRJ-9470, PRJ-9461	Security Management	NEW: Added ability for R80.20 Security Management or Multi-Domain Server to manage R80.40 Security gateway. Refer to sk164652. Requires R80.20 SmartConsole Build 114 (or higher).
PRJ-10087, PMTR-50276	Security Management	The cpm_solr process may unexpectedly exit and cause one of the following: The upgrade of a Management machine may stuck on 58% The Management HA synchronization may fail with "NGM failed to import data" error Users may not be able to log in.
PRJ-9159, PMTR-48267	Security Management	When reverting a security layer to a previous revision, if there are rules which are currently disabled, but were enabled in the selected previous revision (or vice versa), their status may not be reverted.
PRJ-8375, PRHF-7874	Security Management	In some scenarios, the exported database may be very large and include redundant data.
PRJ-8858, PMTR-48652	Security Management	If the database contains an internal user object with the same account name as an administrator object, then after the user publishes any change to the administrator object, the login in a VPN client with the internal user account may fail.
PRJ-8798, PMTR-48610	Security Management	If the database contains an internal user object with the same account name as an administrator object, then after the user publishes any change to the internal user object, the login in SmartConsole with the administrator account may fail.
PRJ-5446, PMTR-40663	Security Management	In some scenarios, an unclear error appears when the user imports a global policy on a Multi-Domain Management Server. The error is caused by a mismatch between the leading interface defined on the machine and the one defined in the database.
PRJ-9264, PMTR-49516	Security Management	Policy verification may fail after the user does the following steps: Configures specific install targets for a policy, publishes them, changes the install targets back to "All Gateways", and tries to install them on a Gateway which is not in the original list of targets.
PRJ-5449, PMTR-42420	Security Management	In some scenarios, an upgrade from R7x secondary Multi-Domain Server with active Domains may fail.
PRJ-7767, PRHF-7425	Security Management	In rare scenarios, publishing a session fails with the following "Action Failed due to an Internal Error" error. Discarding the session in SmartConsole completes as "discarded", but the changes are still there. The same behavior occurs in the Management API: mgmt_cli -r true discard uid <UID> number-of-discarded-changes: 4 message: "OK"
PRJ-9592, PMTR-38555	Security Management	Security hardening: The Management Server will block connection requests with a TLS version below 1.2 on port 19009.
PRJ-7589, PMTR-38305	Security Management	In a rare scenario, following a failure to delete a Domain, the Management Server may fail to start.
PRJ-8403, PRJ-8402	Security Management	In a rare scenario, the Security Management Server does not start due to a missing object, or a duplication of objects.
PRJ-9082, PMTR-47530	Security Management	In some scenarios, IPS update fails in the Global Domain after an upgrade from R80.10.
PRJ-677, PMTR-36302	Security Management	In some scenarios, Check Point services fail to start and the CPM log shows that there are duplicate session aggregators.
PRJ-10745, PMTR-50936	Multi-Domain Management	In some scenarios, policy installation from the Domain Management Server fails after mds_backup procedure that was interrupted. Refer to sk165559.
PRJ-10525, PRHF-8686	Multi-Domain Management	Upgrade of Multi-Domain Server may fail if Sync With User Center is running.
PRJ-8450, PMTR-47772	Multi-Domain Management	The Administrator and Trusted Clients pop-up editors at the Multi-Domain Server level show all domain names linked to these objects. Domain Managers with partial permissions, may see the names of domains that they are not permitted to see.
PRJ-5099, PMTR-41234	SmartConsole	When editing the description of a revision, the "Changes" field is reset to 0.
PRJ-9020, PRJ-8753	SmartConsole	In some scenarios, on a Global domain, when the user sets a logging option of an IPS protection whose activation is Detect or Prevent, the activation of the protection is set to "Inactive" on the local domain after an Assign Global Policy operation.
PRJ-8133, PMTR-45751	SmartEvent	"The process <process-name> which is monitored by watchdog restarted more than once in the last half an hour" error may appear in the SmartEvent GUI status window even though the process has been up for more than 30 minutes.
PRJ-10141, PMTR-43309	SmartProvisioning	Deletion of LSM ROBO cluster may cause the FWM process so unexpectedly exit.
PRJ-7881, PRJ-7879	Security Gateway	In a rare scenario, there is no HTTPS Inspection when ICAP client is enabled.
PRJ-7373, PMTR-45566	Security Gateway	Improved multicast routing under high load and/or during system initialization.
PRJ-10029, PMTR-50431	Security Gateway	In a rare scenario, when the web server is defined, policy installation fails with "Error code 0-20000111".
PRJ-6697, PMTR-44388	Logging	In some scenarios, exporting a large number of logs to Excel may fail and cause SmartView to restart.
PRJ-9970, SL-3551	Logging	In a Multi-Domain environment, one or more CMA's SMARTLOG_SERVER processes may fail to start after upgrade. Refer to sk165262.
PRJ-8681, PRHF-7856	Logging	In some scenarios, Threat Emulation Logs cannot be viewed in the logging or reporting views because of a certain format of the "file size" field sent from the Security Gateway.
PRJ-2628	Logging	In some scenarios, in a Multi-Domain environment with more than 50 domains, some domains are not seen in the SmartEvent GUI.
PRJ-10757, IDA-2866	Identity Awareness	In some scenarios, multiple "idapi_load_data_impl: session id <Session ID> not found in client_db, although ip <Session IP> was assigned to it" errors appear in /var/log/messages file. Refer to sk167174.
PRJ-8423, IDA-2022	Identity Awareness	Identity Awareness performance improvements in large scale environments.
PRJ-10736, PRHF-9265	SSL Inspection	In a rare scenario, a memory leak may appear when SSL inspection is enabled.
PRJ-8339, PMTR-47846	SSL Inspection	In a rare scenario, memory leak may appear in ICAP client when HTTPS Inspection is enabled.
PRJ-7652, PMTR-45863	SSL Inspection	HTTPS Inspection's default CA certificate was upgraded to use a signing algorithm based on SHA256 instead of SHA1. Refer to sk163932.
PRJ-7843, PMTR-45726	Routing	In a rare scenario, Netflow does not report outbound flow records.
PRJ-8767, PMTR-46170	Routing	PIM may be unable to resolve outbound interface of multicast route when unicast route lookup fails.
PRJ-7491, PMTR-39273	Routing	In some scenarios, the CLISH command for PBR results in an error.
PRJ-9073, PRHF-8337	Routing	In some scenarios, a corrupted BGP AS4_PATH attribute value may result in an invalid, long BGP update that is rejected by the BGP peer.
PRJ-10180, PMTR-39590	SecureXL	In a rare scenario under heavy load, SecureXL crash may be experienced.
PRJ-9126, PMTR-46873	SecureXL	NEW: Added acceleration support for Ethernet Over IP Tunneling (EOIP). EOIP is RFC 3378 protocol # 97 used between Wireless AP and Wireless Cisco controller.
PRJ-8984, PMTR-44150	SecureXL	When NAT-T packets pass through a Security gateway, this traffic may be dropped.
PRJ-10805, PRJ-10806, PMTR-50836	Gaia OS	CVE-2020-8597: pppd is vulnerable to buffer overflow. Refer to sk165875.
PRJ-9038, PMTR-29811	VPN	Connectivity improvement of IPSec tunnels when IKEv2 is configured.
PRJ-11034, PMTR-36437	VPN	In some scenarios, VPN traffic distribution change may cause high CPU consumption on one CPU core. Refer to sk165853.