Take 160 - Ongoing
List of Resolved Issues and New Features
|
Note - This Take contains all fixes from all earlier Takes. |
ID |
Product |
Description |
---|---|---|
Take 160 Released on 2 June 2020 |
||
PRJ-8806, |
Diagnostics |
SmartView Monitor may not show a match on accelerated QoS traffic. All or part of the traffic may be matched on "No Match". |
PRJ-10630, |
Installation |
Firmware upgrade for Small Office appliance using SmartProvisioning in Multi-Domain Management environment may fail. |
PRJ-9777, |
Security Management |
NEW: Added ability to search in the Management Server by adding asterisk before any sequence of characters. For more information, refer to sk164873.
|
PRJ-8643, |
Security Management |
NEW: Performance enhancements while the Management Server is under high load. |
PRJ-12009, |
Security Management |
NEW: Significant performance improvement for policy installation time when many groups are defined on the Management Server. |
PRJ-10899, |
Security Management |
NEW: Set values for environment variables on the Management Server that will remain there after a Management Server upgrade, as well as Backup/Restore and Export/Import of the Management Server. Refer to sk165938. |
PRJ-11707, |
Security Management |
NEW: Performance and stability improvements for large environments. |
PRJ-10993, |
Security Management |
NEW: Added ICA Management security enhancements. |
PRJ-12358, |
Security Management |
The "Recent Tasks" and "Install Policy Preset" views in MDS Domain may include Domain names, policy packages, and Gateways names. This information is not filtered according to the administrator's permission profile. |
PRJ-8792, |
Security Management |
Improved the Access Control Policy installation time for environments with high amount of objects and enabled IPSEC VPN Blade. Refer to sk166321. |
PRJ-6703, |
Security Management |
In a rare scenario, when viewing the Layer History, some revisions not relevant to the selected Layer may be shown. |
PRJ-10471, |
Security Management |
In a rare scenario, export does not completes because the Postgres dump_all process gets stuck. |
PRJ-7469, |
Security Management |
Global policy reassignment may fail after a rulebase is deleted in the Global Domain. |
PRJ-7783, |
Security Management |
In some scenarios, HA synchronization in the Global Domain fails with the "Failed to sync peer - Global Domain is incompatible with the Domains." error. |
PRJ-9213, |
Security Management |
Logging into SmartConsole to the Standby Management Server with a RADIUS or TACACS user may fail after changing the shared secret on the RADIUS or TACACS object. |
PRJ-9088, |
Security Management |
In a rare scenario, when an environment has many Gateways (dozens), the FWM daemon may unexpectedly exit when 4 GB of memory is reached. Refer to sk165015. |
PRJ-8229, |
Security Management |
The "Unused Objects" filter in Object Explorer may display a failure message if there are more than 20000 unused objects.
|
PRJ-7818, |
Security Management |
In some scenarios, SmartView Monitor unexpectedly terminates when the user selects the Specific QoS Rules option in Top QoS Rules. |
PRJ-7886, |
Security Management |
In some scenarios, when the user modifies a policy rule and creates a section above it in the same session, the log tracker shows that the rule was created instead of modified. |
PRJ-5793, |
Security Management |
In some scenarios, after the user manually performs "Full Sync", a newly created secondary Domain Server or Domain Log Server is not shown in SmartConsole's Domains view. |
PRJ-9298, |
Security Management |
In a rare scenario, the "SmartDashboard component failed to connect to server <IP address>. Please contact technical support" error is displayed in SmartConsole when opening the Management object for editing. |
PRJ-9321, |
Security Management |
In some scenarios, a disconnected SmartView Monitor session appears in SmartConsole with a grayed out 'Disconnect' option, which cannot be discarded. Refer to sk165037. |
PRJ-8864, |
Security Management |
When an administrator fails to publish another administrator's session, the session of the other administrator disappears from the Sessions view in SmartConsole. |
PRJ-9085 |
Security Management |
In some scenarios, Management HA synchronization fails with "Failed to export data" error after an advanced upgrade from R77.x to R80.20 Jumbo Hotfix Take 103. |
PRJ-7456, |
Security Management |
In some scenarios, upgrade fails with the "Satellite object of type GatewayAggregator not found for core object" message in cpm.elg file. |
PRJ-9278, |
Multi-Domain Management |
NEW: Performance improvement for Multi-Domain environments in which many administrators are connected. |
PRJ-11506, |
Multi-Domain Management |
A migration from Security Management server to a Domain on a Multi-Domain Management Server may fail with: "didn't find ObjectStoreSessionEntity for session <uuid> return null" error in cpm.elg file. |
PRJ-10529, |
Multi-Domain Management |
The mds_import.sh script may fail if the IPS version for a Domain/CMA does not exist on the R80.x Multi-Domain Management Server. |
PRJ-8415, |
Multi-Domain Management |
When the user runs the 'add-domain' Web API command on an existing Domain, the original Domain is deleted. |
PRJ-11524, |
Multi-Domain Management |
In rare scenarios, upgrading the Multi-Domain Server fails to upgrade some Domain Servers with "IllegalArgumentException" in the upgrade log. |
PRJ-11175, |
Multi-Domain Management |
In some scenarios, Full synchronization fails in the Global Domain with "Full sync with peer '[Peer Name]' NGM failed to import data" error. Refer to sk145972. |
PRJ-10364, |
Multi-Domain Management |
After performing Full synchronization or failover of the Global Domain, the following operations may fail (refer to sk145972):
|
PRJ-11165, |
Multi-Domain Management |
In a rare scenario, synchronization between Multi-Domain Management Servers breaks after revisions purge operation. |
PRJ-12064, |
Multi-Domain Management |
The FWM process of domains may not stop after the user runs mdsstop or mdsstop_customer. |
PRJ-10525, |
Multi-Domain Management |
Upgrade of Multi-Domain Server may fail if Sync With User Center is running. |
PRJ-9697, |
Multi-Domain Management |
MLM may open a connection to the reversed IP address of the Multi-Domain Server. |
PRJ-10036, |
Multi-Domain Management |
In some scenarios, CPUSE and advanced Multi-Domain Management upgrade are stuck at "Upgrading products: 58%". Refer to sk146933. |
PRJ-6984, |
Multi-Domain Management |
In some scenarios, there may be high Solr CPU on Multi-Domain Management Servers with dozens of Domains. |
PRJ-9239, |
Multi-Domain Management |
In some scenarios, secondary MDS or MLM fail to renew a management certificate. Refer to sk164732. |
PRJ-5742 |
SmartConsole |
NEW: LDAP advanced query now supports ANR filtering. |
PRJ-9291, |
SmartConsole |
NEW : Enhancement: Two new flags were added for the performance improvement of Threat Protection API commands: 'show-profiles' and 'show-ips-additional-properties'. The default value for both flags is false. |
PRJ-11072, |
SmartConsole |
NEW: Added ability to reset the following network object fields to be empty through the Management API: ipv4-address, ipv6-address, subnet4, subnet6, mask-length4, and mask-length6. |
PRJ-5102, |
SmartConsole |
"An internal error has occurred" message may pop up when the user tries to modify a Revision's description. |
PRJ-732, |
SmartConsole |
"An internal error has occurred. (Code: 0x8003001D, Could not access file for write operation)" error is displayed when editing IKE PSK on "External User Profile" objects using Legacy SmartDashboard. Refer to Scenario 2 in sk119973. |
PRJ-4102, |
SmartConsole |
In "Top services" view of SmartView Monitor, "cp_tcp_A936BBAC_EBC3_4F18_B3CC_A63365F07477*" service is displayed instead of "https" service. Refer to sk146052. |
PRJ-9550, |
SmartConsole |
When the user invokes the 'show-access-layer' API command, the parent layer may be missing from the output result. |
PRJ-8700, |
SmartConsole |
The shared secret's edit button may be grayed out. |
PRJ-9464, |
SmartConsole |
In some scenarios, when the user attempts to delete a Gateway / Cluster member, an error message may appear and the operation may not complete successfully. |
PRJ-72, |
SmartConsole |
Objects of Unused Access Roles are not visible in the Object Explorer. Refer to sk151896. |
PRJ-1448, |
SmartConsole |
In some scenarios, the api.elg log is flooded with the "Returning default standard reply class" message. |
PRJ-11904, |
SmartConsole |
In rare scenarios, certain domain level objects may not be visible in SmartConsole at the MDS level. |
PRJ-9078, |
SmartConsole |
In some scenarios, the Management Server may unexpectedly exit following authenticated API commands to create or update objects with extremely long comments. |
PRJ-8133, |
SmartEvent |
"The process <process-name> which is monitored by watchdog restarted more than once in the last half an hour" error may appear in the SmartEvent GUI status window even though the process has been up for more than 30 minutes. |
PRJ-7496, |
SmartEvent |
When using SmartEvent automatic reactions, *.MHT files in $RTDIR/tmp directory are not cleaned up in case of email sending failure. |
PRJ-4328, |
SmartEvent |
In some scenarios, automatic reactions in SmartEvent are sent with the "Destination address" field containing the resolved country name instead of the raw IP value. Refer to sk146992. |
PRJ-433, |
SmartEvent |
In SmartEvent, when the user customizes an event to accumulate logs by the field UUID, logs with UUID equal to 0 may not be correlated. |
PRJ-8016, |
SmartView |
SmartView may show wrong time in tables and graphs for clients located in Brazil. |
PRJ-9645, |
Security Gateway |
NEW: Added support for the bridge configuration when packet is passing via the Security gateway twice. |
PRJ-3476, |
Security Gateway |
In a topology in which Client and Server are connected to the Security Gateway using two different interfaces each, for example: Client -- eth1 <Gateway> eth2 -- Server Client -- eth3 <Gateway> eth4 -- Server The response packets from Server to Client may be incorrectly routed back to the Server because of an incorrect route cache in the Security Gateway. |
PRJ-8648, |
Security Gateway |
In a rare scenario, ICAP client requires manual steps to activate RESP mode after running cpstop ; cpstart. |
PRJ-11953, |
Security Gateway |
In a rare scenario, Security Gateway may crash due to NULL pointer reference. |
PRJ-8750, |
Security Gateway |
In some scenarios, incorrect number of outbound interfaces may be received when SecureXL is disabled. |
PRJ-4612, |
Security Gateway |
In some scenarios, policy installation fails with "configload_mgmt_compile: Failed to run compiler command". |
PRJ-8503, |
Security Gateway |
In some scenarios, there may be connectivity problems with DHCP traffic. |
PRJ-10838, |
Security Gateway |
Improved the in.aftpd process memory management. |
PRJ-1213, |
Security Gateway |
In a rare scenario, the Security Gateway may crash due to a NULL pointer reference. |
PRJ-5729, |
Security Gateway |
In some scenarios, SIP traffic may be dropped by Anti-Spoofing with "fw_early_sip_nat Reason: spoofed packet on SIP traffic" error in dmesg although it is set to"detect". |
PRJ-2410, |
Security Gateway |
DCE-RPC traffic may be dropped because of a drop template that is incorrectly created for the ALL_DCE_RPC service. |
PRJ-10565 |
Security Gateway |
In some scenarios, wrong service name appears in SmartConsole logs. |
PRJ-4091, |
Security Gateway |
Using spaces in the $FWDIR/boot/modules/fwkern.conf file may cause long reboot time. |
PRJ-8151, |
Security Gateway |
Policy installation on Cluster may fail if the Cluster member name is longer than 64 characters. |
PRJ-11529, |
Security Gateway |
In a rare scenario, Security gateway may crash while connection is closed while being held. |
PRJ-10408, |
Security Gateway |
In a rare scenario, after upgrading a Security Gateway to R80.20, the LOG_INDEXER process running on the Log server may consume 100% CPU and cause the indexing backlog. |
PRJ-9687, |
Security Gateway |
Traffic may be dropped on DAIP gateway after the gateway IP address is changed or the gateway is rebooted. Refer to sk165176. |
PRJ-8354, |
Security Gateway |
Improved the ICAP client connectivity when using Trickling mode 3 in settings. |
PRJ-8688, |
Security Gateway |
A memory leak may occur in Management/local connection which loop back to the bridge interface. |
PRJ-12235, |
Security Gateway |
In a rare scenario, Security Gateway memory consumption may increase when the Anti-Virus Blade is enabled. |
PRJ-9119, |
Security Gateway |
Connections may be dropped when "keep all connections" is configured during policy installation. Refer to sk166212. |
PRJ-8615, |
Security Gateway |
In some scenarios, the uc_log_suppression_data table may reach its limit and "uc_log_suppression_set_entry: Failed storing log data in log suppression table" error appears in /var/log/messages file. |
PRJ-9050, |
Security Gateway |
Global connections may not be freed correctly when the Gateway acts as a Proxy. |
PRJ-9416 |
Security Gateway |
Added logs for packets that include invalid TCP options. This feature is off by default. |
PRJ-8882, |
Security Gateway |
In a rare scenario, Security gateway may crash when activating a web parsing debug. |
PRJ-8552, |
Logging |
NEW: Log Exporter feature exports log attachment identifiers and adds the ability to fetch them through the Management API command. |
PRJ-9189 |
Logging |
NEW: Added support for viewing MITRE ATT&CK fields. |
PRJ-6024, |
Logging |
When restarting the FWD process on the Log server, the syslogd process (syslog daemon), may unexpectedly exit. |
PRJ-5573, |
Logging |
When a Log Server is configured to parse Syslog messages, the field "User" may be truncated in the parsed log in the Log Details view if the field contains underscore. |
PRJ-5899, |
Logging |
It is not possible to query the "file_name" field on a Log server that does not have the SmartEvent activated. |
PRJ-8495, |
Logging |
In SmartView, when the user exports logs to CSV using the "visible columns" option, the following fields may be missing from the CSV file: Resource, Application Risk, Application Name, and Application Category. |
PRJ-3653, |
Logging |
SmartEvent may not correlate certain Anti-Virus logs. |
PRJ-5649, |
Logging |
In some scenarios, when the user creates a table widget in SmartView, there is no option to add the "hostname" field. Refer to sk162752. |
PRJ-7924, |
Logging |
Following changes in correlation unit settings, new logs may not be read by SmartEvent until the log_indexer process is restarted. |
PRJ-11361, |
Logging |
In a rare scenario, the CPD process on a Security Management Server that manages R77.30 Security Gateway may unexpectedly exit. |
PRJ-4134, |
Logging |
In some scenarios, it may not be possible to filter logs by the field "IKE IDs:" when searching the log files directly. |
PRJ-9315, |
Logging |
Logging view may show results from the wrong day if the server Time Zone is configured to use half/quarter hour deviations from standard time. |
PRJ-8921, |
Logging |
When the user searches logs in the "Logs and Monitor" tab in SmartConsole and applies a filter using the "?" wildcard, incorrect logs may be returned. |
PRJ-9705, |
Logging |
The FWD process may unexpectedly exit if one of the following changes were made using GuiDBEdit:
|
PRJ-4981, |
Logging |
In SmartView, the percentage values in pie charts may add up to 99% or 101%. |
PRJ-11005, |
Logging |
In some scenarios, changes made to Network Objects on the Security Management Server are not reflected in the logs view. Refer to sk166493. |
PRJ-1524, |
Logging |
In some scenarios, Autosuggestion does not complete in SmartConsole's "Logs & Monitor" tab for users who do not have super user privileges. Refer to sk155252. |
PRJ-9192, |
Logging |
After synchronization, MLM / Secondary MDM may have different log policy configuration. Refer to sk165692. |
PRJ-4447, |
Logging |
In SmartView, drilling down from the timeline widget to logs, may show less logs than expected. |
PRJ-6189, PRHF-6325 |
Logging |
Widgets inside SmartView's "Views and Reports" may result in "Query Failed" messages when filtered by the "Log Server Origin" field. |
PRJ-10857, |
Application Control |
NEW: Gateway status will reflect Application Control and URL Filtering updates. |
PRJ-2794, |
IPS |
In some scenarios, the interface name is not displayed correctly in the IPS log. |
PRJ-11303, |
IPS |
In a rare scenario, the fw_full process may unexpectedly exit. |
PRJ-9487, |
IPS |
After an upgrade, policy installation may not update the IPS version on the gateway if the "IPS scheduled update" option was changed before the upgrade. |
PRJ-9448, |
IPS, |
In some scenarios, SmartConsole shows "No license" and "Contract is expired" for IPS Blade in VSX. Refer to sk164917. |
PRJ-10968, |
DLP |
NEW: Reading and sending files from the registry by DLP was optimized. |
PRJ-10847, |
DLP |
DLP stability for some scenarios was improved. |
PRJ-10422, |
DLP |
In a rare scenario, when Security Gateway is configured as proxy, the HTTP traffic may be not scanned by DLP. |
PRJ-5021, |
DLP |
The DLP engine may incorrectly process the file if the file name is missing in the connection header. |
PRJ-9327, |
DLP |
Improved the scanning time of files for some scenarios in SMTP and HTTP/S. |
PRJ-9692, |
DLP |
In some scenarios, DLP prints wrong error message in the log. |
PRJ-9773, |
DLP |
In some scenarios for SMTP, when an internal user sends an email, the DLP logs may show the topology as "external to external" instead of as "internal to internal". |
PRJ-9404, |
HTTPS Inspection |
In some scenarios, wrong certificate is shown by HTTPS Inspection for some websites, including certificates issued by "CloudFlare Inc ECC CA-2". Refer to sk118392. |
PRJ-7995, |
HTTPS Inspection |
WSDNSD memory leak may appear when updatable objects are configured in the policy. Refer to sk165616. |
PRJ-9933, |
HTTPS Inspection |
In some scenarios, when the minimum version of HTTPS Inspection is set to TLS 1.1, some websites may unexpectedly exit. Refer to sk165555. |
PRJ-7422, |
Infrastructure |
In some scenarios, Anti-Bot\Anti-Virus\IPS\Threat Emulation Blade update fails with "Curl error code 56". |
PRJ-9392, |
Identity Awareness |
NEW: Performance improvement in the automatic LDAP group update feature. |
PRJ-9495, |
Identity Awareness |
Policy installation process has been improved. |
PRJ-10223, |
Identity Awareness |
In a rare scenario, there is a memory leak in the IDA daemon pepd. |
PRJ-11613, |
Identity Awareness |
In a rare scenario, a memory leak, related to the Identity Awareness flow, may occur in the kernel. |
PRJ-7506, PRHF-5184 |
Identity Awareness |
When the Identity Awareness Blade is enabled, a memory leak may appear in LDAP sessions. |
PRJ-10385, |
Identity Awareness |
In a rare scenario, identity session groups and access roles may disappear following a policy installation. |
PRJ-6074, |
Identity Awareness |
Machine identity for Terminal Server agent is not identified unless Identity Agent is also enabled on the Security Gateway. |
PRJ-8002, |
Threat Prevention |
Improvements in HTTP chunked encoding inspection. |
PRJ-12395, |
Threat Prevention |
In some scenarios, policy installation fails with "Error code 0-2000111". |
PRJ-8212, |
Anti-Bot |
"Problem has occurred during search <External Log server> Disconnected" error may appear in "Logs & Monitor" tab after creating dummy object for NAT. |
PRJ-7165, |
SSL Inspection |
NEW: Added support for proxy configuration when downloading CRL from a VSX device. Refer to sk151115. |
PRJ-4112, |
SmartEvent |
In SmartEvent policy, adding an exclusion for sensor alert event by event id (e.g. id=20300) causes policy install failure. Refer to sk139854. |
PRJ-7921, |
SmartView |
In the Logs page of the SmartView web application, the "File Name" filter may appear twice in the quick filters pane. |
PRJ-10372, |
SmartView |
In some scenarios, after user imports view/report in SmartView, the imported view/report is not shown in the Catalog. |
PRJ-7723, |
SmartView |
In SmartView, when filtering a view using special characters in the search bar and exporting to Excel, the file may be generated empty. |
PRJ-10118, |
Compliance |
In some scenarios, database import on a single Domain machines where the Compliance Blade is activated fails, and as a result, the FWM process unexpectedly exits after the import. |
PRJ-2213, |
VoIP |
In some scenarios, Cisco VoIP calls are dropped with "SIP Re-Invites exceeded the limit" reject reason. Refer to sk145412. |
PRJ-9955, |
VoIP |
In some scenarios, UA traffic is dropped when packet contains more then 9 UA's. Refer to sk135114. |
PRJ-8010, |
ClusterXL |
In some scenarios, a connectivity issue takes place in ClusterXL environment after a fast "fail over"-"fail back" or a "fail over" on bridge configuration. |
PRJ-1501, |
ClusterXL |
The output of the 'cphaprob routedifcs' command may be missing interfaces. |
PRJ-5865, |
ClusterXL |
SNMP Response for OID .1.3.6.1.4.1.2620.1.5.6 ("haState") is "Active" on all members of ClusterXL High Availability mode. Refer to sk106291. |
PRJ-599, |
SecureXL |
SYN Defender status in CPView sometimes appears as invalid. |
PRJ-10937, |
SecureXL |
Rule that contains dhcpv6 services, does not disable SecureXL Accept Templates. Refer to sk32578. |
PRJ-602, |
SecureXL |
In some scenarios, DOS/Rate Limiting configuration is not applied after reboot if no fw samp policy is configured. |
PRJ-9670, |
SecureXL |
In some scenarios, SecureXL drops the TCP traffic for the particular connection for invalid state reasons. This fix enables the new property per specific gateway. Refer to sk147093. |
PRJ-8760, |
SecureXL |
NEW: Improved performance for multicast traffic after all listeners have been removed for an existing connection. |
PRJ-10619 |
SecureXL |
NEW: Added a new feature to support certain types of asymmetric bridged configurations. |
PRJ-8914, |
SecureXL |
In some scenarios, multicast packets arrive to the Security gateway in order, but leave out-of-order. |
PRJ-8978, |
SecureXL |
When PIM-SM multicast routing transitions from RPT to SPT, packets may be dropped or become out-of-order. |
PRJ-8779, |
SecureXL |
In a rare scenario, DOS/Rate Limiting Logs are not searchable. |
PRJ-6155, |
SecureXL |
In some scenarios, SecureXL causes an issue in the routing of multicast traffic. |
PRJ-7500, |
SecureXL |
In some scenarios, new connection may fail to open if it is reopened with the same source port. Refer to sk164839. |
PRJ-6123, |
SecureXL |
In some scenarios, DOS/Rate Limiting drops too few (or too many) packets for "concurrent-conns" fw samp rules. Refer to sk112454. |
PRJ-8488, |
SecureXL |
In some scenarios, held packets are incorrectly reported to the penalty box. |
PRJ-10233, |
SecureXL |
Policy installation may fail with "Error code 0-2000240" when Drop templates option is enabled. Refer to sk165716. |
PRJ-4175, |
SecureXL |
In some scenarios, there may be a length verification error with SCTP traffic. |
PRJ-7283, |
SecureXL |
Improved TCP state inspection for "Smart Connection Reuse" feature. |
PRJ-9825, |
SecureXL |
In some scenarios, SYN Defender cookie validation may fail. |
PRJ-12022, |
SecureXL |
In some scenarios, ACK, FIN, and RST TCP packets are dropped, causing outages. |
PRJ-11677, |
SecureXL |
MCAST packets may be handled incorrectly when promiscuous (tcpdump) mode is enabled for the interface. |
PRJ-5904, |
SecureXL |
In some scenarios, the penalty box violation rate is configured incorrectly. |
PRJ-3815, |
Routing |
Active VRRP cluster member may not show full accounting information in logs. Refer to sk159432. |
PRJ-12223, |
Routing |
In some scenarios, routed process unexpectedly exits when adding an interface to OSPFv3 with a prefix length above 63 and having two or more areas. |
PRJ-10791, |
Routing |
Although only OSPFv2 with Graceful Restart Helper is configured, the Critical Device OSPF3 Graceful Restart may show the "OSPF3 Graceful Restart PROBLEM Master -> Standby. Waiting for GR" message during the cluster failover. |
PRJ-11545, |
Routing |
In some scenarios, routed unexpectedly exits and traffic is lost after a failover in ClusterXL when BGP and ECMP are enabled. Refer to sk166175. |
PRJ-3617, |
Routing |
In some scenarios, routed unexpectedly exits when receiving an LSA with a checksum value of zero. |
PRJ-11423, |
Routing |
In some scenarios, routed_mon may unexpectedly exit on some CPView queries when OSPF multiple instances are configured. |
PRJ-7613, |
ConnectControl |
|
PRJ-9350, |
Gaia OS |
NEW: Added optimization for 40GbE and 25/100GbE cards configured in multiqueue allowing better transmit performance when Hyper-Threading (SMT) is enabled. |
PRJ-3804, |
Gaia OS |
NEW: Added the ability to configure an IPv6 address for a LOM interface on Smart 1-525/5050/5150 appliances. |
PRJ-11367, |
Gaia OS |
SNMP Trap may not be sent even though a failover occurred. Refer to sk166100. |
PRJ-11295, |
Gaia OS |
In some scenarios, commands that were typed into Clish can be executed later on if the SSH session was uninterruptedly terminated. |
PRJ-445, |
Gaia OS |
The 'show asset all' command may fail with core dump. |
PRJ-11372, |
Gaia OS |
In some scenarios, latency issues may occur in Clish and in the WebUI when using web scanning tools. Refer to sk164153. |
PRJ-472 |
Gaia OS |
The "load configuration" command may not work correctly when the loading configuration file contains SNMP, and interface config commands may not apply the configuration correctly. |
PRJ-501, |
Gaia OS |
The "load configuration" command may not work correctly when trying to add an SNMP user with a hashed password. |
PRJ-12442, |
Gaia OS |
In some scenarios, the xmlUpgradeExec process may unexpectedly exit during Jumbo Hotfix installation. As a result, the configuration file may not be created correctly. Upon login, the following error message may appear: "/etc/appliance_config.xml:1: parser error : Document is empty /etc/appliance_config.xml:1: parser error: Start tag expected, ^^^ not found". |
PRJ-5269, |
Gaia OS |
Any of the following may occur in vSphere on a Management appliance:
|
PRJ-7578, |
Gaia OS |
'#', '=' and '+' characters cannot be used in "Banner" and "Message of the day" features. |
PRJ-8006, |
Gaia OS |
Apache API was updated. |
PRJ-7371, |
Gaia OS |
In some scenarios, the iDRAC (LOM) interface is not pingable. |
PRJ-10397, |
Gaia OS |
In some scenarios, transmit queues may stop, causing packet loss. |
PRJ-8053, |
Gaia OS |
In some scenarios, latency issues may occur in Clish and in the WebUI when using web scanning tools (Qualys). Refer to sk164153. |
PRJ-4878, |
VSX |
Resource Monitor Control may cause segmentation fault when there are more than 64 CPUs. Refer to sk125112. |
PRJ-11280, |
VSX |
In a rare scenario, portals are not reachable after the fwk process unexpectedly exits. |
PRJ-10542, |
VSX |
In the menu of 'vsx_util vsls' #1 (Display current VS Load sharing configuration), the table shows cut names of VSs (original names are longer). |
PRJ-10910, |
VSX |
In VSX cluster with VMAC mode, traffic may not pass through VSX Cluster members if SecureXL is enabled. Refer to sk138894. |
PRJ-5332, |
VPN |
NEW: Added functionality enhancements for the authentication realms that is used with Remote Access VPN. |
PRJ-10270, |
VPN |
NEW: 3DES is disabled by default for HTTPS Inspection, Mobile Access Portal, Identity Awareness Portal, ICA Portal, SmartManagement Portal, SecurePlatform WebUI and Mobile Access curl. |
PRJ-5701, |
VPN |
NEW: Improved policy installation performance when the MAB Blade is enabled with Legacy Policy and Native Application rules. Refer to sk175105. |
PRJ-8114, |
VPN |
"vpn_trap_multik: - wrong header length 36 != 72" message may appear in the vpnd.elg when working with multiple users with the same credentials. |
PRJ-11240, |
VPN |
Added connectivity improvement for VPN over NAT traversal (UDP 4500). Refer to sk155953. |
PRJ-11642, |
VPN |
Added stability improvement for Remote Access VPN. |
PRJ-7013, |
VPN |
Added L2TP Remote Access client connectivity improvements. Refer to Scenario 2 in sk145895. |
PRJ-11913, |
VPN |
In rare scenarios, fwm unexpectedly exits after a 3rd-party certificate is signed. |
PRJ-8262, |
VPN |
Server-to-Server and Client-to-Server VPN may fail when using Wire Mode while SecureXL is enabled. |
PRJ-12177, |
VPN |
Connectivity improvements for Remote Access VPN using Traditional mode. |
PRJ-7853 |
VPN |
Connectivity improvements for Remote Access Endpoint clients that connect without Office Mode IPs. |
PRJ-6718, |
VPN |
In some scenarios, the vpnd process unexpectedly exits on cluster members. |
PRJ-11281, |
VPN |
In a rare scenario, vpnd process unexpectedly exits due to Segmentation fault. |
PRJ-4451, |
VPN |
Improved IKEv2 negotiation flow. |
PRJ-7692, |
VPN |
Improved usability of VPN tunnel monitoring "vpn tu" command. |
PRJ-6089, |
VPN |
In some scenarios, accelerated VPN tunnels routed over PPPoE interface may cause drop of encrypted traffic of some connections. Refer to sk148872. |
PRJ-7857, |
VPN |
In a rare scenario, a VPN memory leak may appear. |
PRJ-6117, |
VPN |
In some scenarios, NAT-D traffic goes out from the first external interface. |
PRJ-4235, |
VoIP |
In some scenarios, H323 connections are dropped after "Virtual session timeout" is configured. Refer to sk156372. |
PRJ-2461, |
VoIP |
In some scenarios, MGCP traffic may be dropped by the Security Gateway with the following message in fw ctl zdebug drop:
|
PRJ-8259, |
Endpoint Security |
In some scenarios, the wrong cipher suite is chosen for RSA certificates in HTTPS portals. Refer to sk164240. |
PRJ-2925, |
Endpoint Security |
Very frequently repeated "update register" requests may cause performance issues. |
PRJ-11814, |
Endpoint Security |
When a user name is updated in SmartEndpoint, the change may result in an unexpected expiration date. Refer to sk165872. |
PRJ-11834, |
Endpoint Security |
An error in FDE preboot users calculation may cause Endpoint to be left in a disconnected state. Refer to sk142313. |
PRJ-11827, |
Endpoint Security |
SmartEndpoint may export a report to Excel in which incorrect distinguished names appear for deleted users/computers. Refer to sk163943. |
PRJ-11823, |
Endpoint Security |
Users/devices may not change their locations in the tree according to Active Directory changes when certain special characters appear in the names. |
PRJ-11818, |
Endpoint Security |
The default paths for offline folders in SmartEndpoint -> Offline group creation wizard may be incorrect. |
PRJ-11831, |
Endpoint Security |
The Endpoint directory scanner may fail to reconnect to the AD if the connection was lost during the scan. |
PRJ-11710, |
Endpoint Security |
In SmartEndpoint, Anti-Malware's "Top Infections" report has an empty infection name. Refer to sk166232. |
PRJ-5185, |
Endpoint Security |
The log description of the "Media Encryption & Port Protection" Blade may state that the "Media Storage" is encrypted even though it is not. The details in the log show the correct value. Refer to sk162812. |
PRJ-7890, |
CloudGuard IaaS |
NEW: Added support for Google Cloud Platform projects with Shared VPC. Refer to sk164139. |
PRJ-5804, |
CloudGuard IaaS |
NEW: Added support for Identity Sharing with CloudGuard for NSX-V. |
PRJ-10866, |
CloudGuard IaaS |
In a rare scenario, the OpenStack Data Center becomes unresponsive, which results in a loss of updates to the Security Gateway. |
PRJ-11897 |
QoS |
In some scenarios, SmartView Monitor shows "No Match" rule on QoS traffic. |
PRJ-9740, |
QoS |
Packets to the broadcast IP address (255.255.255.255) may cause dmesg to fill with "fg_classify_and_offload_all_ifdirs: fglogRulename Failed." messages. |