Take 183 - General Availability
List of Resolved Issues and New Features
|
Note - This Take contains all fixes from all earlier Takes. |
ID |
Product |
Description |
---|---|---|
Take 183 Released on 3 September 2020 and declared as General Availability on 11 October 2020 |
||
PRJ-14373, |
Diagnostics |
Missing information in total throughput/inbound/outbound packets in CPView history's Network view. |
PRJ-13960, |
Security Management |
NEW: Added the ability to purge revisions automatically based on user configuration. Refer to Automatic Purge Documentation. |
PRJ-14643, |
Security Management |
NEW: Solr server process is restarted automatically if it is not responsive for a long time. |
- |
Security Management |
Policy installation from Multi-Domain or Security Management server to R77.30 Security Gateway fails when using R80.20 Management with Jumbo Hotfix Take 173. Refer to sk169259. |
PRJ-12373, |
Security Management |
Policy Presets may disappear from view after the user runs the Solr Cure utility. Refer to sk167455. |
PRJ-14295, |
Security Management |
In rare scenarios, High Availability sync fails with "Ngm failed to import data" error after the user deletes a Permission Role. |
PRJ-13917, |
Security Management |
In some scenarios, exporting the Security Management Server in order to migrate it to Domain in Multi-Domain Environment, fails. |
PRJ-13461, |
Security Management |
In rare scenarios, Install Policy Presets are not triggered. |
PRJ-15608, |
Multi-Domain Management |
NEW: Added ability to run Management REST API on a Multi-Domain Log Server. |
PRJ-15414, |
Multi-Domain Management |
In Multi-Domain environments with High Availability, if the Management Server is stopped while there's a Purge Revisions operations in progress, the server may fail to start again. Refer to sk168175. |
PRJ-15457, |
Multi-Domain Management |
Policy Installation may fail due to an internal error in an MDS environment where there is a Global Dynamic object usage inside Networks Groups with a depth that is higher than 2-level (group inside a group). |
PRJ-14759, |
Multi-Domain Management |
In some scenarios, migrating a Domain between different Multi-Domain Management servers fails if a previous migration of the same Domain failed. |
PRJ-14453, |
Multi-Domain Management |
Policies may disappear from the Global Domain Assignments view after running the Solr Cure utility. Refer to sk168060. |
PRJ-15370, |
SmartConsole |
The user may not be able to delete objects that are referenced by a previously deleted policy. Refer to sk122954. |
PRJ-14174, |
SmartConsole |
In some scenarios, a validation warning may appear on an updatable object with the following message: "Object is no longer supported. Enforcing security for this object is not possible." However, the object is still available in the updatable objects picker. |
PRJ-13898, |
SmartConsole |
Audit log is not shown in SmartConsole's Logs & Monitor View for the login action through API when the "-r" flag is set to true (login as root). |
PRJ-14292, |
SmartConsole |
If there are thousands (or more) of unused objects, the "show unused-objects" API command and the Unused Objects view may load and work very slowly. Also, the load on the Management server will increase, causing general slowness when working with SmartConsole. |
PRJ-12703, |
SmartView |
The SmartView Timeline may be distorted when logs contain an empty value for the field specified in the "Series" settings and when the Legend is enabled. Refer to sk167095. |
PRJ-14360, |
SmartView |
In SmartView, the icon is missing from the cover page of Compliance and Content Awareness PDF reports. |
PRJ-14530, |
SmartView |
In some scenarios, when attempting to download a DLP attachment from the log card in SmartView, the download does not start. |
PRJ-12091, |
Logging |
NEW:
|
PRJ-13560, |
Logging |
In rare scenarios, the evstop script does not stop all logging processes. As a result, upgrade procedures may hang and show no progress. |
PRJ-14047, |
Logging |
In some scenarios, the command "cp_log_export status" prints "last log read at: N/A" rather then a timestamp. |
PRJ-14367, |
Security Gateway |
UPDATE: Reduced CPU usage in some configurations by parsing TLS traffic only when required by the policy. Refer to sk166700 for more information. |
PRJ-14630, |
Security Gateway |
In rare scenarios, Security Gateway memory consumption may increase. |
PRJ-9847, |
Security Gateway |
In some scenarios, SCCP traffic may be dropped by the Security Gateway. Refer to sk108124. |
PRJ-12945, |
Security Gateway |
After policy installation, the output of the "cphaprob stat" command may show 'HA module not started' when a large number of non-monitored Cluster interfaces are configured in SmartConsole.
|
PRJ-14214, |
Security Gateway |
In a rare scenario, the Security gateway may crash if the rulebase contains a logical server object. |
PRJ-13379, |
Security Gateway |
In some scenarios, Security gateway generates an ICMP error with wrong IP address. Refer to sk167953. |
PRJ-15686, |
HTTPS Inspection |
In some scenarios, web traffic may be blocked with "Content Awareness - Error: Internal system error (1000)" error log. |
PRJ-7758, |
SSL Inspection |
DynamicID authentication may fail due to server certificate validation failure. Refer to sk167177. |
PRJ-16487, |
IPS |
In some scenarios, invalid characters are sent to gw-stat report. |
PRJ-12563, |
Identity Awareness |
PDP process may consume high CPU during policy installation because of a large amount of Access Roles. |
PRJ-13513, |
Identity Awareness |
In some scenarios, a XFF allowed proxy list is enforced only for instance 0 in VSLS environment after VS has transitioned from Backup to Active. |
PRJ-11194, |
ClusterXL |
In some scenarios, "fw ctl affinity" and "sim affinity" commands show wrong IRQ numbers. Refer to sk166356. |
PRJ-14609, |
SecureXL |
UPDATE: Added a global variable that enables log for packets that include unapproved IP option. This variable is off by default. |
PRJ-13412, |
SecureXL |
DECnet DIGITAL Network Architecture (Phase IV) traffic may be dropped. Refer to sk167202. |
PRJ-14517, |
SecureXL |
In a rare scenario, a VSX gateway with Virtual Switch may crash. |
PRJ-13760, |
SecureXL |
Security Gateway may crash when concurrent connection rules exist in the DOS/Rate limiting policy and the Application Control Blade is enabled. |
PRJ-15899, |
SecureXL |
An asymmetric routing issue may occur between a Virtual System and a Virtual Switch/Router. |
PRJ-13924, |
Routing |
UPDATE: Increased the configuration limits of the BFD timers for detect multiplier, minimum RX interval, and minimum TX interval to 255, 255000, and 255000, respectively. |
PRJ-5817, |
Routing |
BGP connection may fail to establish when there are multiple peer groups with the same AS number in iBGP configurations. |
PRJ-14432, |
Gaia OS |
NEW: Added support for CPAC-4-10-AB cards. |
PRJ-14410, |
Gaia OS |
In some scenarios, the snapshot creation fails because of compression errors. |
PRJ-13153 |
Gaia OS |
In some scenarios, a snapshot creation may fail. |
PRJ-10799 |
Gaia OS |
In some scenarios, due to backup compression errors, restoring a backup does not restore all files. |
PRJ-15989, |
VPN |
Starting from R80.20 Jumbo Hotfix Take 156, clients that do not support MFA (such as Mac OS and iOS) cannot connect as Remote Access clients if MFA is enabled. Refer to sk168493. |
PRJ-14404, |
VPN |
Connectivity improvements for Remote Access VPN with L2TP. |
PRJ-15328, |
VPN |
In some scenarios, Remote Access VPN traffic may be dropped when XFF is enabled. |
PRJ-14573, |
VPN |
IP compression may not work in some scenarios when IKEv2 is configured. |
PRJ-14241, |
VPN |
VPN traffic may be dropped when working with peer behind NAT - Hide NAT with Port Translation. |
PRJ-16017, |
CloudGuard IaaS |
In some scenarios, CloudGuard Controller may lose connection to GCP projects. Refer to sk168499. |
PRJ-12183, |
CloudGuard IaaS |
CloudGuard Controller may sometimes update the Standby cluster member in VSLS mode. |
PRJ-14149, |
Endpoint Security |
In some scenarios, no audit logs are shown regarding object changes in SmartEndpoint virtual groups and FDE pre-boot users. Refer to sk167907. |
PRJ-14132, |
Endpoint Security |
In some scenarios, the user cannot get an FDE Offline Management File (cpomf) for an offline group in SmartEndpoint if this group or a directory in its path has special characters \ _ %. |