Take 187 - Ongoing

List of Resolved Issues and New Features

Note - This Take contains all fixes from all earlier Takes.

ID

Product

Description

Take 187

Released on 17 November 2020

PRJ-18356,
PMTR-58781

CPView

In some scenarios, peak values for interfaces are not updated in CPView.

PRJ-14450,
PRHF-11981

CPView

In some scenarios, CPView may unexpectedly exit after upgrade from R80.20 GA.

PRJ-16145,
PMTR-58152

Security Management

NEW:

  1. The "cma_migrate" command will continue working if the SSH connection with the Multi-Domain Server was lost.
  2. If the user presses "Ctrl+C" while cma_migrate is running, the user will be asked whether to stop cma_migrate or to continue.

PRJ-15499,
PMTR-56638

Security Management

NEW: The $MDS_FWDIR/scripts/cpm_status.sh script will show if the CPM process fails to start.

PRJ-15565,
PRHF-12170

Security Management

NEW: In some scenarios, modifying or deleting objects in bulk may cause slowness in SmartConsole responses and long duration of operations. Ability to improve performance in such cases was added. Refer to sk135972.

PRJ-14490,
SMCUPG-1384

Security Management

In some scenarios, migrating two different Security Management Servers to domains in the same Multi-Domain Management Server fails.

PRJ-14523,
PRJ-13319

Security Management

Upgrade from R80.10 may take many hours when there are hundreds or more Administrators and dozens or more Permission Profiles defined.

PRJ-16197,
PRHF-9260

Security Management

When running the "show-access-rulebase" API command with filter, and the selected layer is an inline layer, rules of the inline layer are not returned even though they match the search criteria.

PRJ-15495,
PMTR-57275

Security Management

$MDS_FWDIR/scripts/solr_start.sh script may fail to start Solr Cure if sk123417 is applied.

PRJ-11702,
PRHF-9017

Security Management

The Purge Revisions operation may not clean deleted objects of previous revisions.

PRJ-13611,
PRHF-11300

Security Management

In rare scenarios, the "where-used" API command fails with "Management server failed to execute command" error.

PRJ-17041,
PMTR-59394

Security Management

In rare scenarios, some objects may be locked and not available for editing. Refer to sk169772.

PRJ-15417,
PMTR-48628

Security Management

In some scenarios, Read-Only sessions appear twice in the Sessions view.

PRJ-17073,
PRJ-13851

Security Management

In some scenarios, the Security Management Server's startup takes a very long time after editing or deleting many Administrators.

PRJ-16367,
PRHF-12594

Security Management

When logging into SmartConsole directly to a Domain using RADIUS or TACACS, the Authentication method in the audit log may show as "Internal Password". Refer to sk168716.

PRJ-18045,
PRHF-13462

Security Management

In rare scenarios, a Management server may become inaccessible and requires a reboot. Refer to sk170634.

PRJ-13725,
PMTR-55574

Multi-Domain Management

NEW:

  • Global object deletion will be blocked if used in Domains on the Multi Domain Server.
  • The "Unused Objects" filter in the Global Domain will show objects only if not used by all of the Domains on the Multi-Domain Server.

PRJ-16425,
PMTR-58559

Multi-Domain Management

Management HA incremental synchronization may break on the MDS level with "failed to import data" error message due to an operation related to the Compliance Blade.

PRJ-17305,
PMTR-59799

Multi-Domain Management

In rare scenarios, the FWM process may unexpectedly exit and fail the Multi-Domain Management server upgrade.

PRJ-16436,
PRHF-12236

Multi-Domain Management

After upgrading a Multi-Domain Management Server, the object version of the Domain Management Servers or Domain Log Servers in the MDS SmartConsole may not have changed.

PRJ-13794,
PMTR-43231

Multi-Domain Management

In a Multi-Domain Server, domain-related processes may not start when the user runs "evstop" and then "evstart".

PRJ-13474,
PRHF-11299

Multi-Domain Management

Domain Servers may disappear from Multi-Domain view after running the Solr Cure utility.

PRJ-18683,
PRJ-18682

Multi-Domain Management

In some scenarios, domain import to a Multi-Domain Management Server may fail.

PRJ-17236,
PMTR-59666

Multi-Domain Management

On Multi-Domain environments with multiple Multi-Domain servers connected in HA, operations such as "Log in" and "Reassign Global Domain" may fail due to high load on FWM process.

PRJ-7431,
PRHF-7241

Multi-Domain Management

In rare scenarios, reassigning the Global Policy on a specific domain fails with "An internal error has occurred". Refer to sk163938.

PRJ-17068,
PMTR-59232

Multi-Domain Management

In some scenarios, Domain appears in the System Domain without any Domain Servers.

PRJ-16641,
PMTR-58309

Multi-Domain Management

In some scenarios, Domain Management Server is shown in System Domain under Domains View even though it was deleted.

PRJ-13904,
PMTR-54935

SmartConsole

In some scenarios, when working with older applications like SmartView or SmartProvisioning, the admin count in SmartConsole presents an incorrect number of connected admins.

PRJ-13454,
PRHF-10952

SmartConsole

In some scenarios, Management API commands with "details-level":"full" Payload return a truncated output and fail to complete. Refer to sk170414.

PRJ-12853,
PRHF-10453

SmartConsole

Hit count data may not be deleted automatically.

PRJ-17130,
PRHF-13005

SmartConsole

When scrolling or clicking a rule, some inline layer rules may open unexpectedly.

PRJ-16704,
PRHF-12819

SmartConsole

Enabling Threat Prevention policy may fail with validation errors when the policy's targets include cluster members running a version lower than R80.10.

PRJ-16060,
PRHF-12395

SmartConsole

In some scenarios, certain Gateways do not appear in the IPS Core protections list. Refer to sk168474.

PRJ-17878,
PMTR-60559

SmartConsole

In Global Properties under Stateful Inspection tab, the "TCP end timeout (R80.20 and higher gateways)" option does not support values higher than 60 seconds.

  • Requires R80.20 SmartConsole Build 119 (or higher).

PRJ-15816,
PRHF-12352

SmartConsole

In some scenarios, Management API does not start automatically after restart, although automatic start is enabled. Refer to sk168332.

PRJ-18039,
PMTR-60761

SmartConsole

In some scenarios, after a successful IPS update, the new IPS version does not appear under 'switch version' window.

PRJ-17412,
PRHF-13223

SmartConsole

When removing an object from a group using the "groups" field of the object's module in the Ansible collection, the group will not be changed and Ansible will show that no changes are needed.

PRJ-18330,
PMTR-58703

SmartConsole

Exception group may be incorrectly deleted in the following scenarios:

  1. "Apply On" in exception group is changed from "Automatically attached to each rule with profile" to "Automatically attached to all rules".
  2. A profile that was attached to the exception group, is deleted.
  3. The group is removed from the exception groups list, however it remains in the Threat Prevention rulebase.

PRJ-17007,
PMTR-48331

SmartConsole

When using SmartConsole CLI, the application may unexpectedly terminate if the input has quotation marks that are not closed.

PRJ-16466,
PRHF-11438

SmartConsole

Update corporate Gateway procedure takes a long time and may cause login issues and general slowness in the Provisioning GUI.

PRJ-15833,
PMTR-39061

SmartProvisioning

In some scenarios, when the user installs policy on R77.30 Central Office Security Gateway from Management version R80 and higher, VPN tunnels may be dropped for LSM Gateways.

PRJ-14355,
SL-4323

SmartView

In SmartView, when the user sends a generated report via email in a language with non-standard English letters (Accented, Cyrillic, Chinese, Japanese, etc), some of the text may appear as question marks (?).

PRJ-16888,
PMTR-59093

SmartView

In SmartView, after adding a new page to a report, the preview page appears to have no data although it has (this data appears in the Edit Mode).

PRJ-17013,
PMTR-59317

Logging

NEW: Added ability to filter Threat Prevention and Endpoint logs by file size on a Log server machine via Logs & Monitor view in SmartConsole.

PRJ-13348,
PMTR-54708

Logging

In some scenarios, when the user configures the log exporter filter with the "cp_log_export" command (action, origin, product), the filter is not configured properly according to the used format.

PRJ-490,
SL-1896

Logging

In SmartConsole logs tab, filtering logs by the field "Method" may return empty results when using the values PROPFIND, CCM_POST or PATCH.

PRJ-5135,
PRHF-9424

Security Gateway

NEW: Added performance optimization for the time object matching on the VSX environment.

PRJ-17010,
PMTR-55179

Security Gateway

In some scenarios, the "CGsoapSessions::AuthenticateSession failed, session is not authenticated" message may appear in mds.elg or fwm.elg file.

PRJ-13587,
PRHF-11311

Security Gateway

In a rare scenario, Security Gateway may crash during policy installation.

PRJ-16156,
PMTR-58124

Security Gateway

In a rare scenario, Security Gateway may crash after policy installation.

PRJ-13886,
PRHF-9759

Security Gateway

An interface name with more than 15 characters may cause the policy installation to fail. Refer to sk167955.

PRJ-17310,
PMTR-59182

Security Gateway

In rare scenarios, Security Gateway memory consumption may increase.

PRJ-15599,
PRJ-13567

Security Gateway

In some scenarios, policy installation fails with "Error code 0-2000121".

PRJ-11291,
PRHF-8491

Security Gateway

Unused OIDs may appear in SNMP MIB file.

PRJ-15846,
PMTR-57739

Security Gateway

SXL drop due to routing configuration when using security zone on bridge (layer2).

PRJ-14070,
AVIR-1090

Security Gateway

In rare scenarios, Security Gateway may crash due to memory allocation failure.

PRJ-17957,
PMTR-60574

Security Gateway

In some scenarios, policy installation fails with "Error code 0-2000077".

PRJ-16086,
PRHF-12224

Security Gateway

In rare scenarios, a memory leak may appear on Security Gateway in gconn table.

PRJ-19062

Security Gateway

In rare scenarios, Security Gateway memory consumption may increase.

PRJ-16663,
PRHF-12727

Security Gateway

Security Gateway running in USFW mode (User-Mode Firewall) may crash with fwk core dump. Refer to sk169119.

PRJ-13693,
PMTR-55510

Security Gateway

Proxy arp change is applied only after the second policy installation.

PRJ-13259,
PRHF-9930

Security Gateway

In a rare scenario, traffic is dropped with the "[ERROR]: up_handle_get_matched_service_clob: no clob list on handle for type SERVICE;" error in dmesg.

PRJ-18423,
MPTT-2224

Internal CA

In a rare scenario, some emails with links are cached due to timeout failure.

PRJ-872,
PRHF-1162

Internal CA

In some scenarios, manual edit of user's certificate expiration period does not take effect. Refer to sk143292.

PRJ-15579,
PRHF-9645

Application Control

In some scenarios, deprecated applications are not removed/replaced during an upgrade from R77.30 to R80.x. Refer to sk131372.

PRJ-1454,
PRHF-3790

Anti-Virus

In rare scenarios, Security Gateway crashes during CIFS traffic when CIFS feature is enabled for Anti-Virus or Threat Extraction (see sk101606).

PRJ-16953,
PRJ-16952

Anti-Malware

In some scenarios, a file with HTTP chunked encoding is drooped if there is a Fail-Close configuration on the Anti-Virus Blade. Refer to sk169312.

PRJ-8612,
NSS-2348

Anti-Malware

In some scenarios, dmesg may show many "rad_client id 6 is not register" errors.

PRJ-17649,
PMTR-44711

Identity Awareness

In some scenarios, user cannot authenticate to Captive Portal as a Guest User.

PRJ-6862,
PRHF-2081

Identity Awareness

In some scenarios, the user cannot connect to the AD server when the account is set to "never expires" on Microsoft Active Directory. Refer to sk143672

PRJ-12452,
PMTR-52404

Identity Awareness

In a rare scenario, a standby cluster member receives updates from identity sources and creates a mismatch in the PDP tables.

PRJ-18839,
PRHF-13322

SSL Inspection

In rare scenarios, a memory leak may occur during policy installation.

PRJ-17197,
PMTR-59565

HTTPS Inspection

In a rare scenario, a connection remains open after it is closed by the server, and the web browser may load a page for a long time.

PRJ-15974,
PMTR-57915

UserCheck

In some scenarios, the UserCheck daemon usrchkd may unexpectedly exit.

PRJ-17637,
PRHF-12934

UserCheck

In some scenarios, UserCheck agent notifications may be blocked.

PRJ-18190,
PRHF-11733

IPS

NEW: Added ability to send connection log per application match for ATM transactions identification. The functionality is disabled by default and can be enabled by using the "up_duplicate_connection_log_on_packet_matched_app_enabled" kernel parameter.

PRJ-9123,
PMTR-47855

IPS

In some scenarios, Threat Prevention policy installation may fail when the Threat Prevention profile performance impact is configured to "Very Low".

PRJ-16104,
PRHF-12463

URL Filtering

In some scenarios, there may be sporadic connectivity issues in the Anti-Malware/URLF service (RAD).

PRJ-16996,
PRJ-16965

Mobile Access

Mobile Access portal may become unresponsive after Jumbo Hotfix uninstallation. Refer to sk169152.

PRJ-13844,
PMTR-42541

Mobile Access

Browser based applications cannot be opened in MAB portal.

PRJ-2922,
PRHF-4457

SecureXL

In a rare scenario, the Security Gateway may crash when deleting certain non-TCP connections.

PRJ-9562,
PRHF-9919

SecureXL

In a rare scenario, Security gateway may crash when the Drop Template feature is enabled.

PRJ-17827,
PRHF-13029

SecureXL

In some scenarios, CPView may show incorrect statistics for VPN encrypted/decrypted packets.

PRJ-15390,
PRHF-11950

Routing

A TCP connection between cluster master and slave may flap on OSPF attempt to delete a non-Max-Aage LSA.

PRJ-18023,
PRHF-13480

Routing

SNMP queries for bgpPeerFsmEstablishedTime return an incorrect constant value. Refer to sk170074.

PRJ-17853,
PRHF-13388

Routing

In rare scenarios involving large AS paths, there may be a loss of BGP adjacency. Refer to sk170876.

PRJ-16577,
SPC-3089

Routing

In some scenarios, the routed daemon may unexpectedly exit with BGP.

PRJ-17711,
ROUT-954

Routing

Security Gateway may stop forwarding the Multicast stream when PIM is configured on it. Refer to sk169774.

PRJ-15319,
PMTR-48973

VPN

In some scenarios, using LS/HA mode on a VPN tunnel may cause packets to be dropped. Refer to sk160612.

PRJ-17629,
PMTR-42363

VPN

The vpnd process may unexpectedly exit when the user runs the "vpn tu" command.

PRJ-15619,
PMTR-57459

VPN

Access Roles with MAB SNX as the client type may not work.

PRJ-16208,
VPNRA-469

VPN

Stability improvement for Remote Access VPN.

PRJ-16719,
PMTR-57565

VPN

Remote Access potential connectivity issue when there are more than 1 external interfaces.

PRJ-17774,
PRJ-17706

VPN

The VPND may unexpectedly exit during IKEv2 negotiation.

PRJ-16863,
PMTR-55844

VPN

Software Blade name inconsistency between login and logout logs of an SNX client.

PRJ-873,
PRHF-2155

VPN

Connectivity problem in Remote Access VPN when aggressive SLP is enabled. Refer to sk148273.

PRJ-14209,
PRHF-1490

VPN

The vpnd process may unexpectedly exit and a "CvpnUMD process crashed" error is printed into /var/log/messages. Refer to sk160735.

PRJ-15835,
PMTR-40895

VPN

When a Gateway does not recognize the SPI, it sometimes sends the "Invalid SPI" notification in clear. As a result, the peer may ignore it, resulting in an outage.

PRJ-11050,
PRHF-7972

VPN

Improved NAT Detection with 3rd party peers in IKEv1 and IKEv2. Refer to sk165003.

PRJ-10951,
PRHF-8923

VPN

In some scenarios, VPN tunnel connection is dropped with "no MSA for MSPI" error. Refer to sk167393.

PRJ-12769,
PRHF-10314

VPN

In some scenarios, RADIUS authentication may take more than five minutes to be fulfilled with Endpoint Clients, reaching connection timeout on the Gateway side.

PRJ-10032,
CRYPTOIS-661

VPN

In some scenarios, Security Gateway Portals and Remote Access VPN clients show wrong certificate after certificate renewal. Refer to sk131212.

PRJ-17025,
PRHF-5394

VPN

The VPND process cannot stop listening on port 264.

PRJ-18531,
PMTR-61276

VPN

In rare scenarios, when a Wire-Mode is configured on a community, it may cause a Security gateway from another community not to accelerate connections in SecureXL.

PRJ-11044,
ACCL-417

Gaia OS

UPDATE: CPView Network -> Top-Protocols and Network -> Top-Connections tabs were added back. Refer to sk167903.

PRJ-16669,
PMTR-53960

Gaia OS

UPDATE: CPView Network -> Top-Protocols and Network -> Top-Protocols tabs was added back. Refer to sk167903.

PRJ-15592,
PRJ-13625,
PRHF-11367

Gaia OS

The "show configuration" Clish command may show 'Exported by admin' instead of the correct user name.

PRJ-14457,
PRJ-11859,
PRHF-9702

Gaia OS

It is not allowed to create usernames with reserved words, such as 'eval', 'apply' etc., in the middle of the username in WebUI. Refer to sk170681.

PRJ-13940,
PRHF-11368

Gaia OS

In some scenarios, when the RADIUS user enables bash logging (as per sk99134) and moves to Expert mode, the username in the log files appears as admin instead of RADIUS.

PRJ-15463,
PMTR-56502

Gaia OS

"show asset" command shows the Network card model CPAC-4-1C instead of CPAC-4-1C-L.

PRJ-15612,
PRJ-11968,
PRHF-9336

Gaia OS

The confd process may unexpectedly exit when the user runs the "show/set/add interface" long command. Refer to sk167635.

PRJ-11992,
PRHF-10312

Gaia OS

In rare scenarios, a snapshot creation may fail.

PRJ-6170,
PRJ-16475,
PRHF-6118

Gaia OS

In some scenarios, the monitord process may consume high CPU. Refer to sk163614.

PRJ-16077,
PMTR-57581

Gaia OS

In some scenarios, when the user tries to return to the factory default, the machine reverts to a different snapshot.

PRJ-9117,
PRHF-4435

Gaia OS

In some scenarios, SNMP fails to report disk utilization.

PRJ-10080,
PMTR-50675

Gaia OS

When enlarging the partition via lvm_manager from a small partition to a larger partition, the user may reach an internal filesystem settings limit. As a result, some filesystem monitoring commands unexpectedly exit. Refer to sk165258.

PRJ-12860,
PMTR-51379

Gaia OS

Creating LOM users for Smart-1 525/625/5050/5150 appliances may fail if the username length is shorter then 4 characters.

PRJ-12740,
PMTR-51157

Gaia OS

Restore backup may fail due to unmatched upgrade tools.

PRJ-14312,
PRHF-11752

Gaia OS

In rare scenarios, gateway uptime in SmartConsole may show an abnormally high number. Refer to sk167937.

PRJ-16258,
PRJ-4868,
PRHF-5016

Gaia OS

A Timestamp in Unix/Epoch time may not be updated when the user changes a password using hash.

PRJ-16267,
PRHF-12508

VSX

Latency and/or packet loss may occur for traffic which passes through a Virtual Switch in a VSX Gateway. Refer to sk168592.

PRJ-17297,
PMTR-59775

VSX

Connections distribution may get unbalanced on VSX environment. Refer to sk169352.

PRJ-18104,
PRHF-13218

VSX

In rare scenarios, dynamic objects database may be cloned between Virtual Systems. Refer to sk169514.

PRJ-16529,
PMTR-43791

CloudGuard IaaS

NEW: Improved CloudGuard Controller logging options.

PRJ-16252,
PRHF-12538

CloudGuard IaaS

Scanning of GCP Data Center may fail when instance does not have disks.

PRJ-9401,
STRM-152

QoS

In some scenarios, QoS Policy installation fails with the following message: "Error - QoS Policy does not apply to any network interface. Please edit your Network Object and check the interfaces you wish to install on" when policy is defined properly on the interface.

PRJ-16598,
PRHF-12083

Endpoint Security

In some scenarios, Policy server stops syncing with the Endpoint Security Server. Refer to sk168912.

PRJ-15857,
PRHF-7446

Endpoint Security

An exception may be displayed in SmartEndpoint when uploading an offline group software deployment package. Refer to sk165852.

PRJ-16285,
PMTR-58322

VoIP

NEW: Added support for HopCount field in H323 protocol. Refer to sk169513.