Take 187 - Ongoing

In some scenarios, CPView may unexpectedly exit after upgrade from R80.20 GA.

NEW: The $MDS_FWDIR/scripts/cpm_status.sh script will show if the CPM process fails to start.

In some scenarios, migrating two different Security Management Servers to domains in the same Multi-Domain Management Server fails.

When running the "show-access-rulebase" API command with filter, and the selected layer is an inline layer, rules of the inline layer are not returned even though they match the search criteria.

The Purge Revisions operation may not clean deleted objects of previous revisions.

In rare scenarios, some objects may be locked and not available for editing. Refer to sk169772.

In some scenarios, the Security Management Server's startup takes a very long time after editing or deleting many Administrators.

In rare scenarios, a Management server may become inaccessible and requires a reboot. Refer to sk170634.

Management HA incremental synchronization may break on the MDS level with "failed to import data" error message due to an operation related to the Compliance Blade.

After upgrading a Multi-Domain Management Server, the object version of the Domain Management Servers or Domain Log Servers in the MDS SmartConsole may not have changed.

Domain Servers may disappear from Multi-Domain view after running the Solr Cure utility.

On Multi-Domain environments with multiple Multi-Domain servers connected in HA, operations such as "Log in" and "Reassign Global Domain" may fail due to high load on FWM process.

In some scenarios, Domain appears in the System Domain without any Domain Servers.

In some scenarios, when working with older applications like SmartView or SmartProvisioning, the admin count in SmartConsole presents an incorrect number of connected admins.

Hit count data may not be deleted automatically.

Enabling Threat Prevention policy may fail with validation errors when the policy's targets include cluster members running a version lower than R80.10.

In Global Properties under Stateful Inspection tab, the "TCP end timeout (R80.20 and higher gateways)" option does not support values higher than 60 seconds.

• Requires R80.20 SmartConsole Build 119 (or higher).

In some scenarios, after a successful IPS update, the new IPS version does not appear under 'switch version' window.

Exception group may be incorrectly deleted in the following scenarios:

1. "Apply On" in exception group is changed from "Automatically attached to each rule with profile" to "Automatically attached to all rules".
2. A profile that was attached to the exception group, is deleted.
3. The group is removed from the exception groups list, however it remains in the Threat Prevention rulebase.

Update corporate Gateway procedure takes a long time and may cause login issues and general slowness in the Provisioning GUI.

In SmartView, when the user sends a generated report via email in a language with non-standard English letters (Accented, Cyrillic, Chinese, Japanese, etc), some of the text may appear as question marks (?).

NEW: Added ability to filter Threat Prevention and Endpoint logs by file size on a Log server machine via Logs & Monitor view in SmartConsole.

In SmartConsole logs tab, filtering logs by the field "Method" may return empty results when using the values PROPFIND, CCM_POST or PATCH.

In some scenarios, the "CGsoapSessions::AuthenticateSession failed, session is not authenticated" message may appear in mds.elg or fwm.elg file.

In a rare scenario, Security Gateway may crash after policy installation.

In rare scenarios, Security Gateway memory consumption may increase.

Unused OIDs may appear in SNMP MIB file.

In rare scenarios, Security Gateway may crash due to memory allocation failure.

In rare scenarios, a memory leak may appear on Security Gateway in gconn table.

Security Gateway running in USFW mode (User-Mode Firewall) may crash with fwk core dump. Refer to sk169119.

In a rare scenario, traffic is dropped with the "[ERROR]: up_handle_get_matched_service_clob: no clob list on handle for type SERVICE;" error in dmesg.

In some scenarios, manual edit of user's certificate expiration period does not take effect. Refer to sk143292.

In rare scenarios, Security Gateway crashes during CIFS traffic when CIFS feature is enabled for Anti-Virus or Threat Extraction (see sk101606).

In some scenarios, dmesg may show many "rad_client id 6 is not register" errors.

In some scenarios, the user cannot connect to the AD server when the account is set to "never expires" on Microsoft Active Directory. Refer to sk143672

In rare scenarios, a memory leak may occur during policy installation.

In some scenarios, the UserCheck daemon usrchkd may unexpectedly exit.

NEW: Added ability to send connection log per application match for ATM transactions identification. The functionality is disabled by default and can be enabled by using the "up_duplicate_connection_log_on_packet_matched_app_enabled" kernel parameter.

In some scenarios, there may be sporadic connectivity issues in the Anti-Malware/URLF service (RAD).

Browser based applications cannot be opened in MAB portal.

In a rare scenario, Security gateway may crash when the Drop Template feature is enabled.

A TCP connection between cluster master and subordinate may flap on OSPF attempt to delete a non-Max-Aage LSA.

In rare scenarios involving large AS paths, there may be a loss of BGP adjacency. Refer to sk170876.

Security Gateway may stop forwarding the Multicast stream when PIM is configured on it. Refer to sk169774.

The vpnd process may unexpectedly exit when the user runs the "vpn tu" command.

Stability improvement for Remote Access VPN.

The VPND may unexpectedly exit during IKEv2 negotiation.

Connectivity problem in Remote Access VPN when aggressive SLP is enabled. Refer to sk148273.

When a Gateway does not recognize the SPI, it sometimes sends the "Invalid SPI" notification in clear. As a result, the peer may ignore it, resulting in an outage.

In some scenarios, VPN tunnel connection is dropped with "no MSA for MSPI" error. Refer to sk167393.

In some scenarios, Security Gateway Portals and Remote Access VPN clients show wrong certificate after certificate renewal. Refer to sk131212.

In rare scenarios, when a Wire-Mode is configured on a community, it may cause a Security gateway from another community not to accelerate connections in SecureXL.

UPDATE: CPView Network -> Top-Protocols and Network -> Top-Protocols tabs was added back. Refer to sk167903.

It is not allowed to create usernames with reserved words, such as 'eval', 'apply' etc., in the middle of the username in WebUI. Refer to sk170681.

"show asset" command shows the Network card model CPAC-4-1C instead of CPAC-4-1C-L.

In rare scenarios, a snapshot creation may fail.

In some scenarios, when the user tries to return to the factory default, the machine reverts to a different snapshot.

When enlarging the partition via lvm_manager from a small partition to a larger partition, the user may reach an internal filesystem settings limit. As a result, some filesystem monitoring commands unexpectedly exit. Refer to sk165258.

Restore backup may fail due to unmatched upgrade tools.

A Timestamp in Unix/Epoch time may not be updated when the user changes a password using hash.

Connections distribution may get unbalanced on VSX environment. Refer to sk169352.

NEW: Improved CloudGuard Controller logging options.

In some scenarios, QoS Policy installation fails with the following message: "Error - QoS Policy does not apply to any network interface. Please edit your Network Object and check the interfaces you wish to install on" when policy is defined properly on the interface.

An exception may be displayed in SmartEndpoint when uploading an offline group software deployment package. Refer to sk165852.