Take 190 - General Availability
List of Resolved Issues and New Features
|
Note - This Take contains all fixes from all earlier Takes. |
ID |
Product |
Description |
---|---|---|
Take 190 Released on 28 February 2021 and declared as General Availability on 12 April 2021 |
||
PRJ-7662, |
CPview |
CPview may show partial information, if there are more than 256 interfaces configured on the system. |
PRJ-18836, |
Security Management |
NEW: Improved FWM process performance during Security policy or database installation. |
PRJ-19949, |
Security Management |
NEW: Added new Management HA utility to schedule automatic full syncs to peers that failed to be synchronized incrementally. |
PRJ-20070, |
Security Management |
NEW: Optimized the Solr build time to improve performance in the following operations:
|
PRJ-19998, |
Security Management |
UPDATE: Added improvements in policy load process, to reduce the policy installation time when having large amount of objects. |
PRJ-19698, |
Security Management |
UPDATE: If a Management HA synchronization stalls (displaying "Peer is busy"), it will be released within 2 hours instead of 24 hours. |
PRJ-20029, |
Security Management |
UPDATE: When purging revisions, task notifications will also be purged if created before the last revision to purge was published. |
PRJ-21589, |
Security Management |
Although the Access Settings of the Management API is set to "All IP addresses", the API server does not accept requests from any IP address unless the IP is defined explicitly as a Trusted Client. |
PRJ-20885, |
Security Management |
In some scenarios, when connecting to an existing session in SmartConsole from a different IP address, a wrong "Client IP" is shown in Audit Logs view. |
PRJ-18473, |
Security Management |
In some scenarios, the first environment variable configured using sk165938 is not loaded and not used by the CPM process. |
PRJ-18896, |
Security Management |
Policy installation may fail after migration from Domain Management to Security Management Server. |
PRJ-20115, |
Security Management |
In a rare scenario, the FWM process unexpectedly exits. |
PRJ-18815, |
Security Management |
Management HA synchronization between Multi-Domain Management Servers may fail with "Failed to import data" error due to manual or automatic updates of contracts. |
PRJ-19023, |
Security Management |
In rare scenarios, FWM process may unexpectedly exit after a login attempt to the Management server. |
PRJ-18490, |
Security Management |
In rare scenarios, a policy installation task may never complete. |
PRJ-20852, |
Security Management |
Management Server upgrade from R80.20 to R80.40 may fail if a Network Interface object refers to a Gateway object that does not exist. |
PRJ-20840, |
Security Management |
When migrating a Domain Management Server to a Security Management Server:
|
PRJ-20302, |
Security Management |
In some scenarios, deleting a Domain Server may fail with "Got at least one duplicate UID in requested list" error. |
PRJ-17690, |
Security Management |
In some scenarios, HA temporary sub-directories under $FWDIR/tmp are not deleted if sync fails. Refer to sk170972. |
PRJ-16472, |
Security Management |
Login with SmartConsole is blocked while the purge revisions task is running. |
PRJ-19953, |
Security Management |
The Management HA window in SmartConsole may mistakenly show the "Peer is busy" warning message for a few seconds. |
PRJ-18286, |
Security Management |
In rare scenarios, the CPU and memory usage of the CPM process may be abnormally high. Refer to sk170672. |
PRJ-20763, |
Security Management |
High load may occur on the Management Server when searching for a prefix of IP address that has more than 10 thousand matches. |
PRJ-20802, |
Security Management |
In some scenarios, delete partial domain with createDomainRecovery.sh script fails when there are several RadiusGroup objects with the same name in different domains. |
PRJ-21584, |
Security Management |
In rare cases, the CPM Solr process may not be stopped when running cpstop or mdsstop. |
PRJ-21187, |
Security Management |
In rare scenarios, logout from a session fails with "An internal error has occurred" message. |
PRJ-21357, |
Security Management |
In some scenarios, the Purge Revisions task may stop and show 0% for hours or fail with the "An error has occurred while performing revision purge operation" message in SmartConsole. |
PRJ-17787, |
Security Management |
In some scenarios, policy verification for static NAT rules succeeds even though the source subnet NAT is bigger than the destination subnet NAT. |
PRJ-16470, |
Multi-Domain Management |
UPDATE: When reassigning Global Domain for a Domain that is active on another Multi-Domain Server, the task is immediately relayed to the remote Multi-Domain Server without waiting in queue of the local server due to other tasks that are running. |
PRJ-17211, |
Multi-Domain Management |
UPDATE: With this fix, mds_backup will backup the Upgrade Tools package(s) and mds_restore will restore them on a Multi-Domain Server. |
PRJ-22273, |
Multi-Domain Management |
In some scenarios, updating a Domain Server may fail with the "<IP> already in use" message. Refer to sk171916. |
PRJ-18688, |
Multi-Domain Management |
Database installation to the newly created Domain Log Server may fail. |
PRJ-19723, |
Multi-Domain Management |
The Multi-Domain session APIs "view sessions" and "show last-published-session" results may include sessions that were not filtered according to the administrator's permissions profile.
|
PRJ-19275, |
Multi-Domain Management |
In rare scenarios, Management Server becomes inaccessible after a Global Policy reassign operation. |
PRJ-19645, |
Multi-Domain Management |
In rare scenarios, a Domain is shown in the Domains view without any Domain Server or a Domain is shown with Domain Server that was deleted and does not exist anymore. Refer to sk170556. |
PRJ-17560, |
Multi-Domain Management |
In some scenarios, reassigning a Global Policy may fail if the Global and local domains are not active on the same Multi-Domain Server. |
PRJ-21342, |
Multi-Domain Management |
When running many Reassign Global Domain operations for Domains that are not active on the current Multi-Domain Server, the load on the Server may increase and result in slowness of user and automation work. |
PRJ-21277, |
Multi-Domain Management |
In some scenarios, HA Full Sync on the System Domain fails after upgrade on a Multi-Site environment with multiple Multi-Domain Servers. Refer to sk171059. |
PRJ-19992, |
Multi-Domain Management |
After importing two (or more) Security Management servers into a Multi-Domain Server, the Gateway objects may not be functional:
|
PRJ-19317, |
SmartConsole |
NEW: Added support for Python 3 in Management API scripts. |
PRJ-20244, |
SmartConsole |
UPDATE: A pop-up warning will be displayed every time a "Custom Application" object with a performance impacting URL is edited (instead of being displayed only once). |
PRJ-13810, |
SmartConsole |
In some scenarios, the Administrators view shows all administrators in all domains regardless to specific permission profile of the connected administrator. |
PRJ-20145, |
SmartConsole |
SmartConsole may disconnect when searching in the Object Explorer for the text with an odd number of double quotes. |
PRJ-20784, |
SmartConsole |
When the user creates an Access Role, the AD organization tree may show duplicate branches, and some branches may be missing. |
PRJ-19831, |
SmartConsole |
The "show objects" command returns all objects in Global domain with any filter when "ip-only" flag is set to "true". |
PRJ-13121, |
SmartConsole |
In some scenarios, the "Update operation failed" error is displayed when attempting to delete a Gateway from the VPN community. Refer to sk167212. |
PRJ-19200, |
SmartConsole |
In some scenarios, when using the "set simple-gateway" API command with "logs-settings.forward-logs-to-log-server", it fails with "Generic server error". Refer to sk170352. |
PRJ-14104, |
SmartConsole |
Search in Threat Prevention Exceptions in Protection/Site/File/Blade column may not return all expected results. |
PRJ-18882, |
SmartConsole |
Setting values for the environment variables of the Management API as per sk165938 does not work: the values are neither loaded nor used by the API process. |
PRJ-19059, |
SmartConsole |
Upgrade may fail due to IPS protections comment that is exceeding the comment length limit. |
PRJ-13815, |
SmartConsole |
In some scenarios, when the user attempts to delete a VSX Gateway / VSX Cluster, an error message may appear and the operation may not be completed successfully. Refer to sk167492.
|
PRJ-18380, |
SmartConsole |
In some scenarios, running an action on a ROBO Gateway behind NAT does not work during sync on SMB appliances. |
PRJ-20313, |
SmartConsole |
In some scenarios, the "show gateways-and-servers" Management API command fails when running it with details-level full and when connected to the Global Domain. Refer to sk170895. |
PRJ-21523 |
SmartConsole |
In a rare scenario, Automatic NAT rules are not visible in SmartConsole. |
PRJ-20238, |
SmartConsole |
When there are no search results, search in Access Control Policy displays "An error occurred while searching" instead of "No Items Found". |
PRJ-18920, |
SmartConsole |
In some scenarios, the "show-access-rulebase" Management API command fails when running it with details-level "full" and there is a network group with more than 50000 objects on one of the rules. Refer to sk170435. |
PRJ-17480, |
SmartProvisioning |
In some scenarios, when recreating a ROBO object with the same name, the new object receives the previous status. |
PRJ-17998, |
Logging |
NEW:
|
PRJ-12199, |
Logging |
In some scenarios, the "Failed to fetch the file" error is displayed when trying to open Threat Emulation summary reports generated by VSX Gateways. |
PRJ-17354, |
Logging |
FWM and\or log_indexer processes may repeatedly stop when there are more than ~500K network objects declared. Refer to sk164452. |
PRJ-1651, |
Logging |
UPDATE: Added ability to SOLR process running on the Log server to prevent TLS1.1 and below in port 8211. Refer to sk168472. |
PRJ-19714, |
Logging |
When installing a newer Jumbo Hotfix, the Log Exporter filtering configuration may not persist and set to default. |
PRJ-16174, |
Logging |
In some scenarios, the cpsemd process on the log server may close unexpectedly during a restart, shutdown or upgrade. |
PRJ-17162, |
Logging |
The "show-log" API command may fail with the "GENERIC_SERVER_ERROR" error. |
PRJ-7952, |
Logging |
In rare scenarios, a log may display incorrect values in the Action and Rule field. Refer to sk170676. |
PRJ-19008, |
Logging |
In a rare scenario, CPD process may use a random port for AMON communication instead of port 18196. |
PRJ-21157, |
Logging |
In rare scenarios, the FWD process on the Security gateway may be blocked for several seconds due to processing of log attachments. |
PRJ-11310, |
Logging |
In Multi-Domain Management environments, some of the LOG_INDEXER processes may fail to start due to an occupied port. |
PRJ-19820, |
Logging |
In rare scenarios, the log_indexer process may unexpectedly exit when reading a specific log format. Refer to sk116117. |
PRJ-7523, |
Logging |
Connection between the Gateway and the Log Server may go down, with the following error message in the fwd.elg file on the Gateway: "Log server xxx.xxx.xxx.xxx went down". |
PRJ-5872, |
Logging |
In rare scenarios, when the user configures a custom event with a script based automatic reaction in SmartEvent, the SmartEvent client may show the following error: "Server is not responding. Please try to reconnect later". Refer to sk155192. |
PRJ-20561, |
Logging |
In rare scenarios, the Log Exporter fails to connect to external destination when using the TLS protocol. |
PRJ-19843, |
SmartView |
UPDATE: Improved the time resolutions usability (formally known as samples) of the Timeline widgets. |
PRJ-20872, |
SmartView |
UPDATE: To improve performance, SmartView now exports data in CSV format instead of Excel. |
PRJ-18778, |
SmartView |
In rare scenarios, "Critical attacks allowed by policy widgets" in "General Overview" view may show no results while actual data exists. Refer to sk171001. |
PRJ-9548, |
Security Gateway |
NEW: Added DNS Passive Learning feature for enhanced non-FQDN domain objects & updatable objects matching. Refer to sk161612. |
PRJ-11341, |
Security Gateway |
NEW: Added support for authentication with a RADIUS server that expects to receive an empty password on the first message. VPN client will receive 2 dialogs instead of 3. |
PRJ-20335, |
Security Gateway |
NEW: Added Performance improvement when IP Pool NAT is used. |
PRJ-13344, |
Security Gateway |
In a rare scenario, the FWD process opens connections to port 111. |
PRJ-20735, |
Security Gateway |
In rare scenarios, Security Gateway memory consumption may increase. |
PRJ-21609, |
Security Gateway |
Security Gateway may crash when "Categorize HTTPS Websites" feature is enabled and categorization mode is set to "Hold". |
PRJ-11203, |
Security Gateway |
In some scenarios, traffic that is matched on implied rule is dropped while it should not. |
PRJ-20382, |
Security Gateway |
In a rare scenario, Access Control policy installation may fail after upgrade of Security Gateway from R80.10 or below to R80.20 or higher. |
PRJ-21242, |
Security Gateway |
In rare scenarios, proxy ARP entries may be deleted when installing a policy. |
PRJ-20629, |
Security Gateway |
In rare scenarios, high memory consumption in CPD may occur due to a memory leak in authentication flow with an LDAP server. |
PRJ-21108, |
Security Gateway |
Authentication may fail when LDAP branch name contains "\". |
PRJ-11404, |
Security Gateway |
In some scenarios, dmesg shows "up_manager_resume_chain: fwhold_send failed. chain will be dropped by the fwhold API" error messages when the connection was already dropped and cannot be resumed. Refer to sk133253. |
PRJ-20652, |
Security Gateway |
Accept logs with reason "Connection terminated before detection: Insufficient data passed. To learn more see sk113479." may be wrongly generated when the matched action is user authentication and the wrong username/password is provided by the user. |
PRJ-18627, |
Security Gateway |
Wrong memory (hmem) values may be reported by specific SNMP OID. Refer to sk168992. |
PRJ-11792, |
Security Gateway |
False "alert" logs may be displayed in some Anti-Spam events. |
PRJ-20720, |
Security Gateway |
In rare scenarios, Security Gateway memory consumption may increase. |
PRJ-20897, |
Security Gateway |
In some scenarios, the DNS requests from the Security gateway may fail. |
PRJ-19701, |
Security Gateway |
In rare scenarios, a memory leak may occur in TOPOD process. |
PRJ-14446, |
Security Gateway |
In some scenarios, large number of interfaces defined on Security gateway may cause high CPU utilization by CPD process. Refer to sk168674. |
PRJ-17366, |
Security Gateway |
DynamicID via SMTP does not work when an HTTP proxy server is defined. |
PRJ-19954, |
Security Gateway |
Half-closed accelerated TCP connections may take too long time to expire. |
PRJ-19064, |
Security Gateway |
In a rare scenario, Security Gateway memory consumption may increase and lead to a memory leak. |
PRJ-13374, |
Security Gateway |
The TCP State Logging feature may not work as expected. Refer to sk101221. |
PRJ-19582, |
Security Gateway |
In some scenarios, "email_unified_cmi_get_attribs: not valid caller: up_log_get_user_hash" error appears in dmesg for SMTP traffic. |
PRJ-19848, |
Security Gateway |
In some scenarios, a memory leak may appear after sending a packet from the kernel. |
PRJ-19158, |
Threat Extraction |
UPDATE: Threat Extraction will no longer attempt to perform "Convert to PDF" if the file is corrupted, because the resulting files in these cases are usually unreadable. To reactivate this behavior, set the "enable_alternative_scrub_method" variable in $FWDIR/conf/scrub_debug.conf file to 1 and install the Security policy. |
PRJ-9943, |
Anti-Malware |
In some scenarios, multiple files called "ckp_mutex" are created on the Security Gateway. |
PRJ-17841, |
Anti-Malware |
In some scenarios, Threat Prevention logs appear half full (not unified). |
PRJ-19736, |
Anti-Malware |
In some scenarios, users may fail to access a web site with many malicious URLs. |
PRJ-12467, |
Anti-Malware |
In rare scenarios, Security Gateway crashes during CIFS traffic when the Anti-Virus Blade is in Hold mode and the CIFS feature is enabled for Anti-Virus or Threat Extraction (see sk101606). |
PRJ-19742, |
Anti-Bot |
Dynamic Global Network Object usage inside a Network Group object may cause an Access Policy installation failure. |
PRJ-18124 |
Identity Awareness |
NEW: Added Identity Sharing SmartPull mechanism performance and functionality improvements. Refer to sk170516. |
PRJ-13173, |
Identity Awareness |
UPDATE: Optimized memory usage in the PDP process's LDAP operations. |
PRJ-19748, |
Identity Awareness |
In some scenarios, the Security Gateway may not recognize an IP address as a local address, resulting in wrong drops. |
PRJ-19636, |
Identity Awareness |
In some scenarios, when a standby cluster member receives RADIUS accounting updates, there may be high CPU on the PDP process. |
PRJ-16169, |
Identity Awareness |
After changing 'pdp nested_groups __set_state 2' ,flat groups are fetched correctly, but nested groups are not fetched. Refer to sk166199. |
PRJ-12501, |
Identity Awareness |
In some scenarios, Identity Awareness counters in cluster environments show zero. |
PRJ-20844, |
Identity Awareness |
In some scenarios, running pdpd commands results in "daemon did not respond or not running!" error. Refer to sk171136. |
PRJ-20093, |
DLP |
UPDATE: Added support for multi-part data to DLP. |
PRJ-17871, |
HTTPS Inspection |
UPDATE: "Categorize HTTPS websites" feature enhancements when "Categorize HTTPS Sites" feature is enabled:
For configuration, refer to sk173633. |
PRJ-18822, |
HTTPS Inspection |
Cannot browse with Chrome when using mixed chain with ECDSA subordinate CA in HTTPS Inspection. Refer to sk170332. |
PRJ-19468, |
HTTPS Inspection |
In some scenarios, the HTTPS Inspection CA bundle is not created on the Security Gateway. |
PRJ-18702, |
UserCheck |
When using the UserCheck agent, the original URL attribute variable $orig_url$ may appear on URL field of log details. |
PRJ-19038, |
UserCheck |
In some scenarios, users cannot restore original attachment via UserCheck portal and receive the "An unexpected error has occurred" error message. |
PRJ-13968, |
IPS |
UPDATE: The "ips stat" command now shows all active Threat Prevention profiles with IPS enabled on the Security Gateway. |
PRJ-13497, |
IPS |
In some scenarios, a non-compliant IMAP traffic is dropped. |
PRJ-14059, |
IPS |
In some scenarios, SmartEvent does not create IPS events based on the "Critical severity" field. |
PRJ-19297, |
IPS |
In some scenarios, log output shows the Origin/Source as "0.0.0.0" in VSX 3rd party IPS logs. |
PRJ-20345, |
IPS |
In rare scenario, the SmartConsole shows the "IPS is not responding" message even though IPS is functioning normally. |
PRJ-10921, |
IPS |
In some scenarios, "cmik_loader_fw_context_match_cb: match_cb for CMI APP 10 failed" error appears in dmesg for HTTP traffic. |
PRJ-18177, |
URL Filtering |
In some scenarios, the wstlsd process may unexpectedly exit and produce a core dump. |
PRJ-20583, |
Mobile Access |
Removed potential XSS vulnerability in the MAB Login page. |
PRJ-19233, |
Mobile Access |
There may be a delay when connecting to HTTPS based SMS portal over a non-standard proxy port. Refer to sk170497. |
PRJ-17323, |
Mobile Access |
A user may not connect with Remote Access Client if this user belongs to many groups defined in SmartConsole. |
PRJ-20532, |
ClusterXL |
In some scenarios, data connections are dropped with "First packet isn't SYN" message on ClusterXL Load Sharing. |
PRJ-14358 |
ClusterXL |
Same MAC Magic configuration on different clusters in Unicast mode may cause flapping in switch. Refer to sk167206. |
PRJ-16513, |
SecureXL |
NEW: Added the ability to enable monitor-only mode for penalty box independently of other DOS/Rate limiting features. |
PRJ-14937, |
SecureXL |
UPDATE: "fwaccel dos blacklist" and "fwaccel dos whitelist" commands are deprecated and replaced by "fwaccel dos deny" and "fwaccel dos allow". Refer to sk112454. |
PRJ-18320, |
SecureXL |
UPDATE: Drop templates can be generated for connections with matched action Reject. For additional information and configuration, refer to sk171146. |
PRJ-20024, |
SecureXL |
Server may not reuse the TCP connection when the user allows out of state TCP packets. |
PRJ-16580, |
SecureXL |
In some scenarios, traffic with the destination IP address as the broadcast address configured according to sk98810 is dropped. |
PRJ-18081, |
SecureXL |
SNMP may show wrong values for the number of bytes and packets accepted by Security gateway. Refer to sk170132. |
PRJ-20052, |
SecureXL |
In rare scenarios, SecureXL may crash due to NULL handling. |
PRJ-891, |
SecureXL |
In some scenarios, output of "fwaccel stat" command does not display the layer name that disables the templates (only "Layer ---" is displayed). Refer to sk145533. |
PRJ-19661, |
SecureXL |
In some scenarios, connections are dropped when SYN Defender and ISN Defender are both enabled on the same interface. |
PRJ-19403, |
SecureXL |
In some scenarios, Rate Limiting rules for DoS do not work after reboot. Refer to sk170148. |
PRJ-17401, |
SecureXL |
In some scenarios, PPTP or GRE traffic may be dropped. Refer to sk170293. |
PRJ-16353, |
CoreXL |
In a rare scenario, CPU consuming on some instances is high. Refer to sk168513. |
PRJ-20468, |
Gaia OS |
In some scenarios, the Security Gateway attempts to fetch the policy from / send logs to the real IP address of the Management Server (defined in the "General Properties" section of the server object) instead of the server's NAT IP address (defined in the "NAT" section of the server object). Refer to sk171055 to configure the required parameter FORCE_NATTED_IP. |
PRJ-19143, |
Gaia OS |
UPDATE: Added the option to bind IP addresses to sockets using the udp_connect API. Refer to sk171019. |
PRJ-18240, |
Gaia OS |
"cphaprob -h" shows wrong explanation for "cphaprob show_bond [<bond_name>]" command. |
PRJ-18078, |
Gaia OS |
On environments with large IP routing tables, the SNMPD process may consume 100% CPU when running a scan from an external tool. Refer to sk170150. |
PRJ-20940, |
Gaia OS |
Upgrade process may fail due to corrupted sic_local_cert.p12 certificate. Refer to sk171253. |
PRJ-18086, |
Gaia OS |
Query routing info via SNMP may consume 100% CPU in case of a massive IP routing table. Refer to sk170150. |
PRJ-18937, |
Gaia OS |
In some scenarios, the "... fwldbcast_handle_retrans_request: Updated bchosts_mask to 1" message may be printed in /var/log/messages file. |
PRJ-20745, |
Gaia OS |
CVE-2020-25705: ICMP reply rate. |
PRJ-15659, |
Routing |
UPDATE: Display of routing CPview results is limited to 30 lines. |
PRJ-18798, |
Routing |
In some scenarios, the ROUTED process unexpectedly exits when removing an OSPF interface that had authentication configured. Refer to sk170272. |
PRJ-19460, |
Routing |
Routed logs may incorrectly state that routemaps that export to OSPF cannot set the OSPF manual tag, even though the functionality works. |
PRJ-19626, |
Routing |
ip-reachability-detection ping marks a target IP address as "unreachable" if the path goes via a VPN tunnel, although pinging this IP address directly works. |
PRJ-20441, |
Routing |
The old route may be not removed when an BGP ECMP route was changed. |
PRJ-20436, |
Routing |
ECMP route nexthops learned from BGP peers may be not properly updated in the kernel, resulting in network connectivity loss. |
PRJ-18785, |
VPN |
NEW: Added VPN command line mechanism stability enhancement and VPN improvements in IKEv2. |
PRJ-17484, |
VPN |
NEW: Added Anti-Spoofing functionality for Remote Access Office Mode IPs in SecureXL. |
PRJ-16429 |
VPN |
UPDATE: Added support for fetching CRL with proxy in Site-to-site VPN configuration. |
PRJ-19087, |
VPN |
UPDATE: Remote Access VPN stability improvement. |
PRJ-15547, |
VPN |
UPDATE: Added the TTM-per-group feature improvement that allows it to work with more client types (for example Nemo client). |
PRJ-15739, |
VPN |
In some scenarios, findSAByPeer does not validate the peer IP address for DAIP peer behind NAT. |
PRJ-18750, |
VPN |
In some scenarios, the Dynamic ID configuration in SmartConsole (SMS/Email) is ignored. Refer to sk144933. |
PRJ-20330, |
VPN |
Security Gateway may crash when you install policy on a MAB Gateway and a policy file is corrupted. |
PRJ-20865, |
VPN |
In some scenarios, the VPND process keeps re-downloading the same CRL, which can cause performance issues. |
PRJ-20945, |
VPN |
In some scenarios, L2TP clients disconnect from the Security gateway after 10 minutes of the connection. |
PRJ-17491, |
VPN |
In IKEv2 renegotiation scenario, IPSec SAs may be deleted on a standby cluster member during post sync causing a VPN traffic outage. Refer to sk172926. |
PRJ-7479, |
VPN |
Policy installation with VPN enabled may take a long time. |
PRJ-19421, |
VPN |
In some scenarios, the vpnd process unexpectedly exits with Segmentation fault. |
PRJ-20824 |
VPN |
In IKEv2, the renegotiation of IKE SA may fail. |
PRJ-20646, |
VPN |
In some scenarios, the VPND process may unexpectedly exit. |
PRJ-20272, |
VPN |
In a rare scenario, a memory leak may appear when RASession_util is active. |
PRJ-20519, |
VPN |
In a rare scenario, the FWM process unexpectedly exits when enrolling a certificate using the SCEP protocol. |
PRJ-16338, |
VPN |
The user may be unable to connect with Remote Access when the username or user field in the certificate is too long. |
PRJ-13093, |
VPN |
RADIUS packet sent by Security gateway, may show the Framed-IP-Address field in the reverse order. Refer to sk167361. |
PRJ-19213, |
VPN |
Site to Site VPN fails to establish with IKEv2 on GCP when NAT-t is enabled. |
PRJ-18268, |
VPN |
The VPND process on a standby cluster member may unexpectedly exit when VPN peer has a probing link selection configured. Refer to sk170136. |
PRJ-12240, |
VPN |
When clicking "View" in Trusted CA object's OPSEC PKI tab, this may show the "Failed to get a certificate of <object name> from keyset" error. Refer to sk166496. |
PRJ-13819, |
VPN |
Access roles do not recognize Remote Access SNX CLI clients. |
PRJ-18500, |
VSX |
UPDATE: Added support for VSX SecureXL tabs on CPView. Refer to sk167903. |
PRJ-18292, |
VSX |
VSX VSLS with 3 Members may fail to connect to Identity Collector. Refer to sk170836. |
PRJ-20962, |
VSX |
After running "vsx_util vsls" and selecting option #6, the operation may fail with the "Internal Error: got empty reply set" error. Refer to sk171352. |
PRJ-18612, |
VSX |
In some scenarios, there may be high CPU utilization in a VSX environment with several instances. |
PRJ-18575, |
Compliance |
UPDATE: Added ability to select 'Any' in the Service column when creating a custom firewall Best practice.
|
PRJ-14100, |
Compliance |
In some scenarios, Compliance Blade does not scan inline layers for Application Control and URL Filtering Best Practices. |
PRJ-20601, |
VoIP |
VoIP RTP can cause overload on global instance (CoreXL instance 0). |
PRJ-16454, |
VoIP |
SIP parser may cause the wrong RTP dynamic connection to be opened. Refer to sk169373. |