Take 202 - General Availability

UPDATE: If there is no license on the Security Management Server, a new verification blocks an attempt to migrate a domain.

In very large Management environments, Policy verification and installation may fail with FWM process core dump. Refer to sk173722.

Upgrade or migration from R80.10 and lower to R80.20 and higher may fail with "Scheme adjustment had failed" error in logs. Refer to sk172003.

In rare scenarios, deleting an object fails with "Can't reach source object, maybe it already deleted" error. Refer to sk172828.

On Security Management with connected Endpoint Security Server, the SICTUNNEL process may unexpectedly exit and start again every few minutes with core file ~4gb in size. Refer to sk173704.

"Query failed" error is displayed in Security Gateway Device & License Information view in SmartConsole when canceling the "Export to PDF/CSV" operation.

In some scenarios, policy installation fails with "Error code 0-2000077" message.

In some scenarios, a Domain migration may fail during the Access Policy import with the "Object not found" error in cpm.elg file.

In some scenarios, HA sync in a Multi-Domain environment may fail with the "Failed to import data" error message after the user creates new Permission Roles.

Running override_server_setting.sh may not update settings correctly when updating a setting multiple times.

In some scenarios, Desktop policy fails with "Policy installation had failed due to an internal error. If the problem persists please contact Check Point support". Refer to sk171970.

Global Policy Reassignment may take a long time to complete after an IPS Update in the Global Domain.

In Multi-Domain environment, the same Domain may appear twice in the Domains view of the SmartEvent application.

In some scenarios, installation of Jumbo Hotfix on Multi-Domain Server may fail after running restore from backup.

In some scenarios, Reassign Global Domain for a Domain that is active on another Multi-Domain Server may fail with "An internal error has occurred" message. Refer to sk172704.

In a rare scenario, Advanced upgrade from R80.10 may fail.

In some scenarios, a validation warning may appear on an updatable object with the following message: "Object is no longer supported. Enforcing security for this object is not possible." However, the object is still available in the updatable objects picker.

In some scenarios, FWM process logs show Provisioning/LSM activity even though LSM is not in use. Refer to sk171905.

In some scenarios, an incorrect Compliance status for Gaia OS Best Practices is displayed.

NEW: Resource pools for log queries and report generation have been separated to ensure query responsiveness while multiple reports are generated.

NEW: Log exporter allows the re-export of logs based on starting and end positions provided by the user, to close possible gaps. Refer to sk122323.

Starting from Jumbo Take 183, logs exported in LogRhythm format via the Log Exporter, appear in an incorrect format.

In some scenarios, when declaring a filter in Log Exporter, logs may not be exported. Refer to sk173025.

In some scenarios in SmartView, exporting a report or view to PDF duplicates the item and displays it twice in the Catalog until the export is done.

In SmartView's "Cyber Attack View - Endpoint", the widgets Active/Dormant Attacks and Cleaned/Blocked Attacks show clean hosts as infected (false positive results).

In some scenarios, in Multi-Domain servers with many domains, the Solr process for logs may unexpectedly exit.

When viewing an Access log card that was matched on both a Network layer (firewall) rule and an Application layer rule, and both actions are "Accept", the application layer rule will be presented in the card instead of the network layer rule. Refer to sk172763.

In some scenarios, in the "Views and Reports" of SmartView, it is not possible to use the field "Roles".

In the "Logs" view in SmartConsole, when the query filter contains "time:yesterday" as a literal, the query fails with a "Query resolution failed" error. The pre-defined time filter "Yesterday" shows results from today. Refer to sk170999.

A super user connected to SmartConsole in the context of the Domain Management Server cannot see search suggestions for global objects.

UPDATE: Security Gateway performance optimizations for specific scenarios. Refer to sk174607.

In rare scenarios, the CPD process unexpectedly exits when the VPN is enabled, and statuses are not sent to the Management Server.

In some scenarios, the VSX Cluster switch may cause a core dump.

The VPND process may consume high CPU because of ECDHE use, which affects multi-portal functionality. Refer to sk173145.

In a rare scenario, Security Gateway may crash during the Application Control / IPS / Anti-Bot package update.

Improved the policy enforcement of the ZIP archive inner files.

In some scenarios, a Security policy installation fails during high CPU utilization.

When the Security Gateway is configured as a proxy, some network objects may not be matched correctly.

In a rare scenario, the FWK process unexpectedly exits on the Security Gateway.

The connection may not exist in SecureXL connection table when configuring Smart Connection Reuse kernel parameters and allow out of state TCP packets.

In some scenarios, the Security Gateway attempts to access the Management Server through the server's NAT IP address (defined in the "NAT" section of the server object), while the server is reachable only through the main IP address (defined in the "General Properties" section of the server object).

Refer to sk171665 to configure the required parameter SKIP_NATTED_IP.

UPDATE: The IKE certificates validity period is set to 1 year by default. Refer to sk176527.

The output of the "lscert" command has duplicate lines for all certificates that are not in "pending" status

In a rare scenario, the PDPD process may unexpectedly exit due to synchronization issues in CaptivePortalManager.

In some scenarios, output of "pdp conn pep" command may show wrong PEP names.

In some scenarios, VPN Remote Access client fails to connect if a certificate contains a DN with an asterisk (*).

A failure log may be generated when inspecting connections to servers with certificates without a Common Name (CN) field.

UPDATE: Exceptions are now enforced for these IPS protections:

• ASCII Request Response
• ASCII Response Response
• HTTP Header Patterns
• HTTP URL Patterns
• CIFS File Patterns

Refer to sk166222.

UPDATE: Avoid sending the TLS probe during inbound inspection when it is not necessary for the SNI-based categorization.

In rare scenarios, a memory leak may occur in a crypto module.

TLS probing failures generate logs with a general description in SmartLog: "Internal system error in HTTPS Inspection (Error Code: 2)". With this fix, more descriptive logs will be generated.

In some scenarios, the WSTLSD process may unexpectedly exit when browsing to certain websites.

Packet capture may not be generated for certain IPS protections.

In rare scenarios, the Threat Prevention Blade Exception used for performance optimization does not work as expected.

In some scenarios, the "reached the limit of maximum enqueued packets!" log is printed in the /var/log/messages file.

Rate limiting rules using concurrent-connection counters may cause connections to be blocked.

Security Gateway may crash when the user runs "fwaccel tab -t" to view certain rate limiting tables that have a large number of entries.

In some scenarios, the concurrent-conns rate limiting count may be inaccurate for FTP data connections.

A race condition in the DOS/Rate limiting policy's install logic may cause incorrect counter values for "concurrent-conns".

UPDATE: The user does not have to enable logging/accounting in SmartConsole to generate the Netflow records. A new 'NetFlow Firewall rule' option was added to configure NetFlow to report per Firewall rule by turning it on and enabling Log/Accounting per rule.

In OSPF environment, the routed process may unexpectedly exit when a VPN tunnel is flapped leading to a temporary connectivity loss.

NEW: Added 3 new views to SmartView for Remote Access, providing visibility for Remote Access users, users login summary, failed login attempts, used clients, top login options, number of users, operating systems, authentication methods and login activity.

In VSX environments, Anti-Spoofing in SecureXL may cause Remote Access VPN drops. Refer to sk173266.

Added stability fix in validation checks for ECDSA certificates.

In rare scenarios, the VPND process may unexpectedly exit in an L2TP-related flow.

Added VPN Remote Access stability improvement.

In a rare scenario, there may be an incorrect IKE ID in an ID payload with 3rd party peers in IKEv1 and IKEv2.

When static NAT is configured on a destination, the SCV may fail to access the internal resources and "No scv status from client..." drops appear in SmartConsole. Refer to sk171550.

NEW: Added support for hardware (sensors/NICs) data auto-update.

In rare scenarios, "show asset network" command may lead to memory leak. Refer to sk174823.

Entering diacritic characters in the Expert password may cause Clish to unexpectedly exit, resulting in a core dump.

The "set snmp usm user" command fails if it has more then 8 characters. This fix increases the characters limit to 31.

Unable to set MTU on Igb cards.