Take 203 - Ongoing

List of Resolved Issues and New Features

Note - This Take contains all fixes from all earlier Takes.

ID

Product

Description

Take 203

Released on 20 October 2021

PRJ-26243,
PRJ-26233

Diagnostics

NEW: Added the Check Point Performance Sizing Utility (CPSizeMe) v5.2.

PRJ-29101,
PMTR-70942

Security Management

In some scenarios, the Administrators view may not filter domain names according to the permission profile of the connected administrator.

PRJ-28646,
PRHF-18202

Security Management

In some scenarios, when using a VPN community, the status of the Global Domain Assignment may change to "not up to date", although no changes were made in the Global Domain.

PRJ-26733,
PRHF-17606

Security Management

In a rare scenario, in the Management API, the "show hosts" command with "details-level full" fails with a "java.util.InputMismatchException: got at least one duplicate UID in requested list, duplicates UIDs:" message.

PRJ-26674,
PRHF-17744

Security Management

The "show gateways and servers" Management API command does not show policy information for cluster members.

PRJ-29185,
PRHF-18470

Security Management

In a rare scenario, High Availability full synchronization may fail due to a large number of records.

PRJ-28296,
PRHF-18362

Security Management

In rare scenarios, High Availability on the Global Domain may fail to synchronize the Multi-Domain Log Server if IPS protection was added or removed in the Threat Prevention rulebase.

PRJ-28533,
PRHF-18063

Security Management

In rare scenarios, Global Policy Assignment may fail with the "class name not found for object" error.

PRJ-29155,
PRHF-18883

Security Management

Scheduled IPS updates data may not be shown in the IPS update report.

PRJ-23125,
PRHF-15939

Security Management

Migration of Security Management Server to a Domain on a Multi-Domain Server may be blocked if there are multiple Certificate Authority objects. Refer to sk174270.

PRJ-28567,
PRHF-18422

Security Management

In some scenarios, the Purge Revisions operation fails with the "An error has occurred while performing revisions purge operation, Incident ID - xxxxx-xxxxxxx-xxxxx-xxxxx" error. Refer to sk174645.

PRJ-25563,
PRHF-17182

Security Management

In rare scenarios, an upgrade may fail when there is an OPSEC Server object configured.

PRJ-27998,
PRHF-18245

Security Management

If Brute Force Password Guessing Protection is set to the value of more than 25 seconds, login to SmartConsole fails.

  • Requires R80.20 SmartConsole Build 124 (or higher).

PRJ-28290,
PRHF-18210

Security Management

In rare scenarios, High Availability incremental synchronization may fail with a wrong status message.

PRJ-25625,
PRHF-17284

Security Management

In rare scenarios, a Management Server upgrade may fail with the "Object not found - [UID]" error message in the cpm.elg log file.

PRJ-24947,
PRHF-16976

Security Management

If there is an Administrator named "Endpoint", an upgrade of Endpoint Security Server from R77.30 version fails.

PRJ-24999,
PRHF-17007

Security Management

After migrating a Domain to a Multi-Domain Management and assigning a Global Policy, if there are objects with the same name in the Domain and Global Domain, the assignment succeeds, although it must fail due to name duplication.

PRJ-25684,
PRHF-17286

Security Management

In some scenarios, a policy installation failure message may show "ReferenceObject" instead of the actual object's name.

PRJ-26181,
PRHF-17487

Security Management

When running the "fwm logexport" command multiple times, the FWM process may unexpectedly exit producing a core file.

PRJ-22382,
PRHF-15325

Security Management

User may fail to connect to SmartConsole after the administrator changed the RADIUS Server host IP address. Refer to sk172065.

PRJ-25515,
PRHF-14000

Security Management

The Management API command "get-attachment" may fail with an error. Refer to sk170894.

PRJ-26504,
PMTR-69683

Security Management

Policy verification may incorrectly fail with a NAT verification error "The range size of Original and Translated columns must be the same".

PRJ-26978,
SMCUPG-1675

Security Management

After migrating a Domain to Security Management Server, the FWM process may be shown as "down" in watchdog, although it is up and running. Refer to sk163814.

PRJ-26121,
PRHF-17476

Security Management

In some scenarios, High Availability synchronization fails in the Global Domain after an IPS update.

PRJ-26627,
PRHF-17230

Security Management

In rare scenarios, during a system startup, a cleanup operation may cause high CPU on multiple Postgres processes and prevent login to SmartConsole. Refer to sk175189.

PRJ-21965,
PRHF-15471

Security Management

Packet Mode search in rulebase ignores matching of inline layer parent rules. In some scenarios, this may retrieve inline layer rules that should not be matched.

PRJ-26903,
PRHF-17725

Security Management,
SmartConsole

In some scenarios, loading the Access Control policy causes SmartConsole to close unexpectedly. Refer to sk175405.

  • Requires R80.20 SmartConsole Build 124 (or higher)

PRJ-26908,
PRHF-16657

Security Management

Policy installation to multiple Gateways from Install Policy Presets may fail if each policy has its own HTTPS Inspection policy.

PRJ-22131,
PMTR-63108

Security Management

In some scenarios, a high load on the Management Server may cause SmartConsole slowness.

PRJ-25797,
PRHF-17324

Security Management

In rare scenarios, if the CPM process is up for many days, CPU and memory consumption may continue to grow until a reboot is performed.

PRJ-23451,
PRHF-16065

Security Management

After upgrade from R77.x, "Cannot assign a Domain more than once" errors may appear in the validations pane.

PRJ-13709,
PMTR-28931

Security Management

In rare scenarios, the SmartEvent Server fails to read from the external Log Server.

PRJ-26899,
PRHF-17584

Security Management

In some scenarios, copying a rule from one Access Control policy to another fails due to a mismatch in the policy Traditional VPN mode.

PRJ-26191,
PMTR-69529

Security Management

In a rare scenario, the FWM process may unexpectedly exit.

PRJ-28380,
PMTR-10273

Security Management

Virtual session timeout for a TCP service cannot exceed 86400 seconds. Refer to sk168872.

PRJ-21785,
PRHF-15257

Security Management

In some scenarios, the output of the "cpmistat" command may contain partial information.

PRJ-28154,
PRHF-17926

Security Management

In rare scenarios, if Domain migration fails, the operation may not revert fully and leave some remnants in the database of the Management Server.

PRJ-15875,
PRHF-11539

Multi-Domain Management

OS information for Domain Servers may not be shown correctly at the MDS level.

PRJ-19979,
PRHF-14468

Multi-Domain Management

In some scenarios, a migration of a Security Management Server into a Domain Management Server fails at the import phase. Refer to sk170758.

PRJ-18905,
PMTR-61579

Multi-Domain Management

In some scenarios, size of MDS backup file increases after each policy installation.

PRJ-24231,
PMTR-64142

Licensing

UPDATE: If there is no license installed, an error message is printed when running the "cpstart" command.

PRJ-28530,
PRJ-28522

Licensing

In a very rare scenario, SmartConsole login attempt mail fail due to high CPU usage of the CPD process.

PRJ-21774,
PMTR-63316

Licensing

In some scenarios, the total number of "sr" licenses may be counted incorrectly.

PRJ-27342,
PMTR-64049

Licensing

In a rare scenario, the licensing status in SmartConsole is displayed incorrectly.

PRJ-26869,
PRHF-17640

SmartConsole

In some scenarios, the Gateway hardware change in SmartConsole fails with a "Changing the hardware to <New_Selected_Check_Point_Appliance> Appliances is blocked." warning.

PRJ-25927,
PMTR-69007

SmartView

NEW:

  • It is now possible to set the default timeframe for all the SmartView web application functionalities.
  • The default value is "Last 24 hours".

Note: The default time frames on the SmartView web application and SmartConsole are not synchronized.

  • Requires R80.20 SmartConsole Build 124 (or higher).

PRJ-23487,
SL-5368

Logging

NEW:

  • In SmartEvent GUI added new products: "Behavioral Guard", "Anti-Exploit", "Anti-Bot" and "Anti-Ransomware"
  • For Endpoint logs correlation, added a new pre-defined event: "Harmony Endpoint" under Legacy -> Endpoint Security.

PRJ-21422,
PMTR-61503

Logging

NEW: The Log Exporter now supports formatting for RSA SIEM application.

PRJ-18858,
SL-4613

Logging

NEW: Added support for Endpoint Forensics reports to get-attachment API.

PRJ-25573,
SL-5164

Logging

UPDATE: The Log Server now supports up to 2700 Gateways (previously was 1024). Refer to sk163413.

PRJ-24436,
SL-5577

Logging

When a Management Server manages more than 1024 Gateways, the connectivity status may show "N/A" for several Gateways.

PRJ-26112,
PMTR-69276

Logging

In a Multi-Domain Management environment, log queries may fail to retrieve results from a CMA or CLM, if there is another CMA or CLM with the same sic_name.

PRJ-24281,
PMTR-66677

Logging

In rare scenarios, when exporting logs to Check Point Infinity Portal, the Log Exporter may unexpectedly exit.

PRJ-26691,
PMTR-70010

Logging

When adding the "UC Block" action, log queries may not show UserCheck logs. Refer to sk174543.

PRJ-25451,
PMTR-68670

Logging

In rare scenarios, logs generated at the same second, with the same ID, may not show up in SmartConsole's Logs tab.

PRJ-15229,
PRHF-12075

Logging

In SmartView, when creating a statistical table and grouping by Time, the query may fail.

PRJ-23761,
PRHF-16328

Logging

In rare scenarios, SmartConsole may unexpectedly close if the pre-defined VPN columns profile in the Logs view was modified and saved.

PRJ-16645,
PMTR-58979

Logging

In the SmartConsole Logs tab, the "IKE IDs" field cannot be added to column profiles.

PRJ-23577,
PMTR-65203

Logging

In some scenarios following a Multi-Domain Management Server upgrade, logs queries may not retrieve results from some CMAs\CLMs.

PRJ-23818,
PRHF-12659

Logging

In rare scenarios, when querying logs with a timeframe larger than 1 day, only 50 logs from each day will be shown.

PRJ-25643,
PMTR-68886

Logging

In SmartView (Reports and Web Logs view), the value of the file size is displayed differently from the Logs view in SmartConsole (GB instead of GiB).

PRJ-23677,
PMTR-62763

Logging

In rare scenarios, in environments with many network objects, when typing a query in the Logs tab Search bar, SmartConsole may close unexpectedly.

PRJ-27298,
PMTR-70643

Logging

After upgrade, SmartView scheduled export to Excel of Reports and Views stop running and users are unable to edit the scheduled tasks Refer to sk174047.

PRJ-22646,
PRHF-15710

Logging

Threat Emulation log description for HTTP emulation is incorrect.

PRJ-21320,
PRHF-15198

Logging

In the Method field, logs with the following values are not shown in the SmartConsole's Logs tab. They are only shown when opening a single log record.

The values are: MOVE, TEXT, XGET, UNDEFINED, VTTEST, ABCD, SEARCH, RPC_CONNECT, PRONECT, TRACK, CFYZ, BADMETHOD, DEBUG, MGET, GET, MKCOL, QUALYS, RNDMMTD, PRI, NESSUS, BDMT, BADMTHD.

PRJ-14236,
PRHF-11770

Logging

In some scenarios, in SmartView, grouping or filtering by the field "Total Bytes" causes the query to fail.

PRJ-20617,
PRHF-14608

Logging

In SmartView, when filtering with specific time filters, the result may include more logs than were requested.

PRJ-27047,
PRHF-17285

Logging

In rare scenarios, Management object changes may not be reflected in the Logs view. When the issue occurs, the CPM process may also consume a high CPU.

PRJ-26723,
PRHF-17205

Logging

In some scenarios, the FWD process on Security Gateway may cause high memory consumption when Log Forwarding is configured or when running the "fw fetchlogs" command.

PRJ-23865,
PRHF-16183

Logging

In SmartView reports, the "Show only icon" option for table widgets does not work as expected.

PRJ-22342,
PRHF-15696

Logging

In SmartView, the "Duration" field is missing from Reports and Views.

PRJ-16982,
PRHF-12847

Logging

In a rare scenario, Application Control events may not be displayed in SmartEvent.

PRJ-27618,
PRHF-18157

Logging

The CPSEMD process on SmartEvent Server may unexpectedly exit when trying to send two automatic reactions simultaneously for the same event.

PRJ-25830,
PMTR-68506

Logging

The LOG_INDEXER process on the SmartEvent Server may consume a high CPU when the Mobile Access Blade is enabled on the Gateway.

PRJ-24521,
PMTR-67575

Logging

In a low log rate, there may be a delay in exporting logs using the Log Exporter.

PRJ-30583,
PMTR-63927

Logging

In some scenarios, in Multi-Domain Servers, heavy API requests may fail after an upgrade.

PRJ-16279,
PRHF-11939

Logging

In some scenarios, emails of DLP Blade may be sent with obfuscated information, with no option to present the full data. Refer to sk106430.

PRJ-13740,
PRHF-11391

Logging

The "Could not connect to Monitoring Blade" error is displayed when trying to show the "Top Interfaces" view in SmartConsole or SmartView Monitor for a Gateway that has more than 100 interfaces.

PRJ-20495,
PMTR-63033

CPUSE

The "Recommended" Package value is not changed from true to false in SmartConsole while installing Jumbo Hotfix. Refer to sk174508.

PRJ-29416,
PMTR-71855

Security Gateway

In a rare scenario, policy installation on the Security Gateway may fail with an "Error code: 0-2000108" message. Refer to sk170673.

PRJ-28826,
PRHF-18098

Security Gateway

Improved the ICAP Server internal memory allocation logic.

PRJ-27647,
PMTR-70634

Security Gateway

Negative values may appear in the output of the "fw tab -t connections -s" command and under the NAT section.

PRJ-27945,
PRHF-13493

Security Gateway

In some scenarios, the CPD process may consume high CPU because of the memory leak in FDT (File Download Tool).

PRJ-26389,
PRHF-17436

Security Gateway

The WSDNSD process unexpectedly exits and creates a core dump file. Refer to sk173627.

PRJ-26820,
PRHF-17872

Security Gateway

A duplicate entry appears in the /etc/cpshell/log_rotation.conf file. This issue is only cosmetic.

PRJ-26547,
MBS-12769

Security Gateway

In some scenarios, a "fwauthd_init: got known service port XXX ... choosing another one" message appears repeatedly in the $FWDIR/log/fwd.elg file.

PRJ-28439,
PMTR-67536

Security Gateway

A "fw_xlate_rule_count_dec: refcount is negative" message may be displayed in dmesg when IP pool NAT is used on a cluster environment.

PRJ-25025,
PRHF-16667

Security Gateway

In a rare scenario, the FWK process unexpectedly exits on the Security Gateway.

PRJ-22947,
PMTR-55080

Security Gateway

In rare scenarios, policy installation fails with a "gen_rpc_service_inspect_func: service mismatch in service_arr" error message. Refer to sk174165.

PRJ-27159,
PRHF-16851

Security Gateway

In rare scenarios, running the kernel debug "fw ctl debug -m fw1 + misp" on cluster may cause the cluster members to crash.

PRJ-25389,
PRHF-17173

Security Gateway

In some scenarios, there is no match on URL Filtering rules.

PRJ-25549,
PMTR-67991

Security Gateway

In some scenarios, connections are dropped with a "Virtual defragmentation error: fragment table is full" message. Refer to sk180404.

PRJ-25153,
PMTR-67534

Security Gateway

When running the "fwaccel stats -r" command to reset SXL statistics, the statistics may become corrupted.

PRJ-25597,
PRHF-12228

Security Gateway

In some scenarios, packets are dropped due to incorrect SACK translation when SACK and sequence translation are being used together.

PRJ-24006,
PRHF-16196

Security Gateway

In rare scenarios, when the "sd_global_monitor_only" property is set to "true", there is no HTTP inspection.

PRJ-26615,
PRHF-17663

Security Gateway

In some scenarios, "[INFO] encode resource in base64 failed" messages generated by the RAD process are shown in /var/log/messages file.

PRJ-26592,
PMTR-70023

Security Gateway

Configuring the "Virtual Activation Timeout" option above 65535 may lead to an incorrect timeout definition. Refer to sk172464.

PRJ-27073,
PMTR-70300

Security Gateway

In rare scenarios, using IP Pool NAT with only IPv4/IPv6 addresses configured may cause Security Gateway to crash.

PRJ-26376,
PRJ-26257

Security Gateway

In a rare scenario, incorrect error messages regarding the ICAP client flow appear in dmesg. Refer to sk173546.

PRJ-24339,
PRHF-15781

Security Gateway

In some non-VPN scenarios, MSS Adjustment (Clamping) does not work.

PRJ-24739,
PRHF-16868

Security Gateway

In rare scenarios on versions earlier than R80.40, the FWK process may unexpectedly exit.

PRJ-18864,
PRHF-13722

Security Gateway

In rare scenarios, DynamicID authentication fails with a "server_code 403 log_msg General HTTP error" message in vpnd.elg. Refer to sk170303.

PRJ-16918,
PRHF-12897

Security Gateway

In rare scenarios, SmartView Monitor shows an "Error code: 2147483647" message when viewing data from a VSX Gateway. Refer to sk174206.

PRJ-23062,
PMTR-63142

Security Gateway

Improved displayed drop log messages on the Security Gateway:

  1. To see drops since the last reboot, use the "fw ctl drop" command.
  2. To see drops in real time, use the CPView tool.

Refer to sk172232.

PRJ-14622,
PRHF-11760

Security Gateway

After policy installation, Security Gateway may stop responding due to memory leaks.

PRJ-25813,
PRHF-16364

Security Gateway

Added Dynamic Anti-Spoofing stability enhancements.

PRJ-26475,
PMTR-66746

Security Gateway

In some rare scenarios, when IPv6 is configured and Office Mode Anti-Spoofing is enabled, running "cpstop;cpstart" may cause a Security Gateway to crash.

PRJ-26148,
PMTR-69312

Security Gateway

In a rare scenario, a memory leak may occur when IPS / Anti-Bot / Anti-Virus Blade is enabled.

PRJ-25734,
PRHF-16886

Security Gateway

In some scenarios, Security Gateway may crash when ICAP client is enabled.

PRJ-25619,
PRHF-15688

Security Gateway

In a rare scenario, Security Gateway may crash when handling some DNS packets.

PRJ-21267,
PMTR-56012

Security Gateway

In some scenarios, emails may be stuck in the MTA queue.

PRJ-24374,
SMB-10515

Security Gateway

A memory leak may occur in a DNS resolving Infrastructure.

PRJ-27556,
PRHF-17949

Security Gateway

In some scenarios, configuring an un-numbered virtual interface may cause ARP requests to stay not answered by the interface. Refer to sk174188.

PRJ-19767,
PRHF-14017

Security Gateway

Security Gateway may crash after policy installation.

PRJ-13162,
PRHF-11027

Security Gateway

The show-global-assignment command may ignore the limit request and return the default limit.

PRJ-29135,
PRHF-18403

Security Gateway

The cpsicdemux process may unexpectedly exit, causing Secure Internal Communication (SIC) connection to fail.

PRJ-26136,
PMTR-69466

Internal CA

UPDATE: Added automatic extension for Internal CA database to support more than 100,000 certificates.

PRJ-26646,
PMTR-70065

Internal CA

UPDATE: Expired certificates are now cleaned from the Internal CA database every three weeks and after reboot. Refer to sk42424.

PRJ-26706

Internal CA

In some scenarios, it is not possible to remove expired certificates via the ICA Management tool.

PRJ-24990,
PMTR-61787

Threat Prevention

UPDATE: Added support for more than 20 CIFS objects in rulebase. Refer to sk170300.

PRJ-26539,
PMTR-69186

Threat Prevention

In some scenarios, the IPS update status in SmartConsole is incorrect after the automatic update fails with the "Update failed. Failed to load database" error.

PRJ-23264,
PMTR-49906

Threat Prevention

In rare scenarios, the "fw load_sigs" command fails to exit appropriately after completing.

PRJ-26991,
PMTR-67597

Identity Awareness

NEW: Added a new Auto-Tune feature for Nested Groups to select the optimal nested state for maximum performance.
The feature is disabled by default. To enable it, refer to sk128212.

PRJ-29492,
IDA-4049

Identity Awareness

UPDATE:

  • Increased the default timeout values of entries: connected_pdp_refresh_interval is now set to 240 seconds and connected_pdp_grace_period is now set to 360 seconds.
  • Added the "Identity information / Network information will be deleted" alert to SmartConsole.

PRJ-26230,
IDA-4019

Identity Awareness

When the PDP Gateway is connected to multiple pre-R81 PEP Gateways, the CPU consumption may be high. Refer to sk173709.

PRJ-26800,
MBS-13669

Identity Awareness

In a rare scenario, the Security Gateway may crash.

PRJ-25922,
PMTR-68088

Identity Awareness

Optimized the PDP expired timers mechanism performance.

PRJ-22280,
PMTR-35594

Identity Awareness

In rare scenarios, the PDPD process unexpectedly exits.

PRJ-29403,
IDA-4087

Identity Awareness

Improved the Identity Server (PDP) performance for publishing new network on Identity Sharing with SmartPull.

PRJ-27189,
PRHF-17768

Application Control

UPDATE: Improved matching of URLs for custom applications.

PRJ-69657,
PRHF-16635

IPS

An HTTP download of a large file may unexpectedly stop with an error message.

PRJ-25206,
IPS-352

IPS

In some scenarios, the DNS response message with record type 0 may be dropped by "Non-compliant DNS" protection.

PRJ-26103,
PRHF-17301

IPS

Security Gateway may crash when the IPS profile name is very long (more than 256 characters). Refer to sk174025.

PRJ-27955,
PRHF-18158

IPS

In some scenarios for HTTP, Gateway closes a connection from the Server side, but the user side may remain open.

PRJ-25754,
PRHF-14540

SSL Inspection

A table hash size may be too small for some environments and cause an increased CPU usage.

PRJ-25213,
PRHF-14178

SSL Inspection

In some scenarios, when HTTPS Inspection is enabled, overall memory consumption may gradually increase. Refer to sk171280.

PRJ-26744,
PRHF-4657

SSL Inspection

Added an option to bypass Name Constraints extension on certificates using a registry flag. Refer to sk159692.

PRJ-22585,
AVIR-527

Anti-Malware

In some scenarios, in a cluster environment, policy installation fails with "Error code: 0-2000049". Refer to sk163257.

PRJ-24627,
TEX-2201

UserCheck

In rare scenarios, in the UserCheck portal for Threat Extraction, when clicking the "Send Original Mail to me" button, the action fails with the "An unexpected error has occurred" error. Refer sk140214.

PRJ-22803,
SNX-61

Mobile Access

When the administrator adds more than 30 native applications, users may fail to connect via SSL Network Extender Application mode.

PRJ-24385,
MBS-12759

ClusterXL

In rare scenarios, a Load Sharing cluster can experience DHCP Relay drops with a "dropped by fw_post_vm_chain_handler Reason: Handler 'dhcp_reply_code' drop" message.

PRJ-27221,
PRHF-17921

SecureXL

In some scenarios, SYN Defender log messages in SmartConsole show "*** MISSING ***" instead of the real log.

PRJ-24538,
PMTR-67556

SecureXL

In a VSX environment, the SYN Defender configuration may not be applied correctly.

PRJ-22787,
PMTR-65162

SecureXL

In a rare scenario, Security Gateway may crash after running the "fwaccel tab -t connections" command.

PRJ-28391

Routing

The checksum of PIM "register" packets may be calculated incorrectly, causing the RP router to discard a "register" packet.

PRJ-25315,
PMTR-68232

Routing

In some scenarios, CPView displays incorrect values of RIP statistics.

PRJ-27056,
PRHF-17925

Routing

In some scenarios, the ROUTED process may unexpectedly exit when there is a static route and a kernel route to the same destination.

PRJ-26958,
PMTR-65589

Routing

The ROUTED process may unexpectedly exit when candidate RP is enabled, and a rapid failover occurs or when the candidate RP interface is disconnected.

PRJ-26966,
PMTR-66574

Routing

In some scenarios, the ROUTED process may produce a core dump when it receives IGMPv3 Membership Reports over a long period of time.

PRJ-28836,
PMTR-51501

Routing

In some scenarios, an outage may occur because of premature graceful-restart exit.

PRJ-26750,
PRJ-26751

Routing

In some scenarios, the NetFlow Packet may report a wrong source IP Address.

PRJ-28954,
PRHF-17739

Routing

The ROUTED process may unexpectedly exit.

PRJ-29493,
ROUT-1745

Routing

BGP sessions may unexpectedly close because of unrecognized AFI/SAFI pairs in multiprotocol capability advertisements from a peer.

PRJ-29316,
ROUT-1721

Routing

AS path loops may occur, although BGP multihop is configured.

PRJ-30697,
PMTR-72756

VPN,
HTTPS Inspection

A memory leak in HTTPS Inspection and HTTPS portals may occur when using ECDHE ciphers.

PRJ-22115,
PMTR-31204

VPN

In rare scenarios, after policy installation, the VPND process may unexpectedly exit with core dump.

PRJ-31026,
PRHF-19776

VPN

Many "remote access client IP address and port were changed" logs are generated after an upgrade.

PRJ-28502,
PRHF-18400

VPN

A memory leak may occur in the VPND process.

PRJ-28509,
PRHF-18408

VPN

In some scenarios, a memory leak may occur on the Security Gateway.

PRJ-29279,
PRHF-18818

VPN

In rare scenarios, re-configuring a trusted CA bundle may cause a memory leak in the VPND process.

PRJ-26396,
PRHF-17622

VPN

Policy installation may fail when VPN community is not configured on the Security Gateway. Refer to sk174235.

PRJ-23964,
PRHF-16338

VSX

UPDATE: Added ability to change the Management and Sync interfaces via vsx_util change_interfaces.

PRJ-22688,
PMTR-65535

VSX

This fix allows create/change a VSX cluster/Gateway to have up to 32 CoreXL instances with VSX Provisioning Tool. Currently, it is possible to do this only in SmartConsole.

PRJ-26129,
PMTR-53985

VSX

After upgrade, the VS names may be displayed incorrectly in the output of the "vsx stat -v" command.

PRJ-25021,
PRHF-14371

VSX

In some scenarios, the "cpstat vsx" command does not show the correct output. Refer to sk170793.

PRJ-27040,
PMTR-67834

VSX

VSX provisioning may fail to commit changes to the VSX database. Refer to sk173683.

PRJ-27974,
PMTR-69876

Gaia OS

A memory leak may occur on a Security Gateway while configuring Secure Internal Communication (SIC).

PRJ-24593,
PRJ-26110,
PRHF-16780

Gaia OS

When the RADIUS Server uses a multi-pool "Access Challenge", the system sends many authentication requests without waiting.

PRJ-25004,
PMTR-49877

Gaia OS

In some scenarios, the force-password-change option does not work.

PRJ-28793,
PRHF-18683

Gaia OS

In a rare scenario, a memory leak may occur in the monitord process.

PRJ-25247,
PMTR-68435

Harmony Endpoint

In some scenarios, the Policy Server fails to synchronize with Endpoint primary Management after installing a hotfix for local E1 signature updates.

PRJ-25387,
PRHF-17170

CloudGuard IaaS

CloudGuard Controller with Cisco ACI Data Center sends updates without IP addresses to Security Gateways.

PRJ-25725,
PMTR-68887

QoS

A memory leak may occur when using domain names in QoS policy rules. Refer to sk174904.

PRJ-27246,
ODU-123

HCP

Added Update 3 of HealthCheck Point (HCP) Release. Refer to sk171436.

PRJ-24085,
ODU-91

HCP

Added Update 2 of HealthCheck Point (HCP) Release. Refer to sk171436.

PRJ-22796,
ODU-81

HCP

Added Update 1 of HealthCheck Point (HCP) Release. Refer to sk171436.

PRJ-22319,
PRHF-15689

Infrastructure

In some scenarios, the cpmiquerybin and dbedit processes may unexpectedly exit causing buffer overflow.