Take 220 - General Availability

List of Resolved Issues and New Features

Note - This Take contains all fixes from all earlier Takes.

ID	Product	Description
Take 220 Released on 30 June 2022 and declared as General Availability on 2 August 2022
PRJ-37799, PRHF-22885	Security Management	In some scenarios, deleting a Security Gateway object fails with the "Action failed due to an internal error" error.
PRJ-36846, PRHF-22352	Security Management	In rare scenarios, the Management Server may fail to start due to incorrect session handling.
PRJ-35947, PRHF-21894	Security Management	Compliance results for some rules are not available after changing the "Policy Range" of a user-defined rule to a value below 100%. Refer to sk177544.
PRJ-36917, PRHF-22479	Security Management	When a Security Gateway is removed from a VPN community, it may still be seen under the permanent tunnel configuration. The issue is scoped to the Management side and does not impact the Gateway.
PRJ-35651, PRHF-21996	Security Management	The Security Cluster Wizard is not shown again after a Management restart in a Full High Availability cluster environment.
PRJ-37501, PRHF-22597	Security Management	In rare scenarios, Global Domain Assignment may fail with the "class name not found for object" error message.
PRJ-35057, PRHF-21753	Security Management	Renaming the Security Management Server may fail with the "Failed to save object" error. Refer to sk177224.
PRJ-37760, PRHF-22671	Security Management	The FWM process on the Management Server may unexpectedly exit creating a core dump file.
PRJ-37196, PRHF-22299	Security Management	The Management API command "show-vpn-communities-star" for Diffie-Hellman groups 15-18 and group 24 fails with the "Invalid DH-Group in VPN Reply" error. Refer to sk27054.
PRJ-35014, PRHF-21705	Security Management	Install Policy Verification may fail with the "Rule has security zone objects that are not attached to any interface used" error when configuring cluster's interfaces on only one member. Refer to sk177129.
PRJ-38738, PRHF-23467	Security Management	In a rare scenario, the FWM process may unexpectedly exit and create a core dump.
PRJ-39174, PRHF-23750	SmartConsole	In some scenarios, the Management API command "show-packages" with "details-level full" may fail with the "Could not commit JPA transaction" error.
PRJ-37985, PRHF-22589	SmartConsole	After an Application Control update, some application control objects may disappear from SmartConsole, although they are not deprecated.
PRJ-37691, PMTR-79023	Logging	UPDATE: SmartView reports will now show the new Check Point logo.
PRJ-37098, PRHF-22528	Logging	UPDATE: Scheduled email reports will now use TLS1.2 instead of TLS1.0. Refer to sk178125.
PRJ-34803, PRHF-21554	Logging	In some scenarios, Logs related to Content Awareness are missing.
PRJ-29171, PRHF-18866	Logging	Removed unnecessary debug messages: "fwbintabreplace: table svm_range_gateways not found and " fwbintabreplace: table svm_range_gateways_valid not found" from the fwd debug log.
PRJ-30142, PMTR-60786	Logging	Recurring "Unable to open '/dev/fw0': No such file or directory" may be printed in the fwd.elg file.
PRJ-32577, PRHF-20447	Logging	In some scenarios, it is not possible to add the "Policy Rule UID" column to the Logs view in the SmartView Web Application.
PRJ-32370, PRHF-18699	Logging	When running CPinfo in a large scale environment, the SmartEventCollectLogs process may get stuck..
PRJ-34247, PRHF-21188	Logging	There may be an incorrect error message related to MakeConnection method.
PRJ-34139, PRHF-21218	Logging	When SmartConsole is connected to a Domain Management Server, in the Logs&Monitor view: When filtering logs with the query "service:", SmartConsole does not show a drop-down list with available services. When filtering logs with the query "origin: <Name of Security Gateway Object>", SmartConsole shows "No matches found for your search". Refer to sk178904.
PRJ-37894, PRHF-22858	Logging	Logs may be missing from SmartConsole after upgrading the Log Server if a VS object is configured without an IP.
PRJ-36458, PRHF-22152	Logging	When running the "cp_log_export filter-Blade-in" command with the value "Endpoint" and restarting the LOG_EXPORTER process, LOG_EXPORTER may fail to start.
PRJ-19031, PMTR-61532	Security Gateway	UPDATE: In CPView overview, the "FW" field will now show physical memory used instead of virtual memory used. The change is only cosmetic.
PRJ-34597, PRHF-21561	Security Gateway	The log for the NAT second rule match shows an incorrect rule number.
PRJ-35100, PRHF-16013	Security Gateway	Policy installation may fail when there is a heavy load on memory on the Security Gateway.
PRJ-33926, PRHF-20845	Security Gateway	Cluster failover may trigger the FWK process to exit, with no traffic impact.
PRJ-36116, PMTR-71654	Security Gateway	In CPView, under Network, Bytes Per Sec value in Traffic Rate may be incorre
PRJ-36564, PMTR-79569	Internal CA	UPDATE: In SmartConsole, added an alert to inform that the ICA certificate will be expired in less than one year. Refer sk158096.
PRJ-36161, PRHF-21680	Identity Awareness	The PDP process may unexpectedly exit with a core dump file.
PRJ-35848, PRHF-22037	Identity Awareness	The PEP process may unexpectedly exit
PRJ-38039, PMTR-81714	IPS	In very rare scenarios, a traffic outage may occur.
PRJ-37276, PMTR-77922	IPS	Improved detection in some IPS protections.
PRJ-39059, PRHF-12660	IPS	In a VSX setup, the IP address used as the origin SIC name in the IPS address log may differ from the IP address in other reports.
PRJ-36295, PMTR-76171	SSL Inspection	A memory leak related to TLS probe may occur in the WSTLSD process.
PRJ-35288, PRHF-21849	Mobile Access	In some scenarios, when Mobile Access Blade is enabled, the Security Gateway may crash.
PRJ-37431, PMTR-80319	ClusterXL	There may be connectivity issues for multicast traffic in PIM Sparse Mode.
PRJ-37878, PMTR-81375	ClusterXL	Local connection from a Standby member may fail when packets are not fragmented even if the interface MTU is smaller than the packet size.
PRJ-36173, PMTR-51050	ClusterXL	In Virtual Device Status table, in vs0 context, the output shows the Active-Active status on two members instead of Active-Standby.
PRJ-35592, PRHF-19273	ClusterXL	In a rare scenario, after an upgrade and reboot, a Standby member is set to down with a FullSync pnote and cannot synchronize.
PRJ-37810, PRJ-37001	SecureXL	NEW: In some scenarios, the Security Gateway may not forward traffic to a client if its IP address is changed by DHCP. Added a global parameter "cphwd_refresh_nh", disabled by default. It determines whether or not the Security Gateway will invoke its own refresh ARP mechanism after a successful route lookup. Refer to sk175603.
PRJ-39005, PRHF-22881	SecureXL	SYN Defender may not properly handle the S2C traffic related to Allow List. As a result, this traffic may be dropped.
PRJ-38999, PRHF-23644	SecureXL	SYN Defender may change MSS in an SYN packet to a larger value, potentially causing traffic drop.
PRJ-36467, PRHF-21775	SecureXL	The VSX Gateway may crash when trying to route traffic from a VS to a Virtual Switch (VSW).
PRJ-30710, PRHF-18975	Routing	Connectivity issues may occur after configuration of route based VPN (VTI interface). Refer to sk176368.
PRJ-34762, PRHF-21568	VPN-1	When using Link Selection probing, the VPND process may unexpectedly exit and create a core dump file.
PRJ-34668, PMTR-77130	VSX	UPDATE: The "vsx_util reconfigure" operation is not supported on a VSX cluster member or VSX Gateway which has no virtual systems configured. The operation will now alert about the absence of virtual systems.
PRJ-29579, PRHF-16144	VSX	UPDATE: Decreased the time to edit routes in topologies where multiple Virtual Systems are connected to a Virtual Switch (VSW).
PRJ-34997, PMTR-77287	VSX	The "vsx_util reconfigure" command may fail without printing the cause of the error.
PRJ-32076, PMTR-74295	VSX	When creating a static route on a virtual system, some network objects may be created with the same name inside the network group which causes failure in writing the object to the database.
PRJ-38290, PMTR-41352	VSX	When deleting a physical interface that was added with a VLAN trunk to a VSX cluster or a VSX Gateway, it is not removed correctly from the management side and may still be seen if running the "vsx_util show_interfaces" command.
PRJ-35500, PMTR-62860	VSX	There may be a mismatch of policy name on virtual switch when using the "fw stat" and "vsx stat -v" commands. The issue is only cosmetic
PRJ-33468, PMTR-73998	VSX	In some scenarios, the "vsx_util reconfigure" command cannot fetch the policy installed previously.
PRJ-32473, PRHF-20437	VSX	When using the VSX Provisioning Tool, it may not be possible to create a new warp interface and then change the main IP address of the VS in the same transaction.
PRJ-28542, PMTR-65366	VSX	Latency and packet loss issues may occur when traffic goes through external VS connected to Virtual switch (VSW). Refer to sk177344.
PRJ-32702, PRHF-20553	VSX	After restoring the VSX Gateway backup, the SNMP agent stops responding when the context is set for a specific VS.
PRJ-35274, PMTR-76457	VSX	In some scenarios, if VSX Gateway creation fails and rollback is done, the default route of the Security Gateway that was configured via clish is deleted without validation
PRJ-32403, PMTR-74557	VSX	The OID "Syslocation" can now be configured in the context of a virtual system as described in the article (IV-1) Advanced SNMP configuration in sk90860.
PRJ-33312, PRHF-20561	VSX	The FWM process may unexpectedly exit after using the VSX Provisioning tool.
PRJ-33037, PMTR-69098	VSX	In a VSX cluster, after pushing Bridge configuration, the state may change from Active/Active to Active/Standby.
PRJ-38824, PMTR-82551	VSX	The FWK process of Virtual Switch (VSW) may consume a high CPU.
PRJ-38199, PRHF-23118	VSX	In some scenarios, the VSX Security Gateway may not decrease the packet's TTL.
PRJ-36764, PMTR-52576	VSX	VSX Cluster Internal Communication Network IP address is shown in ifconfig after changing the name or VLAN of a VR physical interface.
PRJ-38404, PMTR-73704	VSX	When creating a virtual system, the "Failed to create Virtual System directories" error is displayed.
PRJ-38790, PMTR-82492	VSX	In some scenarios, it is not possible to start a vsx_util upgrade/downgrade after a failed attempt.
PRJ-36774, PRJ-36756	Gaia OS	NEW: Gaia API (version 1.6 with Python3 support) will now be deployed via Jumbo Hotfix. Refer to sk143612.
PRJ-35581, PRHF-21922	Gaia OS	UPDATE: It is now possible to use Gaia proxy addresses with more than 16 characters.
PRJ-36083, PMTR-78169	Gaia OS	WebUI session may end when creating a Role with full permissions.
PRJ-37344, PMTR-80176	Gaia OS	When adding and deleting a neighbor-entry ipv6-address, an error message is displayed, although the operation is successful.
PRJ-39092, PRHF-23641	Gaia OS	Dynamic routing SNMP OID polling may work only in VSX mode.
PRJ-36357, PMTR-58250	Gaia OS	In some scenarios, like defected LOM card, or when LOM port exists, but no LOM is connected, the CONFD process may stop working.
PRJ-36783, PMTR-79249	Gaia OS	The "snmpwalk" command may time out after reaching SNMPv2-SMI::mib-2.68.1.2.0.
PRJ-38226, PMTR-81516	Gaia OS	When running the "save configuration" command on a VSX device, other interfaces besides the Management interface are still presented. This is a cosmetic issue.
PRJ-27906, PRHF-17814	Harmony Endpoint	In some scenarios, logs related to Harmony Endpoint may be missing.
PRJ-37114, PRHF-18358	VoIP	When static NAT is configured, VoIP calls may not work.
PRJ-26370, PMTR-68629	Scalable Platforms	NEW: Added ability to create and manage VSX objects of R80.30SP version via vsx_util and vsx_provisioning_tool.
PRJ-38033, ODU-341	Scalable Platforms	Added Take 21 of Check Point Support Data Collector (CPSDC) for Scalable Platforms and Maestro Security Appliances. Refer to sk164414.
PRJ-38020, ODU-342	Public Cloud CA Bundle	Added Take 18 of Public Cloud CA Bundle. Refer to sk172188.
PRJ-38220, ODU-349	HCP	Added Update 8 of HealthCheck Point (HCP) Release. Refer to sk171436.