Take 230 - General Availability
Product | CPUSE offline package | SmartConsole package |
---|---|---|
Security Gateway / Standalone |
Build 130 |
|
Security Management |
||
Blink Image for Security Gateway - Clean Install / Upgrade |
||
Blink Image for Security Management - Clean Install |
-
To download these packages, you need to have a Software Subscription or Active Support plan.
-
For Gaia Fast Deployment mechanism "Blink", refer to sk120193.
-
This version reached its End of Support. If you are using this version (or lower), we strongly recommend you to upgrade your environments.
CPUSE Online Identifiers
Use these CPUSE Online Identifiers:
Check_Point_R80_20_JUMBO_HF_Bundle_T<Take number>_sk137592_Security_Gateway_and_Standalone_2_6_18_FULL.tgz
and
Check_Point_R80_20_JUMBO_HF_Bundle_T<Take number>_sk137592_Security_Management_3_10_FULL.tgz
List of Resolved Issues and New Features
|
Note - This Take contains all fixes from all earlier Takes. |
ID |
Product |
Description |
---|---|---|
Take 230 Released on 4 September 2022 and declared as General Availability on 3 November 2022 |
||
PRJ-38397, |
Security Management |
An Application Control and URL Filtering update may get stuck because of a lock object duplicate issue. |
PRJ-36187, PRHF-22004 |
Logging |
UPDATE: Amended the override_server_setting.sh script to support changes in the values of RFL_SOLR_MAX_MERGE_COUNT and RFL_SOLR_MAX_MERGE_THREAD_COUNT. |
PRJ-30961, EPS-562 |
Logging |
In some scenarios, the Forensics report fails to open from Harmony Endpoint logs. |
PRJ-39952, PRHF-22814 |
Security Gateway |
UPDATE: Added support for RADIUS UPN authentication with MS-CHAPv2. To use it, enable the registry configuration in ckp_regedit -a SOFTWARE/Checkpoint/VPN1 RADIUS_MSCHAPV2_UPN -n 1. |
PRJ-40506, |
Security Gateway |
UPDATE: Added a defense mechanism against partial header attacks known as "Slowloris DoS" (CVE-2007-6750). |
PRJ-40134, PMTR-84236 |
Security Gateway |
When Strict Hold is enabled, traffic is logged with the log "HTTP parsing error detected. Bypassing the request as defined in the Inspection Settings". Refer to sk169995. |
PRJ-40643, PRJ-38912 |
Security Gateway |
When Anti-Virus Blade is enabled, there may be a continuous high memory consumption which can lead to latency. |
PRJ-41003, PRJ-40954 |
Security Gateway |
In a VSX environment, SNMP queries to OSPF OIDs may fail. |
PRJ-31455, |
Security Gateway |
The CPD process may unexpectedly exit and create core dump files. |
PRJ-34167, |
Security Gateway |
After an upgrade, in a setup with a single Virtual System (VS), the Security Gateway may crash. |
PRJ-34884, PMTR-77524 |
Threat Prevention |
Traffic bypassed due Threat Prevention exception is not accelerated. |
PRJ-40045, |
Threat Prevention |
IPS and other Threat Prevention logs may not contain packet capture. And dmesg may be flooded with related errors. |
PRJ-36430, PMTR-77653 |
IPS |
When ClusterXL is configured, a file may pass without inspection during a failover. |
PRJ-37722, |
DLP |
DLP logs for files uploaded to Microsoft OneDrive may not show the initial file names and extensions. Refer to sk178290. |
PRJ-39835, PMTR-84079 |
ClusterXL |
When reconnecting the OSPF interface on both members in a cluster, a failover may occur when receiving a ROUTED PNOTE on the Active member. |
PRJ-39069, PRHF-22676 |
SecureXL |
UPDATE: Added a new kernel parameter "fw_allow_reverse_syn" for Smart Connection Reuse. This parameter allows or drops SYN packets coming from the reverse direction. The parameter is set to 0 by default, the Security Gateway drops such packets. Refer to sk24960. |
PRJ-36854, |
SecureXL |
Policy installation may cause cluster failover and impact the traffic flowing through the cluster. |
PRJ-40847, |
VPN |
UPDATE: Added a configurable protection for blocking brute-force attacks on VPN SNX portal. Refer to sk180271. |
PRJ-40659, |
VPN |
There may be a low throughput in a Site-to-Site VPN tunnel between two VSX Gateways with enabled. |
PRJ-27467, |
Gaia OS |
UPDATE: A description was added to the output of the "show backup logs" command with information about each column. Refer to sk173970. |
PRJ-29070, |
Gaia OS |
UPDATE: Added support for the Excluded Files feature (sk116679) for XFS file system on Kernel 3.10. |
PRJ-40305, ODU-454 |
HCP |
Added Update 9 of HealthCheck Point (HCP) Release. Refer to sk171436. |
PRJ-40667, ODU-478 |
HCP |
Added Update 10 of HealthCheck Point (HCP) Release. Refer to sk171436. |