Take 43 - Ongoing
List of Resolved Issues and New Features
|
|
Note - This Take contains all fixes from all earlier Takes. |
|
ID |
Product |
Description |
|---|---|---|
|
Take 43 Released on11 February 2019 |
||
|
PMTR-27655 |
Security Management |
Values updated in resourceProfiles files to handle high CPU utilization for "Java" process (described in sk123417) are not resistant and get overridden after Jumbo Hotfix Accumulator installation or backup/restore or export/import procedures. |
|
PMTR-28644, |
Security Management |
Running the fwm sic_reset command from Domain Management Server fails with "reset_objects: updateMultiple failed". Refer to sk142512. |
|
PMTR-25816, |
Security Management |
Once user performs any change to his configuration, the Compliance Blade performs a partial scan and calculates the relevant Best practices. During this scan, exceptions of relevant objects for these Best practices are deleted. Meaning, if previously obj1 was excluded from applying Best practice #1, during partial scan obj1 will be relinked to Best practice #1. |
|
PMTR-32542, |
Multi-Domain Management |
|
|
PMTR-29670, |
Multi-Domain Management |
Upgrade of the Primary Multi-Domain Server from R80.10 fails when its Global Domain is in Standby mode. Refer to sk143892. |
|
PMTR-27321, |
Multi-Domain Management |
CPView is not supported on Multi-Domain Security Management environments. |
|
PMTR-29458, |
SmartConsole |
"Synchronization with Check Point UserCenter" feature displays "Synchronization with Check Point UserCenter requires a valid license." warning message even though all licenses are valid. |
|
PMTR-23395, |
SmartConsole |
If administrator updates his details (e.g. name, phone, email) and tries to publish the session, it fails with "Internal error" message.
|
|
PMTR-25778, |
SmartConsole |
When using Global VPN Community with permanent tunnel gateways list (matrix / permanent tunnel gateways), upgrade from R7x fails. |
|
PMTR-26495, |
SmartConsole |
"Error: SIC initialization failed because of failure in parsing the certificate file" error when user attempts to log in with certificate to API (mgmt_cli) with password including "!". |
|
API-512, |
SmartConsole |
Web API show-package fails if the package was installed on a cluster member which is already deleted. Refer to sk144132. |
|
PMTR-25081, |
SmartConsole |
Attempt to update Threat Emulation images fails with "Could not send Threat Emulation images update command, validate SIC connectivity and install policy with Threat Emulation enabled for [name]" message. |
|
PMTR-28877, |
SmartConsole |
The existing regulation is not updated and appears as "EU Data Privacy" instead of "GDPR". |
|
PMTR-28488, |
Security Gateway |
Traffic is dropped when using non-FQDN Domain object in Security policy. |
|
PMTR-28593, |
Security Gateway |
Added support for NAT on payload of H323 packets when different IP addresses are used for payload and control. |
|
PMTR-28197, |
Security Gateway |
No service enforcement when creating "Other services" without match expression for TCP, UDP or SCTP. |
|
PMTR-27663, |
Threat Emulation |
Added ability to update Threat Emulation file types in an offline environment. |
|
PMTR-26022, |
HTTPS Inspection |
When HTTPS Inspection is enabled and "Hide X-Forwarded-For in outgoing traffic" option is selected, the XFF header is not obfuscated on HTTPS traffic. |
|
PMTR-27702, |
HTTPS Inspection |
Potential memory leak due to "Out of state" HTTP response. |
|
PMTR-30868, |
HTTPS Inspection |
In some scenarios, connectivity issues between Capsule Workspace and Security gateway. |
|
PMTR-27367, |
Identity Awareness |
In some scenarios, Identity Agent fails to authenticate using Kerberos SSO due to very large Kerberos ticket and the agent fallback to User/Password authentication. |
|
PMTR-28368, |
Anti-Malware |
During upgrade, if Anti-Virus is enabled, all emails are stuck in MTA queue due to missing certificate. |
|
PMTR-30218, |
IPS |
The "A general error has occurred" message is displayed when trying to change the IPS protection configuration in "MySQL -> General settings". |
|
PMTR-26141, |
SSL Inspection |
Added support for custom extension used by Apple. |
|
PMTR-30550, |
Logging |
Exporting 100K or more logs to Excel from SmartView fails. |
|
PMTR-30609, |
Logging |
In rare scenarios, when the Log server miscalculates the available disk space, it may stop receiving logs from the connected gateways and cause the logs to accumulate locally on the Security gateway. |
|
PMTR-27043, |
Logging |
After two or more upgrades of a Security gateway / Security Management server / Log server or SmartEvent server, log maintenance fails to delete logs from older version. |
|
PMTR-26706, |
Logging |
After Daylight saving time change, the logs from the time of change until the end of the day are not indexed and the "Illegal instant due to time zone offset transition (daylight savings time 'gap')" error is displayed in solr.elg file. |
|
PMTR-28160, |
Logging |
After upgrade from R80.x to R80.20 GA, the pre-upgrade logs data will not be deleted according to the logs retention policy. |
|
PMTR-22357, |
Logging |
In rare scenarios, due to a connection attempt failure to the Security Management, the Security gateway starts logging locally. |
|
PMTR-29044, |
Logging |
When Security gateway is configured to send alerts only to a specific Log server, logs may be written locally on the gateway instead to be sent to the Log server. |
|
PMTR-26040, |
Logging |
Added Threat Emulation forensic report in SmartView Log card. |
|
PMTR-29233, |
SecureXL |
Memory consumption on Security Gateway increases after enabling NetFlow v9 in Gaia OS. Refer to sk118719. |
|
PMTR-30162, |
SecureXL |
Concurrent connections monitoring can become inaccurate when "fw samp quota" rules are changed. |
|
PMTR-27529, |
SecureXL |
In rare scenarios, Security gateway crashes when penalty checkbox is selected. |
|
PMTR-29118, |
SecureXL |
In some scenarios, large number of incorrectly classified "simlinux_br_port: dev == NULL !!!" debug messages appear in kernel message logs. |
|
PMTR-28120, |
SecureXL |
In some scenarios, HTTP requests do not pass. |
|
PMTR-28084, |
ClusterXL |
In some scenarios, standby cluster member sends PIM Hello packets. |
|
PMTR-29200, |
VSX |
In some scenarios, the CPD and fw_full processes unexpectedly exit when the TDERROR debug flag is enabled. |
|
PMTR-28022, |
VSX |
Traffic from a Virtual System in VSX Cluster to Security Management Server is dropped with "Local interface address spoofing" log. |
|
PMTR-23158, |
Gaia OS |
CVE-2018-15473: Username enumeration is possible due to a premature bail-out while dealing with a malformed packet. The issue exists in several authentication protocols. |
|
PMTR-28381, |
Gaia OS |
When using conv2db to recreate Gaia database from /config/active, comments are not skipped and the new database file may contain irrelevant information. Refer to sk139832. |
|
PMTR-28798, |
Gaia OS |
SNMPD process fails to send Coldstart on reboot. Coldstart is configured by threshold that can be too short comparing to the OS boot time. |
|
PMTR-28277, |
Gaia OS |
Connectivity problem for 10 Gigabit fiber network interfaces (be2net driver) after upgrade from R77.30. |
|
PMTR-28041, |
Gaia OS |
Added support for "/", "(", and "*" characters as part of the system message banner. |
|
PMTR-23058, |
Gaia OS |
syslog messages forwarded to external Syslog server, do not contain the host name. |
|
PMTR-28303, |
Gaia OS |
In some scenarios, snmpwalk reports false values of bond interface. |
|
PMTR-28312, |
Gaia OS |
In some scenarios, sporadic timeouts occur during snmpwalk run. |
|
PMTR-28834, |
Gaia OS |
Different LOM versions are reported in Gaia Portal and Gaia Clish. |
|
PMTR-11377, |
VPN |
After Cluster failover, VPN tunnel is down and "Unknown SPI for IPsec packet" log is shown. Refer to sk112339. |
|
PMTR-30425, PMTR-30360 |
VPN |
VPN tunnels with 3rd party peers fail because of mismatched IDs. Refer to sk144094. |
|
PMTR-25196, |
VPN |
In some scenarios, IKE fragmentation is dropped when NAT-T is enforced. Refer to sk143372. |