List of All Resolved Issues and New Features

 

Note - This version reached its End of Support. If you are using this version (or lower), we strongly recommend you to upgrade your environments.


ID

Product

Description

Take 255

Released on 8 September 2022 and declared as General Availability on 30 October 2022

PRJ-29703,
PMTR-59509

Diagnostics

In a rare scenario, the CPView history service may unexpectedly exit.

  • Fix is relevant for Gaia 3.10 only.

PRJ-37761,
PRHF-22671

Security Management

The FWM process on the Management Server may unexpectedly exit, creating a core dump file.

PRJ-37986,
PRHF-22589

Security Management

After an Application Control update, some application control objects may disappear from SmartConsole, although they are not deprecated.

PRJ-38398,
PRHF-23290

Security Management

An Application Control and URL Filtering update may get stuck because of a lock object duplicate issue.

PRJ-39469,
PRHF-23825

Security Management

Management HA synchronization may fail with the "NGM failed to import data" error.

PRJ-37884,
PRHF-22914

Security Management

Editing an object may fail with the "Could not access file for write operation" error.

PRJ-37507,
PRHF-22621

Security Management

Deleting a domain may fail when using the createDomainRecovery.sh script with the "UID" flag.

PRJ-38118,
PRHF-23065

Security Management

Policy installation may fail with "an internal error" if some objects are pointed to by an old deleted policy. Refer to sk122954.

PRJ-38215,
PRHF-22973

Security Management

If Log Domain reassignment fails, an Application Control and URL Filtering update may get stuck at 70 percent showing the "Running post update actions" status.

PRJ-38786,

PRHF-23476

Security Management

Install Policy Preset may fail with "The server did not provide a meaningful reply.". Refer to sk179524.

PRJ-38122,

PRHF-23066

Multi-Domain Management

Although all Virtual Devices are deleted, deleting a Domain may fail with an "At least one Virtual Device is defined on this Domain/Domain Management Server. You need to delete all Virtual Systems/Routers prior to deleting Domain/Domain Management Server" message.

PRJ-30962,

EPS-562

Logging

In some scenarios, the Forensics report fails to open from Harmony Endpoint logs.

PRJ-39138,

PRJ-39139,
PMTR-70703

Logging

In IPS Core Protections logs, the link to the Threat Prevention profile is written incorrectly.

PRJ-40507,
PRJ-40508,
PMTR-85083

Security Gateway

UPDATE: Added a defense mechanism against partial header attacks known as "Slowloris DoS" (CVE-2007-6750).

PRJ-39953,

PRJ-39954,

PRHF-22814

Security Gateway

UPDATE: Added support for RADIUS UPN authentication with MS-CHAPv2. To use it, enable the registry configuration in ckp_regedit -a SOFTWARE/Checkpoint/VPN1 RADIUS_MSCHAPV2_UPN -n 1.

PRJ-40455,

PRJ-40456,
PMTR-84535

Security Gateway

In a rare scenario, the FWK process may unexpectedly exit because of a memory allocation issue on the Security Gateway.

PRJ-34168,
PRJ-34169,
PRHF-20978

Security Gateway

After an upgrade, in a setup with a single Virtual System (VS), the Security Gateway may crash.

PRJ-41002,

PRJ-41004

Security Gateway

In a VSX environment, SNMP queries to OSPF OIDs may fail.

PRJ-34401,
PRHF-21418

Security Gateway

Deleting IP addresses in the SAM Database may fail.

PRJ-40135,
PRJ-40136,
PMTR-84236

Security Gateway

When Strict Hold is enabled, traffic is logged with the log "HTTP parsing error detected. Bypassing the request as defined in the Inspection Settings". Refer to sk169995.

PRJ-31456,
PRJ-31457,
PRHF-16136

Security Gateway

The CPD process may unexpectedly exit and create core dump files.

PRJ-39803,
PRJ-39804,
PMTR-48371

Security Gateway

In rare scenarios, the Security Gateway may crash when an inspected connection is timed out.

PRJ-39682,
PRJ-39683,
PRHF-23741

Security Gateway

An ICAP client crash may cause the Security Gateway also to crash and generate an FWK core dump.

PRJ-36565,
PMTR-79569

Internal CA

UPDATE: In SmartConsole, added an alert to inform that the ICA certificate will be expired in less than one year. Refer sk158096.

PRJ-34885,

PRJ-34886,

PMTR-77524

Threat Prevention

When the Security Gateway is in "Detect Only" mode, Threat Prevention Blade exceptions may not be accelerated.

PRJ-35772,

PRJ-35773,
PMTR-44916

Threat Prevention

File transfer may be very slow when Anti-Virus Blade is enabled.

PRJ-38681,
PRJ-38682,
PRHF-23324

Threat Prevention

In a rare scenario, an IPS, Anti-Virus, or Anti-Bot update package may fail to load because of a timeout.

PRJ-36382,
PRJ-36381,
PRHF-22069

Application Control

  • The /var/log/messages directory may be flooded with "appi_app_db_get_kattrib_info: attribs hash does not exist" messages.

  • A Security Gateway may be slow or unresponsive.

Refer to sk178406.

PRJ-36431,
PRJ-36432,
PMTR-77653

IPS

When ClusterXL is configured, a file may pass without inspection during a failover.

PRJ-39060,
PRJ-39061,
PRHF-12660

IPS

In a VSX setup, the IP used as the origin SIC name in the IPS log may differ from the IP in other reports.

PRJ-37723,
PRJ-37724,
PRHF-22465

DLP

DLP logs for files uploaded to Microsoft OneDrive may not show the initial file names and extensions. Refer to sk178290.

PRJ-39279,
PRHF-22882

ClusterXL

In a VSX cluster with three or more members, sudden failover and recovery of the Standby VS may occur, causing termination of connections from the Active member. Refer to sk179446.

  • Fix is relevant for Gaia 3.10 only.

PRJ-39836,
PRJ-39837

ClusterXL

When reconnecting the OSPF interface on both members in a cluster, a failover may occur when receiving a ROUTED PNOTE on the Active member.

PRJ-39070,
PRJ-39071,
PRHF-22676

SecureXL

UPDATE: Added a new kernel parameter "fw_allow_reverse_syn" for Smart Connection Reuse. This parameter allows or drops SYN packets coming from the reverse direction. The parameter is set to 0 by default, the Security Gateway drops such packets. Refer to sk24960.

PRJ-39735,

PRJ-39736,
PMTR-86052

SecureXL

There may be high CPU or/and latency in CIFS/SMB connections.

PRJ-36855,

PRJ-36856,

PRHF-21863

SecureXL

Policy installation may cause cluster failover and impact the traffic flowing through the cluster.

PRJ-40292,

PMTR-81618

SecureXL

In an environment with a cluster in Active/Standby bridge mode, a kernel memory leak may occur.

  • Fix is relevant for Gaia 3.10 only.

PRJ-40906,
PRJ-40217,
PMTR-63465

SecureXL

In a rare scenario, ipsctl kernel module does not load at startup.

PRJ-38557,
PRHF-22924

Routing

UPDATE: Source Pruning will now be disabled by default when VRRP is enabled. This will prevent an interface from keeping the Standby member in Master state after port flapping. The issue is relevant only for Intel X710 network cards using the I40E driver.

PRJ-40846,
PRJ-40914,
PMTR-85427

VPN

UPDATE: Added a configurable protection for blocking brute-force attacks on VPN SNX portal. Refer to sk180271.

PRJ-40986,
PRJ-40987,
PMTR-85206

VPN

Resolved the "HTTP Response splitting" vulnerability in Security Gateway portals. Refer to sk179705.

PRJ-40660,
PRJ-40661,
PRHF-24446

VPN

There may be a low throughput in a Site-to-Site VPN tunnel between two VSX Gateways with enabled.

PRJ-38791,
PMTR-82492

VSX

In some scenarios, it is not possible to start a vsx_util upgrade/downgrade after a failed attempt.

PRJ-28950,
PRJ-27444,
PRHF-17665

VSX

Multi-Queue configuration does not survive reboot on VSX. Refer to sk173950.

PRJ-40248,
PMTR-84229

VSX

In VSX, when deleting a warp interface (either by deleting the warp itself or by performing the "reset_gw" command, which deletes all Virtual Devices), the VSX Gateway may crash.

  • Fix is relevant for Gaia 3.10 only.

PRJ-32704,
PRHF-20553

VSX

After restoring the VSX Gateway backup, the SNMP agent stops responding when the context is set for a specific VS.

  • Fix is relevant for Gaia 3.10 only.

PRJ-27468,
PRJ-27469,
PRHF-18056

Gaia OS

UPDATE: A description was added to the output of the "show backup logs" command with information about each column. Refer to sk173970.

PRJ-24451,
PRJ-24452,
PRHF-16628

Gaia OS

UPDATE: Changed the Syslog message severity from "error" to "info" and removed the exclamation mark in a specific message which is displayed during the normal backup operation flow.

PRJ-29071,
PRJ-24564,
PRHF-16407

Gaia OS

UPDATE: Added support for the Excluded Files feature (sk116679) for XFS file system on Kernel 3.10.

PRJ-36695,
PMTR-79157

Gaia OS

The /var/log/messages file may be flooded with "failed to update arp table file" messages.

PRJ-40306,
ODU-454

HCP

Added Update 9 of HealthCheck Point (HCP) Release. Refer to sk171436.

PRJ-40668,
ODU-478

HCP

Added Update 10 of HealthCheck Point (HCP) Release. Refer to sk171436.

Take 254

Released on 5 July 2022 and declared as General Availability on 1 Aug 2022

PRJ-36847,
PRHF-22352

Security Management

In rare scenarios, the Management Server may fail to start due to incorrect session handling.

PRJ-37633,
PRHF-22693

Security Management

After changing the IP address of the Secondary Management Server, the old IP address is still shown in the High Availability window until the services are restarted.

PRJ-37502,
PRHF-22597

Security Management

In rare scenarios, Global Domain Assignment may fail with a "class name not found for object" error message.

PRJ-37394,
PRHF-22603

Security Management

After performing the Solr Cure procedure, objects may appear as duplicated in SmartConsole. Refer to sk178084.

PRJ-35015,
PRHF-21705

Security Management

Install Policy Verification may fail with the "Rule has security zone objects that are not attached to any interface used" error when configuring cluster's interfaces on only one member. Refer to sk177129.

PRJ-37493,
PRHF-22409

Security Management

In some scenarios, the "show-hosts" Management API command when running it with "details-level full" fails with "generic_error". Refer to sk178249.

PRJ-37521,
PRHF-22656

Security Management

Reassign Global Policy tasks may be stuck for Domains active on a different Multi-Domain Server even though the task is completed on the destination Multi-Domain Server.

PRJ-35948,
PRHF-21894

Security Management

In the Compliance view, after changing "Policy Range" to a value smaller than 100%, best practices results become not available. Refer to sk177544.

PRJ-37707,
PRHF-22796

Security Management

Install Policy preset fails if the Threat Prevention policy was uninstalled.

PRJ-37864,
PRHF-22678

Security Management

Dynamic Objects defined on LSM Gateway in SmartProvisioning may be removed from the Security Gateway after fetching policy or pushing policy.

PRJ-39962,
PRHF-21115

Security Management

Policy installation from the Multi-Domain Server level may trigger installation of two policies for the same VS.

PRJ-36918,
PRHF-22479

Security Management

When a Security Gateway is removed from a VPN community, it may still be seen under the permanent tunnel configuration. The issue is scoped to the Management side and does not impact the Gateway.

PRJ-37800,
PRHF-22885

Security Management

In some scenarios, deleting a Security Gateway object fails with the "Action failed due to an internal error" error.

PRJ-35058,
PRHF-21753

Security Management

Renaming the Security Management Server may fail with the "Failed to save object" error. Refer to sk177224.

PRJ-35652,
PRHF-21996

Security Management

The Security Cluster Wizard is not shown again after a Management restart in a Full High Availability cluster environment.

PRJ-37633,

PRHF-22693

Security Management

After changing the IP address of the Secondary Management Server, the old IP address is still shown in the High Availability window until the services are restarted.

PRJ-38739,

PRHF-23467

Security Management

In a rare scenario, the FWM process may unexpectedly exit and create a core dump.

  • Fix is relevant for Gaia 3.10 only.

PRJ-37197,
PRHF-22299

Security Management

The Management API command "show-vpn-communities-star" for Diffie-Hellman groups 15-18 and group 24 fails with the "Invalid DH-Group in VPN Reply" error. Refer to sk27054.

PRJ-39175,

PRHF-23750

SmartConsole

In some scenarios, the Management API command "show-packages" with "details-level full" may fail with the "Could not commit JPA transaction" error.

PRJ-37099,
PRHF-22528

Logging

UPDATE: Scheduled email reports will now use TLS1.2 instead of TLS1.0. Refer to sk178125.

PRJ-37692,
PMTR-79023

Logging

UPDATE: SmartView reports will show the new Check Point logo

PRJ-36459,
PRHF-22152

Logging

When running the "cp_log_export filter-Blade-in" command with the value "Endpoint" and restarting the LOG_EXPORTER process, LOG_EXPORTER may fail to start.

PRJ-36288,
PRHF-22228

Logging

The "cp_log_export" command fails with the "sed: invalid option - E" error.

PRJ-33814,
PMTR-72206

Logging

The "log_exporter_reexport" command may export the logs from the beginning of the log file and not from the provided start position.

PRJ-34140,
PRHF-21218

Logging

When SmartConsole is connected to a Domain Management Server, in the Logs&Monitor view:

  • When filtering logs with the query "service:", SmartConsole does not show a drop-down list with available services.

  • When filtering logs with the query "origin: <Name of Security Gateway Object>", SmartConsole shows "No matches found for your search".

Refer to sk178904.

PRJ-37895,

PRHF-22858

Logging

Logs may be missing from SmartConsole after upgrading the Log Server if a VS object is configured without an IP.

PRJ-34804,
PRHF-21554

Logging

In some scenarios, logs related to Content Awareness are missing.

PRJ-19033,

PRJ-19034,
PMTR-61532

Security Gateway

UPDATE: In CPView overview, the "FW" field will now show physical memory used instead of virtual memory. The change is only cosmetic

PRJ-33927,

PRJ-33928,
PRHF-20845

Security Gateway

Cluster failover may trigger the FWK process to exit, with no traffic impact.

PRJ-36117,

PRJ-36118,
PMTR-71654

Security Gateway

In CPView, under Network, Bytes Per Sec value in Traffic Rate may be incorrect.

PRJ-40631,

PRJ-40632,

PRHF-24611

Threat Prevention

IPS entries for a Security Gateway onboarded to Infinity SOC may be missing from AMW_report.xml.

PRJ-36162,

PRJ-36163,
PRHF-21680

Identity Awareness

In a rare scenario, the PDP process may unexpectedly exit with a core dump file.

PRJ-35849,

PRJ-35850,
PRHF-22037

Identity Awareness

The PEP process may unexpectedly exit

PRJ-38040,

PRJ-38041,
PMTR-81714

IPS

In very rare scenarios, a traffic outage may occur.

PRJ-36518,

PRJ-36519,
PMTR-77922

IPS

Improved detection in some IPS protections.

PRJ-35289,

PRJ-35290,
PRHF-21849

Mobile Access

In some scenarios, when Mobile Access Blade is enabled, the Security Gateway may crash.

PRJ-37432,

PRJ-37433,
PMTR-80319

ClusterXL

There may be connectivity issues for multicast traffic in PIM Sparse Mode.

PRJ-36174,

PRJ-36175,
PMTR-51050

ClusterXL

In Virtual Device Status table, in vs0 context, the output shows the Active-Active status on two members instead of Active-Standby.

PRJ-35593,

PRJ-30380,
PRHF-PRHF-21922

ClusterXL

In a rare scenario, after an upgrade and reboot, a Standby member goes down with a FullSync pnote and cannot synchronize.

PRJ-37879,

PRJ-37880,

PMTR-81375

ClusterXL

Local connection from a Standby member may fail when packets are not fragmented even if the interface MTU is smaller than the packet size.

PRJ-35928,

PMTR-78762

ClusterXL

After enabling the kernel parameter "fwha_drop_pkt_on_down_member" for a cluster is in Active/Active state in bridge mode (sk169495), packets may be dropped even when the member is not in Down state.

  • Fix is relevant for Gaia 3.10 only.

PRJ-37811,

PRJ-37812,

PRJ-37001

SecureXL

NEW: In some scenarios, the Security Gateway may not forward traffic to a client if its IP address is changed by DHCP. Added a global parameter "cphwd_refresh_nh", disabled by default. It determines whether or not the Security Gateway will invoke its own refresh ARP mechanism after a successful route lookup. Refer to sk175603.

PRJ-39006,

PRJ-38405,

PRHF-22881

SecureXL

SYN Defender may not properly handle the S2C traffic related to Allow List. As a result, this traffic may be dropped.

PRJ-39000,

PRJ-39001,

PRHF-23644

SecureXL

SYN Defender may change MSS in an SYN packet to a larger value, potentially causing traffic drop.

PRJ-34763,

PRJ-34764,

PRHF-21568

VPN

When using Link Selection probing, the VPND process may unexpectedly exit and create a core dump file.

PRJ-29580,
PRHF-16144

VSX

UPDATE: Decreased the time to edit routes in topologies where multiple Virtual Systems are connected to a Virtual Switch (VSW).

PRJ-34669,
PMTR-77130

VSX

UPDATE: The "vsx_util reconfigure" operation is not supported on a VSX cluster member or VSX Gateway which has no virtual systems configured. The operation will now alert about the absence of virtual systems.

PRJ-36447,

PRJ-36448,

PMTR-65595

VSX

UPDATE: When resetting SIC for a specific virtual system (sk34098), the new certificate on the Security Gateway will now be automatically pulled from SmartConsole.

PRJ-36169,

PRJ-35502,
PMTR-62860

VSX

There may be a mismatch of policy name on Virtual Switch when using the "fw stat" and "vsx stat -v" commands. The issue is only cosmetic.

PRJ-36765,
PMTR-52576

VSX

VSX Cluster Internal Communication Network IP address is shown in ifconfig after changing the name or VLAN of a VR physical interface..

PRJ-33469,
PMTR-73998

VSX

In some scenarios, the "vsx_util reconfigure" command cannot fetch the policy installed previously.

PRJ-28543,

PRJ-28544,

PMTR-65366

VSX

Latency and packet loss issues may occur when traffic goes through external VS connected to Virtual switch (VSW). Refer to sk177344.

PRJ-38289,
PMTR-41352

VSX

When deleting a physical interface that was added with a VLAN trunk to a VSX cluster or a VSX Gateway, it is not removed correctly from the management side and may still be seen if running the "vsx_util show_interfaces" command.

PRJ-32404,

PRJ-32405,
PMTR-74557

VSX

The OID "Syslocation" can now be configured in the context of a virtual system as described in the article (IV-1) Advanced SNMP configuration in sk90860.

PRJ-33313,
PRHF-20561

VSX

The FWM process may unexpectedly exit after using the VSX Provisioning tool.

PRJ-32703,

PRHF-20553

VSX

After restoring the VSX Gateway backup, the SNMP agent stops responding when the context is set for a specific VS.

PRJ-32474,
PRHF-20437

VSX

When using the VSX Provisioning Tool, it may not be possible to create a new warp interface, and then change the main IP address of the VS in the same transaction.

PRJ-35276,

PMTR-76457

VSX

In some scenarios, if VSX Gateway creation fails and rollback is done, the default route of the Security Gateway that was configured via clish is deleted without validation.

  • Fix is relevant for Gaia 3.10 only.

PRJ-33038,

PMTR-69098

VSX

In a VSX cluster, after pushing Bridge configuration, the state may change from Active/Active to Active/Standby.

PRJ-38405,

PRJ-38406,

PMTR-73704

VSX

When creating a virtual system, the "Failed to create Virtual System directories" error is displayed.

PRJ-38825,

PRJ-38826,

PMTR-82551

VSX

The FWK process of Virtual Switch (VSW) may consume a high CPU.

PRJ-36131,

PRHF-21970

VSX

A member may fail to pull configuration from the SMO on startup.

  • Fix is relevant for Gaia 3.10 only.

PRJ-38200,

PRJ-38201,

PRHF-23118

VSX

In some scenarios, the VSX Security Gateway may not decrease the packet's TTL.

PRJ-35582,

PRJ-35583,
PRHF-21922

Gaia OS

UPDATE: It is now possible to use Gaia proxy addresses with more than 16 characters.

PRJ-37413,

PRJ-39087,
PMTR-74360

Gaia OS

In a rare scenario, while idle, the Security Gateway may crash producing a vmcore file.

PRJ-36084,

PRJ-36085,
PMTR-78169

Gaia OS

WebUI session may end when creating a Role with full permissions.

PRJ-38227,

PRJ-38228,

PMTR-81516

Gaia OS

When running the "save configuration" command on a VSX device, other interfaces besides the Management interface are still presented. This is a cosmetic issue.

PRJ-37345,

PRJ-37346,
PMTR-80176

Gaia OS

When adding and deleting a neighbor-entry ipv6-address, an error message is displayed, although the operation is successful.

PRJ-36784,

PRJ-36785,

PMTR-79249

Gaia OS

The "snmpwalk" command may time out after reaching SNMPv2-SMI::mib-2.68.1.2.0.

PRJ-39093,

PRJ-39094,

PRHF-23641

Gaia OS

Dynamic routing SNMP OID polling may work only in VSX mode.

PRJ-33558,

PMTR-75925

Gaia OS

In some scenarios, in 7000 appliances, Power Supply Unit (PSU) status information may be incorrect. Refer to sk174443.

  • Fix is relevant for Gaia 3.10 only.

PRJ-37116,

PRJ-37117,
PRHF-18358

VoIP

VoIP calls may not work when static NAT configured.

PRJ-37601,

PRHF-22145

CloudGuard

In Amazon Web Services (AWS), some Gateways may be crashing frequently with vmcores.

  • Fix is relevant for Gaia 3.10 only.

PRJ-38021,

ODU-342

Public Cloud CA Bundle

Added Take 18 of Public Cloud CA Bundle. Refer to sk172188.

PRJ-26371,
PMTR-68629

Scalable Platforms

NEW: Added ability to create and manage VSX objects of R80.30SP version via vsx_util and vsx_provisioning_tool.

PRJ-38034,

ODU-341

Scalable Platforms

Added Take 21 of Check Point Support Data Collector (CPSDC) for Scalable Platforms and Maestro Security Appliances. Refer to sk164414.

PRJ-38221,

ODU-349

HCP

Added Update 8 of HealthCheck Point (HCP) Release. Refer to sk171436.

Take 251

Released on 07 Apr 2022 and declared as General Availability on 18 May 2022

PRJ-30405,
PRHF-19450

Security Management

UPDATE:

  • Added the "--help" and "-h" flags to "mdsstop", "mdsstart" and "mdsstat".
  • It is no longer possible to run the "mdsstop" and "mdsstart" commands with wrong parameters.

PRJ-32890,
PRHF-20657

Security Management

UPDATE: It is now possible to increase the timeout value for Management High Availability synchronization. Refer to sk176165.

PRJ-33551,
PRHF-20961

Security Management

When using the API to create an OPSEC CPMI application with a custom permissions profile, the default Super User profile is chosen instead.

PRJ-32446,
PRHF-20062

Security Management

In rare scenarios, in a Multi-Domain environment, after performing an IPS Update, High Availability synchronization in the Global Domain fails with "NGM failed to import data".

PRJ-25708,
PRHF-17010

Security Management

Deleting a network group may fail because it is being used, although "Where Used" shows no usage.

PRJ-32667,
PRHF-20485

Security Management

When searching for tags usage, the "where-used" Management API command may fail with "Requested object not found".

PRJ-32855,
PRHF-20444

Security Management

After the Management Server restart, the API command "show_tasks" may show some suppressed tasks as "in progress", if before the restart they were cleared in SmartConsole while they were still running.

PRJ-33862,
PRHF-21129

Security Management

When creating or updating a service object via Management API, it is not possible to specify a custom aggressive-aging timeout.

PRJ-29507,
PRHF-18890

Security Management

In some scenarios, the Management API command "show-packages" with "details-level full" may fail with an error. Refer to sk176805.

PRJ-34503,
PRHF-21481

Security Management

The "Accept" button is missing when modifying "Actions" for rules. Refer to sk177204.

PRJ-35477,
PMTR-77765

Security Management

Multi-Domain High Availability synchronization in the Global Domain may fail with the "There are invalid assignments on peer" error.

PRJ-33977,
PRHF-21115

Security Management

Policy installation from the Multi-Domain Server level may trigger installation of two policies for the same VS.

PRJ-32427,
PRHF-20440

Security Management

In rare scenarios, adding a service to a rule in Access Policy:

  • may take a long time (more than several seconds)
  • may cause SmartConsole to unexpectedly exit.

Refer to sk176004.

PRJ-32090,
PRHF-20162

Security Management

When searching an IP in Object Explorer, network objects with both IPv6 and IPv4 configured, may not appear in the results, although they match the IP.

PRJ-32716,
PRHF-20332

Security Management

If there is a Global Domain Assignment, some results may be missing when searching in Packet Mode. Refer to sk178491.

PRJ-33519,
PRHF-20971

Security Management

In rare scenarios, the Management Server may fail to start.

PRJ-34224,
PRHF-21356

Security Management

When performing IPS Update or Global Domain Assignment, creating a Domain at the same time may fail with "Internal Error".

PRJ-30529,
PRHF-19542

Security Management

Creating an administrator in a Multi-Domain environment may cause SmartConsole to freeze and time out.

PRJ-30679,
PRHF-19185

Security Management

Policy installation with Directional VPN rules may fail with a verification error.

PRJ-30057,
PRHF-19250

Security Management

In rare scenarios, after Management Server upgrade, importing the database may fail with "Tried to persist object".

PRJ-36184,
PRJ-36185

Security Management

In some scenarios, in SmartConsole, the IPS update status list does not reflect correctly all the Gateways with enabled IPS Blade. Refer to sk175449.

PRJ-34033,
PMTR-73939

Security Management

When many sessions are opened:

  • Publish operation may be slow
  • APPI Update may be stuck on 30% and eventually fail
  • Domain Import task may be stuck after 50% and then fail

PRJ-22264,
PRHF-15674

Security Management

In some scenarios, the user may fail to connect to VPN Remote Access if there are expiration dates saved in a non-English date format. The issue can occur when SmartConsole is installed on a Windows client that uses a non-English locale. Refer to sk173967.

PRJ-33285,
PRHF-20525

Security Management

When reassigning Global policy after an IPS update on the Global Domain, the updated IPS version in the Audit Logs view may appear with "-1" value instead of the actual IPS version number.

PRJ-34176,
PRHF-20991

Security Management

In rare scenarios, Install Policy Presets may fail with "Failed to run Install Policy on the active Domain Server".

PRJ-34180,
PRHF-21215

Security Management

In rare scenarios, the Management Server becomes inaccessible if there are more than 5000 objects in the Gateways and Servers view.

PRJ-35337,
PRHF-21851

Security Management

In rare scenarios, the Management Server may fail to start after an upgrade.

PRJ-33399,
PRHF-20866

Security Management

When automatic purge is configured in a local Domain and there is an assignment between the Global Domain to that Domain, the "show-automatic-purge" API command may fail in the Global Domain with the "Can't build automatic purge reply" error. Refer to sk176443.

PRJ-33363,
PRHF-20847

Security Management

Global Domain Assignment fails with "An internal error has occurred" when there are more than 32K Threat Prevention Overrides in the local Domain. Refer to sk176464.

PRJ-33459,
PMTR-71195

Security Management

While editing a Small Office LSM Profile object, SmartConsole may unexpectedly close when enabling Threat Emulation and navigating to the Configuration tab.

PRJ-32744,
PRHF-20512

Security Management

In a rare scenario, the FWM process unexpectedly exits.

PRJ-33166,
PRHF-20782

Multi-Domain Management

The mds_backup script may not collect Multi-Domain Server log files from $MDSDIR/log/.

PRJ-30349,
PRHF-19421

Multi-Domain Management

During a CPUSE upgrade of a Multi-Domain Server, if there are multiple external interfaces defined, the Domain Servers may be assigned to an incorrect interface.

PRJ-30524,
PRHF-19541

Multi-Domain Management

In rare scenarios, running the "fwm sic_reset" command on Multi-Domain Server may fail.

PRJ-38328,
PMTR-82069

SmartConsole

  • Install Policy Preset may invoke policy installation on Gateways different from those that are defined.
  • Policy installation on multiple Gateways on MDS level may trigger installation on one Gateway only.

Refer to sk178590.

PRJ-32976,
PRJ-32977,
PMTR-74061

CPView

In Overview, some data about disk space may be missing.

PRJ-32371,
PRHF-18699

Logging

When running CPinfo in a large scale environment, the SmartEventCollectLogs process may get stuck.

PRJ-32305,
PRHF-18539

Logging

When configuring an Email alert as an Automatic Reaction in SmartEvent, and the alert contains data from the event, some fields may be missing in the generated email.

PRJ-32585,
PRHF-20276

Logging

There may be empty values in the "Office Mode IP" field in the Logs view.

PRJ-28315,
PRHF-18428

Logging

The "Last Update Time" field of a Session Log may show incorrect values.

PRJ-25652,
PRHF-17000

Logging

When SmartView Web is configured to not return empty values, a query may fail with a "query failed" message.

PRJ-29121,
PRHF-18445

Logging

SmartEvent may not show some of the Anti-Virus logs.

PRJ-32026,
PRHF-19715

Logging

In some scenarios, the "vpn_user" field is empty in the Logs view and SmartEvent Reports, even though it contains values in the raw log.

PRJ-30661,
PRHF-19620

Logging

  • The "fw log" and "fwm logexport" commands may fail with "Error: Failed to read field".
  • The exported log file may not contain all logs.

Refer to sk176644.

PRJ-31615,
PRHF-19834

Logging

Non-English letters in SmartView reports exported as CSV may be displayed incorrectly. Refer to sk175543.

PRJ-32578,
PRHF-20447

Logging

In some scenarios, it is not possible to add the "Policy Rule UID" column to the Logs view in the SmartView Web Application.

PRJ-32016,
PRHF-20117

Logging

When running the "show_logs" API command with "query-id argument" and the session is expired, the command ends with a timeout instead of presenting an error.

PRJ-30547,
PRJ-30548,
PRHF-19084

Logging

In rare scenarios, when QoS Blade is enabled, the FWD process may unexpectedly exit. Refer to sk177783.

PRJ-29172,
PRHF-18866

Logging

Removed unnecessary debug messages: "fwbintabreplace: table svm_range_gateways not found" and " fwbintabreplace: table svm_range_gateways_valid not found" from the FWD debug log.

PRJ-30143,
PMTR-60786

Logging

Recurring "Unable to open '/dev/fw0': No such file or directory" may be printed in the fwd.elg file.

PRJ-32229,
CGIS-636

Logging

The "vsec_lic_cli update" command now supports IP change in the license string.

PRJ-32083,
PRJ-32084,
PMTR-74297

Logging

A duplicate entry appears in /etc/cpshell/log_rotation.conf. This issue is only cosmetic.

PRJ-34248,
PRHF-21188

Logging

There may be an incorrect error message related to MakeConnection method.

PRJ-14159

Security Gateway

UPDATE: Added support for CPView's Top Connections tab in User Space Firewall (USFW).

PRJ-34448

Security Gateway

UPDATE: The "fw unloadlocal" command can now be used on a Virtual System only with the "-f" flag added. Otherwise, a warning message is displayed, indicating that unloading policy on a Virtual System will cause traffic issues with any Virtual System connected to a Virtual Switch or a Virtual System in Bridge mode.

  • Fix is relevant for Gaia 3.10 only.

PRJ-31663,
PRJ-31664,
PMTR-68092

Security Gateway

UPDATE: Adding Connection and Packet Distribution statistics in CPView.

PRJ-38234,
PRJ-38233,
PMTR-81910

Security Gateway

UPDATE: Apache HTTPD version was updated from 2.4.51 to 2.4.53.

PRJ-29695,
PRJ-29696,
PRHF-19097

Security Gateway

In rare a scenario, a memory leak may occur with a "cpas_streamh_init_from_cookie failed" message printed in /var/log/messages.

PRJ-27607,
PRJ-2760,
PRHF-18068

Security Gateway

A debug message is printed as an error.

PRJ-33900,
PMTR-58175

Security Gateway

In rare scenarios, the LOG_INDEXER process may unexpectedly exit with a core dump file.

PRJ-21485,
PRJ-21484,
PMTR-57716

Security Gateway

The FWD process may unexpectedly exit due to a rare race condition. Refer to sk173424.

PRJ-30780,
PRJ-30781,
PRHF-19506

Security Gateway

Access Policy installation may fail with "Error code 1-2000078".

PRJ-31205,
PRJ-31206,
PRHF-19333

Security Gateway

The Security Gateway may crash during policy installation due to memory allocation problems.

PRJ-33510,
PRJ-33511,
PMTR-75878

Security Gateway

CPView may show corrupted numbers in "F2V-Reasons". This issue is only cosmetic.

PRJ-33271,
PRJ-33272,
PMTR-26836

Security Gateway

The control connection may not be refreshed together with data connection if the data connection is accelerated. Refer to sk168952.

PRJ-33609,
PRJ-33610,
PRHF-20810

Security Gateway

In a rare scenario, the FWD process may unexpectedly exit.

PRJ-33995,
PRJ-33996,
PRHF-18340

Security Gateway

In rare scenarios, slow path connections that should be terminated/aborted may remain open until the timeout.

PRJ-23477,
PRJ-23478,
PRHF-16013

Security Gateway

Policy installation may fail when reaching out of memory on the Security Gateway.

PRJ-34266,
PRHF-19587

Security Gateway

The log_exporter process may consume a high CPU.

PRJ-32572,
PRJ-32573,
PMTR-74852

Security Gateway

When deleting connection table entries with "fw ctl conntab -x", and using "rule", "service", "type", "flags" or "state" filters, entries that do not match these filters may still be deleted.

PRJ-36997,
PRJ-36993

Security Gateway

  • On 2200 appliances, the CPD process may unexpectedly exit because of sensor read failure.

  • Sensor table values for 3600, 3600T, 3800, 6200B, 6200P, 6200T, 6400, 6600, 6700, 6900, 7000, 600-S are incorrect.

Fix is relevant for Gaia 3.10 only.

PRJ-33247,
PRJ-33248,
PRHF-20709

VPN, Internal CA

Creating a certificate for a third party Gateway with Check Point Internal CA may fail on the third party side. Refer to sk176468.

PRJ-34863,
PRJ-34088

Threat Prevention

IPS and other Threat Prevention logs may not contain packet capture. And dmesg may be flooded with related errors.

PRJ-33546,
PRJ-33547,
PMTR-74799

Threat Prevention

When IPS Automatic update is enabled, a memory leak may occur in the FWD process. Refer to sk176947.

PRJ-30442,
PRJ-30443,
PRHF-17552

Threat Prevention

In a rare scenario, the DLP process leaves open unused file descriptors in the $FWDIR/tmp/dlp directory which may take up a large amount of disk space

PRJ-30499,
PRJ-30500,
IDA-4120

Identity Awareness

UPDATE: Enhanced Identity Sharing SmartPull mechanism for large scale environments.

PRJ-37472,
PRJ-37473,
PMTR-80602

Identity Awareness,
Identity Logging

UPDATE: Adjusted AD-Query and Identity Logging solutions to work with Microsoft hardening changes in DCOM which were required for CVE-2021-26414. Refer to sk176148.

PRJ-30945,
PRJ-30946,
IDA-4253

Identity Awareness

In some scenarios, persistent high CPU is caused by ADQuery due to a large number of authentication requests.

PRJ-35818,
PRJ-35819,
PRHF-21396

Identity Awareness

On Scalable Platforms\Cluster LS, the Identity Database may become corrupted when an identity session is revoked from a non-master member.

PRJ-32869,
PRJ-32870,
PMTR-75155

Identity Awareness

When Identity Awareness Blade is enabled on the Security Gateway, rebooting of a member may trigger additional reboots. This may cause one of the members to go down with a configuration pnote.

PRJ-28217,
PRJ-28216,
PRHF-15223

Identity Awareness

There may be connectivity issues and high CPU spikes on the PDPD, VPND processes, and on the Gateway when installing policy. Refer to sk174144.

PRJ-33145,
PRJ-33146,
PRHF-20682

URL Filtering

In some scenarios, SSL websites are not matched correctly when categorization mode is on Hold and IDA is enabled. Refer to sk176283.

PRJ-34457,
PRJ-34456,
PRJ-34456,
IPS-1066

IPS

Enhanced IPS package loader.

PRJ-29425,
PRJ-29426,
PRHF-18966

IPS

When Website categorization mode is set to "Hold" and Gateway is Proxy, some connections may be incorrectly terminated.

PRJ-30423,
PRJ-30424,
PRHF-17395

DLP

The dlpu process may unexpectedly exit with core dump file.

PRJ-32999,
PRJ-33000,
PMTR-75153

SSL Inspection

UPDATE: Upgraded the default Infrastructure for local communication between some processes to TLS 1.2.

PRJ-32881,
PRJ-32882,
PMTR-75079

SSL Inspection

When TLS 1.3 support is disabled, a memory leak may occur in the WSTLSD process during TLS session renegotiation.

PRJ-32898,
PRJ-32899,
PRHF-20458

SSL Inspection

In a rare scenario, the WSTLSD process may unexpectedly exit and produce a core dump file.

PRJ-33404,
PRJ-33405,
PMTR-72934

SSL Inspection

In rare scenarios, TLS probing connections may remain open for extended periods.

PRJ-34971,
PRJ-34972,
PMTR-77321

SSL Inspection

In rare scenarios, the WSTLSD daemon may unexpectedly restart.

PRJ-34158,
PRJ-34159,
PMTR-75807

SSL Inspection

In some scenarios, the WSTLSD daemon may unexpectedly exit during TLS probing.

PRJ-36296,
PRJ-36297,
PMTR-76171

SSL Inspection

A memory leak related to TLS probe may occur in the WSTLSD process.

PRJ-35937,

PRJ-35939,

PRJ-35934

SSL Network Extender

UPDATE: SSL Network Extender was updated to version 800008304. It provides TLS 1.2 cipher suites support on macOS.

PRJ-31229,
PRJ-31230,
SNX-67

SSL Network Extender

SSL Network Extender (SNX) may fail during large file transfers. Refer to sk87760.

PRJ-32469

ClusterXL

Added Syslog support for Cluster events messages.

  • Fix is relevant for Gaia 3.10 only.

PRJ-35981,
PMTR-74818

ClusterXL

A cluster failover may take longer than it should.

  • Fix is relevant for Gaia 3.10 only.

PRJ-36468,
PRJ-36469,
PRHF-21775

SecureXL

The VSX Gateway may crash when trying to route traffic from a VS to a Virtual Switch (VSW).

PRJ-36071,
PRJ-36072,
PRJ-34902

SecureXL

In some scenarios, related to sending multicast packets, the ICMP errors may be shown.

PRJ-28642,
PRJ-28643,
PMTR-67800

SecureXL

A redundant message "ACC: Accelerator started." is printed in dmesg logs.

PRJ-33353,
PRJ-33354,
PMTR-75438

Routing

  • Security Gateway may crash when OSPF inserts or removes an LSA from its database.
  • Neighbor dead timers may have negative values.

PRJ-30711,
PRJ-30712,
PRHF-18975

Routing

Connectivity issues may occur after configuration of route based VPN (VTI interface). Refer to sk176368.

PRJ-34708,
PRJ-34709,
PMTR-73184

Routing

In rare scenarios, the ROUTED daemon may unexpectedly exit or write logs in the incorrect order.

PRJ-36235,
PRJ-36236,
PRHF-22206

VPN

A memory leak may occur in the VPND process.

PRJ-32363,
PRJ-32364,
PRHF-20315

VPN

Improved IKEv2 narrowing.

PRJ-36415,
PRJ-36417,
PMTR-79305

VPN

In some scenarios, when VPN logs are enabled and DAIP (Dynamically Assigned IP) peer is configured, the VPND daemon may unexpectedly exit.

PRJ-32516,
PRJ-32517,
PMTR-74732

VPN

Improved establishing IKEv2 tunnel with DAIP peer.

PRJ-34490,
PRJ-34491,
PRJ-34491

VPN

Remote Access users cannot connect when a certificate issued by a configured subordinate CA is used for authentication.

PRJ-34509,
PRJ-34510,
PRHF-21405

VPN

When IKEv2 and pre-shared-key are configured, VPN may fail during the second IKE SA re-key. Refer to sk171756.

PRJ-34208,
PRJ-34209,
PMTR-74824

VPN

IKEv2 ID configuration may not be applied when an IPv6 address is written as a certificate's alternative name.

PRJ-33839,
PMTR-76280

VSX

UPDATE: Shadow bridges will now be automatically disabled on VSX Gateways if the bridges are not in Active/Active mode.

  • Fix is relevant for Gaia 3.10 only.

PRJ-32531,
PMTR-74770

VSX

UPDATE: It is now possible to define interface topology as "defined by routes" using the VSX provisioning tool.

PRJ-36790,
PMTR-77287

VSX

The "vsx_util reconfigure" command may fail without printing the cause of the error.

PRJ-22475,
PRJ-22481,
PRHF-15744

VSX

In some scenarios, running the "snmpwalk" command may fail with incorrect OSPF-MIB information for VSX. Refer to sk172064.

PRJ-32077,
PMTR-74295

VSX

When creating a static route on a virtual system, some network objects may be created with the same name inside the network group which causes writing the object to the database to fail.

PRJ-37420,
PMTR-79515

VSX

After deleting a warp interface in SmartConsole, the active VSX cluster member may crash.

  • Fix is relevant for Gaia 3.10 only.

PRJ-36773,
PRJ-36772,
PRJ-36756

Gaia OS

NEW: Gaia API (version 1.6 with Python3 support) will now be deployed via Jumbo Hotfix. Refer to sk143612.

PRJ-37956,
PRJ-37955,
PMTR-81489

Gaia OS

UPDATE: Upgraded OpenSSL to fix CVE-2022-0778. Refer sk178411.

PRJ-28692

Gaia OS

Stability enhancement for Bond LS.

PRJ-30209,
PRJ-30210,
PRHF-19017

Gaia OS

  • VLAN IPv6 address disappears after setting the parent interface state "off" and "on".
  • IPv6 address disappears after enabling Layer 3 bridge interface monitoring.

Refer to sk174969.

PRJ-33685,
PRJ-33686,
PMTR-75891

Gaia OS

Potential vulnerability related to specific Gaia API command on VSX systems.

PRJ-33505,
PRJ-33506,
PMTR-75443

Gaia OS

Fixed CVE-2021-30361 - Gaia Portal Authenticated Command Injection. Refer to sk179128.

PRJ-32690,
PRJ-32691,
PMTR-58250

Gaia OS

In some scenarios, like defected LOM card, or when LOM port exists, but no LOM is connected, the confd process may stop working.

PRJ-37227,
PRJ-20942,
PMTR-63343

Gaia OS

Upgrade process may fail due to corrupted sic_local_cert.p12 certificate. Refer to sk171253.

PRJ-33711,
PRJ-32546

Gaia OS

In a rare scenario, the Security Gateway fails to boot when working in USFW (User-Space Firewall) mode.

  • Fix is relevant for Gaia 3.10 only.

PRJ-27907,
PRHF-17814

Harmony Endpoint

In some scenarios, logs related to Harmony EndPoint may be missing.

PRJ-36272,
PRHF-22059

CloudGuard

In some scenarios, incorrect data center updates are pushed to the Gateway.

PRJ-34525,
PRHF-21383

CloudGuard

When a Gateway's object name was changed, CloudGuard Central License Tool may fail to distribute licenses to the Gateway.

PRJ-36702,
ODU-244

Public Cloud CA Bundle

Added Take 14 of Public Cloud CA Bundle. Refer to sk172188.

PRJ-35156

Scalable Platforms

NEW: Added a self-updatable package of Check Point Support Data Collector (CPSDC) for Scalable Platforms and Maestro Security Appliances. Refer to sk164414.

PRJ-36828,
ODU-287

HCP

Added Update 7 of HealthCheck Point (HCP) Release. Refer to sk171436.

PRJ-34440,
ODU-217

HCP

Added Update 6 of HealthCheck Point (HCP) Release. Refer to sk171436.

PRJ-22351,
PRJ-22352,
INFRA-528

Infrastructure

UPDATE: Updated Python 2.7.17 to 2.7.18, Python 3.7.7 to 3.7.12, added Python 3.9.7 and a Python3 alias.

PRJ-29948,
PRJ-29949,
PRHF-19115

Infrastructure

In a rare scenario, the user cannot connect to the Mobile Access Portal.

Take 246

Released on 03 March 2022 and declared as General Availability on 08 March 2022

PRJ-37388,
PRJ-37380

ClusterXL

Forward/backward clock jumps may cause some operations to fail and the cluster to go down.

Take 245

Released on 23 February 2022

PRJ-36955,
PRHF-22500

Logging

Policy installation and "where used" operation may take a long time if there are many inline layers and the "Install On" targets in the Rule Base are not defined as "Any". Refer to sk177928.

Take 242

Released on 8 February 2022

PRJ-34689,
PMTR-75532

Logging

In some scenarios, in an environment that includes the SmartEvent Server, the log_indexer process restarts at midnight, producing a core dump file. Refer to sk177805.

Take 241

Released on 2 January 2022

PRJ-24929,
PRHF-16947

Security Management

UPDATE: Added a warning message in SmartConsole, alerting if during policy installation memory utilization of the FWM process exceeded 3.5GB.

PRJ-29232

Security Management

UPDATE: Added a new flag to the Threat Prevention "show-protections" API command ("show-capture-packets-and-track") that allows not to return capture-packets and track information.

PRJ-30098,
PRHF-19248

Security Management

In rare scenarios, a Multi-Domain administrator's profile may be changed after deleting a Domain if the administrator had custom permissions for it.

PRJ-28647,
PRHF-18202

Security Management

In some scenarios, when using a VPN community, the status of the Global Domain Assignment may change to "not up to date", although no changes were made in the Global Domain.

PRJ-28421,
PMTR-10273

Security Management

Virtual session timeout for a TCP service cannot exceed 86400 seconds. Refer to sk168872.

PRJ-27999,
PRHF-18245

Security Management

If Brute Force Password Guessing Protection is set to the value of more than 25 seconds, login to SmartConsole fails.

  • Requires R80.30 SmartConsole Build 103 (or higher).

PRJ-25626,
PRHF-17284

Security Management

In rare scenarios, a Management Server upgrade may fail with an error message "Object not found - [UID]" in the cpm.elg log file.

PRJ-28534,
PRHF-18063

Security Management

In rare scenarios, Global Policy Assignment may fail with the "class name not found for object" error.

PRJ-28155,
PRHF-17926

Security Management

In rare scenarios, if Domain migration fails, the operation may not revert fully and leave some remnants in the database of the Management Server.

PRJ-28086,
PMTR-70942

Security Management

In some scenarios, the Administrators view may not filter domain names according to the permission profile of the connected administrator.

PRJ-24948,
PRHF-16976

Security Management

If there is an Administrator named "Endpoint", an upgrade of Endpoint Security Server from R77.30 version fails.

PRJ-26909,
PRHF-16657

Security Management

Policy installation to multiple gateways from Install Policy Presets may fail if each policy has its own HTTPS Inspection policy.

PRJ-26297,
PRHF-17531

Security Management

In rare scenarios, tasks may run indefinitely until the Security Management Server is restarted.

PRJ-26300,
PRHF-17558

Security Management

In rare scenarios, Global Domain Assignment and Domain Creation tasks may continue to run indefinitely.

PRJ-26734,
PRHF-17606

Security Management

In a rare scenario, in the Management API, the "show hosts" command with "details-level full" fails with a message "java.util.InputMismatchException: got at least one duplicate UID in requested list, duplicates UIDs:".

PRJ-26675,
PRHF-17744

Security Management

The Management API command "show gateways and servers" does not show policy information for cluster members.

PRJ-28782,
PRHF-18557

Security Management

In some scenarios, "show-mdss" and "show-domains" Management API commands take a significant amount of time to complete or time out after 5 minutes.

PRJ-30624,
PRJ-30622

Security Management

In rare scenarios, after the Security Management Server starts up, when connecting to SmartConsole, some objects appear more than once.

PRJ-25037,
PRHF-16802

Security Management

In rare scenarios, a task in progress may get stuck until the Management Server is restarted.

PRJ-26977,
SMCUPG-1675

Security Management

After migrating a Domain to Security Management Server, the FWM process may be shown as "down" in watchdog, although it is up and running. Refer to sk163814.

PRJ-26628,
PRHF-17230

Security Management

In rare scenarios during system startup, a cleanup operation may cause high CPU on multiple Postgres processes and prevent login to SmartConsole. Refer to sk175189.

PRJ-13163,
PRHF-11027

Security Management

The "show-global-assignment" command may ignore the limit request and return the default limit.

PRJ-26122,
PRHF-17476

Security Management

In some scenarios, HA synchronization fails in the Global Domain after an IPS update.

PRJ-25798,
PRHF-17324

Security Management

In rare scenarios, if the CPM process is up for many days, CPU and memory consumption may continue to grow until a reboot is performed.

PRJ-25564,
PRHF-17182

Security Management

In rare scenarios, an upgrade may fail when there is an OPSEC Server object configured.

PRJ-22133,
PMTR-63108

Security Management

In some scenarios, a high load on the Management Server may cause SmartConsole slowness.

PRJ-28568,
PRHF-18422

Security Management

In some scenarios, the Purge Revisions operation fails with an error message: "An error has occurred while performing revisions purge operation, Incident ID - xxxxx-xxxxxxx-xxxxx-xxxxx". Refer to sk174645.

PRJ-29156,
PRJ-30418,
PRHF-18883

Security Management

Scheduled IPS updates data may not be shown in the IPS update report.

PRJ-29186,
PRHF-18470

Security Management

In a rare scenario, High Availability full synchronization may fail due to a large number of records.

PRJ-28899,
PRHF-18508

Security Management

When searching IP addresses using logical operators (AND / OR), the results may be incorrect:

  • in SmartConsole in the Object Explorer view
  • with the Management API command "show objects" and the "filter" field

Some matched objects may be missing, while some unmatched objects may be present.

PRJ-28291,
PRHF-18210

Security Management

In rare scenarios, High Availability incremental synchronization may fail with a wrong status message.

PRJ-28297,
PRHF-18362

Security Management

In rare scenarios, High Availability on the Global Domain may fail to synchronize the Multi-Domain Log Server if IPS protection was added or removed in the Threat Prevention rulebase.

PRJ-25000,
PRHF-17007

Security Management

After migrating a Domain to a Multi-Domain Management and assigning a Global Policy, if there are objects with the same name in the Domain and Global Domain, the assignment succeeds, although it must fail due to name duplication.

PRJ-23452,
PRHF-16065

Security Management

After upgrade from R77.x, "Cannot assign a Domain more than once" errors may appear in the validations pane.

PRJ-24329,
PRHF-16613

Security Management

In some scenarios, the "Recent Tasks" view shows the initiator as a System administrator when the Global Manager user initiates reassign and install policy.

PRJ-23124,
PRHF-15939

Security Management

Migration of Security Management Server to a Domain on a Multi-Domain Server may be blocked if there are multiple Certificate Authority objects. Refer to sk174270.

PRJ-21786,
PRHF-15257

Security Management

In some scenarios, the output of the "cpmistat" command may contain partial information.

PRJ-30052,
PRHF-18928

Security Management

In rare scenarios, the FWM process unexpectedly exits and fails to start, creating core dumps in the /var/log/dump/usermode directory. Refer to sk175007.

PRJ-28062,
PRJ-28063

Security Management

In rare scenarios:

  • Login to the Management Server may timeout and fail
  • Publish operation may take a long time.

PRJ-29896,
PRHF-18828

Security Management

In some scenarios, login to a Domain from the System Domain dashboard may fail with "Failed to connect to server".
Refer to sk174910.

PRJ-25195,
PMTR-68090

Security Management

The "Packet capture is not supported on this platform" warning appears after policy installation for SMB Gateways, although no packet capture is used.

PRJ-29966,
PRHF-19308

Security Management

In some scenarios, simultaneous policy installation on multiple Gateways may fail if there is at least one Gateway on R77.X and one Gateway on R80.X.

PRJ-21875,
PRHF-15460

Security Management

In some scenarios, applying the "Where used" action may show incorrect data when an object exists more than once in an Inline Layer.

PRJ-22421,
PRHF-15598

Security Management

Domain Server Migration between different Multi-Domain Management Servers may fail if a previous migration attempt of the same Domain already failed and another different Domain name is used for the second attempt.

PRJ-25278,
PRHF-17037

Security Management

In rare scenarios, login to Multi-Domain Management fails with the "No Valid Domains were found for [username]" error. Refer to sk175005.

PRJ-29197,
PRHF-18782

Security Management

After an upgrade from R77.x. in a multi-site environment, High Availability full synchronization may fail with an "NGM failed to load data" message.

PRJ-23850,
PMTR-66674

Security Management

Management Server upgrade may fail if there is a large amount of customized column profiles in Logs View.

PRJ-27484,
PRHF-18079

Security Management

Global Policy reassignment may fail with "An internal error has occurred" due to duplicated Access Policy Assignment object. Refer to sk174183.

PRJ-28814,
PRHF-18712

Security Management

In some scenarios, the "show gateways-and-servers" Management API command fails with "generic_error" when running it with "details-level full".

PRJ-30387,
PRHF-16024

Security Management

In rare scenarios, editing a cluster object fails with the "Code: 0x8003001D, Could not access file for write operation" error. Refer to sk176930.

PRJ-26779,
PRHF-17767

Security Management

In some scenarios, in Override Categorization, it may not be possible to sort or to find objects by name using Object Explorer. Refer to sk175245.

PRJ-30881,
PRJ-30882,
PMTR-62059

Security Management

In rare scenarios, during an upgrade, the FWM process may unexpectedly exit with a core dump file.

PRJ-20708,
PRHF-14327

Security Management

In rare scenarios, if one of the Multi-Domain Servers is down, reconfiguring VSX may fail.

PRJ-29908,
PRHF-18974

Security Management

In some scenarios, it is possible to disable a shared layer, although it is used in more than one rule.

PRJ-31079,
PRJ-31080,
PRHF-19251

Security Management

In rare scenarios, the FWM process on the Security Management Server unexpectedly exits.

PRJ-30822,
PRHF-19479

Security Management

In some scenarios, in SmartConsole, the IPS update status list does not reflect correctly all the Gateways having the IPS Blade enabled. Refer to sk175449.

PRJ-30334,
PRJ-30335,
PRHF-18150

Security Management

When one Server in a logical Server group is down, the second Server keeps trying to access it, no matter how long the Server is down.

PRJ-32107,
PMTR-63070

Security Management

Policy installation may fail if more than 20,000 objects are created and added to rules.

PRJ-31670,
PRHF-19891

Security Management

In rare scenarios, the API commands "show-automatic-purge" and "set-automatic-purge" may fail if there were two earlier attempts to update the Automatic Purge at the same time.

PRJ-30066,
PRHF-19326

Security Management

  • The High Availability status on Security Management Server may be incorrect, and performing failover is not possible.
  • On Multi-Domain Server, after performing failover in the Global Domain and restarting services, the former active Global Domain Server still appears as active (although it is standby).

PRJ-28167,
PRHF-18380

Security Management

In rare scenarios, the Management Server may fail to start due to incorrect sessions handling.

PRJ-32545,
CPM-2222

Security Management

Values updated in resourceProfiles files to handle high CPU utilization for the Java process (sk123417) are not resistant and are overridden after Jumbo Hotfix Accumulator installation or backup/restore or export/import procedures.

PRJ-21829,
PRJ-29591,
PRHF-15448

Multi-Domain Management

In rare scenarios, after an upgrade, the CPD process in a Multi-Domain environment may unexpectedly exit, creating a core dump file.

PRJ-21775,
PRJ-21776,
PMTR-63316

Licensing

In some scenarios, the total number of "sr" licenses may be counted incorrectly.

PRJ-28522

Licensing

In a very rare scenario, SmartConsole login attempts mail fail due to high CPU usage of the CPD process.

PRJ-27343,
PRJ-27344

Licensing

In a rare scenario, the licensing status in SmartConsole is displayed incorrectly.

PRJ-29309,
PRHF-18767

SmartConsole

The Compliance "Security Best Practices" report for the Anti-Bot practice contains unrelated objects starting with "AB_". Refer to sk174911.

PRJ-30370,
PRJ-30376

CPInfo

UPDATE: Added CPInfo build 914000219. Refer to sk92739.

PRJ-25007,
SL-5634

Logging

NEW: SmartEvent can now skip indexing of firewall session logs to reduce load on the Log Server device. The feature is disabled by default. To enable it, see Issue #4 in sk150452.

PRJ-25928,
PRJ-30687,
PMTR-69181,
PMTR-69007

Logging

NEW:

  • It is now possible to set the default timeframe for all the SmartView web application functionalities.
  • The default value is "Last 24 hours".

Note: The default time frames on the SmartView web application and SmartConsole are not synchronized.

  • Requires R80.30 SmartConsole Build 103 (or higher).

PRJ-26807,
PMTR-70072

Logging

NEW: In SmartEvent GUI, added the "referrer" field for filtering correlation unit events.

PRJ-23488,
SL-5368

Logging

NEW:

  • In SmartEvent GUI added new products: "Behavioral Guard", "Anti-Exploit", "Anti-Bot" and "Anti-Ransomware"
  • For Endpoint logs correlation, added a new pre-defined event: "Harmony Endpoint" under Legacy -> Endpoint Security.

PRJ-16280,
PRHF-11939

Logging

In some scenarios, emails of DLP Blade may be sent with obfuscated information, with no option to present the full data. Refer to sk106430.

PRJ-25831,
PMTR-68506

Logging

The LOG_INDEXER process on the SmartEvent Server may consume a high CPU when the Mobile Access Blade is enabled on the Gateway.

PRJ-24522,
PMTR-67575

Logging

In a low log rate, there may be a delay in exporting logs using the Log Exporter.

PRJ-25644,
PMTR-68886

Logging

In SmartView (Reports and Web Logs view), the value of the file size is displayed differently from the Logs view in SmartConsole (GB instead of GiB).

PRJ-13741,
PRJ-13742,
PRHF-11391

Logging

The "Could not connect to Monitoring Blade" error is displayed when trying to show the "Top Interfaces" view in SmartConsole or SmartView Monitor for a Gateway that has more than 100 interfaces.

PRJ-27048,
PRHF-17285

Logging

In rare scenarios, Management object changes may not be reflected in the Logs view. When the issue occurs, the CPM process may also consume a high CPU.

PRJ-26724,
PRHF-17205

Logging

In some scenarios, the FWD process on Security Gateway may cause high memory consumption when Log Forwarding is configured or when running the "fw fetchlogs" command.

PRJ-24282,
PMTR-66677

Logging

In rare scenarios, when exporting logs to Check Point Infinity Portal, the Log Exporter may unexpectedly exit.

PRJ-26692,
PMTR-70010

Logging

When adding the "UC Block" action, log queries may not show UserCheck logs. Refer to sk174543.

PRJ-22343,
PRHF-15696

Logging

In SmartView, the "Duration" field is missing from Reports and Views.

PRJ-22647,
PRHF-15710

Logging

Threat Emulation log description for HTTP emulation is incorrect.

PRJ-23866

Logging

In SmartView reports, the "Show only icon" option for table widgets does not work as expected.

PRJ-23678,
PMTR-62763

Logging

In rare scenarios, in environments with many network objects, when typing a query in the search bar in the Logs tab, SmartConsole may close unexpectedly.

PRJ-14237,
PRHF-11770

Logging

In SmartView, grouping or filtering by the field "Total Bytes" causes the query to fail.

PRJ-21322,
PRHF-15198

Logging

In the Method field, logs with the following values are not shown in the SmartConsole's Logs tab. They are only shown when opening a single log record.
The values are: MOVE, TEXT, XGET, UNDEFINED, VTTEST, ABCD, SEARCH, RPC_CONNECT, PRONECT, TRACK, CFYZ, BADMETHOD, DEBUG, MGET, GET, MKCOL, QUALYS, RNDMMTD, PRI, NESSUS, BDMT, BADMTHD.

PRJ-26113,
PMTR-69276

Logging

In a multi-site MDM environment, Log queries may fail to retrieve results from a CMA or CLM, if there is another CMA or CLM with the same sic_name.

PRJ-16983,
PRHF-12847

Logging

In a rare scenario, Application Control events may not be displayed in SmartEvent.

PRJ-27617,
PRHF-18157

Logging

The CPSEMD process on SmartEvent Server may unexpectedly exit when trying to send two automatic reactions simultaneously for the same event.

PRJ-25439,
PRHF-17184

Logging

On a Management Server, with SmartEvent enabled and many Networks configured in the database, login to SmartConsole may fail with an "Error: the operation timeout" message, and the FWM process is running with a high CPU. Refer to sk167239.

PRJ-25621,
PMTR-68809

Logging

In environments with more than 500K network objects, the LOG_INDEXER process on SmartEvent and Correlation Unit Server may unexpectedly close with the "Out of memory" error and a dump core file, although limited resolving is enabled (according to sk164452).

PRJ-28339,
PMTR-69859

Logging

In some scenarios, Log Exporter configured to export in TLS, cannot authenticate a certificate from an external certificate authority.

PRJ-29028,
PRHF-17596

Logging

In rare scenarios, SmartEvent may show no results or partial results in the Audit Log report.

PRJ-31210,
PRJ-30722

Logging

In a rare scenario, logs export from SmartView web view to CSV may fail. Refer to sk175545.

PRJ-17259,
PRHF-12617

Logging

In SmartConsole:

  • In Gateways and Servers view, IP statuses may not be accurate
  • In the Threat Prevention Policy tab, under "Updates", Gateways IPS update status may not be up-to-date, although the new IPS package was received successfully.

PRJ-26306,
PRHF-17314

Logging

In rare cases, in SmartConsole, some logs are not shown.

PRJ-28322,
PRHF-17811

Logging

In some scenarios, in SmartLog, free-text search does not work for some inspection settings logs and their description is missing.

PRJ-26029,
PRHF-17325

Logging

In a rare scenario, after an NSX Gateway upgrade, enforcement details/identities are not pushed by the controller to the Gateway automatically, it can be done only by manual update. Refer to sk173323.

PRJ-26679,
PRHF-17724

Logging

Logs that are sent by Log Exporter in CEF format, cannot be displayed if they include non-digit characters in the "dst_phone_number" field.

PRJ-14118,
PRHF-11778

Logging

Syslog messages are not shown in SmartConsole when syslog_free_text_parser.C contains references to ".ini" files which are located directly syslog folder $FWDIR/conf/syslog.

PRJ-19836,
PRJ-19837,
PRHF-14286

Logging

On Gateways with many interfaces, after policy installation or after reboot, Real-Time Monitor (RTM) may consume a high CPU on the Gateway. Refer to sk170928.

PRJ-30582,
PMTR-63927

Logging

In some scenarios, in Multi-Domain Servers with many Domains, the Solr process for logs may unexpectedly exit.

PRJ-20496,
PMTR-63033

CPUSE

The "Recommended" Package value is not changed from true to false in SmartConsole while installing Jumbo Hotfix. Refer to sk174508.

PRJ-29573,
PRJ-29574,
PRHF-15052

Security Gateway

NEW: Added a new kernel parameter "up_disable_early_drop_optimization_for_reject" to disable "Early Drop Optimization" for reject rules. The parameter is enabled by default.

PRJ-31910,
PRJ-31911,
PRHF-19710

Security Gateway


NEW: Added a new kernel parameter "cphwd_medium_path_qid_by_cpu_id". The parameter is disabled by default. Refer to sk175890.

PRJ-28850,
PRJ-28851,
PRHF-18624

Security Gateway

UPDATE: Added DNS Passive Learning support for DNS responses containing the Domain name in uppercase letters.

PRJ-29441,
PMTR-72448

Security Gateway

UPDATE: The default value for kiss_kthread_allow_resched kernel parameter is changed to 1. Refer to sk170560.

  • Fix is relevant for Gaia 3.10 only.

PRJ-30980,
PMTR-73404

Security Gateway

UPDATE: Added L3 routing support for bridge interface assigned with IP address. To enable it, set fw_bridge_with_ip_routing=1 in the $FWDIR/fwkern.conf file. Refer to sk165560.

  • Fix is relevant for Gaia 3.10 only.

PRJ-32070,
PRJ-32071,
STRM-737

Security Gateway

UPDATE: Check Point Active Streaming (CPAS) TCP Window scale factor is now increased up to 6.

PRJ-32154,
PRJ-32155,
PMTR-74372

Security Gateway

UPDATE: Apache HTTPD version was updated from 2.4.41 to 2.4.51.

PRJ-26821,
PRJ-26822,
PRHF-17872

Security Gateway

A duplicate entry appears in the /etc/cpshell/log_rotation.conf file. This issue is only cosmetic.

PRJ-26033,
PRJ-26034,
PMTR-67536

Security Gateway

The "fw_xlate_rule_count_dec: refcount is negative -1" message may be displayed in dmesg when IP pool NAT is used on a cluster environment.

PRJ-4172,
PRJ-27993,
PRHF-5036

Security Gateway

Large number of "fwpslglue_do_log: message [0] will be truncated in log" logs is printed in /var/log/messages, although debug is not enabled.

PRJ-25291,
PRJ-25292,
PRHF-16907

Security Gateway

In rare scenarios, a re-matched connection has 2 logs in SmartConsole.

PRJ-27074,
PRJ-27075,
PMTR-70300

Security Gateway

In rare scenarios, using IP Pool NAT with only IPv4/IPv6 addresses configured may cause Security Gateway to crash.

PRJ-24909,
PRJ-24914,
PMTR-66910

Security Gateway

In rare scenarios, the name of the application that drops a packet was not shown in the drop debug. Instead, the "PSL Drop: internal - drop enabled" message was displayed.

With this fix, the reason for the drop will be displayed.

PRJ-26476,
PRJ-26477,
PMTR-66746

Security Gateway

In some rare scenarios, when IPv6 is configured and Office Mode Anti-Spoofing is enabled, running "cpstop;cpstart" may cause a Security Gateway to crash.

PRJ-27125,
PRHF-17942

Security Gateway

In some scenarios, the ROUTED process may unexpectedly exit.

  • Fix is relevant for Gaia 3.10 only.

PRJ-29417,
PRJ-29418,
PMTR-71855

Security Gateway

In some scenarios, policy installation fails with the "Error code: 0-2000108" message. Refer to sk170673.

PRJ-14623,
PRJ-14624,
PRHF-11760

Security Gateway

After policy installation, Security Gateway may stop responding due to memory leaks.

PRJ-27558,
PRJ-27557,
PRHF-17949

Security Gateway

In some scenarios, configuring an un-numbered virtual interface may cause ARP requests to stay not answered by the interface. Refer to sk174188.

PRJ-27918,
PRJ-27944,
PRHF-13493

Security Gateway

In some scenarios, the CPD process may consume high CPU because of the memory leak in FDT (File Download Tool).

PRJ-19769,
PRJ-19768,
PRHF-14017

Security Gateway

Security Gateway may crash after policy installation.

PRJ-28827,
PRJ-28828,
PRHF-18098

Security Gateway

Improved the ICAP Server internal memory allocation logic.

PRJ-26390,
PRJ-26391,
PRHF-17436

Security Gateway

The WSDNSD process unexpectedly exits and creates a core file. Refer to sk173627.

PRJ-27648,
PRJ-27649,
PMTR-70634

Security Gateway

Negative values may appear in the output of the "fw tab -t connections -s" command and under the NAT section.

PRJ-29136,
PRJ-29137,
PRHF-18403

Security Gateway

The cpsicdemux process may unexpectedly exit, causing Secure Internal Communication (SIC) connection to fail.

PRJ-29740,
PRJ-29741,
PMTR-72615

Security Gateway

In a rare scenario, due to TCP connection reuse, a TCP connection may not be initiated Refer to sk11088.

PRJ-29502,
PRJ-29503,
PRHF-18863

Security Gateway

In some scenarios, using automatic Network Static NAT/Address range objects may cause connectivity issues.

PRJ-29627,
PRJ-29628,
PRHF-19049

Security Gateway

In a rare scenario, Security Gateway may crash.

PRJ-26581,
PRJ-26582,
PMTR-68272

Security Gateway

In a rare scenario, CPView may show incorrect SecureXL statistics per VS.

PRJ-30248,
PRJ-30249,
PMTR-70219

Security Gateway

Added a translation of the error exit code of cprid_util in $CPDIR/log/cprid_util.elg debug log.

PRJ-26668,
PRJ-26669,
PRHF-17760

Security Gateway

In a rare scenario, traffic outage may occur. It is caused by a memory leak related to delayed logs.

PRJ-31215,
PRJ-31216,
PRHF-19896

Security Gateway

When a large number of VPN tunnels is configured, and each one is used by a static route with ping, the ROUTED process may get incorrect cluster IPs for those tunnels. Refer to sk175887.

PRJ-30039,
ODU-103

Security Gateway

If wstunnel loses connectivity, after several attempts, it may unexpectedly exit and not restart. Refer to sk166056.

PRJ-25147,
PRJ-25148,
PRHF-14366

Security Gateway

In a rare scenario, the TCP Half Closed timer (sk137672) may fail when configured for medium/fast connections.

PRJ-30086,
PRJ-30010,
PRHF-18938

Security Gateway

In a rare scenario, when QoS is enabled, Security Gateway may crash while interfaces go down and up.

PRJ-30611,
PRJ-30612,
PRHF-19614

Security Gateway

In rare scenarios, when SACK is enabled, there may be connectivity issues.

PRJ-20625,
PRJ-20626,
PRHF-14374

Security Gateway

Running the threshold_config command may cause the CPD process to consume a high CPU.

PRJ-32099,
PMTR-32214

Security Gateway

In a rare scenario, policy installation may cause connections termination.

PRJ-31965,
PRJ-31966,
PMTR-74144

Security Gateway

In a rare scenario, "Connection/sec" data for accelerated traffic in CPView may differ from the statistics in SNMP.

PRJ-31367,
PRJ-31368,
PRHF-19693

Security Gateway

Improved the handling of a large number of sessions per single HTTP/S connection.

PRJ-26963,
PMTR-70393

Security Gateway

Improved CPS rate on Autoscale deployments of Amazon Web Services (AWS).
  • Fix is relevant for Gaia 3.10 only.

PRJ-32334,
PMTR-72682

Security Gateway

Defining an IPv6 NAT rule with address range (hide) on the translated column may fail with an incorrect error message.

PRJ-26647,
PMTR-70065

Internal CA

UPDATE: Expired certificates are now cleaned from the Internal CA database every three weeks and after reboot. Refer to sk42424.

PRJ-31014,
PRHF-19772

Internal CA

In a rare scenario, when CRL files are created, some of them may be generated with a large number in the filename. When deleting CRL files, CPCA repeatedly fails to start.

PRJ-24987,
PRJ-24988,
PMTR-61787

Threat Prevention

UPDATE: Added support for more than 20 CIFS objects in rulebase. Refer to sk170300.

PRJ-28677,
PRJ-28678,
AVIR-1444

Threat Prevention

UPDATE: Added the option to remove proxy usage in ioc_feeds tool.

PRJ-23266,
PMTR-49906

Threat Prevention

In rare scenarios, the "fw load_sigs" command fails to exit appropriately after completing.

  • Fix is relevant for Gaia 3.10 only.

PRJ-26540,
PRJ-26541,
PMTR-69186

Threat Prevention

In some scenarios, the IPS update status in SmartConsole is incorrect after the automatic update fails with the "Update failed. Failed to load database" error.

PRJ-22269,
PRJ-22270,
PRHF-14664

Threat Prevention

Improved the Threat Prevention policy installation time when installing on more than two Security gateways.

PRJ-26200,
PRJ-25544

Threat Prevention

In a rare scenario, the Security Gateway may crash when working with Anti-Virus.

PRJ-28517,
PRJ-28518,
TPP-1291

Threat Prevention

In rare scenarios, the Security Gateway may crash when the TCP connection is unexpectedly closed.

PRJ-25226,
PRJ-22396,
PRHF-15404

Threat Prevention

The "ciu_lic_open_lic_db_file: crc check failed" error message may be printed in fwd.elg log file during the policy installation if the IPS Blade is disabled. Refer to sk172903.

PRJ-29923,
PRJ-29924,
PRHF-19208

Threat Prevention

Threat Prevention policy installation may fail when loading 2 IOC feeds that contain the same signature name for one of the observables.

PRJ-30094,
PRJ-30095,
PRHF-18623

Threat Prevention

In some scenarios, loading Custom Intelligence Feeds that include an IP address with a subnet mask of 32 bits (x.x.x.x/32) may fail.

PRJ-28974,
PRJ-28989,
PRJ-28937

Threat Prevention

Improved telemetry for Infinity Vision SOC.

PRJ-29368,
PRJ-29369,
AVIR-936

Threat Prevention

In rare scenarios, IoC feed loading fails due to hash parsing errors.

PRJ-28137,
PRJ-28138,
PRJ-27437

Threat Extraction

In some scenarios, the "fw_send_kmsg: No buffer for tsid 44" error is printed in dmesg.

PRJ-33562,
PRJ-33563,
PRJ-33561

Threat Prevention

In a rare scenario, the Security Gateway may crash when working with Anti-Virus or Threat Emulation.

PRJ-29490,
PRJ-29491,
IDA-4049

Identity Awareness

UPDATE:

  • Increased the default timeout values of entries: connected_pdp_refresh_interval is now set to 240 seconds and connected_pdp_grace_period is now set to 360 seconds.
  • Added the "Identity information / Network information will be deleted" alert to SmartConsole.

PRJ-26801,
PRJ-26802,
MBS-13669

Identity Awareness

In a rare scenario, the Security Gateway may crash.

PRJ-29400,
PRJ-29402,
IDA-4087

Identity Awareness

Improved the Identity Server (PDP) performance for publishing new network on Identity Sharing with SmartPull.

PRJ-29611,
PRJ-29612,
PRHF-18943

Identity Awareness

In a rare scenario, some IPv6 sessions may get deleted due to an incorrect update of Identity Gateway (PEP) kernel tables.

PRJ-27190,
PRJ-27191,
PRHF-17768

Application Control

UPDATE: Improved matching of URLs for custom applications.

PRJ-29766,
PRJ-29767,
PRHF-18914

URL Filtering

In a very rare scenario, when the Application Control (APPI) and URL filtering Blades are active, in hold mode, some applications cannot be identified and the traffic is dropped.

PRJ-26104,
PRJ-26105,
PRHF-17301

IPS

Security Gateway may crash when the IPS profile name is very long. Refer to sk174025.

PRJ-27257,
PRJ-27258,
PMTR-65461

IPS

Proxy source IP address is not printed in the IPS logs.

PRJ-28488,
PRJ-28489,
PRHF-16635

IPS

An HTTP download of a large file may unexpectedly stop with an error message.

PRJ-27956,
PRJ-27957,
PRHF-18158

IPS

In some scenarios for HTTP, Gateway closes a connection from the Server side, but the user side may remain open.

PRJ-29938,
PRJ-29939,
PRHF-18992

IPS

In rare scenarios, if IPS Geolocation is enabled, the Security Gateway may crash.

PRJ-28736,
PRJ-28737,
PRHF-17049

IPS

In some scenarios, the destination IP is missing from the IPS logs. Refer to sk174588.

PRJ-31691,
PRJ-31692,
PMTR-73790

IPS

Improved the handling of decoded HTTP/S traffic.

PRJ-32500,
PRJ-32501,
PRJ-32415

IPS

In some scenarios, when IPS Automatic update is enabled, a memory leak may occur in the FWD process.

PRJ-28499,
PRJ-28500,
PMTR-59113

Anti-Virus

UPDATE: Improved Anti-Virus buffer allocation to reduce stack size.

PRJ-24613,
PRJ-24614,
PMTR-66115

Anti-Virus

UPDATE: Reduce performance when Anti-Virus is configured with deep inspection on all file types.

PRJ-23568,
PRJ-23569,
PRHF-15500

Anti-Virus

Security Gateway may crash when transferring the HTTP multipart traffic if the Anti-Virus Deep Scanning, Threat Extraction, or Threat Emulation is enabled.

PRJ-29132,
PRJ-29190,
TPP-1157

Anti-Bot

UPDATE: Improved performance of Anti-Bot URL Reputation.

PRJ-29473,
PRJ-29474,
PMTR-72234

SSL Inspection

In some scenarios, a memory leak may occur when creating ECDHE keys.

PRJ-30457,
PRJ-30458,
PRHF-19516

SSL Inspection

In rare scenarios, HTTPS connections may hang indefinitely during the TLS handshake, causing timeout.

PRJ-31170,
PRJ-31171,
PMTR-72409

SSL Inspection

A memory leak, related to TLS probing, may occur in the WSTLSD process.

PRJ-31164,
PRJ-31165,
PMTR-72136

SSL Inspection

In some scenarios, the WSTLSD process may unexpectedly close, or a memory leak may occur.

PRJ-30698,
PRJ-30699,
PMTR-72756

SSL Inspection,
VPN

A memory leak in HTTPS Inspection and HTTPS portals may occur when using ECDHE ciphers.

PRJ-27294,
PRJ-27295,
VPNRA-761

Mobile Access

In rare scenarios, when SNX client is used with Application mode on the Mobile Access Blade, the VPND process may unexpectedly exit.

PRJ-28255,
PRJ-28256,
PRHF-16057

Mobile Access

In a rare scenario, the VPND process may unexpectedly exit causing user disconnections from Checkpoint Mobile client.

PRJ-29273,
PRJ-29274,
PRJ-29259,
PRJ-29260,
PRJ-29266,
PRJ-29267,
PRHF-3742,
PRHF-3700,
PRHF-3784

Mobile Access

In some scenarios, a memory leak may occur in the CVPND process.

PRJ-27787,
PMTR-64102

ClusterXL

Log shows that CCP encryption fails on each policy installation.

  • Fix is relevant for Gaia 3.10 only.

PRJ-29834,
PRHF-18898

ClusterXL

In a VRRP cluster, changes to the CCP encryption channel do not remain after reboot on Kernel 3.10. Refer to sk174968.

  • Fix is relevant for Gaia 3.10 only.

PRJ-28601,
PMTR-64228

ClusterXL

In some scenarios, in Load Sharing mode, the "cphaprob show_bond" command on the Security Management Server shows the back-up slave status as "Not Available". Refer to sk175469.

  • Fix is relevant for Gaia 3.10 only.

PRJ-28357,
PRJ-28358,
CORXL-251

ClusterXL

Clock jumps forward/backward may cause some operations to fail and the cluster to go down.

PRJ-30502,
PRJ-30503,
PRJ-30284

ClusterXL

In VSX Load Sharing (VSLS) environment, a disconnected bond LS interface impacts all VS's at the member regardless that the interface is connected to a specific VS.

PRJ-28222,
PRJ-28225,
PRJ-28054

SecureXL

In a rare scenario, DoS/Rate Limiting when using rules with country codes (CC) or autonomous system numbers (ASN) may not update Geo IP files correctly.

PRJ-26950,
PRJ-26951,
PMTR-70242

SecureXL

TCP packets may be dropped as "TCP out of state" although following sk11088.

PRJ-32937,
PRJ-32938,
PMTR-75157

SecureXL

In some scenarios, when configuring internal/external enforcement for DOS/Rate limiting, a syslog error message may be displayed.

PRJ-27817,
PRJ-27818,
PMTR-63965

Routing

If the interface cable is unplugged, after a failover, Border Gateway Protocol (BGP) stops receiving routes from Primary member to Secondary and back to Primary.

PRJ-31124,
PRJ-31125,
PMTR-73496

Routing

In rare cases, if Graceful Restart is not configured on the BGP peer, BGP routes may be lost near the Graceful Restart ending.

PRJ-26959,
PRJ-26960,
PMTR-65589

Routing

The ROUTED process may unexpectedly exit when candidate RP is enabled, and a rapid failover occurs or when the candidate RP interface is disconnected.

PRJ-28392,
PRJ-28393

Routing

The checksum of PIM "register" packets may be calculated incorrectly, causing the RP router to discard a "register" packet.

PRJ-28837,
PRJ-28838,
PMTR-51501

Routing

In some scenarios, an outage may occur because of premature graceful-restart exit.

PRJ-29494,
PRJ-29495,
ROUT-1745

Routing

BGP sessions may unexpectedly close because of unrecognized AFI/SAFI pairs in multiprotocol capability advertisements from a peer.

PRJ-26751,
PRJ-26752,
PRJ-26750

Routing

In some scenarios, the NetFlow Packet may report a wrong source IP Address.

PRJ-29317,
PRJ-29318,
ROUT-1721

Routing

AS path loops may occur, although BGP multihop is configured.

PRJ-29494,
PRJ-29495,
ROUT-1745

Routing

BGP sessions may unexpectedly close because of unrecognized AFI/SAFI pairs in multiprotocol capability advertisements from a peer.

PRJ-28955,
PRJ-28956,
PRHF-17739

Routing

The ROUTED process may unexpectedly exit.

PRJ-31484,
PRJ-31485,
PRHF-19472

Routing

In some scenarios, the Security Gateway may not forward traffic to a client if its IP address is changed by DHCP. Refer to sk175603.

PRJ-24054,
PRJ-24055,
PRHF-10260

Routing

In some scenarios, when using DHCP, the Security Gateway may not correctly route traffic to hosts.

PRJ-31471,
PMTR-68362

VPN

UPDATE: In policy installation, the type of messages related to VPN certificate expiration is changed from "info" to "warning". This issue is only cosmetic.

PRJ-28572,
PRJ-28573,
PRHF-17880

VPN

In some scenarios, Server connections to Remote Access L2TP clients may be unstable.

PRJ-28769,
PRJ-28770,
PMTR-71850

VPN

In some scenarios, in High Availability clusters with enabled CoreXL, SSL clients cannot connect to the Security Gateway because of incorrect license calculation.

PRJ-26528,
PRJ-26529,
PRHF-17627

VPN

In some scenarios, NAT-T traffic outages may occur after a cluster failover. Refer to sk175552.

PRJ-23978,
PRHF-12576

VPN

Remote Access users may randomly disconnect because the Tunnel test packets are mapped to the incorrect interface. Refer to sk172328.

  • Fix is relevant for Gaia 3.10 only.

PRJ-22116,
PRJ-22117,
PMTR-31204

VPN

In rare scenarios, after policy installation, the VPND process may unexpectedly exit with core dump.

PRJ-21636,
PRJ-21637,
PRHF-15318

VPN

VPN Logs show IP address octets in an unexpected (reversed) order. Refer to sk172807.

PRJ-28375,
PRJ-28376,
PMTR-71772

VPN

Improved VPN Site to Site tunnel establishment scenario with IKEv2. Refer to sk175092.

PRJ-27311,
PRJ-27312,
PRHF-14851

VPN

IPSec VPN uses the wrong source IP address when initiating NAT-T encrypted traffic. Refer to sk172805.

PRJ-28072,
PRJ-28073,
PRHF-18369

VPN

A Remote Access client fails to login when a DN record length is bigger than 256. Refer to sk174249.

PRJ-27672,
PRJ-27673,
PMTR-70855

VPN

In some scenarios, the user may not be able to connect because the CVPND process unexpectedly exits.

PRJ-27684,
PRJ-27685,
PMTR-70957

VPN

In a rare scenario, a memory leak may occur.

PRJ-27680,
PRJ-27681,
PMTR-71025

VPN

When saving the login info of the client, a memory leak may occur.

PRJ-27676,
PRJ-27677,
PMTR-71013

VPN

Reauthentication of the client may lead to a memory leak.

PRJ-27853,
PRJ-27854,
PMTR-71136

VPN

When deleting an entry from m_ht hash table, a memory leak may occur.

PRJ-27811,
PRJ-27812,
PMTR-71098

VPN

In some scenarios, the VPN tunnel between GCP cluster and GCP peer fails to establish.

PRJ-25140,
PRJ-25141,
PRHF-16647

VPN

In some scenarios, outbound traffic with NAT-T outgoing packets is sent from an incorrect link. Refer to sk176711.

PRJ-26397,
PRJ-26398,
PRHF-17622

VPN

Policy installation may fail when VPN community is not configured on the Security Gateway. Refer to sk174235.

PRJ-25881,
PRJ-25882,
PRHF-16370

VPN

In some scenarios, when DAIP peer initiates IKEv2 negotiation with certificate authentication, the VPND process may unexpectedly exit. Refer to sk174665.

PRJ-28312,
PRHF-12576

VPN

Remote Access users may randomly disconnect because the Tunnel test packets are mapped to the incorrect interface. Refer to sk172328.

PRJ-28510,
PRJ-28511,
PRHF-18408

VPN

In some scenarios, a memory leak may occur on the Security Gateway.

PRJ-28503,
PRJ-28504,
PRHF-18400

VPN

A memory leak may occur in the VPND process.

PRJ-29280,
PRJ-29281
PRHF-18818

VPN

In rare scenarios, re-configuring a trusted CA bundle may cause a memory leak in the VPND process.

PRJ-29480,
PRJ-29481,
PMTR-72463

VPN

A memory leak may occur in the VPND process in IKEv2 Site to Site VPN.

PRJ-29530,
PRJ-29531,
PRHF-18564

VPN

RIM script is not invoked for DAIP peer with Dead Peer Detection (DPD) permanent tunnels in passive mode.

PRJ-28560,
PRJ-28561,
PMTR-20176

VPN

In some scenarios, when sending the SCV drop log, a memory leak may occur.

PRJ-31105,
PRJ-31106,
PRJ-31112,
PRJ-31113,
PMTR-73487,
PMTR-73488

VPN

In some scenarios, a memory leak may occur in the VPND process.

PRJ-31145,
PRJ-31146,
PMTR-73511

VPN

In some scenarios, a memory leak may occur when using the SSL Network Extender (SNX) client to create a site.

PRJ-28262,
PRJ-28263,
PRHF-18295

VPN

A memory leak may occur when clearing the CRL cache file.

PRJ-31129,
PRJ-31130,
PMTR-73498

VPN

In some scenarios, a memory leak may occur in the VPND process.

PRJ-31287,
PRJ-31288,
PRHF-19707

VPN

Hardened the ability to use narrowed IKEv2 tunnels. Refer to sk166417.

PRJ-30762,
PRJ-30763,
PRHF-19548

VPN

In a very rare scenario, a cluster member may unexpectedly crash and restart, creating a core dump file.

PRJ-30327,
PRJ-30328,
PMTR-73629

VPN

In some scenarios, IKEv2 tunnel may not work due to SA expiration.

PRJ-30866,
PRJ-30867,
PRHF-19755

VPN

A memory leak may occur in the VPND process.

PRJ-29593,
PRJ-29594,
VPNS2S-2505

VPN

In a rare scenario, the IKEv2 negotiation appears successful, although it failed.

PRJ-31027,
PRJ-31028,
PRHF-19776

VPN

Many "remote access client IP address and port were changed" logs are printed after an upgrade.

PRJ-28604,
PMTR-48561

VSX

In a rare scenario, a cluster member may crash when running the "cphaconf show bond" command.

  • Fix is relevant for Gaia 3.10 only.

PRJ-29550,
PRJ-29551,
PRHF-18753

VSX

After a reboot, the VS's clish static ARPs configuration exists, but the static ARPs may be missing.

PRJ-27967,
PRJ-27968,
PMTR-35890

VSX

When querying a VS for "sysObjectID" viaSNMP, a generic netSNMP value is returned ("NET-SNMP-MIB::netSnmpAgentOIDs.10") instead of Check point value ("SNMPv2-SMI::enterprises.2620.1.6.123.1.62").

PRJ-26128,
PRJ-26131,
PMTR-53985

VSX

After upgrade, the VS names may be displayed incorrectly in the output of the "vsx stat -v" command.

PRJ-22689,
PMTR-65535

VSX

This fix allows create/change a VSX cluster/gateway to have up to 32 CoreXL instances with VSX Provisioning Tool. Currently, it is possible to do this only in SmartConsole.

PRJ-26559,
PRHF-17590

VSX

Multi-Queue configuration on VSX does not remain after reboot. Refer to sk173950.

  • Fix is relevant for Gaia 3.10 only.

PRJ-30312,
PRJ-30313,
PMTR-72515

Gaia OS

NEW: Gaia API (version 1.6) will now be deployed via Jumbo Hotfix. Refer to sk143612.

PRJ-26927,
PMTR-69753

Gaia OS

NEW: Added support for new card 4 ports 1/10GbE SFP+ Rev 4.1.

  • Fix is relevant for Gaia 3.10 only.

PRJ-30292,
PRJ-30293,
PMTR-72997

Gaia OS

UPDATE: Upgraded OpenSSL to 1.1.1L. Merged the CVE-2021-3711 and CVE-2021-3712 fixes.

PRJ-27708,
PRHF-18191

Gaia OS

UPDATE: The command "show multiple-queue Affinity" deprecation message was changed.
The new message is: "This command is deprecated. Please use: show interface VALUE Multi-queue."

  • Fix is relevant for Gaia 3.10 only.

PRJ-26997,
PRHF-17900

Gaia OS

Setting hashed SHA256/SHA512 expert password may fail with an error message: "set password-controls password-hash-type <password_hased> GAIA9999 Invalid Salted Hash". Refer to sk176703.

  • Fix is relevant for Gaia 3.10 only.

PRJ-27975,
PRJ-27976,
PMTR-69876

Gaia OS

A memory leak may occur on a Security Gateway while configuring Secure Internal Communication (SIC).

PRJ-28973,
PRJ-28794,
PRJ-28795,
PRHF-18683

Gaia OS

In a rare scenario, a memory leak may occur in the monitord process.

PRJ-27671,
PRHF-13802

Gaia OS

In some scenarios, the "show arp dynamic all" command displays values of VS0 instead of VS.

  • Fix is relevant for Gaia 3.10 only.

PRJ-25764,
PRHF-17216

Gaia OS

After 248 days of up time, the VMSS gateway sends a Cold restart alert reboot, but the VMSS does not reboot. Refer to sk173413.

  • Fix is relevant for Gaia 3.10 only.

PRJ-28683,
PMTR-71763

Gaia OS

In some scenarios, in appliances: 6600,6700,6900, Power Supply Unit (PSU) status information may be incorrect. Refer to sk174443.

  • Fix is relevant for Gaia 3.10 only.

PRJ-25248,
PMTR-68435

Endpoint Security

In some scenarios, the Policy Server fails to synchronize with Endpoint primary Management after installing a hotfix for local E1 signature updates.

PRJ-27331,
PRJ-27325

CloudGuard

  • Added support for Amazon Web Services (AWS) IMDSv2 in CloudGuard Controller
  • Improved connecting to GCP Data Center

PRJ-27032,
PRJ-27033,
PRHF-16098

QoS

In a rare scenario, in SmartView Monitor, some QoS traffic may be shown as "No Match".

PRJ-30232,
PRJ-30233,
PRHF-18342

QoS

In a rare scenario, the FWD process may unexpectedly exit due to invalid QoS logs.

PRJ-28052,
PMTR-71262

Scalable Plaforms

In some scenarios, bond interface slave fails to properly initialize and shows a partner system MAC address of 00:00:00:00:00:00.

  • Fix is relevant for Gaia 3.10 only.

PRJ-30016,
ODU-181

HCP

Added Update 5 of HealthCheck Point (HCP) Release. Refer to sk171436.

PRJ-30253,
PRJ-27245,
ODU-123

HCP

Added Update 3 of HealthCheck Point (HCP) Release. Refer to sk171436.

PRJ-24086,
PRJ-24087,
ODU-91

HCP

Added Update 2 of HealthCheck Point (HCP) Release. Refer to sk171436.

PRJ-22797,
PRJ-22798,
ODU-81

HCP

Added Update 1 of HealthCheck Point (HCP) Release. Refer to sk171436.

PRJ-22320,
PRJ-22321,
PRHF-15689

Infrastructure

In some scenarios, the cpmiquerybin and dbedit processes may unexpectedly exit causing a buffer overflow.

PRJ-31766,
PRJ-31767,
PRHF-19016

Infrastructure

Policy installation fails with "Operation failed, install/uninstall has been improperly terminated" when a CMA name is more than 36 characters long. Refer to sk175452.

Take 237

Released on 11 July 2021 and declared as General Availability on 31 August 2021

PRJ-26241,
PRJ-26233

Diagnostics

NEW: Added the Check Point Performance Sizing Utility (CPSizeMe) v5.2.

PRJ-24232,
PRJ-24233,
PMTR-64142

Licensing

UPDATE: If there is no license installed, the error message will be printed when running the cpstart command.

PRJ-24203,
PMTR-67200

Security Management

NEW: Trusted CAs updates for HTTPS Inspection can be configured to be installed automatically upon update. Refer to sk173629.

PRJ-25034,
SMCUPG-1653

Security Management

UPDATE: If there is no license on the Security Management Server, a new verification blocks an attempt to migrate a Domain.

PRJ-31072,
PRHF-19320

Security Management

UPDATE: Added an environmental variable to control the sduu command timeout in the FWM process: SDUU_UPDATE_TIMEOUT.

PRJ-24609,
PRJ-24610,
PMTR-63454

Security Management

Incorrect Mobile Access license status upon a license change.

PRJ-22383,
PRJ-26134,
PRHF-15325

Security Management

User may fail to connect to SmartConsole after the administrator changed the RADIUS server host IP address. Refer to sk172065.

PRJ-19633,
PRHF-14000

Security Management

The Management API command "get-attachment" may fail with an error. Refer to sk170894.

PRJ-26505,
PMTR-69683

Security Management

Policy verification may incorrectly fail with a NAT verification error "The range size of Original and Translated columns must be the same".

PRJ-26192,
PMTR-69529

Security Management

In a rare scenario, the FWM process may unexpectedly unexpectedly exit.

PRJ-21917,
PRHF-15491

Security Management

In some scenarios, the Desktop policy fails with "Policy installation had failed due to an internal error. If the problem persists please contact Check Point support". Refer to sk171970.

PRJ-21398,
PRHF-15001

Security Management

In rare scenarios, deleting an object fails with "Can't reach source object, maybe it already deleted" error. Refer to sk172828.

PRJ-25685,
PRHF-17286

Security Management

In some scenarios, a policy installation failure message may show "ReferenceObject" instead of the actual object's name.

PRJ-24050,
PMTR-66980

Security Management

If the Management Server is up for many days, the CPM process's memory consumption and CPU usage may increase consistently.

PRJ-23883,
PMTR-66708

Security Management

In some scenarios, when updating Check Point Host object to be a Network Policy Management and in addition configuring it as a Secondary Server, "Publish" fails with "Action Failed due to an internal error".

PRJ-22074,
PRHF-15725

Security Management

In rare scenarios, the Management Server may fail to start because Solr fails to initialize.

PRJ-26182,
PRHF-17487

Security Management

When running the "fwm logexport" command multiple times, the FWM process may unexpectedly exit, producing a core file.

PRJ-21966,
PRHF-15471

Security Management

Packet Mode search in rule base ignores matching of inline layer parent rules. In some scenarios, this may retrieve inline layer rules that should not be matched.

PRJ-26192,
PMTR-69529

Security Management

In a rare scenario, the FWM process may unexpectedly unexpectedly exit.

PRJ-24485,
PRHF-16631

Security Management

In very large Management environments, Policy verification and installation may fail with core dump. Refer to sk173722.

PRJ-23937,
CPM-3316

Multi-Domain Management

NEW: Once a day, Multi-Domain Management Servers will check for peers that are not synchronized. If such are identified, HA full sync will be automatically initiated at the MDS level.

PRJ-25890,
PMTR-69154

Multi-Domain Management

NEW: Added ability to create Domain Management Servers with a netmask different than the one of the Multi-Domain Server. Refer to sk173934.

PRJ-25516,
PRJ-25517

Multi-Domain Management

In rare scenarios, in a Multi-Domain environment with active Domains on multiple Multi-Domain Servers, when performing manual HA sync in one Domain, objects from another Domain are not shown in SmartConsole.

PRJ-22637,
PRHF-15727

Multi-Domain Management

In rare scenarios, the Multi-Domain Management Server may fail to start if Domains were previously deleted.

PRJ-24758,
PRHF-16660

Multi-Domain Management

Global Policy Assignments may be missing in Multi-Domain environment after upgrade from R77.x.

PRJ-23696,
PRHF-16119

Multi-Domain Management

Global Policy Reassignment may take a long time to complete after an IPS Update in the Global Domain.

PRJ-25408,
CPM-2542

Multi-Domain Management

In some scenarios, HA synchronization may fail on the MDS level with the "Failed to synchronize this peer due to purged revisions in the database." message.

PRJ-15876,
PRHF-11539

Multi-Domain Management

OS information for Domain Servers may not be shown correctly at the MDS level.

PRJ-26870,
PRHF-17640

SmartConsole

In some scenarios, the gateway hardware change in SmartConsole fails with "Changing the hardware to <New_Selected_Check_Point_Appliance> Appliances is blocked." warning.

PRJ-27299,
PMTR-70643

SmartView

After upgrade, SmartView scheduled export to Excel of Reports and Views stop running and users are unable to edit the scheduled tasks. Refer to sk174047.

PRJ-27070,
PMTR-70430

Compliance

In some scenarios on Multi-Domain environments, Compliance data is not synchronized between primary and secondary Domains.

PRJ-20256,
PMTR-57895

Logging

NEW: Log exporter allows the re-export of logs based on starting and end positions provided by the user, to close possible gaps. Refer to sk122323.

PRJ-21420,
PMTR-61503

Logging

NEW: The Log exporter now supports formatting for RSA SIEM application.

PRJ-25135,
PRHF-17079

Logging

NEW: Added support for JSON format in Log Exporter.

PRJ-25593,
SL-5164

Logging

UPDATE: The Log Server now supports up to 2700 Gateways (previously was 1024). Refer to sk163413.

PRJ-12425,
PRJ-12426,
PRHF-10612

Logging

In some scenarios, exported FireWall logs from a Security Gateway to an external syslog server (sk87560) contain a redundant new line character.

PRJ-16646,
PMTR-58979

Logging

In the SmartConsole Logs tab, the "IKE IDs" field cannot be added to column profiles.

PRJ-23819,
PRHF-12659

Logging

In rare scenarios, when querying logs with a timeframe larger than 1 day, only 50 logs from each day will be shown.

PRJ-24893,
PRJ-24892

Logging

Starting from Jumbo Take 216, logs exported in LogRhythm format via the Log Exporter, appear in an incorrect format.

PRJ-23578,
PMTR-65203

Logging

In some scenarios following a Multi-Domain Management Server upgrade, logs queries may not retrieve results from some CMAs\CLMs.

PRJ-24214,
PMTR-65200

Logging

In Multi-Domain environment, the same Domain may appear twice in the Domains view of the SmartEvent application.

PRJ-23762,
PRHF-16328

Logging

In rare scenarios, SmartConsole may unexpectedly close if the pre-defined VPN columns profile in the Logs view was modified and saved.

PRJ-22965,
PMTR-64536

Logging

In some scenarios, when exporting logs using the Log exporter tool and filtering on all Threat Prevention Blades, logs of the "Anti Spam" Blade are not exported.

PRJ-15230,
PRHF-12075

Logging

In SmartView, when creating a statistical table and grouping by Time, the query may fail.

PRJ-20618,
PRHF-14608

Logging

In SmartView, when filtering with specific time filters, the result may include more logs than was requested.

PRJ-25452,
PMTR-68670

Logging

In rare scenarios, logs generated at the same second, with the same ID, may not show up in SmartConsole's Logs tab.

PRJ-24481,
SL-5577

Logging

When a Management Server manages more than 1024 Gateways, the connectivity status may show "N/A" for several Gateways.

PRJ-25270,
PMTR-68358

Internal CA, VPN, Multi-Portal

UPDATE: The IKE certificate's validity period is set to 1 year by default. Refer to sk176527.

PRJ-26137,
PMTR-69466

Internal CA

UPDATE: Added automatic extension for Internal CA database to support more than 100,000 certificates.

PRJ-26700

Internal CA

Expired certificates cannot be deleted via the ICA Management Tool.

PRJ-21126,
PRJ-21127,
PRHF-13973

Security Gateway

UPDATE: Service with source port in the Access rulebase will no longer disable accept templates for all connections.

PRJ-24375,
PRJ-24376,
SMB-10515

Security Gateway

A memory leak in a DNS resolving I/S may occur.

PRJ-20980,
PRHF-14104

Security Gateway

In rare scenarios, the CPD process unexpectedly exits when the VPN is enabled, and statuses are not sent to the Management Server.

PRJ-23076,
PRJ-23077,
PMTR-65799

Security Gateway

Enhancement: Early drop optimization will work even if the UserCheck is not relevant for this connection.

PRJ-24007,
PRJ-24008,
PRHF-16196

Security Gateway

In rare scenarios, when the "sd_global_monitor_only" property is set to "true", there is no HTTP inspection.

PRJ-23271,
PRHF-15932

Security Gateway

In some scenarios, the "fw ctl affinity" command on MPDS Dplane does not show the Mplane Multi-Queue interfaces.

  • Fix is relevant for Gaia 3.10 only.

PRJ-22622,
PRJ-22623,
PRHF-15835

Security Gateway

In some scenarios, the VSX Cluster switch may cause a core dump.

PRJ-23425,
PRJ-23426,
PMTR-65909

Security Gateway

The VPND process may consume high CPU because of ECDHE use, which affects multi-portal functionality. Refer to sk173145.

PRJ-26374,
PRJ-26375,
PRJ-26257

Security Gateway

In a rare scenario, incorrect error messages regarding the ICAP client flow appear in dmesg.

PRJ-16919,
PRJ-16920,
PRHF-12897

Security Gateway

In rare scenarios, SmartView Monitor shows the "Error code: 2147483647" message when viewing data from a VSX Gateway. Refer to sk174206.

PRJ-24527,
PRJ-24528,
PRHF-16667

Security Gateway

In a rare scenario, the FWK process unexpectedly exits on the Security Gateway.

PRJ-25814,
PRJ-25815,
PRHF-16364

Security Gateway

Added Dynamic Anti-Spoofing stability enhancements.

PRJ-22736,
PRJ-22737,
PRHF-15578

Security Gateway

When Strict Hold is enabled in the fail-open configuration, some HTTPS connections may stuck.

PRJ-23946,
PRJ-23947,
PMTR-66474

Security Gateway

In a rare scenario, Security Gateway may crash when running in USFW (User-Space Firewall) mode.

PRJ-23340,
PRHF-16111

Security Gateway

Boot may take a long time on machines with many VLANs or secondary IP addresses.

  • Fix is relevant for Gaia 3.10 only.

PRJ-25735,
PRJ-25736,
PRHF-16886

Security Gateway

In some scenarios, Security Gateway may crash when ICAP client is enabled.

PRJ-25617,
PRJ-25618,
PRHF-15688

Security Gateway

In a rare scenario, Security Gateway may crash when handling some DNS packets.

PRJ-25907,
PMTR-69241

Security Gateway

In a rare scenario, machine hangs and user is unable to run any command. Refer to sk173405.

PRJ-24124,
PRJ-24125,
PRHF-15896

Security Gateway

RADIUS authentication failure messages are written to SmartConsole logs but not presented to a user. Refer to sk173927.

PRJ-21268,
PRJ-21269,
PMTR-56012

Security Gateway

In some scenarios, emails may be stuck in the MTA queue.

PRJ-24518,
PRJ-24556

Gaia OS

In some scenarios, when adding a "#" in the login banner, the banner becomes corrupted.

PRJ-25390,
PRJ-25391,
PRHF-17173

Security Gateway

In some scenarios, there is no match on URL Filtering rules.

PRJ-25599,
PRJ-25600,
PRHF-12228

Security Gateway

In some scenarios, packets are dropped due to incorrect SACK translation when SACK and sequence translation are being used together.

PRJ-24416,
PRHF-16452

Security Gateway

In a rare scenario, Security Gateway may crash under heavy load during cluster failover.

  • Fix is relevant for Gaia 3.10 only.

PRJ-23846,
PRJ-23847,
PRHF-15781

Security Gateway

In some non-VPN scenarios, MSS Adjustment (Clamping) does not work.

PRJ-26149,
PRJ-26150,
PMTR-69312

Security Gateway

In a rare scenario, a memory leak may occur when IPS / Anti-Bot / Anti-Virus Blade is enabled.

PRJ-25550,
PRJ-25551,
PMTR-67991

Security Gateway

In some scenarios, connections are dropped with the "Virtual defragmentation error: fragment table is full" message. Refer to sk180404.

PRJ-25154,
PRJ-25155,
PMTR-67534

Security Gateway

When running the "fwaccel stats -r" command to reset the SXL statistics, the statistics may become corrupted.

PRJ-27039,
PRJ-27038,
PMTR-67834

Security Gateway

VSX provisioning may fail to commit changes to the VSX database. Refer to sk173683.

PRJ-22945,
PRJ-22946,
PMTR-55080

Security Gateway

In rare scenarios, policy installation fails with "gen_rpc_service_inspect_func: <service name> mismatch in service_arr" error message. Refer to sk174165.

PRJ-23456,
PMTR-66212

Security Gateway

In some scenarios, values set in fwkern.conf file may not be applied correctly.

PRJ-14275,
PRHF-7150

Security Gateway

In some scenarios, SCCP traffic may be dropped by the Security Gateway. Refer to sk108124.

  • Fix is relevant for Gaia 3.10 only.

PRJ-24835,
PRJ-24836,
PRHF-15080

Security Gateway

In some scenarios, when moving Mobile Access from Legacy to Unified Policy, previously configured native application may unexpectedly exit. Refer to sk172935.

PRJ-23063,
PRJ-23064,
PMTR-63142

Security Gateway

Improved displayed drop log messages on the Security Gateway:

  1. To see drops since the last reboot, use the fw ctl drop command.
  2. To see drops in real time, use the CPView tool.

Refer to sk172232.

PRJ-18865,
PRJ-18866,
PRHF-13722

Security Gateway

In rare scenarios, DynamicID authentication fails with "server_code 403 log_msg General HTTP error" message in vpnd.elg. Refer to sk170303.

PRJ-27160,
PRJ-27161,
PRHF-16851

Security Gateway

In rare scenarios, running "fw1 + misp" debug on cluster may cause Security Gateway to crash.

PRJ-26616,
PRJ-26617,
PRHF-17663

Security Gateway

In some scenarios, "[INFO] encode resource in base64 failed" messages generated by the RAD process are shown in /var/log/messages file.

PRJ-26593,
PRJ-26594,
PMTR-70023

Security Gateway

Configuring the "Virtual Activation Timeout" option above 65535 may lead to an incorrect timeout definition.

PRJ-23265,
PMTR-49906

Threat Prevention

In rare scenarios, the "fw load_sigs" command fails to exit appropriately after completing.

PRJ-23775,
PRJ-23927,
PMTR-66261

Anti-Bot

UPDATE: Anti-Bot URL cache was enhanced to support further requests.

PRJ-25746,
PRJ-25747,
PMTR-67597

Identity Awareness

NEW: Added a new Auto-Tune feature for Nested Groups to select the optimal nested state for maximum performance.
The feature is disabled by default. To enable it, refer to sk128212.

PRJ-25388,
PRHF-10292

Identity Awareness

In Identity Awareness Captive portal, the default Check Point logo is displayed even if the user-defined logo is configured. Refer to sk133492.

  • Fix is relevant for Gaia 3.10 only.

PRJ-25923,
PRJ-25924,
PMTR-68088

Identity Awareness

Optimized the PDP expired timers mechanism performance.

PRJ-26229,
PRJ-26231,
IDA-4019

Identity Awareness

When the PDP gateway is connected to multiple pre-R81 PEP gateways, the CPU consumption may be high. Refer to sk173709.

PRJ-26201,
PRJ-25544

Anti-Virus

In a rare scenario, the Security Gateway may crash when working with Anti-Virus.

  • Fix is relevant for Gaia 3.10 only.

PRJ-21769,
PRJ-21770,
PMTR-58795

Application Control

A failure log may be generated when inspecting connections to servers with certificates without a common name (CN) field.

PRJ-24630,
PRJ-24631,
TEX-2201

UserCheck

In rare scenarios, when clicking the "Send Original Mail to me" button (sk140214) in the UserCheck portal for Threat Extraction, action fails with "An unexpected error has occured..." error message.

PRJ-23979,
PRJ-23981,
PRHF-16392

UserCheck

Sensitive file push.js may be visible on the Security gateway.

PRJ-23034,
PRJ-23035,
PMTR-65728

Anti-Malware

In rare scenarios, Security Gateway may crash if event app debug is enabled.

PRJ-23039,
PRJ-23040,
PMTR-65729

Anti-Malware

In a rare scenario, Security Gateway may crash during the Application Control / IPS / Anti-Bot package update.

PRJ-24779,
PRJ-24780,
PRHF-16849

Anti-Malware

In a rare scenario, the Security gateway may crash with the "Problem with the Commit Function" error during policy installation. Refer to sk173248.

PRJ-23297,
PRJ-23299,
PRJ-23295

IPS

UPDATE: Added support for PM statistics when IPS is disabled.

PRJ-25198,
PRJ-25199,
IPS-352

IPS

In some scenarios, the DNS response message with record type 0 may be dropped by "Non compliant DNS" protection.

PRJ-24982,
PRJ-24982,
PRJ-24932

IPS

In a rare scenario, Security Gateway crashes when Threat Prevention Forensic Log feature is enabled.

PRJ-24344,
PRJ-24381,
PRHF-16288

IPS

Improved the HTTP protocol handling.

PRJ-20711,
PRHF-13454

IPS

In rare scenarios, policy installation fails due to duplicate id in IPS Snort protections.

PRJ-19938,
PRJ-19939,
PMTR-58379

SSL Inspection

UPDATE: Avoid sending the TLS probe during inbound inspection when it is not necessary for the SNI-based categorization.

PRJ-21689,
PRJ-21691,
PMTR-63310

SSL Inspection

UPDATE: Avoid sending the TLS probe during the inbound inspection when a rule is matched according to the IP address.

PRJ-20678,
PRJ-20679,
PRHF-14540

SSL Inspection

A table hash size may be too small for some environments and cause an increased CPU usage.

PRJ-26742,
PRJ-26743,
PRHF-4657

SSL Inspection

Added an option to bypass Name Constraints extension on certificates using a registry flag. Refer to sk159692.

PRJ-19854,
PRJ-19855,
PMTR-61029

SSL Inspection

TLS probing failures generate logs with a general description in SmartLog: "Internal system error in HTTPS Inspection (Error Code: 2)". With this fix, more descriptive logs will be generated.

PRJ-24460,
PRJ-24470,
PMTR-65718

SSL Inspection

In some scenarios, memory leaks may occur after policy installation.

PRJ-24467,
PRJ-24469,
PMTR-66181

SSL Inspection

In rare scenarios, the WSTLSD daemon may unexpectedly exit during TLS probing.

PRJ-25177,
PRJ-25192,
PRHF-14178

SSL Inspection

In some scenarios, when HTTPS Inspection is enabled, overall memory consumption may gradually increase. Refer to sk171280.

PRJ-24666,
PRJ-24204

ClusterXL

The Gaia Clish command "set snmp traps trap clusterXLFailover enable" fails with "Bad Command Unknown Trap name." Refer to sk173810.

  • Fix is relevant for Gaia 3.10 only.

PRJ-24143,
PRJ-24144,
PMTR-67140

SecureXL

UPDATE: Firewall debug drop template message now indicates the rule ID the template was created from.

PRJ-24650,
PRJ-24651,
PMTR-67738

SecureXL

In some scenarios, the "reached the limit of maximum enqueued packets!" log is printed in the /var/log/messages file.

PRJ-17459,
PRJ-17460,
PRHF-13183

SecureXL

SecureXL keeps forwarding packets in VSX bridge mode when the member is down. Refer to sk169495.

PRJ-23458,
PRJ-23459,
PRHF-16084

SecureXL

A race condition in the DOS/Rate limiting policy's install logic may cause incorrect counter values for "concurrent-conns".

PRJ-22788,
PRJ-22789,
PMTR-65162

SecureXL

In a rare scenario, Security Gateway may crash after running the "fwaccel tab -t connections" command.

PRJ-25509,
PRHF-16656

SecureXL

In a rare scenario, Security Gateway may crash when generating CPInfo in VSX mode.

  • Fix is relevant for Gaia 3.10 only.

PRJ-27222,
PRJ-27223,
PRHF-17921

SecureXL

In some scenarios, SYN Defender log messages in SmartConsole show "*** MISSING ***" instead of the real log.

PRJ-24539,
PRJ-24540,
PMTR-67556

SecureXL

In a VSX environment, the SYN Defender configuration may not be applied correctly.

PRJ-27224,
PRHF-17734

SecureXL

Invalid VLAN traffic may cause repeated "deliver_list is empty!!!" error messages in the /var/log/messages file.

  • Fix is relevant for Gaia 3.10 only.

PRJ-24475,
PRJ-24476,
PRHF-16658

Routing

UPDATE: Allow "set bgp internal peer <value> send-route-refresh" commands.

PRJ-16532,
PMTR-54703

Routing

UPDATE: User does not have to enable logging/accounting in SmartConsole to generate the Netflow records. New "NetFlow Firewall rule" option was added to configure NetFlow to report per Firewall rule by turning it on and enabling Log/Accounting per rule.

PRJ-23247

Routing

VRRP member freezes when deleting a VLAN interface. Refer to sk106226.

PRJ-24789,
PMTR-48384

Routing

In some scenarios, OSPF configured with unnumbered VTI on cluster frequently moves between "Full" and "EXSTART" status.

PRJ-24714,
PRJ-24715,
PRHF-16801

Routing

In OSPF environment, the ROUTED process may unexpectedly exit when a VPN tunnel is flapped leading to a temporary connectivity loss.

PRJ-24968,
PRJ-24969,
PMTR-48361

Routing

Graceful restart has been enhanced to tolerate a non-standard behavior by peers of closing BGP connection before getting established.

PRJ-25040,
PRJ-25043,
PRHF-16981

Routing

In a rare scenario, the ROUTED process unexpectedly exits when creating an MFC (S,G) entry. Refer to sk176685.

PRJ-25993,
PRJ-25994,
PMTR-69290

Routing

In some scenarios, the monitored IP option "force-if-symmetry" does not detect the asymmetric ping properly.

PRJ-24386,
PRJ-24387,
MBS-12759

Routing

In rare scenarios, a Load Sharing cluster can experience DHCP relay drops with the "dropped by fw_post_vm_chain_handler Reason: Handler 'dhcp_reply_code' drop" message.

PRJ-25316,
PRJ-25317,
PMTR-68232

Routing

In some scenarios, CPView displays incorrect values of RIP statistics.

PRJ-27043,
PRJ-27045,
PMTR-57379

Routing

The ROUTED process with Ping enabled always gets reset during Clish reconfiguration.

PRJ-26967,
PRJ-26968,
PMTR-66574

Routing

In some scenarios, the ROUTED process may produce a core dump when it receives IGMPv3 Membership Reports over a long period of time.

PRJ-27057,
PRJ-27058,
PRHF-17925

Routing

In some scenarios, the ROUTED process may unexpectedly exit when there is a static route and a kernel route to the same destination.

PRJ-25914,
ROUT-1502

Routing

NetFlow packets are sent from the individual VS IP address instead of VS0.

  • Fix is relevant for Gaia 3.10 only.

PRJ-23090,
PRJ-23091,
PRHF-12121

Mobile Access

In some scenarios, FWK process unexpectedly exits due to SNX authorization timeout in MAB's Unified Policy mode. Refer to sk173125.

PRJ-22330,
PRJ-22331,
PMTR-21454

Mobile Access

In some scenarios, the VPND process unexpectedly exits in SNX Application Mode.

PRJ-23722,
PMTR-60065

Mobile Access

Remote Access session may not be synced on the standby member VS.

  • Fix is relevant for Gaia 3.10 only.

PRJ-23729,
PRJ-23730,
PRHF-16302

Mobile Access

In some scenarios, when configuring the "X-Forwarded-For" header to MAB reverse proxy, the header is passed in reverse order.

PRJ-22804,
PRJ-22805,
SNX-61

Mobile Access

When the administrator adds more than 30 native applications, users may fail to connect via SSL Network Extender Application mode.

PRJ-25219,
PRJ-25220,
PRHF-17088

Mobile Access

Improved the Portal Rendering performance in Unified Policy mode.

PRJ-24685,
PRHF-16135

Mobile Access

In some scenarios, the HTTPD process consumes a high CPU causing slowness in access to web applications.

PRJ-24815,
PRJ-24814,
VPNS2S-2313

VPN

UPDATE: Added VPN improvements in IKEv2:

  • Added support for IKEv2 authentication when using multiple certificates.
  • Added support for "Matching info" authentication.

PRJ-24917,

PRJ-24933,

VPNS2S-2235

VPN

UPDATE:

  • Improved Site to Site VPN stability when it is configured with NAT.

  • Enabled the global parameter "offer_nat_t_initator" by default. Refer to sk32664.

 

VPNS2S-2313

VPN

"Invalid ID information" message may be displayed when peer is 3rd party and Link selection is overridden.

VPNS2S-2313

VPN

IKEv2 may cause the VPND process to unexpectedly exit when IKEv2 rekey uses certificates.

VPNS2S-2313

VPN

  • Stability improvement of IKEv2 rekey when using Pre-shared-key
  • Stability improvement of cluster synchronization mechanism

PRJ-25051,
PRJ-25052,
PRHF-16121

VPN

In some scenarios, user may not be able to connect because the VPND process unexpectedly exits.

PRJ-25131,
PRJ-25132,
PMTR-68208

VPN

In some scenarios, the VPN Remote Access client cannot reconnect after changing the authentication method.

PRJ-21940,
PRJ-21941,
PRHF-15509

VPN

In some scenarios, VPN Remote Access users are disconnected after policy installation. Refer to sk171966.

PRJ-24250,
PRJ-24251,
PRHF-15984

VPN

In some scenarios, the TTM (Transform Template) file is not loaded when there are no TTM groups for the user.

PRJ-14270,
PRJ-14271,
PRHF-9691

VPN

Added IKE improvement for DAIP peer with ID_DER_ASN1_DN ID type.

PRJ-24400,
PRJ-24401,
PRHF-16421

VPN

In some scenarios, DAIP gateways may be identified as Remote Access, causing the connection to fail. Refer to sk173417.

PRJ-25487,
PRJ-25488,
PMTR-68687

VPN

In VSX environments, Anti-Spoofing in SecureXL may cause Remote Access VPN drops. Refer to sk173266.

PRJ-24858,
PRJ-24859,
PRHF-16883

VPN

The VPND process may unexpectedly exit when cipher priority configuration is invalid. Refer to sk173083.

PRJ-23972,
PRJ-23973,
PMTR-65986

VPN

In some scenarios, the IKED process unexpectedly exits producing a core dump.

PRJ-22526,
PRJ-22527,
PMTR-64500

VPN

When Multiple Factor Authentication is configured with DynamicID , VPN clients may receive four password prompts. Refer to sk144932.

PRJ-26202,
PRJ-26203,
PMTR-68557

VPN

MEP failover with 3rd party vendors may not work correctly.

PRJ-26339,
PRJ-26340,
PMTR-69135

VPN

In some scenarios, Phase 2 NULL encryption in IKEv2 fails with "Received notification from peer: No proposal chosen" message in the log.

PRJ-25334,
PRJ-26237,
VPNS2S-2335

VPN

In some scenarios, the "Illegal sequence number" error may be printed in Dead Peer Detection (DPD) debug.

PRJ-26265,
PRJ-26266,
PMTR-68840

VPN

In some scenarios in MEP configuration, failover to available MEP members may fail.

PRJ-26933,
PRJ-26932,
PMTR-70367

VPN

In some scenarios, the VPND process unexpectedly exits after installing the policy.

PRJ-27738

VPN

In some scenarios, NAT-T traffic is sent to the wrong next-hop MAC address.

  • Fix is relevant for Gaia 3.10 only.

PRJ-26621,
PRJ-26622,
PRHF-17733

VPN

Added VPN stability improvement in IKEv2.

PRJ-25983,
PRJ-25984,
PMTR-65599

VPN

In rare scenarios, IKE negotiation fails when using IPv6 addresses.

PRJ-25310,
PRJ-25311,
PRHF-17101

VPN

In rare scenarios, all traffic is dropped with "Rulebase Internal Error" in SmartLog.

PRJ-24804,
PRJ-24806,
PRHF-16698

VPN

Site to Site VPN connectivity issue when NAT is enabled.

PRJ-26440,
PRJ-26441,
PMTR-69836

VPN

In rare scenarios, a memory leak related to gateway authentication may occur.

PRJ-26438,
PRJ-26437,
PRHF-2715

VPN

In a rare scenario, a memory leak may occur when RASession_util is active.

PRJ-26431,
PRJ-26432,
PMTR-69479

VPN

In a rare scenario, the IKED process stops with core dump when using Office Mode IP allocation for clients and users cannot connect.

PRJ-21428,
PRJ-21429,
PRJ-21430,
PRJ-21424

Gaia OS

NEW: Added support for hardware (sensors/NICs) data auto-update.

PRJ-25670,
PRHF-16999

Gaia OS

In some scenarios, the driver's (i40e) response time for MQ settings takes a too long time.

  • Fix is relevant for Gaia 3.10 only.

PRJ-26111,
PRJ-24594,
PRJ-24595,
PRHF-16780

Gaia OS

When the RADIUS server uses a multi-pool "Access Challenge", the system sends many authentication requests without waiting

PRJ-24492,
PRHF-16665

Gaia OS

In a rare scenario, the Security Gateway may become unresponsive. Refer to sk172827.

  • Fix is relevant for Gaia 3.10 only.

PRJ-24508

Gaia OS

In some scenarios, when adding a "#" in the login banner, the banner becomes corrupted.

  • Fix is relevant for Gaia 3.10 only.

PRJ-24371,
PRJ-25003,
PRJ-24372,
PMTR-49877

Gaia OS

In some scenarios, the force-password-change option does not work.

PRJ-23965,
PRHF-16338

VSX

UPDATE: Added ability to change the Management and Sunc interfaces via vsx_util change_interfaces.

PRJ-25022,
PRJ-25023,
PRHF-14371

VSX

In some scenarios, the "cpstat vsx" command does not show the correct output. Refer to sk170793.

PRJ-5187,
PMTR-32931

VSX

In some scenarios during shutdown, the FWK process may unexpectedly exit producing a core dump when VSX gateway is upgraded to R80.30.

PRJ-25726,
PRJ-25727,
PMTR-68887

QoS

A memory leak may occur when using domain names in QoS policy rules. Refer to sk174904.

PRJ-24289,
ODU-83

Smart-1 Cloud

Added Update #1 of Quantum Smart-1 Cloud. Refer to sk166056.

PRJ-25384,
PRHF-17170

CloudGuard IaaS

CloudGuard Controller with Cisco ACI Data Center sends updates without IP addresses to Security Gateways.

PRJ-23351,
PRHF-13883

CloudGuard IaaS

The SNMP response may show incomplete values.

PRJ-21719,
PMTR-64430

CloudGuard Azure

Improved performance consistency (with Multi-Queue) after the Microsoft Azure Maintenance event.

Take 236

Released on 11 May 2021 and declared as General Availability on 1 June 2021

PRJ-25945,
PRJ-25946,
CLUS-1804

ClusterXL

In some scenarios, the user cannot run any dynamic routing or install any static routes, including the default route.

-

VPN

Hardened the ability to use narrowed IKEv2 tunnels. For more information, refer to sk166417.

Take 235

Released on 26 Apr 2021

PRJ-24911,
PMTR-67937

Security Management

"Unauthorized client" error on login failure from an IP address that is not explicitly defined in the Trusted Clients list. Refer to sk173026.

PRJ-9515,
PRHF-8550

Security Management

The Rule UID is hidden in Audit logs. Refer to sk165016.

PRJ-23921,
PMTR-64482

Security Management

SmartConsole Extensions fail to load with "Error: unable to retrieve read-only session" if login with SmartConsole is performed with an IP address that is not defined as the primary IP of the Management Server.

PRJ-22609,
SMCUPG-1375

Security Management

In some scenarios, a Domain migration may fail during the Access Policy import with the "Object not found" error in cpm.elg file.

PRJ-22440,
PRHF-15754

Security Management

Upgrade or migration from R80.10 and lower to R80.20 and higher may fail with "Scheme adjustment had failed" error in logs. Refer to sk172003.

PRJ-22122,
PMTR-61785

Security Management

Running override_server_setting.sh may not update settings correctly when updating a setting multiple times.

PRJ-15904,
PRHF-12367

Security Management

Security policy compilation fails if the Domain network object name (FDQN name) contains space.

PRJ-17232,
PRHF-12911

Security Management

In some scenarios, Apache does not start and shows a "No space left on device" message if the user runs "cprestart" frequently.

PRJ-23772,
PMTR-66072

Security Management

"Query failed" error is displayed in Security Gateway Device & License Information view in SmartConsole when canceling the "Export to PDF/CSV" operation.

PRJ-22871,
PRHF-15786

Security Management

In some scenarios, policy installation fails with "Error code 0-2000077" message.

PRJ-20808,
PRJ-20809,
PMTR-62949

Security Management

On Security Management with connected Endpoint Security Server, the SICTUNNEL process may unexpectedly exit and start again every few minutes with core file ~4gb in size. Refer to sk173704.

PRJ-22210,
PMTR-61168

Security Management

In rare scenarios, concurrent update operations performed by several administrators on the Management Server may fail.

PRJ-22129,
PMTR-61861

Security Management

In a rare scenario, Management HA synchronization fails after the Purge Revisions operation.

PRJ-13069,
PRHF-11089

Security Management

In rare scenarios, during a Global Policy Reassignment, the Management Server may unexpectedly exit and fail to start again.

PRJ-22631,
PMTR-62650

Multi-Domain Management

UPDATE: Improved the Domain Management Server and Domain Log Server creation and deletion operations.

PRJ-23158,
PMTR-64136

Multi-Domain Management

UPDATE: Added stabilization improvement for Assign and Reassign Global Policy operations.

PRJ-22579,
SMCUPG-1625

Multi-Domain Management

In some scenarios, HA Full Sync on the System Domain fails after upgrade on a Multi-Site environment with multiple Multi-Domain Servers. Refer to sk171059.

PRJ-22595,
PRHF-15856

Multi-Domain Management

Create Domain action may fail with a "License violation detected" error even though CPSM-DOMAINS-1 license is applied on the Management Server.

PRJ-24019,
PMTR-66953

Multi-Domain Management

In some scenarios, after upgrade of Multi-Domain environment that has active Domains on multiple Multi-Domain servers, some objects may not be visible in the System Domain.

PRJ-21911,
PMTR-64572

Multi-Domain Management

In some scenarios, installation of Jumbo Hotfix on Multi-Domain Server may fail after running restore from backup.

PRJ-22521,
PMTR-65290

Multi-Domain Management

In some scenarios, Reassign Global Domain for a Domain that is active on another Multi-Domain Server may fail with "An internal error has occurred" message. Refer to sk172704.

PRJ-22137,
PMTR-64481

Multi-Domain Managemen

A Multi-Domain Server with dozens of Domains may take a long time to start.

PRJ-23542,
PMTR-66182

Multi-Domain Managemen

In some scenarios, HA sync in a Multi-Domain environment may fail with the "Failed to import data" error message after the user creates new Permission Roles.

PRJ-13189,
PRHF-11482

Multi-Domain Management

In a rare scenario, Advanced upgrade from R80.10 may fail.

PRJ-19498,
PMTR-61526

SmartConsole

"The object specified in 'Always send alerts to' field, has no active 'Logging & Status' Blade" error may be displayed after running the "add-simple-gateway" command in Management HA environments where one of the Security Management servers has the "Logging & Status" Blade disabled. Refer to sk172226.

PRJ-21622,
PRHF-15156

SmartConsole

In some scenarios, FWM process logs show Provisioning/LSM activity even though LSM is not in use. Refer to sk171905.

PRJ-22217,
PMTR-32568

SmartConsole

In some scenarios, a validation warning may appear on an updatable object with the following message: "Object is no longer supported. Enforcing security for this object is not possible." However, the object is still available in the updatable objects picker.

PRJ-17275,
PMTR-59746

SmartConsole

The "Recent Tasks" view allows only Super Users to view other administrators' tasks.

PRJ-21182,
PMTR-61750

Logging

NEW: Resource pools for log queries and report generation have been separated to ensure query responsiveness while multiple reports are generated.

PRJ-18558,
PRHF-13614

Logging

In the "Logs" view in SmartConsole, when the query filter contains "time:yesterday" as a literal, the query fails with a "Query resolution failed" error. The pre-defined time filter "Yesterday" shows results from today. Refer to sk170999.

PRJ-23154,
PMTR-62454

Logging

When viewing an Access log card that was matched on both a Network layer (firewall) rule and an Application layer rule, and both actions are "Accept", the application layer rule will be presented in the card instead of the network layer rule. Refer to sk172763.

PRJ-23203,
PMTR-65244

Logging

In rare scenarios, when creating a Log server object and establishing SIC, log queries from the newly created Log server object may fail.

PRJ-23007,
PRHF-15886

Logging

In rare scenarios, when the user exports logs to Excel using SmartView web, the action fails when the exported logs contain special characters, like emojis.

PRJ-21113,
PRJ-24227

Logging

In some scenarios, when declaring a filter in Log Exporter, logs may not be exported. Refer to sk173025.

PRJ-23414,
PMTR-60082

Logging

In SmartView's "Cyber Attack View - Endpoint", the widgets Active/Dormant Attacks and Cleaned/Blocked Attacks show clean hosts as infected (false positive results).

PRJ-17118,
PMTR-59484

Logging

In SmartView, chart and timeline widgets may show a "Query Failed" error.

PRJ-21305,
PMTR-62117

Logging

  • In environments with more than 500K network objects, the log_indexer process may lead to a memory leak.
  • In some scenarios, when there are offline logs to index, queries are slower than expected.

PRJ-15783,
PRHF-11889

Logging

In SmartView, when the user exports a container widget with charts to PDF, some data may be missing, and the charts may be shown in a distorted manner.

PRJ-22183,
PMTR-58496

Logging

In SmartView, when the user exports multiple PDF/CSV/Templates of the same view/report at the exact same time, the second export to complete may overwrite the first one.