Take 135 - Ongoing

List of Resolved Issues and New Features

Note - This Take contains all fixes from all earlier Takes.

ID	Product	Description
Take 135 Released on 13 January 2020
PRJ-6822, PMTR-37053	Upgrade Tools	In some scenarios, cannot export a database using the migration tools of the current version while there are open sessions in the database.
PRJ-4930, PMTR-41602	Upgrade Tools	In some scenarios, the FWM process fails to start after a successful upgrade with the "Found an indication that the current domain was migrated, and the migration had failed. Cannot start after a migration failure" message in the fwm.elg file.
PRJ-7423, PRJ-7424, PMTR-44671	Infrastructure	In some scenarios, Anti-Bot/ Anti-Virus / IPS / Threat Emulation Blade update fails with "Curl error code 56".
PRJ-5918, PMTR-39797	Security Management	In a rare scenario, the $CPDIR/tmp/ directory is filled with "CKP_mutex::_opt_CPsuite-RXX_fw1_log__..." files. Refer to sk36754. Fix is relevant for Gaia 3.10 only.
PRJ-2341, PMTR-38095	Security Management	In a rare scenario, the Security Management server does not start due to a missing object, or a duplication of objects.
PRJ-5717, PMTR-42089	Security Management	In some scenarios, upgrade from R7x is not aborted when there is not enough disk space to complete the import operation.
PRJ-5665, PRHF-6087	Security Management	In some scenarios, purge revisions fails and blank lines that cannot be deleted, appear in SmartConsole Revisions view. Refer to sk163116.
PRJ-5757, PMTR-43497	Security Management	High Availability synchronization between Management Servers may fail when there is no enough disk space in the root partition.
PRJ-5661, PRHF-5965	Security Management	Blank lines may appear in SmartConsole Purge Revisions view after purging a large database.
PRJ-4971, PRHF-5435	Security Management	In some scenarios, disconnected sessions with no changes or locks appear in SmartConsole session view.
PRJ-4835, PRHF-5419	Security Management	The FWM process may unexpectedly exit when an incorrect license SKU with a specific format is applied.
PRJ-5656, PRHF-5776	Security Management	In some scenarios, cpm_status.sh reports incorrect CPM status. Refer to sk162633.
PRJ-5097, PMTR-41712	Security Management	When an administrator edits the description of a revision, he becomes the publisher of the revision.
PRJ-7040, PRHF-6722	Security Management	The 'FWM sic_reset' command does not print which object still has an IKE certificate.
PRJ-5245, PRJ-5250	Multi-Domain Management	NEW: Added the Domain Management Migration, Backup and Upgrade feature: Backup and restore an individual Domain Management Server on a Multi-Domain Server. Migrate a Multi-Domain Security Management from one Multi-Domain Server to a different Multi-Domain Server. Migrate a Security Management Server to become a Domain Management Server on a Multi-Domain Server. Migrate a Domain Management Server to become a Security Management Server. For more information see sk156072.
PRJ-3688, PMTR-7744	Multi-Domain Management	"dleserver.utils.UidManager" errors on cma_migrate failure on Multi-Domain Server upgraded from R80.
PRJ-6670, PMTR-44148	Multi-Domain Management	In some scenarios, traffic outage may happen after policy installation from Multi-Domain SmartConsole. Refer to sk163712.
PRJ-7106, PRHF-6605	Multi-Domain Management	The cma_migrate may fail if the IPS version does not exist on the R80.x Multi-Domain Management Server.
PRJ-6869, PRJ-6870, PMTR-44390	Multi-Domain Management	Improved Domain/CMA logs visibility.
PRJ-5067, PRJ-5030	SmartConsole	NEW: Added integration of Management API with Ansible 2.9. For more info, see: https://galaxy.ansible.com/check_point/mgmt
PRJ-6126, PRHF-6532	SmartConsole	In some scenarios, the "Installed IPS Version" information is empty in the "Gateways and Servers" view.
PRJ-3549, PRJ-7071	SmartConsole	In a rare scenario, when editing a Star VPN community, SmartConsole terminates.
PRJ-6934, PRHF-6842	SmartConsole	Threat prevention policy installation may include wrong topology warning on VSX cluster interfaces.
PRJ-5525, PRHF-5527	SmartConsole	In some scenarios, applying "Where used" from the local Domain on an object that is used in global policies, may return results from the global policies that are not assigned to the local Domain. Refer to sk162753.
PRJ-6642, PRHF-6606	SmartConsole	In some scenarios, administrator cannot open the 'RemoteAccess' - VPN community object for editing.
PRJ-5374, PMTR-43427	SmartConsole	In Multi-Domain environment, IPS protections become staging on each domain after global policy assignment while the protection does have override/staging status in the global domain.
PRJ-2438, PRHF-4184	SmartConsole	When disabling NAT for a network object and searching for the NAT IP address, the network object is still shown as part of the search results even though it should not be.
PRJ-1678, SL-1890	SmartView	In some scenarios, Hit Count on specific rules does not increment after they were recently created or re-ordered. Refer to sk138033.
PRJ-5630, PRHF-5810	SmartView	In SmartView, when exporting logs to Excel after drill-down, the amount of logs is less than expected. Refer to sk162621.
PRJ-6047, PRJ-6048, PMTR-43654	Security Gateway	Improved misleading log for connections that terminate before detection.
PRJ-3350, PRJ-6729, SWG-2013	Security Gateway	In some scenarios, a designated interface may drop packets.
PRJ-8197, PRJ-8198, PMTR-47784	Security Gateway	Since R80.20, in some scenarios, predictable TCP sequences are generated by the Security Gateway. Refer to sk164775.
PRJ-7498, PRJ-7499, PMTR-45710	Security Gateway	In a rare scenario, running the "cpstop -fwflag -driver" command may cause a memory leak in IPv6 environment.
PRJ-8009, PRJ-8096, PMTR-46330	Security Gateway	Improved a Proxy connectivity while Anti-Virus Blade works in Hold mode.
PRJ-1702, PRJ-6728, PRJ-4482	Security Gateway	In some scenarios, the /var/log/messages file is flooded with ICAP related errors.
PRJ-5890, PRHF-6029	Security Gateway	In some scenarios, enabling the Multi-Queue on a line card enables the Multi-Queue also on the on-board interfaces. Refer to sk162622.
PRJ-6640, SL-2819	Logging	In some scenarios, user cannot see his Check Point logs in LogRhythm platform using Log Exporter.
PRJ-5937, PRHF-5344	Logging	In some scenarios, when retrieving the UserCheck logs, FWD process on the Security gateway may unexpectedly exit.
PRJ-6855, PMTR-42177	Logging	In a rare scenario, the "Logs & Monitor" view in SmartConsole freezes while scrolling down the results.
PRJ-7815, PMTR-42519	Logging	In a rare scenario involving multiple disconnections and reconnections between Security gateway and Log Server, connection is not automatically restored and logs may not be written locally. Refer to sk164852.
PRJ-7055, PRJ-5881, QOS-67	QoS	QoS Time Objects are not enforced in R80.20. Refer to sk163074.
PRJ-3714, PRJ-6949, PRHF-2795	DLP	DLP activation was optimized to reduce the CPU consumption.
PRJ-7507, PRHF-5184	Identity Awareness	When the Identity Awareness Blade is enabled, a memory leak may appear in LDAP sessions.
PRJ-8193, PRJ-8194, MBS-8939	URL Filtering	In some scenarios, HTTPS traffic is not categorized as expected.
PRJ-6863, PMTR-41488	Anti-Malware	UPDATE: Improved behavior of Intelligence Feed failure.
PRJ-7464, PRJ-7465, PMTR-45826	IPS	Cannot update the Geo Policy IPToCountry database on Security Gateways. Refer to sk163672.
PRJ-4418	IPS	In some scenarios, a '+' (plus sign) in an HTTP URL may be replaced with ' ' (space) when the "Forensics" feature is turned on in Threat Prevention.
PRJ-1825, PRHF-3890	SSL Inspection	NEW: Added support of RDP over SSL inspection as part of Inbound HTTPS Inspection Blade. (Relevant for Remote Desktop Protocol Vulnerability CVE-2019-0708.)
PRJ-634, PMTR-15461	SecureXL	NEW: Added support for i40evf driver.
PRJ-6748, PRJ-6749, PMTR-42788	SecureXL	In a rare scenario, FTP Data connections do not pass while SYN Defender is active and enforcing.
PRJ-635, PMTR-22503	SecureXL	In some scenarios, virtio_net is not able to run multiqueue.
PRJ-7712, PRJ-8244, PMTR-18338	SecureXL	"sume_from_fw_forward: dropping packet of for vsid=0 due to loop prevention" dmesg errors during policy installation failure.
PRJ-5620, PRJ-8021, PRHF-5809	ClusterXL	In some scenarios, a connectivity issue takes place in ClusterXL environment after a fast "fail over"-"fail back" or a "fail over" on bridge configuration.
PRJ-6160, PRJ-6787, PRJ-6788, PRHF-6143	Gaia OS	"Gaia Web-UI recognized a non-valid input data" error when creating a scheduled backup in WebUI via SCP or FTP with special characters used.
PRJ-5132, PRJ-1545, GAIA-4880	Gaia OS	In some scenarios, the VSX Management fails to be properly restored from backup.
PRJ-6038, PRJ-6129, GAIA-6587	Gaia OS	In some scenarios, the Smart-1 3150 appliance becomes unresponsive after enabling the optical interface. To upgrade to R80.30 using the Jumbo Hotfix, make sure all the interfaces are in state OFF. Refer to sk146512.
PRJ-3727, PRHF-5205	Gaia OS	In a rare scenario, many "skb_warn_bad_offload" warnings appear in the /var/log/messages file. Fix is relevant for Gaia 3.10 only.
PRJ-6588, GAIA-6588	Gaia OS	16000 and 26000 Appliances with CPAC-4-1/10F-C NICs (using i40e driver) connected to some specific Cisco switches are flopping. Refer to sk163267. Fix is relevant for Gaia 3.10 only.
PRJ-1758, PRJ-6054, PRJ-6057, PRHF-3943	Gaia OS	A network interface may restart when changing its properties from WebUI if the interfaces configuration was performed via CLISH.
PRJ-1261, PRHF-3675	Gaia OS	CPD process may unexpectedly exit when attempting to query sensor values on Smart-1 525, Smart-1 5050 and Smart-1 5150 appliances.
PRJ-6000, PRJ-7128, ROUT-445	Routing	In a rare scenario, last two (or more) nexthops of a BGP ECMP route disappear simultaneously and are not removed from the forwarding database. Refer to sk153552.
PRJ-6110, PRJ-6111, PRHF-6139	Routing	In a rare scenario, the routed process may unexpectedly exit during ClusterXL failover when BGP is configured. Refer to sk165682.
PRJ-6578, PRJ-7405, PRHF-6603	Routing	For compliance and interoperability with BGP peers implementing older RFC, no BGP capability is advertised if peer does not advertise it first.
PRJ-5884, VSX-2190	VSX	The "vsx_util vsls" command does not display in full the long names of the VSX server name. Refer to sk163073.
PRJ-6174, PRHF-6145	Endpoint Security	Exported from SmartEndpoint .xlsx files may produce a warning when opened in Excel.
PRJ-5752, EPS-2262	Endpoint Security	Endpoint Management may fail on FileVault recovery for MacOS clients, when a computer re-joins domain.
PRJ-3404, PRJ-5954, VPNS2S-417	VPN	SmartView Monitor VPN tunnel status may show incorrect or missing tunnels status for a cluster object.
PRJ-7172, PRJ-7122, VPNRA-300	VPN	Packets from SSL Network Extender are dropped: "Reason: decrypted and user methods are not identical (VPN Error code 01)". Refer to sk163636.
PRJ-7181, PMTR-44859	CloudGuard	Public IP addresses for Virtual Machines and Virtual Machines Scale Sets may be missing.
PRJ-7382, PRHF-7119	CloudGuard	During a license pool creation, when a Blade service is shared between different licenses, the vsec_lic_cli tool may create multiple pools instead of one.