Take 135 - Ongoing
List of Resolved Issues and New Features
|
Note - This Take contains all fixes from all earlier Takes. |
ID |
Product |
Description |
---|---|---|
Take 135 Released on 13 January 2020 |
||
PRJ-6822, |
Upgrade Tools |
In some scenarios, cannot export a database using the migration tools of the current version while there are open sessions in the database. |
PRJ-4930, |
Upgrade Tools |
In some scenarios, the FWM process fails to start after a successful upgrade with the "Found an indication that the current domain was migrated, and the migration had failed. Cannot start after a migration failure" message in the fwm.elg file. |
PRJ-7423, |
Infrastructure |
In some scenarios, Anti-Bot/ Anti-Virus / IPS / Threat Emulation Blade update fails with "Curl error code 56". |
PRJ-5918, |
Security Management |
In a rare scenario, the $CPDIR/tmp/ directory is filled with "CKP_mutex::_opt_CPsuite-RXX_fw1_log__..." files. Refer to sk36754.
|
PRJ-2341, |
Security Management |
In a rare scenario, the Security Management server does not start due to a missing object, or a duplication of objects. |
PRJ-5717, |
Security Management |
In some scenarios, upgrade from R7x is not aborted when there is not enough disk space to complete the import operation. |
PRJ-5665, |
Security Management |
In some scenarios, purge revisions fails and blank lines that cannot be deleted, appear in SmartConsole Revisions view. Refer to sk163116. |
PRJ-5757, |
Security Management |
High Availability synchronization between Management Servers may fail when there is no enough disk space in the root partition. |
PRJ-5661, |
Security Management |
Blank lines may appear in SmartConsole Purge Revisions view after purging a large database. |
PRJ-4971, |
Security Management |
In some scenarios, disconnected sessions with no changes or locks appear in SmartConsole session view. |
PRJ-4835, |
Security Management |
The FWM process may unexpectedly exit when an incorrect license SKU with a specific format is applied. |
PRJ-5656, |
Security Management |
In some scenarios, cpm_status.sh reports incorrect CPM status. Refer to sk162633. |
PRJ-5097, |
Security Management |
When an administrator edits the description of a revision, he becomes the publisher of the revision. |
PRJ-7040, |
Security Management |
The 'FWM sic_reset' command does not print which object still has an IKE certificate. |
PRJ-5245, |
Multi-Domain Management |
NEW: Added the Domain Management Migration, Backup and Upgrade feature:
For more information see sk156072. |
PRJ-3688, |
Multi-Domain Management |
"dleserver.utils.UidManager" errors on cma_migrate failure on Multi-Domain Server upgraded from R80. |
PRJ-6670, |
Multi-Domain Management |
In some scenarios, traffic outage may happen after policy installation from Multi-Domain SmartConsole. Refer to sk163712. |
PRJ-7106, |
Multi-Domain Management |
The cma_migrate may fail if the IPS version does not exist on the R80.x Multi-Domain Management Server. |
PRJ-6869, |
Multi-Domain Management |
Improved Domain/CMA logs visibility. |
PRJ-5067, |
SmartConsole |
NEW: Added integration of Management API with Ansible 2.9. For more info, see: https://galaxy.ansible.com/check_point/mgmt |
PRJ-6126, |
SmartConsole |
In some scenarios, the "Installed IPS Version" information is empty in the "Gateways and Servers" view. |
PRJ-3549, |
SmartConsole |
In a rare scenario, when editing a Star VPN community, SmartConsole terminates. |
PRJ-6934, |
SmartConsole |
Threat prevention policy installation may include wrong topology warning on VSX cluster interfaces. |
PRJ-5525, |
SmartConsole |
In some scenarios, applying "Where used" from the local Domain on an object that is used in global policies, may return results from the global policies that are not assigned to the local Domain. Refer to sk162753. |
PRJ-6642, |
SmartConsole |
In some scenarios, administrator cannot open the 'RemoteAccess' - VPN community object for editing. |
PRJ-5374, |
SmartConsole |
In Multi-Domain environment, IPS protections become staging on each domain after global policy assignment while the protection does have override/staging status in the global domain. |
PRJ-2438, |
SmartConsole |
When disabling NAT for a network object and searching for the NAT IP address, the network object is still shown as part of the search results even though it should not be. |
PRJ-1678, |
SmartView |
In some scenarios, Hit Count on specific rules does not increment after they were recently created or re-ordered. Refer to sk138033. |
PRJ-5630, |
SmartView |
In SmartView, when exporting logs to Excel after drill-down, the amount of logs is less than expected. Refer to sk162621. |
PRJ-6047, |
Security Gateway |
Improved misleading log for connections that terminate before detection. |
PRJ-3350, |
Security Gateway |
In some scenarios, a designated interface may drop packets. |
PRJ-8197, |
Security Gateway |
Since R80.20, in some scenarios, predictable TCP sequences are generated by the Security Gateway. Refer to sk164775. |
PRJ-7498, |
Security Gateway |
In a rare scenario, running the "cpstop -fwflag -driver" command may cause a memory leak in IPv6 environment. |
PRJ-8009, |
Security Gateway |
Improved a Proxy connectivity while Anti-Virus Blade works in Hold mode. |
PRJ-1702, |
Security Gateway |
In some scenarios, the /var/log/messages file is flooded with ICAP related errors. |
PRJ-5890, |
Security Gateway |
In some scenarios, enabling the Multi-Queue on a line card enables the Multi-Queue also on the on-board interfaces. Refer to sk162622. |
PRJ-6640, |
Logging |
In some scenarios, user cannot see his Check Point logs in LogRhythm platform using Log Exporter. |
PRJ-5937, |
Logging |
In some scenarios, when retrieving the UserCheck logs, FWD process on the Security gateway may unexpectedly exit. |
PRJ-6855, |
Logging |
In a rare scenario, the "Logs & Monitor" view in SmartConsole freezes while scrolling down the results. |
PRJ-7815, |
Logging |
In a rare scenario involving multiple disconnections and reconnections between Security gateway and Log Server, connection is not automatically restored and logs may not be written locally. Refer to sk164852. |
PRJ-7055, |
QoS |
QoS Time Objects are not enforced in R80.20. Refer to sk163074. |
PRJ-3714, |
DLP |
DLP activation was optimized to reduce the CPU consumption. |
PRJ-7507, |
Identity Awareness |
When the Identity Awareness Blade is enabled, a memory leak may appear in LDAP sessions. |
PRJ-8193, |
URL Filtering |
In some scenarios, HTTPS traffic is not categorized as expected. |
PRJ-6863, |
Anti-Malware |
UPDATE: Improved behavior of Intelligence Feed failure. |
PRJ-7464, |
IPS |
Cannot update the Geo Policy IPToCountry database on Security Gateways. Refer to sk163672. |
PRJ-4418 |
IPS |
In some scenarios, a '+' (plus sign) in an HTTP URL may be replaced with ' ' (space) when the "Forensics" feature is turned on in Threat Prevention. |
PRJ-1825, |
SSL Inspection |
NEW: Added support of RDP over SSL inspection as part of Inbound HTTPS Inspection Blade. (Relevant for Remote Desktop Protocol Vulnerability CVE-2019-0708.) |
PRJ-634, |
SecureXL |
NEW: Added support for i40evf driver. |
PRJ-6748, |
SecureXL |
In a rare scenario, FTP Data connections do not pass while SYN Defender is active and enforcing. |
PRJ-635, |
SecureXL |
In some scenarios, virtio_net is not able to run multiqueue. |
PRJ-7712, |
SecureXL |
"sume_from_fw_forward: dropping packet of for vsid=0 due to loop prevention" dmesg errors during policy installation failure. |
PRJ-5620, |
ClusterXL |
In some scenarios, a connectivity issue takes place in ClusterXL environment after a fast "fail over"-"fail back" or a "fail over" on bridge configuration. |
PRJ-6160, |
Gaia OS |
"Gaia Web-UI recognized a non-valid input data" error when creating a scheduled backup in WebUI via SCP or FTP with special characters used. |
PRJ-5132, |
Gaia OS |
In some scenarios, the VSX Management fails to be properly restored from backup. |
PRJ-6038, |
Gaia OS |
In some scenarios, the Smart-1 3150 appliance becomes unresponsive after enabling the optical interface.
|
PRJ-3727, |
Gaia OS |
In a rare scenario, many "skb_warn_bad_offload" warnings appear in the /var/log/messages file.
|
PRJ-6588, |
Gaia OS |
16000 and 26000 Appliances with CPAC-4-1/10F-C NICs (using i40e driver) connected to some specific Cisco switches are flopping. Refer to sk163267.
|
PRJ-1758, |
Gaia OS |
A network interface may restart when changing its properties from WebUI if the interfaces configuration was performed via CLISH. |
PRJ-1261, |
Gaia OS |
CPD process may unexpectedly exit when attempting to query sensor values on Smart-1 525, Smart-1 5050 and Smart-1 5150 appliances. |
PRJ-6000, |
Routing |
In a rare scenario, last two (or more) nexthops of a BGP ECMP route disappear simultaneously and are not removed from the forwarding database. Refer to sk153552. |
PRJ-6110, |
Routing |
In a rare scenario, the routed process may unexpectedly exit during ClusterXL failover when BGP is configured. Refer to sk165682. |
PRJ-6578, |
Routing |
For compliance and interoperability with BGP peers implementing older RFC, no BGP capability is advertised if peer does not advertise it first. |
PRJ-5884, |
VSX |
The "vsx_util vsls" command does not display in full the long names of the VSX server name. Refer to sk163073. |
PRJ-6174, |
Endpoint Security |
Exported from SmartEndpoint .xlsx files may produce a warning when opened in Excel. |
PRJ-5752, |
Endpoint Security |
Endpoint Management may fail on FileVault recovery for MacOS clients, when a computer re-joins domain. |
PRJ-3404, |
VPN |
SmartView Monitor VPN tunnel status may show incorrect or missing tunnels status for a cluster object. |
PRJ-7172, |
VPN |
Packets from SSL Network Extender are dropped: "Reason: decrypted and user methods are not identical (VPN Error code 01)". Refer to sk163636. |
PRJ-7181, |
CloudGuard |
Public IP addresses for Virtual Machines and Virtual Machines Scale Sets may be missing. |
PRJ-7382, |
CloudGuard |
During a license pool creation, when a Blade service is shared between different licenses, the vsec_lic_cli tool may create multiple pools instead of one. |