Take 163 - Ongoing

List of Resolved Issues and New Features

Note - This Take contains all fixes from all earlier Takes.

ID	Product	Description
Take 163 Released on 5 March 2020
PRJ-9397, PMTR-44668	Security Management	In a rare scenario, the FWM process will utilize 100% CPU, and connections to SmartConsole may fail.
PRJ-8492, PMTR-48267	Security Management	When reverting a security layer to a previous revision, if there are rules which are currently disabled, but were enabled in the selected previous revision (or vice versa), their status may not be reverted.
PRJ-5450, PMTR-42420	Security Management	In some scenarios, an upgrade from R7x secondary Multi-Domain Server with active Domains may fail.
PRJ-8376, PRHF-7874	Security Management	In some scenarios, the exported database may be very large and include redundant data.
PRJ-7468, CPM-1745	Security Management	Global policy reassignment may fail after a rulebase is deleted in the Global Domain.
PRJ-7918, PRHF-7614	Security Management	When installing policy to a Cisco router, an automatic ACL number change may cause networking issues.
PRJ-7413, CPM-2541	Security Management	In a rare scenario, all users connected to the Management Server get disconnected and new logins fail until the Management Server is restarted.
PRJ-3039, PMTR-39305	Security Management	In some scenarios, the Management Server takes a long time to start or even fails to start.
PRJ-8095, PRHF-7729	Security Management	In some scenarios, policy installation fails when the installation target is Check Point Host.
PRJ-8876, PMTR-23492	Security Management	Added support for Internal CA certificate replacement.
PRJ-7784, PMTR-46434	Security Management	In some scenarios, HA synchronization in the Global Domain fails with the "Failed to sync peer - Global Domain is incompatible with the Domains." error.
PRJ-8859, PMTR-48652	Security Management	If the database contains an internal user object with the same account name as an administrator object, then after the user publishes any change to the administrator object, the login in a VPN client with the internal user account may fail.
PRJ-8799, PMTR-48610	Security Management	If the database contains an internal user object with the same account name as an administrator object, then after the user publishes any change to the internal user object, the login in SmartConsole with the administrator account may fail.
PRJ-7457, PRHF-7167	Security Management	In some scenarios, upgrade fails with the "Satellite object of type GatewayAggregator not found for core object" message in cpm.elg file.
PRJ-8189, PMTR-47772	Multi-Domain Management	The Administrator and Trusted Clients pop-up editors at the Multi-Domain Server level show all domain names linked to these objects. Domain Managers with partial permissions, may see the names of domains that they are not permitted to see.
PRJ-7831, PMTR-43461	Multi-Domain Management	In some scenarios, upgrade of R7x secondary Multi-Domain Management Server or Multi-Domain Log Server fails.
PRJ-6786, PRJ-5742	SmartConsole	NEW: LDAP advanced query now supports ANR filtering.
PRJ-5100, PMTR-41234	SmartConsole	When editing the description of a revision, the "Changes" field is reset to 0.
PRJ-8650, PRJ-8753	SmartConsole	In some scenarios, on a Global domain, when the user sets a logging option of an IPS protection whose activation is Detect or Prevent, the activation of the protection is set to "Inactive" on the local domain after an Assign Global Policy operation.
PRJ-7943, PMTR-46715	SmartConsole	In some scenarios, when running the "show-mdss" command with the "details-level full" option, not all Domains are retrieved.
PRJ-6143, PMTR-41587	SmartConsole	After an upgrade of R80.10 Management, cloned Multi-Domain super user permission profiles (Read/Write permission profiles) may be missing the "Global VPN Management" permission.
PRJ-8701, PRHF-7991	SmartConsole	The shared secret's edit button may be grayed out.
PRJ-7771	SmartConsole	The API command 'show-api-versions' may return version 1.6 instead of 1.5. Refer to sk163942.
PRJ-9081, PMTR-47530	SmartConsole	In some scenarios, IPS update fails in the Global Domain after an upgrade from R80.10.
PRJ-8351, PRJ-8352	Security Gateway	Improved the ICAP client connectivity when using Trickling mode 3 in settings.
PRJ-7333, PRJ-7244	Security Gateway	Connectivity issues may appear when ISP Redundancy is configured.
PRJ-7801, PRJ-7802, PMTR-45962	Security Gateway	In a rare scenario, ROUTED process unexpectedly exits under high load.
PRJ-7374, PRJ-7375, PMTR-45566	Security Gateway	Improved multicast routing under high load and/or during system initialization.
PRJ-9051, PRJ-9593, PRHF-8288	Security Gateway	Global connections may not be freed correctly when the Gateway acts as a Proxy.
PRJ-8906, PRJ-8919	Security Gateway	"fwk_build_cparams_hashes: failed to create str cparams hash" dmesg error may appear during policy installation.
PRJ-8723, PRJ-8724, PMTR-26082	Security Gateway	Improved scalability of DOS/Rate limiting rules.
PRJ-3477, PRJ-8442, PRHF-4624	Security Gateway	In a topology in which Client and Server are connected to the Security Gateway using two different interfaces each, for example: Client -- eth1 <Gateway> eth2 -- Server Client -- eth3 <Gateway> eth4 -- Server The response packets from Server to Client may be incorrectly routed back to the Server because of an incorrect route cache in the Security Gateway.
PRJ-7088, PRJ-7096, PMTR-42966	Security Gateway	In some scenarios, connectivity problems may appear due to proxy arp table that is not updated after policy installation.
PRJ-8646, PRJ-8647, PMTR-41512	Security Gateway	In a rare scenario, ICAP client requires manual steps to activate RESP mode after running cpstop ; cpstart.
PRJ-8152, PRHF-7736	Security Gateway	Policy installation on Cluster may fail if the Cluster member name is longer than 64 characters.
PRJ-7879, PRJ-7880	Security Gateway	In a rare scenario, there is no HTTPS Inspection when ICAP client is enabled.
PRJ-8877, PRHF-7389	Security Gateway	In some scenarios, there is no SIC after applying the ICA certificate replacement procedure.
PRJ-7870, PRJ-7867, SWG-2361	Security Gateway	Improved DNS caching and negative DNS response handling.
PRJ-7752, PRHF-7389	Security Gateway	In some scenarios, there is no SIC after applying the ICA certificate replacement procedure.
PRJ-2795, IPS-682	IPS	In some scenarios, the interface name is not displayed correctly in the IPS log.
PRJ-8880	IPS	In a rare scenario, Security gateway may crash due to NULL pointer reference. Fix is relevant for Gaia 2.6.18 only
PRJ-9195, PMTR-36246	Anti-Malware	In a rare scenario, policy installation fails when the Security Management Server is handling a large number of Security Gateways.
PRJ-6114	Threat Extraction	In rare scenarios, files fail to download when the Threat Extraction Blade is active.
PRJ-6075, PRJ-6076, PMTR-41138	Identity Awareness	Machine identity for Terminal Server agent is not identified unless Identity Agent is also enabled on the Security Gateway.
PRJ-8424, IDA-2022	Identity Awareness	Identity Awareness performance improvements in large scale environments.
PRJ-8279, PRJ-8280, MBS-9133	SSL Inspection	In some scenarios, some HTTPS sites are not categorized when both "Categorize HTTPS Sites" and "HTTPS Inspection" are enabled.
PRJ-8340, PRJ-8341, PMTR-47846	SSL Inspection	In a rare scenario, memory leak may appear in ICAP client when HTTPS Inspection is enabled.
PRJ-7653, PMTR-45863	SSL Inspection	HTTPS Inspection's default CA certificate was upgraded to use a signing algorithm based on SHA256 instead of SHA1. Refer to sk163932.
PRJ-7166, PMTR-23406	SSL Inspection	NEW: Added support for proxy configuration when downloading CRL from a VSX device. Refer to sk151115.
PRJ-8551, PRJ-8548	Logging	NEW: Log Exporter feature exports log attachment identifiers and adds the ability to fetch them through the Management API command.
PRJ-3654, PRHF-4654	Logging	SmartEvent may not correlate certain Anti-Virus logs.
PRJ-6190, PRHF-6325	Logging	Widgets inside SmartView's "Views and Reports" may result in "Query Failed" messages when filtered by the "Log Server Origin" field.
PRJ-6698, PMTR-44388	Logging	In some scenarios, exporting a large number of logs to Excel may fail and cause SmartView to restart.
PRJ-7709, PMTR-39944	Application Control	In some scenarios, HTTP traffic is blocked with "HTTP parsing error occurred (2)" and "parameters are undecodable in request" errors. Refer to sk160092.
PRJ-7553, PRJ-7554, PRHF-7071	ClusterXL	In a rare scenario in a ClusterXL environment, SYN Defender may incorrectly drop a valid traffic.
PRJ-7638, PRJ-7639, PMTR-46064	ClusterXL	The "set router-options auto-restore-iface-routes" command is now deprecated.
PRJ-7705, PRJ-7706, PRHF-6356	SecureXL	Some traffic may not pass when Policy Based Routing (PBR) and SecureXL are enabled. Refer to sk163252.
PRJ-7502, PRJ-7707, PMTR-34845	SecureXL	In some scenarios, new connection may fail to open if it is reopened with the same source port. Refer to sk164839.
PRJ-7561, PRJ-7562, PRHF-7247	SecureXL	In some scenarios, SecureXL drops the TCP traffic for the particular connection for invalid state reasons. Refer to sk147093.
PRJ-4341, PMTR-40757	SecureXL	In some scenarios, IP-VLAN traffic traversing a bridge of two physical interfaces has the VLAN tag stripped. Fix is relevant for Gaia 3.10 only.
PRJ-8976, PMTR-44150	SecureXL	When NAT-T packets pass through a standalone gateway, this traffic may be dropped if SecureXL is enabled. Fix is relevant for Gaia 3.10 only.
PRJ-600, PRJ-7319, PMTR-35261	SecureXL	SYN Defender status in CPView sometimes appears as invalid.
PRJ-6157, PRJ-6161, PRHF-6490	SecureXL	In some scenarios, SecureXL causes an issue in the routing of multicast traffic.
PRJ-8780, PRJ-8781, PRHF-6971	SecureXL	In a rare scenario, DOS/Rate Limiting Logs are not searchable.
PRJ-4383, PRJ-603, PMTR-36548	SecureXL	In some scenarios, DOS/Rate Limiting configuration is not applied after reboot if no fw samp policy is configured.
PRJ-7192	Gaia OS	NEW: Added support of Jumbo Hotfix Accumulator on Smart-1 625 appliances.
PRJ-7719, GAIA-6588	Gaia OS	16000 and 26000 Appliances with CPAC-4-1/10F-C NICs (using i40e driver) connected to some specific Cisco switches are flopping. Refer to sk163267.
PRJ-5983, GAIA-5634	Gaia OS	In a rare scenario, there is network interface flapping with Intel (igb) interfaces connected to Cisco switches. Refer to sk163852.
PRJ-7372, PMTR-44835	Gaia OS	In some scenarios, the iDRAC (LOM) interface is not pingable.
PRJ-8770, PRJ-7825, PMTR-46170	Routing	PIM may be unable to resolve outbound interface of multicast route when unicast route lookup fails.
PRJ-7407, PRJ-7408, PMTR-45530	Routing	When MaaS tunnels are added, the routed process may unexpectedly exit.
PRJ-7303, PRHF-4371	Mobile Access	In a rare scenario, when Mobile Access Blade is enabled, the Security Gateway may crash with vmcore.
PRJ-7066, PMTR-45006	CloudGuard	In some scenarios, subnet objects may not contain all the relevant IP addresses for VMSS VMs.
PRJ-5941, PRHF-5289	Endpoint Security	NEW: Added the feature to use epmCommands with object nids.
PRJ-5943, PRHF-5936	Endpoint Security	Some messages in the self-help portal are not properly localized in Japanese.
PRJ-7113, PRHF-6221	Endpoint Security	In a rare scenario, Endpoint Management Server on AWS crashes when the user sets the property "Gateways management" to "Over the internet" in the AWS template.
PRJ-7114, PRHF-6011	Endpoint Security	In some scenarios, Endpoint Management does not start after an upgrade to R80.30 in the environment that manages both Endpoints and Gateways. Refer to sk163537.
PRJ-5136, PRJ-8337, PMTR-34812	VSX	Performance optimization for the time object matching on VSX environment.
PRJ-8456, PMTR-42292	VSX	Adding a VD after deleting a VD fails, and then the 'netns add' command returns "RTNETLINK answers: No space left on device" error message. Fix is relevant for Gaia 3.10 only.