Take 163 - Ongoing
List of Resolved Issues and New Features
|
Note - This Take contains all fixes from all earlier Takes. |
ID |
Product |
Description |
---|---|---|
Take 163 Released on 5 March 2020 |
||
PRJ-9397, |
Security Management |
In a rare scenario, the FWM process will utilize 100% CPU, and connections to SmartConsole may fail. |
PRJ-8492, PMTR-48267 |
Security Management |
When reverting a security layer to a previous revision, if there are rules which are currently disabled, but were enabled in the selected previous revision (or vice versa), their status may not be reverted. |
PRJ-5450, |
Security Management |
In some scenarios, an upgrade from R7x secondary Multi-Domain Server with active Domains may fail. |
PRJ-8376, |
Security Management |
In some scenarios, the exported database may be very large and include redundant data. |
PRJ-7468, |
Security Management |
Global policy reassignment may fail after a rulebase is deleted in the Global Domain. |
PRJ-7918, |
Security Management |
When installing policy to a Cisco router, an automatic ACL number change may cause networking issues. |
PRJ-7413, |
Security Management |
In a rare scenario, all users connected to the Management Server get disconnected and new logins fail until the Management Server is restarted. |
PRJ-3039, |
Security Management |
In some scenarios, the Management Server takes a long time to start or even fails to start. |
PRJ-8095, |
Security Management |
In some scenarios, policy installation fails when the installation target is Check Point Host. |
PRJ-8876, |
Security Management |
Added support for Internal CA certificate replacement. |
PRJ-7784, |
Security Management |
In some scenarios, HA synchronization in the Global Domain fails with the "Failed to sync peer - Global Domain is incompatible with the Domains." error. |
PRJ-8859, |
Security Management |
If the database contains an internal user object with the same account name as an administrator object, then after the user publishes any change to the administrator object, the login in a VPN client with the internal user account may fail. |
PRJ-8799, |
Security Management |
If the database contains an internal user object with the same account name as an administrator object, then after the user publishes any change to the internal user object, the login in SmartConsole with the administrator account may fail. |
PRJ-7457, |
Security Management |
In some scenarios, upgrade fails with the "Satellite object of type GatewayAggregator not found for core object" message in cpm.elg file. |
PRJ-8189, |
Multi-Domain Management |
The Administrator and Trusted Clients pop-up editors at the Multi-Domain Server level show all domain names linked to these objects. Domain Managers with partial permissions, may see the names of domains that they are not permitted to see. |
PRJ-7831, |
Multi-Domain Management |
In some scenarios, upgrade of R7x secondary Multi-Domain Management Server or Multi-Domain Log Server fails. |
PRJ-6786, |
SmartConsole |
NEW: LDAP advanced query now supports ANR filtering. |
PRJ-5100, |
SmartConsole |
When editing the description of a revision, the "Changes" field is reset to 0. |
PRJ-8650, |
SmartConsole |
In some scenarios, on a Global domain, when the user sets a logging option of an IPS protection whose activation is Detect or Prevent, the activation of the protection is set to "Inactive" on the local domain after an Assign Global Policy operation. |
PRJ-7943, |
SmartConsole |
In some scenarios, when running the "show-mdss" command with the "details-level full" option, not all Domains are retrieved. |
PRJ-6143, |
SmartConsole |
After an upgrade of R80.10 Management, cloned Multi-Domain super user permission profiles (Read/Write permission profiles) may be missing the "Global VPN Management" permission. |
PRJ-8701, |
SmartConsole |
The shared secret's edit button may be grayed out. |
PRJ-7771 |
SmartConsole |
The API command 'show-api-versions' may return version 1.6 instead of 1.5. Refer to sk163942. |
PRJ-9081, |
SmartConsole |
In some scenarios, IPS update fails in the Global Domain after an upgrade from R80.10. |
PRJ-8351, |
Security Gateway |
Improved the ICAP client connectivity when using Trickling mode 3 in settings. |
PRJ-7333, |
Security Gateway |
Connectivity issues may appear when ISP Redundancy is configured. |
PRJ-7801, |
Security Gateway |
In a rare scenario, ROUTED process unexpectedly exits under high load. |
PRJ-7374, |
Security Gateway |
Improved multicast routing under high load and/or during system initialization. |
PRJ-9051, |
Security Gateway |
Global connections may not be freed correctly when the Gateway acts as a Proxy. |
PRJ-8906, |
Security Gateway |
"fwk_build_cparams_hashes: failed to create str cparams hash" dmesg error may appear during policy installation. |
PRJ-8723, |
Security Gateway |
Improved scalability of DOS/Rate limiting rules. |
PRJ-3477, |
Security Gateway |
In a topology in which Client and Server are connected to the Security Gateway using two different interfaces each, for example: Client -- eth1 <Gateway> eth2 -- Server Client -- eth3 <Gateway> eth4 -- Server The response packets from Server to Client may be incorrectly routed back to the Server because of an incorrect route cache in the Security Gateway. |
PRJ-7088, |
Security Gateway |
In some scenarios, connectivity problems may appear due to proxy arp table that is not updated after policy installation. |
PRJ-8646, |
Security Gateway |
In a rare scenario, ICAP client requires manual steps to activate RESP mode after running cpstop ; cpstart. |
PRJ-8152, |
Security Gateway |
Policy installation on Cluster may fail if the Cluster member name is longer than 64 characters. |
PRJ-7879, |
Security Gateway |
In a rare scenario, there is no HTTPS Inspection when ICAP client is enabled. |
PRJ-8877, |
Security Gateway |
In some scenarios, there is no SIC after applying the ICA certificate replacement procedure. |
PRJ-7870, |
Security Gateway |
Improved DNS caching and negative DNS response handling. |
PRJ-7752, |
Security Gateway |
In some scenarios, there is no SIC after applying the ICA certificate replacement procedure. |
PRJ-2795, |
IPS |
In some scenarios, the interface name is not displayed correctly in the IPS log. |
PRJ-8880 |
IPS |
In a rare scenario, Security gateway may crash due to NULL pointer reference.
|
PRJ-9195, |
Anti-Malware |
In a rare scenario, policy installation fails when the Security Management Server is handling a large number of Security Gateways. |
PRJ-6114 |
Threat Extraction |
In rare scenarios, files fail to download when the Threat Extraction blade is active. |
PRJ-6075, |
Identity Awareness |
Machine identity for Terminal Server agent is not identified unless Identity Agent is also enabled on the Security Gateway. |
PRJ-8424, |
Identity Awareness |
Identity Awareness performance improvements in large scale environments. |
PRJ-8279, |
SSL Inspection |
In some scenarios, some HTTPS sites are not categorized when both "Categorize HTTPS Sites" and "HTTPS Inspection" are enabled. |
PRJ-8340, |
SSL Inspection |
In a rare scenario, memory leak may appear in ICAP client when HTTPS Inspection is enabled. |
PRJ-7653, |
SSL Inspection |
HTTPS Inspection's default CA certificate was upgraded to use a signing algorithm based on SHA256 instead of SHA1. Refer to sk163932. |
PRJ-7166, |
SSL Inspection |
NEW: Added support for proxy configuration when downloading CRL from a VSX device. Refer to sk151115. |
PRJ-8551, |
Logging |
NEW: Log Exporter feature exports log attachment identifiers and adds the ability to fetch them through the Management API command. |
PRJ-3654, |
Logging |
SmartEvent may not correlate certain Anti-Virus logs. |
PRJ-6190, |
Logging |
Widgets inside SmartView's "Views and Reports" may result in "Query Failed" messages when filtered by the "Log Server Origin" field. |
PRJ-6698, |
Logging |
In some scenarios, exporting a large number of logs to Excel may fail and cause SmartView to restart. |
PRJ-7709, PMTR-39944 |
Application Control |
In some scenarios, HTTP traffic is blocked with "HTTP parsing error occurred (2)" and "parameters are undecodable in request" errors. Refer to sk160092. |
PRJ-7553, |
ClusterXL |
In a rare scenario in a ClusterXL environment, SYN Defender may incorrectly drop a valid traffic. |
PRJ-7638, |
ClusterXL |
The "set router-options auto-restore-iface-routes" command is now deprecated. |
PRJ-7705, |
SecureXL |
Some traffic may not pass when Policy Based Routing (PBR) and SecureXL are enabled. Refer to sk163252. |
PRJ-7502, |
SecureXL |
In some scenarios, new connection may fail to open if it is reopened with the same source port. Refer to sk164839. |
PRJ-7561, |
SecureXL |
In some scenarios, SecureXL drops the TCP traffic for the particular connection for invalid state reasons. Refer to sk147093. |
PRJ-4341, |
SecureXL |
In some scenarios, IP-VLAN traffic traversing a bridge of two physical interfaces has the VLAN tag stripped.
|
PRJ-8976, |
SecureXL |
When NAT-T packets pass through a standalone gateway, this traffic may be dropped if SecureXL is enabled.
|
PRJ-600, |
SecureXL |
SYN Defender status in CPView sometimes appears as invalid. |
PRJ-6157, |
SecureXL |
In some scenarios, SecureXL causes an issue in the routing of multicast traffic. |
PRJ-8780, |
SecureXL |
In a rare scenario, DOS/Rate Limiting Logs are not searchable. |
PRJ-4383, |
SecureXL |
In some scenarios, DOS/Rate Limiting configuration is not applied after reboot if no fw samp policy is configured. |
PRJ-7192 |
Gaia OS |
NEW: Added support of Jumbo Hotfix Accumulator on Smart-1 625 appliances. |
PRJ-7719, |
Gaia OS |
16000 and 26000 Appliances with CPAC-4-1/10F-C NICs (using i40e driver) connected to some specific Cisco switches are flopping. Refer to sk163267. |
PRJ-5983, |
Gaia OS |
In a rare scenario, there is network interface flapping with Intel (igb) interfaces connected to Cisco switches. Refer to sk163852. |
PRJ-7372, |
Gaia OS |
In some scenarios, the iDRAC (LOM) interface is not pingable. |
PRJ-8770, |
Routing |
PIM may be unable to resolve outbound interface of multicast route when unicast route lookup fails. |
PRJ-7407, |
Routing |
When MaaS tunnels are added, the routed process may unexpectedly exit. |
PRJ-7303, |
Mobile Access |
In a rare scenario, when Mobile Access blade is enabled, the Security Gateway may crash with vmcore. |
PRJ-7066, |
CloudGuard |
In some scenarios, subnet objects may not contain all the relevant IP addresses for VMSS VMs. |
PRJ-5941, |
Endpoint Security |
NEW: Added the feature to use epmCommands with object nids. |
PRJ-5943, |
Endpoint Security |
Some messages in the self-help portal are not properly localized in Japanese. |
PRJ-7113, |
Endpoint Security |
In a rare scenario, Endpoint Management Server on AWS crashes when the user sets the property "Gateways management" to "Over the internet" in the AWS template. |
PRJ-7114, |
Endpoint Security |
In some scenarios, Endpoint Management does not start after an upgrade to R80.30 in the environment that manages both Endpoints and Gateways. Refer to sk163537. |
PRJ-5136, |
VSX |
Performance optimization for the time object matching on VSX environment. |
PRJ-8456, |
VSX |
Adding a VD after deleting a VD fails, and then the 'netns add' command returns "RTNETLINK answers: No space left on device" error message.
|