Take 217 - General Availability

List of Resolved Issues and New Features

Note - This Take contains all fixes from all earlier Takes.

ID	Product	Description
Take 217 Released on 11 August 2020 and declared as General Availability on 13 September 2020
PRJ-14369, PRJ-14370, PMTR-36116	Diagnostics	Missing information in total throughput/inbound/outbound packets in CPView history's Network view.
PRJ-13961, PMTR-55974	Security Management	NEW: Added the ability to purge revisions automatically based on user configuration. Refer to Automatic Purge Documentation.
PRJ-12307, PMTR-48736	Security Management	NEW: Added enhancements for CPM Monitor Tool: Compatibility of file names between Linux and Windows. Better and more readable resources consumption report. All data is wrapped into a single tgz file, for better handling.
PRJ-13048, PRHF-11033	Security Management	After the user adds new Threat Indicators, Management HA may fail with "NGM failed to import data" error. Refer to sk167156.
PRJ-13612, PRHF-11300	Security Management	In rare scenarios, the "where-used" API command fails with "Management server failed to execute command" error.
PRJ-12143, CPM-2624	Security Management	Management HA synchronization between the active Domain server to a standby Domain server may fail with "Failed to import data" error.
PRJ-13166, PMTR-53758	Security Management	When an administrator enters a very long text into an object field (more than 32767 characters), the Security Management Server terminates and fails to start.
PRJ-12374, PRHF-10550	Security Management	Policy Presets may disappear from view after the user runs the Solr Cure utility. Refer to sk167455.
PRJ-9112, PRHF-4593	Security Management	"The Correlation Unit can't connect to one of its Log Servers. Please make sure connectivity between the Correlation Unit and Log Server isn't blocked. There is no need to stop the job." message after the putkey process. Refer to sk12882.
PRJ-14097, PMTR-56164	SmartConsole	NEW: The new and useful APIs of version 1.6.1 are now available also as part of API version 1.5. For more information, refer to the Management API Reference v1.6.1.
PRJ-13007, PRHF-10998	SmartConsole	In the Management API, the "show objects" command with details-level full may return the "ip-address" field even if it is empty.
PRJ-14291, PMTR-53220	SmartConsole	If there are thousands (or more) of unused objects, the "show unused-objects" API command and the Unused Objects view may load and work very slowly. Also, the load on the Management server will increase, causing general slowness when working with SmartConsole.
PRJ-14173, PMTR-32568	SmartConsole	In some scenarios, a validation warning may appear on an updatable object with the following message: "Object is no longer supported. Enforcing security for this object is not possible." However, the object is still available in the updatable objects picker.
PRJ-13899, PRHF-11537	SmartConsole	Audit log is not shown in SmartConsole's Logs & Monitor View for the login action through API when the "-r" flag is set to true (login as root).
PRJ-12704, PRHF-10295	SmartView	The SmartView Timeline may be distorted when logs contain an empty value for the field specified in the "Series" settings and when the Legend is enabled. Refer to sk167095.
PRJ-12098, PMTR-52324	Logging	NEW: Added Management API command "show logs" to query logs. Added Management API command "get attachment" to fetch attachments from logs by log ID and attachment ID.
PRJ-14215, PRJ-14216, PMTR-56300	Security Gateway	In a rare scenario, the Security gateway may crash if the rulebase contains a logical server object.
PRJ-11751, PMTR-52426	Security Gateway	Citrix file download may fail when the Mobile Access blade is enabled. Fix is relevant for Gaia 3.10 only.
PRJ-14041, PRHF-11743	Security Gateway	When routing separation (MDPS)is enabled, interface statistics in CPView may not show information.
PRJ-11765, PRJ-13278, PMTR-41719	Security Gateway	"cpas_glue_psync_h: No synced opaque" error messages may appear in dmesg as a result of the synchronization of the members in the cluster. Refer to sk167033.
PRJ-13380, PRJ-13381, PMTR-54897	Security Gateway	In some scenarios, Security gateway generates an ICMP error with wrong IP address. Refer to sk167953.
PRJ-11742, PRJ-13464, SWG-2533	Security Gateway	Improved connectivity in a specific flow when ICAP Client is enabled with Trickling 3.
PRJ-11416, PRJ-13986, PRHF-9776	Security Gateway	In some scenarios, NAT log shows source port 0 even though a port was allocated.
PRJ-14481, PRJ-14482, PMTR-54946	Security Gateway	When moving context in MDPS with mplane or dplane and bash logging is enabled, the "grep" command is executed.
PRJ-12619, PRJ-12620, PMTR-45782	Identity Awareness	After the user disables and re-enables the Identity Collector in SmartConsole, the Identity Collector may fail to connect to the PDP Gateway again.
PRJ-13565, PRJ-14135, PRHF-561	Identity Awareness	In some scenarios, when the user changes the TACACS+ server to a different one, the configuration is applied only after an MDS reboot.
PRJ-8712, PRJ-14177, PRHF-7978	Identity Awareness	In some scenarios, Dynamic ID authentication fails when SMS server returns HTTP status code 2xx but not 200 or 202.
PRJ-12502, PRJ-13929, PRHF-10481	Identity Awareness	In some scenarios, Identity Awareness counters in cluster environments show zero.
PRJ-13514, PRJ-13515, PMTR-55246	Identity Awareness	In some scenarios, a XFF allowed proxy list is enforced only for instance 0 in VSLS environment after VS has transitioned from Backup to Active.
PRJ-13597, PMTR-55344	HTTPS Inspection	In some scenarios, web traffic is blocked with "HTTP parsing error occurred" and "parameters are undecodable in request" errors.
PRJ-7278, PRHF-7027	Application Control	In some scenarios, Application Control updates cannot be initiated on Gateways without Application Control enabled, even though URL Filtering is enabled.
PRJ-13601	Anti-Malware	In some scenarios, some emails may not be scanned by Anti-Bot's Suspicious Mail Protection when IPv6 is configured.
PRJ-8326	Anti-Malware	In some scenarios, the EICAR Anti-Virus test file may not be detected when transferred by SMB protocol.
PRJ-10662, PRHF-9289	Anti-Malware	In some scenarios, a "Feed Error" message appears when the user fetches a Custom Intelligence Feed. Refer to sk165932.
PRJ-10768, PRHF-8926	Internal CA	In some scenarios, no SIC between R80.x Security Management and R77 Security gateway after ICA certificate replacement procedure described in sk158096.
PRJ-11628, PRJ-11552	SecureXL	In some scenarios, MCAST packets may not be accelerated on a PIM-SM RP Gateway.
PRJ-14077, PRJ-14078, PMTR-56026	SecureXL	For some topologies, RIPV2 neighbors may be missing. Refer to sk167934.
PRJ-14218, PRJ-14248	ClusterXL	In some scenarios, SmartConsole shows ClusetXL status as "is not responding". Refer to sk168187.
PRJ-11195, PRHF-9801	ClusterXL	In some scenarios, "fw ctl affinity" and "sim affinity" commands show wrong IRQ numbers. Refer to sk166356.
PRJ-14010, PRJ-14011, PRHF-11326	CoreXL	ESP traffic is dropped on a Security Gateway that forwards the VPN traffic. Refer to sk167973.
PRJ-11450, PMTR-51868	Gaia OS	NEW: Added support for Smart-1 3150/3050 SAN and 'show asset' line cards for SAN.
PRJ-12833	Gaia OS	NEW: Added a Fail-open card support for new appliance line ( for Gaia 3.10 ): CPAC-4-1C-BP-C CPAC-2-10FSR-BP-C
PRJ-7271, PRHF-7124	Gaia OS	In some scenarios, adding a Gaia user may result in a high number of zombie sh processes. Refer to sk164259.
PRJ-13479, PMTR-55154	Gaia OS	Intake and outlet temperature sensors display incorrect values on 15400 appliance.
PRJ-10801, PRJ-14285, PMTR-56454	Gaia OS	In some scenarios, due to backup compression errors, restoring a backup does not restore all files.
PRJ-13269, PRJ-13270, GAIA-7496	Gaia OS	In some scenarios, the value for Voltage/Fan/Temperature sensor may appear as "NotValid".
PRJ-12761, PMTR-52834	Gaia OS	In some scenarios, the WebUI shows unknown HDDs that are not part of RAID.
PRJ-11497, PRJ-11498, PMTR-51462	Gaia OS	In some scenarios, the PSU status is reflected even if there is no PSU on the appliance.
PRJ-10351, PRJ-13644, PRJ-13646, PRHF-8760	Gaia OS	In rare scenarios, clish consumes 100% CPU when the user runs a Tenable scan. Refer to sk166195.
PRJ-11809, PRJ-11810, PRHF-9221	Gaia OS	Only 1024 characters of a cron jobs output are displayed when using show cron jobs from clish. Refer to sk167632.
PRJ-12421, GAIA-7499	Gaia OS	In some scenarios, concurrent CIFS mount/umount processes to the same Windows machine may crash the kernel.
PRJ-14419, PRJ-14413, PRHF-11683	Gaia OS	In some scenarios, the snapshot creation fails because of compression errors.
PRJ-10801	Gaia OS	In some scenarios, because of backup compression errors, restoring a backup does not restore all files.
PRJ-13650, PRJ-13744, PRJ-13745	Gaia OS	In some scenarios, SNMPD daemon unexpectedly exits with core dump, causing the SNMP service to become unavailable.
PRJ-13720, PRJ-13722	Gaia OS	In some scenarios, a snapshot creation may fail.
PRJ-11683, PRJ-11365	Routing	NEW: Performance improvement for multicast packets in SecureXL (fast path) when there are no multicast listeners.
PRJ-13977, PRJ-13978, PRHF-11680	Routing	UPDATE: The logging of "aspath-regex" and "community-regex" routemap fields is now disabled by default and can be enabled through the trace log.
PRJ-13925, PRJ-13980, PMTR-54829	Routing	UPDATE: Increased the configuration limits of the BFD timers for detect multiplier, minimum RX interval, and minimum TX interval to 255, 255000, and 255000, respectively.
PRJ-13352, PRJ-13353, PMTR-54833	Routing	In some scenarios, routed process generates an assert when the user runs the "dbget -rv iclid" command.
PRJ-7519, PMTR-23165	Mobile Access	In some scenarios, Mobile Access end-users become disconnected from their Citrix sessions after policy installation.
PRJ-7392, PRHF-1886	Mobile Access	Logs regarding protection level compliance for SNX applications may refer to the general authorization policy rather than to the protection levels.
PRJ-13728, PRJ-13729, PMTR-54159	Mobile Access	In some scenarios, Web application SSO credentials are not displayed correctly in the 'Credentials' dialog when the application's destination hostname is configured as an IP address.
PRJ-11804, PRJ-12125, VPNRA-357	VPN	In some scenarios, an incorrect IPSec counter may be displayed with cpstats / SmartView Monitor / SNMP in a ClusterXL environment. Refer to sk167297.
PRJ-14203, PMTR-49502	VPN	"vpn_trap_multik: - wrong header length 36 != 72" message may appear in the vpnd.elg when working with multiple users with the same credentials. Fix is relevant for Gaia 3.10 only.
PRJ-2619, VPNS2S-445	VPN	VPN stability was improved for some scenarios. Fix is relevant for Gaia 3.10 only.
PRJ-12890, PRJ-13332, PRHF-10685	VPN	IKEv2 rekey may fail when the resolved peer IP address is not the main IP address. Refer to sk166897.
PRJ-12464, PRJ-13470, PRHF-388	VPN	In a rare scenario, Security Gateway may crash when using Remote Access VPN with L2TP clients.
PRJ-15988, PRJ-15983, PRJ-15984	VPN	Starting from R80.30 Jumbo Hotfix Take 210, clients that do not support MFA (such as Mac OS and iOS) cannot connect as Remote Access clients if MFA is enabled. Refer to sk168493.
PRJ-13407, PMTR-54443	VPN	In rare scenarios, the Global Domain Assignment view shows that a Global Domain Assignment is in the 'up to date' state even though it is not.
PRJ-13341, PRHF-1164	VPN	In some scenarios, L2TP client fails to connect with "failed to write L2TP session params to kernel" error in vpnd.elg file. Refer to sk167636.
PRJ-13529, PRJ-13531, VPNRA-398	VPN	In some scenarios, Remote Access VPN users are not matched against the Access Control policy and traffic is dropped. Refer to sk167432.
PRJ-2020, VPNS2S-445	VPN	VPN stability was improved for some scenarios.
PRJ-15240, PRHF-12039	VSX	VSs load up in parallel from boot/after cpstart from VS0. Fix is relevant for Gaia 3.10 only.
PRJ-14150, PRHF-11651	Endpoint Security	In some scenarios, no audit logs are shown regarding object changes in SmartEndpoint virtual groups and FDE pre-boot users. Refer to sk167907.
PRJ-14131, PRHF-7699	Endpoint Security	In some scenarios, the user cannot get an FDE Offline Management File (cpomf) for an offline group in SmartEndpoint if this group or a directory in its path has special characters \ _ %.