Take 219 - General Availability

List of Resolved Issues and New Features

Note - This Take contains all fixes from all earlier Takes.

ID	Product	Description
Take 219 Released on 13 September 2020 and declared as General Availability on 12 October 2020
PRJ-7663, PMTR-46091	Diagnostics	CPview may show partial information, if there are more than 256 interfaces configured on the system.
PRJ-16146, PMTR-58152	Security Management	NEW: The "cma_migrate" command will continue working if the SSH connection with the Multi-Domain Server was lost. If the user presses "Ctrl+C" while cma_migrate is running, the user will be asked whether to stop cma_migrate or to continue.
PRJ-14644, PRHF-11983	Security Management	NEW: Solr server process is restarted automatically if it is not responsive for a long time.
PRJ-16875, PRHF-12879	Security Management	In some scenarios, sessions that were opened for the third parties or automatic scripts that use Management API, remain open. Refer to sk169072.
PRJ-11703, PRHF-9017	Security Management	The Purge Revisions operation may not clean deleted objects of previous revisions.
PRJ-15496, PMTR-57275	Security Management	$MDS_FWDIR/scripts/solr_start.sh script may fail to start Solr Cure if sk123417 is applied.
PRJ-12491, PRHF-10058	Security Management	When using packet mode in Rulebase Search, results from inline layer may be matched even though their parent layer is not.
PRJ-16343, PRHF-12861	Security Management	Rulebase search may fail with "An error occurred while searching" if one (or more) of the rules that matches the search criteria has a reference to a security zone. Refer to sk168935.
PRJ-16196, PRHF-9260	Security Management	When running the "show-access-rulebase" API command with filter, and the selected layer is an inline layer, rules of the inline layer are not returned even though they match the search criteria.
PRJ-14296, PRHF-11704	Security Management	In rare scenarios, High Availability sync fails with "Ngm failed to import data" error after the user deletes a Permission Role.
PRJ-13462, PMTR-54975	Security Management	In rare scenarios, Install Policy Presets are not triggered.
PRJ-13918, MCFG-242	Security Management	In some scenarios, exporting the Security Management Server in order to migrate it to Domain in Multi-Domain Environment fails.
PRJ-14491, SMCUPG-1384	Security Management	In some scenarios, migrating two different Security Management Servers to domains in the same Multi-Domain Management Server fails.
PRJ-15609, PMTR-57447	Multi-Domain Management	NEW: Added ability to run Management REST API on a Multi-Domain Log Server.
PRJ-15458, PRHF-6093	Multi-Domain Management	Policy Installation may fail due to an internal error in an MDS environment where there is a Global Dynamic object usage inside Networks Groups with a depth that is higher than 2-level (group inside a group).
PRJ-14760, PRHF-12085	Multi-Domain Management	In some scenarios, migrating a Domain between different Multi-Domain Management servers fails if a previous migration of the same Domain failed.
PRJ-15415, PRJ-13920	Multi-Domain Management	In Multi-Domain environments with High Availability, if the Management Server is stopped while there's a Purge Revisions operations in progress, the server may fail to start again. Refer to sk168175.
PRJ-14454, PRHF-11940	Multi-Domain Management	Policies may disappear from the Global Domain Assignments view after running the Solr Cure utility. Refer to sk168060.
PRJ-13905, PMTR-54935	SmartConsole	In some scenarios, when working with older applications like SmartView or SmartProvisioning, the admin count in SmartConsole presents an incorrect number of connected admins.
PRJ-15969, PRHF-10916	SmartConsole	Global Policy reassign in MDS may fail with "An internal error has occurred" message after adding overrides to Snort protections.
PRJ-15371, PMTR-57065	SmartConsole	The user may not be able to delete objects that are referenced by a previously deleted policy. Refer to sk122954.
PRJ-15832, PMTR-39061	SmartProvisioning	In some scenarios, when the user installs policy on R77.30 Central Office Security Gateway from Management version R80 and higher, VPN tunnels may be dropped for LSM Gateways.
PRJ-14550, PMTR-53415	SmartProvisioning	After creating Small Office Appliance via SmartProvisioning GUI with SIC and CA name parameters provided, the VPN tab fields are not updated.
PRJ-14531, PMTR-55130	SmartView	In some scenarios, when the user attempts to download a DLP attachment from the log card in SmartView, the download does not start.
PRJ-14361, PMTR-54723	SmartView	In SmartView, the icon is missing from the cover page of Compliance and Content Awareness PDF reports.
PRJ-13561, PMTR-53242	Logging	In rare scenarios, the evstop script does not stop all logging processes. As a result, upgrade procedures may hang and show no progress.
PRJ-14048, PRHF-11502	Logging	In some scenarios, the "cp_log_export status" command prints "last log read at: N/A" rather then a timestamp.
PRJ-13170, PRHF-9994	Compliance	Compliance Partial Scans in Multi-Domain environments using Global Policies may lead to SmartConsole freeze or long publish times. Refer to sk170562.
PRJ-14368, PRJ-15747, PRHF-10818	Security Gateway	UPDATE: Reduced CPU usage in some configurations by parsing TLS traffic only when required by the policy. See sk166700 for more information.
PRJ-10297, PRJ-14638, PRHF-8781	Security Gateway	In some scenarios, the license status of the Security Gateway is not updated properly in SmartConsole.
PRJ-12946, PRJ-15333, PRHF-10972	Security Gateway	After policy installation, the output of the "cphaprob stat" command may show "HA module not started" when a large number of non-monitored Cluster interfaces are configured in SmartConsole. This fix adds support for multiple non-monitored interfaces in SmartConsole.
PRJ-9848, PRHF-7150	Security Gateway	In some scenarios, SCCP traffic may be dropped by the Security Gateway. Refer to sk108124.
PRJ-15769, PRJ-15770, PMTR-57606	Security Gateway	In some scenarios, some DNS protections may not be enforced.
PRJ-16157, PRJ-16158, PMTR-58124	Security Gateway	In a rare scenario, Security Gateway may crash after policy installation.
PRJ-15847, PRJ-15848, PMTR-57739	Security Gateway	SXL drop due to routing configuration when using security zone on bridge (layer2).
PRJ-14632, PRJ-14633, PRHF-12058	Security Gateway	In rare scenarios, Security Gateway memory consumption may increase.
PRJ-14068, PRJ-14069, AVIR-1090	Security Gateway	In rare scenarios, Security Gateway may crash due to memory allocation failure.
PRJ-9656, PRJ-8049	Security Gateway	When running 'fw6 ctl affinity -l' command, the IPv6 instances are not displayed. Fix is relevant for Gaia 3.10 only.
PRJ-13588, PRJ-15805, PRHF-11311	Security Gateway	In a rare scenario, Security Gateway may crash during policy installation.
PRJ-11141. PRJ-13149, PMTR-39019	Security Gateway	In some scenarios, "fwxlate_dyn_port_global_to_local_get_port: port was not found in global, and not in local" error message may appear in dmesg.
PRJ-14125, PMTR-56181	Security Gateway	In some scenarios, compilation errors during policy installation are ignored instead of immediately failing the policy. This may cause drops on the Security Gateway. Fix is relevant for Gaia 3.10 only.
PRJ-16405, PRHF-12305	Security Gateway	In some scenarios, when VPN Blade or ISP Redundancy are used, traffic may be routed to the wrong interface. Refer to sk168881. Fix is relevant for Gaia 3.10 only.
PRJ-15723, PMTR-39944	Application Control	In some scenarios, HTTP traffic is blocked with "HTTP parsing error occurred (2)" and "parameters are undecodable in request" errors. Refer to sk160092. Fix is relevant for Gaia 3.10 only.
PRJ-15687, PRJ-15688, PRHF-12067	HTTPS Inspection	In some scenarios, web traffic may be blocked with "Content Awareness - Error: Internal system error (1000)" error log.
PRJ-12564, IDA-2983	Identity Awareness	PDP may consume high CPU during policy installation because of a large amount of Access Roles.
PRJ-7759, PRJ-11482, PMTR-40495	SSL Inspection	DynamicID authentication may fail due to server certificate validation failure. Refer to sk167177.
PRJ-11510, SMB-12153	SSL Inspection	In some scenarios, there may be SSL Inspection issues in cluster environments on 1500 Series Security Gateways. Refer to sk170218.
PRJ-16486, PRJ-16489, PMTR-57645	IPS	In some scenarios, invalid characters are sent to gw-stat report.
PRJ-14547, PRJ-12053	Threat Extraction	Cluster synchronization fails for Threat Extraction.
PRJ-16106, PRJ-16105, PRHF-12463	URL Filtering	In some scenarios, there may be sporadic connectivity issues in the Anti-Malware/URLF service (RAD).
PRJ-16990, PRJ-16965	Mobile Access	Mobile Access portal may become unresponsive after Jumbo Hotfix uninstallation. Refer to sk169152.
PRJ-14610, PRJ-14611, PRHF-7700	SecureXL	UPDATE: Added a global variable that enables log for packets that include unapproved IP option. This variable is off by default.
PRJ-10496, PRJ-10497, PMTR-50926	SecureXL	In some scenarios, SecureXL makes an offload decision to not accelerate multicast traffic for route-based VPN.
PRJ-14515, PRJ-14516, PRHF-10860	SecureXL	In a rare scenario, a VSX gateway with Virtual Switch may crash.
PRJ-13761, PRJ-13762, PMTR-55537	SecureXL	Security Gateway may crash when concurrent connection rules exist in the DOS/Rate limiting policy and the Application Control Blade is enabled.
PRJ-13413, PRJ-14518, ACCHA-301	SecureXL	DECnet DIGITAL Network Architecture (Phase IV) traffic may be dropped. Refer to sk167202.
PRJ-15900, PRJ-15901, PRHF-12374	SecureXL	An asymmetric routing issue may occur between a Virtual System and a Virtual Switch/Router.
PRJ-16352, PRJ-16349	CoreXL	In a rare scenario, CPU consuming on some instances is high. Refer to sk168513.
PRJ-9402, PRJ-15354, STRM-152	QoS	In some scenarios, QoS Policy installation fails with the following massage: "Error - QoS Policy does not apply to any network interface. Please edit your Network Object and check the interfaces you wish to install on" when policy is defined properly on the interface.
PRJ-14433, PRJ-14434, PMTR-53221	Gaia OS	NEW: Added support for CPAC-4-10-AB cards.
PRJ-14595, PMTR-55036	Gaia OS	NEW: Added Multi-Queue (MQ) support for Management interface.
PRJ-15541,PRJ-15542, PRJ-9095	Gaia OS	NEW: Added a new feature for preventing MITM attacks when OS backup is stored on remote storage via SCP protocol. Refer to sk164234.
PRJ-14080, PMTR-54518	Gaia OS	NEW: The i40e driver version was upgraded to improve performance. Fix is relevant for Gaia 3.10 only.
PRJ-10078, PRJ-14537, PMTR-50675	Gaia OS	When enlarging the partition via lvm_manager from a small partition to a larger partition, the user may reach an internal filesystem settings limit. As a result, some filesystem monitoring commands unexpectedly exit. Refer to sk165258.
PRJ-13626, PRJ-14228, PRJ-15591, PRHF-11367	Gaia OS	The "show configuration" Clish command may show 'Exported by admin' instead of the correct user name.
PRJ-16272, PRJ-16273, PRHF-10941	Gaia OS	User fails to add ecsda hot keys via Clish to the hosts file. This prevents from setting up the scheduled backups before the system goes into production.
PRJ-5959, PRHF-6250	Gaia OS	In some scenarios, commands that were typed into Clish can be executed later on if the SSH session was uninterruptedly terminated.
PRJ-13271, GAIA-7496	Gaia OS	In some scenarios, the value for Voltage/Fan/Temperature sensor may appear as "NotValid" instead of a number.
PRJ-11129, PMTR-51775	Gaia OS	Setting LACP rate does not survive a reboot on Gaia 3.10.
PRJ-15860, PMTR-57779	Gaia OS	"... Error I40E_AQ_RC_EINVAL adding RX filters on PF..." error may appear during i40e driver operation and RSS key may be reset during certain driver operations. Fix is relevant for Gaia 3.10 only.
PRJ-14512, PRJ-14513, PRHF-6216	Routing	BGP connection may fail to establish when there are multiple peer groups with the same AS number in iBGP configurations.
PRJ-15484, PMTR-54930	Routing	BGP fails to establish with high MTU setting on Gaia 3.10.
PRJ-16018, PRHF-12425	CloudGuard IaaS	In some scenarios, CloudGuard Controller may lose connection to GCP projects. Refer to sk168499.
PRJ-12184, VSECC-1293	CloudGuard IaaS	CloudGuard Controller may sometimes update the Standby cluster member in VSLS mode.
PRJ-14405, PRJ-14406, PMTR-54728	VPN	Connectivity improvements for Remote Access VPN with L2TP.
PRJ-14574, PRJ-14575, PMTR-54771	VPN	IP compression may not work in some scenarios when IKEv2 is configured.
PRJ-14242, PRJ-14243, PRHF-7995	VPN	VPN traffic may be dropped when working with peer behind NAT - Hide NAT with Port Translation.
PRJ-11051, PRJ-14391, PRHF-7972	VPN	Improved NAT Detection with 3rd party peers in IKEv1 and IKEv2. Refer to sk165003.
PRJ-10952, PRJ-14318, PRHF-8923	VPN	In some scenarios, VPN tunnel connection is dropped with "no MSA for MSPI" error. Refer to sk167393.
PRJ-15329, PRJ-15330, VPNRA-379	VPN	In some scenarios, Remote Access VPN traffic may be dropped when XFF is enabled.
PRJ-15321, PRJ-15320, PMTR-48973	VPN	In some scenarios, using LS/HA mode on a VPN tunnel may cause packets to be dropped. Refer to sk160612.
PRJ-12808	Endpoint Security	NEW: Added support for BitLocker Encryption Management in Full Disk Encryption. Requires R80.30 SmartConsole Build 92 (or higher).