Take 221 - Ongoing

List of Resolved Issues and New Features

Note - This Take contains all fixes from all earlier Takes.

ID	Product	Description
Take 221 Released on 21 October 2020
PRJ-17453, PRJ-17454, PMTR-58781	Diagnostics	In some scenarios, peak values for interfaces are not updated in CPView.
PRJ-15500, PMTR-56638	Security Management	NEW: The $MDS_FWDIR/scripts/cpm_status.sh script will show if the CPM process fails to start.
PRJ-15564, PRHF-12170	Security Management	NEW: In some scenarios, modifying or deleting objects in bulk may cause slowness in SmartConsole responses and long duration of operations. Ability to improve performance in such cases was added. Refer to sk135972.
PRJ-14525, PRJ-13319	Security Management	Upgrade from R80.10 may take many hours when there are hundreds or more Administrators and dozens or more Permission Profiles defined.
PRJ-15416, PMTR-48628	Security Management	In some scenarios, Read-Only sessions appear twice in the Sessions view.
PRJ-18046, PRHF-13462	Security Management	In rare scenarios, a Management server may become inaccessible and requires a reboot. Refer to sk170634.
PRJ-17072, PRJ-13851	Security Management	In some scenarios, the Security Management Server's startup takes a very long time after editing or deleting many Administrators.
PRJ-13726, PMTR-55574	Multi-Domain Management	NEW: Global object deletion will be blocked if used in Domains on the Multi Domain Server. The "Unused Objects" filter in the Global Domain will show objects only if not used by all of the Domains on the Multi-Domain Server.
PRJ-16437, PRHF-12236	Multi-Domain Management	After upgrading a Multi-Domain Management Server, the object version of the Domain Management Servers or Domain Log Servers in the MDS SmartConsole may not have changed.
PRJ-17022, PMTR-58167	Multi-Domain Management	On MDS environment with Global VPN Community usage, policy installation mail fail with "internal error" message after upgrade. Refer to sk169157.
PRJ-15719, PRHF-12271	Multi-Domain Management	When the user attempts to add/change the Leading Interface through mdsconfig, it may fail with the "no external interfaces found on this machine" error. Refer to sk168319.
PRJ-17306, PMTR-59799	Multi-Domain Management	In rare scenarios, the FWM process may unexpectedly exit and fail the Multi-Domain Management server upgrade.
PRJ-16642, PMTR-58309	Multi-Domain Management	In some scenarios, Domain Management Server is shown in System Domain under Domains View even though it was deleted.
PRJ-17069, PMTR-59232	Multi-Domain Management	In some scenarios, Domain appears in the System Domain without any Domain Servers.
PRJ-13795, PMTR-43231	Multi-Domain Management	In a Multi-Domain Server, domain-related processes may not start when the user runs "evstop" and then "evstart".
PRJ-12245, PRHF-10477	Multi-Domain Management	In some scenarios, a Global Administrator connected to the Logging and Monitoring view in MDS cannot see auto-complete suggestions when typing in the logs search box. Refer to sk166752.
PRJ-16426, PMTR-58559	Multi-Domain Management	Management HA incremental synchronization may break in the MDS level with "failed to import data" error message due to an operation related to the Compliance Blade.
PRJ-13455, PRHF-10952	SmartConsole	In some scenarios, Management API commands with "details-level":"full" Payload return a truncated output and fail to complete. Refer to sk170414.
PRJ-12854, PRHF-10453	SmartConsole	Hit count data may not be deleted automatically.
PRJ-7307, PMTR-45443	SmartConsole	When creating SecuRemote DNS object with more than 6 characters as Domain suffix, it fails with the "Domain suffix contains illegal characters" error.
PRJ-17006, PMTR-48331	SmartConsole	When using SmartConsole CLI, the application may unexpectedly terminate if the input has quotation marks that are not closed.
PRJ-16061, PRHF-12395	SmartConsole	In some scenarios, certain Gateways do not appear in the IPS Core protections list. Refer to sk168474.
PRJ-9660, PRHF-8304	SmartConsole	In rare scenarios, Access policy installation may be incorrectly blocked. A verification incorrectly states that HTTPS Inspection rules do not contain 'Any' or 'Application/Site' objects in the Site Category column, even though they do.
PRJ-16467, PRHF-11438	SmartConsole	Update corporate Gateway procedure takes a long time and may cause login issues and general slowness in the Provisioning GUI.
PRJ-14356, SL-4323	SmartView	In SmartView, when the user sends a generated report via email in a language with non-standard English letters (Accented, Cyrillic, Chinese, Japanese, etc), some of the text may appear as question marks (?).
PRJ-16434, PMTR-53663	SmartView	In SmartView's GDPR Report, some of the text appears in German although the selected language is not German.
PRJ-16889, PMTR-59093	SmartView	In SmartView, after adding a new page to a report, the preview page appears to have no data although it has (this data appears in the Edit Mode).
PRJ-17017, PMTR-59317	Logging	UPDATE: Added ability to filter Threat Prevention and Endpoint logs by file size on a Log server machine via Logs & Monitor view in SmartConsole.
PRJ-13349, PMTR-54708	Logging	In some scenarios, when the user configures the log exporter filter with the "cp_log_export" command (action, origin, product), the filter is not configured properly according to the used format.
PRJ-13622, PRHF-11057	Logging	Leef format is not certified with IBM causing the following issues: Wrong header and wrong value in "cat" field. Duplicate product values in "cat" field Exported logs contain fields with the same name. Refer to sk170199.
PRJ-17005, PRJ-17009, PMTR-55179	Logging	In some scenarios, the "CGsoapSessions::AuthenticateSession failed, session is not authenticated" message may appear in mds.elg or fwm.elg file. Refer to sk152933.
PRJ-15598, PRJ-15607, PRJ-13567	Security Gateway	In some scenarios, policy installation fails with "Error code 0-2000121".
PRJ-13887, PRJ-14440, PRHF-9759	Security Gateway	An interface name with more than 15 characters may cause the policy installation to fail. Refer to sk167955.
PRJ-13694, PRJ-13695, PMTR-55510	Security Gateway	Proxy arp change is applied only after the second policy installation.
PRJ-16399, PRJ-16400, PRHF-12631	Security Gateway	When using Management Data Plane Separation (MDPS), schedule backup may fail.
PRJ-16087, PRJ-16088, PRHF-12224	Security Gateway	In rare scenarios, a memory leak may appear on Security Gateway in gconn table.
PRJ-17311, PRJ-17312, PMTR-59182	Security Gateway	In rare scenarios, Security Gateway memory consumption may increase.
PRJ-15839, PRJ-15840, PRHF-12221	Security Gateway	ICAP block page displays virus name as "Unknown" instead of the virus name as it appears in the logs.
PRJ-17086, PRJ-17087, PRHF-13025	Security Gateway	When using a routing separation, syslogd does not move to the management plane.
PRJ-16911, PMTR-59141	Security Gateway	In some scenarios, a timeout occurs when the user enables resource separation via Clish. Refer to sk170372. Fix is relevant for Gaia 3.10 only.
PRJ-11292, PRJ-13902, PRHF-8491	Security Gateway	Unused OIDs may appear in SNMP MIB file.
PRJ-16664, PRJ-16665, PRHF-12727	Security Gateway	Security Gateway running in USFW mode (User-Mode Firewall) may crash with fwk core dump. Refer to sk169119.
PRJ-16316	Identity Awareness	NEW: Enable client based policy (e.g. authentication) for cloud-based environments for connections with NAT on the source. Fix is relevant for Gaia 3.10 only.
PRJ-17650, PRJ-17651. PMTR-44711	Identity Awareness	In some scenarios, user cannot authenticate to Captive Portal as a Guest User.
PRJ-12544, PRJ-12545, PMTR-52404	Identity Awareness	In a rare scenario, a standby cluster member receives updates from identity sources and creates a mismatch in the PDP tables.
PRJ-15580, PRHF-9645	Application Control	In some scenarios, deprecated applications are not removed/replaced during an upgrade from R77.30 to R80.x. Refer to sk131372.
PRJ-17198, PRJ-17199, PMTR-59565	HTTPS Inspection	In a rare scenario, a connection remains open after it is closed by the server, and the web browser may load a page for a long time.
PRJ-14258, PRJ-16218, PMTR-39143	Threat Extraction	Watermark insertion may fail in spreadsheet files where the column range is not defined.
PRJ-16924	Anti-Virus	In rare scenarios, after downloading files, Anti-Virus prevent logs appear with "Strict hold is not possible failure - Write to other side occured" error message.
PRJ-13789, PRJ-15361, PRHF-10357	IPS	Support bypass SMBv3 multi-channel when SMB feature is enabled for Anti-Virus or Threat Extraction (see sk101606).
PRJ-15975, PRJ-15976, PMTR-57915	UserCheck	In some scenarios, the UserCheck daemon usrchkd may unexpectedly exit.
PRJ-17452, PRJ-17639, PRHF-12934	UserCheck	In some scenarios, UserCheck agent notifications may be blocked.
PRJ-14650, PRJ-14651, PMTR-56622	Mobile Access	The Mobile Access Blade's portal dialog for editing web application SSO credentials may not work correctly.
PRJ-13845, PMTR-42541	Mobile Access	Browser based applications cannot be opened in MAB portal.
PRJ-17447, PRJ-17446	Mobile Access	Mobile Access Blade may fail to install on VSX environments due to a missing configuration file.
PRJ-2923, PRJ-14462, PRHF-4457	SecureXL	In a rare scenario, the Security Gateway may crash when deleting certain non-TCP connections.
PRJ-18532, PRJ-18533, PMTR-61276	SecureXL	In rare scenarios, when a Wire-Mode is configured on a community, it may cause a Security gateway from another community not to accelerate connections in SecureXL.
PRJ-16682, PRJ-16683, PRHF-12714	SecureXL	In a rare scenario, Security gateway may crash when receiving packets from an MDPS management interface.
PRJ-9563, PRJ-14831, PRHF-9919	SecureXL	In a rare scenario, Security gateway may crash when the Drop Template feature is enabled.
PRJ-17449, PRJ-17450, PRHF-13029	SecureXL	In some scenarios, CPView may show incorrect statistics for VPN encrypted/decrypted packets.
PRJ-6002, PRJ-15712, PRHF-2914	SecureXL	In some scenarios, output of "fwaccel stat" command does not display the layer name that disables the templates (only "Layer ---" is displayed). Refer to sk145533.
PRJ-16578, PRJ-16579, SPC-3089	Routing	In some scenarios, the routed daemon may unexpectedly exit with BGP.
PRJ-17712, PRJ-17713, ROUT-954	Routing	Security Gateway may stop forwarding the Multicast stream when PIM is configured on it. Refer to sk169774.
PRJ-15819, PRHF-12144	VPN	NEW: Performance improvement of VPN tunnel when using SHA-384. Refer to sk168336. Fix is relevant for Gaia 3.10 only.
PRJ-15715, PRJ-16031, PMTR-40124	VPN	UPDATE: Connection types summary was added for "vpn tu tlist" and "vpn show_tcpt" commands. Incorrect number of connected users may be displayed in "vpn show_tcpt" summary line output.
PRJ-14343, PRHF-7359	VPN	Improved usability of VPN tunnel monitoring "vpn tu" command. Fix is relevant for Gaia 3.10 only.
PRJ-15620, PRJ-15621, PMTR-57459	VPN	Access Roles with MAB SNX as the client type may not work.
PRJ-16209, PRJ-16210, VPNRA-469	VPN	In rare scenarios, the Security Gateway may crash after VPN users connect to the network.
PRJ-16411, PRJ-16412, PMTR-55514	VPN	In rare scenarios, Remote Access clients may not be able to re-connect after a failover.
PRJ-15836, PRJ-15837, PMTR-40895	VPN	When a Gateway does not recognize the SPI, it sometimes sends the "Invalid SPI" notification in clear. As a result, the peer may ignore it, resulting in an outage.
PRJ-16720, PRJ-16721, PMTR-57565	VPN	Remote Access potential connectivity issue when there are more than 1 external interfaces.
PRJ-17633, PRJ-17634, PMTR-42363	VPN	The VPND process may unexpectedly exit when the user runs the "vpn tu" command.
PRJ-16864, PRJ-16865, PMTR-55844	VPN	Software Blade name inconsistency between login and logout logs of an SNX client.
PRJ-17314, PRJ-17331, PRHF-12973	VPN	Added VPN IKEv2 improvements.
PRJ-16726, PRJ-16727	VPN	Added VPN connection improvements.
PRJ-17773, PRJ-17706	VPN	The VPND process may unexpectedly exit during IKEv2 negotiation.
PRJ-16595, PRJ-12770, PRHF-10314	VPN	In some scenarios, RADIUS authentication may take more than five minutes to be fulfilled with Endpoint Clients, reaching connection timeout on the Gateway side.
PRJ-16268, PRHF-12508	VSX	Latency and/or packet loss may occur for traffic which passes through a Virtual Switch in a VSX Gateway. Refer to sk168592.
PRJ-16305, PRHF-11856	Gaia OS	NEW: Added Multi-Queue (MQ) support for Sync interface. Fix is relevant for Gaia 3.10 only.
PRJ-11045, PRJ-11046, ACCL-417	Gaia OS	UPDATE: CPView Network -> Top-Protocols and Network -> Top-Connections tabs were added back. Refer to sk167903.
PRJ-11993, PRJ-15408, PRHF-10312	Gaia OS	In rare scenarios, a snapshot creation may fail.
PRJ-16315, PMTR-55189	Gaia OS	In some scenarios, Cluster does not recognize bond slaves. Fix is relevant for Gaia 3.10 only.
PRJ-15464, PRJ-15465, PMTR-56502	Gaia OS	"show asset" command shows the Network card model CPAC-4-1C instead of CPAC-4-1C-L.
PRJ-4869, PRJ-16255, PRJ-16256, PRHF-5016	Gaia OS	A Timestamp in Unix/Epoch time may not be updated when the user changes a password using hash.
PRJ-14313, PRJ-14314, PRHF-11752	Gaia OS	In rare scenarios, gateway uptime in SmartConsole may show an abnormally high number. Refer to sk167937.
PRJ-15615, PRJ-11969, PRHF-9336	Gaia OS	The confd process may unexpectedly exit when the user runs the "show/set/add interface" long command. Refer to sk167635.
PRJ-14263, PMTR-39601	Gaia OS	The "show security-gateway monitored-interfaces" command may return wrong output. Refer to sk166902. Fix is relevant for Gaia 3.10 only.
PRJ-16566, PRHF-12526	Gaia OS	In the Management Data Plane Separation (MDPS) environment, the output for the "show asset network" command may not report some line cards if they have mixed management/data plane interfaces. Fix is relevant for Gaia 3.10 only.
PRJ-14459, PRHF-9702	Gaia OS	It is not allowed to create usernames with reserved words, e.g., 'eval', 'apply' etc., in the middle of the username in the WebUI. Refer to sk170681.
PRJ-16078, PRJ-16079, PMTR-57581	Gaia OS	In some scenarios, when the user tries to return to the factory default, the machine reverts to a different snapshot.
PRJ-12739, PMTR-51157	Gaia OS	Restore backup may fail due to unmatched upgrade tools.
PRJ-12861, PMTR-51379	Gaia OS	Creating LOM users for Smart-1 525/625/5050/5150 appliances may fail if the username length is shorter then 4 characters.
PRJ-9118, PRJ-15227, PRHF-4435	Gaia OS	In some scenarios, SNMP fails to report disk utilization.
PRJ-13941, PRJ-16310, PRHF-11368	Gaia OS	In some scenarios, when the RADIUS user enables bash logging (as per sk99134) and moves to expert mode, the username in the log files appears as admin instead of RADIUS.
PRJ-16528, PMTR-43791	CloudGuard IaaS	NEW: Improved CloudGuard Controller logging options.
PRJ-12836, PMTR-53868	CloudGuard IaaS	NEW: Added new AWS regions af-south-1, ap-northeast-3, and eu-south-1.
PRJ-16253, PRHF-12538	CloudGuard IaaS	Scanning of GCP Data Center may fail when instance does not have disks.
PRJ-16599, PRHF-12083	Endpoint Security	In some scenarios, Policy server stops syncing with the Endpoint Security Server. Refer to sk168912.