Take 227 - General Availability

List of Resolved Issues and New Features

Note - This Take contains all fixes from all earlier Takes.

ID	Product	Description
Take 227 Released on 15 December 2020 and declared as General Availability on 28 January 2021
PRJ-14510, PRHF-11981	CPView	In some scenarios, CPView may unexpectedly exit after upgrade from R80.20 GA.
PRJ-17661, PMTR-43792	CPView	CPView history may save data for a short period only. Refer to sk172264. Fix is relevant for Gaia 3.10 only.
PRJ-18835, PRJ-18768, PRHF-13728	Security Management	NEW: Improved FWM process performance during policy or database installation.
PRJ-16368, PRHF-12594	Security Management	When logging into SmartConsole directly to a Domain using Radius or TACACS, the Authentication method in the audit log may show as "Internal Password". Refer to sk168716.
PRJ-17042, PMTR-59394	Security Management	In rare scenarios, some objects may be locked and not available for editing. Refer to sk169772.
PRJ-18816, PRHF-13819	Security Management	Management HA synchronization between Multi-Domain Management Servers may fail with "Failed to import data" error due to manual or automatic updates of contracts.
PRJ-19022, PMTR-61616	Security Management	In rare scenarios, FWM process may unexpectedly exit after a login attempt to the Management server.
PRJ-18491, PRHF-13681	Security Management	In rare scenarios, a policy installation task may never complete.
PRJ-16473, PMTR-58630	Security Management	Login with SmartConsole is blocked while purge revisions task is running.
PRJ-18689, PRHF-13744	Multi-Domain Management	Database installation to the newly created Domain Log Server may fail.
PRJ-18906, PMTR-61579	Multi-Domain Management	In some scenarios, size of MDS backup file increases after each policy installation.
PRJ-18682, PRJ-18683	Multi-Domain Management	In some scenarios, domain import to a Multi-Domain Management Server may fail.
PRJ-17237, PMTR-59666	Multi-Domain Management	On Multi-Domain environments with multiple Multi-Domain servers connected in HA, operations such as "Log in" and "Reassign Global Domain" may fail due to high load on FWM process.
PRJ-7432, PRHF-7241	Multi-Domain Management	In rare scenarios, reassigning the Global Policy on a specific domain fails with "An internal error has occurred". Refer to sk163938.
PRJ-13475, PRHF-11299	Multi-Domain Management	Domain Servers may disappear from Multi-Domain view after running the Solr Cure utility.
PRJ-17879, PMTR-60559	SmartConsole	In Global Properties under Stateful Inspection tab, the "TCP end timeout (R80.20 and higher gateways)" option does not support values higher than 60 seconds. Requires R80.30 SmartConsole Build 98 (or higher).
PRJ-15817, PRHF-12352	SmartConsole	In some scenarios, Management API does not start automatically after restart, although automatic start is enabled. Refer to sk168332.
PRJ-18040, PMTR-60761	SmartConsole	In some scenarios, after a successful IPS update, the new IPS version does not appear under 'switch version' window.
PRJ-18329, PMTR-58703	SmartConsole	Exception group may be incorrectly deleted in the following scenarios: "Apply On" in exception group is changed from "Automatically attached to each rule with profile" to "Automatically attached to all rules". A profile that was attached to the exception group, is deleted. The group is removed from the exception groups list, however it remains in the Threat Prevention rulebase.
PRJ-17642, PRHF-13379	SmartConsole	When creating a user with Check Point password authentication through the Management API, log in to Mobile Access portal may fail. Refer to sk170412.
PRJ-19058, PMTR-34323	SmartConsole	Upgrade may fail due to IPS protections comment that is exceeding the comment length limit.
PRJ-18774, PMTR-59827	SmartConsole	In some scenarios, FWM and CPD processes may consume high CPU due to large number of Security Management/Security gateway objects in the policy.
PRJ-16705, PRHF-12819	SmartConsole	Enabling Threat Prevention policy may fail with validation errors when the policy's targets include cluster members running a version lower than R80.10.
PRJ-17413, PRHF-13223	SmartConsole	When removing an object from a group using the "groups" field of the object's module in the Ansible collection, the group will not be changed and Ansible will show that no changes are needed.
PRJ-18308, PRJ-18307	SmartProvisioning	NEW: Added support for Threat Emulation blade on LSM profile of R80.20 SMB gateways and clusters. Requires R80.30 SmartConsole Build 98 (or higher).
PRJ-17481, PRHF-12997	SmartProvisioning	In some scenarios, when recreating a ROBO object with the same name, the new object receives the previous status.
PRJ-488, SL-1896	Logging	In SmartConsole logs tab, filtering logs by the field "Method" may return empty results when using the values PROPFIND, CCM_POST or PATCH.
PRJ-19001, PRJ-19002, PRHF-13892	Security Gateway	In some scenarios, when using routing separation, connection from data plane to management plane is dropped.
PRJ-19180, PRJ-19182, PMTR-61822	Security Gateway	Connections may be wrongly matched on Domain or Updatable objects used in Security policy.
PRJ-14447, PRJ-14448, PMTR-10041	Security Gateway	In some scenarios, large number of interfaces defined on Security gateway may cause high CPU utilization by CPD process. Refer to sk168674.
PRJ-17367, PRJ-17368, PRHF-858	Security Gateway	DynamicID via SMTP does not work when an HTTP proxy server is defined.
PRJ-13260, PRJ-14257, PRHF-9930	Security Gateway	In a rare scenario, traffic is dropped with the "[ERROR]: up_handle_get_matched_service_clob: no clob list on handle for type SERVICE;" error in dmesg.
PRJ-17958, PRJ-17959, PMTR-60574	Security Gateway	In some scenarios, policy installation fails with "Error code 0-2000077".
PRJ-17605, PRHF-1162	Internal CA	In some scenarios, manual edit of user's certificate expiration period does not take effect. Refer to sk143292.
PRJ-18421, PRJ-18422, MPTT-2224	Internal CA	In a rare scenario, some emails with links are cached due to timeout failure.
PRJ-18823, PRJ-18824, PRHF-13605	HTTPS Inspection	Cannot browse with Chrome when using mixed chain with ECDSA subordinate CA in HTTPS Inspection. Refer to sk170332.
PRJ-18245, PRJ-18124	Identity Awareness	NEW: Added Identity Sharing's performance and functionality improvements. Refer to sk170516.
PRJ-16170, PRJ-16171, IDA-754	Identity Awareness	When working with AD server without global catalog enabled and nesting query is set to 'pdp nested_groups __set_state 2', direct groups are fetched correctly, but nested groups are not fetched. Refer to sk166199.
PRJ-18343, PRJ-18344, PRHF-11733	IPS	NEW: Added ability to send connection log per application match for ATM transactions identification. The functionality is disabled by default and can be enabled by using the "up_duplicate_connection_log_on_packet_matched_app_enabled" kernel parameter.
PRJ-19153, PRJ-19167, PMTR-48913	Anti-Malware	In some scenarios, files stop passing when the Threat Emulation inspection takes a too long time.
PRJ-19737, PRJ-19738, PRJ-17439	Anti-Malware	In some scenarios, users may fail to access a web site with many malicious URLs.
PRJ-15942, PRJ-15943, PRHF-12119	Anti-Malware	In a rare scenario, Security gateway may crash after a match of the Anti-Bot blade.
PRJ-11729, PRJ-15700, PMTR-52415	Anti-Malware	In some scenarios, custom intelligence feeds with URL encoding characters may not be parsed correctly. Refer to sk168077.
PRJ-8614, PRJ-13385, NSS-2348	Anti-Malware	In some scenarios, dmesg may show many "rad_client id 6 is not register" errors.
PRJ-13731, PRJ-13601	Anti-Malware	In some scenarios, some emails may not be scanned by Anti-Bot's Suspicious Mail Protection when IPv6 is configured. Fix is relevant for Gaia 3.10 only.
PRJ-16648, PRJ-16649, PRHF-13642	Anti-Malware	In some scenarios, if the configuration file size is more than 2GB, the "File exceeded size limit" message appears when Anti-Virus blade works in Hold mode.
PRJ-13579, PRHF-9289	Anti-Malware	In some scenarios, a "Feed Error" message appears when the user fetches a Custom Intelligence Feed. Refer to sk165932. Fix is relevant for Gaia 3.10 only.
PRJ-13199, PRJ-14280, IPS-898	Anti-Malware	Security Gateway may crash when trying to access a site encoded with Base64.
-	Gaia OS	NEW: Added support for 1570R and 1600 / 1800 SMB appliances.
PRJ-16670, PRJ-16671, PMTR-53960	Gaia OS	UPDATE: CPView Network -> Top-Protocols and Network -> Top-Protocols tabs was added back. Refer to sk167903.
PRJ-16264, PMTR-55837	Gaia OS	Multi-Queue IRQ affinity is set incorrectly for i40e and MLNX interfaces. Fix is relevant for Gaia 3.10 only.
PRJ-19049, PRHF-13949	Gaia OS	In some scenarios, when using routing separation, modifying interface IP address fails. Fix is relevant for Gaia 3.10 only.
PRJ-18024, PRJ-18025, PRHF-13480	Routing	SNMP queries for bgpPeerFsmEstablishedTime return an incorrect constant value. Refer to sk170074.
PRJ-17854, PRJ-17855, PRHF-13388	Routing	In rare scenarios involving large AS paths, there may be a loss of BGP adjacency. Refer to sk170876.
PRJ-18968, PRJ-18797, PMTR-46178	Routing	In some scenarios, the ROUTED process unexpectedly exits when removing an OSPF interface that had authentication configured. Refer to sk170272.
PRJ-14128, PMTR-42541	Mobile Access	Browser based applications cannot be opened in MAB portal. Fix is relevant for Gaia 3.10 only.
PRJ-18070, PMTR-59437	VPN	NEW: Added Remote Access VPN performance improvements. Fix is relevant for Gaia 3.10 only.
PRJ-17675, PMTR-60218	VPN	NEW: Added Remote Access VPN performance improvements in USFW (User-Space Firewall). Fix is relevant for Gaia 3.10 only.
PRJ-13094, PRJ-17595, PRHF-11004	VPN	RADIUS packet sent by Security gateway, may show the Framed-IP-Address field in the reverse order. Refer to sk167361.
PRJ-17026, PRJ-17027, PRHF-5394	VPN	The VPND process cannot stop listening on port 264.
PRJ-17084, PRHF-12828	VPN	Connectivity issue may appear between Check Point Gateway and 3rd party device in MEP DPD configuration when 3rd party device is defined as Central Gateway in MEP. Relevant error message: "Failed to resolve VPN MEP gateway". Fix is relevant for Gaia 3.10 only.
PRJ-17341, PMTR-59783	VPN	In rare scenarios, VPN clients may disconnect during Security policy installation. Fix is relevant for Gaia 3.10 only.
PRJ-17267, PRJ-17268, VPNRA-404	VPN	When Security gateway is behind NAT and its main IP address is configured to NAT IP, Client may disconnect when using Visitor Mode.
PRJ-10034, PRJ-16396, CRYPTOIS-661	VPN	In some scenarios, Security Gateway Portals and Remote Access VPN clients show wrong certificate after certificate renewal. Refer to sk131212.
PRJ-17166, VPNS2S-1446	VPN	Different VPN connection improvements.
PRJ-18105, PRJ-18106, PRHF-13218	VSX	In rare scenarios, dynamic objects database may be cloned between Virtual Systems. Refer to sk169514.
PRJ-17298, PRJ-17299, PMTR-59775	VSX	Connections distribution may get unbalanced on VSX environment. Refer to sk169352.
PRJ-17328, PMTR-53247	VSX	In some scenarios on a VSX machine, when SNMP is in VS mode, USM users are not recognized and SNMP queries such as SNMPWALK, get error message "unknown user". Fix is relevant for Gaia 3.10 only.
PRJ-14260, PRJ-14261, PRHF-11784	VSX	In some scenarios, wrong (too big) SNMP values are displayed when running SNMP query.
PRJ-17207, PMTR-59637	Compliance	UPDATE: Added ability to select 'Any' in the Service column when creating a custom firewall Best practice. Requires R80.30 SmartConsole Build 98 (or higher).
PRJ-16464, PRHF-10929	Endpoint Security	In some scenarios, content of the "User Name" tab in SmartEndpoint is displayed in wrong format.
PRJ-15858, PRHF-7446	Endpoint Security	An exception may be displayed in SmartEndpoint when uploading an offline group software deployment package. Refer to sk165852.
PRJ-16286, PRJ-16287, PMTR-58322	VoIP	NEW: Added support for HopCount field in H323 protocol. Refer to sk169513.
PRJ-17751, PMTR-60322	CloudGuard IaaS	In some scenarios, userspace cores may appear on CloudGuard for Azure Gateways with VPN enabled and using AES-GCM-256 and AES-256. Refer to sk169417. Fix is relevant for Gaia 3.10 only.