Take 255 - General Availability
Product | CPUSE offline package | SmartConsole package |
---|---|---|
Security Gateway / Standalone Gaia 2.6.18 |
Build 109 |
|
Security Gateway Gaia 3.10 |
||
Security Management |
||
Blink Image for Security Gateway Gaia 2.6.18 - Clean Install / Upgrade |
||
Blink Image for Security Management - Clean Install |
-
To download these packages, you need to have a Software Subscription or Active Support plan.
-
For Gaia Fast Deployment mechanism "Blink", refer to sk120193.
-
This version reached its End of Support. If you are using this version (or lower), we strongly recommend you to upgrade your environments. Check Point Recommended version for all deployments is R81.10 Take 335 with its Recommended Jumbo Hotfix Accumulator Take.
CPUSE Online Identifiers
Use these CPUSE Online Identifiers:
Check_Point_R80_30_JUMBO_HF_Bundle_T<Take number>_sk153152_Security_Gateway_and_Standalone_2_6_18_FULL.tgz
Check_Point_R80_30_JUMBO_HF_Bundle_T<Take number>_sk153152_Security_Gateway_3_10_FULL.tgz
and
Check_Point_R80_30_JUMBO_HF_Bundle_T<Take number>_sk153152_Security_Management_3_10_FULL.tgz
List of Resolved Issues and New Features
|
Note - This Take contains all fixes from all earlier Takes. |
ID |
Product |
Description |
---|---|---|
Take 255 Released on 8 September 2022 and declared as General Availability on 30 October 2022 |
||
PRJ-29703, |
Diagnostics |
In a rare scenario, the CPView history service may unexpectedly exit.
|
PRJ-37761, |
Security Management |
The FWM process on the Management Server may unexpectedly exit, creating a core dump file. |
PRJ-37986, |
Security Management |
After an Application Control update, some application control objects may disappear from SmartConsole, although they are not deprecated. |
PRJ-38398, |
Security Management |
An Application Control and URL Filtering update may get stuck because of a lock object duplicate issue. |
PRJ-39469, |
Security Management |
Management HA synchronization may fail with the "NGM failed to import data" error. |
PRJ-37884, |
Security Management |
Editing an object may fail with the "Could not access file for write operation" error. |
PRJ-37507, |
Security Management |
Deleting a domain may fail when using the createDomainRecovery.sh script with the "UID" flag. |
PRJ-38118, |
Security Management |
Policy installation may fail with "an internal error" if some objects are pointed to by an old deleted policy. Refer to sk122954. |
PRJ-38215, |
Security Management |
If Log Domain reassignment fails, an Application Control and URL Filtering update may get stuck at 70 percent showing the "Running post update actions" status. |
PRJ-38786, PRHF-23476 |
Security Management |
Install Policy Preset may fail with "The server did not provide a meaningful reply.". Refer to sk179524. |
PRJ-38122, PRHF-23066 |
Multi-Domain Management |
Although all Virtual Devices are deleted, deleting a Domain may fail with an "At least one Virtual Device is defined on this Domain/Domain Management Server. You need to delete all Virtual Systems/Routers prior to deleting Domain/Domain Management Server" message. |
PRJ-30962, EPS-562 |
Logging |
In some scenarios, the Forensics report fails to open from Harmony Endpoint logs. |
PRJ-39138, PRJ-39139, |
Logging |
In IPS Core Protections logs, the link to the Threat Prevention profile is written incorrectly. |
PRJ-40507, |
Security Gateway |
UPDATE: Added a defense mechanism against partial header attacks known as "Slowloris DoS" (CVE-2007-6750). |
PRJ-39953, PRJ-39954, PRHF-22814 |
Security Gateway |
UPDATE: Added support for RADIUS UPN authentication with MS-CHAPv2. To use it, enable the registry configuration in ckp_regedit -a SOFTWARE/Checkpoint/VPN1 RADIUS_MSCHAPV2_UPN -n 1. |
PRJ-40455, PRJ-40456, |
Security Gateway |
In a rare scenario, the FWK process may unexpectedly exit because of a memory allocation issue on the Security Gateway. |
PRJ-34168, |
Security Gateway |
After an upgrade, in a setup with a single Virtual System (VS), the Security Gateway may crash. |
PRJ-41002, PRJ-41004 |
Security Gateway |
In a VSX environment, SNMP queries to OSPF OIDs may fail. |
PRJ-34401, |
Security Gateway |
Deleting IP addresses in the SAM Database may fail. |
PRJ-40135, |
Security Gateway |
When Strict Hold is enabled, traffic is logged with the log "HTTP parsing error detected. Bypassing the request as defined in the Inspection Settings". Refer to sk169995. |
PRJ-31456, |
Security Gateway |
The CPD process may unexpectedly exit and create core dump files. |
PRJ-39803, |
Security Gateway |
In rare scenarios, the Security Gateway may crash when an inspected connection is timed out. |
PRJ-39682, |
Security Gateway |
An ICAP client crash may cause the Security Gateway also to crash and generate an FWK core dump. |
PRJ-36565, |
Internal CA |
UPDATE: In SmartConsole, added an alert to inform that the ICA certificate will be expired in less than one year. Refer sk158096. |
PRJ-34885, PRJ-34886, PMTR-77524 |
Threat Prevention |
When the Security Gateway is in "Detect Only" mode, Threat Prevention Blade exceptions may not be accelerated. |
PRJ-35772, PRJ-35773, |
Threat Prevention |
File transfer may be very slow when Anti-Virus Blade is enabled. |
PRJ-38681, |
Threat Prevention |
In a rare scenario, an IPS, Anti-Virus, or Anti-Bot update package may fail to load because of a timeout. |
PRJ-36382, |
Application Control |
Refer to sk178406. |
PRJ-36431, |
IPS |
When ClusterXL is configured, a file may pass without inspection during a failover. |
PRJ-39060, |
IPS |
In a VSX setup, the IP used as the origin SIC name in the IPS log may differ from the IP in other reports. |
PRJ-37723, |
DLP |
DLP logs for files uploaded to Microsoft OneDrive may not show the initial file names and extensions. Refer to sk178290. |
PRJ-39279, |
ClusterXL |
In a VSX cluster with three or more members, sudden failover and recovery of the Standby VS may occur, causing termination of connections from the Active member. Refer to sk179446.
|
PRJ-39836, |
ClusterXL |
When reconnecting the OSPF interface on both members in a cluster, a failover may occur when receiving a ROUTED PNOTE on the Active member. |
PRJ-39070, |
SecureXL |
UPDATE: Added a new kernel parameter "fw_allow_reverse_syn" for Smart Connection Reuse. This parameter allows or drops SYN packets coming from the reverse direction. The parameter is set to 0 by default, the Security Gateway drops such packets. Refer to sk24960. |
PRJ-39735, PRJ-39736, |
SecureXL |
There may be high CPU or/and latency in CIFS/SMB connections. |
PRJ-36855, PRJ-36856, PRHF-21863 |
SecureXL |
Policy installation may cause cluster failover and impact the traffic flowing through the cluster. |
PRJ-40292, PMTR-81618 |
SecureXL |
In an environment with a cluster in Active/Standby bridge mode, a kernel memory leak may occur.
|
PRJ-40906, |
SecureXL |
In a rare scenario, ipsctl kernel module does not load at startup. |
PRJ-38557, |
Routing |
UPDATE: Source Pruning will now be disabled by default when VRRP is enabled. This will prevent an interface from keeping the Standby member in Master state after port flapping. The issue is relevant only for Intel X710 network cards using the I40E driver. |
PRJ-40846, |
VPN |
UPDATE: Added a configurable protection for blocking brute-force attacks on VPN SNX portal. Refer to sk180271. |
PRJ-40986, |
VPN |
Resolved the "HTTP Response splitting" vulnerability in Security Gateway portals. Refer to sk179705. |
PRJ-40660, |
VPN |
There may be a low throughput in a Site-to-Site VPN tunnel between two VSX Gateways with enabled. |
PRJ-38791, |
VSX |
In some scenarios, it is not possible to start a vsx_util upgrade/downgrade after a failed attempt. |
PRJ-28950, |
VSX |
Multi-Queue configuration does not survive reboot on VSX. Refer to sk173950. |
PRJ-40248, |
VSX |
In VSX, when deleting a warp interface (either by deleting the warp itself or by performing the "reset_gw" command, which deletes all Virtual Devices), the VSX Gateway may crash.
|
PRJ-32704, |
VSX |
After restoring the VSX Gateway backup, the SNMP agent stops responding when the context is set for a specific VS.
|
PRJ-27468, |
Gaia OS |
UPDATE: A description was added to the output of the "show backup logs" command with information about each column. Refer to sk173970. |
PRJ-24451, |
Gaia OS |
UPDATE: Changed the Syslog message severity from "error" to "info" and removed the exclamation mark in a specific message which is displayed during the normal backup operation flow. |
PRJ-29071, |
Gaia OS |
UPDATE: Added support for the Excluded Files feature (sk116679) for XFS file system on Kernel 3.10. |
PRJ-36695, |
Gaia OS |
The /var/log/messages file may be flooded with "failed to update arp table file" messages. |
PRJ-40306, |
HCP |
Added Update 9 of HealthCheck Point (HCP) Release. Refer to sk171436. |
PRJ-40668, |
HCP |
Added Update 10 of HealthCheck Point (HCP) Release. Refer to sk171436. |