Take 76 - Ongoing
List of Resolved Issues and New Features
|
Note - This Take contains all fixes from all earlier Takes. |
ID |
Product |
Description |
---|---|---|
Take 76 Released on 11 October 2019 |
||
- |
General |
Added GUI support for Check Point 26000 and 16000 appliances. Refer to sk162832. |
- |
General |
Added support for Check Point 26000T and 16000 model appliances and CloudGuard IaaS products AWS, Azure, GCP. |
PRJ-2726, |
Upgrade |
Added a pre-upgrade verification that Global network objects with NAT configuration are not supported. |
PRJ-718, |
Security Management |
Enhancement: added feature for tracking random CPM process crashes on Security Management server. Refer to sk150913. |
PRJ-3604, |
Security Management |
Added ability to automatically determine the API process memory allocation to avoid "Out of memory" errors. Refer to sk119553. |
PRJ-4241, |
Security Management |
When many users are connected to and actively working in the same domain in SmartConsole, they may experience:
|
PRJ-4729, |
Security Management |
After deleting a network object that is part of a network group, the audit log of the group modification does not show who is the removed member. Refer to sk164057. |
PRHF-3242, |
Security Management |
In a rare scenario, the policy verifier ignores rules with object named "Internet" used with negate operator. |
PRJ-4306, |
Security Management |
Added a mechanism to prevent the Management Server from starting if an import process was interrupted. |
PRJ-2339, |
Security Management |
In some scenarios, user cannot discard or publish a work session, receiving the general message "Internal error". |
PRJ-1762, |
Security Management |
Due to a failed full sync, FWM was restarted unexpectedly and obsolete domain sessions were used in the global policy assignment. |
PMTR-23492, |
Security Management |
Added support for Internal CA certificate replacement. |
PRJ-3874, |
Security Management |
In some scenarios, size of the shadow_object.C file increases after each policy installation, eventually causing a failure in installing a policy. |
PRJ-2341, |
Security Management |
In a rare scenario, the Security Management server does not start due to a missing object, or a duplication of objects. |
PRJ-1493, |
Security Management |
In some scenarios, traffic is dropped with "network_classifier_get_dynobjs_for_ip: failed to get UUIDs for IP 0.0.0.0" and "kfunc_ip_ranges_to_dynobj: network_classifier_get_dynobjs_for_ip failed" errors in dmesg when dynamic object is used in access policy. |
PRJ-1380, |
Security Management |
In some scenarios, upgrade from R7x fails with core file of cpdb process due to an empty field in 'autoupdate_and_install_settings' object. |
PRJ-1974, |
Security Management |
In some rare scenarios CPM server does not start after a failure in delete domain. |
PRJ-1518, |
Security Management |
Performance and stability improvements in large High Availability setups. |
PRJ-3879, |
Security Management |
Cannot export a .pdf file from the License inventory view after Jumbo HotFix installation on the Management server. |
PRJ-1375, |
Security Management |
In some scenarios, High Availability synchronization between Management Servers fails and HA menu is disabled. |
PRJ-3689, |
Security Management |
New policy creation may fail when there are no installation targets defined in this policy. |
PRJ-1903, |
Security Management |
After opening and searching in pickers for a few times, the "error retrieving results" message appears when opening a picker. |
PRJ-2488, |
Security Management |
In some scenarios, a validation incident about Invalid Email Address is presented in SmartConsole after upgrade from R77. |
PRJ-2441, |
Security Management |
In some scenarios, QoS policy installation fails when installing the blade without installing Access or Threat blades of the same policy first. |
PRJ-2788, |
Multi-Domain Management |
In some scenarios, Multi-Domain Server upgrade from R80 fails due to an internal error related to deprecated application objects. Refer to sk157752. |
PRJ-5639 |
CPInfo |
In some scenarios, the CPInfo tool does not show/collect the correct information after Jumbo Hotfix installation. Refer to sk162775. |
PRJ-4415, |
Compliance |
In some scenarios, some of the Best Practices show "N\A" status in the Compliance blade dashboard. |
PRJ-1273, |
Logging |
In a rare scenario, when an environment has many gateways (dozens), FWM on the log server may crash when reaching to 4 GB memory. |
PRJ-4965 |
Logging |
In a rare scenario, a specific log fails to be written and an alert informing on this is displayed in SmartConsole. |
PRJ-2678, |
Logging |
In a rare scenario, the accounting of bytes in a report is not accurate. |
PRJ-871, |
Logging |
In a rare scenario, SmartConsole does not show indexed logs because the LOG_INDEXER process stopped working. Refer to sk152934. |
PRJ-1158, |
Logging |
In SmartView, if a view contains 2 map widgets, one displaying source countries and the other displaying destination countries, drilling down on one of them may display incorrect data. |
PRHF-4975, |
Logging |
In some scenarios, when exporting logs with "Visible columns" option selected from SmartView, some columns return empty record. Refer to sk161712. |
PRJ-2645, |
Logging |
Running views and reports with a filter fails if the filter contains a "NOT" operator combined with parentheses. |
PRJ-3529, |
Multi-Domain Management |
In some scenarios, Administrator does not see that a revision was created in its Domain (on Domain level) after a Global policy was assigned to it. |
PRJ-3048, |
Multi-Domain Management |
If user deletes a CLM from a Domain (it's forbidden, the validation was added), the CLM remains as partially deleted and user cannot create a new one. |
PRJ-3527, |
Multi-Domain Management |
Objects on Domain level that should be shown on the Multi-Domain Server level, sometimes are not shown correctly. |
PRJ-2385, |
Multi-Domain Management |
In a rare scenario, CPM server fails to start after successful Domain deletion. |
PMTR-38211, |
Multi-Domain Management |
In some scenarios, logs are not saved under $MDS_FWDIR/log/failed_tasks directory. |
PRJ-799, |
Multi-Domain Management |
In some scenarios, the "Unable to connect to server. Please make sure the server is up and running." error appears when trying to log into single Domain from SmartConsole. Refer to sk153293. |
PRJ-1567, |
Multi-Domain Management |
Deletion of Domain failed with "Could not send message" error when having large amount of gateways in the Domain. The Domain remain without Domain Servers. |
PRJ-1303, |
Multi-Domain Management |
When running the 'add-domain' Web API command on an existing Domain, the original Domain may be deleted. |
PRJ-1444, |
Multi-Domain Management |
In some scenarios, gateways are missing in the 'Gateways and Servers' view in SmartConsole on the MDS level. |
PRJ-2245, |
Multi-Domain Management |
The mds_backup command will generate an output file of format .tar instead of .tgz to improve the duration time of backup (mds_backup) and restore (mds_restore) of Multi-Domain Server. Refer to sk163300. |
PRJ-1532 |
Multi-Domain Management |
In a specific scenario, Global policy rules may change order after Multi-Domain Server upgrade. Refer to sk155432. |
PRJ-374, |
Multi-Domain Management |
In a rare scenario, FWM process unexpectedly exits on the Domain level during login. |
PRJ-1970, |
SmartConsole |
In setups with a large quantity of network object, users may experience slowness when editing the HTTPS Inspection policy.
|
PRJ-3870, |
SmartConsole |
In a rare scenario, when user clicks on Mail Transfer Agent (MTA) options in the Security gateway settings or on 'Next hop' column inside MTA settings, SmartConsole shows "Not Responding" and freezes. Refer to sk161232.
|
PRJ-619, |
SmartConsole |
In some scenarios, upgrade fails with "com.checkpoint.management.classes.dle.triggers.internal.VersionInfo.VersionInfo" exception in cpm.elg file. |
PRJ-1879, |
SmartConsole |
In some scenarios, SmartConsole unexpectedly exits while adding or removing many objects via Web API. |
PRJ-1210, |
SmartConsole |
Pre-shared keys are missing after upgrade. |
PRJ-832, |
SmartConsole |
Redundant layers appear in the output of the 'show-package' command when Global policy holding more than one layer, is assigned to Domain. |
PRJ-1144, |
SmartConsole |
Management API command "put file" can be used for command execution with certain permissions. |
PRJ-1434, |
SmartConsole |
In some scenarios, SmartConsole terminates when installing policy on many targets at once. |
PRHF-2194, |
SmartConsole |
In some scenarios, Client certificate is removed when deleting Domain that is included in certificate's permissions. |
PRJ-2142, |
SmartConsole |
Added the protectionExternalInfo property in the overrides object that displays the CVEs in the output of 'show threat-profile' command. |
PRJ-2419, |
SmartProvisioning |
In VPN Community managed by SmartProvisioining:
|
PROV-2068, |
SmartProvisioning |
In some scenarios in SmartProvisioning:
|
MCFG-199, |
SmartProvisioning |
SmartUpdate generates audit log even when no action was taken. |
PRHF-3392, |
SmartProvisioning |
In VPN star community managed by SmartProvisioning, VPN tunnels may not be established after installing policy to CO gateway (center). Refer to sk152612. |
PRJ-4311, |
Security Gateway |
In some scenarios, a remote client disconnects after one hour although the session is not idle. Refer to sk160213. |
PRJ-3589, |
Security Gateway |
Disabling connections timestamp does not work on active streaming connections. Refer to sk62700. |
PRJ-4416, |
Security Gateway |
In a rare scenario, Security gateway crashes during QoS policy installation. |
PRJ-4804, |
Security Gateway |
Enabled avoiding source port allocation for specific predefined connections. |
PRJ-4147, |
Security Gateway |
In a rare scenario, Security gateway may crash due to NULL pointer reference.
|
PRJ-4615, |
Security Gateway |
In some scenarios, VoIP traffic is dropped with "allocate_port_impl: could not find a free port;" error in dmesg. |
PRJ-4758 |
URL Filtering |
Improved scalability and resiliency of URL Filtering service.
|
PRJ-4845, |
SSL Inspection |
In a rare scenario, when SSL Inspection is enabled and there is big latency, Microsoft websites (for example Azure) may not respond. Refer to sk150175. |
PRJ-1161 |
IPS |
CMA migration may take a long time when there are many IPS protections local overrides. |
PRJ-5173, |
IPS |
In some scenarios, categorization of HTTPS sites over IPv6 does not work as expected. |
PRJ-1666 |
Threat Emulation |
Management Server upgrade may fail in these scenarios:
Refer to sk150793. |
PRJ-3370, |
Threat Prevention |
Deleting a Threat Prevention profile may fail if the IPS profile has many overrides. Refer to sk136552. |
PRJ-4148, |
Threat Prevention |
Upgrade fails due to invalid Threat Emulation settings connected to gateways that no longer exist or to cluster members.
|
PRJ-5077, |
Threat Prevention |
In a rare scenario, R80.30 Security gateway managed by R80.30 Management crashes when running a Threat Prevention Software Blade with the Forensics feature enabled. Refer to sk161812.
|
PRJ-1919, |
Identity Awareness |
Security hardening for Identity Awareness Agent (IDA) enforcement according to XFF IP. |
PRJ-3478, |
Identity Awareness |
Performance improvement of Identity Awareness kernel tables for Cluster and multi-fw1 instances gateways. |
PRJ-3478, |
Identity Awareness |
In a rare scenario, identities are missing from all connected Identity Gateways (PEPs). |
IDA-1987, |
Identity Awareness |
In a rare scenario, sessions longer than 24 hours disappear from the Identity Gateway (PEP) but exist on the Identity server (PDP) |
IDA-1981 |
Identity Awareness |
Users are not propagated from the PDP to the PEP on a specific network due to a rare race condition between register and unregister requests triggered by different instances or cluster members. |
PRJ-1926 |
Identity Awareness |
The output of pep show pdp all command on the Identity Gateway (PEP) contains "inx invalid type (0)" instead of an Identity server (PDP) IP address. |
PMTR-32539, |
Identity Awareness |
Users are not authenticated when an identity source provides the login name in an 'User Principal Name' format "user@domain". Refer to sk147417. |
PRJ-3137, |
ClusterXL |
Added support for Cluster Load Sharing without IPSec VPN. To enable the support, refer to sk162637. |
PRJ-1657, |
ClusterXL |
In some scenarios, unable to connect to the Standby Cluster member from a non-local subnet via SSH or WebUI. Refer to sk147493. |
PRJ-2147, |
ClusterXL |
In a rare scenario, the fw_workers process consumes high CPU on the Standby member of a ClusterXL. Refer to sk156333. |
PRJ-3295, |
CoreXL |
In a rare scenario, Custom affinity configuration is overwritten when HT is enabled. Refer to sk158112. |
PRJ-998, |
CoreXL |
In some scenarios, VPN connection's records remain in the Global connections table even after the connection expires. Refer to sk155332. |
PRJ-2397 |
CoreXL |
"fwmutlik_do_sequence_accounting_on_entry: bad dir" errors are mistakenly printed in dmesg output. Refer to sk158312. |
PRJ-1299 |
SecureXL |
In a rare scenario, multicast routing lookup may lead to SIM crash. |
PRJ-631, |
SecureXL |
In some scenarios, latency is observed on the Security gateway. Refer to sk162914. |
PRJ-1177, |
SecureXL |
Added sim module parameter "sim_anti_spoofing_enabled" to allow disable of anti-spoofing in Performance Pack without installing new Firewall policy. |
PRJ-1642, |
SecureXL |
In some scenarios, SecureXL drops the TCP traffic for the particular connection for invalid state reasons. Refer to sk147093. |
PRJ-4622, |
SecureXL |
In some scenarios, sending IP fragmented traffic through a Virtual Switch or Virtual Router fails with "Virtual defragmentation error". |
PRJ-4735, |
SecureXL |
In some scenarios, Policy Based Routing (PBR) does not work properly when acceleration is enabled. |
PRJ-2119, |
SecureXL |
In a rare scenario, Host destination entries are memory leaking when neighbor entry is incomplete state. Refer to sk157252. |
PRJ-1218, |
SecureXL |
In some scenarios, multicast traffic is not forwarded across bridge interfaces. |
PRJ-1252, |
SecureXL |
On cluster, Drop templates are disabled on reboot. Refer to sk153412. |
PRJ-3658, |
SecureXL |
In a rare scenario, a VSX gateway may crash. Refer to sk160912. |
PRJ-806, |
SecureXL |
In a rare scenario, a Policy Based Routing (PBR) does not work although configured. |
PRJ-2323, |
Gaia OS |
The restore backup operation fails if the machine was installed via ISO during the backup, and via CPUSE during the restore. |
PRJ-1477, |
Gaia OS |
Backup task may fail if SmartConsole is open during backup. |
PRJ-3136, |
Gaia OS |
In some scenarios, the IGB driver interfaces are occasionally down after reboot of a Management machine. Refer to sk135532. |
PRJ-3365, |
Gaia OS |
'|' and '-' characters cannot be used in the message banner. |
PRJ-3113, |
Gaia OS |
Added support for LOM (iDRAC) interfaces. |
PRJ-1677 |
Gaia OS |
Clish command "show system init-services" and Expert command "service --status-all" run "mdsstart" on the server. |
GAIA-4695, |
Gaia OS |
When running "service vmtoolsd restart" command on Gaia installation with VMware, the "Installing memory driver: FATAL: Module vmmemctl not found. [FAILED]" error is displayed although the vmw_balloon.ko driver is loaded. |
PRJ-1771, |
Routing |
The default OSPF instance binding is missing. |
ROUT-484, |
Routing |
In some scenarios, legitimate subnets of 0.0.0.0 (for example 0.0.0.0/1) cannot be configured for certain routing features, like static routes, PBR, routemaps, etc. |
PRJ-4279, |
VSX |
In a rare scenario, machine crashes when using VSX with Virtual Switch (VSW). |
PRJ-4921, |
VSX |
In some scenarios, the fwk process may crash when VSX gateway is upgraded to R80.30. |
PRJ-4956, |
VSX |
In some scenarios, traffic does not pass in VSX setup with VS-VSW-VS topology and some Threat Prevention blades enabled on VSs. |
PRJ-1420, |
VPN |
Improved the VPN connectivity for VSX and User-Space Firewall gateways. |
PRJ-4740, |
VPN |
In some scenarios, VPN Encryption Domain Routes are not added to kernel via RIM in VSX environment. Refer to sk154692. |
PRJ-1385, |
VPN |
In some scenarios with acceleration enabled, traffic through VR for a VPN setup does not pass. |
PRJ-2348, |
VPN |
Remote Access client randomly disconnect / unable to connect when DHCP multi-homed server is configured. |
PMTR-38041, |
VPN |
In some scenarios, the Phase-2 negotiation fails with "Reason: Wrong value for: Encapsulation Mode" after upgrade. Refer to sk157092. |