Take 76 - Ongoing

List of Resolved Issues and New Features

Note - This Take contains all fixes from all earlier Takes.

ID	Product	Description
Take 76 Released on 11 October 2019
-	General	Added GUI support for Check Point 26000 and 16000 appliances. Refer to sk162832.
-	General	Added support for Check Point 26000T and 16000 model appliances and CloudGuard IaaS products AWS, Azure, GCP.
PRJ-2726, PMTR-38948	Upgrade	Added a pre-upgrade verification that Global network objects with NAT configuration are not supported.
PRJ-718, PMTR-36761	Security Management	Enhancement: added feature for tracking random CPM process crashes on Security Management server. Refer to sk150913.
PRJ-3604, PMTR-39644	Security Management	Added ability to automatically determine the API process memory allocation to avoid "Out of memory" errors. Refer to sk119553.
PRJ-4241, PMTR-38720	Security Management	When many users are connected to and actively working in the same domain in SmartConsole, they may experience: Slowness in SmartConsole responses Long duration of operations High load on the Management Server
PRJ-4729, PMTR-41157	Security Management	After deleting a network object that is part of a network group, the audit log of the group modification does not show who is the removed member. Refer to sk164057.
PRHF-3242, PRJ-659	Security Management	In a rare scenario, the policy verifier ignores rules with object named "Internet" used with negate operator.
PRJ-4306, PMTR-40468	Security Management	Added a mechanism to prevent the Management Server from starting if an import process was interrupted.
PRJ-2339, PRHF-4046	Security Management	In some scenarios, user cannot discard or publish a work session, receiving the general message "Internal error".
PRJ-1762, PMTR-37924	Security Management	Due to a failed full sync, FWM was restarted unexpectedly and obsolete domain sessions were used in the global policy assignment.
PMTR-23492, PRJ-2847	Security Management	Added support for Internal CA certificate replacement.
PRJ-3874, PRHF-3463	Security Management	In some scenarios, size of the shadow_object.C file increases after each policy installation, eventually causing a failure in installing a policy.
PRJ-2341, PMTR-38095	Security Management	In a rare scenario, the Security Management server does not start due to a missing object, or a duplication of objects.
PRJ-1493, PMTR-38249	Security Management	In some scenarios, traffic is dropped with "network_classifier_get_dynobjs_for_ip: failed to get UUIDs for IP 0.0.0.0" and "kfunc_ip_ranges_to_dynobj: network_classifier_get_dynobjs_for_ip failed" errors in dmesg when dynamic object is used in access policy.
PRJ-1380, PRHF-3514	Security Management	In some scenarios, upgrade from R7x fails with core file of cpdb process due to an empty field in 'autoupdate_and_install_settings' object.
PRJ-1974, CPM-2300	Security Management	In some rare scenarios CPM server does not start after a failure in delete domain.
PRJ-1518, CPM-2264	Security Management	Performance and stability improvements in large High Availability setups.
PRJ-3879, PMTR-39361, PMTR-40489	Security Management	Cannot export a .pdf file from the License inventory view after Jumbo HotFix installation on the Management server.
PRJ-1375, CPM-2242	Security Management	In some scenarios, High Availability synchronization between Management Servers fails and HA menu is disabled.
PRJ-3689, PMTR-36555	Security Management	New policy creation may fail when there are no installation targets defined in this policy.
PRJ-1903, PRJ-1899	Security Management	After opening and searching in pickers for a few times, the "error retrieving results" message appears when opening a picker.
PRJ-2488, PMTR-38103	Security Management	In some scenarios, a validation incident about Invalid Email Address is presented in SmartConsole after upgrade from R77.
PRJ-2441, PMTR-38293	Security Management	In some scenarios, QoS policy installation fails when installing the Blade without installing Access or Threat Blades of the same policy first.
PRJ-2788, PMTR-37630	Multi-Domain Management	In some scenarios, Multi-Domain Server upgrade from R80 fails due to an internal error related to deprecated application objects. Refer to sk157752.
PRJ-5639	CPInfo	In some scenarios, the CPInfo tool does not show/collect the correct information after Jumbo Hotfix installation. Refer to sk162775.
PRJ-4415, PRHF-5177	Compliance	In some scenarios, some of the Best Practices show "N\A" status in the Compliance Blade dashboard.
PRJ-1273, SL-1052	Logging	In a rare scenario, when an environment has many gateways (dozens), FWM on the log server may crash when reaching to 4 GB memory.
PRJ-4965 SL-2456	Logging	In a rare scenario, a specific log fails to be written and an alert informing on this is displayed in SmartConsole.
PRJ-2678, PRHF-3831	Logging	In a rare scenario, the accounting of bytes in a report is not accurate.
PRJ-871, PRHF-2806	Logging	In a rare scenario, SmartConsole does not show indexed logs because the LOG_INDEXER process stopped working. Refer to sk152934.
PRJ-1158, PRHF-3561	Logging	In SmartView, if a view contains 2 map widgets, one displaying source countries and the other displaying destination countries, drilling down on one of them may display incorrect data.
PRHF-4975, PRJ-4062	Logging	In some scenarios, when exporting logs with "Visible columns" option selected from SmartView, some columns return empty record. Refer to sk161712.
PRJ-2645, SL-2509	Logging	Running views and reports with a filter fails if the filter contains a "NOT" operator combined with parentheses.
PRJ-3529, PMTR-34580	Multi-Domain Management	In some scenarios, Administrator does not see that a revision was created in its Domain (on Domain level) after a Global policy was assigned to it.
PRJ-3048, PMTR-39455	Multi-Domain Management	If user deletes a CLM from a Domain (it's forbidden, the validation was added), the CLM remains as partially deleted and user cannot create a new one.
PRJ-3527, PMTR-40003	Multi-Domain Management	Objects on Domain level that should be shown on the Multi-Domain Server level, sometimes are not shown correctly.
PRJ-2385, PMTR-38670	Multi-Domain Management	In a rare scenario, CPM server fails to start after successful Domain deletion.
PMTR-38211, PRJ-2172	Multi-Domain Management	In some scenarios, logs are not saved under $MDS_FWDIR/log/failed_tasks directory.
PRJ-799, PMTR-36765	Multi-Domain Management	In some scenarios, the "Unable to connect to server. Please make sure the server is up and running." error appears when trying to log into single Domain from SmartConsole. Refer to sk153293.
PRJ-1567, SMCUPG-719	Multi-Domain Management	Deletion of Domain failed with "Could not send message" error when having large amount of gateways in the Domain. The Domain remain without Domain Servers.
PRJ-1303, PRJ-1305	Multi-Domain Management	When running the 'add-domain' Web API command on an existing Domain, the original Domain may be deleted.
PRJ-1444, PRHF-3783	Multi-Domain Management	In some scenarios, gateways are missing in the 'Gateways and Servers' view in SmartConsole on the MDS level.
PRJ-2245, PMTR-36614	Multi-Domain Management	The mds_backup command will generate an output file of format .tar instead of .tgz to improve the duration time of backup (mds_backup) and restore (mds_restore) of Multi-Domain Server. Refer to sk163300.
PRJ-1532	Multi-Domain Management	In a specific scenario, Global policy rules may change order after Multi-Domain Server upgrade. Refer to sk155432.
PRJ-374, PRHF-3285	Multi-Domain Management	In a rare scenario, FWM process unexpectedly exits on the Domain level during login.
PRJ-1970, PRJ-4545, PRHF-3268	SmartConsole	In setups with a large quantity of network object, users may experience slowness when editing the HTTPS Inspection policy. Refer to sk147134. To fully resolve the issue, R80.30 SmartConsole Build 20 (or higher) should be installed.
PRJ-3870, PRHF-4655	SmartConsole	In a rare scenario, when user clicks on Mail Transfer Agent (MTA) options in the Security gateway settings or on 'Next hop' column inside MTA settings, SmartConsole shows "Not Responding" and freezes. Refer to sk161232. To fully resolve the issue, R80.30 SmartConsole Build 20 (or higher) should be installed.
PRJ-619, PRHF-3415	SmartConsole	In some scenarios, upgrade fails with "com.checkpoint.management.classes.dle.triggers.internal.VersionInfo.VersionInfo" exception in cpm.elg file.
PRJ-1879, PRJ-1864	SmartConsole	In some scenarios, SmartConsole unexpectedly exits while adding or removing many objects via Web API.
PRJ-1210, PRHF-3465	SmartConsole	Pre-shared keys are missing after upgrade.
PRJ-832, PMTR-36527	SmartConsole	Redundant layers appear in the output of the 'show-package' command when Global policy holding more than one layer, is assigned to Domain.
PRJ-1144, API-549	SmartConsole	Management API command "put file" can be used for command execution with certain permissions.
PRJ-1434, PMTR-31155	SmartConsole	In some scenarios, SmartConsole terminates when installing policy on many targets at once.
PRHF-2194, PRJ-4434	SmartConsole	In some scenarios, Client certificate is removed when deleting Domain that is included in certificate's permissions.
PRJ-2142, PMTR-38301	SmartConsole	Added the protectionExternalInfo property in the overrides object that displays the CVEs in the output of 'show threat-profile' command.
PRJ-2419, PRJ-1407, PMTR-38710	SmartProvisioning	In VPN Community managed by SmartProvisioining: When adding SMB gateway to the VPN community, VPN tunnel may not been established. When changing security profile in VPN community, the VPN settings are not changed. Policy installation fails for cluster member of CO Gateway.
PROV-2068, PRJ-4672	SmartProvisioning	In some scenarios in SmartProvisioning: When executing Run Script on SmartProvisioning profile, the application disconnects from the server and is closed. When executing Push Settings and Actions the "The action was not performed due to maintenance mode" error appears.
MCFG-199, PRJ-2384	SmartProvisioning	SmartUpdate generates audit log even when no action was taken.
PRHF-3392, PRJ-869	SmartProvisioning	In VPN star community managed by SmartProvisioning, VPN tunnels may not be established after installing policy to CO gateway (center). Refer to sk152612.
PRJ-4311, PRJ-4314, GAIA-6260, STRM-149	Security Gateway	In some scenarios, a remote client disconnects after one hour although the session is not idle. Refer to sk160213.
PRJ-3589, STRM-109, PRJ-3564	Security Gateway	Disabling connections timestamp does not work on active streaming connections. Refer to sk62700.
PRJ-4416, QOS-22, PRJ-698	Security Gateway	In a rare scenario, Security gateway crashes during QoS policy installation.
PRJ-4804, PMTR-41392	Security Gateway	Enabled avoiding source port allocation for specific predefined connections.
PRJ-4147, UP-293	Security Gateway	In a rare scenario, Security gateway may crash due to NULL pointer reference. Fix is relevant for Gaia 3.10 only.
PRJ-4615, PMTR-40937, PRJ-4554	Security Gateway	In some scenarios, VoIP traffic is dropped with "allocate_port_impl: could not find a free port;" error in dmesg.
PRJ-4758	URL Filtering	Improved scalability and resiliency of URL Filtering service. Fix is relevant for Gaia 3.10 only.
PRJ-4845, PRJ-4844, PMTR-4178	SSL Inspection	In a rare scenario, when SSL Inspection is enabled and there is big latency, Microsoft websites (for example Azure) may not respond. Refer to sk150175.
PRJ-1161	IPS	CMA migration may take a long time when there are many IPS protections local overrides.
PRJ-5173, PRJ-2168, PRJ-2108	IPS	In some scenarios, categorization of HTTPS sites over IPv6 does not work as expected.
PRJ-1666	Threat Emulation	Management Server upgrade may fail in these scenarios: There are Threat Emulation settings, which remained from Security Gateway objects that were already removed. There are Threat Emulation settings, which are configured in the cluster member objects and not in the cluster object. Refer to sk150793.
PRJ-3370, PMTR-13884	Threat Prevention	Deleting a Threat Prevention profile may fail if the IPS profile has many overrides. Refer to sk136552.
PRJ-4148, PMTR-40174	Threat Prevention	Upgrade fails due to invalid Threat Emulation settings connected to gateways that no longer exist or to cluster members. Fix will affect only Advanced upgrade
PRJ-5077, PMTR-41915	Threat Prevention	In a rare scenario, R80.30 Security gateway managed by R80.30 Management crashes when running a Threat Prevention Software Blade with the Forensics feature enabled. Refer to sk161812. Fix is relevant for Gaia 3.10 only.
PRJ-1919, PRJ-2416, PRJ-2417, PRJ-3510	Identity Awareness	Security hardening for Identity Awareness Agent (IDA) enforcement according to XFF IP.
PRJ-3478, PRJ-1952	Identity Awareness	Performance improvement of Identity Awareness kernel tables for Cluster and multi-fw1 instances gateways.
PRJ-3478, IDA-1966	Identity Awareness	In a rare scenario, identities are missing from all connected Identity Gateways (PEPs).
IDA-1987, PRJ-1956	Identity Awareness	In a rare scenario, sessions longer than 24 hours disappear from the Identity Gateway (PEP) but exist on the Identity server (PDP)
IDA-1981	Identity Awareness	Users are not propagated from the PDP to the PEP on a specific network due to a rare race condition between register and unregister requests triggered by different instances or cluster members.
PRJ-1926	Identity Awareness	The output of pep show pdp all command on the Identity Gateway (PEP) contains "inx invalid type (0)" instead of an Identity server (PDP) IP address. Refer to Scenario #3 in sk156953.
PMTR-32539, PRHF-3443	Identity Awareness	Users are not authenticated when an identity source provides the login name in an 'User Principal Name' format "user@domain". Refer to sk147417.
PRJ-3137, PRJ-5259, PMTR-38645	ClusterXL	Added support for Cluster Load Sharing without IPSec VPN. To enable the support, refer to sk162637.
PRJ-1657, PRJ-5035, PMTR-30582	ClusterXL	In some scenarios, unable to connect to the Standby Cluster member from a non-local subnet via SSH or WebUI. Refer to sk147493.
PRJ-2147, PRJ-3439, PRHF-4105	ClusterXL	In a rare scenario, the fw_workers process consumes high CPU on the Standby member of a ClusterXL. Refer to sk156333.
PRJ-3295, PRHF-4301	CoreXL	In a rare scenario, Custom affinity configuration is overwritten when HT is enabled. Refer to sk158112.
PRJ-998, PMTR-35350	CoreXL	In some scenarios, VPN connection's records remain in the Global connections table even after the connection expires. Refer to sk155332.
PRJ-2397	CoreXL	"fwmutlik_do_sequence_accounting_on_entry: bad dir" errors are mistakenly printed in dmesg output. Refer to sk158312.
PRJ-1299	SecureXL	In a rare scenario, multicast routing lookup may lead to SIM crash.
PRJ-631, PRHF-5533	SecureXL	In some scenarios, latency is observed on the Security gateway. Refer to sk162914.
PRJ-1177, PRJ-1176	SecureXL	Added sim module parameter "sim_anti_spoofing_enabled" to allow disable of anti-spoofing in Performance Pack without installing new Firewall policy.
PRJ-1642, PRJ-3660, PRHF-4350	SecureXL	In some scenarios, SecureXL drops the TCP traffic for the particular connection for invalid state reasons. Refer to sk147093.
PRJ-4622, PMTR-40703, PRJ-4621	SecureXL	In some scenarios, sending IP fragmented traffic through a Virtual Switch or Virtual Router fails with "Virtual defragmentation error".
PRJ-4735, PRHF-3487, PRJ-1223, PRJ-1841	SecureXL	In some scenarios, Policy Based Routing (PBR) does not work properly when acceleration is enabled.
PRJ-2119, PRJ-1848	SecureXL	In a rare scenario, Host destination entries are memory leaking when neighbor entry is incomplete state. Refer to sk157252.
PRJ-1218, PMTR-37165	SecureXL	In some scenarios, multicast traffic is not forwarded across bridge interfaces.
PRJ-1252, PRHF-3608	SecureXL	On cluster, Drop templates are disabled on reboot. Refer to sk153412.
PRJ-3658, PMTR-39660, PRJ-3596	SecureXL	In a rare scenario, a VSX gateway may crash. Refer to sk160912.
PRJ-806, PRHF-3498	SecureXL	In a rare scenario, a Policy Based Routing (PBR) does not work although configured.
PRJ-2323, PRJ-5078, PMTR-38429	Gaia OS	The restore backup operation fails if the machine was installed via ISO during the backup, and via CPUSE during the restore.
PRJ-1477, PRJ-5115, PMTR-37425	Gaia OS	Backup task may fail if SmartConsole is open during backup.
PRJ-3136, GAIA-2861	Gaia OS	In some scenarios, the IGB driver interfaces are occasionally down after reboot of a Management machine. Refer to sk135532.
PRJ-3365, PRJ-3361, PRJ-3364	Gaia OS	'\|' and '-' characters cannot be used in the message banner.
PRJ-3113, PMTR-39534	Gaia OS	Added support for LOM (iDRAC) interfaces.
PRJ-1677	Gaia OS	Clish command "show system init-services" and Expert command "service --status-all" run "mdsstart" on the server.
GAIA-4695, PRJ-615, PRJ-4527	Gaia OS	When running "service vmtoolsd restart" command on Gaia installation with VMware, the "Installing memory driver: FATAL: Module vmmemctl not found. [FAILED]" error is displayed although the vmw_balloon.ko driver is loaded. Note: this issue is only cosmetic.
PRJ-1771, GAIA-4793	Routing	The default OSPF instance binding is missing.
ROUT-484, PRJ-4849, PRJ-4850	Routing	In some scenarios, legitimate subnets of 0.0.0.0 (for example 0.0.0.0/1) cannot be configured for certain routing features, like static routes, PBR, routemaps, etc.
PRJ-4279, PRJ-4266, PRHF-5105	VSX	In a rare scenario, machine crashes when using VSX with Virtual Switch (VSW).
PRJ-4921, PMTR-32931	VSX	In some scenarios, the fwk process may crash when VSX gateway is upgraded to R80.30.
PRJ-4956, GAIA-6397, PRJ-4950	VSX	In some scenarios, traffic does not pass in VSX setup with VS-VSW-VS topology and some Threat Prevention Blades enabled on VSs.
PRJ-1420, PRJ-4740, GAIA-5136	VPN	Improved the VPN connectivity for VSX and User-Space Firewall gateways.
PRJ-4740, PRJ-1420	VPN	In some scenarios, VPN Encryption Domain Routes are not added to kernel via RIM in VSX environment. Refer to sk154692.
PRJ-1385, GAIA-5338	VPN	In some scenarios with acceleration enabled, traffic through VR for a VPN setup does not pass.
PRJ-2348, PMTR-38631	VPN	Remote Access client randomly disconnect / unable to connect when DHCP multi-homed server is configured.
PMTR-38041, PRJ-4153, PRJ-4488	VPN	In some scenarios, the Phase-2 negotiation fails with "Reason: Wrong value for: Encapsulation Mode" after upgrade. Refer to sk157092.