Important Notes for R80.40 Jumbo Hotfix Accumulator

Issue Affected Takes Resolved in

SK

Reference

Starting from Take 205, it is possible to import the Database only with upgrade_tool Build #994000456 and higher.

Starting from Take 205

If you already use Mobile Access with SAML, you must add a new prefix to all SAML groups in SmartConsole.

Starting from Take 114

sk173223

If you use a cluster with enabled Identity Awareness, follow the procedure described in the SK after the first installation of Jumbo Hotfix to avoid unexpected behavior with Identity Awareness.

Starting from Take 90

sk170516

Any manual change of $FWDIR/conf/rad_conf.C file may be overridden by the next Jumbo Hotfix installation.

Starting from Take 83

sk163793

Cluster VIP IPv6 address configuration is not applied on cluster members, causing IPv6 traffic outage.

Take 196

Take 197

sk180902

PRJ-46037

When uninstalling a Jumbo Hotfix, some of the REST APIs may not work. The "gaia_api status" command returns an error and requests may fail. 

Take 180,

Take 190,

Take 192

Take 196

PRJ-44161,

PRJ-43959

In VSX, upon adding instances to a Virtual System (VS), their state may be inactive.

Take 180,

Take 190,

Take 192

Take 196

PRJ-44012

The SNMPD process may consume a high CPU level in a VSX environment and there may be slowness when using the "fw vsx stat" command.

Take 180,

Take 190,

Take 192

Take 196

sk180324

PRJ-43354

In some scenarios, Mail Transfer Agent (MTA) does not scan files with an unsupported extension if they were renamed to ".exe".

Take 190

Take 192

PRJ-43369

After an upgrade, the RADIUS Server is unavailable and authentication fails. To restore the configuration, update one of the RADIUS Server attributes or add a new Server.

Take 180,

Take 190

Take 192

PRJ-43270

The "CPLogGetMyIp: fwobj_get_myown failed" error may be displayed when running the "cpstart" command. Note that it can be safely ignored.

Take 172,

Take 173

Take 180

PRJ-41096,

PMTR-81750

In a specific HTTP connection scenario, the Security Gateway may become unresponsive. And the /var/log/messages file contains these messages during the time of the issue: "FW-1: fw_kfree: wrong magic number at tail end of XXX (XXX) caller is 'cmik_loader_fw_pm_match_cb' sz=80. FW-1 panic: cmik_loader_fw_pm_match_cb: fw_kfree: wrong magic number at tail (kiss_memory.c:XXX)".

Take 161,

Take 172,

Take 173

Take 180

PRJ-41444,

PRHF-25374

Remote Access Office Mode IP allocation may fail when using DHCP.

Take 150,

Take 153,

Take 154,

Take 156,

Take 158

Take 161

sk178767

PRJ-38811,

PRJ-38729

SIP flow may fail under high load when SIP Multi-core feature is enabled.

Take 150,

Take 153,

Take 154

Take 156

PRJ-37841,

PRHF-22617

Hardened the ability to use narrowed IKEv2 tunnels.

Take 119,

Take 120,

Take 121,

Take 125,

Take 126,

Take 131,

Take 138,

Take 139

Take 150

sk166417

PRJ-31289,

PRHF-19707

Many "dst_release: dst:ffff88052d4c68c0 refcnt:-480" messages may appear in dmesg and possibly impact system performance. This issue is limited to CPAS Connections, as SSL Inspection / Proxy / TE or TEX are activated / Anti-Virus deep scan is enabled.

Take 100,

Take 102,

Take 114

Take 118

PRJ-25688,

PRJ-25524

CloudGuard Controller is not supported on Active/Active Cluster (Geo Cluster) in Amazon Web Services (AWS).

Starting from Take 91

Take 161

sk175904

PRJ-37052,

PRHF-20096

User may fail to run any dynamic routing or install any static routes, including the default route.

Take 114

Take 118

PRJ-25944,

CLUS-1804