List of All Resolved Issues and New Features

 

Review the Important Notes section before installing a new Jumbo Hotfix Accumulator Take

ID

Product

Description

Take 190

Released on 13 November 2022

PRJ-38346,
PMTR-81030

Diagnostics

The CPVIEWD process may cause CPU spikes.

PRJ-38114,
PRHF-23142

Security Management

UPDATE: Install Policy Presets will now run also in multi-site environments, even if the local domain does not have a Server on the Multi-Domain Server with the Active Global Domain, where the operation is triggered from.

PRJ-22559,
PMTR-63494

Security Management

UPDATE: Improved the "Assign Global Policy" action time by approximately 50%.

PRJ-33894,
PRHF-20973

Security Management

Global Domain Assignment may fail if a rule in the global policy was recently enabled or disabled.

PRJ-40056,
PRHF-24082

Security Management

An Application Control and URL Filtering update may still occur even if the latest version is already installed.

PRJ-40168,
PRHF-24144

Security Management

A Multi-Domain Management Server upgrade may fail if upgrading one of the domains takes longer than four hours.

PRJ-39221,
PRHF-23186

Security Management

An Application Control and URL Filtering Database update may fail. The CPM log file states: "Update APPI Update Task Notification. progress: 100, status: FAILED, statusText: Failed to assign domain".

PRJ-40719,
PRHF-24546

Security Management

Access Control policy installation may fail with the "Internal error" message when the encryption domain contains a Data Center object.

PRJ-40808,
PRHF-24809

Security Management

SmartConsole may unexpectedly disconnect.

PRJ-40849,
PMTR-84394

Security Management

The LOG_EXPORTER process may cause high CPU because of frequent invocation of the "fw ver" command.

PRJ-40545,
PRHF-24405

Security Management

After an upgrade, when the local domain Virtual System (VS) is updated, its objects may not be updated. The mirror VS object and local domain VS object may have different versions and colors.

PRJ-39536,
PRHF-23867

Security Management

An Application Control and URL Filtering update may get stuck at 70 percent with the "Running post update actions" status. Refer to sk174587.

PRJ-41069,
PRHF-25026

Security Management

Global Policy reassignment fails with "An internal error has occurred". The issue occurs when a Global rule, Rule Base, or section was created, moved, and then deleted without running a reassignment in between.

PRJ-41974,
PRHF-25682

Security Management

The /var/log/dump/usermode/ directory on the Management Server may contain core dump files for the FWM process. Refer to sk180119.

PRJ-37830,
PRHF-21070

Security Management

"Automatic purge" fails on a Domain with active Global Domain Assignment and "automatic purge" configured on the Global Domain.

PRJ-41290,
PRHF-25101

Security Management

Access Policy installation may fail with the "Internal error occurred during the verification process" error.

PRJ-34152,
PRHF-21236

Security Management

Packet mode search in HTTPS Inspection policy may not work.

PRJ-34735,
PRHF-21233

Security Management

When running the "show access-rule" Management API command with the "show-as-ranges" parameter on rules with negated cells, the returned result may be missing the values of the negated cells.

PRJ-40732,
PRHF-24711

Security Management

In rare scenarios, Global Policy reassignment may fail with a "Failed to find object ID UUID of class com.checkpoint.objects.ips.ThreatIpsProtectionOverride" message.

PRJ-39716,
PRHF-24047

Security Management

It may not be possible to discard a work session with a newly created admin, a "Failed to discard revoke certificate" message is shown.

PRJ-37309,
PRHF-21848

Security Management

SmartEvent may unexpectedly close when clicking Global Exclusion options or creating a new event. This issue occurs after migrating a Domain from the Multi-Domain Management Server to the Security Management Server.

PRJ-41125,
PMTR-85721

SmartConsole

Centrally managed Quantum Spark Gateway version may be missing or incorrect after performing the "Get Gateway Data" action from SmartUpdate.

PRJ-41020,
PMTR-86000

CPView

NEW: Integrated Skyline, a solution that provides an OpenTelemetry CPView Agent service to monitor your Check Point Servers and export health metrics from the CPView tool to an external location. Refer to sk178566.

PRJ-38054,
PRHF-23074

Logging

UPDATE: When there is no full license for SmartEvent, which includes the Correlation Unit component, Analyzer Client in Legacy SmartEvent Console will now show a relevant message.

PRJ-40142,
PRHF-24306

Logging

Emails sent as an automatic reaction may show only the first IP address for "Source"/"Destination" fields out of all the detected IP addresses.

PRJ-40490,
PRHF-24541

Logging

In a rare scenario, when using SmartEvent Automatic Reaction (Mail), the source IP address can be shown as a number and not in the dotted decimal notation format.

PRJ-37704,
PRHF-22836

Logging

It may not be possible to filter the "Subscriber" field in SmartLog.

PRJ-38050,
PRHF-23090

Logging

Syslog messages with the "ErtFeed" type of attack are not indexed correctly in SmartLog.

PRJ-42090,
PMTR-78055

Logging

Export to CSV in SmartView may be stuck in the "running" status.

PRJ-35878,
PRHF-21739

Logging

Although the Security Gateway is configured to send Syslog messages to the Domain Log Server (CLM), they may stop coming to the Log Server after several initial logs.

PRJ-28110,
PRHF-18175

Logging

Logs may not be indexed on the Domain Log Server in a Multi-Domain Log Module (MLM) or on the Secondary Multi-Domain Management Server.

PRJ-37296,
PRHF-22631

Logging

When exporting logs with the fwm logexport script and there is an empty or corrupted log file, the script runs in a loop with the "Failed to read record at position 0" error printed.

PRJ-21481,
PMTR-63987

Logging

The LOG_INDEXER process on the SmartEvent Server may unexpectedly exit, generating a core dump file, if the Log Server used by the correlation unit is deleted.

PRJ-41095,
PRHF-7824

Logging

In rare scenarios, the LOG_INDEXER process may unexpectedly exit, and there is no access to the logs. Refer to sk172915.

PRJ-41101,
PRHF-25074

Logging

When an object name begins with a digit, SmartView Monitor displays a name consisting of the letter "v" and UID instead of the actual object name.

PRJ-41192,
PMTR-68271

Logging

It may not be possible to filter Anti-Virus logs for malicious CIFS traffic in SmartConsole. The issue is cosmetic only.

PRJ-32205,
PRHF-20107

Logging

The "show-logs" Management API command fails when iterating over many pages of queries, and the total fetched records number exceeds 219,900 records.

PRJ-41358,
PMTR-85027

Logging

Running the "cpstat ls -f logging" command on the Security Gateway may show the "disconnected" status after a reboot, although a new connection is established successfully.

PRJ-40096,
PMTR-84200

Security Gateway

UPDATE:

  • Added a new global parameter "fw_conn_double_error_allow_print " to enable/disable printing double connection error message to the log. When disabled, the Security Gateway will still drop a new connection if it is already recorded in the connection table, but there will be no error logs.

  • Added a new global parameter "fw_conn_double_error_count" to count how many times the error occurred.

PRJ-38142,
PRHF-22814

Security Gateway

UPDATE: Added support for RADIUS UPN authentication with MS-CHAPv2. To use it, enable the registry configuration in ckp_regedit -a SOFTWARE/Checkpoint/VPN1 RADIUS_MSCHAPV2_UPN -n 1.

PRJ-32779,
PMTR-72977

Security Gateway

UPDATE: The reset expired connections feature (fw_rst_expired_conn) is now supported on connections accelerated by SecureXL.

PRJ-34903

Security Gateway

A kernel crash may occur during system shutdown when PIM is enabled.

PRJ-39330,
PRHF-23528

Security Gateway

After an upgrade, Access Control policy installation may fail with an "Update process is already running" message.

PRJ-41622,
PMTR-78011

Security Gateway

When using Routing Separation and installing a Jumbo Hotfix Accumulator, MDPS configuration may be overridden. Refer to sk138672.

PRJ-35108,
PMTR-77852

Security Gateway

There may be connectivity failure when browsing to Office 365, and ICAP Client is active on the Security Gateway with enabled "Data Trickling".

PRJ-41414,
PRHF-24690

Security Gateway

The Security Gateway may send multiple "Failed to fetch Check Point resources. Timeout was reached" logs.

PRJ-40915,
PRHF-24590

Security Gateway

The Security Gateway may crash because of memory corruption, and the following error appears in the /var/log/message file: "[xxxx] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: <xxxx>".

PRJ-39578,
PMTR-71476

Security Gateway

In a rare scenario, when IPS or Application Control is enabled, the Security Gateway may crash.

PRJ-40457,
PMTR-84535

Security Gateway

In a rare scenario, the FWK process may unexpectedly exit because of a memory allocation issue on the Security Gateway.

PRJ-24590,
PRHF-14804

Security Gateway

It may not be possible to load specific sites. The Security Gateways drops the traffic from those web servers with "Reason: PSL Drop: MUX_PASSIVE"

PRJ-41028,
PRHF-24958

Security Gateway

Topology auto update may fail because of a too long interface name.

PRJ-41031,
PRHF-24959

Security Gateway

The Security Gateway may run out of memory when retrieving topology.

PRJ-38551,
PRHF-23113

Security Gateway

After an upgrade, Anti-Virus Blade may cause increased memory consumption.

PRJ-36865,
PRHF-22233

Security Gateway

After an upgrade, VSX cluster may have frequent failovers.

PRJ-40934,
PMTR-85828

Security Gateway

In a rare scenario, the Security Gateway may have a memory allocation issue.

PRJ-34887,
PMTR-77524

Threat Prevention

When the Security Gateway is in "Detect Only" mode, Threat Prevention Blade exceptions may not be accelerated.

PRJ-40346,
PRHF-24427

Threat Prevention

The Custom Intelligence Feeds feature may stop enforcing traffic after Threat Prevention policy installation.

PRJ-40444,
PMTR-84860

Threat Prevention

Deleting a Threat Emulation Gateway object in SmartConsole may fail. Refer to sk170577.

PRJ-40436,
PMTR-82127

Threat Prevention

A kernel memory leak may occur during deep file inspection.

PRJ-40972,
PRHF-24784

Threat Prevention

Threat Prevention policy installation may fail with a "Connection aborted by Peer" message.

PRJ-41275,
PMTR-74610

Threat Prevention

Adding hash indicators may cause policy installation to fail with a warning message.

PRJ-38488,
PMTR-75246

Threat Prevention

In a rare scenario, the mal_conns table may consume a large amount of memory.

PRJ-41310,
PRJ-41308

Threat Extraction

In some scenarios, Mail Transfer Agent (MTA) does not scan files with an unsupported extension if they were renamed to ".exe".

PRJ-38541,
PRHF-22565

Identity Awareness

The PDPD daemon may frequently exit during the user authentication flow.

PRJ-34569,
PRHF-21045

Identity Awareness

SNMP/cpstat queries for Identity Awareness OIDs return wrong values if the PDP daemon is not running at the time of the query.

PRJ-31973,
PMTR-74053

Identity Awareness

Changing the state of the "Automatic LDAP Group Update" feature for Identity Collector from CLI on the PDP Gateway does not survive a reboot.

PRJ-36507,
PRHF-22053

Identity Awareness

The CPU utilization of the PDP daemon may be high during a specific authentication flow.

PRJ-39751,
PRHF-23882

Anti-Virus

The Anti-Virus blade interprets certain types of URLs as forbidden and blocks access to those URLs, although the content behind them is not of the type supposed to be blocked.

PRJ-38814,
PMTR-80962

URL Filtering

When an URL Filtering rule has "Fail-Close" configuration, the Security Gateway may drop connections, and "URLF internal system error (0)" is recorded as the reason.

PRJ-33293,
PMTR-61676

Anti-Virus

Removed a redundant message flooding logs in /var/log/messages: "ws_write_connection: end of body reached - clearing delay write flag".

PRJ-40831,
PRHF-24826

Mobile Access

After disabling the ActiveSync service on the Security Gateway, login to Capsule Workspace (CWS) may fail.

PRJ-38458,
PRHF-23267

Mobile Access

In some scenarios, it is not possible to connect to SSL Network Extender(SNX), and the VPND log shows: "failed to add to table connectra_sessions_to_instance".

PRJ-32967,
PRHF-20588

Mobile Access

Capsule Workspace push notifications do not work when the Single Sign-On (SSO) is configured to "prompt for credentials". Refer to sk176244.

PRJ-35509,
PMTR-65024

ClusterXL

UPDATE: Added support for the "fw vsx fetch_all_cluster_policies" command, which can fetch policy for all Virtual Systems and Virtual Routers from cluster peers.

PRJ-40743,
PRHF-24710

ClusterXL

The cphaprob show_bond command does not show newly added slaves from Virtual Systems (VSs).

PRJ-36732,
PRHF-21591

ClusterXL

In a VRRP cluster, when an identity session is revoked from a non-master member, the Identity Database may become corrupted and cause an outage.

PRJ-39182,
PRHF-23684

ClusterXL

In a VRRP cluster environment with a large number of interfaces, the Security Gateway may consume a lot of memory.

PRJ-39737,
PMTR-86052

SecureXL

There may be high CPU or/and latency in CIFS/SMB connections.

PRJ-41480,
PRHF-25453

SecureXL

After an upgrade, SecureXL may drop multicast traffic with "reason:Fragment drops".

PRJ-41765,
PRHF-25516

SecureXL

The Security Gateway may crash and cause an outage when resolving the destination host MAC address through an interface with disabled ARP.

PRJ-39756,
PRJ-41204

SecureXL

SNDs may reach 100% CPU utilization and are not released in some Site to Site VPN scenarios.

PRJ-41706,
PRHF-25613

Routing

The ROUTED process may unexpectedly exit when the route does not have the next hop.

PRJ-36889,
PMTR-79153

VPN

UPDATE: After FIPS mode is enabled, Jitter is now automatically turned on.

PRJ-41239,
PRHF-24483

VPN, Multi-Portal

UPDATE: Added a new command "use_crl_for_revocation_method" which allows setting revocation method back to CRL when OCSP Server is unreachable. Refer to sk179434.

PRJ-40868,
PRHF-24283

VPN

Site-to-Site NAT-T traffic may be routed incorrectly, which can cause an outage.

PRJ-40553,
PRHF-24156

VPN

When working in Hybrid mode, it is possible to connect using Remote Access, but it may not be possible to access internal resources.

PRJ-36709,
PRHF-21689

VPN

Improved Site-to-Site VPN stability.

PRJ-41807,
PMTR-87347

VPN

When connecting with "Mixed" SSL Network Extender Authentication method, the SNX Client freezes with no output, and the results of the "vpn tu tlist" command show no tunnels.

PRJ-40858,
PRHF-24635

VPN

The VPND process may unexpectedly exit.

PRJ-39892,
PMTR-56771

VSX

UPDATE: The "vsx_util view_vs_conf" command output now shows interfaces configured on Virtual Systems in Bridge mode.

PRJ-38514,
PRHF-23107

VSX

SecureXL may not let HTTPS traffic pass through a Virtual Router (VR).

PRJ-42214,
PMTR-65815

VSX

In some scenarios, the vsx_provisioning_tool fails to delete an interface and claims that it has already been freed..

PRJ-39766,
PMTR-83046

VSX

Lines indicating uninstalling policies from virtual switches (VSWs) may be printed when running the "fw vsx unloadall" command.

PRJ-39710,
PMTR-80596

VSX

When running the "reset_gw" command on a VSX cluster member, the sync interface IP address is not deleted as part of the VSX configuration that should be deleted from the Security Gateway.

PRJ-39886,
PMTR-84069

VSX

Removing a warp interface may fail on one member, which creates a mismatch between the cluster members database because the warp interface remains on other members.

PRJ-40797,
PMTR-84189

VSX

Extending SNMP with shell script (Article IV-6 in sk90860) fails for non-VS0 Virtual Systems (VSs) when queried via SNMP V3 and a "No more variables left in this MIB View (It is past the end of the MIB tree)" message is shown in the output.

PRJ-41361,
PMTR-86445

VSX

A VSX Gateway upgrade may fail with an error related to VSX Filesystem creation.

PRJ-42178,
PMTR-81701

VSX

Pushing a VSX configuration to a virtual device may fail.

PRJ-40411,

PRJ-42484,

ODU-611

Gaia OS

UPDATE: Gaia API updates will now be automatically installed through AutoUpdater. Refer to sk165653.

PRJ-40991,
PRHF-24495

Gaia OS

When MDPS is configured, the SNMPD process may stop responding on some Security Gateways and must be restarted.

PRJ-41684,
PRHF-25430

Gaia OS

In a cloning group cluster, when allowed hosts are changed from "Any" host to a specific host, communication between members is blocked, and the group cannot function.

PRJ-41611,
PMTR-87176

Gaia OS

Information about scheduled backup failure is now displayed in Clish, WebUI and in the error message inside the log file.

PRJ-40476,
PRHF-24463

Gaia OS

The SNMPD process may unexpectedly exit on the Security Gateway with enabled Management Data Plane Separation (MDPS).

PRJ-28332,
PRHF-18367

Harmony Endpoint

UPDATE: Client Uninstall Remote Help is now Device-based. User Logon name is not needed anymore.

PRJ-41369,
PMTR-86767

CloudGuard Network

UPDATE: Added support for Data Centers in AWS ap-southeast-2 (Jakarta) region.

PRJ-41733,
PMTR-87362

CloudGuard Network

UPDATE: Added support for Data Centers in AWS me-central-1 Middle East (UAE) region.

PRJ-40842,
PRHF-24322

CloudGuard Network

Azure Data Center mapping may fail because of a corrupt response from Azure for a specific Virtual Machine Scale Set (VMSS).

PRJ-40838,
PRHF-24490

CloudGuard Network

Failure to update IP addresses on a single AWS Gateway may cause delays in updating other Gateways.

PRJ-41461,
PRHF-25422

CloudGuard Network

Import of OpenStack Data Center CloudGuard Network objects may fail.

PRJ-41711,

ODU-603

Smart-1 Cloud

Added Update 6 of Quantum Smart-1 Cloud. Refer to sk166056.

PRJ-41142,
ODU-518

Smart-1 Cloud

Added Update 5 of Quantum Smart-1 Cloud. Refer to sk166056.

PRJ-41746,
ODU-587

Public Cloud CA Bundle

Added Take 19 of Public Cloud CA Bundle. Refer to sk172188.

PRJ-19383,
PRHF-11703

VoIP

In some scenarios, when using early media with NAT, the first data connections specified in the SDP get closed, although they should not. And the new data connection does not open, resulting in one-way audio. Refer to sk177365.

PRJ-40671,
ODU-478

HCP

Added Update 11 of HealthCheck Point (HCP) Release. Refer to sk171436.

Take 180

Released on 20 September 2022 and declared as Recommended on 30 October 2022

PRJ-41081,
PMTR-86078

Security Management

UPDATE: If ISP Redundancy is configured for a target Security Gateway, backup interfaces are now used for pushing policy if the primary interface is down.

PRJ-36205,
PRHF-22196

Security Management

Migration from the Management Server to the Domain Server may get stuck for 6-7 hours and then fail.

PRJ-38216,
PRHF-22973

Security Management

If Log Domain reassignment fails, an Application Control and URL Filtering update may get stuck at 70 percent showing the "Running post update actions" status.

PRJ-38453,
PRHF-23314

Security Management

High Availability synchronization may fail with the "Failed to update shared licenses" error.

PRJ-34237,
PRHF-20836

Security Management

Migration of the Security Management Server to the Multi-Domain Management Server may fail.

PRJ-38179,
PRHF-22647

Security Management

Deleting a Domain operation may fail with an "internal error" when more than one of the Security Gateways in the Domain points to the same cluster object in the NAT configuration.

PRJ-37910,
PRHF-22870

Security Management

The flag "--method" for a CME command is not supported in SmartConsole Command Line.

PRJ-39208,
PRHF-23632

Security Management

The output of the "show opsec-application" API command may not show the host object name or UID.

PRJ-33920,
PRHF-21160

Security Management

Some unused sessions may remain open in the system, consuming memory and CPU.

PRJ-41096,
PMTR-81750

Security Management

The "CPLogGetMyIp: fwobj_get_myown failed" error may be printed in CLI when starting cpboot.

PRJ-38787,
PRHF-23476

Security Management

Install Policy Preset may fail with "The server did not provide a meaningful reply.". Refer to sk179524.

PRJ-39487,
PRHF-23926

Multi-Domain Management

In some scenarios, in a Multi-Domain Management Server environment, SmartConsole may unexpectedly disconnect.

PRJ-38123,

PRHF-23066

Multi-Domain Management

Although all Virtual Devices are deleted, deleting a Domain may fail with an "At least one Virtual Device is defined on this Domain/Domain Management Server. You need to delete all Virtual Systems/Routers prior to deleting Domain/Domain Management Server" message.

PRJ-40611,
PRHF-24080

Compliance

In the Compliance blade view, regulations with disabled best practices may display a result that does not correspond with the best practices listed below it.

PRJ-36190,
PRHF-22004

Logging

UPDATE: Amended the override_server_setting.sh script to support changes in the values of

RFL_SOLR_MAX_MERGE_COUNT and RFL_SOLR_MAX_MERGE_THREAD_COUNT.

PRJ-36019,
PRHF-21398

Logging

In SmartView, the "Top Users that Downloaded Malicious Files" widget in the "Hosts that Encountered Malicious files" view may show no results, although there are matches.

PRJ-39588,
PRHF-23981

Logging

The FWD process may unexpectedly exit and create core dump files.

PRJ-30963,

EPS-562

Logging

In some scenarios, the Forensics report fails to open from Harmony Endpoint logs.

PRJ-36475,
PRHF-22241

Logging

In SmartConsole, when Endpoint Policy Management blade is enabled, the "SmartView server certificate is invalid" error may be shown when opening a new tab in the Logs & Monitor view. Refer to sk177713.

PRJ-40356,
PRHF-24410

Logging

In some scenarios, the FWD process may unexpectedly exit in a Log Server environment. Refer to sk179596.

PRJ-34678,
PMTR-75424

Security Gateway

UPDATE: Decreased the threshold for connections suspected as heavy from 5 to 3 seconds. Refer to sk164215.

PRJ-40509,
PMTR-85083

Security Gateway

UPDATE: Added a defense mechanism against partial header attacks known as "Slowloris DoS" (CVE-2007-6750).

PRJ-38912

Security Gateway

When Anti-Virus blade is enabled, there may be a continuous high memory consumption which can lead to latency.

PRJ-34402,
PRHF-21418

Security Gateway

Deleting IP addresses in the SAM Database may fail.

PRJ-40253,
PRHF-24323

Security Gateway

There may be a delay in the Logging view when more than 1000 Security Gateways are connected to the same Log Server.

PRJ-34170,
PRHF-20978

Security Gateway

After an upgrade, in a setup with a single Virtual System (VS), the Security Gateway may crash.

PRJ-41454,
PMTR-86925

Security Gateway

During a DDoS attack, the CPD and CPRID processes may unexpectedly exit with core dump files and cause latency.

PRJ-40861,
PMTR-74446

Security Gateway

Improved the recovery mechanism for Dynamic Balancing.

PRJ-39518,
PMTR-83692

Security Gateway

Output of the "dynamic_objects -uo_show" command on the Security Gateway may not show any updatable objects. Refer to sk178886.

PRJ-40791,
PMTR-85514

Security Gateway

Enhanced connectivity during HTTP2 Inspection.

PRJ-40014,
PRHF-24223

Security Gateway

The Security Gateway with VPN may drop the traffic after enabling BGP and Equal Cost Multipath (ECMP).

PRJ-38589,

PMTR-79658

Security Gateway

In a cluster environment, an ICAP implied rule may not be enforced after policy installation.

PRJ-27777,

PMTR-70632

Security Gateway

The RAD daemon may fail and create core dump files on VSX Gateways.

PRJ-39987,
PRHF-20730

Threat Prevention

UPDATE: In the Custom Intelligence Feeds feature, decreased the hash indicators loading time.

PRJ-40431,
PMTR-84242

Threat Prevention

UPDATE: The "Global Detect" value will now be updated in the "ips stat" command output.

PRJ-29734,
PMTR-71844

Threat Prevention

SCP connections may get terminated with a protocol error.

PRJ-39160,
PMTR-83274

Identity Awareness

The Nested Groups Depth value changed in CLI may not survive a reboot.

PRJ-39830,
IDA-4187

Identity Awareness

Removed unnecessary debug messages in the Identity revocation flow.

PRJ-35834,

PMTR-71684

Identity Awareness

Memory consumption may increase after policy installation when Secure ID is configured.

PRJ-36383,
PRHF-22069

Application Control

  • The /var/log/messages directory may be flooded with "appi_app_db_get_kattrib_info: attribs hash does not exist" messages.

  • A Security Gateway may be slow or unresponsive.

Refer to sk178406.

PRJ-29434,
PRHF-17678,

PRJ-37279,
PRHF-21170

URL Filtering

When the Security Gateway works in proxy mode, the Application Control and URL Filtering rules may not match correctly.

PRJ-30744,
PRHF-19698

IPS

Logs generated by IPS Bypass may not show the correct CPU/Memory Utilization.

PRJ-37725,
PRHF-22465

DLP

DLP logs for files uploaded to Microsoft OneDrive may not show the initial file names and extensions. Refer to sk178290.

PRJ-39150,
PRHF-21088

Anti-Bot

  • Downloading or opening the packet capture file from the Anti-Bot log entries may fail with a "File fetching is still in progress" message.

  • When opening the capture file link in the log entry in SmartConsole, the "Failed getting the incident file from the gateway. It may be expired" error is shown.

PRJ-40259,
PMTR-83847

SSL Inspection

The WSTLSD process may unexpectedly exit and produce a core dump file during certificate chain verification.

PRJ-34072,
PRHF-21065

Mobile Access

Manual Web Form Single Sign-On (SSO) may fail when passwords contain special characters.

PRJ-38434,

PMTR-82133

Mobile Access

When installing a specific hotfix, the CVPND process may unexpectedly exit.

PRJ-39957,
PMTR-84213

ClusterXL

During a Multi-Version Cluster (MVC) upgrade, there may be state flapping when using the sync interface MAC address bit "02".

PRJ-39838,
PMTR-84079

ClusterXL

When reconnecting the OSPF interface on both members in a cluster, a failover may occur when receiving a ROUTED PNOTE on the Active member.

PRJ-40199,
PMTR-84253

ClusterXL

In a cluster configured in the Active-Active mode, there may be connectivity issues when one of the cluster interfaces is down on one of the cluster members.

PRJ-37942,
PRHF-22882

ClusterXL

In a VSX cluster with three or more members, sudden failover and recovery of the Standby VS may occur, causing termination of connections from the Active member. Refer to sk179446.

PRJ-37630,
PRHF-22691

SecureXL

UPDATE: The MSS value in the SYN Cookie response can now be configured.

PRJ-39072,
PRHF-22676

SecureXL

UPDATE: Added a new kernel parameter "fw_allow_reverse_syn" for Smart Connection Reuse. This parameter allows or drops SYN packets coming from the reverse direction. The parameter is set to 0 by default, the Security Gateway drops such packets. Refer to sk24960.

PRJ-36857,
PRHF-21863

SecureXL

Policy installation may cause cluster failover and impact the traffic flowing through the cluster.

PRJ-40218,
PMTR-63465

SecureXL

In a rare scenario, ipsctl kernel module does not load at startup.

PRJ-40293,

PMTR-81618

SecureXL

A kernel memory leak may occur in an environment with a cluster in Active/Standby bridge mode.

PRJ-40746,
PRHF-24743

Routing

The ROUTED process may unexpectedly exit when querying BGP data.

PRJ-40090,

PMTR-84418

Routing

When running CPView and working in Source-Specific Multicast Mode (PIM-SSM) simultaneously, the ROUTED process may unexpectedly exit and create a core dump file.

PRJ-40752,
PMTR-85206

VPN

Resolved the “HTTP Response splitting” vulnerability in Security Gateway portals. Refer to sk179705.

PRJ-40662,
PRHF-24446

VPN

There may be a low throughput in a Site-to-Site VPN tunnel between two VSX Gateways with enabled Multi-Queue.

PRJ-38632,
PRHF-23424

VPN

Connection to Endpoint Security Client from the Remote Access VPN may be lost when the VPN tunnel timeout is reached. Refer to sk178891.

PRJ-40384,
PMTR-84477

VPN

The "Unable to open '/dev/fw0': No such file or directory" error may be printed during cpstart.

PRJ-40581,
PMTR-84124

VPN

Connection over NAT-T tunnels may not be distributed well between instances of the Security Gateway with CoreXL enabled.

PRJ-37783,
PMTR-82856

VPN

In SmartView Monitor (SVM), the status of tunnels with third-party peers may be inaccurate. Refer to sk169121.

PRJ-39980,
PMTR-83520

VSX

The vsx_util upgrade or downgrade operation may silently fail to update the database for one or more Virtual Systems (VSs). Refer to sk179591.

PRJ-40071,
PRHF-24269

VSX

A "SIC Error for EntitlementManager: Peer sent wrong DN: CN=xxx,O=xxx" message may be displayed during boot or after running the "cpstart" command. Refer to sk179586.

PRJ-40249,
PMTR-84229

VSX

In VSX, when deleting a warp interface (either by deleting the warp itself or by performing the "reset_gw" command, which deletes all Virtual Devices), the VSX Gateway may crash.

PRJ-34321,
PMTR-60045

VSX

The MTU value configured in SmartConsole may differ from the Virtual Switch (VSW) MTU value in the output of the "ifconfig" command.

PRJ-40702,
PMTR-81932

VSX

A member in a VSX cluster may get stuck in DOWN state with "Event Code CLUS-113200" and a FULLSYNC PNOTE "Could not start a connection to remote member".

PRJ-34094,
PMTR-65030

VSX

When running the "vsx showncs" command, the "cannot retrieve vsid for VSW_gw" error may be shown.

PRJ-40359,
PMTR-84809

VSX

Improved packet rate performance on warp interfaces.

PRJ-24565,

PRHF-16407

Gaia OS

UPDATE: Added support for the Excluded Files feature (sk116679) for XFS file system on Kernel 3.10.

PRJ-40767,
PMTR-81861

Gaia OS

IPv6 connections with Manual NAT rules may not be stable after enabling Neighbor Discovery Protocol (NDP) on a VLAN in the $FWDIR/conf/local.ndp file.

PRJ-40026,
PRHF-24243

Gaia OS

A user locked by the deny-on-nonuse mechanism cannot get unlocked.

PRJ-40364,
PMTR-84602

Gaia OS

Snapshot creation can stop at 95%. Also, the snapshot size is bigger than expected.

PRJ-40669,
ODU-478

HCP

Added Update 10 of HealthCheck Point (HCP) Release. Refer to sk171436.

Take 173

Released on 31 August 2022 and declared as Recommended on 13 September 2022

PRJ-41444,
PRHF-25374

Threat Prevention

In a specific HTTP connection scenario, the Security Gateway may become unresponsive. And the /var/log/messages file contains these messages during the time of the issue: " FW-1: fw_kfree: wrong magic number at tail end of XXX (XXX) caller is 'cmik_loader_fw_pm_match_cb' sz=80. FW-1 panic: cmik_loader_fw_pm_match_cb: fw_kfree: wrong magic number at tail (kiss_memory.c:XXX)".

Take 172

Released on 25 July 2022

PRJ-38150,
PRHF-23149

Security Management

UPDATE: Improved Access Policy installation time.

PRJ-34852,
PMTR-72440

Security Management

UPDATE: Added validation to the Custom Application/Site object to prevent configuring invalid URLs that cause Access policy installation failure. Refer to sk175187.

PRJ-36848,
PRHF-22352

Security Management

In rare scenarios, the Management Server may fail to start due to incorrect session handling.

PRJ-37708,
PRHF-22796

Security Management

Install Policy preset fails if the Threat Prevention policy was uninstalled.

PRJ-36919,
PRHF-22479

Security Management

When a Security Gateway is removed from a VPN community, it may still be seen under the permanent tunnel configuration. The issue is scoped to the Management side and does not impact the Gateway.

PRJ-37634,
PRHF-22693

Security Management

After changing the IP address of the Secondary Management Server, the old IP address is still shown in the High Availability window until the services are restarted.

PRJ-37863,
PRHF-22678

Security Management

Dynamic Objects defined on LSM Gateway in SmartProvisioning may be removed from the Security Gateway after fetching policy or pushing policy.

PRJ-37522,
PRHF-22656

Security Management

Reassign Global Policy tasks may be stuck for Domains active on a different Multi-Domain Server even though the task is completed on the destination Multi-Domain Server.

PRJ-37503,
PRHF-22597

Security Management

In rare scenarios, Global Domain Assignment may fail with a "class name not found for object" error message.

PRJ-37198,
PRHF-22299

Security Management

The Management API command "show-vpn-communities-star" for Diffie-Hellman groups 15-18 and group 24 fails with the "Invalid DH-Group in VPN Reply" error. Refer to sk27054.

PRJ-35654,
PRHF-21996

Security Management

The Security Cluster Wizard is not shown again after a Management restart in a Full High Availability cluster environment.

PRJ-37762,
PRHF-22671

Security Management

The FWM process on the Management Server may unexpectedly exit, creating a core dump file.

PRJ-35601,
PMTR-77217

Security Management

An IPS update may fail if the user that performs the update is connected to the Multi-Domain Server on which the Global Domain is in Standby mode.

PRJ-37508,
PRHF-22621

Security Management

Deleting a domain may fail when using the createDomainRecovery.sh script with the "UID" flag.

PRJ-35604,

PRHF-21981

Security Management

In SmartConsole, the "error retrieving results" message may be displayed when opening a new tab.

PRJ-38063,
PRHF-22999

Security Management

When uninstalling a Threat Prevention policy, there may be a verification warning "There are Threat Prevention uninstall candidates in policy targets", although the operation on the Security Gateway was completed successfully.

PRJ-38147,
PRHF-23139

Security Management

Cloud Shadow Objects verification may take several minutes.

PRJ-38119,
PRHF-23065

Security Management

Policy installation may fail with "an internal error" if some objects are pointed to by an old deleted policy. Refer to sk122954.

PRJ-39470,
PRHF-23825

Security Management

Management HA synchronization may fail with the "NGM failed to import data" error.

PRJ-37885,
PRHF-22914

Security Management

Editing an object may fail with the "Could not access file for write operation" error.

PRJ-38399,
PRHF-23290

Security Management

An Application Control and URL Filtering update may get stuck because of a lock object duplicate issue.

PRJ-35059,
PRHF-21753

Security Management

Renaming the Security Management Server may fail with the "Failed to save object" error. Refer to sk177224.

PRJ-38740,

PRHF-23467

Security Management

In a rare scenario, the FWM process may unexpectedly exit and create a core dump.

PRJ-37987,

PRHF-22589

SmartConsole

After an Application Control update, some application control objects may disappear from SmartConsole, although they are not deprecated.

PRJ-37101,
PRHF-22528

Logging

UPDATE: Scheduled email reports will now use TLS1.2 instead of TLS1.0. Refer to sk178125.

PRJ-33815,
PMTR-72206

Logging

The "log_exporter_reexport" command may export the logs from the beginning of the log file and not from the provided start position.

PRJ-36514,
PRHF-22273

Logging

In a rare scenario, a memory leak in the FWD process may occur during installing Threat Prevention policy.

PRJ-36026,
PMTR-70703

Logging

In IPS Core Protections logs, the link to the Threat Prevention profile is written incorrectly.

PRJ-36461,
PRHF-22152

Logging

When running the "cp_log_export filter-blade-in" command with the value "Endpoint" and restarting the LOG_EXPORTER process, LOG_EXPORTER may fail to start.

PRJ-39295,
PMTR-82675

Logging

An error may occur when changing default Time Frame while the SmartView language is not English.

PRJ-39678,
PMTR-82910

Logging

When exporting the logs table with "All Columns" to a CSV file, the first cell of the first log (time column) may display a non-ASCII character ("ן»¿"), and the time may be split into two cells.

PRJ-39675,
PMTR-83316

Logging

A CSV file exported from SmartView may contain duplicated lines of headers.

PRJ-36654,
PMTR-77355

Security Gateway

NEW: Added a new kernel parameter "fw_ignore_before_drop_rules". It allows to skip the "before drop" implied rules and enforce policy according to the explicit rule in the Access Rule Base. By default, this capability is disabled.

Refer to sk105740.

PRJ-38688,
PRHF-22315

Security Gateway

UPDATE: When using Routing Separation, hosts and servers configured in Clish will be automatically added to Management Plane (MPLANE).

PRJ-39666,

PRHF-23392

Security Gateway

It may not be possible to monitor Security Gateways with enabled Management Data Plane Separation (MDPS). Refer to sk138672.

PRJ-39684,
PRHF-23741

Security Gateway

An ICAP client crash may cause the Security Gateway also to crash and generate an FWK core dump.

PRJ-34622,
PRHF-21300

Security Gateway

When running the "show_configuration" command in CLISH, static routes are shown twice.

PRJ-33698,
PMTR-72984

Security Gateway

In some scenarios, file download may fail with the "Connection queue exceeded max size" error.

PRJ-37011,
PRHF-22369

Security Gateway

Multiqueue Clish "show" commands may fail in a Management Data Plane Separation (MDPS) environment.

PRJ-37608,
PMTR-80518

Security Gateway

When using the DAIP Gateway object in the Access Rulebase, debug error "fwdnd_log_info_lookup failed" may appear in the fwk.elglog, if the relevant rule has log track. Refer to sk178670.

PRJ-33858,
PMTR-76224

Security Gateway

In ISP Redundancy settings, when using the "dead on all host" feature and defining one link without any host (which is a misconfiguration) the ISP link is down.

PRJ-36119,
PMTR-71654

Security Gateway

In CPView, under Network, Bytes Per Sec value in Traffic Rate may be incorrect.

PRJ-33929,
PRHF-20845

Security Gateway

Cluster failover may trigger the FWK process to exit, with no traffic impact.

PRJ-31030,
PMTR-69049

Security Gateway

In a rare scenario, the Security Gateway may crash when disabling or enabling Threat Prevention blade.

PRJ-27915,

PRJ-40137,
PMTR-84236,
PMTR-62741

Security Gateway

When Strict Hold is enabled, traffic is logged with the log "HTTP parsing error detected. Bypassing the request as defined in the Inspection Settings" and Precise Error "Connection queue exceeded max size". Refer to sk169995.

PRJ-39861,

PRHF-23952

Security Gateway

After renewing an Internal Certificate Authority (ICA) certificate, policy installation on Virtual Systems may fail with "Internal SSL authentication SSL error (Unknown)".

PRJ-37951,
PRHF-22703

Security Gateway

There is a Content Awareness alert for multiple connections and the processing error "Failed to extract text" is printed in logs.

PRJ-38075,
GAIA-9576

Security Gateway

The Security Gateway may crash with a vmcore.

PRJ-40998,

PRJ-40954

Security Gateway

In a VSX environment, SNMP queries to OSPF OIDs may fail.

PRJ-39322,
PMTR-83434

Threat Prevention

Improved memory consumption by decreasing the size of the mal_conns table.

PRJ-40610,
PRHF-24611

Threat Prevention

IPS entries of AMW_report.xml may be missing for a Security Gateway onboarded to Infinity SOC.

PRJ-36292,
PMTR-77668

Threat Prevention

A "sft_rule_str_match_init: allocates 0 bytes" message may be printed many times in the /var/log/messages file.

PRJ-38683,
PRHF-23324

Threat Prevention

In a rare scenario, an IPS, Anti-Virus, or Anti-Bot update package may fail to load because of a timeout.

PRJ-36567,
PMTR-79569

Internal CA

UPDATE: In SmartConsole, added an alert to inform that the ICA certificate will be expired in less than one year. Refer sk158096.

PRJ-37978,
PMTR-81714

IPS

In very rare scenarios, a traffic outage may occur.

PRJ-39062,

PRHF-12660

IPS

In a VSX setup, the IP address used as the origin SIC name in the IPS address log may differ from the IP address in other reports.

PRJ-36520,
PMTR-77922

IPS

Improved detection in some IPS protections.

PRJ-36433,
PMTR-77653

IPS

When ClusterXL is configured, a file may pass without inspection during a failover.

PRJ-35291,
PRHF-21849

Mobile Access

In some scenarios, when Mobile Access Blade is enabled, the Security Gateway may crash.

PRJ-38434,
PMTR-82133

Mobile Access

When installing a specific hotfix, the CVPND process may unexpectedly exit.

PRJ-34869,
PMTR-76212

ClusterXL

UPDATE: Added support for the "Same VMAC" feature.

PRJ-35984,
PMTR-72454

ClusterXL

UPDATE: It is now possible to edit minimal number of required slave interfaces for Bond Load Sharing via Clish. The new Clish command is "set interface <interface_name> links <value>".

PRJ-37881,

PMTR-81375

ClusterXL

Local connection from a Standby member may fail when packets are not fragmented even if the interface MTU is smaller than the packet size.

PRJ-37434,
PMTR-80319

ClusterXL

There may be connectivity issues for multicast traffic in PIM Sparse Mode.

PRJ-36176,
PMTR-51050

ClusterXL

In Virtual Device Status table, in vs0 context, the output shows the Active-Active status on two members instead of Active-Standby.

PRJ-36614,
PMTR-71442

ClusterXL

During a Multi-Version Cluster (MVC) upgrade from R80.30 or lower, Active-Active split brain may happen. Refer to sk174510.

PRJ-36602,
PMTR-79447

ClusterXL

Data connection may be interrupted during a Multi-Version Cluster (MVC) upgrade.

PRJ-35227,
PMTR-70530

ClusterXL

In an Active/Active cluster, potential FTP data connection interruption may occur during failover.

PRJ-37488,
PMTR-73519

ClusterXL

In a VSLS cluster with a few members and Virtual Systems, when shutting down a bond connected to one of the Virtual Systems, all Virtual Systems on this member may go to Down state.

PRJ-37813,

PRJ-37001

SecureXL

NEW: In some scenarios, the Security Gateway may not forward traffic to a client if its IP address is changed by DHCP. Added a global parameter "cphwd_refresh_nh", disabled by default. It determines whether or not the Security Gateway will invoke its own refresh ARP mechanism after a successful route lookup. Refer to sk175603.

PRJ-38593,
PMTR-82425

SecureXL

UPDATE: Added a new parameter cphwd_mcast_routing_interval_ms (default value is 0), which allows the multicast routing interval to be expressed in milliseconds.

PRJ-39008,

PRHF-22881

SecureXL

SYN Defender may not properly handle the S2C traffic related to Allow List. As a result, this traffic may be dropped.

PRJ-39002,

PRHF-23644

SecureXL

SYN Defender may change MSS in an SYN packet to a larger value, potentially causing traffic drop.

PRJ-39112,
PMTR-77465

CoreXL

CoreXL instances of SND type may appear in CPView as "OTHER" and not as "CoreXL_SND".

PRJ-38501,
PRHF-23143

CoreXL

An Active member in a cluster may make a full reboot during policy installation.

PRJ-38558,
PRHF-22924

Routing

UPDATE: Source Pruning will now be disabled by default when VRRP is enabled. This will prevent an interface from keeping the Standby member in Master state after port flapping. The issue is relevant only for Intel X710 network cards using the I40E driver.

PRJ-36938,
PMTR-79381

Routing

In a rare scenario, the ROUTED daemon may unexpectedly exit during a Multi-Version Cluster (MVC) upgrade when using OSPF.

PRJ-37939,
PMTR-80421

VPN

NEW: KAT tests for IKE and TLS are now validated for FIPS certification.

PRJ-37547,
PMTR-79930

VPN

In some scenarios, when StrongSwan client is connecting to a site or Security Gateway, the connection is established successfully, and the tunnel is created, but there is no traffic. Refer to sk118536.

PRJ-32679,
PMTR-66706

VPN

An IKEv1 tunnel may be deleted after the Dead Peer Detection (DPD) exchange and can cause an outage.

PRJ-37554,
PMTR-77042

VPN

An outage may occur when using IKEv2.

PRJ-37773,
PRHF-22871

VPN

Capsule Connect (IPSec VPN) may fail to re-authenticate.

PRJ-36436,
PMTR-78967

VPN

Machine Authentication stability improvements for Remote Access Endpoint Clients.

PRJ-34765,

PRHF-21568

VPN

When using Link Selection probing, the VPND process may unexpectedly exit and create a core dump file.

PRJ-36449,
PMTR-65595

VSX

UPDATE: When resetting SIC for a specific virtual system (sk34098), the new certificate on the Security Gateway will now be automatically pulled from SmartConsole.

PRJ-29582,
PRHF-16144

VSX

UPDATE: Decreased the time to edit routes in topologies where multiple Virtual Systems are connected to a Virtual Switch (VSW).

PRJ-35277,
PMTR-76457

VSX

In some scenarios, if VSX Gateway creation fails and rollback is done, the default route of the Security Gateway that was configured via Clish is deleted without validation.

PRJ-28545,
PMTR-65366

VSX

Latency and packet loss issues may occur when traffic goes through external VS connected to Virtual switch (VSW). Refer to sk177344.

PRJ-33314,
PRHF-20561

VSX

The FWM process may unexpectedly exit after using the VSX Provisioning tool.

PRJ-32476,
PRHF-20437

VSX

When using the VSX Provisioning Tool, it may not be possible to create a new warp interface and then change the main IP address of the VS in the same transaction.

PRJ-36132,
PRHF-21970

VSX

A member may fail to pull configuration from the SMO on startup.

PRJ-32705,
PRHF-20553

VSX

After restoring the VSX Gateway backup, the SNMP agent stops responding when the context is set for a specific VS.

PRJ-32406,
PMTR-74557

VSX

The OID "Syslocation" can now be configured in the context of a virtual system as described in the article (IV-1) Advanced SNMP configuration in sk90860.

PRJ-38827,

PMTR-82551

VSX

The FWK process of Virtual Switch (VSW) may consume a high CPU.

PRJ-38407,

PMTR-73704

VSX

When creating a virtual system, the "Failed to create Virtual System directories" error is displayed.

PRJ-33040,

PMTR-69098

VSX

In a VSX cluster, after pushing Bridge configuration, the state may change from Active/Active to Active/Standby.

PRJ-38792,

PMTR-82492

VSX

In some scenarios, it is not possible to start a vsx_util upgrade/downgrade after a failed attempt.

PRJ-38009,
PMTR-81493

VSX

"Loading kernel module for a network device with CAP_SYS_MODULE (deprecated). Use CAP_NET_ADMIN..." may be printed in dmesg.

PRJ-10543,
PRJ-39353

VSX

Running the "brctl_show" command in a non-VS0 context may give VS0 results.

PRJ-27470,
PRHF-18056

Gaia OS

UPDATE: A description was added to the output of the "show backup logs" command with information about each column. Refer to sk173970.

PRJ-35584,
PRHF-21922

Gaia OS

UPDATE: It is now possible to use Gaia proxy addresses with more than 16 characters.

PRJ-36086,
PMTR-78169

Gaia OS

WebUI session may end when creating a Role with full permissions.

PRJ-37347,
PMTR-80176

Gaia OS

When adding and deleting a neighbor-entry ipv6-address, an error message is displayed, although the operation is successful.

PRJ-39095,

PRHF-23641

Gaia OS

Dynamic routing SNMP OID polling may work only in VSX mode.

PRJ-33557,

PMTR-75925

Gaia OS

In some scenarios, in 7000 appliances, Power Supply Unit (PSU) status information may be incorrect. Refer to sk174443.

PRJ-38229,

PMTR-81516

Gaia OS

When running the "save configuration" command on a VSX device, other interfaces besides the Management interface are still presented. This is a cosmetic issue.

PRJ-39377,
PMTR-83140

Gaia OS

The CONFD process may unexpectedly exit and generate a core dump file.

PRJ-38097,
PMTR-72669

CloudGuard Network

NEW: Added support for Amazon Gateway Load Balancer (GWLB). Starting from this Take, Jumbo Hotfix Accumulator R80.40 can be installed on GWLB deployments.

PRJ-30119,
PMTR-72575

CloudGuard Network

UPDATE: After a failed Data Center mapping, the next scan retry will be initiated with a delay to provide sufficient recovery time.

PRJ-38567,
PRHF-23328

CloudGuard Network

UPDATE: Previously, because of connectivity issues with Azure, CloudGuard Controller was deleting IP addresses of Data Center objects from the Security Gateway. CloudGuard Controller will now show an error message instead of revoking identities from the Security Gateway.

PRJ-38869,
PRHF-23555

CloudGuard Network

After changing the default behavior in Identity session conciliation, the "delete-identity" request may trigger Cloud Controller to delete IP addresses from other Identity sources.

PRJ-27767,
PRJ-28171

CloudGuard Network

In some scenarios, when there are Data Center objects in Access Policy Rule Base, policy verification may fail although policy installation succeeds. Refer to the PMTR-60092 limitation in sk166717.

PRJ-38069,
PMTR-78814

CloudGuard Network

Policy install or publish may fail because of the CPM process operations overload.

PRJ-33576,
PRHF-20923

CloudGuard Network

When trying to add a comment to a Data Center object with API, the name of the object may get the value of the "comments".

PRJ-31687,
PRHF-20086

CloudGuard Network

The "Object is inaccessible/deleted on Data Center" warning may be shown for Tag objects in SmartConsole.

PRJ-38642,
PRJ-38643

VoIP

NEW: Added a new tab for VoIP monitoring in CPView.

PRJ-40928

VoIP

After an upgrade, the MGCP traffic may be dropped. The output of the "fw ctl zdebug + drop" command shows: "dropped by fw_early_sip_nat reason: failed to get MGCP ports". Refer to sk179747.

PRJ-39815,
PMTR-81965

VoIP

The Security Gateway may crash when running UDP and TCP SIP traffic.

PRJ-26372,
PMTR-68629

Scalable Platforms

NEW: Added ability to create and manage VSX objects of R80.30SP version via vsx_util and vsx_provisioning_tool.

PRJ-40307,

ODU-454

HCP

Added Update 9 of HealthCheck Point (HCP) Release. Refer to sk171436.

Take 161

Released on 30 May 2022 and declared as Recommended on 13 July 2022

PRJ-34227,
PRHF-21357

Security Management

Deleting a Domain may fail when there is an administrator with API key authentication associated with this Domain.

PRJ-35949,
PRHF-21894

Security Management

In the Compliance view, after changing "Policy Range" to a value smaller than 100%, best practices results become not available. Refer to sk177544.

PRJ-34177,
PRHF-20991

Security Management

In rare scenarios, Install Policy Presets may fail with "Failed to run Install Policy on the active Domain Server".

PRJ-35338,
PRHF-21851

Security Management

In rare scenarios, the Management Server may fail to start after an upgrade.

PRJ-37494,
PRHF-22409

Security Management

In some scenarios, the "show-hosts" Management API command fails with "generic_error" when running it with "details-level full". Refer to sk178249.

PRJ-34181,
PRHF-21215

Security Management

In rare scenarios, the Management Server becomes inaccessible if there are more than 5000 objects in the Gateways and Servers view.

PRJ-35224,
PRHF-21778

Security Management

When exporting rules with "hit counts" and the timeframe is set to a different value than "all", the "hit counts" are missing from the export file. Refer to sk177265.

PRJ-37577,
PMTR-80846

Security Management

In some scenarios, after editing blades in simple-gateway/cluster Ansible modules, the blades are not changed and Ansible shows that no changes occurred.

PRJ-35016,
PRHF-21705

Security Management

Install Policy Verification may fail with the "Rule has security zone objects that are not attached to any interface used" error when configuring cluster's interfaces on only one member. Refer to sk177129.

PRJ-37395,
PRHF-22603

Security Management

After performing the Solr Cure procedure, objects may appear as duplicated in SmartConsole. Refer to sk178084.

PRJ-35297,
PMTR-75023

Security Management

When cloning an IPS profile, the advanced settings of cloud protection are not copied to the new profile.

PRJ-32816,
PRHF-20492

Security Management

In rare scenarios, when installing a policy after performing "revert to revision", some changes made to a policy may not be installed on the Security Gateway. Refer to sk176768.

PRJ-32745,
PRHF-20512

Security Management

In a rare scenario, the FWM process unexpectedly exits.

PRJ-39176,

PRHF-23750

Security Management

In some scenarios, the Management API command "show-packages" with "details-level full" may fail with the "Could not commit JPA transaction" error.

PRJ-36621,

PMTR-79023

Logging

UPDATE: SmartView reports will now show the new Check Point logo.

PRJ-36197

Logging

UPDATE: Mapping of IP addresses to country/flag is now automatically updated every day. They are visible in the Logs and Events views.

PRJ-30549,
PRHF-19084

Logging

In rare scenarios, when QoS blade is enabled, the FWD process may unexpectedly exit. Refer to sk177783.

PRJ-32372,
PRHF-18699

Logging

When running CPinfo in a large scale environment, the SmartEventCollectLogs process may get stuck.

PRJ-34249,
PRHF-21188

Logging

There may be an incorrect error message related to MakeConnection method.

PRJ-35200,
PRHF-20349

Logging

In a rare scenario, the Security Management Server does not automatically delete older log files. Refer to sk177627.

PRJ-34805,
PRHF-21554

Logging

In some scenarios, logs related to Content Awareness are missing.

PRJ-29173,
PRHF-18866

Logging

Removed unnecessary debug messages: "fwbintabreplace: table svm_range_gateways not found" and "fwbintabreplace: table svm_range_gateways_valid not found" from the fwd debug log.

PRJ-30144,
PMTR-60786

Logging

Recurring "Unable to open '/dev/fw0': No such file or directory" may be printed in the fwd.elg file.

PRJ-34141,
PRHF-21218

Logging

On the Domain level, in the Logs view, available services may not appear in the drop-down filter list. Refer to sk178904.

PRJ-32579,
PRHF-20447

Logging

In some scenarios, it is not possible to add the "Policy Rule UID" column to the Logs view in the SmartView Web Application.

PRJ-33516,
PMTR-71704

Logging

Improved samples visibility in SmartView Widgets.

PRJ-37896,
PRHF-22858

Logging

Logs may be missing from Smart Console after upgrading the Log Server if a VS object is configured without an IP.

PRJ-35097,
PMTR-76491

Security Gateway

UPDATE: Added a new global parameter: "fw_daf_module_mac_mode". It allows mirroring traffic to a Linux-based device. It is set to "0" by default. Refer to sk178127.

PRJ-19035,
PMTR-61532

Security Gateway

UPDATE: In CPView overview, the "FW" field will now show physical memory used instead of virtual memory. The change is only cosmetic.

PRJ-31665,
PMTR-68092

Security Gateway

UPDATE: Adding Connection and Packet Distribution statistics in CPView.

PRJ-38235,
PMTR-81910

Security Gateway

UPDATE: Apache HTTPD version was updated from 2.4.51 to 2.4.53.

PRJ-29962,
UP-452

Security Gateway

UPDATE: Added two minutes grace period before dropping the non-TCP server-to-client packets upon policy installation and rematch flow. Refer to sk173287.

PRJ-31494,
PRHF-7049

Security Gateway

UPDATE: Following sk110157, adding a shadow SAM V1 rule is now possible only if the new rule and the existing rule have different timeouts. If a shadow rule exists, the new shadow rule will override the existing shadow rule.

PRJ-37528,
PRHF-22491

Security Gateway

Improved Security Gateway internal memory allocation logic.

PRJ-36047,
PMTR-78861

Security Gateway

In a rare scenario, DNS connection may be dropped with "up_manager_cmi_handler_match_cb: connection not found".

PRJ-26984,
PRHF-17754

Security Gateway

In rare scenarios, connectivity issues to specific websites may occur during web traffic inspection.

PRJ-34726,
PRHF-21103

Security Gateway

In rare scenarios, if temporary files were not deleted successfully, downloading certain file types may fail with an error.

PRJ-33273,
PMTR-26836

Security Gateway

The control connection may not be refreshed together with the data connection if the data connection is accelerated. Refer to sk168952.

PRJ-23479,
PRHF-16013

Security Gateway

Policy installation may fail when reaching out of memory on the Security Gateway.

PRJ-37356,
PRJ-35902

Security Gateway

Uninstalling Jumbo Hotfix may cause interfaces to disappear.

PRJ-35006,
PRHF-21742

Security Gateway

The dynamic NAT allocation port warning is continuously printed in /var/log/messages. Refer to sk177228.

PRJ-34787,
PMTR-65164

Security Gateway

In some scenarios, Security Gateway drops GRE traffic. Kernel debug shows "simi_reorder_enqueue_packet: reached the limit of maximum enqueued packets for conn".

PRJ-34015

Security Gateway

Bond slaves may be visible in the wrong plane.

PRJ-34088,
PRJ-34218

Threat Prevention

IPS and other Threat Prevention logs may not contain packet capture. And dmesg may be flooded with related errors.

PRJ-36164,
PRHF-21680

Identity Awareness

The PDP process may unexpectedly exit with a core dump file.

PRJ-35820,
PRHF-21396

Identity Awareness

On Scalable Platforms\Cluster LS, the Identity Database may become corrupted when an identity session is revoked from a non-master member.

PRJ-35851,
PRHF-22037

Identity Awareness

The PEP process may unexpectedly exit.

PRJ-28218,
PRHF-15223

Identity Awareness

There may be connectivity issues and high CPU spikes on the PDPD, VPND processes, and on the Gateway when installing policy. Refer to sk174144.

PRJ-34514,
PRHF-20998

URL Filtering

In a rare scenario, when URL Filtering blade is active, in Website categorization background mode, the FWK process crashes and creates a core dump.

PRJ-32742,
PMTR-70772

IPS

After installing a Threat Prevention policy with many rules and/or exceptions, on multiple Gateways together, Gateways may consume more CPU during rule-match of new connections.

PRJ-37543,
PRHF-22301

IPS

In a rare scenario, when the Security Gateway is configured as a proxy, downloading files may fail.

PRJ-32609,
PRHF-20132

IPS

When Anti-Virus and/or gzip inspection are enabled on the Gateway, during CloudFlare inspection of specific websites,the Security Gateway may drop the traffic.

PRJ-30124,
PMTR-66344

SSL Inspection

When HTTPS Inspection is enabled and traffic is inspected, detect logs for HTTPS traffic may show the "Invalid CRL Retrieved" and "No Valid CRL" error messages. Refer to sk172345.

PRJ-36298,
PMTR-76171

SSL Inspection

A memory leak related to TLS probe may occur in the WSTLSD process.

PRJ-32908,
PRHF-1527

Mobile Access

In a rare scenario, some options in a web application may be missing in Mobile Access Portal.

PRJ-35167,
PMTR-77780

ClusterXL

A single cluster member with Dynamic Routing configuration may stay permanently in DOWN state producing ROUTED pnote during a boot.

PRJ-35980,
PMTR-74818

ClusterXL

A cluster failover may take longer than it should.

PRJ-38369,
PRHF-23291

ClusterXL

Multicast packets may be dropped after policy installation.

PRJ-36470,
PRHF-21775

SecureXL

The VSX Gateway may crash when trying to route traffic from a VS to a Virtual Switch (VSW).

PRJ-33581,
PMTR-75970

SecureXL

In some scenarios, fragmented Cluster LS packets are dropped by SecureXL.

PRJ-34902,
PRJ-36073

SecureXL

In some scenarios, related to sending multicast packets, the ICMP errors may be shown.

PRJ-30713,
PRHF-18975

Routing

Connectivity issues may occur after configuration of route-based VPN (VTI interface). Refer to sk176368.

PRJ-35400,
PRJ-35403,
PRJ-35345,
VPNS2S-2848,
VPNS2S-2457,
VPNS2S-2770

VPN

IKEv2 Improvements for DAIP Gateway behind Hide NAT.

PRJ-34210,
PMTR-74824

VPN

IKEv2 ID configuration may not be applied when an IPv6 address is written as a certificate's alternative name.

PRJ-34492

VPN

Remote Access users are unable to connect when authenticating using a certificate issued by a subordinate CA.

PRJ-35397,
VPNS2S-2822

VPN

Improvements for DAIP Gateway behind Hide NAT.

PRJ-35534,
PMTR-78432

VPN

A memory leak may occur in the VPND process when using remote Access Back Connection.

PRJ-37462,
PRHF-21891

VPN

The VPND process may unexpectedly exit causing VPN connections to restart.

PRJ-34373,
PMTR-75526

VPN

In rare scenarios, Remote Access users cannot connect to the Gateway because of certificate authentication failure.

PRJ-35429,
PMTR-78314

VPN

In some scenarios, L2TP users cannot connect to the Gateway in a cluster environment.

PRJ-35386,
VPNS2S-2726

VPN

In some scenarios, the RIM script is not activated in DPD Tunnel monitoring.

PRJ-35557,
PMTR-78462

VPN

A memory leak may occur in the VPND process when using Remote Access Secondary Connect.

PRJ-35555,
PMTR-78436

VPN

A memory leak may occur in the VPND process when using Remote Access with Multiple Entry Points configured.

PRJ-35046,
PMTR-77549

VPN

In some scenarios, NAT-T tunnel establishment may fail.

PRJ-33322,
VPNS2S-1482

VPN

After initiating a tunnel between a regular Gateway and a DAIP Gateway, running the "vpn tu tlist'" command on the peer, may show the peer IP instead of the DAIP IP.

PRJ-29880,
PRHF-19050

VPN

Improved VPN interoperability.

PRJ-37589,
PRHF-22751

VPN

During policy installation when using DAIP behind hide NAT, CPU usage for the VPND process may be high.

PRJ-36237,
PRHF-22206

VPN

A memory leak may occur in the VPND process.

PRJ-38811,
PRJ-38729

VPN

In some scenarios, it is not possible to connect with Remote Access using DHCP for Office Mode. Refer to sk178767.

PRJ-34671,
PMTR-77130

VSX

UPDATE: The "vsx_util reconfigure" operation is not supported on a VSX cluster member or VSX Gateway which has no virtual systems configured. The operation will now alert about the absence of virtual systems.

PRJ-34999,
PMTR-77287

VSX

The "vsx_util reconfigure" command may fail without printing the cause of the error.

PRJ-32078,
PMTR-74295

VSX

When creating a static route on a virtual system, some network objects may be created with the same name inside the network group which causes failure in writing the object to the database.

PRJ-36767,
PMTR-52576

VSX

VSX Cluster Internal Communication Network IP address is shown in ifconfig after changing the name or VLAN of a VR physical interface.

PRJ-35503,
PMTR-62860

VSX

There may be a mismatch of policy name on virtual switch when using the "fw stat" and "vsx stat -v" commands. The issue is only cosmetic.

PRJ-33470,
PMTR-73998

VSX

In some scenarios, the "vsx_util reconfigure" command cannot fetch the policy installed previously.

PRJ-38202,
PRHF-23118

VSX

In some scenarios, the VSX Security Gateway may not decrease the packet's TTL.

PRJ-34602,
PMTR-74840

VSX

In some scenarios, the VSX Gateway may incorrectly handle broadcast packets received from a Virtual Switch.

PRJ-36786,
PMTR-79249

VSX

The "snmpwalk" command may time out after reaching SNMPv2-SMI::mib-2.68.1.2.0.

PRJ-36771,
PRJ-36756

Gaia OS

NEW: Gaia API (version 1.6 with python3 support) will now be deployed via Jumbo Hotfix. Refer to sk143612.

PRJ-24453,

PRHF-16628

Gaia OS

UPDATE: Changed the Syslog message severity from "error" to "info" and removed the exclamation mark in a specific message which is displayed during the normal backup operation flow.

PRJ-37415,
PMTR-74360

Gaia OS

In a rare scenario, while idle, the Security Gateway may crash producing a vmcore file.

PRJ-37225,
PMTR-63343

Gaia OS

Upgrade process may fail due to corrupted sic_local_cert.p12 certificate. Refer to sk171253.

PRJ-27908,
PRHF-17814

Harmony Endpoint

In some scenarios, logs related to Harmony Endpoint may be missing.

PRJ-37118,
PRHF-18358

VoIP

When static NAT is configured, VoIP calls may not work.

PRJ-38022,
ODU-342

Public Cloud CA Bundle

Added Take 18 of Public Cloud CA Bundle. Refer to sk172188.

PRJ-36703,
ODU-244

Public Cloud CA Bundle

Added Take 14 of Public Cloud CA Bundle. Refer to sk172188.

PRJ-34518,
PRJ-37145,
ODU-200,
ODU-286

Smart-1 Cloud

Added update 4 of Quantum Smart-1 Cloud. Refer to sk166056.

PRJ-37602,
PRHF-22145

CloudGuard Network

In Amazon Web Services (AWS), some Gateways may frequently crash with vmcores.

PRJ-35547,
PRHF-21841

CloudGuard Network

When there are virtual systems with the same name prefix, the CloudGuard Controller fails to update the VS with Data Center Objects.

PRJ-36273,
PRHF-22059

CloudGuard Network

In some scenarios, incorrect data center updates are pushed to the Gateway.

PRJ-37950,
PRHF-22994

CloudGuard Network

In some scenarios, mapping of AWS Data Centers may take a long time to complete.

PRJ-37052,
PRHF-20096

CloudGuard Network

In some scenarios, Data Center objects are not enforced on an AWS GEO cluster (Active/Active) Gateway. Refer to sk175904.

PRJ-38035,
ODU-341

Scalable Platforms

Added Take 21 of Check Point Support Data Collector (CPSDC) for Scalable Platforms and Maestro Security Appliances. Refer to sk164414.

PRJ-38223,
ODU-349

HCP

Added Update 8 of HealthCheck Point (HCP) Release. Refer to sk171436.

PRJ-36829,
ODU-287

HCP

Added Update 7 of HealthCheck Point (HCP) Release. Refer to sk171436.

Take 158

Released on 6 April 2022 and declared as Recommended on 16 May 2022

PRJ-30406,
PRHF-19450

Security Management

UPDATE:

  • Added the "--help" and "-h" flags to "mdsstop", "mdsstart" and "mdsstat".
  • It is no longer possible to run the "mdsstop" and "mdsstart" commands with wrong parameters.

PRJ-30112,
PRHF-17611

Security Management

In rare scenarios, the "show_changes" and "show_sessions" Management API commands may fail.

PRJ-32856,
PRHF-20444

Security Management

After the Management Server restart, the API command "show_tasks" may show some suppressed tasks as "in progress", if before the restart they were cleared in SmartConsole while they were still running.

PRJ-30474,
PRHF-19577

Security Management

Desktop policy installation may fail with the "Service ReferenceObject of type is not supported!" error.

PRJ-33564,
PMTR-75061

Security Management

In rare scenarios, a "Create Domain", "Delete Domain" or "Delete Domain Server" task can be stuck at 5% with the "Task in queue" status.

PRJ-35478,
PMTR-77765

Security Management

Multi-Domain High Availability synchronization in the Global Domain may fail with "There are invalid assignments on peer." error.

PRJ-25709,
PRHF-17010

Security Management

Deleting a network group may fail because it is being used, although "Where Used" shows no usage.

PRJ-33400,
PRHF-20866

Security Management

When automatic purge is configured in a local Domain and there is an assignment between the Global Domain to that Domain, the "show-automatic-purge" API command may fail in the Global Domain with the "Can't build automatic purge reply" error. Refer to sk176443.

PRJ-32428,
PRHF-20440

Security Management

In rare scenarios, adding a service to a rule in Access Policy:

  • may take a long time (more than several seconds)
  • may cause SmartConsole to unexpectedly exit

Refer to sk176004.

PRJ-32447,
PRHF-20062

Security Management

In rare scenarios, in a Multi-Domain environment, after performing an IPS Update, High Availability synchronization in the Global Domain fails with "NGM failed to import data".

PRJ-33520,
PRHF-20971

Security Management

In rare scenarios, the Management Server may fail to start.

PRJ-30530,
PRHF-19542

Security Management

Creating an administrator in a Multi-Domain environment may cause SmartConsole to freeze and time out.

PRJ-33286,
PRHF-20525

Security Management

When reassigning Global policy after an IPS update on the Global Domain, the updated IPS version in the Audit Logs view may appear with "-1" value instead of the actual IPS version number.

PRJ-32847,
PMTR-74961

Security Management

In rare scenarios, taking over a session may fail with "SmartConsole has experienced an unexpected error. Session operation failure".

PRJ-32668,
PRHF-20485

Security Management

When searching for tags usage, the "where-used" Management API command may fail with "Requested object not found".

PRJ-34225,
PRHF-21356

Security Management

When performing IPS Update or Global Domain Assignment, creating a Domain at the same time may fail with "Internal Error".

PRJ-33364,
PRHF-20847

Security Management

Global Domain Assignment fails with "An internal error has occurred" when there are more than 32K Threat Prevention Overrides in the local Domain. Refer to sk176464.

PRJ-30058,
PRHF-19250

Security Management

In rare scenarios, after a Management Server upgrade, importing the database may fail with "Tried to persist object".

PRJ-34771,
PRHF-20960

Security Management

Policy installation on Gateways R81 and below may fail when there are multiple login options configured with SAML which uses Identity Provider as an authentication method. Refer to sk176725.

PRJ-33863,
PRHF-21129

Security Management

When creating or updating a service object via Management API, it is not possible to specify a custom aggressive-aging timeout.

PRJ-32717,
PRHF-20332

Security Management

If there is a Global Domain Assignment, some results may be missing when searching in Packet Mode. Refer to sk178491.

PRJ-36185,
PRJ-36184

Security Management

In some scenarios, in SmartConsole, the IPS update status list does not reflect correctly all the Gateways with enabled IPS blade. Refer to sk175449.

PRJ-33978,
PRHF-21115

Security Management

Policy installation from the Multi-Domain Server level may trigger installation of two policies for the same VS.

PRJ-34034,
PMTR-73939

Security Management

When many sessions are opened:

  • Publish operation may be slow
  • APPI Update may be stuck on 30% and eventually fail
  • Domain Import task may be stuck after 50% and then fail

PRJ-33167,
PRHF-20782

Multi-Domain Management

The mds_backup script may not collect Multi-Domain Server log files from $MDSDIR/log/.

PRJ-30525,
PRHF-19541

Multi-Domain Management

In rare scenarios, running the "fwm sic_reset" command on Multi-Domain Server may fail.

PRJ-38327,
PMTR-82069

SmartConsole

  • Install Policy Preset may invoke policy installation on Gateways different from those that are defined.
  • Policy installation on multiple Gateways on MDS level may trigger installation on one Gateway only.

Refer to sk178590.

PRJ-34292,
PMTR-75623

Compliance

After disabling Compliance Best Practices, the user receives security alerts.
  • Requires R80.40 SmartConsole Build 430 (or higher).

PRJ-30377,
PRJ-30370

CPInfo

UPDATE: Added CPInfo Build 914000227. Refer to sk92739.

PRJ-31293,
PMTR-45132

Logging

NEW: It is now possible to search logs using content from the "Comment" field.

PRJ-29123,
PRHF-18445

Logging

SmartEvent may not show some of the Anti-Virus logs.

PRJ-31616,
PRHF-19834

Logging

Non-English letters in SmartView reports exported as CSV may be displayed incorrectly. Refer to sk175543.

PRJ-28316,
PRHF-18428

Logging

The "Last Update Time" field of a Session Log may show incorrect values.

PRJ-32587,
PRHF-20276

Logging

There may be empty values in the "Office Mode IP" field in the Logs view.

PRJ-32304,
PRHF-18539

Logging

When configuring an Email alert as an Automatic Reaction in SmartEvent, and the alert contains data from the event, some fields may be missing in the generated email.

PRJ-32017,
PRHF-20117

Logging

When running the "show_logs" API command with "query-id argument" and the session is expired, the command ends with a timeout instead of presenting an error.

PRJ-30091,
PRHF-18939

Logging

In rare scenarios, the LOG_INDEXER process stops working and logs are missing. Refer to sk176403.

PRJ-33747,
PMTR-76138

Security Gateway

UPDATE: Added a new flag to the "dynamic_objects" command: "-uo <name of object>". The user can now see all content of a specific updatable object.

PRJ-30782,
PRHF-19506

Security Gateway

Access Policy installation may fail with "Error code 1-2000078".

PRJ-33611,
PRHF-20810

Security Gateway

In a rare scenario, the FWD process may unexpectedly exit.

PRJ-32657,
PRHF-20471

Security Gateway

Security Gateway may unexpectedly reboot and create a vmcore file.

PRJ-33898,
PMTR-58175

Security Gateway

In rare scenarios, the LOG_INDEXER process may unexpectedly exit with a core dump file.

PRJ-33209,
PRHF-20674

Security Gateway

The dlpu process may unexpectedly exit, producing a core dump file.

PRJ-32791,
PRHF-20498

Security Gateway

In some scenarios, the matched rules log of Inline layer may appear as "Accept" / "Drop" action instead of "Inline".

PRJ-30782,
PRHF-19506

Security Gateway

Access Policy installation may fail with "Error code 1-2000078".

PRJ-31207,
PRHF-19333

Security Gateway

The Security Gateway may crash during policy installation due to memory allocation problems.

PRJ-33611,
PRHF-20810

Security Gateway

In a rare scenario, the FWD process may unexpectedly exit.

PRJ-33997,
PRHF-18340

Security Gateway

In rare scenarios, slow path connections that should be terminated/aborted may remain open until the timeout.

PRJ-32791,
PRHF-20498

Security Gateway

Matched rules on Inline layermay appear as the "Accept'"/ "Drop" action instead of "Inline".

PRJ-34255,
PRHF-20783

Security Gateway

It may not be possible to use Office 365 Tenant Restrictions when ICAP client is enabled.

PRJ-33124,
PRHF-20306

Security Gateway

In some scenarios, memory consumption and CPU usage may increase consistently due to large amount of content in CPView tool. Refer to sk176370.

PRJ-32925,
PRJ-32352

Security Gateway

When running the "cpstop" and "cpstart" commands, NAT statistics may fail with "fwx_alloc_global_find_free_port_atomic: failed to update NAT statistics".

PRJ-34267,
PRHF-19587

Security Gateway

The log_exporter process may consume high CPU.

PRJ-33249,
PRHF-20709

Internal CA, VPN

Creating a certificate for a third party Gateway with Check Point Internal CA may fail on the third party side. Refer to sk176468.

PRJ-30444,
PRHF-17552

Threat Prevention

In a rare scenario, the DLP process leaves open unused file descriptors in the $FWDIR/tmp/dlp directory which may take up a large amount of disk space.

PRJ-37474,
PMTR-80602

Identity Awareness,
Identity Logging

UPDATE: Adjusted AD-Query and Identity Logging solutions to work with Microsoft hardening changes in DCOM which were required for CVE-2021-26414. Refer to sk176148.

PRJ-30947,
IDA-4253

Identity Awareness

In some scenarios, persistent high CPU is caused by ADQuery due to a large number of authentication requests.

PRJ-32698,
PRHF-14110

Identity Awareness

Memory usage may be high for the pdpd process in a scenario related to Identity Awareness nested groups in state 2 and 4.

PRJ-33147,
PRHF-20682

URL Filtering

In some scenarios, websites encrypted with SSL are not matched correctly when categorization mode is on Holdand IDA is enabled. Refer to sk176283.

PRJ-29427,
PRHF-18966

IPS

When Website categorization mode is set to "Hold" and Gateway is Proxy, some connections may be incorrectly terminated.

PRJ-34644,
PRHF-21416

DLP

In a rare scenario, the DLP process may not delete temporary files used for scanning.

PRJ-33001,
PMTR-75153

SSL Inspection

UPDATE: Upgraded the default Infrastructure for local communication between some processes to TLS 1.2.

PRJ-34973,
PMTR-77321

SSL Inspection

In rare scenarios, the WSTLSD daemon may unexpectedly restart.

PRJ-34160,
PMTR-75807

SSL Inspection

In some scenarios, the WSTLSD daemon may unexpectedly exit during TLS probing.

PRJ-35936,

PRJ-35934

SSL Network Extender

UPDATE: SSL Network Extender was updated to version 800008304. It provides TLS 1.2 cipher suites support on macOS.

PRJ-31231,
SNX-67

SSL Network Extender

SSL Network Extender (SNX) may fail during large file transfers. Refer to sk87760.

PRJ-33875,
PMTR-61452

Mobile Access

Policy installation may fail due to table creation issues.

PRJ-34339,
PMTR-73930

SecureXL

The "fwaccel dos rate" command may fail with the"Another fwaccel command is already in progress" error.

PRJ-28644,
PMTR-67800

SecureXL

A redundant message "ACC: Accelerator started. " is printed in dmesg logs.

PRJ-35768,
PMTR-77756

Routing

UPDATE: Routed debug log will now show IP addresses.

PRJ-35644,
PMTR-54828

Routing

Handling BGP routes with very long AS paths may cause connectivity issues and the ROUTED daemon may exit with a core dump file.

PRJ-34710,
PMTR-73184

Routing

In rare scenarios, the ROUTED daemon may unexpectedly exit or write logs in the incorrect order.

PRJ-35340,
ROUT-1370

Routing

The routed daemon may unexpectedly exit with core dump when some interfaces lose connection with the PIM router.

PRJ-32423,
PRHF-20294

VPN, Multi-Portal

UPDATE: Certificate validation flow will use OCSP as the default revocation validation method. If OCSP URL does not exist, CRL will be used as a revocation validation method.

PRJ-33655,
PRHF-21022

VPN

The VPND process may unexpectedly exit with a core dump file.

PRJ-35310,
VPNS2S-2847

VPN

An outage may occur during IKEv2 SA re-key because of invalid kbuf duplication.

PRJ-35475,
PMTR-74009

VPN

Added VPN improvements for IKEv2 SA re-key.

PRJ-35342,
VPNS2S-2701

VPN

Policy installation and establishing a connection from a Gateway with Static IP may fail, if the IP address was previously used by a peer Gateway with DAIP.

PRJ-35392,
VPNS2S-2769

VPN

Improved IKEv2 for working with DAIPs.

PRJ-35487,
VPNS2S-2740

VPN

In ike_sa_table there may be an entry with an IP address and not with a DAIP ID.

PRJ-33737,
PMTR-75801

VPN

When applying Secure Configuration Verification (SCV) VPN client is not able to distinguish between Windows 10 and Windows 11.

PRJ-35230,
PMTR-73490

VPN

SSL entries may not be deleted from the "vpn tu tlist" command output, although there was a graceful exit.

PRJ-36419,
PMTR-79305

VPN

In some scenarios, when VPN logs are enabled and DAIP (Dynamically Assigned IP) peer is configured, the VPND daemon may unexpectedly exit.

PRJ-24187,
PRHF-16198

VPN

VPN connectivity issues may occur when there are too many SAs. Refer to sk173828.

PRJ-33838,
PMTR-76280

VSX

UPDATE: Shadow bridges will now be automatically disabled on VSX Gateways if the bridges are not in Active/Active mode.

PRJ-32532,
PMTR-74770

VSX

UPDATE: It is now possible to define interface topology as "defined by routes" using the VSX provisioning tool.

PRJ-37421,
PMTR-79515

VSX

After deleting a warp interface in SmartConsole, the active VSX cluster member may crash.

PRJ-30211,
PRHF-19017

Gaia OS

  • VLAN IPv6 address disappears after setting the parent interface state "off" and "on".
  • IPv6 address disappears after enabling Layer 3 bridge interface monitoring.

Refer to sk174969.

PRJ-31695,
PMTR-73594

Gaia OS

The "cpopenssl" command may fail with "No such file or directory".

PRJ-35002,
PMTR-77709

Gaia OS

Fixed the CVE-2020-14145 vulnerability.

PRJ-32916,
PMTR-75175

CloudGuard Network

NEW:

  • Rule base search in SmartConsole now also matches rules with Data Center Objects.

  • In SmartConsole, it is now possible to see IP addresses of all the objects included in:

    • AWS VPC and Availability Zone
    • Azure Virtual Network
    • GCP Network
  • In SmartConsole, improved searching objects using tags.

PRJ-31768,
PMTR-73896

CloudGuard Network

Improved the handling of NSX-T Data Center throttling issues.

PRJ-34526,
PRHF-21383

CloudGuard Network

When a Gateway's object name was changed, CloudGuard Central License Tool may fail to distribute licenses to the Gateway.

PRJ-35157,
ODU-199

Scalable Platforms

NEW: Added a self-updatable package of Check Point Support Data Collector (CPSDC) for Scalable Platforms and Maestro Security Appliances. Refer to sk164414.

PRJ-34441,
ODU-217

HCP

Added Update 6 of HealthCheck Point (HCP) Release. Refer to sk171436.

PRJ-29950,
PRHF-19115

Infrastructure

In a rare scenario, the user cannot connect to the Mobile Access Portal.

Take 156

Released on 20 March 2022 and declared as Recommended on 23 March 2022

PRJ-37957,
PMTR-81489

Gaia

UPDATE: Upgraded OpenSSL to fix CVE-2022-0778. Refer to sk178411.

PRJ-37841,
PRHF-22617

VoIP

A cluster member may crash generating a vmcore because of a mismatch in SIP tables.

PRJ-37605,
PRHF-22721

VoIP

In a cluster environment, the Gateway may crash with a vmcore.

Take 154

Released on 1 March 2022 and declared as Recommended on 8 March 2022

PRJ-36728

Security Gateway

  • On 2200 appliances, the CPD process may unexpectedly exit because of sensor read failure.

  • Sensor table values for 3600, 3600T, 3800, 6200B, 6200P, 6200T, 6400, 6600, 6700, 6900, 7000, 600-S are incorrect.

PRJ-37380,
CORXL-251

ClusterXL

Clock jumps forward/backward may cause some operations to fail and the cluster to go down.

Take 153

Released on 22 February 2022

PRJ-34690,
PMTR-75532

Diagnostics

In some scenarios, in an environment that includes the SmartEvent Server, the LOG_INDEXER process restarts at midnight, producing a core dump file. Refer to sk177805.

PRJ-36957,
PRHF-22500

Security Management

Policy installation and "where used" operation may take a long time if there are many inline layers and the "Install On" targets in the Rule Base are not defined as "Any". Refer to sk177928.

Take 150

Released on 19 January 2022

PRJ-29847,
PRHF-18734

Diagnostics

In some scenarios, CPView shows the SNMP data partially.

PRJ-32481

Diagnostics

In some scenarios on VSX, a "Loading kernel module for a network device with CAP_SYS_MODULE (deprecated). Use CAP_NET_ADMIN and alias netdev-eth instead" message appears in /var/log file.

PRJ-31056,
PMTR-64687

Upgrade Tools

In rare scenarios, an upgrade or migration may fail due to missing temporary files.

PRJ-29295,
PMTR-72367

Security Management

NEW: Added Multi-Domain Server (MDS) level support for exporting data from the Gateways and Servers view into a CSV file.

PRJ-24930,
PRHF-16947

Security Management

UPDATE: Added a warning message in SmartConsole, alerting if during policy installation memory utilization of the FWM process exceeded 3.5GB.

PRJ-29236,
TPM-2843

Security Management

UPDATE: Added a new flag to the Threat Prevention "show-protections" API command ("show-capture-packets-and-track") that allows not to return capture-packets and track information.

PRJ-31073,
PRHF-19320

Security Management

UPDATE: Added an environmental variable to control the sduu command timeout in the FWM process: SDUU_UPDATE_TIMEOUT.

PRJ-30049

Security Management

UPDATE: In order to prevent SHA-1 vulnerabilities, Management Server no longer supports SHA-1 cipher suites in SSL communication.

PRJ-32891,
PRHF-20657

Security Management

UPDATE: It is now possible to increase the timeout value for Management High Availability synchronization. Refer to sk176165.

PRJ-34960

Security Management,
Harmony Endpoint

UPDATE: The Apache Log4j Java library is updated in order to harden the system. Check Point products are not vulnerable to Log4j. This change is motivated by cyber hygiene best practices. For more information, refer to sk176865.

PRJ-32801,
PRHF-20435

Security Management

The mgmt_cli tool (API) with certificate login may not work.

PRJ-25279,
PRHF-17037

Security Management

In rare scenarios, login to Multi-Domain Management fails with the "No Valid Domains were found for [username]" error. Refer to sk175005.

PRJ-21876,
PRHF-15460

Security Management

In some scenarios, applying the "Where used" action may show incorrect data when an object exists more than once in an Inline Layer.

PRJ-22422,
PRHF-15598

Security Management

Domain Server Migration between different Multi-Domain Management Servers may fail if a previous migration attempt of the same Domain already failed and a different Domain name is used for the second attempt.

PRJ-23123,
PRHF-15939

Security Management

Migration of Security Management Server to a Domain on a Multi-Domain Server may be blocked if there are multiple Certificate Authority objects. Refer to sk174270.

PRJ-25196,
PMTR-68090

Security Management

The "Packet capture is not supported on this platform" warning appears after policy installation for SMB Gateways, although no packet capture is used.

PRJ-23851,
PMTR-66674

Security Management

Management Server upgrade may fail if there is a large amount of customized column profiles in the Logs View.

PRJ-21787,
PRHF-15257

Security Management

In some scenarios, the output of the "cpmistat" command may contain partial information.

PRJ-23953,
PRHF-16396

Security Management

In some scenarios, if changes were done before installing Jumbo Hotfix, revert or login to the last published session may fail.

PRJ-29304,
PMTR-72376

Security Management

In environments with a large number of objects, licenses for cluster members in the Licenses tab may not be displayed.

PRJ-30053,
PRHF-18928

Security Management

In rare scenarios, the FWM process unexpectedly exits and fails to start, creating core dumps in the /var/log/dump/usermode directory. Refer to sk175007.

PRJ-29967,
PRHF-19308

Security Management

In some scenarios, simultaneous policy installation on multiple Gateways may fail if there is at least one Gateway on R77.X and one Gateway on R80.X.

PRJ-29897,
PRHF-18828

Security Management

In some scenarios, login to a Domain from the System Domain dashboard may fail with "Failed to connect to server".
Refer to sk174910.

PRJ-30018,
PMTR-72786

Security Management

In rare scenarios, the "set-group" API command may return the "generic_err_invalid_parameter" error.

PRJ-28900,
PRHF-18508

Security Management

When searching IP addresses using logical operators (AND / OR), the results may be incorrect:

  • in SmartConsole in the Object Explorer view
  • with the Management API command "show objects" and the "filter" field

Some matched objects may be missing, while some unmatched objects may be present.

PRJ-29187,
PRHF-18470

Security Management

In a rare scenario, High Availability full synchronization may fail due to a large number of records.

PRJ-29157,
PRHF-18883

Security Management

Scheduled IPS updates data may not be shown in the IPS update report.

PRJ-30883,
PMTR-62059

Security Management

In rare scenarios, during an upgrade, the FWM process may unexpectedly exit with a core dump file.

PRJ-29468,
PRHF-19006

Security Management

In some scenarios, an API query to VRRP cluster for "show simple-cluster name <name>" returns an incorrect cluster type. Refer to sk174866.

PRJ-29198,
PRHF-18782

Security Management

After an upgrade from R77.x. in a Multi-site environment, High Availability full synchronization may fail with an "NGM failed to load data" message.

PRJ-28298,
PRHF-18362

Security Management

In rare scenarios, High Availability on the Global Domain may fail to synchronize the Multi-Domain Log Server if IPS protection was added or removed in the Threat Prevention rulebase.

PRJ-28535,
PRHF-18063

Security Management

In rare scenarios, Global Policy Assignment may fail with the "class name not found for object" error.

PRJ-28156,
PRHF-17926

Security Management

In rare scenarios, if Domain migration fails, the operation may not revert fully and leave some remnants in the database of the Management Server.

PRJ-28784,
PRHF-18557

Security Management

In some scenarios, "show-mdss" and "show-domains" Management API commands take a significant amount of time to complete or time out after 5 minutes.

PRJ-30099,
PRHF-19248

Security Management

In rare scenarios, a Multi-Domain administrator's profile may be changed after deleting a Domain if the administrator had custom permissions for it.

PRJ-30386,
PRHF-16024

Security Management

In rare scenarios, editing a cluster object fails with the "Code: 0x8003001D, Could not access file for write operation" error. Refer to sk176930.

PRJ-27763,
PRHF-17484

Security Management

The Management API commands "import-smart-task" and "export-smart-task" are enabled at the System Domain level, although Smart Tasks are only supported at the Local Domain level.

PRJ-26780,
PRHF-17767

Security Management

In some scenarios, in Override Categorization, it may not be possible to sort or to find objects by name using Object Explorer. Refer to sk175245.

PRJ-28063,
PRJ-28062

Security Management

In rare scenarios:

  • Login to the Management Server may timeout and fail
  • Publish operation may take a long time.

PRJ-27485,
PRHF-18079

Security Management

Global Policy reassignment may fail with "An internal error has occurred" due to duplicated Access Policy Assignment object.
Refer to sk174183.

PRJ-28815,
PRHF-18712

Security Management

In some scenarios, the "show gateways-and-servers" Management API command fails with "generic_error" when running it with "details-level full".

PRJ-26735,
PRHF-17606

Security Management

In a rare scenario, in the Management API, the "show hosts" command with "details-level full" fails with a "java.util.InputMismatchException: got at least one duplicate UID in requested list, duplicates UIDs:" message.

PRJ-29909,
PRHF-18974

Security Management

In some scenarios, it is possible to disable a shared layer, although it is used in more than one rule.

PRJ-20591,
PRHF-14327

Security Management

In rare scenarios, if one of the Multi-Domain Servers is down, reconfiguring VSX may fail.

PRJ-31741,
PMTR-73756

Security Management

In some scenarios, deleting a Domain fails when there is an administrator with API key authentication associated with this Domain.

PRJ-31081,
PRHF-19251

Security Management

In rare scenarios, the FWM process on the Security Management Server unexpectedly exits.

PRJ-30336,
PRHF-18150

Security Management

When one Server in a logical Server group is down, the second Server keeps trying to access it, no matter how long the Server is down.

PRJ-29157,
PRHF-18883

Security Management

Scheduled IPS updates data may not be shown in the IPS update report.

PRJ-22265,
PRHF-15674

Security Management

In some scenarios, the user may fail to connect to VPN Remote Access if there are expiration dates saved in a non-English date format. The issue can occur when SmartConsole is installed on a Windows client that uses a non-English locale.

PRJ-32091,
PRHF-20162

Security Management

When searching an IP address in Object Explorer, network objects with both IPv6 and IPv4 configured may not appear in the results, although they match the IP address.

PRJ-28168,
PRHF-18380

Security Management

In rare scenarios, the Management Server may fail to start due to incorrect sessions handling.

PRJ-32108,
PMTR-63070

Security Management

Policy installation may fail if more than 20,000 objects are created and added to rules.

PRJ-32649,
PMTR-74947

Security Management

In rare scenarios, deleting a Domain fails, leaving some remnants in the Management database.

PRJ-31671,
PRHF-19891

Security Management

In rare scenarios, the API commands "show-automatic-purge" and "set-automatic-purge" may fail if there were two earlier attempts to update the Automatic Purge at the same time.

PRJ-30680,
PRHF-19185

Security Management

Policy installation with Directional VPN rules may fail with a verification error.

PRJ-32994,
PRHF-20101

Security Management

Upgrade of Management Server from R80.10 to R80.40 may take a long time for large environments.

PRJ-30067,
PRHF-19326

Security Management

  • The High Availability status on Security Management Server may be incorrect and performing failover is not possible.
  • On Multi-Domain Server, after performing failover in the Global Domain and restarting services, the former active Global Domain Server still appears as active (although it is standby).

PRJ-29508,
PRHF-18890

Security Management

In some scenarios, the Management API command "show-packages" with "details-level full" may fail with an error. Refer to sk176805.

PRJ-33463,
PMTR-71195

Security Management

While editing a Small Office LSM Profile object, SmartConsole may unexpectedly close when enabling Threat Emulation and navigating to the configuration tab.

PRJ-34079,
PMTR-74982

Security Management

In some scenarios, after running an Ansible playbook, objects are locked even though they were not changed.

PRJ-34504,
PRHF-21481

Security Management

The "Accept" button is missing when modifying "Actions" for rules. Refer to sk177204.

PRJ-33552,
PRHF-20961

Security Management

When using the API to create an OPSEC CPMI application with a custom permissions profile, the default Super User profile is chosen instead.

PRJ-30350,
PRHF-19421

Multi-Domain Management

During a CPUSE upgrade of a Multi-Domain Server, if there are multiple external interfaces defined, the Domain Servers may be assigned to an incorrect interface.

PRJ-21830,
PRHF-15448

Multi-Domain Management

In rare scenarios, after an upgrade, the CPD process in a Multi-Domain environment may unexpectedly exit, creating a core dump file.

PRJ-27345,
PMTR-64049

Licensing

In a rare scenario, the licensing status in SmartConsole is displayed incorrectly.

PRJ-29310,
PRHF-18767

SmartConsole

The Compliance "Security Best Practices" report for the Anti-Bot practice contains unrelated objects starting with "AB_". Refer to sk174911.

PRJ-30520,
PMTR-73092

Compliance

The Compliance report in SmartConsole may show an incorrect policy name.

PRJ-22892,
PMTR-61926

CPView

In some scenarios, SNMP statistics per VS may not be displayed in CPView.

PRJ-32978,
PMTR-74061

CPView

In Overview, some data about disk space may be missing.

PRJ-26307,
PRHF-17314

Logging

In rare cases, in SmartConsole, some logs are not shown.

PRJ-30689,
PMTR-69181

Logging

UPDATE: The default timeframe for logs queries using the SmartConsole's Logs tab is set to "Last 24 Hours".

  • Requires R80.40 SmartConsole Build 425 (or higher)

PRJ-32085,
PMTR-74297

Logging

A duplicate entry appears in /etc/cpshell/log_rotation.conf. This issue is only cosmetic.

PRJ-13743,
PRHF-11391

Logging

The "Could not connect to Monitoring Blade" error is displayed when trying to show the "Top Interfaces" view in SmartConsole or SmartView Monitor for a Gateway that has more than 100 interfaces.

PRJ-22345,
PRHF-15696

Logging

In SmartView, the "Duration" field is missing from Reports and Views.

PRJ-17260,
PRHF-12617

Logging

In SmartConsole:

  • In Gateways and Servers view, IP statuses may not be accurate
  • In the Threat Prevention Policy tab, under "Updates", Gateways IPS update status may not be up-to-date, although the new IPS package was received successfully.

PRJ-16985,
PRHF-12847

Logging

In a rare scenario, Application Control events may not be displayed in SmartEvent.

PRJ-16282,
PRHF-11939

Logging

In some scenarios, emails of DLP blade may be sent with obfuscated information, with no option to present the full data. Refer to sk106430.

PRJ-29029,
PRHF-17596

Logging

In rare scenarios, SmartEvent may show no results or partial results in the Audit Log report.

PRJ-25832,
PMTR-68506

Logging

The LOG_INDEXER process on the SmartEvent Server may consume a high CPU when the Mobile Access blade is enabled on the Gateway.

PRJ-25622,
PMTR-68809

Logging

In environments with more than 500K network objects, the LOG_INDEXER process on SmartEvent and Correlation Unit Server may unexpectedly close with the "Out of memory" error and a dump core file, although limited resolving is enabled (according to sk164452).

PRJ-25440,
PRHF-17184

Logging

On the Management Server, with SmartEvent enabled and many Networks configured in the database, login to SmartConsole may fail with an "Error: the operation timeout" message and the FWM process is running with a high CPU. Refer to sk167239.

PRJ-24523,
PMTR-67575

Logging

In a low log rate, there may be a delay in exporting logs using the Log Exporter.

PRJ-27616,
PRHF-18157

Logging

The CPSEMD process on SmartEvent Server may unexpectedly exit when trying to send two automatic reactions simultaneously for the same event.

PRJ-28340,
PMTR-69859

Logging

In some scenarios, Log Exporter configured to export in TLS, cannot authenticate a certificate from an external certificate authority.

PRJ-26030,
PRHF-17325

Logging

In a rare scenario, after an NSX Gateway upgrade, enforcement details/identities are not pushed by the controller to the Gateway automatically, it can be done only by manual update. Refer to sk173323.

PRJ-28323,
PRHF-17811

Logging

In some scenarios, in SmartLog, free-text search does not work for some inspection settings logs and their description is missing.

PRJ-26681,
PRHF-17724

Logging

Logs that are sent by Log Exporter in CEF format, cannot be displayed if they include non-digit characters in the "dst_phone_number" field.

PRJ-19838,
PRHF-14286

Logging

On Gateways with many interfaces, after policy installation or after reboot, Real-Time Monitor (RTM) may consume a high CPU on the Gateway. Refer to sk170928.

PRJ-23313,
PRHF-16137

Logging

Daily Log/Indexes Maintenance does not delete old index files from $RTDIR/log_indexes if they contain files or subdirectories with a format different than %Y-%m-%d.

PRJ-32028,
PRHF-19715

Logging

In some scenarios, the "vpn_user" field is empty in the Logs view and SmartEvent Reports, even though it contains values in the raw log.

PRJ-30663,
PRHF-19620

Logging

  • The "fw log" and "fwm logexport" commands may fail with "Error: Failed to read field".
  • The exported log file may not contain all logs

Refer to sk176644.

PRJ-25653,
PRHF-17000

Logging

When SmartView Web is configured to not return empty values, a query may fail with a "query failed" message.

PRJ-29575,
PRHF-15052

Security Gateway

NEW: Added a new kernel parameter "up_disable_early_drop_optimization_for_reject" to disable "Early Drop Optimization" for reject rules. The parameter is enabled by default.

PRJ-31489,
PRHF-19710

Security Gateway

NEW: Added a new kernel parameter "cphwd_medium_path_qid_by_cpu_id". The parameter is disabled by default. Refer to sk175890.

PRJ-30981,
PMTR-73404

Security Gateway

UPDATE: Added L3 routing support for bridge interface assigned with IP address. To enable it, set fw_bridge_with_ip_routing=1 in the $FWDIR/fwkern.conf file. Refer to sk165560.

PRJ-32072,
STRM-737

Security Gateway

UPDATE: Check Point Active Streaming (CPAS) TCP Window scale factor is now increased up to 6.

PRJ-30588

Security Gateway

UPDATE: For CPU Spike Detective:

  • Added Clish support
  • Enhanced diagnostics in CPView
  • Enhanced profiling with heavy connections and top connections.

PRJ-31275,
PMTR-73504

Security Gateway

UPDATE: The "-c" and "-i" flags in Top Connections Tool are now supported on VSX Gateways. Refer to sk172229.

PRJ-34449,
PRHF-21182

Security Gateway

UPDATE: The "fw unloadlocal" command can now be used on a Virtual System only with the "-f" flag added. Otherwise, a warning message is displayed, indicating that unloading policy on a Virtual System will cause traffic issues with any Virtual System connected to a Virtual Switch or a Virtual System in Bridge mode.

PRJ-25307

Security Gateway

UPDATE: Added the "Configure Hyper-Threading" option to the cpconfig command.

PRJ-29093,
PRHF-18786

Security Gateway

In rare scenarios, policy installation fails with "Segmentation fault" and "Error compiling IPv4 flavor" messages.

PRJ-29587,
PRHF-19049

Security Gateway

In a rare scenario, Security Gateway may crash.

PRJ-31217,
PRHF-19896

Security Gateway

When a large number of VPN tunnels is configured and each one is used by a static route with ping, the ROUTED process may get incorrect cluster IPs for those tunnels. Refer to sk175887.

PRJ-29129,
PRHF-18716

Security Gateway

In rare scenarios, policy installation may fail with an "Operation failed, install/uninstall has been improperly terminated" message.

PRJ-29419,
PMTR-71855

Security Gateway

In a rare scenario, policy installation on the Security Gateway may fail with an "Error code: 0-2000108" message. Refer to sk170673.

PRJ-30011,
PRHF-18938

Security Gateway

In a rare scenario, when QoS is enabled, Security Gateway may crash while interfaces go down and up.

PRJ-29504,
PRHF-18863

Security Gateway

In some scenarios, using automatic Network Static NAT/Address range objects may cause connectivity issues.

PRJ-20627,
PRHF-14374

Security Gateway

Running the "threshold_config" command may cause the CPD process to consume a high CPU.

PRJ-27650,
PMTR-70634

Security Gateway

Negative values may appear in the output of the "fw tab -t connections -s" command and under the NAT section.

PRJ-32574,
PMTR-74852

Security Gateway

When deleting connection table entries with "fw ctl conntab -x", and using "rule", "service", "type", "flags" or "state" filters, entries that do not match these filters may still be deleted.

PRJ-26583,
PMTR-68272

Security Gateway

In a rare scenario, CPView may show incorrect SecureXL statistics per VS.

PRJ-30684

Security Gateway

In some scenarios, when using Suspicious Activity Monitoring (SAM) rules with source and destination networks or with a NATed IP, "matched rule is not found" errors appear.

PRJ-31967,
PMTR-74144

Security Gateway

In a rare scenario, "Connection/sec" data for accelerated traffic in CPView may differ from the statistics in SNMP.

PRJ-30179,
PRHF-19438

Security Gateway

In a rare scenario, policy push to multiple Security Gateways may fail. Refer to sk177963.

PRJ-30613,
PRHF-19614

Security Gateway

In rare scenarios, when SACK is enabled, there may be connectivity issues.

PRJ-26964,
PMTR-70393

Security Gateway

Improved CPS rate on Autoscale deployments of Amazon Web Services (AWS).

PRJ-22014,
PMTR-16149

Security Gateway

When deleting all Suspicious Activity Monitoring (SAM) rules, adding a large number of new rules, and installing policy, the system may hang.

PRJ-30250,
PMTR-70219

Security Gateway

Added a translation of the error exit code of cprid_util in $CPDIR/log/cprid_util.elg debug log.

PRJ-30669,
PRHF-19179

Security Gateway

In rare scenarios, when a Security Gateway is configured as Proxy, a wrong NAT port reuse may happen for 5 minutes long proxied connections.

PRJ-30041,
ODU-104

Security Gateway

If wstunnel loses connectivity, after several attempts it may unexpectedly exit and not restart. Refer to sk166056.

PRJ-25149,
PRHF-14366

Security Gateway

In a rare scenario, the TCP Half Closed timer (sk137672) may fail when configured for medium/fast connections.

PRJ-32336,
PMTR-72682

Security Gateway

Defining an IPv6 NAT rule with address range (hide) on the translated column may fail with an incorrect error message.

PRJ-29697,
PRHF-19097

Security Gateway

In rare a scenario, a memory leak may occur with "cpas_streamh_init_from_cookie failed" printed in /var/log/messages.

PRJ-33359,
PMTR-72975

Security Gateway

First policy installation after an upgrade may be followed by a warning message: "Updatable Objects are used in the policy but Gateway package is missing (see sk121877)".

PRJ-33081,
PRHF-20436

Security Gateway

Extended logging may show a wrong status of Content Awareness blade. The issue is only cosmetic.

PRJ-33512,
PMTR-75878

Security Gateway

CPView may show corrupted numbers in "F2V-Reasons". This issue is only cosmetic.

PRJ-27609,
PRHF-18068

Security Gateway

A debug message may be printed as an error.

PRJ-17572,
PMTR-57716

Security Gateway

The FWD process may unexpectedly exit due to a rare race condition. Refer to sk173424.

PRJ-32051,
PMTR-72836

Security Gateway

In a rare scenario, the Security Gateway may crash during policy installation.

PRJ-31016,
PRHF-19772

Internal CA

In a rare scenario, when CRL files are created, some of them may be generated with a large number in the filename. When deleting CRL files, CPCA repeatedly fails to start.

PRJ-24986,
PMTR-61787

Threat Prevention

UPDATE: Added support for more than 20 CIFS objects in rulebase. Refer to sk170300.

PRJ-28679,
AVIR-1444

Threat Prevention

UPDATE: Added an option to remove proxy usage in ioc_feeds tool.

PRJ-24253,
PMTR-66115

Threat Prevention

UPDATE: Reduce performance when Anti-Virus is configured with deep inspection on all file types.

PRJ-22397,
PRHF-15404

Threat Prevention

The "ciu_lic_open_lic_db_file: crc check failed" error message may be printed in fwd.elg log file during the policy installation if the IPS blade is disabled. Refer to sk172903.

PRJ-29925,
PRHF-19208

Threat Prevention

Threat Prevention policy installation may fail when loading 2 IOC feeds that contain the same signature name for one of the observables.

PRJ-28937,
PRJ-28974

Threat Prevention

Improved telemetry for Infinity Vision SOC.

PRJ-29035,
PRHF-18623

Threat Prevention

In some scenarios, loading Custom Intelligence Feeds that include an IP address with a subnet mask of 32 bits (x.x.x.x/32) may fail.

PRJ-27750,
PMTR-73052

Threat Prevention

When the "Automatically download Blade Contracts, new software, and other important data" checkbox is unchecked, Security Gateway may fail to update Threat Prevention packages.

PRJ-28763,
PMTR-71415

Threat Prevention

In some scenarios, when using OpenSSH 8.2 Server, file download fails after starting the transfer.

PRJ-28136,
PRJ-27437

Threat Extraction

In some scenarios, the "fw_send_kmsg: No buffer for tsid 44" error is printed in dmesg.

PRJ-29489,
IDA-4049

Identity Awareness

UPDATE:

  • Increased the default timeout values of entries: connected_pdp_refresh_interval is now set to 240 seconds and connected_pdp_grace_period is now set to 360 seconds.
  • Added the "Identity information / Network information will be deleted" alert to SmartConsole.

PRJ-30497,
IDA-4120

Identity Awareness

UPDATE: Enhanced Identity Sharing SmartPull mechanism for large scale environments.

PRJ-29613,
PRHF-18943

Identity Awareness

In a rare scenario, some IPv6 sessions may get deleted due to an incorrect update of Identity Gateway (PEP) kernel tables.

PRJ-29399,
IDA-4087

Identity Awareness

Improved the Identity Server (PDP) performance for publishing new network on Identity Sharing with SmartPull.

PRJ-27941,
IDA-4112

Identity Awareness

In some scenarios, users may not be able to reach Identity Gateway (PEP). Refer to sk174105.

PRJ-30991,
PMTR-66375

Identity Awareness

In a rare scenario, the priorities defined in User Directory (Gateway level) override the default Domain Controller (DC) priorities defined in the LDAP Account unit. Servers with priority above 1000 are not ignored, although they should be.

PRJ-32120,
MPTT-5094

Identity Awareness

An Identity Broker subscriber may be shown as the session owner for Remote Access VPN sessions received from another publisher.

PRJ-32871,
PMTR-75155

Identity Awareness

When Identity Awareness blade is enabled on the Security Gateway, rebooting of a member may trigger additional reboots. This may cause one of the members to go down with a configuration pnote.

PRJ-29768,
PRHF-18914

URL Filtering

In a very rare scenario, when the Application Control (APPI) and URL filtering blades are active, in hold mode, some applications cannot be identified and the traffic is dropped.

PRJ-29940,
PRHF-18992

IPS

In rare scenarios, if IPS Geolocation is enabled, the Security Gateway may crash.

PRJ-28738,
PRHF-17049

IPS

In some scenarios, the destination IP is missing from the IPS logs. Refer to sk174588.

PRJ-28244,
PRHF-18338

IPS

In some scenarios, HTTP Parser in the CPView statistics may show incorrect values for connections with more than 50 sessions.

PRJ-23347,
PRHF-15859

IPS

The track logging configuration of Network Quota protection is not applied.

PRJ-30425,
PRHF-17395

DLP

The dlpu process may unexpectedly exit with core dump file.

PRJ-29191,
TPP-1157

Anti-Bot

UPDATE: Improved performance of Anti-Bot URL Reputation.

PRJ-31172,
PMTR-72409

SSL Inspection

A memory leak, related to TLS probing, may occur in the WSTLSD process.

PRJ-31166,
PMTR-72136

SSL Inspection

In some scenarios, the WSTLSD process may unexpectedly close, or a memory leak may occur.

PRJ-29475,
PMTR-72234

SSL Inspection

In some scenarios, a memory leak may occur when creating ECDHE keys.

PRJ-30459,
PRHF-19516

SSL Inspection

In rare scenarios, HTTPS connections may hang indefinitely during the TLS handshake, causing timeout.

PRHF-20458

SSL Inspection

In a rare scenario, the WSTLSD process may unexpectedly exit and produce a core dump file.

PRJ-33406,
PMTR-72934

SSL Inspection

In rare scenarios, TLS probing connections may remain open for extended periods.

PRJ-32883,
PMTR-75079

SSL Inspection

When TLS 1.3 support is disabled, a memory leak may occur in the WSTLSD process during TLS session renegotiation.

PRJ-31182,
PMTR-73946

Mobile Access

UPDATE: Upgraded JQuery library version (from 1.1 to 3.6).

PRJ-27296,
VPNRA-761

Mobile Access

In rare scenarios, when SNX client is used with Application mode on the Mobile Access Blade, the VPND process may unexpectedly exit.

PRJ-29275,
PRJ-29268,
PRJ-29261,
PRHF-3784,
PRHF-3700,
PRHF-3742

Mobile Access

In some scenarios, a memory leak may occur in the CVPND process.

PRJ-28257,
PRHF-16057

Mobile Access

In a rare scenario, the VPND process may unexpectedly exit causing user disconnections from Checkpoint Mobile client.

PRJ-30381,
PRHF-19273

ClusterXL

In a rare scenario, after an upgrade and reboot, a Standby member is set to down with a FULLSYNC PNOTE and cannot synchronize.

PRJ-32470,
PMTR-74101

ClusterXL

Added Syslog support for Cluster events messages.

PRJ-30818,
PRHF-19417

SecureXL

In a rare scenario, after an upgrade, HTTPS traffic may be dropped.

PRJ-26952,
PMTR-70242

SecureXL

TCP packets may be dropped as "TCP out of state" although following sk11088.

PRJ-32939,
PMTR-75157

SecureXL

In some scenarios, when configuring internal/external enforcement for DOS/Rate limiting, a syslog error message may be displayed.

PRJ-24056,
PRHF-10260

Routing

In some scenarios, when using DHCP, the Security Gateway may not correctly route traffic to hosts.

PRJ-31126,
PMTR-73496

Routing

In rare cases, if Graceful Restart is not configured on the BGP peer, BGP routes may be lost near the Graceful Restart ending.

PRJ-29319,
ROUT-1721

Routing

AS path loops may occur, although BGP multihop is configured.

PRJ-28957,
PRHF-17739

Routing

The ROUTED process may unexpectedly exit.

PRJ-31486,
PRHF-19472

Routing

In some scenarios, the Security Gateway may not forward traffic to a client if its IP address is changed by DHCP. Refer to sk175603.

PRJ-29496,
ROUT-1745

Routing

BGP sessions may unexpectedly close because of unrecognized AFI/SAFI pairs in multiprotocol capability advertisements from a peer.

PRJ-33355,
PMTR-75438

Routing

  • Security Gateway may crash when OSPF inserts or removes an LSA from its database.
  • Neighbor dead timers may have negative values.

PRJ-32595,
PMTR-72056

VPN

In some scenarios, Remote Access VPN users cannot connect to the Gateway due to a kernel table issue.

PRJ-32518,
PMTR-74732

VPN

Improved establishing IKEv2 tunnel with DAIP peer.

PRJ-31472,
PMTR-68362

VPN

UPDATE: In policy installation, the type of messages related to VPN certificate expiration is changed from "info" to "warning". This issue is only cosmetic.

PRJ-29296,
PMTR-72019

VPN

Added VPN IKEv2 improvements.

PRJ-29532,
PRHF-18564

VPN

RIM script is not invoked for DAIP peer with Dead Peer Detection (DPD) permanent tunnels in passive mode.

PRJ-29482,
PMTR-72463

VPN

A memory leak may occur in the VPND process in IKEv2 Site to Site VPN.

PRJ-28559,
PMTR-20176

VPN

In some scenarios, when sending the SCV drop log, a memory leak may occur.

PRJ-28574,
PRHF-17880

VPN

In some scenarios, Server connections to Remote Access L2TP clients may be unstable.

PRJ-29592,
VPNS2S-2505

VPN

In a rare scenario, the IKEv2 negotiation appears successful, although it failed.

PRJ-30329,
PMTR-73629

VPN

In some scenarios, IKEv2 tunnel may not work due to SA expiration.

PRJ-30764,
PRHF-19548

VPN

In a very rare scenario, a cluster member may unexpectedly crash and restart, creating a core dump file.

PRJ-31289,
PRHF-19707

VPN

Hardened the ability to use narrowed IKEv2 tunnels. Refer to sk166417.

PRJ-32365,
PRHF-20315

VPN

Improved IKEv2 narrowing.

PRJ-33833,
VPNRA-831

VPN

In rare scenarios, when SSL Network Extender (SNX) is in Application Mode, the VPND process may unexpectedly exit.

PRJ-30956,
PRHF-19492

VPN

Improvements for DAIP Gateway behind Hide NAT.

PRJ-30648,
ESVPN-2665

VPN

A machine-only tunnel cannot be established when VPN default realm is disabled.

PRJ-28268,
PRHF-7443

VPN

A memory leak may occur in the VPND process.

PRJ-32549,
PMTR-74599

VPN

A memory leak may occur during Office Mode IP allocation.

PRJ-30755,
PRHF-19484

VPN

In a rare scenario, when NAT is enabled, Route Based VPN traffic may be dropped.

PRJ-31587,
PRHF-19959

VPN

In some scenarios, VPN tunnels statuses in SmartView Monitor are displayed incorrectly.

PRJ-22482,
PRHF-15744

VSX

In some scenarios, running the snmpwalk command may fail with incorrect OSPF-MIB information for VSX. Refer to sk172064.

PRJ-29552,
PRHF-18753

VSX

After a reboot, the VS's clish static ARPs configuration exists, but the static ARPs may be missing.

PRJ-27969,
PMTR-35890

VSX

When querying a VS for "sysObjectID" viaSNMP, a generic netSNMP value is returned ("NET-SNMP-MIB::netSnmpAgentOIDs.10") instead of Check Point value ("SNMPv2-SMI::enterprises.2620.1.6.123.1.62").

PRJ-30314,
PMTR-72515

Gaia OS

NEW: Gaia API (version 1.6) will now be deployed via Jumbo Hotfix. Refer to sk143612.

PRJ-30275,
PMTR-72997

Gaia OS

UPDATE: Upgraded OpenSSL to 1.1.1L. Merged the CVE-2021-3711 and CVE-2021-3712 fixes.

PRJ-30203,
PRHF-18610

Gaia OS

UPDATE: Added a Clish command "add/show/delete ntp interface" to choose to which interfaces the NTP daemon shall bind.

PRJ-28684,
PMTR-71763

Gaia OS

In some scenarios, in appliances: 6600,6700,6900, Power Supply Unit (PSU) status information may be incorrect. Refer to sk174443.

PRJ-17613,
PRHF-13255

Gaia OS

When adding an SSH host key, it will not be displayed because the total length of the command line cannot contain more than 512 characters.

PRJ-33507,
PMTR-75443

Gaia OS

Fixed CVE-2021-30361 - Gaia Portal Authenticated Command Injection. Refer to sk179128.

PRJ-31753,
PMTR-70869

Gaia OS

In some scenarios, after adding an SNMP USM user, the confd process may unexpectedly exit.

PRJ-33687,
PMTR-75891

Gaia OS

Potential vulnerability related to specific Gaia API command on VSX systems.

PRJ-33871

Gaia OS

Enhanced SNMP module stability.

PRJ-24328,
PRHF-16439

Harmony Endpoint

Restoring a UEPM Server backup via the Web Gaia Portal may not work on a new Server where the UEPM blade is not activated.

PRJ-25250,
PMTR-68435

Harmony Endpoint

In some scenarios, the Policy Server fails to synchronize with Endpoint primary Management after installing a hotfix for local E1 signature updates.

PRJ-30518,
PMTR-73094

Harmony Endpoint

In the Smart Endpoint tabs, the Server may generate reports where users have long names starting with "ntdomain://".

PRJ-29971,
PRHF-16925

Harmony Endpoint

In some scenarios, a query which counts host_ckp objects may return more results than expected. It leads to a memory leak with the "Out Of Memory" error.

PRJ-32389,
PRHF-19878

VoIP

When using SIP, memory usage may increase over time on Active and Standby members.

PRJ-29511,
VSECC-1418

CloudGuard Network

NEW: In Amazon Web Services (AWS):

  • Added Load Balancers tags. The tags can now be viewed in SmartConsole and added to the rulebase.
  • Added support for IMDSv2

To enable the feature:

  1. Edit the $FWDIR/conf/vsec.conf on the Management Server and add the line: aws.enableLoadBalancersTags=true
  2. From SSH run: vsec stop;vsec start

Note: This feature requires adding DescribeTags and DescribeLoadBalancers permissions to the AWS Data Centers accounts.

NEW: In Azure:

  • Added Application Security Groups
  • Added Private Endpoints

To enable the feature:

  1. Edit the $FWDIR/conf/vsec.conf on the Management Server and add the line: azure.enableAsgAndPep=true
  2. From SSH run: vsec stop;vsec start

Note: This feature requires adding permissions to list Application Security Groups and Private Endpoints.

PRJ-29985,
PRHF-19101

CloudGuard Network

UPDATE: When there are Data Centers without imported objects, CloudGuard Controller will show the warning status in SmartConsole and in the output of the "cpstat vsec" command.

PRJ-27771,
PRHF-17648

CloudGuard Network

Amazon Web Services (AWS) Data Center scan may fail and no updates are sent to the Security Gateway.

PRJ-31771,
PRHF-19949

CloudGuard Network

In a rare scenario, there is a high CPU0 utilization on Azure Security Gateway.

PRJ-32230,
CGIS-636

CloudGuard Network

The "vsec_lic_cli update" command now supports IP change in the license string.

PRJ-32753,
PMTR-74085

CloudGuard Network

After an upgrade, the AWS Gateway or Google Cloud Platform (GCP) may lose access to the Serial Console.

PRJ-27034,
PRHF-16098

QoS

In a rare scenario, when QoS is enabled, in SmartView Monitor, some traffic may be shown as "No Match".

PRJ-30234,
PRHF-18342

QoS

In a rare scenario, the FWD process may unexpectedly exit due to invalid QoS logs.

PRJ-30015,
ODU-181

HCP

Added Update 5 of HealthCheck Point (HCP) Release. Refer to sk171436.

PRJ-29410,
PRHF-19016

Infrastructure

Policy installation fails with "Operation failed, install/uninstall has been improperly terminated" when a CMA name is more than 36 characters long. Refer to sk175452.

PRJ-22353,
INFRA-528

Infrastructure

UPDATE: Updated Python 2.7.17 to 2.7.18, Python 3.7.7 to 3.7.12, added Python 3.9.7 and a Python3 alias.

Take 139

Released on 9 December 2021 and declared as Recommended on 13 December 2021

PRJ-34129

Threat Prevention

In a rare scenario, the Security Gateway may crash when Anti-Virus is enabled.

Take 138

Released on 30 November 2021

PRJ-33629,
PRJ-33258

Security Management

When connected to the standby Management Server, after High Availability full synchronization, some objects may appear twice in SmartConsole.

PRJ-32156,
PMTR-74372

Security Gateway

UPDATE: Apache HTTPD version was updated from 2.4.41 to 2.4.51.

PRJ-29540,
PRHF-19048

Security Gateway

After reboot and policy installation, the "No interface configured in SmartCenter server with name mdps_tun. Matching by IP address to interface Mgmt" error may be printed in fwk.elg file.

PRJ-33561

Threat Prevention

In a rare scenario, the Security Gateway may crash when working with Anti-Virus or Threat Emulation.

PRJ-33543,
PMTR-74799

Threat Prevention

When IPS Automatic update is enabled, a memory leak may occur in the FWD process. Refer to sk176947.

PRJ-32546

Gaia OS

In a rare scenario, the Security Gateway fails to boot when working in USFW (User-Space Firewall) mode.

Take 131

Released on 1 November 2021

PRJ-29442,
PMTR-72448

Security Gateway

UPDATE: The default value for kiss_kthread_allow_resched kernel parameter is changed to 1. Refer to sk170560.

PRJ-30373,
PMTR-73072

Security Gateway

Optimized packet dispatching in User Space Firewall (USFW) mode.

PRJ-28872,
PRHF-18560

Security Gateway

In a rare scenario, when using ICAP client, Security Gateway may crash.

PRJ-30214,
MPTT-4834

Security Gateway

In some scenarios, policy installation may take longer or fail when GEO Updatable Objects are used in the policy.

PRJ-29622

Security Gateway

Improved User-Space Firewall (USFW) mode memory allocation.

PRJ-29742,
PMTR-72615

Security Gateway

In a rare scenario, due to TCP connection reuse, a TCP connection may not be initiated. Refer to sk11088.

PRJ-31369,
PRHF-19693

Security Gateway

Improved the handling of a large number of sessions per single HTTP/S connection.

PRJ-26392,
PRHF-17436

Security Gateway

In some scenarios, the WSDNSD process unexpectedly exits and creates a core dump file. Refer to sk173627.

PRJ-25868,
PMTR-68801

Threat Prevention

In a rare scenario, the FWD process may unexpectedly exit after an upgrade.

PRJ-26496

Threat Prevention

In rare scenarios, IOC feed loading fails due to hash parsing errors.

PRJ-32353,
PMTR-74629

Identity Awareness

UPDATE: The default threshold value for Identity Collector Service Accounts exclusion was changed from 10 to 100. Refer to sk174266.

PRJ-31693,
PMTR-73790

IPS

Improved the handling of decoded HTTP/S traffic.

PRJ-23570,
PRHF-15500

Anti-Virus

Security Gateway may crash when transferring the HTTP multipart traffic if the Anti-Virus Deep Scanning, Threat Extraction, or Threat Emulation is enabled.

PRJ-30868,
PRHF-19755

VPN

A memory leak may occur in the VPND process.

PRJ-29282,
PRHF-18818

VPN

In rare scenarios, re-configuring a trusted CA bundle may cause a memory leak in the VPND process.

Take 126

Released on 13 October 2021

PRJ-26247,
PRJ-26233

Diagnostics

NEW: Added the Check Point Performance Sizing Utility (CPSizeMe) v5.2.

PRJ-26025,
PMTR-69307

Security Management

NEW: Added the "Get Interfaces" Management API for Security Gateway and Cluster objects.

  • The functionality is parallel to the "Get Interfaces" button in the SmartConsole Network Management page in the Security Gateway / Cluster editor.
  • The API is available starting from version 1.7.

PRJ-27201,
PRJ-27200

Security Management

NEW: Added the HitCount column to the "Export to CSV" functionality in Access Policy.

  • Requires R80.40 SmartConsole Build 425 (or higher).

PRJ-23051,
PMTR-61440

Security Management

NEW: Added support for CloudGuard Edge appliances in LSM and SmartConsole.

PRJ-27110,
PMTR-70138

Security Management

UPDATE: Performance improvement in an upgrade of Security Management and Multi-Domain Servers with large rulebases.

PRJ-27121,
PMTR-70628

Security Management

UPDATE: The "Purge revisions" operation has been improved to reduce the database's size.

PRJ-28422,
PMTR-10273

Security Management

Virtual session timeout for a TCP service cannot exceed 86400 seconds. Refer to sk168872.

PRJ-30631

Security Management

In the Management HA environment, when changing a standby Server to active, the "Failed to set the connected server to active" error may be shown, although the operation was finished successfully.

PRJ-13164,
PRHF-11027

Security Management

The "show-global-assignment" command returns the default limit when the limit request is greater than the default limit.

PRJ-28087,
PMTR-70942

Security Management

In some scenarios, the Administrators view may not filter Domain names according to the permission profile of the connected administrator.

PRJ-28648,
PRHF-18202

Security Management

In some scenarios, when using a VPN community, the status of the Global Domain Assignment may change to "not up to date" , although no changes were made in the Global Domain.

PRJ-29758

Security Management

In rare scenarios, after the Security Management Server starts up, when connecting to SmartConsole, some objects appear more than once.

PRJ-25565,
PRHF-17182

Security Management

In rare scenarios, upgrade may fail when there is an OPSEC Server object configured.

PRJ-28569,
PRHF-18422

Security Management