R80.40 Jumbo Hotfix Take 119
|
Note - This Take contains all fixes from all earlier Takes. |
ID |
Product |
Description |
---|---|---|
Take 119 Released on 4 July 2021 |
||
PRJ-24202, |
Security Management |
NEW: Trusted CAs updates for HTTPS Inspection can be configured to be installed automatically upon update. Refer to sk173629. |
PRJ-25033, |
Security Management |
UPDATE: If there is no license on the Security Management Server, a new verification blocks an attempt to migrate a domain. |
PRJ-25686, |
Security Management |
In some scenarios, a policy installation failure message may show "ReferenceObject" instead of the actual object's name. |
PRJ-23773, |
Security Management |
"Query failed" error is displayed in Security Gateway Device & License Information view in SmartConsole when canceling the "Export to PDF/CSV" operation. |
PRJ-24611, |
Security Management |
Incorrect Mobile Access license status upon a license change. |
PRJ-26183, |
Security Management |
When running the "fwm logexport" command multiple times, the FWM process may unexpectedly exit, producing a core file. |
PRJ-23884, |
Security Management |
In some scenarios, when updating Check Point Host object to be a Network Policy Management and in addition configuring it as a Secondary Server, "Publish" fails with "Action Failed due to an internal error". |
PRJ-23922, |
Security Management |
SmartConsole Extensions fail to load with "Error: unable to retrieve read-only session" if login with SmartConsole is performed with an IP address that is not defined as the primary IP of the Management Server. |
PRJ-21918, |
Security Management |
In some scenarios, Desktop policy fails with "Policy installation had failed due to an internal error. If the problem persists please contact Check Point support". Refer to sk171970. |
PRJ-22075, |
Security Management |
In rare scenarios, the Management Server may fail to start because Solr fails to initialize. |
PRJ-24486, |
Security Management |
In very large Management environments, Policy verification and installation may fail with FWM process core dump. Refer to sk173722. |
PRJ-21399, |
Security Management |
In rare scenarios, deleting an object fails with "Can't reach source object, maybe it already deleted" error. Refer to sk172828. |
PRJ-23936, |
Multi-Domain Management |
NEW: Once a day, Multi-Domain Management servers will check for peers that are not synchronized. If such are identified, HA full sync will be automatically initiated at the MDS level. |
PRJ-23697, |
Multi-Domain Management |
Global Policy Reassignment may take a long time to complete after an IPS Update in the Global Domain. |
PRJ-22638, |
Multi-Domain Management |
In rare scenarios, the Multi-Domain Management Server may fail to start if Domains were previously deleted. |
PRJ-24759, |
Multi-Domain Management |
Global Policy Assignments may be missing in Multi-Domain environment after upgrade from R77.x. |
PRJ-22522, |
Multi-Domain Management |
In some scenarios, Reassign Global Domain for a Domain that is active on another Multi-Domain Server may fail with "An internal error has occurred" message. Refer to sk172704. |
PRJ-24020, |
Multi-Domain Management |
In some scenarios, after upgrade of Multi-Domain environment that has active Domains on multiple Multi-Domain servers, some objects may not be visible in the System Domain. |
PRJ-23434, |
Multi-Domain Management |
In some scenarios, when trying to migrate or restore a Domain and this Domain already exists, an error is shown and the existing Domain is deleted. |
PRJ-25409, |
Multi-Domain Management |
In some scenarios, HA synchronization may fail on the MDS level with the "Failed to synchronize this peer due to purged revisions in the database." message. |
PRJ-22783, |
SmartConsole |
UPDATE:
Note:
|
PRJ-23604, |
SmartConsole |
In some scenarios, a SmartTask may fail to execute its action when it is triggered for a policy installation. |
PRJ-22126, |
SmartConsole |
SmartConsole configures a default value for the IPv4 mask length of VIP interface each time a user opens the interface editor for cluster object configured in the Active-Active mode. As a result, the value configured by a user is overwritten with the default value each time the user opens the cluster object and clicks OK.
|
PRJ-20257, |
Logging |
NEW: Log exporter allows the re-export of logs based on starting and end positions provided by the user, to close possible gaps. Refer to sk122323. |
PRJ-21418, |
Logging |
NEW: The Log exporter now supports formatting for RSA SIEM application. |
PRJ-25595, |
Logging |
UPDATE: The Log server now supports up to 2700 Gateways (previously was 1024). Refer to sk163413. |
PRJ-23580, |
Logging |
In some scenarios following a Multi-Domain Management Server upgrade, logs queries may not retrieve results from some CMAs\CLMs. |
PRJ-25453, |
Logging |
In rare scenarios, logs generated in the same second, with the same ID, may not show up in SmartConsole's Logs tab. |
PRJ-10357, |
Logging |
Log_indexer may unexpectedly exit on a SmartEvent server with a large number of CPUs (32 and up), and\or when the total number of log servers declared in correlation units is above 30. |
PRJ-24215, |
Logging |
In Multi-Domain environment, the same Domain may appear twice in the Domains view of the SmartEvent application. |
PRJ-12427, |
Logging |
In some scenarios, exported FireWall logs from a Security Gateway to an external syslog server (sk87560) contain a redundant new line character. |
PRJ-23204, |
Logging |
In rare scenarios, when creating a Log server object and establishing SIC, log queries from the newly created Log server object may fail. |
PRJ-22966, |
Logging |
In some scenarios, when exporting logs using the Log exporter tool and filtering on all Threat Prevention blades, logs of "Anti Spam" blade are not exported. |
PRJ-23009, |
Logging |
In rare scenarios, when the user exports logs to Excel using SmartView web, the action fails when the exported logs contain special characters, like emojis. |
PRJ-23112, |
Logging |
In some scenarios in SmartView, exporting a report or view to PDF duplicates the item and displays it twice in the Catalog until the export is done. |
PRJ-15232, |
Logging |
In SmartView, when creating a statistical table and grouping by Time, the query may fail. |
PRJ-23820, |
Logging |
In rare scenarios, when querying logs with a timeframe larger than 1 day, only 50 logs from each day will be shown. |
PRJ-16647, |
Logging |
In the SmartConsole Logs tab, the "IKE IDs" field cannot be added to column profiles. |
PRJ-23284, |
Security Gateway |
NEW: Added the "Top Connections" tool. For more information, refer to sk172229. |
PRJ-23383, |
Security Gateway |
NEW: Implemented new Fast-Accel producer. The following Fast-Accel statistics are added to CPView:
|
PRJ-10989, |
Security Gateway |
UPDATE: Added L3 routing support for bridge interface assigned with IP address. To enable it, set fw_bridge_with_ip_routing=1 in the $FWDIR/fwkern.conf file. Refer to sk165560. |
PRJ-24536, |
Security Gateway |
UPDATE: Added new Dynamic Balancing Clish command to enable default number of instances. To use it, run "set dynamic-balancing state enable set_default_fw_instances". Refer to sk164155. |
PRJ-22260, |
Security Gateway |
UPDATE: Added $CPDIR/log/sic_info.elg log file to show detailed SIC errors. |
PRJ-26330, |
Security Gateway |
UPDATE: The prompt indication will show on which plane (management or data) the context is. For example:
|
PRJ-23078, |
Security Gateway |
Enhancement: Early drop optimization will work even if the UserCheck is not relevant for this connection. |
PRJ-18126, |
Security Gateway |
In some scenarios, an incorrect interface name is displayed in CPView. |
PRJ-26577, |
Security Gateway |
In rare scenarios, a Security Gateway may crash. |
PRJ-24009, |
Security Gateway |
In rare scenarios, when the "sd_global_monitor_only" property is set to "true", there is no HTTP inspection. |
PRJ-21450, |
Security Gateway |
RSA integration using SAML (Security Assertion Markup Language) protocol may not work as expected. Refer to sk171501. |
PRJ-23538, |
Security Gateway |
In some scenarios, values set in fwkern.conf may not be applied correctly. |
PRJ-20982, |
Security Gateway |
In rare scenarios, the CPD process unexpectedly exits when the VPN is enabled, and statuses are not sent to the Management Server. |
PRJ-23427, |
Security Gateway |
The VPND process may consume high CPU because of ECDHE use, which affects multi-portal functionality. Refer to sk173145. |
PRJ-24377, |
Security Gateway |
A memory leak may occur in a DNS resolving infrastructure. |
PRJ-24882, |
Security Gateway |
In rare scenarios, the name of the application that drops a packet was not shown in the drop debug. Instead, the "PSL Drop: internal - drop enabled" message was displayed. |
PRJ-21312, |
Security Gateway |
Allow automatic configuration of Identity Awareness nested group state 4 for Security Gateways with a previously installed fix for IDA-754. |
PRJ-36022, |
Security Gateway |
In some scenarios, policy installation fails with "Error code 0-2000077" message. |
PRJ-21472, |
Security Gateway |
When the Security Gateway is configured as a proxy, some network objects may not be matched correctly. |
PRJ-24299, |
Security Gateway |
In a rare scenario, the FWK process unexpectedly exits on the Security Gateway. |
PRJ-22879, |
Security Gateway |
In some scenarios, FWD sub-processes start with wrong CPU affinity. |
PRJ-25598, |
Security Gateway |
In some scenarios, packets are dropped due to incorrect SACK translation when SACK and sequence translation are being used together. |
PRJ-24465, |
Security Gateway |
In a rare scenario, Security Gateway may crash when handling some DNS packets. |
PRJ-22739, |
Security Gateway |
When Strict Hold is enabled in the fail-open configuration, some HTTPS connections may stuck. |
PRJ-24413, |
Security Gateway, |
In a rare scenario, Security Gateway may crash under heavy load during cluster failover. |
PRJ-24730, |
Security Gateway |
On rare scenarios, running "fw1 + misp" debug on cluster may cause Security Gateway to crash. |
PRJ-22944, |
Security Gateway |
In rare scenarios, policy installation fails with "gen_other_service_inspect_func: failed to find corresponding service object for <service name>" error message. |
PRJ-23948, |
Security Gateway |
In a rare scenario, Security Gateway may crash when running in USFW (User-Space Firewall) mode. |
PRJ-23041, |
Security Gateway |
In a rare scenario, Security Gateway may crash during the Application Control / IPS / Anti-Bot package update. |
PRJ-23341, |
Security Gateway |
Boot may take a long time on machines with many VLANs or secondary IP addresses. |
PRJ-20810, |
Security Gateway |
On Security Management with connected Endpoint Security Server, the SICTUNNEL process may unexpectedly exit and start again every few minutes with core file ~4gb in size. Refer to sk173704. |
PRJ-22749, |
Security Gateway |
In a rare scenario, Security Gateway may crash due to log buffer corruption. |
PRJ-22624, |
Security Gateway |
In some scenarios, the VSX Cluster switch may cause a core dump. |
PRJ-26879, |
Security Gateway |
In a rare scenario, Security Gateway may crash due to log buffer corruption. |
PRJ-25906, |
Security Gateway |
In a rare scenario, machine hangs and user is unable to run any command. Refer to sk173405. |
PRJ-26015, |
Security Gateway |
In a rare scenario, a memory leak may occur in in.emaild.mta process. |
PRJ-25737, |
Security Gateway |
In some scenarios, Security Gateway may crash when ICAP client is enabled. |
PRJ-26344, |
Security Gateway |
When using Routing separation and ClusterXL, the "cphaprob -a if" command displays "mdps_tun" as "DOWN". |
PRJ-26257, |
Security Gateway |
In a rare scenario, incorrect error messages regarding the ICAP client flow appear in dmesg. Refer to sk173546. |
PRJ-25816, |
Security Gateway |
Added Dynamic Anti-Spoofing stability enhancements. |
PRJ-25392, |
Security Gateway |
In some scenarios, there is no match on URL Filtering rules. |
PRJ-16921, |
Security Gateway |
In rare scenarios, SmartView Monitor shows the "Error code: 2147483647" message when viewing data from a VSX Gateway. Refer to sk174206. |
PRJ-26151, |
Security Gateway |
In a rare scenario, a memory leak may occur when IPS / Anti-Bot / Anti-Virus blade is enabled. |
PRJ-25272, |
Internal CA, VPN, Multi-Portal |
UPDATE: The IKE certificates validity period is set to 1 year by default. Refer to sk176527. |
PRJ-26139, |
Internal CA |
UPDATE: Added automatic extension for Internal CA database to support more than 100,000 certificates. |
PRJ-20813, |
Threat Prevention |
Large file download with SFTP may fail when the connection is inspected. |
PRJ-17296, |
Threat Prevention |
In some conditions, the Security Gateway may crash when SSH Deep Packet Inspection (SSH DPI) and Anti-Virus are enabled. |
PRJ-23267, |
Threat Prevention |
In rare scenarios, the "fw load_sigs" command fails to exit appropriately after completing. |
PRJ-22271, |
Threat Prevention |
Improved the Threat Prevention policy installation time when installing on more than two Security gateways. |
PRJ-19557, |
Threat Prevention |
In some scenarios, "cpssh_trans_endpoint_handle_session_travers_timeout: INTERNAL ERROR" errors are displayed in the fwk.elg file when inspecting SSH traffic. |
PRJ-20484, |
Threat Prevention |
In rare scenarios, Security Gateway may crash when working with SSH. |
PRJ-25058, |
Identity Awareness |
NEW: Added new Auto-Tune feature for Nested Groups to select the optimal nested state for maximum performance. The feature is disabled by default. To enable it, refer to sk128212. |
PRJ-25382, |
Identity Awareness |
UPDATE: Changed the Web-API conciliation score from 10 to 15. |
PRJ-26973, |
Identity Awareness |
UPDATE: It is now possible to configure SAML (Security Assertion Markup Language) authentication with the same Microsoft Azure AD directory for multiple blades on the same Security Gateway. |
PRJ-25581, |
Identity Awareness |
In some scenarios, Identity Awareness with enabled Remote Access identity source constantly prints "A secondary session request was received from the same IP" message in the log and overrides the existing session. |
PRJ-22359, |
Identity Awareness |
In some scenarios, output of "pdp conn pep" command may show incorrect PEP names. |
PRJ-16186, |
Identity Awareness |
Added optimization for PDP when handling Terminal servers Multi-User Host Agent (MUH). |
PRJ-25379, |
Identity Awareness |
In Identity Awareness Captive portal, the default Check Point logo is displayed even if the user-defined logo is configured. Refer to sk133492. |
PRJ-21457, |
Identity Awareness |
In some scenarios, the VPN Remote Access client fails to connect if a certificate contains a DN with an asterisk (*). |
PRJ-21771, |
Application Control |
A failure log may be generated when inspecting connections to servers with certificates without a common name (CN) field. |
PRJ-19859, |
SSL Inspection |
UPDATE: Avoid sending the TLS probe during inbound inspection when it is not necessary for the SNI-based categorization. |
PRJ-21686, |
SSL Inspection |
UPDATE: Avoid sending the TLS probe during the inbound inspection when a rule is matched according to the IP address. |
PRJ-22427, |
SSL Inspection |
In some scenarios, the "Parallel TLS Sessions" and "Cache entries" CPView statistics for SSL Inspection are incorrect. |
PRJ-19856, |
SSL Inspection |
TLS probing failures generate logs with a general description in SmartLog: "Internal system error in HTTPS Inspection (Error Code: 2)". With this fix, more descriptive logs will be generated. |
PRJ-24462, |
SSL Inspection |
In some scenarios, memory leaks may occur after policy installation. |
PRJ-24468, |
SSL Inspection |
In rare scenarios, the WSTLSD daemon may unexpectedly exit during TLS probing. |
PRJ-25173, |
SSL Inspection |
In some scenarios, when HTTPS Inspection is enabled, overall memory consumption may gradually increase. Refer to sk171280. |
PRJ-20680, |
SSL Inspection |
A table hash size may be too small for some environments and cause an increased CPU usage. |
PRJ-24781, |
Anti-Malware |
In a rare scenario, the Security gateway may crash with the "Problem with the Commit Function" error during policy installation. Refer to sk173248. |
PRJ-24120, |
IPS |
Added IPS Core Protections scan improvements for HTTP traffic. |
PRJ-22188, |
IPS |
In some scenarios, the DNS response message with record type 0 may be dropped by "Non compliant DNS" protection. |
PRJ-23928, |
Anti-Bot |
UPDATE: Anti-Bot URL cache was enhanced to support further requests. |
PRJ-23980, |
UserCheck |
Sensitive file push.js may be visible on the Security gateway. |
PRJ-24628, |
UserCheck |
In rare scenarios, when clicking the "Send Original Mail to me" button (sk140214) in the UserCheck portal for Threat Extraction, action fails with "An unexpected error has occured ..." error message. |
PRJ-22332, |
Mobile Access |
In some scenarios, the VPND process unexpectedly exits in SNX Application Mode. |
PRJ-23092, |
Mobile Access |
In some scenarios, FWK process unexpectedly exits due to SNX authorization timeout in MAB's Unified Policy mode. Refer to sk173125. |
PRJ-23653, |
Mobile Access |
Remote Access session may not be synced on the standby member VS. |
PRJ-24687, |
Mobile Access |
In some scenarios, the HTTPD process consumes a high CPU causing slowness in access to web applications. |
PRJ-23731, |
Mobile Access |
In some scenarios, when configuring the "X-Forwarded-For" header to MAB reverse proxy, the header is passed in reverse order. |
PRJ-25104, |
ClusterXL |
Data connections from the Standby member of an Active-Standby cluster may be dropped on the stealth rule when "fwha_cluster_hide_active_only" is set to 1. |
PRJ-27788, |
ClusterXL |
Log shows that CCP encryption fails on each policy installation. |
PRJ-24145, |
SecureXL |
UPDATE: Firewall debug drop template message now indicates the rule ID the template was created from. |
PRJ-24015, |
SecureXL |
Configuring the "Virtual Activation Timeout" option above 65535 may lead to an incorrect timeout definition. |
PRJ-23460, |
SecureXL |
A race condition in the DOS/Rate limiting policy's install logic may cause incorrect counter values for "concurrent-conns". |
PRJ-17461, |
SecureXL |
SecureXL keeps forwarding packets in VSX bridge mode when the member is down. Refer to sk169495. |
PRJ-24652, |
SecureXL |
In some scenarios, the "reached the limit of maximum enqueued packets!" log is printed in the /var/log/messages file. |
PRJ-23848, |
SecureXL |
In some non-VPN scenarios, MSS Adjustment (Clamping) does not work. |
PRJ-25510, |
SecureXL |
In a rare scenario, Security Gateway may crash when generating CPInfo in VSX mode. |
PRJ-22785, |
SecureXL |
In a rare scenario, Security Gateway may crash after running the "fwaccel tab -t connections" command. |
PRJ-23272, |
CoreXL |
In some scenarios, the "fw ctl affinity" command on MPDS Dplane does not show the Mplane Multi-Queue interfaces. |
PRJ-24477, |
Routing |
UPDATE: Allow "set bgp internal peer <value> send-route-refresh" commands. |
PRJ-23249, |
Routing |
VRRP member freezes when deleting a VLAN interface. Refer to sk106226. |
PRJ-24970, |
Routing |
Graceful restart has been enhanced to tolerate a non-standard behavior by peers of closing BGP connection before getting established. |
PRJ-24716, |
Routing |
In OSPF environment, the ROUTED process may unexpectedly exit when a VPN tunnel is flapped leading to a temporary connectivity loss. |
PRJ-25041, |
Routing |
In a rare scenario, the ROUTED process unexpectedly exits when creating an MFC (S,G) entry. Refer to sk176685. |
PRJ-23741, |
Routing |
After restarting OSPF with the "restart ospf instance default" command, OSPF may not redistribute routes until making a configuration change. |
PRJ-25995, |
Routing |
In some scenarios, the monitored IP option "force-if-symmetry" does not detect the asymmetric ping properly. |
PRJ-24388, |
Routing |
In rare scenarios, a Load Sharing cluster can experience DHCP relay drops with a "dropped by fw_post_vm_chain_handler Reason: Handler 'dhcp_reply_code' drop" message. |
- |
VPN |
Hardened the ability to use narrowed IKEv2 tunnels. For more information, refer to sk166417. |
PRJ-25493 |
VPN |
UPDATE: Added support for Security Assertion Markup Language (SAML) authentication on more than one VS in VSX. Refer to sk172909. |
PRJ-23763, |
VPN |
UPDATE: Option 3 of the "vpn tu" command shows now the realm name and if the authentication was performed with the server certificate. |
PRJ-24816, |
VPN |
UPDATE: Added VPN improvements in IKEv2:
|
PRJ-24916, |
VPN |
UPDATE:
|
VPNS2S-2313 |
VPN |
"Invalid ID information" message may be displayed when peer is 3rd party and Link selection is overridden. |
VPNS2S-2313 |
VPN |
IKEv2 may cause the VPND process to unexpectedly exit when IKEv2 rekey uses certificates. |
VPNS2S-2313 |
VPN |
|
PRJ-22543, |
VPN |
Added stability fix in validation checks for ECDSA certificates. |
PRJ-24252, |
VPN |
In some scenarios, the TTM (Transform Template) file is not loaded when there are no TTM groups for the user. |
PRJ-26349, |
VPN |
If SSL Inspection or other blades that use the CPAS infrastructure is enabled, a call trace warning is displayed in dmesg when the cpstop command is issued. |
PRJ-23938, |
VPN |
When the Remote Access is configured to use DHCP for the Office Mode allocation, disconnection of SNX/L2TP clients may cause the IP address not be removed from the table. |
PRJ-15569 |
VPN |
In some scenarios, NAT-T traffic is sent to the wrong next-hop MAC address. |
PRJ-26341, |
VPN |
In some scenarios, Phase 2 NULL encryption in IKEv2 fails with "Received notification from peer: No proposal chosen" message in the log. |
PRJ-25235, |
VPN |
Added improvements for DAIP gateway behind Hide NAT and ROBO peer gateways. |
PRJ-26267, |
VPN |
In some scenarios in MEP configuration, failover to available MEP members may fail. |
PRJ-26929, |
VPN |
In some scenarios, the VPND process unexpectedly exits after installing the policy. |
PRJ-23985, |
VPN |
In some scenarios, the he VPND process may unexpectedly exit producing a core dump. |
PRJ-23974, |
VPN |
In some scenarios, the IKED process unexpectedly exits producing a core dump. |
PRJ-24860, |
VPN |
The VPND process may unexpectedly exit when cipher priority configuration is invalid. Refer to sk173083. |
PRJ-25489, |
VPN |
In VSX environments, Anti-Spoofing in SecureXL may cause Remote Access VPN drops. Refer to sk173266. |
PRJ-24890, |
VPN |
In some scenarios, the "Global param: operation failed: Unknown parameter (param name vpn_cluster_on_aws)" cosmetic error may appear in dmesg. |
PRJ-21942, |
VPN |
In some scenarios, VPN Remote Access users are disconnected after policy installation. Refer to sk171966. |
PRJ-14272, |
VPN |
Added IKE improvement for DAIP peer with ID_DER_ASN1_DN ID type. |
PRJ-22528, |
VPN |
When Multiple Factor Authentication is configured with DynamicID , VPN clients may receive four password prompts. Refer to sk144932. |
PRJ-24402, |
VPN |
In some scenarios, DAIP gateways may be identified as Remote Access, causing the connection to fail. Refer to sk173417. |
PRJ-25053, |
VPN |
In some scenarios, a user may not be able to connect because the VPND process unexpectedly exits. |
PRJ-25133, |
VPN |
In some scenarios, the VPN Remote Access client cannot reconnect after changing the authentication method. |
PRJ-26204, |
VPN |
MEP failover with 3rd party vendors may not work correctly. |
PRJ-25333, |
VPN |
In some scenarios, the "Illegal sequence number" error may be printed in Dead Peer Detection (DPD) debug. |
PRJ-21431, |
Gaia OS |
NEW: Added support for hardware (sensors/NICs) data auto-update. |
PRJ-25718, |
Gaia OS |
UPDATE: The Multi-Queue (MQ) enhancement by IPSEC SPI is now supported out of the box on CPAC-4-10F-C appliance NICs (i40e driver, X710 controller). |
PRJ-26747, |
Gaia OS |
The raid_diagnostic command fails on Smart-1 3050/3150/5050/5150 appliances. Refer to sk173788. |
PRJ-23329, |
Gaia OS |
The "snmptable" command may fail to fetch data via SNMP producing core dump. Refer to sk172824. |
PRJ-23421, |
Gaia OS |
The administrator cannot force a password change to users with UID 0. |
PRJ-26756, |
Gaia OS |
In some scenarios, the first packet of any protocol is dropped if there is no ARP cache entry in the ARP table for that destination. Refer to sk173933. |
PRJ-24173, |
Gaia OS |
In rare scenarios, the Security Gateway may crash during tcpdump. Refer to sk141412. |
PRJ-23614, |
Gaia OS |
In rare scenarios, there is a difference between the value of "Packets" in the output of "ifconfig <interface name>" and "show interface <interface name> statistics" commands. |
PRJ-24493, |
Gaia OS |
In a rare scenario, the Security Gateway may become unresponsive. Refer to sk172827. |
PRJ-24596, |
Gaia OS |
When the RADIUS server uses a multi-pool "Access Challenge", the system sends many authentication requests without waiting. |
PRJ-25669, |
Gaia OS |
In some scenarios, the driver's (i40e) response time for MQ settings takes a too long time. |
PRJ-26328, |
Gaia OS |
When using routing separation, Clish configuration for the management plane may be missing. |
PRJ-23967, |
VSX |
UPDATE: Added ability to change the Management and Sync interfaces via vsx_util change_interfaces. |
PRJ-23828, |
VSX |
In rare scenarios, the Wrp interface may not come up. Refer to sk171753. |
PRJ-24382, |
VSX |
In rare scenarios, when the VSX cluster experiences an outage, the FWK process generates a core dump file. |
PRJ-23483, |
VoIP |
In some scenarios, the "sip_increase_opq_rnum: Error - number of reinvites exceeded the limit" message that indicates the malfunction SIP flow is printed in SIP debug. |
PRJ-24293, |
Smart-1 Cloud |
Added Update 1 of Quantum Smart-1 Cloud Release. Refer to sk166056. |
PRJ-23379, |
CloudGuard Network |
The SNMP response may show incomplete values. |
PRJ-25378, |
CloudGuard Network |
CloudGuard Controller with Cisco ACI Data Center sends updates without IP addresses to Security Gateways. |
PRJ-21718, |
CloudGuard Azure |
Improved performance consistency (with Multi-Queue) after the Microsoft Azure Maintenance event. |
PRJ-23132, |
IoT |
NEW: Added new features:
|
- |
IoT |
UPDATE: If the recommended-policy includes some illegal rules, an IoT layer will be created with the legal rules only and the user will be notified with a warning about the illegal ones. |
PRJ-24280, |
Endpoint Security |
In some scenarios, the "Included Blades" tab in the SmartEndpoint Package repository for Dynamic Package is empty. |
PRJ-25728, |
QoS |
A memory leak may occur when using domain names in QoS policy rules. |