R80.40 Jumbo Hotfix Take 158

Note - This Take contains all fixes from all earlier Takes.

ID	Product	Description
Take 158 Released on 6 April 2022 and declared as Recommended on 16 May 2022
PRJ-30406, PRHF-19450	Security Management	UPDATE: Added the "--help" and "-h" flags to "mdsstop", "mdsstart" and "mdsstat". It is no longer possible to run the "mdsstop" and "mdsstart" commands with wrong parameters.
PRJ-30112, PRHF-17611	Security Management	In rare scenarios, the "show_changes" and "show_sessions" Management API commands may fail.
PRJ-32856, PRHF-20444	Security Management	After the Management Server restart, the API command "show_tasks" may show some suppressed tasks as "in progress", if before the restart they were cleared in SmartConsole while they were still running.
PRJ-30474, PRHF-19577	Security Management	Desktop policy installation may fail with the "Service ReferenceObject of type is not supported!" error.
PRJ-33564, PMTR-75061	Security Management	In rare scenarios, a "Create Domain", "Delete Domain" or "Delete Domain Server" task can be stuck at 5% with the "Task in queue" status.
PRJ-35478, PMTR-77765	Security Management	Multi-Domain High Availability synchronization in the Global Domain may fail with "There are invalid assignments on peer." error.
PRJ-25709, PRHF-17010	Security Management	Deleting a network group may fail because it is being used, although "Where Used" shows no usage.
PRJ-33400, PRHF-20866	Security Management	When automatic purge is configured in a local Domain and there is an assignment between the Global Domain to that Domain, the "show-automatic-purge" API command may fail in the Global Domain with the "Can't build automatic purge reply" error. Refer to sk176443.
PRJ-32428, PRHF-20440	Security Management	In rare scenarios, adding a service to a rule in Access Policy: may take a long time (more than several seconds) may cause SmartConsole to unexpectedly exit Refer to sk176004.
PRJ-32447, PRHF-20062	Security Management	In rare scenarios, in a Multi-Domain environment, after performing an IPS Update, High Availability synchronization in the Global Domain fails with "NGM failed to import data".
PRJ-33520, PRHF-20971	Security Management	In rare scenarios, the Management Server may fail to start.
PRJ-30530, PRHF-19542	Security Management	Creating an administrator in a Multi-Domain environment may cause SmartConsole to freeze and time out.
PRJ-33286, PRHF-20525	Security Management	When reassigning Global policy after an IPS update on the Global Domain, the updated IPS version in the Audit Logs view may appear with "-1" value instead of the actual IPS version number.
PRJ-32847, PMTR-74961	Security Management	In rare scenarios, taking over a session may fail with "SmartConsole has experienced an unexpected error. Session operation failure".
PRJ-32668, PRHF-20485	Security Management	When searching for tags usage, the "where-used" Management API command may fail with "Requested object not found".
PRJ-34225, PRHF-21356	Security Management	When performing IPS Update or Global Domain Assignment, creating a Domain at the same time may fail with "Internal Error".
PRJ-33364, PRHF-20847	Security Management	Global Domain Assignment fails with "An internal error has occurred" when there are more than 32K Threat Prevention Overrides in the local Domain. Refer to sk176464.
PRJ-30058, PRHF-19250	Security Management	In rare scenarios, after a Management Server upgrade, importing the database may fail with "Tried to persist object".
PRJ-34771, PRHF-20960	Security Management	Policy installation on Gateways R81 and below may fail when there are multiple login options configured with SAML which uses Identity Provider as an authentication method. Refer to sk176725.
PRJ-33863, PRHF-21129	Security Management	When creating or updating a service object via Management API, it is not possible to specify a custom aggressive-aging timeout.
PRJ-32717, PRHF-20332	Security Management	If there is a Global Domain Assignment, some results may be missing when searching in Packet Mode. Refer to sk178491.
PRJ-36185, PRJ-36184	Security Management	In some scenarios, in SmartConsole, the IPS update status list does not reflect correctly all the Gateways with enabled IPS Blade. Refer to sk175449.
PRJ-33978, PRHF-21115	Security Management	Policy installation from the Multi-Domain Server level may trigger installation of two policies for the same VS.
PRJ-34034, PMTR-73939	Security Management	When many sessions are opened: Publish operation may be slow APPI Update may be stuck on 30% and eventually fail Domain Import task may be stuck after 50% and then fail
PRJ-33167, PRHF-20782	Multi-Domain Management	The mds_backup script may not collect Multi-Domain Server log files from $MDSDIR/log/.
PRJ-30525, PRHF-19541	Multi-Domain Management	In rare scenarios, running the "fwm sic_reset" command on Multi-Domain Server may fail.
PRJ-38327, PMTR-82069	SmartConsole	Install Policy Preset may invoke policy installation on Gateways different from those that are defined. Policy installation on multiple Gateways on MDS level may trigger installation on one Gateway only. Refer to sk178590.
PRJ-34292, PMTR-75623	Compliance	After disabling Compliance Best Practices, the user receives security alerts. Requires R80.40 SmartConsole Build 430 (or higher).
PRJ-30377, PRJ-30370	CPInfo	UPDATE: Added CPInfo Build 914000227. Refer to sk92739.
PRJ-31293, PMTR-45132	Logging	NEW: It is now possible to search logs using content from the "Comment" field.
PRJ-29123, PRHF-18445	Logging	SmartEvent may not show some of the Anti-Virus logs.
PRJ-31616, PRHF-19834	Logging	Non-English letters in SmartView reports exported as CSV may be displayed incorrectly. Refer to sk175543.
PRJ-28316, PRHF-18428	Logging	The "Last Update Time" field of a Session Log may show incorrect values.
PRJ-32587, PRHF-20276	Logging	There may be empty values in the "Office Mode IP" field in the Logs view.
PRJ-32304, PRHF-18539	Logging	When configuring an Email alert as an Automatic Reaction in SmartEvent, and the alert contains data from the event, some fields may be missing in the generated email.
PRJ-32017, PRHF-20117	Logging	When running the "show_logs" API command with "query-id argument" and the session is expired, the command ends with a timeout instead of presenting an error.
PRJ-30091, PRHF-18939	Logging	In rare scenarios, the LOG_INDEXER process stops working and logs are missing. Refer to sk176403.
PRJ-33747, PMTR-76138	Security Gateway	UPDATE: Added a new flag to the "dynamic_objects" command: "-uo <name of object>". The user can now see all content of a specific updatable object.
PRJ-30782, PRHF-19506	Security Gateway	Access Policy installation may fail with "Error code 1-2000078".
PRJ-33611, PRHF-20810	Security Gateway	In a rare scenario, the FWD process may unexpectedly exit.
PRJ-32657, PRHF-20471	Security Gateway	Security Gateway may unexpectedly reboot and create a vmcore file.
PRJ-33898, PMTR-58175	Security Gateway	In rare scenarios, the LOG_INDEXER process may unexpectedly exit with a core dump file.
PRJ-33209, PRHF-20674	Security Gateway	The dlpu process may unexpectedly exit, producing a core dump file.
PRJ-32791, PRHF-20498	Security Gateway	In some scenarios, the matched rules log of Inline layer may appear as "Accept" / "Drop" action instead of "Inline".
PRJ-30782, PRHF-19506	Security Gateway	Access Policy installation may fail with "Error code 1-2000078".
PRJ-31207, PRHF-19333	Security Gateway	The Security Gateway may crash during policy installation due to memory allocation problems.
PRJ-33611, PRHF-20810	Security Gateway	In a rare scenario, the FWD process may unexpectedly exit.
PRJ-33997, PRHF-18340	Security Gateway	In rare scenarios, slow path connections that should be terminated/aborted may remain open until the timeout.
PRJ-32791, PRHF-20498	Security Gateway	Matched rules on Inline layermay appear as the "Accept'"/ "Drop" action instead of "Inline".
PRJ-34255, PRHF-20783	Security Gateway	It may not be possible to use Office 365 Tenant Restrictions when ICAP client is enabled.
PRJ-33124, PRHF-20306	Security Gateway	In some scenarios, memory consumption and CPU usage may increase consistently due to large amount of content in CPView tool. Refer to sk176370.
PRJ-32925, PRJ-32352	Security Gateway	When running the "cpstop" and "cpstart" commands, NAT statistics may fail with "fwx_alloc_global_find_free_port_atomic: failed to update NAT statistics".
PRJ-34267, PRHF-19587	Security Gateway	The log_exporter process may consume high CPU.
PRJ-33249, PRHF-20709	Internal CA, VPN	Creating a certificate for a third party Gateway with Check Point Internal CA may fail on the third party side. Refer to sk176468.
PRJ-30444, PRHF-17552	Threat Prevention	In a rare scenario, the DLP process leaves open unused file descriptors in the $FWDIR/tmp/dlp directory which may take up a large amount of disk space.
PRJ-37474, PMTR-80602	Identity Awareness, Identity Logging	UPDATE: Adjusted AD-Query and Identity Logging solutions to work with Microsoft hardening changes in DCOM which were required for CVE-2021-26414. Refer to sk176148.
PRJ-30947, IDA-4253	Identity Awareness	In some scenarios, persistent high CPU is caused by ADQuery due to a large number of authentication requests.
PRJ-32698, PRHF-14110	Identity Awareness	Memory usage may be high for the pdpd process in a scenario related to Identity Awareness nested groups in state 2 and 4.
PRJ-33147, PRHF-20682	URL Filtering	In some scenarios, websites encrypted with SSL are not matched correctly when categorization mode is on Holdand IDA is enabled. Refer to sk176283.
PRJ-29427, PRHF-18966	IPS	When Website categorization mode is set to "Hold" and Gateway is Proxy, some connections may be incorrectly terminated.
PRJ-34644, PRHF-21416	DLP	In a rare scenario, the DLP process may not delete temporary files used for scanning.
PRJ-33001, PMTR-75153	SSL Inspection	UPDATE: Upgraded the default Infrastructure for local communication between some processes to TLS 1.2.
PRJ-34973, PMTR-77321	SSL Inspection	In rare scenarios, the WSTLSD daemon may unexpectedly restart.
PRJ-34160, PMTR-75807	SSL Inspection	In some scenarios, the WSTLSD daemon may unexpectedly exit during TLS probing.
PRJ-35936, PRJ-35934	SSL Network Extender	UPDATE: SSL Network Extender was updated to version 800008304. It provides TLS 1.2 cipher suites support on macOS.
PRJ-31231, SNX-67	SSL Network Extender	SSL Network Extender (SNX) may fail during large file transfers. Refer to sk87760.
PRJ-33875, PMTR-61452	Mobile Access	Policy installation may fail due to table creation issues.
PRJ-34339, PMTR-73930	SecureXL	The "fwaccel dos rate" command may fail with the"Another fwaccel command is already in progress" error.
PRJ-28644, PMTR-67800	SecureXL	A redundant message "ACC: Accelerator started. " is printed in dmesg logs.
PRJ-35768, PMTR-77756	Routing	UPDATE: Routed debug log will now show IP addresses.
PRJ-35644, PMTR-54828	Routing	Handling BGP routes with very long AS paths may cause connectivity issues and the ROUTED daemon may exit with a core dump file.
PRJ-34710, PMTR-73184	Routing	In rare scenarios, the ROUTED daemon may unexpectedly exit or write logs in the incorrect order.
PRJ-35340, ROUT-1370	Routing	The routed daemon may unexpectedly exit with core dump when some interfaces lose connection with the PIM router.
PRJ-32423, PRHF-20294	VPN, Multi-Portal	UPDATE: Certificate validation flow will use OCSP as the default revocation validation method. If OCSP URL does not exist, CRL will be used as a revocation validation method.
PRJ-33655, PRHF-21022	VPN	The VPND process may unexpectedly exit with a core dump file.
PRJ-35310, VPNS2S-2847	VPN	An outage may occur during IKEv2 SA re-key because of invalid kbuf duplication.
PRJ-35475, PMTR-74009	VPN	Added VPN improvements for IKEv2 SA re-key.
PRJ-35342, VPNS2S-2701	VPN	Policy installation and establishing a connection from a Gateway with Static IP may fail, if the IP address was previously used by a peer Gateway with DAIP.
PRJ-35392, VPNS2S-2769	VPN	Improved IKEv2 for working with DAIPs.
PRJ-35487, VPNS2S-2740	VPN	In ike_sa_table there may be an entry with an IP address and not with a DAIP ID.
PRJ-33737, PMTR-75801	VPN	When applying Secure Configuration Verification (SCV) VPN client is not able to distinguish between Windows 10 and Windows 11.
PRJ-35230, PMTR-73490	VPN	SSL entries may not be deleted from the "vpn tu tlist" command output, although there was a graceful exit.
PRJ-36419, PMTR-79305	VPN	In some scenarios, when VPN logs are enabled and DAIP (Dynamically Assigned IP) peer is configured, the VPND daemon may unexpectedly exit.
PRJ-24187, PRHF-16198	VPN	VPN connectivity issues may occur when there are too many SAs. Refer to sk173828.
PRJ-33838, PMTR-76280	VSX	UPDATE: Shadow bridges will now be automatically disabled on VSX Gateways if the bridges are not in Active/Active mode.
PRJ-32532, PMTR-74770	VSX	UPDATE: It is now possible to define interface topology as "defined by routes" using the VSX provisioning tool.
PRJ-37421, PMTR-79515	VSX	After deleting a warp interface in SmartConsole, the active VSX cluster member may crash.
PRJ-30211, PRHF-19017	Gaia OS	VLAN IPv6 address disappears after setting the parent interface state "off" and "on". IPv6 address disappears after enabling Layer 3 bridge interface monitoring. Refer to sk174969.
PRJ-31695, PMTR-73594	Gaia OS	The "cpopenssl" command may fail with "No such file or directory".
PRJ-35002, PMTR-77709	Gaia OS	Fixed the CVE-2020-14145 vulnerability.
PRJ-32916, PMTR-75175	CloudGuard Network	NEW: Rule base search in SmartConsole now also matches rules with Data Center Objects. In SmartConsole, it is now possible to see IP addresses of all the objects included in: AWS VPC and Availability Zone Azure Virtual Network GCP Network In SmartConsole, improved searching objects using tags.
PRJ-31768, PMTR-73896	CloudGuard Network	Improved the handling of NSX-T Data Center throttling issues.
PRJ-34526, PRHF-21383	CloudGuard Network	When a Gateway's object name was changed, CloudGuard Central License Tool may fail to distribute licenses to the Gateway.
PRJ-35157, ODU-199	Scalable Platforms	NEW: Added a self-updatable package of Check Point Support Data Collector (CPSDC) for Scalable Platforms and Maestro Security Appliances. Refer to sk164414.
PRJ-34441, ODU-217	HCP	Added Update 6 of HealthCheck Point (HCP) Release. Refer to sk171436.
PRJ-29950, PRHF-19115	Infrastructure	In a rare scenario, the user cannot connect to the Mobile Access Portal.