R80.40 Jumbo Hotfix Take 161

Deleting a Domain may fail when there is an administrator with API key authentication associated with this Domain.

In rare scenarios, Install Policy Presets may fail with "Failed to run Install Policy on the active Domain Server".

In some scenarios, the "show-hosts" Management API command fails with "generic_error" when running it with "details-level full". Refer to sk178249.

When exporting rules with "hit counts" and the timeframe is set to a different value than "all", the "hit counts" are missing from the export file. Refer to sk177265.

Install Policy Verification may fail with the "Rule has security zone objects that are not attached to any interface used" error when configuring cluster's interfaces on only one member. Refer to sk177129.

When cloning an IPS profile, the advanced settings of cloud protection are not copied to the new profile.

In a rare scenario, the FWM process unexpectedly exits.

UPDATE: SmartView reports will now show the new Check Point logo.

When running CPinfo in a large scale environment, the SmartEventCollectLogs process may get stuck.

In a rare scenario, the Security Management Server does not automatically delete older log files. Refer to sk177627.

Removed unnecessary debug messages: "fwbintabreplace: table svm_range_gateways not found" and "fwbintabreplace: table svm_range_gateways_valid not found" from the fwd debug log.

On the Domain level, in the Logs view, available services may not appear in the drop-down filter list. Refer to sk178904.

Improved samples visibility in SmartView Widgets.

UPDATE: Added a new global parameter: "fw_daf_module_mac_mode". It allows mirroring traffic to a Linux-based device. It is set to "0" by default. Refer to sk178127.

UPDATE: Adding Connection and Packet Distribution statistics in CPView.

UPDATE: Added two minutes grace period before dropping the non-TCP server-to-client packets upon policy installation and rematch flow. Refer to sk173287.

Improved Security Gateway internal memory allocation logic.

In rare scenarios, connectivity issues to specific websites may occur during web traffic inspection.

The control connection may not be refreshed together with the data connection if the data connection is accelerated. Refer to sk168952.

Uninstalling Jumbo Hotfix may cause interfaces to disappear.

In some scenarios, Security Gateway drops GRE traffic. Kernel debug shows "simi_reorder_enqueue_packet: reached the limit of maximum enqueued packets for conn".

IPS and other Threat Prevention logs may not contain packet capture. And dmesg may be flooded with related errors.

On Scalable Platforms\Cluster LS, the Identity Database may become corrupted when an identity session is revoked from a non-master member.

There may be connectivity issues and high CPU spikes on the PDPD, VPND processes, and on the Gateway when installing policy. Refer to sk174144.

After installing a Threat Prevention policy with many rules and/or exceptions, on multiple Gateways together, Gateways may consume more CPU during rule-match of new connections.

When Anti-Virus and/or gzip inspection are enabled on the Gateway, during CloudFlare inspection of specific websites,the Security Gateway may drop the traffic.

A memory leak related to TLS probe may occur in the WSTLSD process.

A single cluster member with Dynamic Routing configuration may stay permanently in DOWN state producing ROUTED pnote during a boot.

Multicast packets may be dropped after policy installation.

In some scenarios, fragmented Cluster LS packets are dropped by SecureXL.

Connectivity issues may occur after configuration of route-based VPN (VTI interface). Refer to sk176368.

IKEv2 ID configuration may not be applied when an IPv6 address is written as a certificate's alternative name.

Improvements for DAIP Gateway behind Hide NAT.

The VPND process may unexpectedly exit causing VPN connections to restart.

In some scenarios, L2TP users cannot connect to the Gateway in a cluster environment.

A memory leak may occur in the VPND process when using Remote Access Secondary Connect.

In some scenarios, NAT-T tunnel establishment may fail.

Improved VPN interoperability.

A memory leak may occur in the VPND process.

UPDATE: The "vsx_util reconfigure" operation is not supported on a VSX cluster member or VSX Gateway which has no virtual systems configured. The operation will now alert about the absence of virtual systems.

When creating a static route on a virtual system, some network objects may be created with the same name inside the network group which causes failure in writing the object to the database.

There may be a mismatch of policy name on virtual switch when using the "fw stat" and "vsx stat -v" commands. The issue is only cosmetic.

In some scenarios, the VSX Security Gateway may not decrease the packet's TTL.

The "snmpwalk" command may time out after reaching SNMPv2-SMI::mib-2.68.1.2.0.

UPDATE: Changed the Syslog message severity from "error" to "info" and removed the exclamation mark in a specific message which is displayed during the normal backup operation flow.

Upgrade process may fail due to corrupted sic_local_cert.p12 certificate. Refer to sk171253.

When static NAT is configured, VoIP calls may not work.

Added Take 14 of Public Cloud CA Bundle. Refer to sk172188.

In Amazon Web Services (AWS), some Gateways may frequently crash with vmcores.

In some scenarios, incorrect data center updates are pushed to the Gateway.

In some scenarios, Data Center objects are not enforced on an AWS GEO cluster (Active/Active) Gateway. Refer to sk175904.

Added Update 8 of HealthCheck Point (HCP) Release. Refer to sk171436.