R80.40 Jumbo Hotfix Take 190

The CPVIEWD process may cause CPU spikes.

UPDATE: Improved the "Assign Global Policy" action time by approximately 50%.

Global Domain Assignment may fail if a rule in the global policy was recently enabled or disabled.

A Multi-Domain Management Server upgrade may fail if upgrading one of the domains takes longer than four hours.

An Application Control and URL Filtering Database update may fail. The CPM log file states: "Update APPI Update Task Notification. progress: 100, status: FAILED, statusText: Failed to assign domain".

SmartConsole may unexpectedly disconnect.

After an upgrade, when the local domain Virtual System (VS) is updated, its objects may not be updated. The mirror VS object and local domain VS object may have different versions and colors.

Global Policy reassignment fails with "An internal error has occurred". The issue occurs when a Global rule, Rule Base, or section was created, moved, and then deleted without running a reassignment in between.

"Automatic purge" fails on a Domain with active Global Domain Assignment and "automatic purge" configured on the Global Domain.

Packet mode search in HTTPS Inspection policy may not work.

In rare scenarios, Global Policy reassignment may fail with a "Failed to find object ID UUID of class com.checkpoint.objects.ips.ThreatIpsProtectionOverride" message.

SmartEvent may unexpectedly close when clicking Global Exclusion options or creating a new event. This issue occurs after migrating a Domain from the Multi-Domain Management Server to the Security Management Server.

NEW: Integrated Skyline, a solution that provides an OpenTelemetry CPView Agent service to monitor your Check Point Servers and export health metrics from the CPView tool to an external location. Refer to sk178566.

Emails sent as an automatic reaction may show only the first IP address for "Source"/"Destination" fields out of all the detected IP addresses.

It may not be possible to filter the "Subscriber" field in SmartLog.

Export to CSV in SmartView may be stuck in the "running" status.

Logs may not be indexed on the Domain Log Server in a Multi-Domain Log Module (MLM) or on the Secondary Multi-Domain Management Server.

The LOG_INDEXER process on the SmartEvent Server may unexpectedly exit, generating a core dump file, if the Log Server used by the correlation unit is deleted.

When an object name begins with a digit, SmartView Monitor displays a name consisting of the letter "v" and UID instead of the actual object name.

The "show-logs" Management API command fails when iterating over many pages of queries, and the total fetched records number exceeds 219,900 records.

UPDATE:

• Added a new global parameter "fw_conn_double_error_allow_print " to enable/disable printing double connection error message to the log. When disabled, the Security Gateway will still drop a new connection if it is already recorded in the connection table, but there will be no error logs.

• Added a new global parameter "fw_conn_double_error_count" to count how many times the error occurred.

UPDATE: The reset expired connections feature (fw_rst_expired_conn) is now supported on connections accelerated by SecureXL.

After an upgrade, Access Control policy installation may fail with an "Update process is already running" message.

There may be connectivity failure when browsing to Office 365, and ICAP Client is active on the Security Gateway with enabled "Data Trickling".

The Security Gateway may crash because of memory corruption, and the following error appears in the /var/log/message file: "[xxxx] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: <xxxx>".

In a rare scenario, the FWK process may unexpectedly exit because of a memory allocation issue on the Security Gateway.

Topology auto update may fail because of a too long interface name.

After an upgrade, Anti-Virus Blade may cause increased memory consumption.

In a rare scenario, the Security Gateway may have a memory allocation issue.

The Custom Intelligence Feeds feature may stop enforcing traffic after Threat Prevention policy installation.

A kernel memory leak may occur during deep file inspection.

Adding hash indicators may cause policy installation to fail with a warning message.

In some scenarios, Mail Transfer Agent (MTA) does not scan files with an unsupported extension if they were renamed to ".exe".

SNMP/cpstat queries for Identity Awareness OIDs return wrong values if the PDP daemon is not running at the time of the query.

The CPU utilization of the PDP daemon may be high during a specific authentication flow.

When an URL Filtering rule has "Fail-Close" configuration, the Security Gateway may drop connections, and "URLF internal system error (0)" is recorded as the reason.

After disabling the ActiveSync service on the Security Gateway, login to Capsule Workspace (CWS) may fail.

Capsule Workspace push notifications do not work when the Single Sign-On (SSO) is configured to "prompt for credentials". Refer to sk176244.

The cphaprob show_bond command does not show newly added subordinates from Virtual Systems (VSs).

In a VRRP cluster environment with a large number of interfaces, the Security Gateway may consume a lot of memory.

After an upgrade, SecureXL may drop multicast traffic with "reason:Fragment drops".

SNDs may reach 100% CPU utilization and are not released in some Site to Site VPN scenarios.

UPDATE: After FIPS mode is enabled, Jitter is now automatically turned on.

Site-to-Site NAT-T traffic may be routed incorrectly, which can cause an outage.

Improved Site-to-Site VPN stability.

The VPND process may unexpectedly exit.

SecureXL may not let HTTPS traffic pass through a Virtual Router (VR).

Lines indicating uninstalling policies from virtual switches (VSWs) may be printed when running the "fw vsx unloadall" command.

Removing a warp interface may fail on one member, which creates a mismatch between the cluster members database because the warp interface remains on other members. Refer to sk180481.

A VSX Gateway upgrade may fail with an error related to VSX Filesystem creation.

UPDATE: Gaia API updates will now be automatically installed through AutoUpdater. Refer to sk165653.

In a cloning group cluster, when allowed hosts are changed from "Any" host to a specific host, communication between members is blocked, and the group cannot function.

The SNMPD process may unexpectedly exit on the Security Gateway with enabled Management Data Plane Separation (MDPS).

UPDATE: Added support for Data Centers in AWS ap-southeast-2 (Jakarta) region.

Azure Data Center mapping may fail because of a corrupt response from Azure for a specific Virtual Machine Scale Set (VMSS).

Import of OpenStack Data Center CloudGuard Network objects may fail.

Added Update 5 of Quantum Smart-1 Cloud. Refer to sk166056.

In some scenarios, when using early media with NAT, the first data connections specified in the SDP get closed, although they should not. And the new data connection does not open, resulting in one-way audio. Refer to sk179651.