R80.40 Jumbo Hotfix Take 25

ID	Product	Description
Take 25 Released on 16 March 2020
-	General	NEW: Added support for Security Gateway running on Open Servers.
PRJ-9090, PRHF-8266	Security Management	In a rare scenario, when an environment has many Gateways (dozens), the FWM daemon may unexpectedly exit when 4 GB of memory is reached. Refer to sk165015.
PRJ-8409, PMTR-46703	Security Management	In some scenarios, when the user modifies a policy rule and creates a section above it in the same session, the log tracker shows that the rule was created instead of modified.
PRJ-8406, PRHF-7874	Security Management	In some scenarios, the exported database may be very large and include redundant data.
PRJ-9312, PRHF-7728	Security Management	The "Unused Objects" filter in Object Explorer may display a failure message if there are more than 20000 unused objects. A limit was added so that only the first 5000 objects will be displayed.
PRJ-9215, PRHF-8370	Security Management	Logging into SmartConsole to the Standby Management Server with a RADIUS or TACACS user may fail after changing the shared secret on the RADIUS or TACACS object.
PRJ-9266, PMTR-49516	Security Management	Policy verification may fail after the user does the following steps: Configures specific install targets for a policy, publishes them, changes the install targets back to "All Gateways", and tries to install them on a Gateway which is not in the original list of targets.
PRJ-9398, PMTR-44668	Security Management	In a rare scenario, the FWM process will utilize 100% CPU, and connections to SmartConsole may fail.
PRJ-8794, VPNRA-316	Security Management	Improved the Access Control Policy installation time for environments with high amount of objects and enabled IPSEC VPN blade. Refer to sk166321.
PRJ-6936	SmartConsole	NEW: Added R80.30SP to the list of versions for supported hardware.
PRJ-9080, API-864	SmartConsole	In some scenarios, the Management Server may unexpectedly exit following authenticated API commands to create or update objects with extremely long comments.
PRJ-9466, PMTR-49817	SmartConsole	In some scenarios, when the user attempts to delete a Gateway / Cluster member, an error message may appear and the operation may not complete successfully.
PRJ-8753	SmartConsole	In some scenarios, on a Global domain, when the user sets a logging option of an IPS protection whose activation is Detect or Prevent, the activation of the protection is set to "Inactive" on the local domain after an Assign Global Policy operation.
PRJ-9544	SmartConsole	When the user invokes the 'show-access-layer' API command, the parent layer may be missing from the output result.
PRJ-9977, PRJ-9968	Security Gateway	In a rare scenario, a non-HTTP traffic on port TCP/80 is dropped.
PRJ-9052, PRHF-8288	Security Gateway	Global connections may not be freed correctly when the Gateway acts as a Proxy.
PRJ-8275	Security Gateway	In some scenarios, a Security policy installation fails during high CPU utilization.
PRJ-10345, PMTR-49504	Security Gateway	In a rare scenario, after upgrading a Security Gateway to R80.40, the LOG_INDEXER process running on the Log server may consume 100% CPU and cause the indexing backlog.
PRJ-9446, PRJ-9416	Security Gateway	Added logs for packets that include invalid TCP options. This feature is off by default.
PRJ-9898, PMTR-50302	Security Gateway	In a rare scenario, the Citrix server communication may fail.
PRJ-10480, PRHF-9188	Security Gateway	In some scenarios, Accounting log shows a wrong total packets value.
PRJ-8884, PRHF-7048	Security Gateway	In a rare scenario, Security gateway may crash when activating a web parsing debug.
PRJ-9900, PMTR-50431	Security Gateway	In a rare scenario, when the web server is defined, policy installation fails with "Error code 0-20000111".
PRJ-8861, PRJ-8880	IPS	In a rare scenario, Security gateway may crash due to NULL pointer reference.
PRJ-9450, PRHF-8530	IPS, VSX	In some scenarios, SmartConsole shows "No license" and "Contract is expired" for IPS blade in VSX. Refer to sk164917.
PRJ-9395, PMTR-49565	Identity Awareness	Performance improvement in the automatic LDAP group update feature.
PRJ-7201, PMTR-23406	SSL Inspection	NEW: Added support for proxy configuration when downloading CRL from a VSX device. Refer to sk151115.
PRJ-8498, PRHF-7875	Logging	Added "Resource", "Application Risk", "Application Name" and "Application Category" fields to the exported CSV file.
PRJ-8548	Logging	NEW: Log Exporter feature exports log attachment identifiers and adds the ability to fetch them through the Management API command.
PRJ-8683, PRHF-7856	Logging	In some scenarios, Threat Emulation Logs cannot be viewed in the logging or reporting views because of a certain format of the "file size" field sent from the Security gateway. Refer to sk166997.
PRJ-9075, PRHF-8337	Routing	In some scenarios, a corrupted BGP AS4_PATH attribute value may result in an invalid, long BGP update that is rejected by the BGP peer.
PRJ-9129, PMTR-46873	SecureXL	NEW: Added acceleration support for Ethernet Over IP Tunneling (EOIP). EOIP is RFC 3378 protocol # 97 used between Wireless AP and Wireless Cisco controller.
PRJ-10197, PMTR-50836	Gaia OS	CVE-2020-8597: pppd is vulnerable to buffer overflow. Refer to sk165875.
PRJ-8583, PMTR-48127	Gaia OS	Multi-Queue configuration cannot be assigned to interfaces that use the "mlx5_core" driver (to check, run the "ethtool -i <name of interface>" command).
PRJ-9357, PRJ-9318	Gaia OS	On 3600 and 3600T appliances, alarm led turns on if one of the PSU is disconnected. Refer to sk166000.
PRJ-8142	CloudGuard Network	NEW: Added support for Data Center objects with ClusterXL configured in Active/Active mode.
PRJ-8570, PMTR-49970	CloudGuard Network	The Management API add-data-center-server for vCenter Data Center uses the "unsafe-auto-accept" parameter with default value set to false. In some scenarios, this setting causes the opposite behavior.