R80.40 Jumbo Hotfix Take 38

Note - This Take contains all fixes from all earlier Takes.

ID	Product	Description
Take 38 Released on 26 April 2020
PRJ-10631, PRJ-10629	Installation	Firmware upgrade for Small Office appliance using SmartProvisioning in Multi-Domain Management environment may fail.
PRJ-8645, CPM-2623	Security Management	NEW: Performance enhancements while the Management Server is under high load.
PRJ-11118, PMTR-51778, PRJ-10995, PMTR-51743	Security Management	NEW: Added ICA Management security enhancements.
PRJ-10473, PMTR-49832	Security Management	In a rare scenario, export from the previous version does not complete because the Postgres dump_all process gets stuck.
PRJ-11722, PRHF-10059	Security Management	Scheduled IPS update operation on the Security Management server may not be triggered after server reboot/restart. Refer to sk166216.
PRJ-10221, PRHF-7865	Security Management	When the user runs the 'add-domain' Web API command on an existing Domain, the original Domain is deleted.
PRJ-10089, PMTR-50276	Security Management	The cpm_solr process may unexpectedly exit and cause one of the following: The upgrade of a Management machine may stuck on 58% The Management HA synchronization may fail with "NGM failed to import data" error Users may not be able to log in.
PRJ-10515, PMTR-36302	Security Management	In some scenarios, Check Point services fail to start and the CPM log shows that there are duplicate session aggregators.
PRJ-9323, PRHF-8494	Security Management	In some scenarios, a disconnected SmartView Monitor session appears in SmartConsole with a grayed out 'Disconnect' option, which cannot be discarded. Refer to sk165037.
PRJ-9300, PRHF-8336	Security Management	In a rare scenario, the "SmartDashboard component failed to connect to server <IP address>. Please contact technical support" error is displayed in SmartConsole when opening the Management object for editing.
PRJ-11167, PMTR-51180	Multi-Domain Management	In a rare scenario, synchronization between Multi-Domain Management Servers breaks after revisions purge operation.
PRJ-9699, PRHF-8593	Multi-Domain Management	MLM may open a connection to the reversed IP address of the Multi-Domain Server.
PRJ-10527, PRHF-8686	Multi-Domain Management	Upgrade of Multi-Domain Server may fail if Sync With User Center is running.
PRJ-9241, PRHF-8077	Multi-Domain Management	In some scenarios, secondary MDS or MLM fail to renew a management certificate. Refer to sk164732.
PRJ-11177, PMTR-51890	Multi-Domain Management	In some scenarios, Full synchronization fails in the Global Domain with "Full sync with peer '[Peer Name]' NGM failed to import data" error. Refer to sk145972.
PRJ-11517, PRHF-9981	Multi-Domain Management	In rare scenarios, upgrading the Multi-Domain Server fails to upgrade some Domain Servers with "IllegalArgumentException" in the upgrade log.
PRJ-10366, PMTR-51017	Multi-Domain Management	After performing Full synchronization or failover of the Global Domain, the following operations may fail (refer to sk145972): Global Domain reassignment IPS or Application Control updates in the Global Domain.
PRJ-9262, PMTR-49143	Multi-Domain Management	Upgrade of Multi-Domain Server may fail when the source version is R80.10 and there is no license configured on the target machine.
PRJ-10531, PRHF-8581	Multi-Domain Management	The mds_import.sh script may fail if the IPS version for a Domain/CMA does not exist on the R80.x Multi-Domain Management Server.
PRJ-10510, PMTR-50620	Multi-Domain Management	In some scenarios, if a Domain is deleted while the user performs a multi-site upgrade from R77.x (before all machines complete the upgrade), some Domains may not be assigned to Admins and Trusted Clients, as before the upgrade. Updating those Admins and Trusted Clients may also fail.
PRJ-10747, PMTR-50936	Multi-Domain Management	In some scenarios, policy installation from the Domain Management Server fails after an mds_backup procedure that was interrupted. Refer to sk165559.
PRJ-11284	Multi-Domain Management	Access policy installation may get stuck in a specific scenario in MDS environments. Refer to sk166106.
PRJ-10504, PMTR-50891	Multi-Domain Management	The import-smart-task Management API may fail in the second Domain on the Multi-Domain machine when it is executed with same exported file.
PRJ-9290, PMTR-49566	SmartConsole	NEW Enhancement: Two new flags were added for the performance improvement of Threat Protection API commands: "show-profiles" and "show-ips-additional-properties". The default value for both flags is false.
PRJ-10374, PRHF-8973	SmartView	In some scenarios, after user imports view/report in SmartView, the imported view/report is not shown in the Catalog.
PRJ-10707, PMTR-45783	SmartProvisioning	In some scenarios, after creating a Small Office gateway using LSMCli, some fields in the gateway object on the SmartProvisioning are not populated.
PRJ-9644, PRHF-4623	Security Gateway	NEW: Added support for the bridge configuration when packet is passing via the Security gateway twice.
PRJ-10795, PMTR-51301	Security Gateway	In some scenarios, when a Custom Intelligence Feed is enabled, the Security Gateway may crash.
PRJ-10173	Security Gateway	After installing R80.40 Jumbo Hotfix, Dynamic Split is disabled.
PRJ-10207, PRHF-9508	Security Gateway	ICAP Client may not work properly when Threat Extraction blade is enabled. To enable the fix, set the enable_icap_with_strict_hold parameter to 1.
PRJ-11538	Security Gateway	In a rare scenario, Security gateway may crash with vmcore.
PRJ-11531, MUX-319	Security Gateway	In a rare scenario, Security gateway may crash while connection is closed while being held.
PRJ-10887, PMTR-51247	Security Gateway	In a rare scenario, a memory leak may appear in Anti-Virus inspection on SMB protocol.
PRJ-9690, PMTR-46451	Security Gateway	Traffic may be dropped on DAIP gateway after the gateway IP address is changed or the gateway is rebooted. Refer to sk165176.
PRJ-8657	Security Gateway	In a rare scenario, creating a Virtual Switch can lead to crash.
PRJ-9835, PMTR-48719	Security Gateway	When ISP Redundancy is configured on a cluster, the backup ISP link status may show as down even though the link is up.
PRJ-10283, PMTR-50683	Anti-Malware	NEW: Added support to allow Threat Extraction to scan a file download in additional scenarios.
PRJ-10758, IDA-2866	Identity Awareness	In some scenarios, multiple "idapi_load_data_impl: session id <Session ID> not found in client_db, although ip <Session IP> was assigned to it" errors appear in /var/log/messages file. Refer to sk167174.
PRJ-10387, IDA-2719	Identity Awareness	In a rare scenario, identity session groups and access roles may disappear following a policy installation.
PRJ-10085, PMTR-50594	Content Awareness	Added ability not to drop the connections if the files are downloaded with HTTP 206 out of range.
PRJ-10856, PRHF-1898	Application Control	NEW: Gateway status will reflect Application Control and URL Filtering updates.
PRJ-9935, PMTR-49938	HTTPS Inspection	In some scenarios, when the minimum version of HTTPS Inspection is set to TLS 1.1, some websites may unexpectedly exit. Refer to sk165555.
PRJ-10738, PRHF-9265	SSL Inspection	In a rare scenario, a memory leak may appear when SSL inspection is enabled.
PRJ-10940, PMTR-51681	IPS	In a rare scenario, the fw_full process may unexpectedly exit.
PRJ-10970, SWG-2484	DLP	NEW: Reading and sending files from the registry by DLP was optimized.
PRJ-9694, PRHF-8503	DLP	In some scenarios, DLP prints wrong error message in the log.
PRJ-9329, PRHF-8152	DLP	Improved the scanning time of files for some scenarios in SMTP and HTTP/S.
PRJ-9436	DLP	In a rare scenario, the dlpu process, a component in Anti-Virus and Threat Emulation, may unexpectedly exit.
PRJ-9775, PRHF-8847	DLP	In some scenarios for SMTP, when an internal user sends an email, the DLP logs may show the topology as "external to external" instead of "internal to internal".
PRJ-11023, PRHF-3767	ClusterXL	Active VRRP cluster member may not show full accounting information in logs. Refer to sk159432.
PRJ-10235, PMTR-51942	SecureXL	Policy installation may fail with "Error code 0-2000240" when Drop templates option is enabled. Refer to sk165716.
PRJ-10000, PRHF-5120	SecureXL	UPDATE: Improved TCP state inspection for "Smart Connection Reuse" feature.
PRJ-9828, PMTR-50294	SecureXL	In some scenarios, SYN Defender cookie validation may fail.
PRJ-8977	SecureXL	When PIM-SM multicast routing transitions from RPT to SPT, packets may be dropped or become out-of-order.
PRJ-8774, PMTR-48255	SecureXL	In some scenarios, held packets are incorrectly reported to the penalty box.
PRJ-8916, PRJ-8890	SecureXL	In some scenarios, multicast packets arrive to the Security gateway in order, but leave out-of-order.
PRJ-9972, SL-3551	Logging	In a Multi-Domain environment, one or more CMA's SMARTLOG_SERVER processes may fail to start after upgrade. Refer to sk165262.
PRJ-11364, PMTR-51655	Logging	In a rare scenario, the CPD process on a Security Management Server that manages R77.30 Security Gateway may unexpectedly exit.
PRJ-11846, SL-3728	Logging	Log exporter process may unexpectedly exit after enabling export of log attachment IDs.
PRJ-9957, PRHF-897	VoIP	In some scenarios, UA traffic is dropped when packet contains more than 9 UA's. Refer to sk135114.
PRJ-11036, PMTR-36437	VPN	In some scenarios, VPN traffic distribution change may cause high CPU consumption on one CPU core. Refer to sk165853.
PRJ-9587, PRHF-7681	VPN	In a rare scenario, vpnd process unexpectedly exits due to Segmentation fault.
PRJ-10558, VPNS2S-938	VPN	Improved the VPN Site-to-Site tunnel establishment scenario with IKEv2.
PRJ-8726	VPN	In some scenarios, vpnd cores may be generated sporadically during boot time/cluster failovers on the Cluster Standby Member.
PRJ-10391, PRHF-1053	VPN	In a rare scenario, vpnd process unexpectedly exits due to issue in IKEv2 flow.
PRJ-9586 PRHF-7485	VPN	Improved the VPN Connectivity with DAIP peers. Refer to sk164933.
PRJ-9911, PMTR-43850	VPN	Improved stability of VPN traffic on VSX Gateway.
PRJ-11017, PMTR-51126	Gaia OS	In a rare scenario, Security gateway may crash when SSH Deep Packet Inspection (SSH DPI) is enabled.
PRJ-10075, PRJ-10452	Gaia OS	The "show asset all" command displays the total number of cores instead of the online number of cores, even if the Hyper-Threading is disabled.
PRJ-11536, PRHF-9858	Gaia OS	In some scenarios the snmpd process floods /var/log/messages with errors regarding parsing voltage sensor value.
PRJ-9131, PMTR-49209	Endpoint Security	Endpoint Standalone Remote Help Server may not start syncing automatically on the first connect.
PRJ-10120, PRJ-9633	Compliance	In some scenarios, database import on single Domain machines where the Compliance blade is activated fails, and as a result, the FWM process unexpectedly exits after the import.
PRJ-10868, VSECC-1119	CloudGuard Network	In a rare scenario, the OpenStack Data Center becomes unresponsive, resulting in a loss of updates to the Security Gateway.
PRJ-10914, VSECC-1222	CloudGuard Network	When an Azure subnet is missing its prefix attribute, the Microsoft Azure Data Center may fail to poll data, resulting in a loss of updates to the Security gateway.
PRJ-11026, VSECC-1231	CloudGuard Network	When an Azure Virtual Network Interface is missing its properties' primary attribute, the Microsoft Azure Data Center may fail to poll data, resulting in a loss of updates to the Security gateway.
PRJ-10903, PMTR-22709	VSX	In VSX cluster with VMAC mode, traffic may not pass through VSX Cluster members. Refer to sk138894.