R80.40 Jumbo Hotfix Take 38
|
Note - This Take contains all fixes from all earlier Takes. |
ID |
Product |
Description |
---|---|---|
Take 38 Released on 26 April 2020 |
||
PRJ-10631, |
Installation |
Firmware upgrade for Small Office appliance using SmartProvisioning in Multi-Domain Management environment may fail. |
PRJ-8645, |
Security Management |
NEW: Performance enhancements while the Management Server is under high load. |
PRJ-11118, |
Security Management |
NEW: Added ICA Management security enhancements. |
PRJ-10473, |
Security Management |
In a rare scenario, export from the previous version does not complete because the Postgres dump_all process gets stuck. |
PRJ-11722, |
Security Management |
Scheduled IPS update operation on the Security Management server may not be triggered after server reboot/restart. Refer to sk166216. |
PRJ-10221, |
Security Management |
When the user runs the 'add-domain' Web API command on an existing Domain, the original Domain is deleted. |
PRJ-10089, |
Security Management |
The cpm_solr process may unexpectedly exit and cause one of the following:
|
PRJ-10515, |
Security Management |
In some scenarios, Check Point services fail to start and the CPM log shows that there are duplicate session aggregators. |
PRJ-9323, |
Security Management |
In some scenarios, a disconnected SmartView Monitor session appears in SmartConsole with a grayed out 'Disconnect' option, which cannot be discarded. Refer to sk165037. |
PRJ-9300, |
Security Management |
In a rare scenario, the "SmartDashboard component failed to connect to server <IP address>. Please contact technical support" error is displayed in SmartConsole when opening the Management object for editing. |
PRJ-11167, |
Multi-Domain Management |
In a rare scenario, synchronization between Multi-Domain Management Servers breaks after revisions purge operation. |
PRJ-9699, |
Multi-Domain Management |
MLM may open a connection to the reversed IP address of the Multi-Domain Server. |
PRJ-10527, |
Multi-Domain Management |
Upgrade of Multi-Domain Server may fail if Sync With User Center is running. |
PRJ-9241, |
Multi-Domain Management |
In some scenarios, secondary MDS or MLM fail to renew a management certificate. Refer to sk164732. |
PRJ-11177, |
Multi-Domain Management |
In some scenarios, Full synchronization fails in the Global Domain with "Full sync with peer '[Peer Name]' NGM failed to import data" error. Refer to sk145972. |
PRJ-11517, |
Multi-Domain Management |
In rare scenarios, upgrading the Multi-Domain Server fails to upgrade some Domain Servers with "IllegalArgumentException" in the upgrade log. |
PRJ-10366, |
Multi-Domain Management |
After performing Full synchronization or failover of the Global Domain, the following operations may fail (refer to sk145972):
|
PRJ-9262, |
Multi-Domain Management |
Upgrade of Multi-Domain Server may fail when the source version is R80.10 and there is no license configured on the target machine. |
PRJ-10531, |
Multi-Domain Management |
The mds_import.sh script may fail if the IPS version for a Domain/CMA does not exist on the R80.x Multi-Domain Management Server. |
PRJ-10510, |
Multi-Domain Management |
In some scenarios, if a Domain is deleted while the user performs a multi-site upgrade from R77.x (before all machines complete the upgrade), some Domains may not be assigned to Admins and Trusted Clients, as before the upgrade. Updating those Admins and Trusted Clients may also fail. |
PRJ-10747, |
Multi-Domain Management |
In some scenarios, policy installation from the Domain Management Server fails after an mds_backup procedure that was interrupted. Refer to sk165559. |
PRJ-11284 |
Multi-Domain Management |
Access policy installation may get stuck in a specific scenario in MDS environments. Refer to sk166106. |
PRJ-10504, |
Multi-Domain Management |
The import-smart-task Management API may fail in the second Domain on the Multi-Domain machine when it is executed with same exported file. |
PRJ-9290, |
SmartConsole |
NEW Enhancement: Two new flags were added for the performance improvement of Threat Protection API commands: "show-profiles" and "show-ips-additional-properties". The default value for both flags is false. |
PRJ-10374, |
SmartView |
In some scenarios, after user imports view/report in SmartView, the imported view/report is not shown in the Catalog. |
PRJ-10707, |
SmartProvisioning |
In some scenarios, after creating a Small Office gateway using LSMCli, some fields in the gateway object on the SmartProvisioning are not populated. |
PRJ-9644, |
Security Gateway |
NEW: Added support for the bridge configuration when packet is passing via the Security gateway twice. |
PRJ-10795, |
Security Gateway |
In some scenarios, when a Custom Intelligence Feed is enabled, the Security Gateway may crash. |
PRJ-10173 |
Security Gateway |
After installing R80.40 Jumbo Hotfix, Dynamic Split is disabled. |
PRJ-10207, |
Security Gateway |
ICAP Client may not work properly when Threat Extraction blade is enabled.
|
PRJ-11538 |
Security Gateway |
In a rare scenario, Security gateway may crash with vmcore. |
PRJ-11531, |
Security Gateway |
In a rare scenario, Security gateway may crash while connection is closed while being held. |
PRJ-10887, |
Security Gateway |
In a rare scenario, a memory leak may appear in Anti-Virus inspection on SMB protocol. |
PRJ-9690, |
Security Gateway |
Traffic may be dropped on DAIP gateway after the gateway IP address is changed or the gateway is rebooted. Refer to sk165176. |
PRJ-8657 |
Security Gateway |
In a rare scenario, creating a Virtual Switch can lead to crash. |
PRJ-9835, |
Security Gateway |
When ISP Redundancy is configured on a cluster, the backup ISP link status may show as down even though the link is up. |
PRJ-10283, |
Anti-Malware |
NEW: Added support to allow Threat Extraction to scan a file download in additional scenarios. |
PRJ-10758, |
Identity Awareness |
In some scenarios, multiple "idapi_load_data_impl: session id <Session ID> not found in client_db, although ip <Session IP> was assigned to it" errors appear in /var/log/messages file. Refer to sk167174. |
PRJ-10387, |
Identity Awareness |
In a rare scenario, identity session groups and access roles may disappear following a policy installation. |
PRJ-10085, |
Content Awareness |
Added ability not to drop the connections if the files are downloaded with HTTP 206 out of range. |
PRJ-10856, |
Application Control |
NEW: Gateway status will reflect Application Control and URL Filtering updates. |
PRJ-9935, |
HTTPS Inspection |
In some scenarios, when the minimum version of HTTPS Inspection is set to TLS 1.1, some websites may unexpectedly exit. Refer to sk165555. |
PRJ-10738, |
SSL Inspection |
In a rare scenario, a memory leak may appear when SSL inspection is enabled. |
PRJ-10940, |
IPS |
In a rare scenario, the fw_full process may unexpectedly exit. |
PRJ-10970, |
DLP |
NEW: Reading and sending files from the registry by DLP was optimized. |
PRJ-9694, |
DLP |
In some scenarios, DLP prints wrong error message in the log. |
PRJ-9329, |
DLP |
Improved the scanning time of files for some scenarios in SMTP and HTTP/S. |
PRJ-9436 |
DLP |
In a rare scenario, the dlpu process, a component in Anti-Virus and Threat Emulation, may unexpectedly exit. |
PRJ-9775, |
DLP |
In some scenarios for SMTP, when an internal user sends an email, the DLP logs may show the topology as "external to external" instead of "internal to internal". |
PRJ-11023, |
ClusterXL |
Active VRRP cluster member may not show full accounting information in logs. Refer to sk159432. |
PRJ-10235, |
SecureXL |
Policy installation may fail with "Error code 0-2000240" when Drop templates option is enabled. Refer to sk165716. |
PRJ-10000, |
SecureXL |
UPDATE: Improved TCP state inspection for "Smart Connection Reuse" feature. |
PRJ-9828, |
SecureXL |
In some scenarios, SYN Defender cookie validation may fail. |
PRJ-8977 |
SecureXL |
When PIM-SM multicast routing transitions from RPT to SPT, packets may be dropped or become out-of-order. |
PRJ-8774, |
SecureXL |
In some scenarios, held packets are incorrectly reported to the penalty box. |
PRJ-8916, |
SecureXL |
In some scenarios, multicast packets arrive to the Security gateway in order, but leave out-of-order. |
PRJ-9972, |
Logging |
In a Multi-Domain environment, one or more CMA's SMARTLOG_SERVER processes may fail to start after upgrade. Refer to sk165262. |
PRJ-11364, |
Logging |
In a rare scenario, the CPD process on a Security Management Server that manages R77.30 Security Gateway may unexpectedly exit. |
PRJ-11846, |
Logging |
Log exporter process may unexpectedly exit after enabling export of log attachment IDs. |
PRJ-9957, |
VoIP |
In some scenarios, UA traffic is dropped when packet contains more than 9 UA's. Refer to sk135114. |
PRJ-11036, |
VPN |
In some scenarios, VPN traffic distribution change may cause high CPU consumption on one CPU core. Refer to sk165853. |
PRJ-9587, |
VPN |
In a rare scenario, vpnd process unexpectedly exits due to Segmentation fault. |
PRJ-10558, |
VPN |
Improved the VPN Site-to-Site tunnel establishment scenario with IKEv2. |
PRJ-8726 |
VPN |
In some scenarios, vpnd cores may be generated sporadically during boot time/cluster failovers on the Cluster Standby Member. |
PRJ-10391, |
VPN |
In a rare scenario, vpnd process unexpectedly exits due to issue in IKEv2 flow. |
PRJ-9586 |
VPN |
Improved the VPN Connectivity with DAIP peers. Refer to sk164933. |
PRJ-9911, |
VPN |
Improved stability of VPN traffic on VSX Gateway. |
PRJ-11017, |
Gaia OS |
In a rare scenario, Security gateway may crash when SSH Deep Packet Inspection (SSH DPI) is enabled. |
PRJ-10075, |
Gaia OS |
The "show asset all" command displays the total number of cores instead of the online number of cores, even if the Hyper-Threading is disabled. |
PRJ-11536, |
Gaia OS |
In some scenarios the snmpd process floods /var/log/messages with errors regarding parsing voltage sensor value. |
PRJ-9131, |
Endpoint Security |
Endpoint Standalone Remote Help Server may not start syncing automatically on the first connect. |
PRJ-10120, |
Compliance |
In some scenarios, database import on single Domain machines where the Compliance blade is activated fails, and as a result, the FWM process unexpectedly exits after the import. |
PRJ-10868, |
CloudGuard Network |
In a rare scenario, the OpenStack Data Center becomes unresponsive, resulting in a loss of updates to the Security Gateway. |
PRJ-10914, |
CloudGuard Network |
When an Azure subnet is missing its prefix attribute, the Microsoft Azure Data Center may fail to poll data, resulting in a loss of updates to the Security gateway. |
PRJ-11026, |
CloudGuard Network |
When an Azure Virtual Network Interface is missing its properties' primary attribute, the Microsoft Azure Data Center may fail to poll data, resulting in a loss of updates to the Security gateway. |
PRJ-10903, |
VSX |
In VSX cluster with VMAC mode, traffic may not pass through VSX Cluster members. Refer to sk138894. |