R80.40 Jumbo Hotfix Take 38

 

Note - This Take contains all fixes from all earlier Takes.

ID

Product

Description

Take 38

Released on 26 April 2020

PRJ-10631,
PRJ-10629

Installation

Firmware upgrade for Small Office appliance using SmartProvisioning in Multi-Domain Management environment may fail.

PRJ-8645,
CPM-2623

Security Management

NEW: Performance enhancements while the Management Server is under high load.

PRJ-11118,
PMTR-51778,
PRJ-10995,
PMTR-51743

Security Management

NEW: Added ICA Management security enhancements.

PRJ-10473,
PMTR-49832

Security Management

In a rare scenario, export from the previous version does not complete because the Postgres dump_all process gets stuck.

PRJ-11722,
PRHF-10059

Security Management

Scheduled IPS update operation on the Security Management server may not be triggered after server reboot/restart. Refer to sk166216.

PRJ-10221,
PRHF-7865

Security Management

When the user runs the 'add-domain' Web API command on an existing Domain, the original Domain is deleted.

PRJ-10089,
PMTR-50276

Security Management

The cpm_solr process may unexpectedly exit and cause one of the following:

  • The upgrade of a Management machine may stuck on 58%
  • The Management HA synchronization may fail with "NGM failed to import data" error
  • Users may not be able to log in.

PRJ-10515,
PMTR-36302

Security Management

In some scenarios, Check Point services fail to start and the CPM log shows that there are duplicate session aggregators.

PRJ-9323,
PRHF-8494

Security Management

In some scenarios, a disconnected SmartView Monitor session appears in SmartConsole with a grayed out 'Disconnect' option, which cannot be discarded. Refer to sk165037.

PRJ-9300,
PRHF-8336

Security Management

In a rare scenario, the "SmartDashboard component failed to connect to server <IP address>. Please contact technical support" error is displayed in SmartConsole when opening the Management object for editing.

PRJ-11167,
PMTR-51180

Multi-Domain Management

In a rare scenario, synchronization between Multi-Domain Management Servers breaks after revisions purge operation.

PRJ-9699,
PRHF-8593

Multi-Domain Management

MLM may open a connection to the reversed IP address of the Multi-Domain Server.

PRJ-10527,
PRHF-8686

Multi-Domain Management

Upgrade of Multi-Domain Server may fail if Sync With User Center is running.

PRJ-9241,
PRHF-8077

Multi-Domain Management

In some scenarios, secondary MDS or MLM fail to renew a management certificate. Refer to sk164732.

PRJ-11177,
PMTR-51890

Multi-Domain Management

In some scenarios, Full synchronization fails in the Global Domain with "Full sync with peer '[Peer Name]' NGM failed to import data" error. Refer to sk145972.

PRJ-11517,
PRHF-9981

Multi-Domain Management

In rare scenarios, upgrading the Multi-Domain Server fails to upgrade some Domain Servers with "IllegalArgumentException" in the upgrade log.

PRJ-10366,
PMTR-51017

Multi-Domain Management

After performing Full synchronization or failover of the Global Domain, the following operations may fail (refer to sk145972):

  • Global Domain reassignment
  • IPS or Application Control updates in the Global Domain.

PRJ-9262,
PMTR-49143

Multi-Domain Management

Upgrade of Multi-Domain Server may fail when the source version is R80.10 and there is no license configured on the target machine.

PRJ-10531,
PRHF-8581

Multi-Domain Management

The mds_import.sh script may fail if the IPS version for a Domain/CMA does not exist on the R80.x Multi-Domain Management Server.

PRJ-10510,
PMTR-50620

Multi-Domain Management

In some scenarios, if a Domain is deleted while the user performs a multi-site upgrade from R77.x (before all machines complete the upgrade), some Domains may not be assigned to Admins and Trusted Clients, as before the upgrade. Updating those Admins and Trusted Clients may also fail.

PRJ-10747,
PMTR-50936

Multi-Domain Management

In some scenarios, policy installation from the Domain Management Server fails after an mds_backup procedure that was interrupted. Refer to sk165559.

PRJ-11284

Multi-Domain Management

Access policy installation may get stuck in a specific scenario in MDS environments. Refer to sk166106.

PRJ-10504,
PMTR-50891

Multi-Domain Management

The import-smart-task Management API may fail in the second Domain on the Multi-Domain machine when it is executed with same exported file.

PRJ-9290,
PMTR-49566

SmartConsole

NEW Enhancement: Two new flags were added for the performance improvement of Threat Protection API commands: "show-profiles" and "show-ips-additional-properties". The default value for both flags is false.

PRJ-10374,
PRHF-8973

SmartView

In some scenarios, after user imports view/report in SmartView, the imported view/report is not shown in the Catalog.

PRJ-10707,
PMTR-45783

SmartProvisioning

In some scenarios, after creating a Small Office gateway using LSMCli, some fields in the gateway object on the SmartProvisioning are not populated.

PRJ-9644,
PRHF-4623

Security Gateway

NEW: Added support for the bridge configuration when packet is passing via the Security gateway twice.

PRJ-10795,
PMTR-51301

Security Gateway

In some scenarios, when a Custom Intelligence Feed is enabled, the Security Gateway may crash.

PRJ-10173

Security Gateway

After installing R80.40 Jumbo Hotfix, Dynamic Split is disabled.

PRJ-10207,
PRHF-9508

Security Gateway

ICAP Client may not work properly when Threat Extraction Blade is enabled.
  • To enable the fix, set the enable_icap_with_strict_hold parameter to 1.

PRJ-11538

Security Gateway

In a rare scenario, Security gateway may crash with vmcore.

PRJ-11531,
MUX-319

Security Gateway

In a rare scenario, Security gateway may crash while connection is closed while being held.

PRJ-10887,
PMTR-51247

Security Gateway

In a rare scenario, a memory leak may appear in Anti-Virus inspection on SMB protocol.

PRJ-9690,
PMTR-46451

Security Gateway

Traffic may be dropped on DAIP gateway after the gateway IP address is changed or the gateway is rebooted. Refer to sk165176.

PRJ-8657

Security Gateway

In a rare scenario, creating a Virtual Switch can lead to crash.

PRJ-9835,
PMTR-48719

Security Gateway

When ISP Redundancy is configured on a cluster, the backup ISP link status may show as down even though the link is up.

PRJ-10283,
PMTR-50683

Anti-Malware

NEW: Added support to allow Threat Extraction to scan a file download in additional scenarios.

PRJ-10758,
IDA-2866

Identity Awareness

In some scenarios, multiple "idapi_load_data_impl: session id <Session ID> not found in client_db, although ip <Session IP> was assigned to it" errors appear in /var/log/messages file. Refer to sk167174.

PRJ-10387,
IDA-2719

Identity Awareness

In a rare scenario, identity session groups and access roles may disappear following a policy installation.

PRJ-10085,
PMTR-50594

Content Awareness

Added ability not to drop the connections if the files are downloaded with HTTP 206 out of range.

PRJ-10856,
PRHF-1898

Application Control

NEW: Gateway status will reflect Application Control and URL Filtering updates.

PRJ-9935,
PMTR-49938

HTTPS Inspection

In some scenarios, when the minimum version of HTTPS Inspection is set to TLS 1.1, some websites may unexpectedly exit. Refer to sk165555.

PRJ-10738,
PRHF-9265

SSL Inspection

In a rare scenario, a memory leak may appear when SSL inspection is enabled.

PRJ-10940,
PMTR-51681

IPS

In a rare scenario, the fw_full process may unexpectedly exit.

PRJ-10970,
SWG-2484

DLP

NEW: Reading and sending files from the registry by DLP was optimized.

PRJ-9694,
PRHF-8503

DLP

In some scenarios, DLP prints wrong error message in the log.

PRJ-9329,
PRHF-8152

DLP

Improved the scanning time of files for some scenarios in SMTP and HTTP/S.

PRJ-9436

DLP

In a rare scenario, the dlpu process, a component in Anti-Virus and Threat Emulation, may unexpectedly exit.

PRJ-9775,
PRHF-8847

DLP

In some scenarios for SMTP, when an internal user sends an email, the DLP logs may show the topology as "external to external" instead of "internal to internal".

PRJ-11023,
PRHF-3767

ClusterXL

Active VRRP cluster member may not show full accounting information in logs. Refer to sk159432.

PRJ-10235,
PMTR-51942

SecureXL

Policy installation may fail with "Error code 0-2000240" when Drop templates option is enabled. Refer to sk165716.

PRJ-10000,
PRHF-5120

SecureXL

UPDATE: Improved TCP state inspection for "Smart Connection Reuse" feature.

PRJ-9828,
PMTR-50294

SecureXL

In some scenarios, SYN Defender cookie validation may fail.

PRJ-8977

SecureXL

When PIM-SM multicast routing transitions from RPT to SPT, packets may be dropped or become out-of-order.

PRJ-8774,
PMTR-48255

SecureXL

In some scenarios, held packets are incorrectly reported to the penalty box.

PRJ-8916,
PRJ-8890

SecureXL

In some scenarios, multicast packets arrive to the Security gateway in order, but leave out-of-order.

PRJ-9972,
SL-3551

Logging

In a Multi-Domain environment, one or more CMA's SMARTLOG_SERVER processes may fail to start after upgrade. Refer to sk165262.

PRJ-11364,
PMTR-51655

Logging

In a rare scenario, the CPD process on a Security Management Server that manages R77.30 Security Gateway may unexpectedly exit.

PRJ-11846,
SL-3728

Logging

Log exporter process may unexpectedly exit after enabling export of log attachment IDs.

PRJ-9957,
PRHF-897

VoIP

In some scenarios, UA traffic is dropped when packet contains more than 9 UA's. Refer to sk135114.

PRJ-11036,
PMTR-36437

VPN

In some scenarios, VPN traffic distribution change may cause high CPU consumption on one CPU core. Refer to sk165853.

PRJ-9587,
PRHF-7681

VPN

In a rare scenario, vpnd process unexpectedly exits due to Segmentation fault.

PRJ-10558,
VPNS2S-938

VPN

Improved the VPN Site-to-Site tunnel establishment scenario with IKEv2.

PRJ-8726

VPN

In some scenarios, vpnd cores may be generated sporadically during boot time/cluster failovers on the Cluster Standby Member.

PRJ-10391,
PRHF-1053

VPN

In a rare scenario, vpnd process unexpectedly exits due to issue in IKEv2 flow.

PRJ-9586
PRHF-7485

VPN

Improved the VPN Connectivity with DAIP peers. Refer to sk164933.

PRJ-9911,
PMTR-43850

VPN

Improved stability of VPN traffic on VSX Gateway.

PRJ-11017,
PMTR-51126

Gaia OS

In a rare scenario, Security gateway may crash when SSH Deep Packet Inspection (SSH DPI) is enabled.

PRJ-10075,
PRJ-10452

Gaia OS

The "show asset all" command displays the total number of cores instead of the online number of cores, even if the Hyper-Threading is disabled.

PRJ-11536,
PRHF-9858

Gaia OS

In some scenarios the snmpd process floods /var/log/messages with errors regarding parsing voltage sensor value.

PRJ-9131,
PMTR-49209

Endpoint Security

Endpoint Standalone Remote Help Server may not start syncing automatically on the first connect.

PRJ-10120,
PRJ-9633

Compliance

In some scenarios, database import on single Domain machines where the Compliance Blade is activated fails, and as a result, the FWM process unexpectedly exits after the import.

PRJ-10868,
VSECC-1119

CloudGuard Network

In a rare scenario, the OpenStack Data Center becomes unresponsive, resulting in a loss of updates to the Security Gateway.

PRJ-10914,
VSECC-1222

CloudGuard Network

When an Azure subnet is missing its prefix attribute, the Microsoft Azure Data Center may fail to poll data, resulting in a loss of updates to the Security gateway.

PRJ-11026,
VSECC-1231

CloudGuard Network

When an Azure Virtual Network Interface is missing its properties' primary attribute, the Microsoft Azure Data Center may fail to poll data, resulting in a loss of updates to the Security gateway.

PRJ-10903,
PMTR-22709

VSX

In VSX cluster with VMAC mode, traffic may not pass through VSX Cluster members. Refer to sk138894.