R80.40 Jumbo Hotfix Take 53

Note - This Take contains all fixes from all earlier Takes.

ID	Product	Description
Take 53 Released on 15 June 2020
PRJ-11387, PMTR-52087	Security Management	NEW: Significant performance improvement for policy installation time when many groups are defined on the Management Server.
PRJ-10901, PMTR-49801	Security Management	NEW: Set values for environment variables on the Management Server that will remain there after a Management Server upgrade, as well as Backup/Restore and Export/Import of the Management Server. Refer to sk165938.
PRJ-12914, PMTR-48623	Security Management	In some scenarios, pressing "Where Used" does not show a script that is used in SmartTasks.
PRJ-12275, PMTR-53007	Security Management	In Management HA configuration, a hotfix installation may incorrectly fail during the verification phase.
PRJ-11586, PRHF-9260	Security Management	In some scenarios, when using Rulebase Search, the 'number of rules' section is incorrect. Refer to sk166003.
PRJ-12506, PRHF-10058	Security Management	When using packet mode in Rulebase Search, results from inline layer may be matched even though their parent layer is not.
PRJ-12359, PMTR-33408	Multi-Domain Management	NEW: Added ability to log in to the Management Server with SmartConsole while MDS Backup is running.
PRJ-12966, PRHF-10944	Multi-Domain Management	In some scenarios, certain deleted domain level objects are visible in the SmartConsole at the MDS level.
PRJ-9666, PRHF-8502	Multi-Domain Management	In environments with more than five Multi Domain servers, changes to objects may not be reflected in the logs.
PRJ-12484, PRHF-10330	Multi-Domain Management	Multi-Domain Administrator configuration for RADIUS authentication may show local Domain RADIUS Servers and groups.
PRJ-12326, PMTR-48272	Multi-Domain Management	The "Recent Tasks" and "Install Policy Preset" views in MDS Domain may include Domain names, policy packages, and Gateways names. This information is not filtered according to the administrator's permission profile.
PRJ-12206, PRHF-10405	Multi-Domain Management	In some scenarios, changes to a .def file in $FWDIR/lib may be reverted when creating a secondary CMA.
PRJ-11507, PRJ-11508	Multi-Domain Management	A migration from Security Management server to a Domain on a Multi-Domain Management Server may fail with: "didn't find ObjectStoreSessionEntity for session <uuid> return null" error in cpm.elg file.
PRJ-12556, PRHF-10523	Multi-Domain Management	In some scenarios, updating firewall_properties in GuiDBedit in the MDS context fails. Refer to sk42184.
PRJ-13187, PMTR-54274	Multi-Domain Management	In a rare scenario, Advanced upgrade from R80.10 may fail.
PRJ-12066, PRHF-10327	Multi-Domain Management	The FWM process of domains may not stop after the user runs mdsstop or mdsstop_customer.
PRJ-12778, PMTR-52320	SmartConsole	NEW: Added API commands for user, user-template, user-group and identity-tag.
PRJ-11074, PMTR-51815	SmartConsole	NEW: Added ability to reset the following network object fields to be empty through the Management API: ipv4-address, ipv6-address, subnet4, subnet6, mask-length4, and mask-length6.
PRJ-11906, PRHF-10275	SmartConsole	In rare scenarios, certain domain level objects may not be visible in SmartConsole at the MDS level.
PRJ-12457, PRHF-8968	SmartConsole	In some scenarios, IPS update may be locked with the message "IPS management update is locked by Scheduled update" .
PRJ-12539, PRHF-9941	SmartConsole	Unable to delete Snort protections in Multi-Domain environment - they still exist after deletion.
PRJ-12444, PRHF-8488	SmartConsole	In some scenarios, IPS update tasks may stuck when multiple machines are attempting an update within the same time frame.
PRJ-12961, PRHF-10916	SmartConsole	Global Policy reassign in MDS may fail with 'An internal error has occurred' message after adding overrides to Snort protections.
PRJ-12211, PMTR-52897	SmartConsole	When running the "show-domain" API command, the "active" field may be missing from the reply.
PRJ-11259, PRHF-9106	SmartConsole	In some scenarios, Inspection Settings view under the General tab is blank.
PRJ-11433. PRHF-8506	SmartProvisioning	The SmartProvisioning application may hang when the user adds/edits Dynamic Objects in the LSM Gateway object editor.
PRJ-11917, PMTR-51950	Security Gateway	NEW: Added support for key renegotiation in SSH Deep Packet Inspection (DPI).
PRJ-9121, PRJ-8907	Security Gateway	Connections may be dropped when "keep all connections" is configured during policy installation. Refer to sk166212.
PRJ-11781, NAT-215	Security Gateway	In a rare scenario, the Security Gateway may crash when using a non- FQDN domain object in the policy.
PRJ-13078, PMTR-54306	Security Gateway	When HTTPS Inspection is enabled using layer-2/bridge, traffic may be dropped when deciding the outgoing interfaces.
PRJ-12733, PMTR-53779	Security Gateway	In a rare scenario, memory is not freed correctly in the routing mechanism.
PRJ-12237, PRHF-10039	Security Gateway	In a rare scenario, Security Gateway memory consumption may increase when the Anti-Virus blade is enabled.
PRJ-13091, PRHF-11016	Security Gateway	CPView Utility may not display speed and driver. SNMP does not use custom OID, dplane OID mapping to Management Plane. Some connections through Management Plane on Standby member may be dropped.
PRJ-13148, PMTR-54459	Security Gateway	In some scenarios, IPS & APPI updates fail when Anti-Virus and Content Awareness blades are active.
PRJ-9700	Logging	NEW: Added support for viewing MITRE ATT&CK fields in logs.
PRJ-9317, PRHF-8166	Logging	Logging view may show results from the wrong day if the server Time Zone is configured to use half/quarter hour deviations from standard time.
PRJ-8923, PRHF-8148	Logging	When the user searches logs in the "Logs and Monitor" tab in SmartConsole and applies a filter using the "?" wildcard, incorrect logs may be returned.
PRJ-8481, PRHF-7592	Logging	"Problem has occurred during search < External Log server > Disconnected" error may appear in "Logs & Monitor" tab after creating dummy object for NAT.
PRJ-9738, PMTR-37265	SmartView	In SmartView, deleting widgets and clicking on "Discard" may not revert all changes.
PRJ-10671, PMTR-49128	SmartView	In SmartView, when using a language other than English, an error may occur when drilling down on a widget.
PRJ-11058, PRHF-9354	Application Control	In some scenarios, Application Control update task may get stuck indefinitely when it is executed as part of Global Policy assignment.
PRJ-12167, PMTR-52106	Application Control	In some scenarios, Application Control updates in Multi-Domain High Availability environments may get stuck when multiple updates from different Domains/Multi-Domains take place simultaneously.
PRJ-9565, PRHF-8153	Threat Prevention	The number of overrides in Threat Prevention policy -> Profile -> Overrides may also show inactivated overrides, with mismatched information between "override" and "User Modified".
PRJ-12433, PRHF-11043	Threat Prevention	In a rare scenario, when Threat Prevention Forensics feature is enabled, memory usage may rise on the Security gateway due to failures in memory release flow.
PRJ-10672, PMTR-51385	SSL Inspection	NEW: Added support for FutureX HSM when working with outbound HTTPS Inspection.
PRJ-11435, PMTR-52216	Anti-Malware	In some scenarios, "Feed Error" message appears when fetching a IOC feed.
PRJ-10849, PMTR-50978	UserCheck	In a rare scenario, the UserCheck daemon may fail with core dump file created.
PRJ-12603, PMTR-53442	Mobile Access	Mobile Access ActiveSync session timeout may not update properly, generating repeated error messages in the 'cvpnd.elg' debug output.
PRJ-10417, MAGB-781	Mobile Access	Some Web applications published by Mobile Access Blade may not work in Host Translation mode.
PRJ-9780	ClusterXL	Resetting SIC on a Cluster member may result in CCP Encryption turned OFF while it should remain ON.
PRJ-10979, PMTR-43718	ClusterXL	SNMP Response for OID .1.3.6.1.4.1.2620.1.5.6 ("haState") is "Active" on all members of ClusterXL High Availability mode. Refer to sk106291.
PRJ-11611, PMTR-52275	ClusterXL	In some scenarios, the fwk process unexpectedly exits on cluster member.
PRJ-11402, PRHF-9845	SecureXL	NEW: Performance improvement for DOS/Rate Limiting rules under a high connection rate.
PRJ-12548, PRHF-10647	SecureXL	NEW: Added tunable kernel parameter "adp_mc_rt_hold_queue_len" to adpkern.conf to eliminate multicast packet drops at the start of a connection (when large bursts of multicast traffic are expected).
PRJ-12019, PRHF-10097	SecureXL	In some scenarios, ACK, FIN, and RST TCP packets may be dropped, causing outages.
PRJ-11551	SecureXL	MCAST packets may be handled incorrectly when promiscuous (tcpdump) mode is enabled for the interface.
PRJ-12175, PRHF-10228	SecureXL	In some scenarios, TCP traffic containing the TCP Fast Open option may be dropped by the Security Gateway.
PRJ-11684, PRJ-11365	Routing	NEW: Performance improvement for multicast packets in SecureXL (fast path) when there are no multicast listeners.
PRJ-12222, ROUT-856	Routing	In some scenarios, routed process unexpectedly exits when adding an interface to OSPFv3 with a prefix length above 63 and having two or more areas.
PRJ-10734, PMTR-51475	VSX	NEW: Adding bridge interfaces to a regular VS in VSX is allowed via vsx_provisioning_tool by using this command: attach bridge vd <vs_name> ifs1 <first_interface_name> ifs2 <second_interface_name>
PRJ-12622, VSX-2219	VSX	In a rare scenario, creating new VSX and pushing configuration may cause the cluster members to crash.
PRJ-13060, PRHF-10978	VSX	When performing a provisioning operation in VSX, process may hang on "Pushing configuration to ...". Refer to sk167175.
PRJ-12813, GAIA-7625	Gaia OS	The activate_sw_raid utility may fail due to incorrect disk names.
PRJ-11755, PMTR-52432	Gaia OS	The snmptrap command fails and shows an error related to EngineID.
PRJ-11854, PMTR-48873	Gaia OS	On 15600 appliances, the "service ipmi start" command may fail to start the IPMI Service.
PRJ-10309, GAIA-6136	Gaia OS	Incorrect status may be displayed in Clish for pulled PSU.
PRJ-10273, PMTR-50151	VPN	NEW: 3DES is disabled by default for HTTPS Inspection, Mobile Access Portal, Identity Awareness Portal, ICA Portal, SmartManagement Portal, SecurePlatform WebUI, and Mobile Access curl. Note: Disabling 3DES will fail 3rd party OPSEC SDK 6.0 clients connectivity. To enable it, refer to sk113114.
PRJ-12102, VPN-72	VPN	NEW: Added Large-scale support for Visitor Mode. Refer to sk168297.
PRJ-12179, VPNRA-364	VPN	Connectivity improvements for Remote Access VPN using Traditional mode.
PRJ-11644, VPNRA-353	VPN	Added Stability improvement for Remote Access VPN.
PRJ-11711, PRHF-10028	Endpoint Security	In SmartEndpoint, Anti-Malware's "Top Infections" report has an empty infection name. Refer to sk166232.
PRJ-11825, PRHF-6365	Endpoint Security	Users/devices may not change their locations in the tree according to Active Directory changes when certain special characters appear in the names.
PRJ-11841, PRHF-9304	Endpoint Security	Cannot delete the client MSI package from SmartEndpoint because of previously deleted FDE offline group.
PRJ-11833, PRHF-8234	Endpoint Security	The Endpoint directory scanner may fail to reconnect to the AD if the connection was lost during the scan.
PRJ-11820, PRHF-9157	Endpoint Security	The default paths for offline folders in SmartEndpoint -> Offline group creation wizard may be incorrect.
PRJ-11837, PRHF-10015	Endpoint Security	An error in FDE pre-boot users calculation may cause Endpoint to be left in a disconnected state. Refer to sk142313.
PRJ-11145, PRHF-9706	Endpoint Security	Local users may not be displayed under the selected machine in the "Users and Computers tab" in SmartEndpoint. Refer to sk166316.
PRJ-11816, PRHF-9151	Endpoint Security	When a user name is updated in SmartEndpoint, the change may result in an unexpected expiration date. Refer to sk165872.
PRJ-11245, PRHF-9628	VoIP	SIP calls with NAT (SIP packet with no SDP but content-type=sdp) may fail to open correctly.
PRJ-9105, PRHF-7758	VoIP	In a rare scenario, Security gateway crashes when passing SIP traffic. Refer to sk166474.