R80.40 Jumbo Hotfix Take 53
|
Note - This Take contains all fixes from all earlier Takes. |
ID |
Product |
Description |
---|---|---|
Take 53 Released on 15 June 2020 |
||
PRJ-11387, |
Security Management |
NEW: Significant performance improvement for policy installation time when many groups are defined on the Management Server. |
PRJ-10901, |
Security Management |
NEW: Set values for environment variables on the Management Server that will remain there after a Management Server upgrade, as well as Backup/Restore and Export/Import of the Management Server. Refer to sk165938. |
PRJ-12914, |
Security Management |
In some scenarios, pressing "Where Used" does not show a script that is used in SmartTasks. |
PRJ-12275, |
Security Management |
In Management HA configuration, a hotfix installation may incorrectly fail during the verification phase. |
PRJ-11586, |
Security Management |
In some scenarios, when using Rulebase Search, the 'number of rules' section is incorrect. Refer to sk166003. |
PRJ-12506, |
Security Management |
When using packet mode in Rulebase Search, results from inline layer may be matched even though their parent layer is not. |
PRJ-12359, |
Multi-Domain Management |
NEW: Added ability to log in to the Management Server with SmartConsole while MDS Backup is running. |
PRJ-12966, |
Multi-Domain Management |
In some scenarios, certain deleted domain level objects are visible in the SmartConsole at the MDS level. |
PRJ-9666, |
Multi-Domain Management |
In environments with more than five Multi Domain servers, changes to objects may not be reflected in the logs. |
PRJ-12484, |
Multi-Domain Management |
Multi-Domain Administrator configuration for RADIUS authentication may show local Domain RADIUS Servers and groups. |
PRJ-12326, |
Multi-Domain Management |
The "Recent Tasks" and "Install Policy Preset" views in MDS Domain may include Domain names, policy packages, and Gateways names. This information is not filtered according to the administrator's permission profile. |
PRJ-12206, |
Multi-Domain Management |
In some scenarios, changes to a .def file in $FWDIR/lib may be reverted when creating a secondary CMA. |
PRJ-11507, |
Multi-Domain Management |
A migration from Security Management server to a Domain on a Multi-Domain Management Server may fail with: "didn't find ObjectStoreSessionEntity for session <uuid> return null" error in cpm.elg file. |
PRJ-12556, |
Multi-Domain Management |
In some scenarios, updating firewall_properties in GuiDBedit in the MDS context fails. Refer to sk42184. |
PRJ-13187, |
Multi-Domain Management |
In a rare scenario, Advanced upgrade from R80.10 may fail. |
PRJ-12066, |
Multi-Domain Management |
The FWM process of domains may not stop after the user runs mdsstop or mdsstop_customer. |
PRJ-12778, |
SmartConsole |
NEW: Added API commands for user, user-template, user-group and identity-tag. |
PRJ-11074, |
SmartConsole |
NEW: Added ability to reset the following network object fields to be empty through the Management API: ipv4-address, ipv6-address, subnet4, subnet6, mask-length4, and mask-length6. |
PRJ-11906, |
SmartConsole |
In rare scenarios, certain domain level objects may not be visible in SmartConsole at the MDS level. |
PRJ-12457, |
SmartConsole |
In some scenarios, IPS update may be locked with the message "IPS management update is locked by Scheduled update" . |
PRJ-12539, |
SmartConsole |
Unable to delete Snort protections in Multi-Domain environment - they still exist after deletion. |
PRJ-12444, |
SmartConsole |
In some scenarios, IPS update tasks may stuck when multiple machines are attempting an update within the same time frame. |
PRJ-12961, |
SmartConsole |
Global Policy reassign in MDS may fail with 'An internal error has occurred' message after adding overrides to Snort protections. |
PRJ-12211, |
SmartConsole |
When running the "show-domain" API command, the "active" field may be missing from the reply. |
PRJ-11259, |
SmartConsole |
In some scenarios, Inspection Settings view under the General tab is blank. |
PRJ-11433. |
SmartProvisioning |
The SmartProvisioning application may hang when the user adds/edits Dynamic Objects in the LSM Gateway object editor. |
PRJ-11917, |
Security Gateway |
NEW: Added support for key renegotiation in SSH Deep Packet Inspection (DPI). |
PRJ-9121, |
Security Gateway |
Connections may be dropped when "keep all connections" is configured during policy installation. Refer to sk166212. |
PRJ-11781, |
Security Gateway |
In a rare scenario, the Security Gateway may crash when using a non- FQDN domain object in the policy. |
PRJ-13078, |
Security Gateway |
When HTTPS Inspection is enabled using layer-2/bridge, traffic may be dropped when deciding the outgoing interfaces. |
PRJ-12733, |
Security Gateway |
In a rare scenario, memory is not freed correctly in the routing mechanism. |
PRJ-12237, |
Security Gateway |
In a rare scenario, Security Gateway memory consumption may increase when the Anti-Virus blade is enabled. |
PRJ-13091, |
Security Gateway |
|
PRJ-13148, |
Security Gateway |
In some scenarios, IPS & APPI updates fail when Anti-Virus and Content Awareness blades are active. |
PRJ-9700 |
Logging |
NEW: Added support for viewing MITRE ATT&CK fields in logs. |
PRJ-9317, |
Logging |
Logging view may show results from the wrong day if the server Time Zone is configured to use half/quarter hour deviations from standard time. |
PRJ-8923, |
Logging |
When the user searches logs in the "Logs and Monitor" tab in SmartConsole and applies a filter using the "?" wildcard, incorrect logs may be returned. |
PRJ-8481, |
Logging |
"Problem has occurred during search < External Log server > Disconnected" error may appear in "Logs & Monitor" tab after creating dummy object for NAT. |
PRJ-9738, |
SmartView |
In SmartView, deleting widgets and clicking on "Discard" may not revert all changes. |
PRJ-10671, |
SmartView |
In SmartView, when using a language other than English, an error may occur when drilling down on a widget. |
PRJ-11058, |
Application Control |
In some scenarios, Application Control update task may get stuck indefinitely when it is executed as part of Global Policy assignment. |
PRJ-12167, |
Application Control |
In some scenarios, Application Control updates in Multi-Domain High Availability environments may get stuck when multiple updates from different Domains/Multi-Domains take place simultaneously. |
PRJ-9565, |
Threat Prevention |
The number of overrides in Threat Prevention policy -> Profile -> Overrides may also show inactivated overrides, with mismatched information between "override" and "User Modified". |
PRJ-12433, |
Threat Prevention |
In a rare scenario, when Threat Prevention Forensics feature is enabled, memory usage may rise on the Security gateway due to failures in memory release flow. |
PRJ-10672, |
SSL Inspection |
NEW: Added support for FutureX HSM when working with outbound HTTPS Inspection. |
PRJ-11435, |
Anti-Malware |
In some scenarios, "Feed Error" message appears when fetching a IOC feed. |
PRJ-10849, |
UserCheck |
In a rare scenario, the UserCheck daemon may fail with core dump file created. |
PRJ-12603, |
Mobile Access |
Mobile Access ActiveSync session timeout may not update properly, generating repeated error messages in the 'cvpnd.elg' debug output. |
PRJ-10417, |
Mobile Access |
Some Web applications published by Mobile Access Blade may not work in Host Translation mode. |
PRJ-9780 |
ClusterXL |
Resetting SIC on a Cluster member may result in CCP Encryption turned OFF while it should remain ON. |
PRJ-10979, |
ClusterXL |
SNMP Response for OID .1.3.6.1.4.1.2620.1.5.6 ("haState") is "Active" on all members of ClusterXL High Availability mode. Refer to sk106291. |
PRJ-11611, |
ClusterXL |
In some scenarios, the fwk process unexpectedly exits on cluster member. |
PRJ-11402, |
SecureXL |
NEW: Performance improvement for DOS/Rate Limiting rules under a high connection rate. |
PRJ-12548, |
SecureXL |
NEW: Added tunable kernel parameter "adp_mc_rt_hold_queue_len" to adpkern.conf to eliminate multicast packet drops at the start of a connection (when large bursts of multicast traffic are expected). |
PRJ-12019, |
SecureXL |
In some scenarios, ACK, FIN, and RST TCP packets may be dropped, causing outages. |
PRJ-11551 |
SecureXL |
MCAST packets may be handled incorrectly when promiscuous (tcpdump) mode is enabled for the interface. |
PRJ-12175, |
SecureXL |
In some scenarios, TCP traffic containing the TCP Fast Open option may be dropped by the Security Gateway. |
PRJ-11684, |
Routing |
NEW: Performance improvement for multicast packets in SecureXL (fast path) when there are no multicast listeners. |
PRJ-12222, |
Routing |
In some scenarios, routed process unexpectedly exits when adding an interface to OSPFv3 with a prefix length above 63 and having two or more areas. |
PRJ-10734, |
VSX |
NEW: Adding bridge interfaces to a regular VS in VSX is allowed via vsx_provisioning_tool by using this command: attach bridge vd <vs_name> ifs1 <first_interface_name> ifs2 <second_interface_name> |
PRJ-12622, |
VSX |
In a rare scenario, creating new VSX and pushing configuration may cause the cluster members to crash. |
PRJ-13060, |
VSX |
When performing a provisioning operation in VSX, process may hang on "Pushing configuration to ...". Refer to sk167175. |
PRJ-12813, |
Gaia OS |
The activate_sw_raid utility may fail due to incorrect disk names. |
PRJ-11755, |
Gaia OS |
The snmptrap command fails and shows an error related to EngineID. |
PRJ-11854, |
Gaia OS |
On 15600 appliances, the "service ipmi start" command may fail to start the IPMI Service. |
PRJ-10309, |
Gaia OS |
Incorrect status may be displayed in Clish for pulled PSU. |
PRJ-10273, |
VPN |
NEW: 3DES is disabled by default for HTTPS Inspection, Mobile Access Portal, Identity Awareness Portal, ICA Portal, SmartManagement Portal, SecurePlatform WebUI, and Mobile Access curl. |
PRJ-12102, |
VPN |
NEW: Added Large-scale support for Visitor Mode. Refer to sk168297. |
PRJ-12179, |
VPN |
Connectivity improvements for Remote Access VPN using Traditional mode. |
PRJ-11644, |
VPN |
Added Stability improvement for Remote Access VPN. |
PRJ-11711, |
Endpoint Security |
In SmartEndpoint, Anti-Malware's "Top Infections" report has an empty infection name. Refer to sk166232. |
PRJ-11825, |
Endpoint Security |
Users/devices may not change their locations in the tree according to Active Directory changes when certain special characters appear in the names. |
PRJ-11841, |
Endpoint Security |
Cannot delete the client MSI package from SmartEndpoint because of previously deleted FDE offline group. |
PRJ-11833, |
Endpoint Security |
The Endpoint directory scanner may fail to reconnect to the AD if the connection was lost during the scan. |
PRJ-11820, |
Endpoint Security |
The default paths for offline folders in SmartEndpoint -> Offline group creation wizard may be incorrect. |
PRJ-11837, |
Endpoint Security |
An error in FDE pre-boot users calculation may cause Endpoint to be left in a disconnected state. Refer to sk142313. |
PRJ-11145, |
Endpoint Security |
Local users may not be displayed under the selected machine in the "Users and Computers tab" in SmartEndpoint. Refer to sk166316. |
PRJ-11816, |
Endpoint Security |
When a user name is updated in SmartEndpoint, the change may result in an unexpected expiration date. Refer to sk165872. |
PRJ-11245, |
VoIP |
SIP calls with NAT (SIP packet with no SDP but content-type=sdp) may fail to open correctly. |
PRJ-9105, |
VoIP |
In a rare scenario, Security gateway crashes when passing SIP traffic. Refer to sk166474. |