R80.40 Jumbo Hotfix Take 78
|
Note - This Take contains all fixes from all earlier Takes. |
ID |
Product |
Description |
---|---|---|
Take 78 Released on 26 August 2020 and declared as Recommended on 9 September 2020 |
||
PRJ-13962, |
Security Management |
NEW: Added the ability to purge revisions automatically based on user configuration. Refer to Automatic Purge Documentation. |
PRJ-12308, |
Security Management |
NEW: Added enhancements for CPM Monitor Tool:
|
PRJ-14645, |
Security Management |
NEW: Solr server process is restarted automatically if it is not responsive for a long time. |
PRJ-13809, |
Security Management |
Publish operation of hundreds of changes may take a long time to complete. |
PRJ-16195, |
Security Management |
When running the 'show-access-rulebase' API command with filter, and the selected layer is an inline layer, rules of the inline layer are not returned even though they match the search criteria. |
PRJ-11491 |
Security Management |
Access Policy installation may remain on Multi-Domain Server with Global Policy assigned when there is Inline layer usage and APPI/DA/Mobile Access Blade is enabled. Refer to sk166676. |
PRJ-13319 |
Security Management |
Upgrade from R80.10 may take many hours when there are hundreds or more Administrators and dozens or more Permission Profiles defined. |
PRJ-13920 |
Security Management |
In Multi-Domain environments with High Availability, if the Management Server is stopped while there is a Purge Revisions operation in progress, the server may fail to start again. Refer to sk168175. |
PRJ-13167, |
Security Management |
When an administrator enters a very long text into an object field (more than 32767 characters), the Security Management Server terminates and fails to start. |
PRJ-13049, |
Security Management |
After the user adds new Threat Indicators, Management HA may fail with "NGM failed to import data" error. Refer to sk167156. |
PRJ-15459, |
Multi-Domain Management |
Policy Installation may fail due to an internal error in an MDS environment where there is a Global Dynamic object usage inside Networks Groups with a depth that is higher than 2-level (group inside a group). |
PRJ-14096, |
SmartConsole |
NEW: Added new API version (1.6.1). The new version includes useful new commands. For more information, refer to the Management API Reference. |
PRJ-13008, |
SmartConsole |
In the Management API, the "show objects" command with details-level full may return the "ip-address" field even if it is empty. |
PRJ-14290, |
SmartConsole |
If there are thousands (or more) of unused objects, the "show unused-objects" API command and the Unused Objects view may load and work very slowly. Also, the load on the Management server will increase, causing general slowness when working with SmartConsole. |
PRJ-14532, |
SmartView |
In some scenarios, when the user attempts to download a DLP attachment from the log card in SmartView, the download does not start. |
PRJ-12705, |
SmartView |
The SmartView Timeline may be distorted when logs contain an empty value for the field specified in the "Series" settings and when the Legend is enabled. Refer to sk167095. |
PRJ-12099, |
Logging |
NEW:
|
PRJ-14049, |
Logging |
In some scenarios, the command "cp_log_export status" prints "last log read at: N/A" rather than a timestamp. |
PRJ-14372, |
Security Gateway |
UPDATE: Reduced CPU usage in some configurations by parsing TLS traffic only when required by the policy. See sk166700 for more information. |
PRJ-14007, |
Security Gateway |
In some scenarios, ESP traffic may be dropped with "fwconn_key_init_links (INBOUND) failed" message. Refer to sk167973. |
PRJ-13678, |
Security Gateway |
In some scenarios, dmesg shows "up_manager_perform_action: up_manager_resume_chain failed" error messages when span port is configured. |
PRJ-8049 |
Security Gateway |
When running 'fw6 ctl affinity -l' command, the IPv6 instances are not displayed. |
PRJ-13267, |
Security Gateway |
Occasional slowness while browsing to HTTP/2 sites when Security Gateway is enabled as an explicit Proxy. |
PRJ-13696, |
Security Gateway |
Proxy arp change is applied only after the second policy installation. |
PRJ-14217, |
Security Gateway |
In a rare scenario, the Security gateway may crash if the rulebase contains a logical server object. |
PRJ-11752, |
Security Gateway |
Citrix file download may fail when the Mobile Access Blade is enabled. |
PRJ-11417, |
Security Gateway |
In some scenarios, NAT log shows source port 0 even though a port was allocated. |
PRJ-13382, |
Security Gateway |
In some scenarios, Security gateway generates an ICMP error with wrong IP address. Refer to sk167953. |
PRJ-13631, |
Identity Awareness |
NEW: Added the ability to filter sessions by session's owner and immediate publisher in Identity Broker. |
PRJ-9494, |
Identity Awareness |
UPDATE: SAML configuration optimizations of policy installation flow. |
PRJ-12565, |
Identity Awareness |
PDP may consume high CPU during policy installation because of a large amount of Access Roles. |
PRJ-10818, |
Identity Awareness |
In a rare scenario, a memory leak may appear in case of LDAP query failure on Identity Collector automatic group update. |
PRJ-8713, |
Identity Awareness |
In some scenarios, Dynamic ID authentication fails when SMS server returns HTTP status code 2xx but not 200 or 202. |
PRJ-13516, |
Identity Awareness |
In some scenarios, a XFF allowed proxy list is enforced only for instance 0 in VSLS environment after VS has transitioned from Backup to Active. |
PRJ-13702, |
Identity Awareness |
In some scenarios, when the user changes the TACACS+ server to a different one, the configuration is applied only after an MDS reboot. |
PRJ-12503, |
Identity Awareness |
In some scenarios, Identity Awareness counters in cluster environments show zero. |
PRJ-11484, |
SSL Inspection |
DynamicID authentication may fail due to server certificate validation failure. Refer to sk167177. |
PRJ-11511, |
SSL Inspection |
In some scenarios, there may be SSL Inspection issues in cluster environments on 1500 Series Security Gateways. Refer to sk170218. |
PRJ-10663, |
Anti-Malware |
In some scenarios, a "Feed Error" message appears when the user fetches a Custom Intelligence Feed. Refer to sk165932. |
PRJ-12809, |
Threat Emulation |
In a rare scenario, files are not uploaded for Threat Emulation or Threat Extraction inspection. |
PRJ-14224 |
ClusterXL |
In some scenarios, SmartConsole shows ClusterXL status as "is not responding". Refer to sk168187. |
PRJ-14612, |
SecureXL |
UPDATE: Added a global variable that enables log for packets that include unapproved IP option. This variable is off by default. |
PRJ-14514, |
SecureXL |
In a rare scenario, a VSX gateway with Virtual Switch may crash. |
PRJ-13414, |
SecureXL |
DECnet DIGITAL Network Architecture (Phase IV) traffic may be dropped. Refer to sk167202. |
PRJ-13763, |
SecureXL |
Security Gateway may crash when concurrent connection rules exist in the DOS/Rate limiting policy and the Application Control Blade is enabled. |
PRJ-14079, |
SecureXL |
For some topologies, RIPV2 neighbors may be missing. Refer to sk167934. |
PRJ-12254, |
Mobile Access |
In some scenarios, Mobile Access end-users become disconnected from their Citrix sessions after policy installation. |
PRJ-13730, |
Mobile Access |
In some scenarios, Web application SSO credentials are not displayed correctly in the 'Credentials' dialog when the application's destination hostname is configured as an IP address. |
PRJ-14435, |
Gaia OS |
NEW: Added support for CPAC-4-10-AB cards. |
PRJ-14596, |
Gaia OS |
NEW: Added Multi-Queue (MQ) support for Management interface. |
PRJ-13642, |
Gaia OS |
NEW: The i40e driver version was upgraded to improve performance. |
PRJ-13011, |
Gaia OS |
RX/TX ring size may reset when changing queue settings. |
PRJ-15424, |
Gaia OS |
Gaia API Service is offline after upgrade to R80.40. |
PRJ-13480, |
Gaia OS |
Intake and outlet temperature sensors display incorrect values on 15400 appliance. |
PRJ-12513 |
Gaia OS |
In some scenarios, due to backup compression errors, restoring a backup does not restore all files. |
PRJ-13719 |
Gaia OS |
In some scenarios, a snapshot creation may fail. |
PRJ-10352, |
Gaia OS |
In rare scenarios, clish consumes 100% CPU when the user runs a Tenable scan. Refer to sk166195. |
PRJ-14402, |
Gaia OS |
In some scenarios, the snapshot creation fails because of compression errors. |
PRJ-13926, |
Routing |
UPDATE: Increased the configuration limits of the BFD timers for detect multiplier, minimum RX interval, and minimum TX interval to 255, 255000, and 255000, respectively. |
PRJ-13979, |
Routing |
UPDATE: The logging of "aspath-regex" and "community-regex" routemap fields is now disabled by default and can be enabled through the trace log. |
PRJ-11805, |
VPN |
In some scenarios, an incorrect IPSec counter may be displayed with cpstats / SmartView Monitor / SNMP in a ClusterXL environment. Refer to sk167297. |
PRJ-14074, |
VPN |
When Security gateway is behind NAT and its main IP address is configured to NAT IP, Client may disconnect when using Visitor Mode. |
PRJ-14244, |
VPN |
VPN traffic may be dropped when working with peer behind NAT - Hide NAT with Port Translation. |
PRJ-13408, |
VPN |
In rare scenarios, the Global Domain Assignment view shows that a Global Domain Assignment is in the 'up to date' state even though it is not. |
PRJ-14075, |
VPN |
When using Visitor Mode, Endpoint Client behind NAT disconnects after 20 seconds when his private network overlaps with some network in the Encryption Domain. |
PRJ-15437, |
VSX |
VSs load up in parallel from boot/after cpstart from VS0. |
PRJ-14151, |
Endpoint Security |
In some scenarios, no audit logs are shown regarding object changes in SmartEndpoint virtual groups and FDE pre-boot users. Refer to sk167907. |
PRJ-14133, |
Endpoint Security |
In some scenarios, the user cannot get an FDE Offline Management File (cpomf) for an offline group in SmartEndpoint if this group or a directory in its path has special characters \ _ %. |