R80.40 Jumbo Hotfix Take 83

Note - This Take contains all fixes from all earlier Takes.

ID	Product	Description
Take 83 Released on 04 October 2020 and declared as Recommended on 25 October 2020
PRJ-8954, MCFG-246	Upgrade Tools	Upgrade from R80.10 to R80.40 may fail with messages related to cmsobfuscationkey. Refer to sk168933.
PRJ-15610, PMTR-57447	Security Management	NEW: Added ability to run Management REST API on a Multi-Domain Log Server.
PRJ-16147, PMTR-58152	Security Management	NEW: The "cma_migrate" command will continue working if the SSH connection with the Multi-Domain Server was lost. If the user presses "Ctrl+C" while cma_migrate is running, the user will be asked whether to stop cma_migrate or to continue.
PRJ-15501, PMTR-56638	Security Management	NEW: The $MDS_FWDIR/scripts/cpm_status.sh script will show if the CPM process fails to start.
PRJ-15497, PMTR-57275	Security Management	$MDS_FWDIR/scripts/solr_start.sh script may fail to start Solr Cure if sk123417 is applied.
PRJ-16876, PRHF-12879	Security Management	In some scenarios, sessions that were opened for the third parties or automatic scripts that use Management API, remain open. Refer to sk169072.
PRJ-11704, PRHF-9017	Security Management	The Purge Revisions operation may not clean deleted objects of previous revisions
PRJ-14297, PRHF-11704	Security Management	In rare scenarios, High Availability sync fails with "NGM failed to import data" error after the user deletes a Permission Role.
PRJ-13463, PMTR-54975	Security Management	In rare scenarios, Install Policy Presets are not triggered.
PRJ-14492, SMCUPG-1384	Security Management	In some scenarios, migrating two different Security Management Servers to domains in the same Multi-Domain Management Server fails.
PRJ-13919, MCFG-242	Security Management	In some scenarios, exporting the Security Management Server in order to migrate it to Domain in Multi-Domain Environment fails.
PRJ-13613, PRHF-11300	Security Management	In rare scenarios, the "where-used" API command fails with "Management server failed to execute command" error.
PRJ-13727, PMTR-55574	Multi-Domain Management	NEW: Global object deletion will be blocked if used in Domains on the Multi Domain Server. The "Unused Objects" filter in the Global Domain will show objects only if not used by all of the Domains on the Multi-Domain Server.
PRJ-14455, PRHF-11940	Multi-Domain Management	Policies may disappear from the Global Domain Assignments view after running the Solr Cure utility. Refer to sk168060.
PRJ-15720, PRHF-12271	Multi-Domain Management	When the user attempts to add/change the Leading Interface through mdsconfig, it may fail with the "no external interfaces found on this machine" error. Refer to sk168319.
PRJ-16427, PMTR-58559	Multi-Domain Management	Management HA incremental synchronization may break on the MDS level with "failed to import data" error message due to an operation related to the Compliance Blade.
PRJ-16438, PRHF-12236	Multi-Domain Management	After upgrading a Multi-Domain Management Server, the object version of the Domain Management Servers or Domain Log Servers in the MDS SmartConsole may not have changed.
PRJ-17307, PMTR-59799	Multi-Domain Management	In rare scenarios, the FWM process may unexpectedly exit and fail the Multi-Domain Management server upgrade.
PRJ-15972, PRHF-10916	SmartConsole	Global Policy reassign in MDS may fail with "An internal error has occurred" message after adding overrides to Snort protections.
PRJ-15372, PMTR-57065	SmartConsole	The user may not be able to delete objects that are referenced by a previously deleted policy. Refer to sk122954.
PRJ-16091, PMTR-55032	SmartConsole	The "Get Interfaces" operation fails when admin creates a new cluster and decides to remove one of the members before he selects "Get Interfaces".
PRJ-13906, PMTR-54935	SmartConsole	In some scenarios, when working with older applications like SmartView or SmartProvisioning, the admin count in SmartConsole presents an incorrect number of connected admins.
PRJ-16342, PMTR-58390	SmartConsole	Setting or creating HTTPS layer (add-https-layer) with the "shared" parameter using the API may fail with the "Unrecognized parameter [shared]" error.
PRJ-12855, PRHF-10453	SmartConsole	Hit count data may not be deleted automatically.
PRJ-13456, PRHF-10952	SmartConsole	In some scenarios, Management API commands with "details-level":"full" Payload return a truncated output and fail to complete. Refer to sk170414.
PRJ-15482, PMTR-39061	SmartProvisioning	In some scenarios, when the user installs policy on R77.30 Central Office Security Gateway from Management version R80 and higher, VPN tunnels may be dropped for LSM Gateways.
PRJ-13171, PRHF-9994	Compliance	Compliance Partial Scans in Multi-Domain environments using Global Policies may lead to SmartConsole freeze or long publish times. Refer to sk170562.
PRJ-13562, PMTR-53242	Logging	In rare scenarios, the evstop script does not stop all logging processes. As a result, upgrade procedures may hang and show no progress.
PRJ-14357, SL-4323	SmartView	In SmartView, when the user sends a generated report via email in a language with non-standard English letters (Accented, Cyrillic, Chinese, Japanese, etc), some of the text may appear as question marks (?).
PRJ-14362, PMTR-54723	SmartView	In SmartView, the icon is missing from the cover page of Compliance and Content Awareness PDF reports.
PRJ-12208, PMTR-52793	Security Gateway	UPDATE: Added the latest fixes and security improvements to OpenSSL.
PRJ-16624, PMTR-58538	Security Gateway	Updated Dynamic Balancing Clish commands. Refer to sk164155.
PRJ-16995, PMTR-59154	Security Gateway	In some scenarios, Dynamic Balancing is unable to configure MQ setting for some interfaces.
PRJ-16401, PRHF-12631	Security Gateway	When using Management Data Plane Separation (MDPS), schedule backup may fail.
PRJ-14126, PMTR-56181	Security Gateway	In some scenarios, compilation errors during policy installation are ignored instead of immediately failing the policy. This may cause drops on the Security Gateway.
PRJ-14634, PRHF-12058	Security Gateway	In rare scenarios, Security Gateway memory consumption may increase.
PRJ-15633, PMTR-57462	Security Gateway	In a rare scenario, Security gateway may crash due to NULL pointer reference.
PRJ-13346, PRHF-8408	Security Gateway	In a rare scenario, the FWD process opens connections to port 111.
PRJ-13888, PRHF-9759	Security Gateway	An interface name with more than 15 characters may cause the policy installation to fail. Refer to sk167955.
PRJ-15841, PRHF-12221	Security Gateway	ICAP block page displays virus name as "Unknown" instead of the virus name as it appears in the logs.
PRJ-16406, PRHF-12305	Security Gateway	In some scenarios, when VPN Blade or ISP Redundancy are used, traffic may be routed to the wrong interface. Refer to sk168881.
PRJ-16159, PMTR-58124	Security Gateway	In a rare scenario, Security Gateway may crash after policy installation.
PRJ-12947, PRHF-10972	Security Gateway	After policy installation, the output of the "cphaprob stat" command may show "HA module not started" when a large number of non-monitored Cluster interfaces are configured in SmartConsole. This fix adds support for multiple non-monitored interfaces in SmartConsole.
PRJ-15771, PMTR-57606	Security Gateway	In some scenarios, DNS protections configured on inspection settings may not be enforced.
PRJ-14449, PMTR-10041	Security Gateway	In some scenarios, large number of interfaces defined on Security gateway may cause high CPU utilization by CPD process. Refer to sk168674.
PRJ-9849, PRHF-7150	Security Gateway	In some scenarios, SCCP traffic may be dropped by the Security Gateway. Refer to sk108124.
PRJ-17223, PMTR-59359	Security Gateway	Enabling both Dynamic Balancing and MDPS causes Dynamic Balancing to stop.
PRJ-17097, PMTR-59478	Security Gateway	In rare scenarios, Dynamic Balancing fails to start after boot due to state verification failure.
PRJ-15849, PMTR-57739	Security Gateway	SXL drop due to routing configuration when using security zone on bridge (layer2).
PRJ-17421, PMTR-54539	Threat Emulation, Security Gateway	In a rare scenario, Threat Emulation and 2 core appliances may freeze. Refer to sk169575.
PRJ-16107, PRHF-12463	URL Filtering	In some scenarios, there may be sporadic connectivity issues in the Anti-Malware/URLF service (RAD).
PRJ-15689, PRHF-12067	HTTPS Inspection	In some scenarios, web traffic may be blocked with "Content Awareness - Error: Internal system error (1000)" error log.
PRJ-14543, PMTR-56472	HTTPS Inspection	In some scenarios, a CRL timeout may occur, which may cause slowness in HTTPS Inspection. Refer to sk169876.
PRJ-15800, PMTR-57645	IPS	In some scenarios, invalid characters are sent to gw-stat report.
PRJ-15581, PRHF-9645	Application Control	In some scenarios, deprecated applications are not removed/replaced during an upgrade from R77.30 to R80.x. Refer to sk131372.
PRJ-11730, PMTR-52415	Anti-Malware	In some scenarios, custom intelligence feeds with URL encoding characters may not be parsed correctly. Refer to sk168077.
PRJ-14067, AVIR-1090	Anti-Malware	In rare scenarios, Security Gateway may crash due to memory allocation failure.
PRJ-16500, PMTR-58709	Anti-Malware	In rare scenarios, Security Gateway crashes during CIFS traffic when the Anti-Virus Blade is in Hold mode and the CIFS feature is enabled for Anti-Virus or Threat Extraction (see sk101606).
PRJ-15540, PMTR-54954	Mobile Access	Mobile Access Secure Workspace feature does not work with SAML/IDP-based authentication when running Secure Workspace is optional.
PRJ-14652, PMTR-56622	Mobile Access	The Mobile Access Blade's portal dialog for editing web application SSO credentials may not work correctly.
PRJ-16998, PRJ-16965	Mobile Access	Mobile Access portal may become unresponsive after Jumbo Hotfix uninstallation. Refer to sk169152.
PRJ-17446	Mobile Access	Mobile Access Blade may fail to install on VSX environments due to a missing configuration file.
PRJ-16681, PRHF-12714	SecureXL	In a rare scenario, Security gateway may crash when receiving packets from an MDPS management interface.
PRJ-14463, PRHF-4457	SecureXL	In a rare scenario, the Security Gateway may crash when deleting certain non-TCP connections.
PRJ-10498, PMTR-50926	SecureXL	In some scenarios, SecureXL makes an offload decision to not accelerate multicast traffic for route-based VPN.
PRJ-15902, PRHF-12374	SecureXL	An asymmetric routing issue may occur between a Virtual System and a Virtual Switch/Router.
PRJ-15485, PMTR-54930	Routing	BGP fails to establish with high MTU setting on Gaia 3.10.
PRJ-15393, PRHF-11950	Routing	A TCP connection between cluster master and subordinate may flap on OSPF attempt to delete a non-Max-Aage LSA.
PRJ-16575, SPC-3089	Routing	In some scenarios, the routed daemon may unexpectedly exit with BGP.
PRJ-14407, PMTR-54728	VPN	Connectivity improvements for Remote Access VPN with L2TP.
PRJ-15534, PMTR-56073	VPN	The "vpn tu tlist" command shows the wrong number of clients connected in Visitor mode.
PRJ-10953, PRHF-8923	VPN	In some scenarios, VPN tunnel connection is dropped with "no MSA for MSPI" error. Refer to sk167393.
PRJ-15331, VPNRA-379	VPN	In some scenarios, Remote Access VPN traffic may be dropped when XFF is enabled.
PRJ-15322, PMTR-48973	VPN	In some scenarios, using LS/HA mode on a VPN tunnel may cause packets to be dropped. Refer to sk160612.
PRJ-14576, PMTR-54771	VPN	IP compression may not work in some scenarios when IKEv2 is configured.
PRJ-15622, PMTR-57459	VPN	Access Roles with MAB SNX as the client type may not work.
PRJ-11052, PRHF-7972	VPN	Improved NAT Detection with 3rd party peers in IKEv1 and IKEv2. Refer to sk165003.
PRJ-16211, VPNRA-469	VPN	Stability improvement for Remote Access VPN.
PRJ-15467, PMTR-46467	VPN	When IKEv2 is configured, traffic that originated from the DAIP external interface may fail to pass.
PRJ-15838, PMTR-40895	VPN	When a Gateway does not recognize the SPI, it sometimes sends the "Invalid SPI" notification in clear. As a result, the peer may ignore it, resulting in an outage.
PRJ-16015, PMTR-55514	VPN	In rare scenarios, Remote Access clients may not be able to re-connect after a failover.
PRJ-15996, PRHF-11856	Gaia OS	NEW: Added Multi-Queue (MQ) support for Sync interface.
PRJ-14591, PRHF-12060	Gaia OS	Reduced the logging of vague messages when the user adds a known host in Clish.
PRJ-12864, PMTR-51379	Gaia OS	Creating LOM users for Smart-1 525/625/5050/5150 appliances may fail if the username length is shorter then 4 characters.
PRJ-11861, PRHF-9702	Gaia OS	It is not allowed to create usernames with reserved words, such as 'eval', 'apply' etc., in the middle of the username in WebUI. Refer to sk170681.
PRJ-11994, PRHF-10312	Gaia OS	In rare scenarios, a snapshot creation may fail.
PRJ-12741, PMTR-51157	Gaia OS	Restore backup may fail due to unmatched upgrade tools.
PRJ-17321, PMTR-58887	Gaia OS	Certain Clish commands, like "show interfaces all", may cause confd to crash. Refer to sk170324.
PRJ-16922, PRHF-12593	Gaia OS	In a rare scenario, the "Allowed-clients" feature does not work as expected for SSH.
PRJ-13942, PRHF-11368	Gaia OS	In some scenarios, when the RADIUS user enables bash logging (as per sk99134) and moves to expert mode, the username in the log files appears as admin instead of RADIUS.
PRJ-16080, PMTR-57581	Gaia OS	In some scenarios, when the user tries to return to the factory default, the machine reverts to a different snapshot.
PRJ-16567, PRHF-12526	Gaia OS	In the Management Data Plane Separation (MDPS) environment, the output for the "show asset network" command may not report some line cards if they have mixed management/data plane interfaces.
PRJ-10079, PMTR-50675	Gaia OS	When enlarging the partition via lvm_manager from a small partition to a larger partition, the user may reach an internal filesystem settings limit. As a result, some filesystem monitoring commands unexpectedly exit. Refer to sk165258.
PRJ-15861, PMTR-57779	Gaia OS	The "Error I40E_AQ_RC_EINVAL adding RX filters on PF" error may appear during i40e driver operation and RSS key may be reset during certain driver operations.
PRJ-11130, PMTR-51775	Gaia OS	Setting LACP rate does not survive a reboot on Gaia 3.10.
PRJ-15600, PRHF-11404	Endpoint Security	Gaia backup with Endpoint Management may miss some information from the Endpoint database. Refer to sk168062.
PRJ-16474, PRHF-11087	Endpoint Security	"An unexpected error occurred" message may appear when the user clicks on 'View Current Status' in SmartEndpoint's 'Overview' tab. Refer to sk167176.
PRJ-15423, PMTR-57126	CloudGuard Network	NEW: Added support for VMware vCenter version 7 to CloudGuard Controller.
PRJ-12838, PMTR-53868	CloudGuard Network	NEW: Added new AWS regions af-south-1, ap-northeast-3, and eu-south-1.
PRJ-16019, PRHF-12425	CloudGuard Network	In some scenarios, CloudGuard Controller may lose connection to GCP projects. Refer to sk168499.
PRJ-16254, PRHF-12538	CloudGuard Network	Scanning of GCP Data Center may fail when instance does not have disks.
PRJ-12185, VSECC-1293	CloudGuard Network	CloudGuard Controller may sometimes update the Standby cluster member in VSLS mode.
PRJ-16223, PRHF-12510	CloudGuard Network	Azure Data Center scan may fail and no updated are sent to the Security gateway.
PRJ-15355, STRM-152	QoS	In some scenarios, QoS Policy installation fails with the following message: "Error - QoS Policy does not apply to any network interface. Please edit your Network Object and check the interfaces you wish to install on" when policy is defined properly on the interface.