R80.40 Jumbo Hotfix Take 83
|
Note - This Take contains all fixes from all earlier Takes. |
ID |
Product |
Description |
---|---|---|
Take 83 Released on 04 October 2020 and declared as Recommended on 25 October 2020 |
||
PRJ-8954, |
Upgrade Tools |
Upgrade from R80.10 to R80.40 may fail with messages related to cmsobfuscationkey. Refer to sk168933. |
PRJ-15610, |
Security Management |
NEW: Added ability to run Management REST API on a Multi-Domain Log Server. |
PRJ-16147, |
Security Management |
NEW: The "cma_migrate" command will continue working if the SSH connection with the Multi-Domain Server was lost. If the user presses "Ctrl+C" while cma_migrate is running, the user will be asked whether to stop cma_migrate or to continue. |
PRJ-15501, |
Security Management |
NEW: The $MDS_FWDIR/scripts/cpm_status.sh script will show if the CPM process fails to start. |
PRJ-15497, |
Security Management |
$MDS_FWDIR/scripts/solr_start.sh script may fail to start Solr Cure if sk123417 is applied. |
PRJ-16876, |
Security Management |
In some scenarios, sessions that were opened for the third parties or automatic scripts that use Management API, remain open. Refer to sk169072. |
PRJ-11704, |
Security Management |
The Purge Revisions operation may not clean deleted objects of previous revisions |
PRJ-14297, |
Security Management |
In rare scenarios, High Availability sync fails with "NGM failed to import data" error after the user deletes a Permission Role. |
PRJ-13463, |
Security Management |
In rare scenarios, Install Policy Presets are not triggered. |
PRJ-14492, |
Security Management |
In some scenarios, migrating two different Security Management Servers to domains in the same Multi-Domain Management Server fails. |
PRJ-13919, |
Security Management |
In some scenarios, exporting the Security Management Server in order to migrate it to Domain in Multi-Domain Environment fails. |
PRJ-13613, |
Security Management |
In rare scenarios, the "where-used" API command fails with "Management server failed to execute command" error. |
PRJ-13727, |
Multi-Domain Management |
NEW:
|
PRJ-14455, |
Multi-Domain Management |
Policies may disappear from the Global Domain Assignments view after running the Solr Cure utility. Refer to sk168060. |
PRJ-15720, |
Multi-Domain Management |
When the user attempts to add/change the Leading Interface through mdsconfig, it may fail with the "no external interfaces found on this machine" error. Refer to sk168319. |
PRJ-16427, |
Multi-Domain Management |
Management HA incremental synchronization may break on the MDS level with "failed to import data" error message due to an operation related to the Compliance Blade. |
PRJ-16438, |
Multi-Domain Management |
After upgrading a Multi-Domain Management Server, the object version of the Domain Management Servers or Domain Log Servers in the MDS SmartConsole may not have changed. |
PRJ-17307, |
Multi-Domain Management |
In rare scenarios, the FWM process may unexpectedly exit and fail the Multi-Domain Management server upgrade. |
PRJ-15972, |
SmartConsole |
Global Policy reassign in MDS may fail with "An internal error has occurred" message after adding overrides to Snort protections. |
PRJ-15372, |
SmartConsole |
The user may not be able to delete objects that are referenced by a previously deleted policy. Refer to sk122954. |
PRJ-16091, |
SmartConsole |
The "Get Interfaces" operation fails when admin creates a new cluster and decides to remove one of the members before he selects "Get Interfaces". |
PRJ-13906, |
SmartConsole |
In some scenarios, when working with older applications like SmartView or SmartProvisioning, the admin count in SmartConsole presents an incorrect number of connected admins. |
PRJ-16342, |
SmartConsole |
Setting or creating HTTPS layer (add-https-layer) with the "shared" parameter using the API may fail with the "Unrecognized parameter [shared]" error. |
PRJ-12855, |
SmartConsole |
Hit count data may not be deleted automatically. |
PRJ-13456, |
SmartConsole |
In some scenarios, Management API commands with "details-level":"full" Payload return a truncated output and fail to complete. Refer to sk170414. |
PRJ-15482, |
SmartProvisioning |
In some scenarios, when the user installs policy on R77.30 Central Office Security Gateway from Management version R80 and higher, VPN tunnels may be dropped for LSM Gateways. |
PRJ-13171, |
Compliance |
Compliance Partial Scans in Multi-Domain environments using Global Policies may lead to SmartConsole freeze or long publish times. Refer to sk170562. |
PRJ-13562, |
Logging |
In rare scenarios, the evstop script does not stop all logging processes. As a result, upgrade procedures may hang and show no progress. |
PRJ-14357, |
SmartView |
In SmartView, when the user sends a generated report via email in a language with non-standard English letters (Accented, Cyrillic, Chinese, Japanese, etc), some of the text may appear as question marks (?). |
PRJ-14362, |
SmartView |
In SmartView, the icon is missing from the cover page of Compliance and Content Awareness PDF reports. |
PRJ-12208, |
Security Gateway |
UPDATE: Added the latest fixes and security improvements to OpenSSL. |
PRJ-16624, |
Security Gateway |
Updated Dynamic Balancing Clish commands. Refer to sk164155. |
PRJ-16995, |
Security Gateway |
In some scenarios, Dynamic Balancing is unable to configure MQ setting for some interfaces. |
PRJ-16401, |
Security Gateway |
When using Management Data Plane Separation (MDPS), schedule backup may fail. |
PRJ-14126, |
Security Gateway |
In some scenarios, compilation errors during policy installation are ignored instead of immediately failing the policy. This may cause drops on the Security Gateway. |
PRJ-14634, |
Security Gateway |
In rare scenarios, Security Gateway memory consumption may increase. |
PRJ-15633, |
Security Gateway |
In a rare scenario, Security gateway may crash due to NULL pointer reference. |
PRJ-13346, |
Security Gateway |
In a rare scenario, the FWD process opens connections to port 111. |
PRJ-13888, |
Security Gateway |
An interface name with more than 15 characters may cause the policy installation to fail. Refer to sk167955. |
PRJ-15841, |
Security Gateway |
ICAP block page displays virus name as "Unknown" instead of the virus name as it appears in the logs. |
PRJ-16406, |
Security Gateway |
In some scenarios, when VPN blade or ISP Redundancy are used, traffic may be routed to the wrong interface. Refer to sk168881. |
PRJ-16159, |
Security Gateway |
In a rare scenario, Security Gateway may crash after policy installation. |
PRJ-12947, |
Security Gateway |
After policy installation, the output of the "cphaprob stat" command may show "HA module not started" when a large number of non-monitored Cluster interfaces are configured in SmartConsole.
|
PRJ-15771, |
Security Gateway |
In some scenarios, DNS protections configured on inspection settings may not be enforced. |
PRJ-14449, |
Security Gateway |
In some scenarios, large number of interfaces defined on Security gateway may cause high CPU utilization by CPD process. Refer to sk168674. |
PRJ-9849, |
Security Gateway |
In some scenarios, SCCP traffic may be dropped by the Security Gateway. Refer to sk108124. |
PRJ-17223, |
Security Gateway |
Enabling both Dynamic Balancing and MDPS causes Dynamic Balancing to stop. |
PRJ-17097, |
Security Gateway |
In rare scenarios, Dynamic Balancing fails to start after boot due to state verification failure. |
PRJ-15849, |
Security Gateway |
SXL drop due to routing configuration when using security zone on bridge (layer2). |
PRJ-17421, |
Threat Emulation, |
In a rare scenario, Threat Emulation and 2 core appliances may freeze. Refer to sk169575. |
PRJ-16107, |
URL Filtering |
In some scenarios, there may be sporadic connectivity issues in the Anti-Malware/URLF service (RAD). |
PRJ-15689, |
HTTPS Inspection |
In some scenarios, web traffic may be blocked with "Content Awareness - Error: Internal system error (1000)" error log. |
PRJ-14543, |
HTTPS Inspection |
In some scenarios, a CRL timeout may occur, which may cause slowness in HTTPS Inspection. Refer to sk169876. |
PRJ-15800, |
IPS |
In some scenarios, invalid characters are sent to gw-stat report. |
PRJ-15581, |
Application Control |
In some scenarios, deprecated applications are not removed/replaced during an upgrade from R77.30 to R80.x. Refer to sk131372. |
PRJ-11730, |
Anti-Malware |
In some scenarios, custom intelligence feeds with URL encoding characters may not be parsed correctly. Refer to sk168077. |
PRJ-14067, |
Anti-Malware |
In rare scenarios, Security Gateway may crash due to memory allocation failure. |
PRJ-16500, |
Anti-Malware |
In rare scenarios, Security Gateway crashes during CIFS traffic when the Anti-Virus blade is in Hold mode and the CIFS feature is enabled for Anti-Virus or Threat Extraction (see sk101606). |
PRJ-15540, |
Mobile Access |
Mobile Access Secure Workspace feature does not work with SAML/IDP-based authentication when running Secure Workspace is optional. |
PRJ-14652, |
Mobile Access |
The Mobile Access Blade's portal dialog for editing web application SSO credentials may not work correctly. |
PRJ-16998, |
Mobile Access |
Mobile Access portal may become unresponsive after Jumbo Hotfix uninstallation. Refer to sk169152. |
PRJ-17446 |
Mobile Access |
Mobile Access Blade may fail to install on VSX environments due to a missing configuration file. |
PRJ-16681, |
SecureXL |
In a rare scenario, Security gateway may crash when receiving packets from an MDPS management interface. |
PRJ-14463, |
SecureXL |
In a rare scenario, the Security Gateway may crash when deleting certain non-TCP connections. |
PRJ-10498, |
SecureXL |
In some scenarios, SecureXL makes an offload decision to not accelerate multicast traffic for route-based VPN. |
PRJ-15902, |
SecureXL |
An asymmetric routing issue may occur between a Virtual System and a Virtual Switch/Router. |
PRJ-15485, |
Routing |
BGP fails to establish with high MTU setting on Gaia 3.10. |
PRJ-15393, |
Routing |
A TCP connection between cluster master and slave may flap on OSPF attempt to delete a non-Max-Aage LSA. |
PRJ-16575, |
Routing |
In some scenarios, the routed daemon may unexpectedly exit with BGP. |
PRJ-14407, |
VPN |
Connectivity improvements for Remote Access VPN with L2TP. |
PRJ-15534, |
VPN |
The "vpn tu tlist" command shows the wrong number of clients connected in Visitor mode. |
PRJ-10953, |
VPN |
In some scenarios, VPN tunnel connection is dropped with "no MSA for MSPI" error. Refer to sk167393. |
PRJ-15331, |
VPN |
In some scenarios, Remote Access VPN traffic may be dropped when XFF is enabled. |
PRJ-15322, |
VPN |
In some scenarios, using LS/HA mode on a VPN tunnel may cause packets to be dropped. Refer to sk160612. |
PRJ-14576, |
VPN |
IP compression may not work in some scenarios when IKEv2 is configured. |
PRJ-15622, |
VPN |
Access Roles with MAB SNX as the client type may not work. |
PRJ-11052, |
VPN |
Improved NAT Detection with 3rd party peers in IKEv1 and IKEv2. Refer to sk165003. |
PRJ-16211, |
VPN |
Stability improvement for Remote Access VPN. |
PRJ-15467, |
VPN |
When IKEv2 is configured, traffic that originated from the DAIP external interface may fail to pass. |
PRJ-15838, |
VPN |
When a Gateway does not recognize the SPI, it sometimes sends the "Invalid SPI" notification in clear. As a result, the peer may ignore it, resulting in an outage. |
PRJ-16015, |
VPN |
In rare scenarios, Remote Access clients may not be able to re-connect after a failover. |
PRJ-15996, |
Gaia OS |
NEW: Added Multi-Queue (MQ) support for Sync interface. |
PRJ-14591, |
Gaia OS |
Reduced the logging of vague messages when the user adds a known host in Clish. |
PRJ-12864, |
Gaia OS |
Creating LOM users for Smart-1 525/625/5050/5150 appliances may fail if the username length is shorter then 4 characters. |
PRJ-11861, |
Gaia OS |
It is not allowed to create usernames with reserved words, such as 'eval', 'apply' etc., in the middle of the username in WebUI. Refer to sk170681. |
PRJ-11994, |
Gaia OS |
In rare scenarios, a snapshot creation may fail. |
PRJ-12741, |
Gaia OS |
Restore backup may fail due to unmatched upgrade tools. |
PRJ-17321, |
Gaia OS |
Certain Clish commands, like "show interfaces all", may cause confd to crash. Refer to sk170324. |
PRJ-16922, |
Gaia OS |
In a rare scenario, the "Allowed-clients" feature does not work as expected for SSH. |
PRJ-13942, |
Gaia OS |
In some scenarios, when the RADIUS user enables bash logging (as per sk99134) and moves to expert mode, the username in the log files appears as admin instead of RADIUS. |
PRJ-16080, |
Gaia OS |
In some scenarios, when the user tries to return to the factory default, the machine reverts to a different snapshot. |
PRJ-16567, |
Gaia OS |
In the Management Data Plane Separation (MDPS) environment, the output for the "show asset network" command may not report some line cards if they have mixed management/data plane interfaces. |
PRJ-10079, |
Gaia OS |
When enlarging the partition via lvm_manager from a small partition to a larger partition, the user may reach an internal filesystem settings limit. As a result, some filesystem monitoring commands unexpectedly exit. Refer to sk165258. |
PRJ-15861, |
Gaia OS |
The "Error I40E_AQ_RC_EINVAL adding RX filters on PF" error may appear during i40e driver operation and RSS key may be reset during certain driver operations. |
PRJ-11130, |
Gaia OS |
Setting LACP rate does not survive a reboot on Gaia 3.10. |
PRJ-15600, |
Endpoint Security |
Gaia backup with Endpoint Management may miss some information from the Endpoint database. Refer to sk168062. |
PRJ-16474, |
Endpoint Security |
"An unexpected error occurred" message may appear when the user clicks on 'View Current Status' in SmartEndpoint's 'Overview' tab. Refer to sk167176. |
PRJ-15423, |
CloudGuard Network |
NEW: Added support for VMware vCenter version 7 to CloudGuard Controller. |
PRJ-12838, |
CloudGuard Network |
NEW: Added new AWS regions af-south-1, ap-northeast-3, and eu-south-1. |
PRJ-16019, |
CloudGuard Network |
In some scenarios, CloudGuard Controller may lose connection to GCP projects. Refer to sk168499. |
PRJ-16254, |
CloudGuard Network |
Scanning of GCP Data Center may fail when instance does not have disks. |
PRJ-12185, |
CloudGuard Network |
CloudGuard Controller may sometimes update the Standby cluster member in VSLS mode. |
PRJ-16223, |
CloudGuard Network |
Azure Data Center scan may fail and no updated are sent to the Security gateway. |
PRJ-15355, |
QoS |
In some scenarios, QoS Policy installation fails with the following message: "Error - QoS Policy does not apply to any network interface. Please edit your Network Object and check the interfaces you wish to install on" when policy is defined properly on the interface. |