R80.40 Jumbo Hotfix Take 87
|
Note - This Take contains all fixes from all earlier Takes. |
ID |
Product |
Description |
---|---|---|
Take 87 Released on 5 November 2020 and declared as Recommended on 22 November 2020 |
||
PRJ-15565, |
Security Management |
NEW: In some scenarios, modifying or deleting objects in bulk may cause slowness in SmartConsole responses and long duration of operations. Ability to improve performance in such cases was added. Refer to sk135972. |
PRJ-18769, |
Security Management |
NEW: Improved FWM process performance during policy or database installation. |
PRJ-14597, |
Security Management |
In some scenarios, Read-Only sessions appear twice in the Sessions view. |
PRJ-16263, |
Security Management |
Upgrade from R80.20 or R80.30 may fail if one of the objects does not have a creator. |
PRJ-17043, |
Security Management |
In rare scenarios, some objects may be locked and not available for editing. Refer to sk169772. |
PRJ-16877 |
Security Management |
In rare scenarios, upgrade from R80.10 may fail with the "Consider using an AFTER trigger instead of a BEFORE trigger to propagate changes to other rows" message in the $MDS_FWDIR/log/postgres.elg file. |
PRJ-16288, |
Security Management |
On rare scenarios IPS or Application Control updates might get stuck on 70% and cannot be launched again until full restart of the Multi-Domain Management Server. |
PRJ-18047, |
Security Management |
In rare scenarios, a Management server may become inaccessible and requires a reboot. Refer to sk170634. |
PRJ-13851, |
Security Management |
In some scenarios, the Security Management Server's startup takes a very long time after editing or deleting many Administrators. |
PRJ-16288, |
Security Management |
In rare scenarios, IPS or Application Control updates may stop at 70% and cannot be launched again until full restart of the Management server. |
PRJ-16643, |
Multi-Domain Management |
In some scenarios, Domain Management Server is shown in System Domain under Domains View even though it was deleted. |
PRJ-17023, |
Multi-Domain Management |
On Multi-Domain Management environment with Global VPN Community usage, policy installation mail fail with "Internal error" message after upgrade. Refer to sk169157. |
PRJ-13796, |
Multi-Domain Management |
In a Multi-Domain Server, domain-related processes may not start when the user runs "evstop" and then "evstart". |
PRJ-17070, |
Multi-Domain Management |
In some scenarios, Domain appears in the System Domain without any Domain Servers. |
PRJ-12246, |
Multi-Domain Management |
In some scenarios, a Global Administrator connected to the Logging and Monitoring view in MDS cannot see auto-complete suggestions when typing in the logs search box. Refer to sk166752. |
PRJ-16313, |
Multi-Domain Management |
After upgrade, a Global VPN Community object defined in the Global Domain is shown as "Unavailable" and a policy installation fails with "Internal error" message. |
PRJ-17238, |
Multi-Domain Management |
On Multi-Domain environments with multiple Multi-Domain servers connected in HA, operations such as "Log in" and "Reassign Global Domain" may fail due to high load on FWM process. |
PRJ-13715, |
Multi-Domain Management |
In some scenarios, when installing a policy from a local domain, while a policy installation initiated by the system domain is still in progress, policy installation invoked by the system domain fails. Refer to sk167692. |
PRJ-16283, |
SmartConsole |
NEW: Added ability for administrators to view, add, and delete licenses directly from SmartConsole.
|
PRJ-18775, |
SmartConsole |
In some scenarios, FWM and CPD processes may consume high CPU due to large number of Security Management/Security Gateway objects in the policy. Refer to sk170256. |
PRJ-16861, |
SmartConsole |
New cluster member's IP address may disappear from the "Network Management" view when changing cluster interface type to "Private". |
PRJ-17880, |
SmartConsole |
In Global Properties under Stateful Inspection tab, the "TCP end timeout (R80.20 and higher gateways)" option does not support values higher than 60 seconds.
|
PRJ-17003, |
SmartConsole |
When using SmartConsole CLI, the application may unexpectedly terminate if the input has quotation marks that are not closed. |
PRJ-9661, |
SmartConsole |
In rare scenarios, Access policy installation may be incorrectly blocked. A verification incorrectly states that HTTPS Inspection rules do not contain 'Any' or 'Application/Site' objects in the Site Category column, even though they do. |
PRJ-16062, |
SmartConsole |
In some scenarios, certain Gateways do not appear in the IPS Core protections list. Refer to sk168474. |
PRJ-15999, |
SmartConsole |
When fetching the LDAP server SSL fingerprint on Global Domain, the operation is not finished. |
PRJ-17822, |
SmartConsole |
In some scenarios, Network Objects are missing in Implied Rule for Mail Transfer Agent.
|
PRJ-16468, |
SmartConsole |
Update corporate Gateway procedure takes a long time and may cause login issues and general slowness in the Provisioning GUI. |
PRJ-17273, |
SmartConsole |
On Multi-Domain environments, some hardware types may be missing from the hardware selection in the gateway editor. Refer to sk169354. |
PRJ-16891, |
SmartView |
In SmartView, after adding a new page to a report, the preview page appears to have no data although it has (this data appears in the Edit Mode). |
PRJ-16433, |
SmartView |
In SmartView's GDPR Report, some of the text appears in German although the selected language is not German. |
PRJ-16999, |
Logging |
UPDATE: Added ability to filter Threat Prevention and Endpoint logs by file size on a Log server machine via Logs & Monitor view in SmartConsole. |
PRJ-13350, |
Logging |
In some scenarios, when the user configures the log exporter filter with the "cp_log_export" command (action, origin, product), the filter is not configured properly according to the used format. |
PRJ-13623, |
Logging |
Leef format is not certified with IBM causing the following issues:
Refer to sk170199. |
PRJ-17008, |
Logging |
In some scenarios, the "CGsoapSessions::AuthenticateSession failed, session is not authenticated" message may appear in mds.elg or fwm.elg file. Refer to sk152933. |
PRJ-17195, |
Security Gateway |
NEW: Added additional statistics to HTTP/2 in CPView. |
PRJ-15830, |
Security Gateway |
In rare scenarios, the "ERROR: dns_reverse_prepare_response_uuids: hash create failed" error is printed to dmesg. |
PRJ-19003, |
Security Gateway |
In some scenarios, when using routing separation, connection from data plane to management plane is dropped. |
PRJ-17313, |
Security Gateway |
In rare scenarios, Security Gateway memory consumption may increase. |
PRJ-16912, |
Security Gateway |
In some scenarios, a timeout occurs when the user enables resource separation via Clish. Refer to sk170372. |
PRJ-17088, |
Security Gateway |
When using a routing separation, syslogd does not move to the management plane. |
PRJ-11293, |
Security Gateway |
Unused OIDs may appear in SNMP MIB file. |
PRJ-14262, |
Security Gateway |
In some scenarios, wrong (too big) SNMP values are displayed when running SNMP query. |
PRJ-17128, |
Security Gateway |
In rare scenarios, Security Gateway memory consumption may increase. |
PRJ-16923, |
Security Gateway |
In some scenarios, "misp_rulematch_outgoing: fw_update_routing_opq_out_ifn failed" error appears in dmesg. |
PRJ-17703, |
Security Gateway |
In rare scenarios, policy installation fails with an "gen_rpc_service_inspect_func: service mismatch in service_arr" error message. Refer to sk174165. |
PRJ-16090, |
Security Gateway |
In some scenarios, policy installation fails with "Error code 0-2000121". |
PRJ-17133, |
Security Gateway |
In a rare scenario, the proxy arp table is not generated. |
PRJ-13261, |
Security Gateway |
In a rare scenario, traffic is dropped with the "[ERROR]: up_handle_get_matched_service_clob: no clob list on handle for type SERVICE;" error in dmesg. |
PRJ-16666, |
Security Gateway |
Security Gateway running in USFW mode (User-Mode Firewall) may crash with fwk core dump. Refer to sk169119. |
PRJ-17606, |
Internal CA |
In some scenarios, manual edit of user's certificate expiration period does not take effect. Refer to sk143292. |
PRJ-16289, |
VoIP |
NEW: Added support for HopCount field in H323 protocol. Refer to sk169513. |
PRJ-16185, |
Identity Awareness |
In some scenarios, the Identity Broker Subscriber may crash. |
PRJ-12546 |
Identity Awareness |
In some scenarios, there may be enforcement issues due to database corruption in PDP kernel tables. |
PRJ-14484, |
Identity Awareness |
SAML (Security Assertion Markup Language) groups mode configuration (pdp idp group status) is not saved after an upgrade. |
PRJ-17200, |
HTTPS Inspection |
In a rare scenario, a connection remains open after it is closed by the server, and the web browser may load a page for a long time. |
PRJ-12561, |
Anti-Malware |
In some scenarios, users may fail to access a web site with many malicious URLs. |
PRJ-13200, |
Anti-Malware |
Security Gateway may crash when trying to access a site encoded with Base64. |
PRJ-15977, |
UserCheck |
In some scenarios, the UserCheck daemon usrchkd may unexpectedly exit. |
PRJ-17345, |
ClusterXL |
When 40000/60000 device is located on the same network segment (same VLAN, same switch) with ClusterXL environment, the cluster states can flap non-stop between the READY and ACTIVE on all cluster members causing outage. |
PRJ-18534, |
SecureXL |
In rare scenarios, when a Wire-Mode is configured on a community, it may cause a Security gateway from another community not to accelerate connections in SecureXL. |
PRJ-17451, |
SecureXL |
In some scenarios, CPView may show incorrect statistics for VPN encrypted/decrypted packets. |
PRJ-9564, |
SecureXL |
In a rare scenario, Security gateway may crash when the Drop Template feature is enabled. |
PRJ-16534, |
Routing |
UPDATE: User does not have to enable logging/accounting in SmartConsole to generate the Netflow records. New "NetFlow Firewall rule" option was added to configure NetFlow to report per Firewall rule by turning it on and enabling Log/Accounting per rule. |
PRJ-15820, |
VPN |
NEW: Performance improvement of VPN tunnel when using SHA-384. Refer to sk168336. |
PRJ-16100, |
VPN |
Remote Access VPN policy installation optimization. Refer to sk173947. |
PRJ-16866, |
VPN |
Software Blade name inconsistency between login and logout logs of an SNX client. |
PRJ-15554, |
VPN |
In some scenarios, the VPN IKEv2 tunnel establishment with LSV peer fails. |
PRJ-10035, |
VPN |
In some scenarios, Security Gateway Portals and Remote Access VPN clients show wrong certificate after certificate renewal. Refer to sk131212. |
PRJ-17330, |
VPN |
Added VPN IKEv2 improvements. |
PRJ-17002, |
VPN |
Connectivity issue may appear between Check Point Gateway and 3rd party device in MEP DPD configuration when 3rd party device is defined as Central Gateway in MEP. Relevant error message: "Failed to resolve VPN MEP gateway". |
PRJ-16442, |
VPN |
In some scenarios, the VPN tunnel status is displayed as "Up - Phase1" in SmartView Monitor although both phase1 and phase2 are up. Refer to sk169121. |
PRJ-16722, |
VPN |
Remote Access potential connectivity issue when there are more than 1 external interfaces. |
PRJ-13095, |
VPN |
RADIUS packet sent by Security gateway, may show the Framed-IP-Address field in the reverse order. Refer to sk167361. |
PRJ-12771, |
VPN |
In some scenarios, RADIUS authentication may take more than five minutes to be fulfilled with Endpoint Clients, reaching connection timeout on the Gateway side. |
PRJ-16661, |
VPN |
Connectivity issue may appear between Check Point Gateway and 3rd party device when using Encryption Domain per Community. |
PRJ-15466, |
Gaia OS |
"show asset" command shows the Network card model CPAC-4-1C instead of CPAC-4-1C-L. |
PRJ-19050, |
Gaia OS |
In some scenarios, when using routing separation, modifying interface IP address fails. |
PRJ-14315, |
Gaia OS |
In rare scenarios, gateway uptime in SmartConsole may show an abnormally high number. Refer to sk167937. |
PRJ-17612, |
Gaia OS |
Several features are duplicated (both in WebUI and Clish) in RBA roles configuration/settings.
|
PRJ-16265, |
Gaia OS |
Multi-Queue IRQ affinity is set incorrectly for i40e and MLX interfaces. |
PRJ-13459, |
Endpoint Security |
NEW: Added ability to enable developer protection feature.
|
PRJ-16600, |
Endpoint Security |
In some scenarios, Policy server stops syncing with the Endpoint Security Server. Refer to sk168912. |
PRJ-14225, |
Endpoint Security |
Push operation may not go through to client due to continuous sync requests. |
PRJ-16569, |
Endpoint Security |
Incorrect time interval for checking RSA key generation may cause message flooding the logs. |
PRJ-16892, |
CloudGuard Network |
CloudGuard Controller imports only the first 50 NSX-T groups. Refer to sk169133. |
PRJ-17750, |
CloudGuard Network |
In some scenarios, userspace cores may appear on CloudGuard for Azure Gateways with VPN enabled and using AES-GCM-256 and AES-256. Refer to sk169417. |