R80.40 Jumbo Hotfix Take 91

Note - This Take contains all fixes from all earlier Takes.

ID	Product	Description
Take 91 Released on 16 December 2020 and declared as Recommended on 26 January 2021
PRJ-19279, PMTR-60665	Security Management	NEW: The upgrade process is being monitored dynamically and will be stopped if it cannot be completed, not basing on a timeout.
PRJ-13934	Security Management	Login with SmartConsole may be blocked while purge revisions action is running.
PRJ-19084, PRHF-13972	Security Management	In some scenarios, HA synchronization may fill up the disk space of a standby Management Server. Refer to sk168492.
PRJ-18379, PMTR-53043	Security Management	In some scenarios, SecurID configuration files on the Security Gateway are overridden upon policy installation.
PRJ-18817, PRHF-13819	Security Management	Management HA synchronization between Multi-Domain Management Servers may fail with "Failed to import data" error due to manual or automatic updates of contracts.
PRJ-18030, PMTR-58678	Security Management	In some scenarios, export of EndPoint package may fail due to FWM process that utilize 100% CPU.
PRJ-19021, PMTR-61616	Security Management	In rare scenarios, FWM process may unexpectedly exit after a login attempt to the Management server.
PRJ-18492, PRHF-13681	Security Management	In rare scenarios, a policy installation task may never complete.
PRJ-13476, PRHF-11299	Security Management	Domain Servers may disappear from Multi-Domain view after running the Solr Cure utility.
PRJ-15906, PRHF-12367	Security Management	Security policy compilation fails if the Domain network object name (FDQN name) contains space.
PRJ-17692, PRHF-13332	Security Management	In some scenarios, HA temporary sub-directories under $FWDIR/tmp are not deleted if sync fails. Refer to sk170972.
PRJ-19131, PRHF-13996	Security Management	Advanced Upgrade from R80.10 to R80.40 with Jumbo Hotfix Take 83 may fail. Refer to sk170313.
PRJ-18288, PMTR-61010	Security Management	In rare scenarios, the CPU and memory usage of CPM process may be abnormally high. Refer to sk170672.
PRJ-18954, PRHF-13948	Security Management	Policy verification may fail with error "For security gateways R80.40 and higher, rules that use Access Roles can only have "Any Traffic" or "RemoteAccess" in the VPN column".
PRJ-16724, PMTR-58803	Security Management	Exports of views and reports may fail when they are initiated while connected to SmartEvent with a new administrator. Assign and Install Global Policy feature may fail with the "Timeout during task progress: Could not get information regarding task completion" error message. For more information, refer to sk170632.
PRJ-18265, PRHF-13607	Security Management	'Revert to Revision' tasks cannot be cleared from tasks pane in SmartConsole.
PRJ-16369, PRHF-12594	Security Management	When logging into SmartConsole directly to a Domain using RADIUS or TACACS, the Authentication method in the audit log may show as "Internal Password". Refer to sk168716.
PRJ-17763, PMTR-58785	Security Management	When migrating a Security Management Server that was created as a standby and then set to active, into a Domain Management Server, the new Domain is created without an active Domain Server.
PRJ-18690, PRHF-13744	Security Management	Database installation to the newly created Domain Log Server may fail.
PRJ-18907, PMTR-61579	Multi-Domain Management	In some scenarios, size of MDS backup file increases after each policy installation.
PRJ-18251, PRHF-12413	Multi-Domain Management	Migration of Domain Server between different Multi-Domain Servers may fail due to incorrect internal values of default objects.
PRJ-18970, PRHF-13874	Multi-Domain Management	The "cplic db_print -all -x" command fails when running on the MDS level.
PRJ-19647, PMTR-62201	Multi-Domain Management	In rare scenarios, a Domain is shown in the Domains view without any Domain Server or a Domain is shown with Domain Server that was deleted and does not exist anymore. Refer to sk170556.
PRJ-12845, PMTR-53224	Multi-Domain Management	Global Domain Assignment may fail with the "An internal error has occurred" message after deleting a Global VPN Community object.
PRJ-19320, PMTR-61346	SmartConsole	NEW: Added support for Python 3 in Management API scripts.
PRJ-18317, PRJ-18314	SmartConsole	NEW: Added 1600, 1800, and 1570R appliances to SmartConsole Hardware list.
PRJ-19202, PRHF-13955	SmartConsole	In some scenarios, when using the "set simple-gateway" API command with "logs-settings.forward-logs-to-log-server", it fails with "Generic server error". Refer to sk170352.
PRJ-19322, PMTR-60220	SmartConsole	In some scenarios, the api.csv file may show extra empty columns.
PRJ-19376	SmartConsole	In a rare scenario, when user clicks on Mail Transfer Agent (MTA) options in the Security gateway settings or on 'Next hop' column inside MTA settings, SmartConsole shows "Not Responding" and freezes. Refer to sk161232. Requires R80.40 SmartConsole Build 415 (or higher).
PRJ-20163, PMTR-60372	SmartConsole	Duplicate central licenses may be added to the management database. In some rare scenarios, this may lead to heavy load on the FWM process and prevent login.
PRJ-18382, PRHF-13609	SmartConsole	In some scenarios, running an action on a ROBO Gateway behind NAT does not work during sync on SMB appliances.
PRJ-17414, PRHF-13223	SmartConsole	When removing an object from a group using the "groups" field of the object"s module in the Ansible collection, the group will not be changed and Ansible will show that no changes are needed.
PRJ-18041, PMTR-60761	SmartConsole	In some scenarios, after a successful IPS update, the new IPS version does not appear under 'switch version' window.
PRJ-17643, PRHF-13379	SmartConsole	When creating a user with Check Point password authentication through the Management API, log in to Mobile Access portal may fail. Refer to sk170412.
PRJ-18592, PMTR-60476	SmartConsole	After enabling the Endpoint Policy Management Blade on the Security Management Server, some views on SmartConsole may not load properly and SmartClient may disconnect.
PRJ-15743, PRHF-12226	SmartConsole	When using the "set simple-cluster" Management API command to update a user defined security zone, the "Specify security zone" checkbox in SmartConsole is not selected.
PRJ-18465, PRHF-13551	SmartConsole	In some scenarios, Staging mode IPS protections activation in the Local domain does not match the activation in the Global domain after a Global Threat Prevention policy assignment. Refer to sk170322.
PRJ-19057, PMTR-34323	SmartConsole	Upgrade may fail due to IPS protections comment that is exceeding the comment length limit.
PRJ-16706, PRHF-12819	SmartConsole	Enabling Threat Prevention policy may fail with validation errors when the policy's targets include cluster members running a version lower than R80.10.
PRJ-16979, PRHF-12928	SmartConsole	In some scenarios, some Web APIs fail with "Script stopped running due to severe error!" message when SMB gateway is defined as a policy target. Refer to sk169557.
PRJ-14107, PRHF-11590	SmartConsole	Search in Threat Prevention Exceptions in Protection/Site/File/Blade column may not return all expected results.
PRJ-15818, PRHF-12352	SmartConsole	In some scenarios, Management API does not start automatically after restart, although automatic start is enabled. Refer to sk168332.
PRJ-18327, PMTR-58703	SmartConsole	Exception group may be incorrectly deleted in the following scenarios: "Apply On" in exception group is changed from "Automatically attached to each rule with profile" to "Automatically attached to all rules". A profile that was attached to the exception group, is deleted. The group is removed from the exception groups list, however it remains in the Threat Prevention rulebase.
PRJ-18307	SmartProvisioning	NEW: Added support for Threat Emulation Blade on LSM profile of R80.20 SMB gateways and clusters. Requires R80.40 SmartConsole Build 415 (or higher).
PRJ-17482, PRHF-12997	SmartProvisioning	In some scenarios, when recreating a ROBO object with the same name, the new object receives the previous status.
PRJ-14511, PRHF-11981	CPView	In some scenarios, CPView may unexpectedly exit after upgrade from R80.20 GA.
PRJ-17209, PMTR-59637	Compliance	UPDATE: Added ability to select 'Any' in the Service column when creating a custom firewall Best practice. Requires R80.40 SmartConsole Build 415 (or higher).
PRJ-17805	IoT	NEW: Added IoT support to Multi-Domain Security Management. Requires R80.40 SmartConsole Build 415 (or higher).
PRJ-18781, PMTR-56281	SmartView	In rare scenarios, "Critical attacks allowed by policy widgets" in "General Overview" view may show no results while actual data exists. Refer to sk171001.
PRJ-18339, PMTR-60937	SmartView	In some scenarios, SmartView fails to load with a "permission denied" error.
PRJ-19815, SL-4358	Logging	In rare scenarios, the log_indexer process may unexpectedly exit when reading a specific log format. Refer to sk116117.
PRJ-11343, PRHF-9582	Security Gateway	NEW: Added support for authentication with a RADIUS server that expects to receive an empty password on the first message. VPN client will receive 2 dialogs instead of 3.
PRJ-17730, PMTR-60363	Security Gateway	UPDATE: Added a message informing that to enable Dynamic Balancing on models with less than 8 cores, GNAT must be enabled.
PRJ-16668, PMTR-57277	Security Gateway	UPDATE: You cannot manually configure Multi-Queue while Dynamic Balancing is active.
PRJ-17300, PMTR-59775	Security Gateway	Connections distribution may get unbalanced on VSX environment. Refer to sk169352.
PRJ-18833, PMTR-61589, PRJ-18831, PRJ-19063	Security Gateway	In rare scenarios, Security Gateway memory consumption may increase.
PRJ-19957, PMTR-62477	Security Gateway	Half-closed accelerated TCP connections may take too long time to expire.
PRJ-19195, PRHF-13892	Security Gateway	In some scenarios, when using routing separation, connection from data plane to management plane is dropped.
PRJ-10573, PMTR-50743	Security Gateway	The SSH Deep Packet Inspection (SSH DPI) configuration may be lost after upgrade.
PRJ-17704, PMTR-60122	Security Gateway	After enabling USFW mode (User-Space Firewall) and rebooting, system boots in KFW (Kernel mode Firewall) instead. Refer to sk169956.
PRJ-17960, PMTR-60574	Security Gateway	In some scenarios, policy installation fails with "Error code 0-2000077".
PRJ-19179, PMTR-61822	Security Gateway	Connections may be wrongly matched on Domain or Updatable objects used in Security policy.
PRJ-13377, PMTR-54887	Security Gateway	The TCP State Logging feature may not work as expected. Refer to sk101221.
PRJ-16089, PRHF-12224	Security Gateway	In rare scenarios, a memory leak may appear on Security Gateway in gconn table.
PRJ-16172, IDA-754	Security Gateway	After changing 'pdp nested_groups __set_state 2', flat groups are fetched correctly, but nested groups are not fetched. Refer to sk166199.
PRJ-18981, PMTR-61179	Security Gateway	In rare scenarios, Security Gateway may crash with USFW fwk core file.
PRJ-18247, PRJ-18124	Identity Awareness	NEW: Added Identity Sharing performance and functionality improvements. Refer to sk170516.
PRJ-19106, IDA-3240	Identity Awareness	NEW: Performance optimization for Identity broker.
PRJ-18345, PRHF-11733	IPS	NEW: Added ability to send connection log per application match for ATM transactions identification. The functionality is disabled by default and can be enabled by using the "up_duplicate_connection_log_on_packet_matched_app_enabled" kernel parameter.
PRJ-13970, PRHF-11634	IPS	UPDATE: The "ips stat" command now shows all active Threat Prevention profiles with IPS enabled on the Security gateway.
PRJ-16446, PRHF-12684	IPS	The get_ips_statistics.sh script on VSX may fail with "/bin/cat: /proc/self/vrf: No such file or directory" error.
PRJ-18825, PRHF-13605	HTTPS Inspection	The user may not be able to browse with Chrome when using mixed chain with ECDSA subordinate CA in HTTPS Inspection. Refer to sk170332.
PRJ-17594, PMTR-58055	HTTPS Inspection	Connectivity issue may appear for inbound HTTPS Inspection when HTTP/2 is proposed by the client. Refer to sk169375.
PRJ-19465, PMTR-58086	HTTPS Inspection	In some scenarios, the HTTPS Inspection CA bundle is not created on the Security Gateway.
PRJ-17168, PMTR-59212	Anti-Malware	In a rare scenario, Security gateway may crash while processing SMB3 multi-channel when Anti-Virus Blade is enabled.
PRJ-16563, PMTR-58568	Anti-Malware	Security Gateway may crash when certain traffic is handled during policy installation and the Anti-Virus Deep Scanning is enabled.
PRJ-19579, PRJ-16924	Anti-Virus	In rare scenarios, after downloading files, Anti-Virus prevent logs appear with "Strict hold is not possible failure - Write to other side occurred" error message.
PRJ-15944, PRHF-12119	Anti-Bot	In a rare scenario, Security gateway may crash after a match of the Anti-Bot Blade.
PRJ-17640, PRHF-12934	UserCheck	In some scenarios, UserCheck agent notifications may be blocked.
PRJ-18699, PRHF-12299	UserCheck	When using the UserCheck agent, the original URL attribute variable $orig_url$ may appear on URL field of log details.
PRJ-19434, PRHF-13987	SSL Inspection	In rare scenarios, the DynamicID Certificate validation may fail.
PRJ-18957, PRHF-13881	ClusterXL	When MDPS is configured, the output of "cphaprob syncstat" may show unreadable characters for the speed of the sync interface.
PRJ-12589, CLUS-1742	SecureXL	NEW: Added support for Cluster AA/LS.
PRJ-16583, PRHF-12716	SecureXL	In some scenarios, traffic with the destination IP address as the broadcast address configured according to sk98810 is dropped.
-	Gaia OS	NEW: Added support for 1570R and 1600 / 1800 SMB appliances.
PRJ-16672, PMTR-53960	Gaia OS	UPDATE: CPView Network -> Top-Protocols and Network -> Top-Protocols tabs was added back. Refer to sk167903.
PRJ-17921, PRHF-13451	Gaia OS	"cphaprob -h" shows wrong explanation for "cphaprob show_bond [<bond_name>]" command.
PRJ-19330, PRHF-14073	Gaia OS	In some scenarios, login from data plane context fails (no connectivity to server).
PRJ-17714, ROUT-954	Routing	Security Gateway may stop forwarding the Multicast stream when PIM is configured on it. Refer to sk169774.
PRJ-17856, PRHF-13388	Routing	In rare scenarios involving large AS paths, there may be a loss of BGP adjacency. Refer to sk170876.
PRJ-18026, PRHF-13480	Routing	SNMP queries for bgpPeerFsmEstablishedTime return an incorrect constant value. Refer to sk170074.
PRJ-18069, PMTR-59437	VPN	NEW: Added Remote Access VPN performance improvements.
PRJ-18667, PMTR-60847	VPN	NEW: Added Remote Access VPN performance improvement for USFW mode (User-Space Firewall).
PRJ-16432	VPN	UPDATE: Added ability to fetch CRL with proxy in Site-to-Site VPN.
PRJ-17369, PRHF-858	VPN	DynamicID via SMTP does no work when an HTTP proxy server is defined.
PRJ-15742, PRHF-12010	VPN	In some scenarios, findSAByPeer does not validate the peer IP address for DAIP peer behind NAT.
PRJ-18764, PMTR-61360	VPN	In some scenarios, userspace cores may appear on Security gateways with enabled AES-GCM-256 and AES-256 VPN encryption. Refer to sk169417.
PRJ-20283, PRHF-14543	VSX	In some scenarios, SNMP v3 users are not recognized on VSX when SNMP is in VS mode. The 'Unknown user name' error message is displayed. Refer to sk170993.
PRJ-15859, PRHF-7446	Endpoint Security	An exception may be displayed in SmartEndpoint when uploading an offline group software deployment package. Refer to sk165852.
PRJ-16465, PRHF-10929	Endpoint Security	In some scenarios, content of the "User Name" tab in SmartEndpoint is displayed in wrong format.
PRJ-16317, PMTR-58351	Endpoint Security	Client may not be added automatically to a Virtual Group that was configured in the SmartEndpoint export package policy when deployment is done using dynamic package.