R81.10 Jumbo Hotfix Take 110
|
Note - This Take contains all fixes from all earlier Takes. |
ID |
Product |
Description |
---|---|---|
Take 110 Released on 30 July 2023 and declared as Recommended on 29 August 2023 |
||
PRJ-44422, |
Security Management |
NEW: Added a new field to the output of "mgmt_cli show updatable-objects-repository-content" command. This field displays the object's unique name as it is saved in the updatable objects repository. |
PRJ-43521, |
Security Management |
NEW: It is now possible to add tags to Access rules and sections. A new field "tags" is added to the existing "add/set rule & section" Management APIs . For example:
|
PRJ-44326, |
Security Management |
NEW: Added a new Management API "mgmt_cli show ha-status". It provides synchronization information for the currently active domain.
|
PRJ-44494, |
Scalable Platforms |
NEW: Added support for the 25Gbps speed on Maestro Orchestrator ports. |
PRJ-45678, |
CloudGuard Network |
NEW: CloudGuard Controller for NSX-T
Note: Importing Virtual Machines can be enabled only using Policy Mode APIs. When enabled, the amount of API requests toward the NSX-T manager increased. |
PRJ-46242, |
Security Management |
UPDATE: A Security Management Server/Domain Management Server can now manage up to 400 Security Gateways / Clusters, allowing concurrent policy installation on all Security Gateways / Clusters at once. |
PRJ-45295, |
Security Management |
UPDATE: Added ability to block policy installation if this policy contradicts another policy installed on the Security Gateway. In this scenario, the "install-policy" Management API command will now fail with "Requested policy X does not match currently installed policy Y on gateway Z. To ignore this warning, set the 'ignore-warnings' flag to 'true'". Refer to sk180792. |
PRJ-45490, |
Security Management |
UPDATE: Significant performance improvement for policy installation when using many layers (up to four times faster). |
PRJ-44502, |
Security Management |
UPDATE: Significantly improved performance during upgrade and import for large Multi-Domain Security Management environments with many administrators (over 20 domains and over 100 global administrators).
|
PRJ-45203, ODU-843 |
Web SmartConsole |
UPDATE: New features and improvements are released in Take 76 via self-updatable package. Refer to sk170314. |
PRJ-45891, |
Security Gateway |
UPDATE: Added a new environment variable "IMPLIED_RULES_SET_BEFORE_LAST". It defines if Multi-Portal implied rules should be matched as "before drop" or "before last". The default value is "0", set to "before drop". When the value is set to "1", implied rules will be matched as "before last". Refer to sk180808. |
PRJ-44774, |
Security Gateway |
UPDATE: The Thread Blocker feature is now disabled by default. Refer to sk180437. |
PRJ-44436, |
ClusterXL |
UPDATE: Improved the fullsync time after reboot in large scale environments. Refer to sk180742. |
PRJ-44952, |
IPS |
UPDATE: Mapping of IPs to country/flag in the Logs & Monitor view > Logs is now automatically updated every day. |
PRJ-35986, |
SSL Inspection |
UPDATE: Major performance improvement in HTTPS Inspection of TLS 1.3. |
PRJ-45462, |
Threat Prevention |
UPDATE: Added Update 18 and Update 19 of Autonomous Threat Prevention Management integration Release. Refer to sk167109. |
PRJ-46941, |
Threat Prevention |
UPDATE: IPS bypass triggers will now be activated based on the average CPU load exceeding the high threshold, as opposed to the previous implementation, where a single CPU load triggered the bypass. The change will result in more effective security measures without unnecessary bypasses. |
PRJ-45472, |
CPView |
UPDATE: First release of CPviewExporter Release Updates. Refer to sk180521. |
PRJ-45465, |
CPView |
UPDATE: First release of CPotelcol (OpenTelemetry Collector) Release Updates. Refer to sk180522. |
PRJ-46916, |
VPN |
UPDATE: Added a global parameter "sim_no_local_ip_check" which allows packets not destined to a local IP address to proceed to Security Association lookup in SecureXL. |
PRJ-47226, |
Gaia OS |
UPDATE: Upgraded OpenSSL from 1.1.1t to 1.1.1u to include the latest security improvements. Refer to sk181427. |
PRJ-47512, |
GaiaOS |
UPDATE: Added notifications about the Expert mode login on Gaia Servers. Refer to sk181230: 1) Gaia sends an audit log to the Management Server / Log Server (SmartConsole > Logs & Monitor). 2) Gaia writes a log message to the /var/log/messages file (for a local login and an SSH login). These Gaia Clish commands are available to work with this feature:
|
PRJ-44761, |
Gaia OS |
UPDATE: Increased the size of the scheduled snapshot database binding, allowing longer paths and passwords to be defined. |
PRJ-32167, |
Scalable Platforms |
UPDATE: Added support for 40G SFP transceiver for SSM160 (BTI40GSRDDQSFP). |
PRJ-45907, |
Scalable Platforms |
UPDATE: Added Take 23 of Check Point Support Data Collector (CPSDC) for Scalable Platforms and Maestro Security Appliances. Refer to sk164414. |
PRJ-44907, |
Scalable Platforms |
UPDATE: Added a new log file - /var/log/pull_config_report.log. It includes the summary of the "pull_config" action when it is performed on a member to indicate the reason for pull_config pnote/failures. |
PRJ-44901, |
Scalable Platforms |
UPDATE: Added a new log file to indicate the reason of member reboots if they are triggered by configuration mismatch - /var/log/configuration_reboot_info.log. |
PRJ-45388, |
HCP |
UPDATE: Added Update 12 of HealthCheck Point (HCP) Release. Refer to sk171436. |
PRJ-41328, |
Security Management |
If the Security Management Server is behind NAT, remote Management API login fails. |
PRJ-43559, |
Security Management |
In rare scenarios, in multi-site environments, Install Policy presets fail with "Timeout during task progress" or "You have reached the maximum number of active sessions". Refer to sk180897. |
PRJ-45158, |
Security Management |
APP_ID may not be initialized when adding a new Check Point application via API, this may cause blocked access to several websites. |
PRJ-45487, |
Security Management |
In rare scenarios, updating or deleting a cluster fails with "Failed to save object xxxx . Server error is: Data required for operation". |
PRJ-42039, |
Security Management |
Editing an object in SmartConsole may fail with "Server error is: Object not found (Code: x08003001D, Could not access file for write operation)". |
PRJ-43568, |
Security Management |
After Full synchronization, SmartConsole login from a Domain Management Server to the Security Management Server that is configured as High Availability may fail. |
PRJ-42422, |
Security Management |
In some scenarios, an upgrade may fail when a Network object Group contains more than 32000 members. |
PRJ-44085, |
Security Management |
Login with SmartConsole to a Security Management Server may fail if using a DNS name instead of an IP address. Refer to sk180514. |
PRJ-43186, |
Security Management |
If a Security Gateway is added to a group after configuring an installation policy preset, the policy may not be installed on that Security Gateway. Refer to sk181461. |
PRJ-42552, |
Security Management |
After restoring a Multi-Domain Security Management Server, High Availability synchronization may fail with "The Security Management Servers contain different Hotfixes". |
PRJ-45873, |
Security Management |
In some scenarios, Access Policy Verification fails but the name of the failed rule is not specified. |
PRJ-43811, |
Security Management |
Login to SmartConsole with a RADIUS administrator from the SmartEvent Server may fail if this Server was upgraded. Refer to sk180584. |
PRJ-42620, |
Security Management |
When using the "Deployment from Local Paths and URLs" option, and inserting a correct path, the client is being deployed through the Management Server and not Locally as it should be deployed. |
PRJ-35494, |
Security Management |
The Data Center object may change the status to "inaccessible/deleted", although the Virtual Machine in Azure was not deleted. |
PRJ-43916, |
Security Management |
In the Object Explorer window in SmartConsole, the IP address column is sorted alphabetically, although it should be sorted in numerical order. |
PRJ-40128, |
Security Management |
When the Access Rule Base contains several hundred rules, the "set-access-rule" Management API command with the "new-position" parameter may take longer than expected or time out after 5 minutes. |
PRJ-46629, |
Security Management |
In the Infinity Services view, the Log Sharing status may not be correct. |
PRJ-44595, |
Security Management |
When adding/setting an access rule, setting certain fields to "Any" or "None" may fail because of case sensitivity. |
PRJ-44591, |
Security Management |
The "show object" command fails when running it on nat-section objects. It returns a "null pointer exception" message, which occurs in calculations related to the overview objects meta-info. |
PRJ-44593, |
Security Management |
In some scenarios, running the "delete-exception-group" Management API command fails if the exception group is automatically attached. |
PRJ-43266, |
Security Management |
When creating several LSM objects (Security Gateways or clusters) via both Management API and SmartConsole, the LSM objects IP addresses may be duplicated. |
PRJ-46131, |
Security Management |
A policy installation task may become stuck when an error occurs in the early installation stage, for example, when trying to install a policy on an unsupported version of Security Gateway. |
PRJ-35765, |
Security Management |
In some scenarios, the "show-packages" Management API command may return empty results when using the "domains-to-process" flag. |
PRJ-45877, |
Security Management |
If an empty Network Group is linked in the source or destination fields of an Access Rule, policy verification may not generate an error. Instead, it may treat the empty group as if there was an "Any" object. |
PRJ-44896, |
Security Management |
Policy installation gets stuck if the known proxy group contains the policy target. |
PRJ-46398, |
Security Management |
In rare scenarios, policy installation fails with "Operation failed, install/uninstall has been improperly terminated". Refer to sk180448. |
PRJ-44995, |
Security Management |
In rare scenarios, login to SmartConsole fails, and opening Security Gateway objects times out. |
PRJ-45654, |
Security Management |
Packet mode search in SmartConsole may show rules that do not match the query if the query contains source, destination, and service. |
PRJ-39775, |
Security Management |
Disabling or enabling rules may not affect the "last-modify-time" field in the output of the "show-access-rule" Management API command. |
PRJ-45054, |
Multi-Domain Security Management |
In rare scenarios, in Multi-Domain multi-site environments, an IPS update on the Multi-Domain Security Management Server remains locked. |
PRJ-43689, |
Multi-Domain Security Management |
Deleting the entire Domain including all its Domain Servers fails, if any of the Domain Servers is used in the Domain's policy. |
PRJ-45060, |
Multi-Domain Security Management |
In large Multi-Domain Security Management environments, login to SmartConsole may fail while High Availability synchronization is running. Refer to sk180858. |
PRJ-46087, |
Multi-Domain Security Management |
A scheduled Install Policy Preset may not have its next run time updated when:
|
PRJ-46104, |
Multi-Domain Security Management |
In some scenarios, the "Uninstall Threat Prevention Policy" window may show "no candidates found for operation", even though there are Security Gateways that have Threat Prevention policy installed and Threat Prevention is disabled in the Security Gateway editor. Refer to sk180983. |
PRJ-40738, |
Multi-Domain Security Management |
Deleting a Domain from SmartConsole fails after a Domain Server was removed and the Domain has no Domain Servers. |
PRJ-44968, |
Multi-Domain Security Management |
In rare scenarios, in Multi-Domain Security Management environments with over 500K network objects, login to SmartConsole fails with "Connection timed out" or "Unable to connect to server" messages. |
PRJ-45068, |
Multi-Domain Security Management |
In rare scenarios, in a Multi-Domain Security Management environment:
|
PRJ-46509, |
SmartConsole |
Data Center objects may not appear as unused objects in the Object Explorer view, although they should. |
PRJ-43598, |
SmartConsole |
Typo in the Compliance report - "OSFP" instead of "OSPF". |
PRJ-41666, |
Logging |
In some scenarios, in the Logs & Monitor view, no results are shown when filtering updatable object names by the "dst_uo_name" field. |
PRJ-39255, |
Logging |
In rare scenarios, many open connections on port 18196 are observed on the Multi-Domain Security Management Server or Multi-Domain Log Security Management Server. |
PRJ-41594, |
Logging |
SmartEvent may generate false Anti-Bot / Anti-Virus related logs which do not contain any information. |
PRJ-45606, |
Logging |
In some scenarios, in the Logs view, the "Destination" field may be missing. The issue is cosmetic only. |
PRJ-46073, |
Logging |
After an upgrade of the Security Management Server, the "cp_log_export show" command may return the "found an ambiguous value" error in the "export_log_position" field. |
PRJ-45417, |
Logging |
Source and destination IP addresses in SmartLog may not be shown correctly for duplicate packets of fragmented traffic. |
PRJ-41281, |
Logging |
In large environments, after policy installation or when loading Real Time Monitor, RTMD CPU consumption may be high for several minutes and the process may exit when 4 GB of memory is reached. |
PRJ-38480, |
Logging |
In specific network configurations, after installing a policy, the target IP address of the Log Server may differ from what was configured. |
PRJ-46053, |
Security Gateway |
The Security Gateway may crash while inspecting non-HTTP traffic. |
PRJ-46340, |
Security Gateway |
In rare scenarios, memory corruption occurs during packet correction requiring fragmentation, this may cause the Security Gateway crash or freeze. |
PRJ-46334, |
Security Gateway |
The Security Gateway may crash after a failure in policy installation. |
PRJ-45496, |
Security Gateway |
On the Security Gateway with Management Data Plane Separation (MDPS) enabled:
|
PRJ-44937, |
Security Gateway |
When Check Point Active Streaming (CPAS) is used, and the Server's MSS is bigger than the client's MSS, packet fragmentation may occur. |
PRJ-38111, |
Security Gateway |
In some scenarios, the Security Gateway may crash. |
PRJ-45803, |
Security Gateway |
Resolved an issue where CPD would consume a large amount of CPU in VSX with a large number of interfaces configured (greater than 1024). Refer to sk181588. |
PRJ-42530, |
Security Gateway |
In some scenarios, while processing H323 traffic, the Security Gateway may unexpectedly restart. |
PRJ-44855, |
Security Gateway |
Web Security parsing error "illegal header format detected: Missing quotation mark" of content-disposition header - that contains a filename* parameter or an unquoted parameter. |
PRJ-45483, |
Security Gateway |
Incorrect bonds may be shown in the Data Plane when using MDPS with the "show bonding groups" command. |
PRJ-47123, |
Security Gateway |
In some scenarios, after an upgrade, the FWD process may unexpectedly exit. |
PRJ-43856, |
Security Gateway |
The FWK process may unexpectedly exit with a core dump file when removing an IPv6 interface on VSX. |
PRJ-44407, |
Security Gateway |
Global tables (ghtab) may not be synchronized between members, this can lead to instability of traffic. |
PRJ-47148, |
Security Gateway |
Enlarging MTU may cause even small packets to be allocated as Jumbo frames. This will impact the performance of SNDs CPUs. |
PRJ-46113, |
Security Gateway |
In rare scenarios, the Security Gateway may drop the traffic after "Rulebase Internal Error" which occurs during policy installation. |
PRJ-33812, |
Security Gateway |
The FWK process may unexpectedly exit while processing the mail flow and generate a core dump. |
PRJ-45955, |
Security Gateway |
When HTTPS Inspection is enabled, website loading in Firefox fails or is slow, after a few seconds, the "NS_ERROR_ABORT" error appears in the network tab of Firefox. Refer to sk180873. |
PRJ-41967, |
Security Gateway |
When adding another loopback interface in an MDPS environment, it is shown in MPLANE and not in DPLANE as expected. |
PRJ-44311, |
Security Gateway |
In rare scenarios, modifying the "fwmultik_temp_conns_enabled" parameter on-the-fly leads to the Security Gateway crash. |
PRJ-46687, |
Security Gateway |
When adding a new connection, the "Smart Connection Reuse" feature may cause errors in fwk.elg and connection drops. |
PRJ-46138, |
Security Gateway |
The "g_tcpdump -mcap" command may not merge traffic capture outputs. Refer to sk181032. |
PRJ-45478, |
Security Gateway |
Security Gateway may crash when running kernel debugs of the "UP" module. |
PRJ-44251, |
Security Gateway |
When setting "cphwd_enable_ecmp = 1" (to route by the source and destination IP address), the Security Gateway may route the traffic to the wrong MAC. |
PRJ-45000, |
Security Gateway |
In a Maestro environment where members are VSXs, connection over SSH or RDP from a host behind Maestro to a peer may be dropped. |
PRJ-45186, |
Security Gateway |
Traffic stops working after a Security Gateway Member recovers from a failure. Refer to sk180705. |
PRJ-42358, |
Security Gateway |
Latency in connection caused by a packet flow change from F2V to F2F. |
PRJ-45397, |
Security Gateway |
Login to Mobile Access Portal when authenticating with SAML may fail with an "Error while processing the request" message. Refer to sk180801. |
PRJ-45449, |
Security Gateway |
When the Security Gateway handles specific HTTP requests, memory failure may occur. CPView registers SMEM failure. |
PRJ-44752, |
Security Gateway |
Policy installation may fail with "Error 2000240" because of an IPv6 flow issue. |
PRJ-41776, |
Threat Prevention |
IoC feed may not load, and the "Feed status cybercrime-tracker_hash_list :: engine memory allocation error. Feed log External IoC - External Indicators processing failed" error is displayed in CLI. |
PRJ-42147, |
Threat Prevention |
Fetching custom intelligence feeds via CLI may fail because of SSL certificate issues. |
PRJ-44570, |
Threat Prevention |
After an upgrade, adding an IoC feed with IP range indicator type may fail with "Feed format problem. Bad or Empty Feed ". |
PRJ-44151, |
Threat Prevention |
In a rare scenario, policy installation may fail because of IoC observables overrides. |
PRJ-44551, PRHF-27765 |
Threat Prevention |
In some scenarios, the FWD process unexpectedly exits, and the Security Group Members state flaps between Active and Down during an Anti-Bot Blade update. |
PRJ-45562, |
Threat Prevention |
In some scenarios, Anti-Virus and Anti-Bot updates on Maestro Security Group Members may fail. |
PRJ-44200, PMTR-89130 |
Threat Prevention |
When IPS Blade is enabled, the Security Gateway may crash. |
PRJ-39347, |
Identity Awareness |
There may be connectivity issues and high CPU spikes on PDP when installing policy. |
PRJ-44316, |
Content Awareness |
When Content Awareness Blade is enabled, there is a limitation of the file size (sk118516). However, when the source object of the Content Awareness rule does not match the current connection, the limitation is not applied on this connection. |
PRJ-45428, |
Application Control |
Some TLS1.3 applications without SNI do not match the rules. |
PRJ-47064, |
Application Control |
When the "Categorize HTTPS Websites" option is enabled and the global parameter "appi_urlf_ssl_cn_use_sni_without_validation" is set to true, a memory leak may occur. |
PRJ-29401, |
Anti-Virus |
The RAD process CPU utilization may be high when Anti-Virus engine processes many reverse DNS queries. |
PRJ-46605, |
Anti-Virus |
The DLPU process may stop working, creating a User Space core dump file on the Security Gateway. Refer to sk181026. |
PRJ-44664, |
Anti-Virus |
Anti-Virus Blade may bypass inspection of URLs with sub-domain portion. |
PRJ-46279, |
Anti-Virus |
Importing a custom intelligence feed containing IP ranges may fail. |
PRJ-47264, |
SSL Inspection |
The fwk.elg file may be flooded with the "mux_hold_opq_free: App has no hold params free function" messages for the TLS_PARSER app because of a memory leak. |
PRJ-45657, |
SSL Inspection |
In a VSX environment, the WSTLSD process run by Virtual Systems may ignore proxy configuration on VS0. |
PRJ-45099 |
Mobile Access |
SSL Network Extender (SNX) may randomly disconnect after an upgrade. Refer to sk173765. |
PRJ-46402, |
Mobile Access |
Sending emails with attachments via Capsule Workspace may fail on iOS. |
PRJ-45194, |
Mobile Access |
In rare scenarios, IOS users are unable to send emails using Capsule Workspace business mail. |
PRJ-46505, |
ClusterXL |
Some IPv6 connections randomly stop passing through ClusterXL in High Availability mode. Refer to sk180969. |
PRJ-41307, |
ClusterXL |
When interfaces disconnect/connect on both members at the same time, it may cause a failover. |
PRJ-42771, |
ClusterXL |
Asymmetric UDP traffic may be dropped with "First Packet isn´t Syn". |
PRJ-45349, PRHF-28275 |
ClusterXL |
After an upgrade, cluster members may frequently crash, causing instability in the environment. |
PRJ-44455, |
ClusterXL |
After several failovers in a cluster, connections may fail to synchronize. This can cause a timeout and the "first packet isn't syn" drops. |
PRJ-44352, |
ClusterXL |
A VRRP cluster member may be stuck in boot after a cluster upgrade. |
PRJ-45300, |
SecureXL |
When running tcpdump on the Multi-Domain Security Server, an "error /bin/cp-tcpdump.sh: line 11: sxlmode: command not found" message is shown. The issue is cosmetic only. |
PRJ-44874, |
SecureXL |
Traffic may be dropped and the FWACCEL core file is generated. |
PRJ-45833, |
Routing |
The ROUTED daemon may unexpectedly exit because of multi-threading issues. |
PRJ-41963, |
Routing |
Routing log messages generated when Standby cluster members reconnect to members in Master state are not clear. |
PRJ-46358, |
Routing |
Routes marked as "stale" may be redistributed via BGP during graceful restart. |
PRJ-45260, |
Routing |
When configuring OSPFv2 graceful restart on ClusterXL, the cluster may get stuck in EXSTART / 2WAY state. |
PRJ-46095, |
Routing |
BGP state gets stuck in Idle state when using BGP ping to one of the peers. |
PRJ-46132, |
Routing |
When two interfaces with the same local address are configured, BGP may use an incorrect interface to reach a peer. |
PRJ-46128, |
Routing |
The ROUTED daemon may unexpectedly exit when aggregating routes with long AS paths. |
PRJ-41960, |
Routing |
In some scenarios, a Security Group Member failover can trigger routes to be lost on other members in the Security Group. |
PRJ-41798, |
Routing |
Configuring OSPFv2 Graceful Restart and passive OSPF interfaces at the same time can cause graceful restart failures. |
PRJ-44924, |
Routing |
When PIM and state refresh are enabled, the state refresh message may not be sent automatically after a failback in ClusterXL HA Primary Up mode. |
PRJ-45379, |
Routing |
A VRRP/VRRP6 interface may go into Master/Master state. |
PRJ-44705, |
Routing |
Multicast receivers send IGMP membership reports, but the outbound interfaces are missing from the routing table. |
PRJ-44709, |
Routing |
An IGMP group with an expiration time of 7101 weeks should be deleted when it reaches 0 seconds, but instead, it may remain at 7101 weeks until a membership report is sent, then it resets to the interval of that interface. |
PRJ-45468, PRHF-28353 |
VPN |
StrongSWAN Remote Access authentication fails when the LDAP lookup type is not the default method. |
PRJ-44829, PRJ-44991, PRJ-46302, PRHF-28849 |
VPN |
|
PRJ-44218, |
VPN |
The "vpn/ike debug ikeon/ikefail" commands may fail when used with the "-s" flag. |
PRJ-45919, |
VPN |
The FWM process may unexpectedly exit at startup because of an incorrect VPN key initiation. |
PRJ-44089, |
VSX |
Values provided by the VSX OID tree: 1.3.6.1.4.1.2620.1.16.22.5.1 may be incorrect. |
PRJ-45401, |
VSX |
Warp interfaces may appear in VS0 and disrupt connectivity when editing a Virtual Switch with a bond and VLANs. |
PRJ-41970, |
VSX |
Increasing the MTU value of a bonded tagged interface may not be possible. Refer to sk179984. |
PRJ-44745, |
VSX |
Virtual System's interfaces may be missing when running the Clish command "show/save configuration". |
PRJ-45005, |
VSX |
A VSX Security Gateway may crash while attempting to collect statistics after running the "cpstop" command. |
PRJ-45145, |
VSX |
Some packets may disappear when using the i40e driver, and VMAC is configured on the cluster. |
PRJ-45863, |
Gaia OS |
Gaia backup may fail, leaving a temporary partition behind. Any new attempt to create a new backup returns an error. |
PRJ-29906, |
Gaia OS |
It may be not possible to enter a snapshot description with more than one word. |
PRJ-33093, |
Gaia OS |
In some scenarios, the output of the "show configuration"/"snapshot-scheduled" command may contain corrupted text. |
PRJ-28434, |
Gaia OS |
Backup on Gaia machine with Threat Emulation Blade enabled fails with "Cannot complete the backup process: not enough space". But the solution of sk166833 does not resolve the issue in a VSX environment. |
PRJ-42779, |
Gaia OS |
Scheduled SCP snapshots to a Windows Server may fail with the "Failed to connect to remote server. Please validate connection". |
PRJ-41909, |
Gaia OS |
Gaia WebUI logs are printed with "info" severity. |
PRJ-44370, |
Gaia OS |
SNMP OIDs for ISP Redundancy status are not refreshed when the ISP link changes the status. |
PRJ-46285, |
Harmony Endpoint |
Non-domain macOS devices are created as a new endpoint on the Endpoint Management when re-installing the device. |
PRJ-46947, |
Harmony Endpoint |
KAV updater on the Server may fail to receive updates when proxy is used. |
PRJ-45540, |
CloudGuard Network |
AWS Data Center mapping fails when an interface subnet is missing from the list of subnets. |
PRJ-32399, |
VoIP |
After an upgrade, VoIP and SIP / H323 traffic may be dropped in the VPN tunnel. Refer to sk179651. |
PRJ-46475, |
VoIP |
SIP traffic may be dropped and "kiss_htab_bl_infra_slink: failed "earlynat_sport_ghtab_bl":3 reason: KISS_HTAB_BL_SLINK_LIMIT_REACHED" is printed in the fwk.elg file. |
PRJ-42263, |
Scalable Platforms |
Excessive "cphwd_get_device_accelerated_ifs: too many interfaces (32,XXX)" messages may log to $FWDIR/log/fwk.elg. Refer to sk180439. |
PRJ-42617, |
Scalable Platforms |
The FW process may unexpectedly exit, producing a core dump file. |
PRJ-32730, |
Scalable Platforms |
When there is a connectivity issue in the cluster, OSPF packets may be sent with delays and cause an outage. |
PRJ-44528, |
Scalable Platforms |
License is not copied from SMO to all other members if other members are in Down state. |
PRJ-36345, |
Scalable Platforms |
Redundant reboot occurs after installing R81/R81.10 Jumbo Hotfix Accumulator for the first time after a major version installation/upgrade. Refer to sk177765. |
PRJ-44587, |
Scalable Platforms |
The "orch_info" command may freeze, when running it on Maestro Orchestrator. |
PRJ-41249, |
Scalable Platforms |
Trying to power off the MHO in CLI may lead to a reboot. |
PRJ-45480, |
Scalable Platforms |
Querying the HW status via SNMP (OIDs .1.3.6.1.4.1.2620.1.6.7.*) or via the "cpstat os -f sensors" command may fail on Maestro Orchestrator. |
PRJ-45301, |
Scalable Platforms |
In rare scenarios, the Single Management Object (SMO) may go to Down state after clicking a packet capture link in the IPS log in SmartConsole. |
PRJ-42785, |
Scalable Platforms |
Members may stay in Down state after reboot/Jumbo Hotfix installation with pull_config pnote when pulling registry from SMO: "Pull registry failed" error in the $FWDIR/log/Blade_config log file. |
PRJ-43815, |
Scalable Platforms |
CPUSE may suggest to install Maestro incompatible packages. |
PRJ-46968 |
Scalable Platforms |
On Maestro, when MDPS (Management Data Plane Separation) is enabled, and the license corresponds to an IP address different from the management interface's IP address (such as the sync IP), policy installation may fail because of a license mismatch. |
PRJ-47053, |
Scalable Platforms |
MHO reports logs may not be rotated. |
PRJ-44287, |
Scalable Platforms |
The "set/show trace" command may fail in gClish. |
PRJ-45885, |
Scalable Platforms |
In VSLS mode, SNMP traffic may incorrectly be forwarded to SMO instead of DR manager of the corresponding Virtual System. |
PRJ-46645, |
Carrier Security |
Incorrect parsing of GTP-U traffic may cause anti-spoofing drops. |
PRJ-43224, |
Carrier Security |
Security Gateway drops GTP Echo Response traffic with the reason "Wrong Destination Port". See sk181507. |
PRJ-43220, |
Carrier Security |
Security Gateway drops GTP traffic with the reason "Static IP not allowed". See sk181506. |
PRJ-46676, PRJ-46679, |
Carrier Security |
After an upgrade, GTP traffic and memory issues may occur. |
PRJ-46673, |
Carrier Security |
Packet corruption, leading to traffic and performance issues. |
PRJ-44602, |
Carrier Security |
Stack buffer overflow may occur in the FWGTP process. |