R81.10 Jumbo Hotfix Take 14

 

Note - This Take contains all fixes from all earlier Takes.

ID

Product

Description

Take 14

Released on 22 November 2021

PRJ-30364,
PRHF-30702

Security Management

UPDATE: Added new flags for Management API commands "add/set simple-gateway" and "add/set simple-cluster":

  • "nat-hide-internal-interfaces" and "nat-settings" for NAT configuration
  • "fetch-policy" for Fetch Policy configuration
  • "advanced-settings.sam" for SAM configuration
  • "advanced-settings.connection-persistence" for Connection Persistence configuration.

PRJ-29235,
TPM-2843

Security Management

UPDATE: Added a new flag to the Threat Prevention "show-protections" API command ("show-capture-packets-and-track") that allows not to return capture-packets and track information.

PRJ-32347,
PMTR-74618

Security Management

Network objects groups with more than 101 members may not be enforced correctly on the Security Gateway. The Security Gateway will only match 101 members of the group. Refer to sk176065.

PRJ-30055,
PRHF-18928

Security Management

In rare scenarios, the FWM process may unexpectedly exit and fail to start, creating core dumps in the /var/log/dump/usermode directory. Refer to sk175007.

PRJ-29189,
PRHF-18470

Security Management

In a rare scenario, High Availability full synchronization may fail due to a large number of records.

PRJ-29100,
PRHF-18749

Security Management

In some scenarios, it is possible to disable a parent rule for the Domain Policy.

PRJ-29005,
PRHF-18817

Security Management

In some scenarios, publish operation fails with the "Object with uid=<RandomCharacters> was updated in the database but its dleConvertedObject wasn't found" error. Refer to sk174703.

PRJ-29306,
PMTR-72376

Security Management

In environments with a large number of objects, licenses for cluster members in the Licenses tab may not be displayed.

PRJ-28650,
PRHF-18202

Security Management

In some scenarios, when using a VPN community, the status of the Global Domain Assignment may change to "not up to date", although no changes were made in the Global Domain.

PRJ-28479,
PRHF-18549

Security Management

In a rare scenario, when Identity Awareness Blade is enabled, policy verification on an LSM Profile may fail.

PRJ-28537,
PRHF-18063

Security Management

In rare scenarios, Global Policy Assignment may fail with the "class name not found for object" error.

PRJ-28897,
PRHF-18677

Security Management

If there are no explicit rules in one or more policy layers, policy verification may fail with the "No active rules found in the Security Policy" error.

PRJ-28786,
PRHF-18557

Security Management

In some scenarios, "show-mdss" and "show-domains" Management API commands take a significant amount of time to complete or time out after 5 minutes.

PRJ-28778,
PRHF-11027

Security Management

The "show-global-assignment" command returns the default limit when the limit request is greater than the default limit.

PRJ-28002,
PRHF-18245

Security Management

If Brute Force Password Guessing Protection is set to the value of more than 25 seconds, login to SmartConsole fails.

  • Requires R81.10 SmartConsole Build 402 (or higher).

PRJ-27500,
PRHF-16657

Security Management

Policy installation to multiple Gateways from Install Policy Presets may fail if each policy has its own HTTPS Inspection policy.

PRJ-27501,
PRHF-17230

Security Management

In rare scenarios during system startup, a cleanup operation may cause high CPU on multiple Postgres processes and prevent login to SmartConsole. Refer to sk175189.

PRJ-27503,
PRHF-17558

Security Management

In rare scenarios, Global Domain Assignment and Domain Creation tasks may continue to run indefinitely.

PRJ-28571,
PRHF-18422

Security Management

In some scenarios, the Purge Revisions operation fails with the "An error has occurred while performing revisions purge operation, Incident ID - xxxxx-xxxxxxx-xxxxx-xxxxx" message. Refer to sk174645.

PRJ-28300,
PRHF-18362

Security Management

In rare scenarios, High Availability on the Global Domain may fail to synchronize the Multi-Domain Log Server if IPS protection was added or removed in the Threat Prevention rulebase.

PRJ-28294,
PRHF-18210

Security Management

In rare scenarios, High Availability incremental synchronization may fail with a wrong status message.

PRJ-28089,
PMTR-70942

Security Management

In some scenarios, the Administrators view may not filter Domain names according to the permission profile of the connected administrator.

PRJ-28158,
PRHF-17926

Security Management

In rare scenarios, if Domain migration fails, the operation may not revert fully and leave some remnants in the database of the Management Server.

PRJ-29159,
PRHF-18883

Security Management

Scheduled IPS updates data may not be shown in the IPS update report.

PRJ-29899,
PRHF-18828

Security Management

In some scenarios, login to a Domain from the System Domain dashboard may fail with "Failed to connect to server".
Refer to sk174910.

PRJ-30047,
PMTR-72849

Security Management

The Management API command "show-sessions" may return sessions that were purged and no longer exist in the Management database.

PRJ-29518,
PMTR-72306

Security Management

In rare scenarios, when installing a policy immediately after publishing a session, the installation is not accelerated.

PRJ-29790,
PRHF-17037

Security Management

In rare scenarios, login to Multi-Domain Management fails with the "No Valid Domains were found for [username]" error. Refer to sk175005.

PRJ-30031,
PRHF-15460

Security Management

In some scenarios, applying the "Where used" action may show incorrect data when an object exists more than once in an Inline Layer.

PRJ-29969,
PRHF-19308

Security Management

In some scenarios, simultaneous policy installation on multiple Gateways may fail if there is at least one Gateway on R77.X and one Gateway on R80.X.

PRJ-29470,
PRHF-19006

Security Management

In some scenarios, an API query to VRRP cluster for "show simple-cluster name <name>" returns an incorrect cluster type. Refer to sk174866.

PRJ-29791,
PMTR-73142

Security Management

When initiating the Secure Internal Communication (SIC) for LSM objects using management API:

  • When using the LSM API commands for a large batch of devices, failures with an "Establish SIC failed. Reset SIC on gateway and try again." message may occur. When trying to re-initiate the SIC for a specific device, the SIC is successfully created.
  • In Multi-Domain Server (MDS) environments, the SIC certificate is created at the Global level instead of the Domain level.

PRJ-30020,
PMTR-72786

Security Management

In rare scenarios, the "set-group" API command may return the "generic_err_invalid_parameter" error.

PRJ-27765,
PRHF-17484

Security Management

The Management API commands "import-smart-task" and "export-smart-task" are enabled at the System Domain level, although Smart Tasks are only supported at the Local Domain level.

PRJ-29200,
PRHF-18782

Security Management

After an upgrade from R77.x. in a multi-site environment, High Availability full synchronization may fail with an "NGM failed to load data" message.

PRJ-30101,
PRHF-19248

Security Management

In rare scenarios, a Multi-Domain administrator's profile may be changed after deleting a Domain if the administrator had custom permissions for it.

PRJ-31536,
PRHF-20007

Multi-Domain Management

High Availability synchronization status in the Global Domain may show "Unknown" for some Multi-Domain Log Modules (MLM) in environments with more than 6 MDS's/MLM's.

PRJ-29312,
PRHF-18767

SmartConsole

The Compliance "Security Best Practices" report for the Anti-Bot practice contains unrelated objects starting with "AB_". Refer to sk174911.

PRJ-29805

Web SmartConsole

Added enhancements for Task Manager and policy installation. Refer to Take 48 in sk170314.

PRJ-30371,
PRJ-30370

CPInfo

UPDATE: Added CPInfo Build 914000219. Refer to sk92739.

PRJ-29826,
PMTR-72671

SmartView

UPDATE: In SmartView, new MITRE ATT&CK techniques were added to the heatmap view.

PRJ-31152,
SL-5634

Logging

NEW: SmartEvent can now skip indexing of firewall session logs to reduce load on the Log Server device. The feature is disabled by default. To enable it, see Issue #4 in sk150452.

PRJ-28084,
PRHF-18157

Logging

The CPSEMD process on SmartEvent Server may unexpectedly exit when trying to send two automatic reactions simultaneously for the same event.

PRJ-27883,
PRHF-17285

Logging

In rare scenarios, Management object changes may not be reflected in the Logs view. When the issue occurs, the CPM process may also consume a high CPU.

PRJ-28342,
PMTR-69859

Logging

In some scenarios, Log Exporter configured to export in TLS, cannot authenticate a certificate from an external certificate authority.

PRJ-29031,
PRHF-17596

Logging

In rare scenarios, SmartEvent may show no results or partial results in the Audit Log report.

PRJ-25441,
PRHF-17184

Logging

On a Management Server, with SmartEvent enabled and many networks configured in the database, login to SmartConsole may fail with an "Error: the operation timeout" message, and the FWM process is running with a high CPU. Refer to sk167239.

PRJ-29577,
PRHF-15052

Security Gateway

NEW: Added a new kernel parameter "up_disable_early_drop_optimization_for_reject" to disable "Early Drop Optimization" for reject rules. The parameter is enabled by default.

PRJ-29444,
PMTR-72448

Security Gateway

UPDATE: The default value for the kiss_kthread_allow_resched kernel parameter is changed to 1. Refer to sk170560.

PRJ-28854,
PRHF-18624

Security Gateway

UPDATE: Added DNS Passive Learning support for DNS responses containing the Domain name in uppercase letters.

PRJ-31371,
PRHF-19693

Security Gateway

Improved the handling of a large number of sessions per single HTTP/S connection.

PRJ-29131,
PRHF-18716

Security Gateway

In rare scenarios, policy installation may fail with an "Operation failed, install/uninstall has been improperly terminated "message.

PRJ-30205,
PMTR-72814

Security Gateway

In some scenarios, NATed VPN traffic may be routed out through the wrong interface. Refer to sk176785.

PRJ-29528,
PRHF-18984

Security Gateway

In a very rare scenario, the ICAP Server may crash with a core dump file generated.

PRJ-29506,
PRHF-18863

Security Gateway

In some scenarios, using automatic Network Static NAT/Address range objects may cause connectivity issues.

PRJ-29421,
PMTR-71855

Security Gateway

In a rare scenario, policy installation on the Security Gateway may fail with an "Error code: 0-2000108" message. Refer to sk170673.

PRJ-29223,
PRHF-17436

Security Gateway

In some scenarios, the WSDNSD process may unexpectedly exit and create a core file. Refer to sk173627.

PRJ-29080,
PRHF-17872

Security Gateway

In rare scenarios, a duplicate entry may appear in the /etc/cpshell/log_rotation.conf file. This issue is only cosmetic.

PRJ-29089,
PRHF-13493

Security Gateway

In some scenarios, the CPD process may consume a high CPU because of the memory leak in FDT (File Download Tool).

PRJ-29095,
PRHF-18786

Security Gateway

In rare scenarios, policy installation fails with "Segmentation fault" and "Error compiling IPv4 flavor" messages.

PRJ-27652,
PMTR-70634

Security Gateway

Negative values may appear in the output of the "fw tab -t connections -s" command and under the NAT section.

PRJ-28811,
PRHF-18657

Security Gateway

Added cosmetic fixes of the cpwd_admin list command output.

PRJ-28412,
PRHF-17942

Security Gateway

In some scenarios, the ROUTED process may unexpectedly exit.

PRJ-28105,
PRHF-18024

Security Gateway

In a rare scenario, a memory leak may occur on the Security Gateway.

PRJ-27561,
PRHF-17949

Security Gateway

In some scenarios, configuring an un-numbered virtual interface may cause ARP requests to stay not answered by the interface. Refer to sk174188.

PRJ-29140,
PRHF-18403

Security Gateway

The cpsicdemux process may unexpectedly exit, causing the Secure Internal Communication (SIC) connection to fail.

PRJ-30014,
PMTR-68272

Security Gateway

In a rare scenario, CPView may show incorrect SecureXL statistics per VS.

PRJ-28874,
PRHF-18560

Security Gateway

In a rare scenario, when using ICAP client, Security Gateway may crash.

PRJ-28555,
PMTR-71632

Security Gateway

Capsule Workspace end users may fail to authenticate to their Exchange mail Server via Mobile Access SSO when authenticated with Kerberos, and the end users belong to many user groups or user groups with very long names.

PRJ-29744,
PMTR-72615

Security Gateway

In a rare scenario, due to TCP connection reuse, a TCP connection may not be initiated. Refer to sk11088.

PRJ-30216,
MPTT-4834

Security Gateway

In some scenarios, policy installation may take longer or fail when GEO Updatable Objects are used in the policy.

PRJ-30149,
PRHF-17386

Security Gateway

There is no option to enable hyperthreading via cpconfig.

PRJ-30252,
PMTR-70219

Security Gateway

Added a translation of the error exit code of cprid_util in $CPDIR/log/cprid_util.elg debug log.

PRJ-29589,
PRHF-19049

Security Gateway

In a rare scenario, Security Gateway may crash.

PRJ-27165,
PRHF-17760

Security Gateway

In a rare scenario, traffic outage may occur. It is caused by a memory leak related to delayed logs.

PRJ-28681,
AVIR-1444

Threat Prevention

UPDATE: Added the option to remove proxy usage in IoC_feeds tool.

PRJ-28521,
TPP-1291

Threat Prevention

In rare scenarios, the Security Gateway may crash when the TCP connection is unexpectedly closed.

PRJ-28765,
PMTR-71415

Threat Prevention

In some scenarios, when using OpenSSH 8.2 Server, file download fails after starting the transfer.

PRJ-28975,
PRJ-28939

Threat Prevention

Improved telemetry for Infinity Vision SOC.

PRJ-27437,
PRJ-28137

Threat Extraction

In some scenarios, the "fw_send_kmsg: No buffer for tsid 44" error is printed in dmesg.

PRJ-27436,
PRJ-32354,
PRJ-32353,
PMTR-67604

Identity Awareness

NEW: Added automatic mechanism to exclude service accounts on PDP Gateway to improve both PDP performance and functionality. The default threshold value for Identity Collector Service Accounts exclusion is 100. Refer to sk174266.

PRJ-29404,
IDA-4087

Identity Awareness

Improved the Identity Server (PDP) performance for publishing new network on Identity Sharing with SmartPull.

PRJ-27477,
PRHF-18015

Identity Awareness

When using sk167118, the user may fail to authenticate if the "Ask user for password" checkbox is enabled.

PRJ-28129,
PMTR-69981

Identity Awareness

In some scenarios, the "Browser Transparent Single Sign-On" portal may not use the certificate associated with the IP address resolved from the portal's main URL. Refer to sk174869.

PRJ-27942,
IDA-4112

Identity Awareness

In some scenarios, users may not be able to reach Identity Gateway (PEP). Refer to sk174105.

PRJ-29615,
PRHF-18943

Identity Awareness

In a rare scenario, some IPv6 sessions may get deleted due to incorrect update of Identity Gateway (PEP) kernel tables.

PRJ-28117,
PRHF-17768

Application Control

UPDATE: Improved matching of URLs for custom applications.

PRJ-29308,
PMTR-72312

URL Filtering

In some scenarios, HTTPS connections to servers with untrusted certificates are held and not resumed (page cannot load).

PRJ-28637,
PMTR-65461

IPS

Proxy source IP address is not printed in the IPS logs.

PRJ-28246,
PRHF-18338

IPS

In some scenarios, HTTP Parser in the CPView statistics may show incorrect values for connections with more than 50 sessions.

PRJ-27960,
PRHF-18158

IPS

In some scenarios for HTTP, Gateway closes a connection from the Server side, but the user side may remain open.

PRJ-29942,
PRHF-18992

IPS

In rare scenarios, if IPS Geolocation is enabled, the Security Gateway may crash.

PRJ-28740,
PRHF-17049

IPS

In some scenarios, the destination IP is missing from the IPS logs. Refer to sk174588.

PRJ-32498,
PRJ-32415

IPS

In some scenarios, when IPS Automatic update is enabled, a memory leak may occur in the FWD process.

PRJ-31761,
PMTR-73790

IPS

Improved the handling of decoded HTTP/S traffic.

PRJ-29193,
TPP-1157

Anti-Bot

UPDATE: Improved the performance of Anti-Bot URL Reputation.

PRJ-29477,
PMTR-72234

SSL Inspection

In some scenarios, a memory leak may occur when creating ECDHE keys.

PRJ-31203,
PMTR-73538

SSL Inspection

If TLS 1.3 is enabled, using imported ECDSA certificates for HTTPS Inspection may cause the Security Gateway to crash.

PRJ-31150,
PMTR-72409

SSL Inspection

A memory leak, related to TLS probing, may occur in the WSTLSD process.

PRJ-31151,
PMTR-72136

SSL Inspection

In some scenarios, the WSTLSD process may unexpectedly close, or a memory leak may occur.

PRJ-30461,
PRHF-19516

SSL Inspection

In rare scenarios, HTTPS connections may hang indefinitely during the TLS handshake, causing timeout.

PRJ-30702,
PMTR-72756

SSL Inspection,
VPN

A memory leak in HTTPS Inspection and HTTPS portals may occur when using ECDHE ciphers.

PRJ-28259,
PRHF-16057

Mobile Access

In a rare scenario, the VPND process may unexpectedly exit causing user disconnections from Checkpoint Mobile client.

PRJ-28069,
VPNRA-761

Mobile Access

In rare scenarios, when SNX client is used with Application mode on the Mobile Access Blade, the VPND process may unexpectedly exit.

PRJ-29276,
PRJ-29270,
PRJ-29263,
PRHF-3700,
PRHF-3742,
PRHF-3784

Mobile Access

In some scenarios, a memory leak may occur in the CVPND process.

PRJ-30383,
PRHF-19273

ClusterXL

In a rare scenario, after an upgrade and reboot, a Standby member is set to down with a FULLSYNC PNOTE and cannot synchronize.

PRJ-28285,
PMTR-71419

ClusterXL

Scalable Platform Gateway may drop traffic as "Out of State" when static NAT is configured for the destination IP Address. Refer to sk174234.

PRJ-31796,
MBS-14715

ClusterXL

In some scenarios, during an upgrade to R81.10SP, a failover fails with a crash.

PRJ-27229,
PMTR-70242

SecureXL

TCP packets may be dropped as "TCP out of state" although following sk11088.

PRJ-27227,
PRHF-17734

SecureXL

Invalid VLAN traffic may cause repeated "deliver_list is empty!!!" error messages in the /var/log/messages file.

PRJ-28287,
PRJ-28054

SecureXL

In a rare scenario, DoS/Rate Limiting when using rules with country codes (CC) or autonomous system numbers (ASN) may not update Geo IP files correctly.

PRJ-29498,
ROUT-1745

Routing

BGP sessions may unexpectedly close because of unrecognized AFI/SAFI pairs in multiprotocol capability advertisements from a peer.

PRJ-28959,
PRHF-17739

Routing

The ROUTED process may unexpectedly exit.

PRJ-29321,
ROUT-1721

Routing

AS path loops may occur, although BGP multihop is configured.

PRJ-29894,
PRHF-19268

Routing

In some scenarios, when BootP is configured, during policy installation, the Security Gateway may become unresponsive and the ROUTED process may crash.

PRJ-31128,
PMTR-73496

Routing

In rare cases, if Graceful Restart is not configured on the BGP peer, BGP routes may be lost near the Graceful Restart ending.

PRJ-28173,
PMTR-71425

VPN

NEW: Added StrongSwan clients counter to the VPN TU Tool.

PRJ-27857,
PMTR-71136

VPN

When deleting an entry from m_ht hash table, a memory leak may occur.

PRJ-28028,
PMTR-71319

VPN

When StrongSwan client connecting with a RADIUS user, it may not receive an Office Mode IP address.

PRJ-28514,
PRHF-18408

VPN

In some scenarios, a memory leak may occur on the Security Gateway.

PRJ-28507,
PRHF-18400

VPN

A memory leak may occur in the VPND process.

PRJ-28076,
PRHF-18369

VPN

A Remote Access client fails to login when a DN record length is bigger than 256. Refer to sk174249.

PRJ-28576,
PRHF-17880

VPN

In some scenarios, Server connections to Remote Access L2TP clients may be unstable.

PRJ-29298,
PMTR-72019

VPN

Added VPN IKEv2 improvements.

PRJ-28754,
VPNS2S-2506

VPN

Added IKEv2 improvement for DAIP peer.

PRJ-29284,
PRHF-18818

VPN

In rare scenarios, re-configuring a trusted CA bundle may cause a memory leak in the VPND process.

PRJ-28773,
PMTR-71850

VPN

In some scenarios, in High Availability clusters with enabled CoreXL, SSL clients cannot connect to the Security Gateway because of incorrect license calculation.

PRJ-28266,
PRHF-18295

VPN

A memory leak may occur when clearing the CRL cache file.

PRJ-29484,
PMTR-72463

VPN

A memory leak may occur in the VPND process in IKEv2 Site to Site VPN.

PRJ-28557,
PMTR-20176

VPN

In some scenarios, when sending the SCV drop log, a memory leak may occur.

PRJ-30971,
VPNS2S-2692

VPN

In a rare scenario, a memory leak may occur in the IKED process.

PRJ-29533,
PRHF-18564

VPN

RIM script is not invoked for DAIP peer with Dead Peer Detection (DPD) permanent tunnels in passive mode.

PRJ-31109,
PRJ-31116,
PMTR-73487,
PMTR-73488

VPN

In some scenarios, a memory leak may occur in the VPND process.

PRJ-31149,
PMTR-73511

VPN

In some scenarios, a memory leak may occur when using the SSL Network Extender (SNX) client to create a site.

PRJ-30870,
PRHF-19755

VPN

A memory leak may occur in the VPND process.

PRJ-29554,
PRHF-18753

VSX

After reboot, the VS's clish static arps configurations exist, but the static arps may be missing.

PRJ-28180,
PMTR-71418

VSX

In a rare scenario, the "asg perf" command may take up to 90 seconds to update the data. The information may differ from CPView results.

PRJ-28143,
PMTR-71406

VSX

In some scenarios, running the "asg perf" command with -vv flag fails.

PRJ-30277,
PMTR-72997

Gaia OS

UPDATE: Upgraded OpenSSL to 1.1.1L. Merged the CVE-2021-3711 and CVE-2021-3712 fixes.

PRJ-27697,
PRHF-17721

Gaia OS

When a non-TACACS user logs out from WebUI, there is a "Cannot get pid" error message in the /var/log/messages file.

PRJ-28414,
PRHF-17216

Gaia OS

After 248 days of up time, the VMSS Gateway sends a Cold restart alert reboot, but the VMSS does not reboot. Refer to sk173413.

PRJ-27614,
PRJ-27612

Gaia OS

If NTPD service is configured in MDPS settings, the NTPD error logs appear in var/log/messages after a reboot.

PRJ-26999,
PRHF-17900

Gaia OS

Setting hashed SHA256/SHA512 expert password may fail with an error message: "set password-controls password-hash-type <password_hased> GAIA9999 Invalid Salted Hash". Refer to sk176703.

PRJ-28798,
PRHF-18683

Gaia OS

In a rare scenario, a memory leak may occur in the monitord process.

PRJ-26456,
GAIA-8922

Gaia OS

The Link Layer Discovery Protocol (LLDP) sends the hostname with a dot when the Domain name is empty.

PRJ-29179,
PRHF-17857

Harmony Endpoint

Remote installation push operation "Deployed new Endpoints" does not work on Servers on premises because of self-signed certificates.

PRJ-29974,
PRHF-16925

Harmony Endpoint

In some scenarios, a query which counts host_ckp objects may return more results than expected. It leads to a memory leak with the "Out Of Memory" error.

PRJ-31101,
PRHF-16439

Harmony Endpoint

Restoring a UEPM Server backup via the Web Gaia Portal may not work on a new Server where the UEPM Blade is not activated.

PRJ-29860,
PRHF-17602

Harmony Endpoint

UPDATE: In SmartEndpoint, besides FDE Remote Help, Bitlocker Management Recovery is now available for administrators with limited rights.

PRJ-30516,
PMTR-73094

Harmony Endpoint

In the Smart Endpoint tabs, the Server may generate reports where users have long names starting with "ntdomain://".

PRJ-29514,
VSECC-1418

CloudGuard Network

NEW: In Amazon Web Services (AWS):

  • Added Load Balancers tags. The tags can now be viewed in SmartConsole and added to the rulebase.
  • Added support for IMDSv2

To enable the feature:

  1. Edit the $FWDIR/conf/vsec.conf file on the Management Server and add the line: aws.enableLoadBalancersTags=true

  2. From SSH run: vsec stop;vsec start

Note: This feature requires adding DescribeTags and DescribeLoadBalancers permissions to the AWS Data Centers accounts.

NEW: In Azure:

  • Added Application Security Groups
  • Added Private Endpoints

To enable the feature:

  1. Edit the $FWDIR/conf/vsec.conf file on the Management Server and add the line: azure.enableAsgAndPep=true

  2. From SSH run: vsec stop;vsec start

Note: This feature requires adding permissions to list Application Security Groups and Private Endpoints.

 

NEW: In AWS, Azure and Google Cloud Platform (GCP):

Added support for API calls with HTTP response with reason-code only (without reason-phrase).

 

PRJ-29652,
PRHF-17648

CloudGuard Network

Amazon Web Services (AWS) Data Center scan may fail and no updates are sent to the Security Gateway.

PRJ-29623,
PRJ-28171,
PMTR-60092

CloudGuard Network

In some scenarios, when there are Data Center objects in Access Policy Rule Base, policy verification may fail although policy installation succeeds.

PRJ-32479

Scalable Platforms

UPDATE: Added support for Bridge Mode in Maestro Security Group.

PRJ-32689

Scalable Platforms

UPDATE: Added support for Maestro Hyperscale Orchestrator MHO-175.

PRJ-27336,
PMTR-70850

Scalable Platforms

Added a cosmetic fix in asgPeaksTable.

PRJ-29981,
MBS-12054

Scalable Platforms

The outage may occur when configuring OSPF over VPN/VTI interface because of missing cluster IP address for VPN/VTI interface.

PRJ-27625,
MBS-14079

Scalable Platforms

In rare scenarios, when running the "snmpwalk" command, multiple irrelevant error logs may appear in /var/log/messages.

PRJ-27512,
PRHF-17895

Scalable Platforms

In a rare scenario, a memory leak that requires constant reboots may occur.

PRJ-29153,
PMTR-71771

Scalable platforms

In some scenarios, Maestro Orchestrator SDK may stop responding until restarting the Orchestrator service.

PRJ-30025,
MBS-13662

Scalable platforms

When rebooting a member from the standby site, it may send GARP when booting and cause a connectivity issue. Refer to sk176523.

PRJ-30286

Scalable platforms

Packet drop may occur after Maestro Orchestrator reboot.

PRJ-27157,
PMTR-70678

Scalable Platforms

After adding a new user via WebUI, asg_diag may fail on configuration test (config_verify -v) due to inconsistent value in the database. The issue is only cosmetic.

PRJ-29516,
PMTR-72141

Scalable Platforms

After setting a specific range of Blades in gclish, some commands may fail.

PRJ-30023,
ODU-181

HCP

Added Update 5 of HealthCheck Point (HCP) Release. Refer to sk171436.