R81.10 Jumbo Hotfix Take 170

Note - This Take contains all fixes from all earlier Takes.

ID	Product	Description
Take 170 Released on 7 October 2024 and declared as Recommended on 4 November 2024
Take 170 - New Functionality
PRJ-55546, PMTR-104635	SmartProvisioning	NEW: Added a new "show-statuses" boolean parameter to the "show lsm-gateway" and "show lsm-cluster" Management API commands. When set to "true", this parameter displays the Security Policy and Provisioning Settings statuses for the LSM Security Gateway or Cluster.
Take 170 - Improvements and Resolved Issues
PRJ-56467, PMTR-107058	Gaia OS	UPDATE: Resolved CVE-2024-3596 - Blast-RADIUS attacks. Refer to sk182516 > Login to Gaia Portal.
PRJ-54682, PMTR-104266	Mobile Access	UPDATE: Resolved CVE-2024-31497. The Putty version used in the Mobile Access Portal Embedded SSL Network Extender application is upgraded from version 0.80 to version 0.81.
PRJ-54419, PRHF-33584	Security Management	UPDATE: Policy installation duration with hundreds of layers is improved by approximately 30%.
PRJ-54498, PRHF-33612	Security Gateway	UPDATE: Optimized the Generic Data Center JSON file processing on the Security Gateways to improve performance when handling large numbers of IP ranges.
PRJ-47654, PRHF-29103	Security Gateway	UPDATE: Added ability to increase/decrease DNS cache table size.
PRJ-51070, PRHF-30910	Logging	UPDATE: Port 8211 now accepts connections with the cipher ECDHE_RSA_AES_256_GCM_SHA384.
PRJ-55746, PMTR-104855	Threat Prevention	UPDATE: Added the "trackSettings.forensics" parameter to the "threat-rule" Management API command to enable and disable the "forensics" option in the "Track" column. Syntax example: "mgmt_cli add threat-rule layer 'Standard Threat Prevention' position 1 track-settings.forensics false -r true".
PRJ-54137, PMTR-103001	SSL Inspection	UPDATE: Added a log for connections rejected because of short Server certificate public key size (RSA 1024 bits or less, ECDSA 256 bits or less). Refer to sk182224.
PRJ-56219, PMTR-98920	Scalable Platforms	UPDATE: Added support for 28 Security Group Members in a Maestro Security Group (Single Site deployment) that runs SecureXL in the Kernel Mode (KPPAK). Refer to sk182803.
PRJ-56680, PRJ-57026, PRJ-57262, ODU-2035, ODU-2019, ODU-1955	Automatic Updates - Web SmartConsole	UPDATE: New features and improvements are released in Take 118 , Take 119, Take 120 via self-updatable package. Refer to sk170314.
PRJ-57326, ODU-1979	Automatic Updates - HCP	UPDATE: Added Update 19 of HealthCheck Point (HCP) Release. Refer to sk171436.
PRJ-56211, PRHF-35143	Security Management	The database size on the Secondary Management Server increases if dbedit is used without making or saving any changes. Refer to sk182519.
PRJ-57032, PRHF-30884	Security Management	Log queries fail with the error "Problems have occurred during search" when Domain migration is in progress. This occurs specifically during the execution of "export-management" or "import-management" Management API commands.
PRJ-55928, PRHF-34912	Security Management	The Revisions Purge process may stall if initiated after restarting the Security Management Server or Multi-Domain Security Management Server because of remnants of a previously interrupted Revisions Purge operation.
PRJ-55334, PRHF-33993	Security Management	In rare scenarios, login to SmartView web application using the Domain IP address or Domain name fails.
PRJ-55933, PRHF-34584	Security Management	In rare scenarios, login to SmartConsole fails with a timeout.
PRJ-55906, PRHF-34904	Security Management	In rare scenarios, revert to a Database Revision may get stuck on 60% and eventually fail.
PRJ-55443, PRHF-34146	Security Management	Accelerated Policy installation may get stuck with the "Policy installation (queued)" status.
PRJ-55797, PRHF-34671	Security Management	SmartConsole may close during login because of repeated attempts to discard a non-existent work session.
PRJ-55331, PRHF-34049	Security Management	If the $FWDIR/conf/fwm.adtlog file is not valid, the FWM process leaves unused file descriptors, which may affect the Security Management Server performance.
PRJ-55446, PRHF-33832	Security Management	If any single Data Center fails to register, the registration of all Data Center assets to the Security Management Server also fails.
PRJ-56002, PRHF-34871	Security Management	In rare scenarios, the FWM process on the Security Management Server may unexpectedly exit, creating a core dump file.
PRJ-56152, PRHF-35121	Security Management	In rare scenarios, the Revisions tab in SmartConsole shows "Error retrieving results".
PRJ-54733, PRHF-33948	Security Management	In rare scenarios, the CPD process may unexpectedly exit and create a core dump file.
PRJ-52057, PRHF-31798	Security Management	In a Management High Availability environment, the Standby Security Management Server may not update the "Installation date" during policy installation on Security Gateways/Clusters.
PRJ-54506, PMTR-102800	Multi-Domain Security Management	Global Domain Assignment may fail with "Internal Error", if the assigned Domain is currently Active on a different Multi-Domain Security Management Server.
PRJ-50780, PRHF-31148	Multi-Domain Security Management	In a Multi-Domain Security Management environment, there may be synchronization timeout errors, and automatic revisions purge may fail.
PRJ-42134, PRHF-25935	CPView	In a rare scenario, when running the CPView utility, the Security Gateway may crash.
PRJ-48771, PRHF-30060	Logging	The "show logs" Management API command may show partial information for the fields with multiple values.
PRJ-53218, PRHF-32587	Logging	When adding a table widget to a SmartView report: The "Missed Malware Activity" and "Spyware Action" fields may not be possible to pick. The "Malware Action" filter may appear twice in the picker. Refer to sk182049.
PRJ-50616, PRHF-29955	Logging	The FWD process may exit and cause issues with opening packet capture files on remote members.
PRJ-54063, PMTR-102780	Logging	In rare scenarios, the CPSEMD process on the SmartEvent Server may unexpectedly exit, creating a core dump file.
PRJ-46848, PRJ-46579	Logging	RAD error messages may be printed to the fwk.elg file during cpstop - cpstart on the Security Gateway. The issue is cosmetic only.
PRJ-41210, PRHF-24639	Logging	In rare scenarios, the Logs view may display unexpected blank lines or gaps in the chronological sequence of entries.
PRJ-48104, PRHF-29616	Security Gateway	Outages may occur when the FWD process exits or restarts and Security Group member goes down triggering Scalable Chassis failover.
PRJ-54414, PRHF-33710	Security Gateway	In a VSX Cluster environment, the CPVIEWD daemon may cause a high CPU.
PRJ-55578, PMTR-104837	Security Gateway	A buffer overflow may occur in the HTTP flow, affecting the FWK process.
PRJ-46889, PRHF-29024	Security Gateway	Incorrect value in the "fwisusfw" register causes improper CPU affinity and dynamic balancing initialization in User Space Firewall mode after an upgrade. Refer to sk182004.
PRJ-45950, PRHF-28371	Security Gateway	During policy installation, Rule Base internal error drops may be shown in the SmartConsole logs. Logs related to "dynobjs" may be printed in Messages.
PRJ-55764, PMTR-104381	Threat Prevention	In rare scenarios, policy installation may fail after an upgrade of a VSX Gateway.
PRJ-55988, PMTR-104285	Threat Prevention	In a rare scenario, Threat Prevention policy installation may fail after an over-the-air (OTA) package update of TP_CONF_SERVICE. Refer to sk182572.
PRJ-56095, PMTR-106568	Threat Prevention	SSH Deep Packet Inspection (SSH DPI) fails to start inspection if IPS is enabled while all other threat prevention products are disabled.
PRJ-46348, PRHF-27721	Threat Emulation	The ICAP client may send the file name under "Content-Disposition" in an unsupported format written as "filename=" instead of "filename=*", and the Threat Emulation blade does not process such files.
PRJ-51491, PRHF-31582	Threat Emulation	When using ICAP, filename handling occasionally fails. As a result, the Threat Emulation Blade may not be able to process this specific file.
PRJ-55459, PRHF-34098	URL Filtering	In scenarios where there is a heavy load on the machine, the RAD queue can fill up and get clogged by unhandled requests, causing an outage and traffic disruption.
PRJ-54193, PRHF-31001	Anti-Bot	The Anti-Bot Blade may generate error logs with the "Failed to Decrypt CP Site Response" reason. Refer to sk182494.
PRJ-54444, PMTR-103889	Mobile Access	HTTPS access to the Mobile Access Portal may be down.
PRJ-56221, PRHF-35271	Mobile Access	The "citrixStrictTicketEnforcement" parameter set in the configuration file may not work as expected.
PRJ-55633, PRHF-27989	ClusterXL	After modifying a bond, the Monitored VLANs may disappear. Refer to sk180724.
PRJ-56010, PRHF-34987	SecureXL	In a rare scenario, a memory leak in the adp kernel module may occur during multicast routing assert failures.
PRJ-51110, PMTR-97788	SecureXL	SYN Defender configuration in Inspection Settings on the Security Management Server may not be applied on Accelerated Policy installation.
PRJ-56075, PMTR-105097	SecureXL	When SecureXL User Mode (UPPAK) is enabled, in some scenarios, a VSX Security Gateway with many Virtual Systems may crash.
PRJ-55954, PMTR-105602	SecureXL	The Security Gateway may crash in Bridge mode or in Non-Bridge mode when the number of MAC addresses in its network interface card's table exceeds the hardware capacity limit. Refer to sk182813.
PRJ-56432, PMTR-107256	Routing	Dynamic Routing outage in a Security Group during the Zero Downtime (MVC) Upgrade to R81.20, during the Downgrade from R81.20, or during the installation / uninstall of the R81.20 Jumbo Hotfix Accumulator. Refer to sk182556.
PRJ-53174, PMTR-101331	Routing	Graceful Restart may end prematurely in OSPF NSSA areas.
PRJ-53827, PMTR-95640	Routing	A multicast outage may occur during failovers caused by interface flaps.
PRJ-54407, PRHF-33153	Routing	A multicast outage may occur after a failover triggered by incomplete processing of cluster synchronization messages.
PRJ-49209, PRHF-30241	VPN	Remote Desktop Protocol (RDP) connections may frequently disconnect when network traffic is routed through a combination of medium path, Quality of Service (QoS) controls, and VPN.
PRJ-56037, PRJ-55986	VPN	During high-volume VPN tunnel initiations, several packets may be dropped with "encrypted packet too big".
PRJ-53012, PMTR-100991	VPN	The FWK process may crash when establishing multiple VPN tunnels simultaneously at peak rates.
PRJ-50089, PMTR-90101	VPN	By default, the VPN permanent tunnel is configured to use "tunnel test" instead of "DPD". This configuration may cause inaccurate permanent tunnel status reporting when connecting to third-party devices.
PRJ-52892, PMTR-100703	VPN	The FWK process may exit when Monitor mode is enabled on one of the interfaces.
PRJ-56672, PRHF-35637	VSX	Memory corruption may occur when a bond interface is configured, leading to a Security Gateway crash with a vmcore or a boot loop.
PRJ-53309, PMTR-95877	Scalable Platforms	In Quantum Maestro/Scalable Chassis environments, when using the Threat Prevention Blade in the Security Group, the entitlement_status_collector_db.C files may be inconsistent between the Security Group Members.
PRJ-51191, PRHF-29670	Scalable Platforms	Security Group Member in a VSX environment is in a boot loop after creating a new Virtual System with a WRP interface. Refer to sk182476.
PRJ-55792, PMTR-103838	Scalable Platforms	The "An error occurred while applying action to several members. Please check the status bar history" error is displayed when changing the Maestro Security Group configuration through Gaia Portal. Refer to sk181691.