R81.10 Jumbo Hotfix Take 38
|
Note - This Take contains all fixes from all earlier Takes. |
Take 38 includes high-priority fixes for:
-
Quantum Maestro Orchestrator
-
Stability enhancements and system hardening for Management API and Multi-Domain Security Management in large scale environments.
ID |
Product |
Description |
---|---|---|
Take 38 Released on 21 February 2022 |
||
PRJ-29396, |
Security Management |
NEW: Added support for Management API commands: "add-rules-batch" and "delete-rules-batch". |
PRJ-29438, |
Security Management |
UPDATE: Added a warning message in SmartConsole, alerting if during policy installation memory utilization of the FWM process exceeded 3.5GB. |
PRJ-31866, |
Security Management |
UPDATE: The "show application-sites" Management API command returns additional fields for UIDs of primary category and additional categories. |
PRJ-32893, |
Security Management |
UPDATE: It is now possible to increase the timeout value for Management High Availability synchronization. Refer to sk176165. |
PRJ-32769, |
Security Management |
UPDATE: Meta-info and comments fields are now displayed in the output of the "show-tasks" API command with "details-level standard". |
PRJ-32960, |
Security Management |
UPDATE: Added Update 13 of Autonomous Threat Prevention Management integration Release. Refer to sk167109. |
PRJ-31893, |
Security Management |
In some scenarios, the API command "show-changes" fails with "Diff operation failed: Unable to build the diff reply." |
PRJ-31862, |
Security Management |
In a rare scenario, in the Management API, the "show hosts" command with "details-level full" fails with a "java.util.InputMismatchException: got at least one duplicate UID in requested list, duplicates UIDs:" message. |
PRJ-31861, |
Security Management |
The "show-gateways-and-servers" Management API command does not show policy information for cluster members. |
PRJ-28817, |
Security Management |
In some scenarios, the "show-gateways-and-servers" Management API command fails with "generic_error" when running it with "details-level full". |
PRJ-28031, |
Security Management |
In some scenarios, the user may fail to connect to Remote Access VPN if there are expiration dates saved in a non-English date format. The issue can occur when SmartConsole is installed on a Windows client that uses a non-English locale. Refer to sk173967. |
PRJ-30885, |
Security Management |
In rare scenarios, during an upgrade, the FWM process may unexpectedly exit with a core dump file. |
PRJ-30415, |
Security Management |
Scheduled IPS updates data may not be shown in the IPS update report. |
PRJ-32093, |
Security Management |
When searching an IP in Object Explorer, network objects with both IPv6 and IPv4 configured, may not appear in the results, although they match the IP. |
PRJ-31942, |
Security Management |
Deleting an administrator with open sessions may fail with "An Internal error has occurred." |
PRJ-30899, |
Security Management |
In rare scenarios, installing policy on an OSE device may fail with "Policy installation had failed due to an internal error". |
PRJ-32042, |
Security Management |
In some scenarios, the $MDS_FWDIR/log/cpm.elg file contains many lines about "UnmarshalException". |
PRJ-31674, |
Security Management |
In rare scenarios, policy installation cannot be executed while another policy installation is already in progress and stuck. |
PRJ-31673, |
Security Management |
In rare scenarios, the API commands "show-automatic-purge" and "set-automatic-purge" may fail if there were two earlier attempts to update the Automatic Purge at the same time. |
PRJ-31702, |
Security Management |
In a Multi-Domain environment, in Gateways & Servers view, the option to filter Gateways by Domain is greyed out, although it should be enabled. |
PRJ-29954, |
Security Management |
In some scenarios, in Override Categorization, it may not be possible to sort or to find objects by name using Object Explorer. Refer to sk175245. |
PRJ-29911, |
Security Management |
In some scenarios, it is possible to disable a shared layer, although it is used in more than one rule. |
PRJ-31976 |
Security Management |
After creating a new LSM device through the API, the device editor in the SmartProvisioning GUI may unexpectedly close when editing the Topology configurations. |
PRJ-31743, |
Security Management |
In some scenarios, deleting a Domain fails when there is an administrator with API key authentication associated with this Domain. |
PRJ-33465, |
Security Management |
While editing a Small Office LSM Profile object, SmartConsole may unexpectedly close when enabling Threat Emulation and navigating to the Configuration tab. |
PRJ-29241, |
Security Management |
In some scenarios, the Management API command "show-packages" with "details-level full" may fail with an error. Refer to sk176805. |
PRJ-30682, |
Security Management |
Policy installation with Directional VPN rules may fail with a verification error. |
PRJ-31261, |
Security Management |
In some scenarios, the API command "login-to-domain" fails, and the cpm.elg log shows "Null Pointer Exception". |
PRJ-30721, |
Security Management |
In a rare scenario, deleting an object using the API command "delete-generic-object uid |
PRJ-31212, |
Security Management |
The CPM Server may fail to start while checking for pending purge operations during startup. |
PRJ-30069, |
Security Management |
|
PRJ-32651, |
Security Management |
In rare scenarios, deleting a Domain fails, leaving some remnants in the Management database. |
PRJ-31083, |
Security Management |
In rare scenarios, the FWM process on the Security Management Server unexpectedly exits. |
PRJ-30338, |
Security Management |
When one Server in a logical Server group is down, the second Server keeps trying to access it, no matter how long the Server is down. |
PRJ-32430, |
Security Management |
In rare scenarios, adding a service to a rule in Access Policy:
Refer to sk176004. |
PRJ-32361, |
Security Management |
In some cases, when changing only the "color" and "comment" object fields, policy installation may not be accelerated. |
PRJ-30037, |
Security Management |
|
PRJ-33135, |
Security Management |
When searching in Object Explorer with non-alphanumeric characters (non-Latin letters), no results are found even if there are objects that match the search query. |
PRJ-32858, |
Security Management |
After the Management Server restart, the API command "show_tasks" may show some suppressed tasks as "in progress", if before the restart they were cleared in SmartConsole while they were still running. |
PRJ-34081, |
Security Management |
In some scenarios, after running an Ansible Playbook, objects are locked even though they were not changed. |
PRJ-33554, |
Security Management |
When using the API to create an OPSEC CPMI application with a custom permissions profile, the default Super User profile is chosen instead. |
PRJ-32449, |
Security Management |
In rare scenarios, in a Multi-Domain environment, after performing an IPS Update, High Availability synchronization in the Global Domain fails with "NGM failed to import data". |
PRJ-30532, |
Security Management |
Creating an administrator in a Multi-Domain environment may cause SmartConsole to freeze and time out. |
PRJ-32555, |
Security Management |
The "Show Policy Package" Tool shows only UID for a group object and its members instead of their name. |
PRJ-34427, |
Security Management |
When performing IPS Update or Global Domain Assignment, creating a Domain at the same time may fail with "Internal Error". |
PRJ-30476, |
Security Management |
Desktop policy installation may fail with the "Service ReferenceObject of type is not supported!" error. |
PRJ-34201, |
Security Management |
High Availability synchronization fails when one Management Server is installed on an appliance of 6000 series and the other one is an Open Server, a Virtual Machine or installed on an appliance of different series. |
PRJ-33952, |
Security Management |
The "fwm logexport" command may fail with the "Failed to dump tables from NGM" error when running it from the Global Domain on the Multi-Domain Server or from the Log Server. |
PRJ-33288, |
Security Management |
When reassigning Global policy after an IPS update on the Global Domain, the updated IPS version in the Audit Logs view may appear with "-1" value instead of the actual IPS version number. |
PRJ-30060, |
Security Management |
In rare scenarios, after Management Server upgrade, importing the database may fail with "Tried to persist object". |
PRJ-33980, |
Security Management |
Policy installation from the Multi-Domain Server level may trigger installation of two policies for the same VS. |
PRJ-33865, |
Security Management |
When creating or updating a service object via Management API, it is not possible to specify a custom aggressive-aging timeout. |
PRJ-32670, |
Security Management |
When searching for tags usage, the "where-used" Management API command may fail with "Requested object not found". |
PRJ-34036, |
Security Management |
When many sessions are opened:
|
PRJ-33243, |
Security Management |
In rare scenarios, after an update, the Management Server fails to start. |
PRJ-36961, |
Security Management |
Policy installation and "where used" operation may take a long time if there are many inline layers and the "Install On" targets in the Rule Base are not defined as "Any". Refer to sk177928. |
PRJ-33169, |
Multi-Domain Management |
The mds_backup script may not collect Multi-Domain Server log files from $MDSDIR/log/. |
PRJ-30527, |
Multi-Domain Management |
In rare scenarios, running the "fwm sic_reset" command on Multi-Domain Server may fail. |
PRJ-36041 |
Web SmartConsole |
UPDATE: Released Take 55 with new features and improvements. Refer to sk170314. |
PRJ-27606 |
Compliance |
In some scenarios, auto-update flow fails during updatable object registration. |
PRJ-34294, |
Compliance |
After disabling Compliance Best Practices, the user receives security alerts.
|
PRJ-35952 |
CPView |
In CPView, under "Unified Policy", the "Transactions" and "Memory KB" parameters may be missing on devices with more than 100 interfaces. |
PRJ-30665, |
Logging |
Refer to sk176644. |
PRJ-32030, |
Logging |
In some scenarios, the "vpn_user" field is empty in the Logs view and SmartEvent Reports, even though it contains values in the raw log. |
PRJ-27593, |
Logging |
When SmartView Web is configured to not return empty values, a query may fail with a "query failed" message. |
PRJ-29512, |
Logging |
In a rare scenario, after an NSX Gateway upgrade, enforcement details/identities are not pushed by the controller to the Gateway automatically, it can be done only by manual update. Refer to sk173323. |
PRJ-28325, |
Logging |
In some scenarios, in SmartLog, free-text search does not work for some inspection settings logs and their description is missing. |
PRJ-27737, |
Logging |
In SmartConsole:
|
PRJ-28127, |
Logging |
In rare scenarios, in SmartConsole, some logs are not shown. |
PRJ-31799, |
Logging |
Logs that are sent by Log Exporter in CEF format, cannot be displayed if they include non-digit characters in the "dst_phone_number" field. |
PRJ-32239, |
Logging |
When configuring an Email alert as an Automatic Reaction in SmartEvent, and the alert contains data from the event, some fields may be missing in the generated email. |
PRJ-29125, |
Logging |
SmartEvent may not show some of the Anti-Virus logs. |
PRJ-32589, |
Logging |
There may be empty values in the "Office Mode IP" field in the Logs view. |
PRJ-32087, |
Logging |
A duplicate entry appears in /etc/cpshell/log_rotation.conf. This issue is only cosmetic. |
PRJ-32852, |
Logging |
In a rare scenario, logs export from SmartView web view to CSV may fail. Refer to sk175545. |
PRJ-28318, |
Logging |
The "Last Update Time" field of a Session Log may show incorrect values. |
PRJ-31618, |
Logging |
Non-English letters in SmartView reports exported as CSV may be displayed incorrectly. Refer to sk175543. |
PRJ-30093, |
Logging |
In rare scenarios, the LOG_INDEXER process stops working and logs are missing. Refer to sk176403. |
PRJ-34692, |
Logging |
In some scenarios, in an environment that includes the SmartEvent Server, the LOG_INDEXER process restarts at midnight, producing a core dump file. Refer to sk177805. |
PRJ-31809, |
Security Gateway |
NEW: Added a new kernel parameter "cphwd_medium_path_qid_by_cpu_id". The parameter is disabled by default. Refer to sk175890. |
PRJ-31274, |
Security Gateway |
UPDATE: The "-c" and "-i" flags in Top Connections Tool are now supported on VSX Gateways. Refer to sk172229. |
PRJ-34451, |
Security Gateway |
UPDATE: The "fw unloadlocal" command can now be used on a Virtual System only with the "-f" flag added. Otherwise, a warning message is displayed, indicating that unloading policy on a Virtual System will cause traffic issues with any Virtual System connected to a Virtual Switch or a Virtual System in Bridge mode. |
PRJ-33749, |
Security Gateway |
UPDATE: Added a new flag to the "dynamic_objects" command: "-uo <name of object>". The user can now see all content of a specific updatable object. |
PRJ-32074, |
Security Gateway |
UPDATE: Check Point Active Streaming (CPAS) TCP Window scale factor is now increased up to 6. |
PRJ-30672, |
Security Gateway |
When deleting all Suspicious Activity Monitoring (SAM) rules, adding a large number of new rules, and installing policy, the system may freeze. |
PRJ-30671, |
Security Gateway |
In rare scenarios, when a Security Gateway is configured as Proxy, a wrong NAT port reuse may happen for 5 minutes long proxied connections. |
PRJ-29699, |
Security Gateway |
In rare a scenario, a memory leak may occur with a "cpas_streamh_init_from_cookie failed" message printed in /var/log/messages. |
PRJ-30615, |
Security Gateway |
In rare scenarios, when SACK is enabled, there may be connectivity issues. |
PRJ-29542, |
Security Gateway |
After reboot and policy installation, the "No interface configured in SmartCenter server with name mdps_tun. Matching by IP address to interface Mgmt" error may be printed in fwk.elg. |
PRJ-30694 |
Security Gateway |
The "Matched rule is not found" error appear when using Suspicious Activity Monitoring (SAM) rules with source and destination networks, or with a NATed IP. |
PRJ-33361, |
Security Gateway |
First policy installation after an upgrade may be followed by a warning message: "Updatable Objects are used in the policy but Gateway package is missing (see sk121877)". |
PRJ-31969, |
Security Gateway |
In a rare scenario, "Connection/sec" data for accelerated traffic in CPView may differ from the statistics in SNMP. |
PRJ-32338, |
Security Gateway |
Defining an IPv6 NAT rule with address range (hide) on the translated column may fail with an incorrect error message. |
PRJ-33083, |
Security Gateway |
Extended logging may show a wrong status of Content Awareness Blade. The issue is only cosmetic. |
PRJ-32636, |
Security Gateway |
When ISP Redundancy feature is enabled, the default route may disappear during an ISP's failover. |
PRJ-30013, |
Security Gateway |
In a rare scenario, when QoS is enabled, Security Gateway may crash while interfaces go down and up. |
PRJ-31219, |
Security Gateway |
When a large number of VPN tunnels is configured and each one is used by a static route with ping, the ROUTED daemon may get incorrect cluster IPs for those tunnels. Refer to sk175887. |
PRJ-33514, |
Security Gateway |
CPView may show corrupted numbers in "F2V-Reasons". This issue is only cosmetic. |
PRJ-30181, |
Security Gateway |
In a rare scenario, policy push to multiple Security Gateways may fail. Refer to sk177963. |
PRJ-31111, |
Security Gateway |
In a rare scenario, the TCP Half Closed timer (sk137672) may fail when configured for medium/fast connections. |
PRJ-28831, |
Security Gateway |
Improved the ICAP Server internal memory allocation logic. |
PRJ-27611, |
Security Gateway |
A debug message is printed as an error. |
PRJ-31272, |
Security Gateway |
The FWD process may unexpectedly exit due to a rare race condition. Refer to sk173424. |
PRJ-32576, |
Security Gateway |
When deleting connection table entries with "fw ctl conntab -x", and using "rule", "service", "type", "flags" or "state" filters, entries that do not match these filters may still be deleted. |
PRJ-33126, |
Security Gateway |
In some scenarios, memory consumption and CPU usage may increase consistently. Refer to sk176370. |
PRJ-30600, |
Security Gateway |
In a rare scenario, the Security Gateway may crash during policy installation. |
PRJ-33607, |
Security Gateway |
When there are security zones configured in the NAT rulebase and the connection has NAT on the destination, the Security Gateway IP address may still be shown as the source IP, although it should not. |
PRJ-32659, |
Security Gateway |
Security Gateway may unexpectedly reboot and create a vmcore file. |
PRJ-30295, |
Security Gateway |
Enhanced Check Point Active Streaming (CPAS). Refer to sk177025. |
PRJ-30784, |
Security Gateway |
Access Policy installation may fail with "Error code 1-2000078". |
PRJ-32425, |
VPN, Multi-Portal |
UPDATE: Certificate validation flow will use OCSP as the default revocation validation method. If OCSP URL does not exist, CRL will be used as a revocation validation method. |
PRJ-31018, |
Internal CA |
In a rare scenario, when CRL files are created, some of them may be generated with a large number in the filename. When deleting CRL files, CPCA repeatedly fails to start. |
PRJ-33251, |
Internal CA, VPN |
Creating a certificate for a third party Gateway with Check Point Internal CA may fail on the third party side. Refer to sk176468. |
PRJ-29927, |
Threat Prevention |
Threat Prevention policy installation may fail when loading 2 IoC feeds that contain the same signature name for one of the observables. |
PRJ-32176, |
Threat Prevention |
In a rare scenario, Security Gateway may crash when the Advanced Forensics Details feature is enabled. |
PRJ-33644, |
Threat Prevention |
When the "Automatically download Blade Contracts, new software, and other important data" checkbox is unchecked, Security Gateway may fail to update Threat Prevention packages. |
PRJ-36736, |
Threat Extraction |
In some scenarios, when Threat Extraction and Threat Emulation are both enabled, it may take a long time to scan the file before downloading, although there is no active content. |
PRJ-32135, |
Identity Awareness |
An Identity Broker subscriber may be shown as the session owner for Remote Access VPN sessions received from another publisher. |
PRJ-32873, |
Identity Awareness |
When Identity Awareness Blade is enabled on the Security Gateway, rebooting of a member may trigger additional reboots. This may cause |
PRJ-27698, |
Identity Awareness |
The PDPD process may fail with "daemon did not respond or not running!" or cause a high CPU. |
PRJ-30949, |
Identity Awareness |
In some scenarios, persistent high CPU is caused by ADQuery due to a large number of authentication requests. |
PRJ-28056, |
Application Control |
In a rare scenario, the SSM may encounter an issue and stop working. |
PRJ-29770, |
URL Filtering |
In a very rare scenario, when the Application Control (APPI) and URL filtering Blades are active, in hold mode, some applications cannot be identified and the traffic is dropped. |
PRJ-27730, |
IPS |
The track logging configuration of Network Quota protection is not applied. |
PRJ-28029, |
IPS |
In a rare scenario, the Security Gateway may crash when disabling or enabling Threat Prevention Blade. |
PRJ-28492, |
IPS |
In Autonomous Threat Prevention mode, "Profile Name" and "SmartDefense" fields may be missing in the IPS log. |
PRJ-30804, |
IPS |
After installing a Threat Prevention policy with many rules and/or exceptions, on multiple Gateways together, Gateways may consume more CPU during rule-match of new connections. |
PRJ-30607, |
DLP |
UPDATE: Added temporary files cleaner for file converting operation. |
PRJ-30427, |
DLP |
The dlpu process may unexpectedly exit with core dump file. |
PRJ-32902, |
SSL Inspection |
In a rare scenario, the WSTLSD process may unexpectedly exit and produce a core dump file. |
PRJ-32885, |
SSL Inspection |
When TLS 1.3 support is disabled, a memory leak may occur in the WSTLSD process during TLS session renegotiation. |
PRJ-34447, |
SSL Inspection |
The fwk process may unexpectedly exit during the TLS handshake. |
PRJ-31498, |
SSL Inspection |
When HTTPS Inspection is disabled and the "Categorize HTTPS websites" option is enabled, the "failed attaching RSA stub certificate to server" errors may appear in the fwk.elg and wstlsd.elg files during policy installation. |
PRJ-33408, |
SSL Inspection |
In rare scenarios, TLS probing connections may remain open for extended periods. |
PRJ-34273, |
SSL Inspection |
A memory leak may occur in the WSTLSD process during session resumption for TLS 1.2. |
PRJ-31233, |
SSL Network Extender |
SSL Network Extender (SNX) may fail during large file transfers. Refer to sk87760. |
PRJ-31176, |
Mobile Access |
UPDATE: Upgraded JQuery library version (from 1.1 to 3.6). |
PRJ-33877, |
Mobile Access |
Policy installation may fail due to table creation issues. |
PRJ-28361, |
ClusterXL |
Clock jumps forward/backward may cause some operations to fail and the cluster to go down. |
PRJ-32472, |
ClusterXL |
Added Syslog support for Cluster events messages. |
PRJ-32951, |
ClusterXL |
Identity Sharing in VSLS Mode may not work as expected. |
PRJ-32941, |
SecureXL |
In some scenarios, when configuring internal/external enforcement for DOS/Rate limiting, a syslog error message may be displayed. |
PRJ-30820, |
SecureXL |
In a rare scenario, after an upgrade, HTTPS traffic may be dropped. |
PRJ-33357, |
Routing |
|
PRJ-31488, |
Routing |
In some scenarios, the Security Gateway may not forward traffic to a client if its IP address is changed by DHCP. Refer to sk175603. |
PRJ-31474, |
VPN |
UPDATE: In policy installation, the type of messages, related to VPN certificate expiration, is changed from "info" to "warning". This issue is only cosmetic. |
PRJ-30958, |
VPN |
Improvements for DAIP Gateway behind Hide NAT. |
PRJ-31133, |
VPN |
In some scenarios, a memory leak may occur in the VPND process. |
PRJ-32551, |
VPN |
A memory leak may occur during Office Mode IP allocation. |
PRJ-32367, |
VPN |
Improved IKEv2 narrowing. |
PRJ-31589, |
VPN |
In some scenarios, VPN tunnels statuses in SmartView Monitor are displayed incorrectly. |
PRJ-28270, |
VPN |
A memory leak may occur in the VPND process. |
PRJ-32131, |
VPN |
The output of the "vpn tu tlist" command may show a wrong date and time in "Authenticated at" line, although machine date and time settings are correct. |
PRJ-31291, |
VPN |
Hardened the ability to use narrowed IKEv2 tunnels. Refer to sk166417. |
PRJ-30758, |
VPN |
In some scenarios, when NAT is enabled, Route Based VPN traffic may be dropped. |
PRJ-30766, |
VPN |
In a very rare scenario, a cluster member may unexpectedly crash and restart, creating a core dump file. |
PRJ-30331, |
VPN |
In some scenarios, IKEv2 tunnel may not work due to SA expiration. |
PRJ-32520, |
VPN |
Improved establishing IKEv2 tunnel with DAIP peer. |
PRJ-32613, |
VPN |
In some scenarios, Remote Client connections in Visitor Mode may cause the fwk process to exit. |
PRJ-32761, |
VPN |
The output of the "vpn tu tlist" command may show an incorrect type of S2S tunnels protocol. |
PRJ-31701, |
VPN |
When the IKE daemon is enabled, VPN counters in CPView may show an incorrect value. |
PRJ-32597, |
VPN |
In some scenarios, Remote Access VPN users cannot connect to the Gateway due to a kernel table issue. |
PRJ-29783, |
VPN |
Although the Simultaneous Login Prevention (SLP) feature is on, the user can connect with two clients and receive the same statically assigned Office-Mode IP. |
PRJ-33835, |
VPN |
In rare scenarios, when SSL Network Extender (SNX) is in Application Mode, the VPND process may unexpectedly exit. |
PRJ-33739, |
VPN |
When applying Secure Configuration Verification (SCV) VPN client is not able to distinguish between Windows 10 and Windows 11. |
PRJ-36421, |
VPN |
In some scenarios, when VPN logs are enabled and DAIP (Dynamically Assigned IP) peer is configured, the VPND daemon may unexpectedly exit. |
PRJ-33837, |
VSX |
UPDATE: Shadow bridges will now be automatically disabled on VSX Gateways if the bridges are not in Active/Active mode. |
PRJ-32534, |
VSX |
UPDATE: It is now possible to define interface topology as "defined by routes" using the VSX provisioning tool. |
PRJ-28990, |
VSX |
In some scenarios, running the "snmpwalk" command may fail with incorrect OSPF-MIB information for VSX. Refer to sk172064. |
PRJ-33947, |
VSX |
Policy installation on a VS may fail after a cluster conversion between High Availability and Virtual System Load Sharing with the "vsx_util" command. |
PRJ-30201, |
Gaia OS |
UPDATE: Added a Clish command "add/show/delete ntp interface" to choose to which interfaces the NTP daemon shall bind. |
PRJ-34590, |
Gaia OS |
Enhanced SNMP module stability. |
PRJ-32048, |
Gaia OS |
In some scenarios, adding a Gaia user may result in a high number of zombie sh processes. Refer to sk164259. |
PRJ-31972, |
Gaia OS |
The minimum value of VBAT sensor on Quantum appliances is incorrect. |
PRJ-31755, |
Gaia OS |
In some scenarios, after adding an SNMP USM user, the confd process may unexpectedly exit. |
PRJ-30213, |
Gaia OS |
Refer to sk174969. |
PRJ-28962, |
Gaia OS |
After an upgrade, a wrong cipher name appears in the supported cipher list. Refer to sk174863. |
PRJ-28686, |
Gaia OS |
In some scenarios, in appliances: 6600,6700,6900, Power Supply Unit (PSU) status information may be incorrect. Refer to sk174443. |
PRJ-29066, |
Gaia OS |
Wrong output of the "set/delete ip-conflicts-monitor interface" command. The word "value" is printed multiple times. The issue is only cosmetic. |
PRJ-33390, |
Harmony Endpoint |
NEW: It is now possible to configure Super Node in Harmony Endpoint. Refer to sk171703. |
PRJ-32247, |
Harmony Endpoint |
NEW: Added new push operations to Endpoint Web Management:
|
PRJ-32887 |
Harmony Endpoint |
NEW:
|
PRJ-27849, |
Harmony Endpoint |
SmartEndpoint may show deleted certificates as expired. |
PRJ-32646, |
Harmony Endpoint |
Refer to sk176186. |
PRJ-32391, |
VoIP |
When using SIP, memory usage may increase over time on Active and Standby members. |
PRJ-34520, |
Smart-1 Cloud |
Added support for R81.10 automatic updates of Quantum Smart-1 Cloud. Refer to sk166056. |
PRJ-31770, |
CloudGuard Network |
Improved the handling of NSX-T Data Center throttling issues. |
PRJ-31773, |
CloudGuard Network |
In a rare scenario, there is a high CPU0 utilization on Azure Security Gateway. |
PRJ-32232, |
CloudGuard Network |
The "vsec_lic_cli update" command now supports IP change in the license string. |
PRJ-27904, |
QoS |
In a rare scenario, when QoS is enabled, in SmartView Monitor some traffic may be shown as "No Match". |
PRJ-30236, |
QoS |
In a rare scenario, the FWD process may unexpectedly exit due to invalid QoS logs. |
PRJ-34022, |
Scalable Platforms |
NEW: Added the HealthCheck Point (HCP) test which validates ports link integrity for Maestro Orchestrator. Refer to sk171436. |
PRJ-35159, |
Scalable Platforms |
NEW: Added a self-updatable package of Check Point Support Data Collector (CPSDC) for Scalable Platforms and Maestro Security Appliances. Refer to sk164414. |
PRJ-31311, |
Scalable Platforms |
When IGMP snooping is disabled, using OSPF Multicast may lead to Anti Spoofing drops in SmartConsole. |
PRJ-28812, |
Scalable Platforms |
SNMP OID .1.3.6.1.4.1.2620.1.48.16 (asgSecureXLStatusBitmask) returns the status of SecureXL as enabled, even when it is not. |
PRJ-32416, |
Scalable Platforms |
In some scenarios, changing QSFP mode manually does not survive reboot. |
PRJ-30617, |
Scalable Platforms |
Multiple traffic drops may occur on Scalable Platforms. Refer to sk173545. |
PRJ-31406, |
Scalable Platforms |
The "config_verify" command may fail in a Scalable Platforms environment. |
PRJ-30630, |
Scalable Platforms |
VPN tunnel may fail to establish with "dropped by vpn_inbound_pilicy_chain Reason: VPN inbound nat after vm failed". Refer to sk176404. |
PRJ-33379, |
Scalable Platforms |
VPN traffic may be dropped due to certificate issues. |
PRJ-31507, |
Scalable Platforms |
During policy installation, AD Query may stop working in the Scalable Platforms environment. |
PRJ-33185, |
Scalable Platforms |
RADIUS user that has gclish set as default shell cannot login into the Security Group on Scalable Platforms R81.10: "Unable to get user permissions". Refer to sk176364. |
PRJ-31870, |
Scalable Platforms |
Static routes related to a Warp interface may disappear after enabling the VMAC feature. |
PRJ-34101, |
Scalable Platforms |
Changing VLAN of an existing interface may cause ARP reply not to be processed by the Gateway. Refer to sk176929. |
PRJ-31139, |
Scalable Platforms |
Connectivity issues may occur on Identity Server (PDP) in large VSX setups. |
PRJ-35011, |
Scalable Platforms |
In a rare scenario, the CPD process may crash during policy installation. |
PRJ-32678, |
Scalable Platforms |
When two sites with shared LACP bonds are connected to the same switch and VMAC is enabled on both of them, communication with the switch may be lost. |
PRJ-34620, |
Scalable Platforms |
In some scenarios, a physical link issue on a Maestro Gateway may cause an unexpected site failover, a cluster state change on other Gateways, or packet drops. |
PRJ-32165, |
Scalable Platforms |
When the user manually uninstalls R81.10 Jumbo Hotfix Take 22 from an R81.10 Maestro Hyperscale Orchestrator (MHO), the MHO's REST Server remains down, potentially causing traffic issues. Refer to sk177323. |
PRJ-31839, |
Scalable Platforms |
The CMM is not updated with the time from a configured NTP Server. As a result, SGMs stay in Down state for a long time. |
PRJ-31512, |
Carrier Security |
The FWK process may unexpectedly exit producing a core dump when the GTP tunnel expires. |
PRJ-34443, |
HCP |
Added Update 6 of HealthCheck Point (HCP) Release. Refer to sk171436. |
PRJ-31774, |
Infrastructure |
UPDATE: Updated Python 2.7.17 to 2.7.18, Python 3.7.7 to 3.7.12, added Python 3.9.7 and a Python3 alias. |
PRJ-29412, |
Infrastructure |
Policy installation fails with "Operation failed, install/uninstall has been improperly terminated" when a CMA name is more than 36 characters long. Refer to sk175452. |
PRJ-29952, |
Infrastructure |
In a rare scenario, the user cannot connect to the Mobile Access Portal. |