R81.10 Jumbo Hotfix Take 79

 

Note - This Take contains all fixes from all earlier Takes.

ID

Product

Description

Take 79

Released on 24 October 2022 and declared as Recommended on 21 November 2022

PRJ-38348,
PMTR-81030

Diagnostics

The CPVIEWD process may cause CPU spikes.

PRJ-40819,
PMTR-80047

Security Management

NEW: It is now possible to clone Access and HTTPS Inspection layers via Management REST API.

PRJ-41083,
PMTR-86078

Security Management

UPDATE: If ISP Redundancy is configured for a target Security Gateway, backup interfaces are now used for pushing policy if the primary interface is down.

PRJ-40000,
PMTR-84248

Security Management

UPDATE: Added a new API version (1.8.1). Refer to Management API Reference.

PRJ-31201,
PRHF-19545

Security Management

UPDATE: Audit logs for Access Control rules now contain more information about the rule.

PRJ-39462,
PRHF-23711

Security Management

UPDATE: Management API performance improvements:

  • When moving a rule, the "set-access-rule" command is now up to 15 times faster.

  • When using a rule name, the "set-access-rule" command is now twice as fast.

PRJ-40100,

PMTR-72725

Security Management

After a policy installation failure, fetching policy on the Security Gateway side by running the "fw fetch local" command may also fail.

PRJ-37912,
PRHF-22870

Security Management

The flag "--method" for a CME command is not supported in SmartConsole Command Line.

PRJ-37339

Security Management

Objects that do not belong to groups may be shown in the Group Membership view in SmartConsole.

PRJ-40205,
PRHF-24315

Security Management

In some scenarios, certificate based login to a Log Server may fail with "Authentication Error". Refer to sk179144

PRJ-38709,
PRHF-23378

Security Management

Login to Domain via Management API using FQDN as the Domain parameter may fail with the "Domain not found" error.

PRJ-38218,
PRHF-22973

Security Management

If Log Domain reassignment fails, an Application Control and URL Filtering update may get stuck at 70 percent showing the "Running post update actions" status.

PRJ-39805,
PMTR-83656

Security Management

In Object Explorer, when filtering by type, all other filters may disappear until the selected filter is removed.

PRJ-40587,
PRHF-24553

Security Management

The "Domain" and "Type" fields may be missing in the "show-groups" command output of a Management API request. Refer to sk179645.

PRJ-40408,
PMTR-84933

Security Management

Editing a Threat Profile object using Ansible automation tool may fail.

PRJ-38426,
PMTR-81862

Security Management

Login to Management Server may fail if a trusted client has a subnet mask defined in CIDR notation. Refer to sk177743.

PRJ-39409,
PRJ-40901

Security Management

In the Object Explorer window in SmartConsole, numeric columns are sorted alphabetically, although they should be sorted in numerical order.

PRJ-40516,
PMTR-85116

Security Management

Adding members to a user group may fail when using Management API.

PRJ-33896,
PRHF-20973

Security Management

Global Domain Assignment may fail if a rule in the global policy was recently enabled or disabled.

PRJ-40646,
PRHF-24621

Security Management

Deleting a Security Gateway in SmartConsole may fail.

PRJ-41098,
PMTR-81750

Security Management

The "CPLogGetMyIp: fwobj_get_myown failed" error may be printed in CLI when starting cpboot.

PRJ-38789,
PRHF-23476

Security Management

Install Policy Preset may fail with "The server did not provide a meaningful reply.". Refer to sk179524.

PRJ-39210,
PRHF-23632

Security Management

The output of the "show opsec-application" API command may not show the host object name or UID.

PRJ-38457,
PRHF-23314

Security Management

High Availability synchronization may fail with the "Failed to update shared licenses" error.

PRJ-33922,
PRHF-21160

Security Management

Some unused sessions may remain open in the system, consuming memory and CPU.

PRJ-40721,
PRHF-24546

Security Management

Access Control policy installation may fail with the "Internal error" message when the encryption domain contains a Data Center object.

PRJ-40851,
PMTR-84394

Security Management

The LOG_EXPORTER process may cause high CPU because of frequent invocation of the "fw ver" command.

PRJ-39538,
PRHF-23867

Security Management

An Application Control and URL Filtering update may get stuck at 70 percent with the "Running post update actions" status. Refer to sk174587.

PRJ-39223,
PRHF-23186

Security Management

An Application Control and URL Filtering Database update may fail. The CPM log file states: "Update APPI Update Task Notification. progress: 100, status: FAILED, statusText: Failed to assign domain".

PRJ-40058,
PRHF-24082

Security Management

An Application Control and URL Filtering update may still occur even if the latest version is already installed.

PRJ-39334,
PRHF-23594

Security Management

Install Policy Presets may fail with the "Install Policy Failed: Could not commit JPA transaction" error.

PRJ-40547,
PRHF-24405

Security Management

After an upgrade, when the local domain Virtual System (VS) is updated, its objects may not be updated. The mirror VS object and local domain VS object may have different versions and colors.

PRJ-40810,
PRHF-24809

Security Management

SmartConsole may unexpectedly disconnect.

PRJ-40170,
PRHF-24144

Multi-Domain Management

A Multi-Domain Management Server upgrade may fail if upgrading one of the domains takes longer than four hours.

PRJ-39489,
PRHF-23926

Multi-Domain Management

In some scenarios, in a Multi-Domain Management Server environment, SmartConsole may unexpectedly disconnect.

PRJ-38125,

PRHF-23066

Multi-Domain Management

Although all Virtual Devices are deleted, deleting a Domain may fail with an "At least one Virtual Device is defined on this Domain/Domain Management Server. You need to delete all Virtual Systems/Routers prior to deleting Domain/Domain Management Server" message.

PRJ-41286,
ODU-470

Web SmartConsole

UPDATE: Released Take 67 with new features and improvements. Refer to sk170314.

PRJ-40613,
PRHF-24080

Compliance

In the Compliance Blade view, regulations with disabled best practices may display a result that does not correspond with the best practices listed below it.

PRJ-41022,
PMTR-86000

CPView

NEW: Integrated Skyline, a solution that provides an OpenTelemetry CPView Agent service to monitor your Check Point Servers and export health metrics from the CPView tool to an external location. Refer to sk178566.

PRJ-36192,
PRHF-22004

Logging

UPDATE: Amended the override_server_setting.sh script to support changes in the values of RFL_SOLR_MAX_MERGE_COUNT and RFL_SOLR_MAX_MERGE_THREAD_COUNT.

PRJ-29738,
PMTR-72628

Logging

In SmartView, exporting views or reports that do not have tables may indefinitely continue processing.

PRJ-40194,
PMTR-82439

Logging

After an upgrade from R81 to R81.10, maintenance cleanup may remove some recent logs while not erasing other logs from the disk.

PRJ-28112,
PRHF-18175

Logging

In rare scenarios, logs may not be indexed on the Domain Log Server in a Multi-Domain Log Module (MLM) or on the Secondary Multi-Domain Management Server.

PRJ-39590,
PRHF-23981

Logging

The FWD process may unexpectedly exit and create core dump files.

PRJ-40358,
PRHF-24410

Logging

In some scenarios, the FWD process may unexpectedly exit in a Log Server environment. Refer to sk179596.

PRJ-30965,

EPS-562

Logging

In some scenarios, the Forensics report fails to open from Harmony Endpoint logs.

PRJ-36477,
PRHF-22241

Logging

In SmartConsole, when Endpoint Policy Management Blade is enabled, the "SmartView server certificate is invalid" error may be shown when opening a new tab in the Logs & Monitor view. Refer to sk177713.

PRJ-32207,
PRHF-20107

Logging

The "show-logs" Management API command fails when iterating over many pages of queries, and the total fetched records number exceeds 219,900 records.

PRJ-41360,
PMTR-85027

Logging

Running the "cpstat ls -f logging" command on the Security Gateway may show the "disconnected" status after a reboot, although a new connection is established successfully.

PRJ-41103,
PRHF-25074

Logging

When an object name begins with a digit, SmartView Monitor displays a name consisting of the letter "v" and UID instead of the actual object name.

PRJ-34680,
PMTR-75424

Security Gateway

UPDATE: Decreased the threshold for connections suspected as heavy from 5 to 3 seconds. Refer to sk164215.

PRJ-40505,
PMTR-85083

Security Gateway

UPDATE: Added a defense mechanism against partial header attacks known as "Slowloris DoS" (CVE-2007-6750).

PRJ-38144,
PRHF-22814

Security Gateway

UPDATE: Added support for RADIUS UPN authentication with MS-CHAPv2. To use it, enable the registry configuration in ckp_regedit -a SOFTWARE/Checkpoint/VPN1 RADIUS_MSCHAPV2_UPN -n 1.

PRJ-40098,
PMTR-84200

Security Gateway

UPDATE:

  • Added a new global parameter "fw_conn_double_error_allow_print " to enable/disable printing double connection error message to the log. When disabled, the Security Gateway will still drop a new connection if it is already recorded in the connection table, but there will be no error logs.

  • Added a new global parameter "fw_conn_double_error_count" to count how many times the error occurred.

PRJ-40459,
PMTR-84535

Security Gateway

In a rare scenario, the FWK process may unexpectedly exit because of a memory allocation issue on the Security Gateway.

PRJ-38591,
PMTR-79658

Security Gateway

In a cluster environment, an ICAP implied rule may not be enforced after policy installation.

PRJ-35393,
PRHF-14804

Security Gateway

It may not be possible to load specific sites. The Security Gateways drops the traffic from those web servers with "Reason: PSL Drop: MUX_PASSIVE".

PRJ-39640,
PRHF-23835

Security Gateway

When running the "g_fw monitor" command (Global Firewall Monitor), the traffic capture outputs can be created successfully but cannot be merged.

Refer to sk179431.

PRJ-41091,
PRJ-34903

Security Gateway

A kernel crash may occur during system shutdown when PIM is enabled.

PRJ-39927,
PRHF-23895

Security Gateway

When Anti-Virus Blade is enabled, the Security Gateway may crash multiple times with core dump files.

PRJ-41030,
PRHF-24958

Security Gateway

Topology auto update may fail because of a too long interface name.

PRJ-41033,
PRHF-24959

Security Gateway

The Security Gateway may run out of memory when retrieving topology.

PRJ-37210,
MBS-15377

Security Gateway

During a failover, BGP session may be re-established due to equal connection timers between two Security Gateways.

PRJ-40024,
PMTR-83767

Security Gateway

Access Control policy installation may fail with a "Load on Module failed - problem with the Commit Function" message.

PRJ-36867,
PRHF-22233

Security Gateway

After an upgrade, VSX cluster may have frequent failovers.

PRJ-38553,
PRHF-23113

Security Gateway

After an upgrade, Anti-Virus Blade may cause increased memory consumption.

PRJ-39580,
PMTR-71476

Security Gateway

In a rare scenario, when IPS or Application Control is enabled, the Security Gateway may crash.

PRJ-40139,
PMTR-84236

Security Gateway

When Strict Hold is enabled, traffic is logged with the log "HTTP parsing error detected. Bypassing the request as defined in the Inspection Settings". Refer to sk169995.

PRJ-40500,
PRJ-34015

Security Gateway

Bond slaves may be visible in the wrong plane.

PRJ-40255,
PRHF-24323

Security Gateway

There may be a delay in the Logging view when more than 1000 Security Gateways are connected to the same Log Server.

PRJ-34172,
PRHF-20978

Security Gateway

After an upgrade, in a setup with a single Virtual System (VS), the Security Gateway may crash.

PRJ-39520,
PMTR-83692

Security Gateway

Output of the "dynamic_objects -uo_show" command on the Security Gateway may not show any updatable objects. Refer to sk178886.

PRJ-40793,
PMTR-85514

Security Gateway

Enhanced connectivity during HTTP2 Inspection.

PRJ-34404,
PRHF-21418

Security Gateway

Deleting IP addresses in the SAM Database may fail.

PRJ-27779,
PMTR-70632

Security Gateway

The RAD daemon may fail and create core dump files on VSX Gateways.

PRJ-40016,
PRHF-24223

Security Gateway

The Security Gateway with VPN may drop the traffic after enabling BGP and Equal Cost Multipath (ECMP).

PRJ-40863,
PMTR-74446

Security Gateway

Improved the recovery mechanism for Dynamic Balancing.

PRJ-41720,
PRJ-41721

Security Gateway

The Security Gateway with enabled Anti-Virus Blade may experience a memory allocation issue.

PRJ-40390,
PMTR-69466

Internal CA

UPDATE: Added an automatic extension for Internal CA database to support more than 100,000 certificates.

PRJ-40393,
PMTR-70065

Internal CA

UPDATE: Expired certificates are now cleaned from the Internal CA database every three weeks and after reboot. Refer to sk42424.

PRJ-40433,
PMTR-84242

Threat Prevention

UPDATE: The "Global Detect" value will now be updated in the "ips stat" command output.

PRJ-39989,
PRHF-20730

Threat Prevention

UPDATE: In the Custom Intelligence Feeds feature, decreased the hash indicators loading time.

PRJ-29736,
PMTR-71844

Threat Prevention

SCP connections may get terminated.

PRJ-40344,
PRJ-40345,
PRHF-24427

Threat Prevention

The Custom Intelligence Feeds feature may stop enforcing traffic after Threat Prevention policy installation.

PRJ-37560,
PRHF-22459

Threat Prevention

IoC feeds configured in R80.30 cause authentication problems after an upgrade to R81.10. Refer to sk180440.

PRJ-34889,
PMTR-77524

Threat Prevention

When the Security Gateway is in "Detect Only" mode, Threat Prevention Blade exceptions may not be accelerated.

PRJ-40593,
PMTR-75706

Threat Prevention

There may be Security Gateway memory allocation issues related to creating a new Anti-Malware policy.

PRJ-41277,
PMTR-74610

Threat Prevention

Adding hash indicators may cause policy installation to fail with a warning message.

PRJ-40856,
PMTR-85654

Threat Prevention

IoC feed may not load because of a parsing issue with the IP range indicator.

PRJ-40446,
PMTR-84860

Threat Prevention

Deleting a Threat Emulation Gateway object in SmartConsole may fail. Refer to sk170577.

PRJ-40438,
PMTR-82127

Threat Prevention

A kernel memory leak may occur during deep file inspection.

PRJ-39828,
IDA-4187

Identity Awareness

Removed unnecessary debug messages in the Identity revocation flow.

PRJ-35836,
PMTR-71684

Identity Awareness

Memory consumption may increase after policy installation when Secure ID is configured.

PRJ-39162,
PMTR-83274

Identity Awareness

The Nested Groups Depth value changed in CLI may not survive a reboot.

PRJ-36385,
PRHF-22069

Application Control

  • The /var/log/messages directory may be flooded with "appi_app_db_get_kattrib_info: attribs hash does not exist" messages.

  • A Security Gateway may be slow or unresponsive.

Refer to sk178406.

PRJ-29436,
PRJ-37281,
PRHF-21170,
PRHF-17678

URL Filtering

When the Security Gateway works in proxy mode, the Application Control and URL Filtering rules may not match correctly.

PRJ-36136,
PRHF-20682

URL Filtering

In some scenarios, SSL websites are not matched correctly when categorization mode is on Hold and IDA is enabled. Refer to sk176283.

PRJ-38816,
PMTR-80962

URL Filtering

When an URL Filtering rule has "Fail-Close" configuration, the Security Gateway may drop connections, and "URLF internal system error (0)" is recorded as the reason.

PRJ-36435,
PMTR-77653

IPS

When ClusterXL is configured, a file may pass without inspection during a failover.

PRJ-31432,
PRHF-19698

IPS

Logs generated by IPS Bypass may not show the correct CPU/Memory Utilization.

PRJ-37727,
PRHF-22465

DLP

DLP logs for files uploaded to Microsoft OneDrive may not show the initial file names and extensions. Refer to sk178290.

PRJ-33295,
PMTR-61676

Anti-Virus

Removed a redundant message flooding logs in /var/log/messages: "ws_write_connection: end of body reached - clearing delay write flag".

PRJ-39152,
PRHF-21088

Anti-Bot

  • Downloading or opening the packet capture file from the Anti-Bot log entries may fail with a "File fetching is still in progress" message.

  • When opening the capture file link in the log entry in SmartConsole, the "Failed getting the incident file from the gateway. It may be expired" error is shown.

PRJ-40261,
PMTR-83847

SSL Inspection

The WSTLSD process may unexpectedly exit and produce a core dump file during certificate chain verification.

PRJ-34074,
PRHF-21065

Mobile Access

Manual Web Form Single Sign-On (SSO) may fail when passwords contain special characters.

PRJ-38436,
PMTR-82133

Mobile Access

When installing a specific hotfix, the CVPND process may unexpectedly exit.

PRJ-35511,
PMTR-65024

ClusterXL

UPDATE: Added support for the "fw vsx fetch_all_cluster_policies" command, which can fetch policy for all Virtual Systems and Virtual Routers from cluster peers.

PRJ-39840,
PMTR-84079

ClusterXL

When reconnecting the OSPF interface on both members in a cluster, a failover may occur when receiving a ROUTED PNOTE on the Active member.

PRJ-37944,
PRHF-22882

ClusterXL

In a VSX cluster with three or more members, sudden failover and recovery of the Standby VS may occur, causing termination of connections from the Active member. Refer to sk179446.

PRJ-40201,
PMTR-84253

ClusterXL

In a cluster configured in the Active-Active mode, there may be connectivity issues when one of the cluster interfaces is down on one of the cluster members.

PRJ-39959,
PMTR-84213

ClusterXL

During a Multi-Version Cluster (MVC) upgrade, there may be state flapping when using the sync interface MAC address bit "02".

PRJ-36734,
PRHF-21591

ClusterXL

In a VRRP cluster, when an identity session is revoked from a non-master member, the Identity Database may become corrupted and cause an outage.

PRJ-37632,
PRHF-22691

SecureXL

UPDATE: The MSS value in the SYN Cookie response can now be configured.

PRJ-39074,
PRHF-22676

SecureXL

UPDATE: Added a new kernel parameter "fw_allow_reverse_syn" for Smart Connection Reuse. This parameter allows or drops SYN packets coming from the reverse direction. The parameter is set to 0 by default, the Security Gateway drops such packets. Refer to sk24960.

PRJ-40295,
PMTR-81618

SecureXL

A kernel memory leak may occur in an environment with a cluster in Active/Standby bridge mode.

PRJ-41482,
PRHF-25453

SecureXL

After an upgrade, SecureXL may drop multicast traffic with "reason:Fragment drops".

PRJ-36859,
PRHF-21863

SecureXL

Policy installation may cause cluster failover and impact the traffic flowing through the cluster.

PRJ-40220,
PMTR-63465

SecureXL

In a rare scenario, ipsctl kernel module does not load at startup.

PRJ-39739,
PMTR-86052

SecureXL

There may be high CPU or/and latency in CIFS/SMB connections.

PRJ-41957

SecureXL

SecureXL may drop traffic on a VSX Gateway with a Virtual Router (VR) or Virtual Switch (VSW), when IPS Blade is enabled.

PRJ-40550,
PMTR-81553

Routing

Route Injection Mechanism (RIM) feature may advertise kernel routes that cannot be used (for example, the cable is unplugged, and the network interface is down). This may lead to traffic loss.

PRJ-41208,
PMTR-81175

Routing

When changing PIM configuration, the ROUTED process may unexpectedly exit and generate a core dump due to a race condition.

PRJ-40548,
PRHF-24362

Routing

If Route Injection Mechanism (RIM) is enabled, and RIM routes are added for destinations that already had dynamic or static routes, the RIM routes are deleted in favor of the existing routes. Losing routes can result in loss of connectivity.

PRJ-40092,
PMTR-84418

Routing

When running CPView and working in Source-Specific Multicast Mode (PIM-SSM) simultaneously, the ROUTED process may unexpectedly exit and create a core dump file.

PRJ-40748,
PRHF-24743

Routing

The ROUTED process may unexpectedly exit when querying BGP data.

PRJ-36891,
PMTR-79153

VPN

UPDATE: After FIPS mode is enabled, Jitter is now automatically turned on.

PRJ-41241,
PRHF-24483

VPN, Multi-Portal

UPDATE: Added a new Registry parameter "use_crl_for_revocation_method" that enables the CRL revocation method when the Security Gateway does not get a response from an OCSP Server. Refer to sk179434.

PRJ-40730,
PMTR-85427

VPN

UPDATE: Added a configurable protection for blocking brute-force attacks on VPN SNX portal. Refer to sk180271.

PRJ-38634,
PRHF-23424

VPN

Connection to Endpoint Security Client from the Remote Access VPN may be lost when the VPN tunnel timeout is reached. Refer to sk178891.

PRJ-40386,
PMTR-84477

VPN

The "Unable to open '/dev/fw0': No such file or directory" error may be printed during cpstart.

PRJ-40870,
PRHF-24283

VPN

Site-to-Site NAT-T traffic may be routed incorrectly, which can cause an outage.

PRJ-39808,
PRHF-24079

VPN

Adding a Security Gateway Module (SGM) to a Security Group may cause the Security Gateway crash when Link Selection is enabled in Load Sharing mode.

PRJ-40562,
PMTR-85206

VPN

Resolved the "HTTP Response splitting" vulnerability in Security Gateway portals. Refer to sk179705.

PRJ-39236,
PRHF-23381

VPN

When connecting to Capsule VPN on iOS in a Multi-Domain Server or Scalable Platforms environment, loading a website may take up to one minute.

PRJ-40555,
PRHF-24156

VPN

When working in Hybrid mode, it is possible to connect using Remote Access, but it may not be possible to access internal resources.

PRJ-40664,
PRHF-24446

VPN

There may be a low throughput in a Site-to-Site VPN tunnel between two VSX Gateways with enabled.

PRJ-36711,
PRHF-21689

VPN

Improved Site-to-Site VPN stability.

PRJ-39584,
PMTR-81752

VPN

In a rare scenario, when pushing a policy, the VPND process may unexpectedly exit.

PRJ-40583,
PMTR-84124

VPN

Connection over NAT-T tunnels may not be distributed well between instances of the Security Gateway with CoreXL enabled.

PRJ-37785,
PMTR-82856

VPN

In SmartView Monitor (SVM), the status of tunnels with third-party peers may be inaccurate. Refer to sk169121.

PRJ-39894,
PMTR-56771

VSX

UPDATE: The "vsx_util view_vs_conf" command output now shows interfaces configured on Virtual Systems in Bridge mode.

PRJ-39888,
PMTR-84069

VSX

Removing a warp interface may fail on one member, which creates a mismatch between the cluster members database because the warp interface remains on other members. Refer to sk180481.

PRJ-40799,
PMTR-84189

VSX

Extending SNMP with shell script (Article IV-6 in sk90860) fails for non-VS0 Virtual Systems (VSs) when queried via SNMP V3 and a "No more variables left in this MIB View (It is past the end of the MIB tree)" message is shown in the output.

PRJ-39712,
PMTR-80596

VSX

When running the "reset_gw" command on a VSX cluster member, the sync interface IP address is not deleted as part of the VSX configuration that should be deleted from the Security Gateway.

PRJ-39768,
PMTR-83046

VSX

Lines indicating uninstalling policies from virtual switches (VSWs) may be printed when running the "fw vsx unloadall" command.

PRJ-40649,
PMTR-85324

VSX

The VSX Provisioning Tool may unexpectedly exit when adding a new virtual device.

PRJ-40666,
PRHF-24682

VSX

When changing VSLS configuration with vsx_util, setting a new weight for each VS in Automatic mode fails with the "Operation failed. Can't write to database" error. Refer to sk179655.

PRJ-38094,
PMTR-64828

VSX

The "Primary Slave" configuration in a Bond (MAGG) interface may not be applied to a Security Group. Refer to sk178765.

PRJ-41363,
PMTR-86445

VSX

A VSX Gateway upgrade may fail with an error related to VSX Filesystem creation.

PRJ-42180,
PMTR-81701

VSX

Pushing configuration to a virtual device in a Maestro VSX environment may fail. Refer to sk180107.

See the Important Notes section.

PRJ-40251,
PMTR-84229

VSX

In VSX, when deleting a warp interface (either by deleting the warp itself or by performing the "reset_gw" command, which deletes all Virtual Devices), the VSX Gateway may crash.

PRJ-40073,
PRHF-24269

VSX

A "SIC Error for EntitlementManager: Peer sent wrong DN: CN=xxx,O=xxx" message may be displayed during boot or after running the "cpstart" command. Refer to sk179586.

PRJ-40361,
PMTR-84809

VSX

Improved packet rate performance on warp interfaces.

PRJ-34096,
PMTR-65030

VSX

When running the "vsx showncs" command, the "cannot retrieve vsid for VSW_gw" error may be shown.

PRJ-34323,
PMTR-60045

VSX

The MTU value configured in SmartConsole may differ from the Virtual Switch (VSW) MTU value in the output of the "ifconfig" command.

PRJ-39982,
PMTR-83520

VSX

The vsx_util upgrade or downgrade operation may silently fail to update the database for one or more Virtual Systems (VSs). Refer to sk179591.

PRJ-27514,
PRHF-18056

Gaia OS

UPDATE: A description was added to the output of the "show backup logs" command with information about each column. Refer to sk173970.

PRJ-40409,

PRJ-42486

Gaia OS

UPDATE: Gaia API updates will now be automatically installed through AutoUpdater. Refer to sk165653.

PRJ-39480,
PRHF-23819

Gaia OS

For TACACS users the ">" character is missing to separate the hostname from the commands. The fix is only cosmetic.

PRJ-36698,
PMTR-79157

Gaia OS

The /var/log/messages file may be flooded with "failed to update arp table file" messages.

PRJ-40769,
PMTR-81861

Gaia OS

IPv6 connections with Manual NAT rules may not be stable after enabling Neighbor Discovery Protocol (NDP) on a VLAN in the $FWDIR/conf/local.ndp file.

PRJ-40028,
PRHF-24243

Gaia OS

A user locked by the deny-on-nonuse mechanism cannot get unlocked.

PRJ-40478,
PRHF-24463

Gaia OS

The SNMPD process may unexpectedly exit on the Security Gateway with enabled Management Data Plane Separation (MDPS).

PRJ-40206,
PMTR-83836

Gaia OS

Editing RADIUS Server details multiple times may lead to deletion of this Server in WebUI.

PRJ-41147,
PMTR-78799

Gaia OS

A web session on Quantum Maestro may be expired after a minute, although the configured timeout is 10 minutes.

PRJ-40993,
PRHF-24495

Gaia OS

When MDPS is configured, the SNMPD process may stop responding on some Security Gateways and must be restarted.

PRJ-32418,
PRHF-16436

Harmony Endpoint

Web Remote Help returns to the sign-in page after generating the response code. Refer to sk172666.

PRJ-39026,
PMTR-82153

Scalable Platforms

When the "cphaprob list" command fails, CoreXL configuration pnote is not shown when expected. The issue is cosmetic only.

PRJ-39908,
PMTR-84121

Scalable Platforms

CPAC-TR-10T-C transceiver is displayed as unsupported, although it is supported.

PRJ-39842,
PMTR-84016

Scalable Platforms

During boot of Maestro Orchestrator, a "Linking SMO files: Not an integer value child process exited abnormally" message may be shown. The issue is cosmetic only.

PRJ-40908,
PMTR-85805

Scalable Platforms

After an upgrade of a Maestro Orchestrator to R81.10 version, several Maestro Orchestrator Clish commands may fail with errors messages.

PRJ-32196,
PMTR-74269

Scalable Platforms

In a VSX setup that includes members only in Site 2, asg monitoring commands (such as asg stat vs all) may incorrectly present Chassis 2 state as "N/A".

PRJ-40342

Scalable Platforms

CPUSE upgrade of Scalable Platforms may fail.

PRJ-37793,
PMTR-75954

Scalable Platforms

An outage may occur when all Security Gateways are physically disconnected from one of the two Maestro Orchestrators on a dual site.

PRJ-40454,
PRJ-37921,
PMTR-81451,
PMTR-84992

Scalable Platforms

The asg_perf test may show incorrect data related to acceleration cores number and CPU usage.

PRJ-40885,
MBS-15957

Scalable Platforms

HCP may report a false failure on the Maestro Orchestrator Daemons State test.

PRJ-38177,
PMTR-81838

Scalable Platforms

When removing a Security Group from Maestro Orchestrator WebUI, Site 2 Gateways may be missing from the Unassigned Gateways pane until the refresh button is clicked.

PRJ-41297,
PMTR-86488

Scalable Platforms

When NAT is configured on both Source and Destination, with delayed sync enabled, connection drops may occur.

PRJ-40528,
MBS-15158

Scalable Platforms

Improved packet processing on MHO-175 to avoid sudden drops.

PRJ-41379,
PRHF-24887

CloudGuard Network

UPDATE: Added support for pushing CloudGuard Controller updates to Gateways with MDPS enabled. However, these updates are not supported on clusters. Refer to sk138672.

PRJ-41371,
PMTR-86767

CloudGuard Network

UPDATE: Added support for Data Centers in AWS ap-southeast-2 (Jakarta) region.

PRJ-35829,
PMTR-86021

CloudGuard Network

NSX-T NSGroup appears as the default prefix in the domain name.

PRJ-40840,
PRHF-24490

CloudGuard Network

Failure to update IP addresses on a single AWS Gateway may cause delays in updating other Gateways.

PRJ-41748,
ODU-587

Public Cloud CA Bundle

Added Take 19 of Public Cloud CA Bundle. Refer to sk172188.

PRJ-41144,
ODU-518

Smart-1 Cloud

Added Update 5 of Quantum Smart-1 Cloud. Refer to sk166056.

PRJ-40671,
ODU-478

HCP

Added Update 10 of HealthCheck Point (HCP) Release. Refer to sk171436.