R81.10 Jumbo Hotfix Take 79
|
Note - This Take contains all fixes from all earlier Takes. |
ID |
Product |
Description |
---|---|---|
Take 79 Released on 24 October 2022 and declared as Recommended on 21 November 2022 |
||
PRJ-38348, |
Diagnostics |
The CPVIEWD process may cause CPU spikes. |
PRJ-40819, |
Security Management |
NEW: It is now possible to clone Access and HTTPS Inspection layers via Management REST API. |
PRJ-41083, |
Security Management |
UPDATE: If ISP Redundancy is configured for a target Security Gateway, backup interfaces are now used for pushing policy if the primary interface is down. |
PRJ-40000, |
Security Management |
UPDATE: Added a new API version (1.8.1). Refer to Management API Reference. |
PRJ-31201, |
Security Management |
UPDATE: Audit logs for Access Control rules now contain more information about the rule. |
PRJ-39462, |
Security Management |
UPDATE: Management API performance improvements:
|
PRJ-40100, PMTR-72725 |
Security Management |
After a policy installation failure, fetching policy on the Security Gateway side by running the "fw fetch local" command may also fail. |
PRJ-37912, |
Security Management |
The flag "--method" for a CME command is not supported in SmartConsole Command Line. |
PRJ-37339 |
Security Management |
Objects that do not belong to groups may be shown in the Group Membership view in SmartConsole. |
PRJ-40205, |
Security Management |
In some scenarios, certificate based login to a Log Server may fail with "Authentication Error". Refer to sk179144 |
PRJ-38709, |
Security Management |
Login to Domain via Management API using FQDN as the Domain parameter may fail with the "Domain not found" error. |
PRJ-38218, |
Security Management |
If Log Domain reassignment fails, an Application Control and URL Filtering update may get stuck at 70 percent showing the "Running post update actions" status. |
PRJ-39805, |
Security Management |
In Object Explorer, when filtering by type, all other filters may disappear until the selected filter is removed. |
PRJ-40587, |
Security Management |
The "Domain" and "Type" fields may be missing in the "show-groups" command output of a Management API request. Refer to sk179645. |
PRJ-40408, |
Security Management |
Editing a Threat Profile object using Ansible automation tool may fail. |
PRJ-38426, |
Security Management |
Login to Management Server may fail if a trusted client has a subnet mask defined in CIDR notation. Refer to sk177743. |
PRJ-39409, |
Security Management |
In the Object Explorer window in SmartConsole, numeric columns are sorted alphabetically, although they should be sorted in numerical order. |
PRJ-40516, |
Security Management |
Adding members to a user group may fail when using Management API. |
PRJ-33896, |
Security Management |
Global Domain Assignment may fail if a rule in the global policy was recently enabled or disabled. |
PRJ-40646, |
Security Management |
Deleting a Security Gateway in SmartConsole may fail. |
PRJ-41098, |
Security Management |
The "CPLogGetMyIp: fwobj_get_myown failed" error may be printed in CLI when starting cpboot. |
PRJ-38789, |
Security Management |
Install Policy Preset may fail with "The server did not provide a meaningful reply.". Refer to sk179524. |
PRJ-39210, |
Security Management |
The output of the "show opsec-application" API command may not show the host object name or UID. |
PRJ-38457, |
Security Management |
High Availability synchronization may fail with the "Failed to update shared licenses" error. |
PRJ-33922, |
Security Management |
Some unused sessions may remain open in the system, consuming memory and CPU. |
PRJ-40721, |
Security Management |
Access Control policy installation may fail with the "Internal error" message when the encryption domain contains a Data Center object. |
PRJ-40851, |
Security Management |
The LOG_EXPORTER process may cause high CPU because of frequent invocation of the "fw ver" command. |
PRJ-39538, |
Security Management |
An Application Control and URL Filtering update may get stuck at 70 percent with the "Running post update actions" status. Refer to sk174587. |
PRJ-39223, |
Security Management |
An Application Control and URL Filtering Database update may fail. The CPM log file states: "Update APPI Update Task Notification. progress: 100, status: FAILED, statusText: Failed to assign domain". |
PRJ-40058, |
Security Management |
An Application Control and URL Filtering update may still occur even if the latest version is already installed. |
PRJ-39334, |
Security Management |
Install Policy Presets may fail with the "Install Policy Failed: Could not commit JPA transaction" error. |
PRJ-40547, |
Security Management |
After an upgrade, when the local domain Virtual System (VS) is updated, its objects may not be updated. The mirror VS object and local domain VS object may have different versions and colors. |
PRJ-40810, |
Security Management |
SmartConsole may unexpectedly disconnect. |
PRJ-40170, |
Multi-Domain Management |
A Multi-Domain Management Server upgrade may fail if upgrading one of the domains takes longer than four hours. |
PRJ-39489, |
Multi-Domain Management |
In some scenarios, in a Multi-Domain Management Server environment, SmartConsole may unexpectedly disconnect. |
PRJ-38125, PRHF-23066 |
Multi-Domain Management |
Although all Virtual Devices are deleted, deleting a Domain may fail with an "At least one Virtual Device is defined on this Domain/Domain Management Server. You need to delete all Virtual Systems/Routers prior to deleting Domain/Domain Management Server" message. |
PRJ-41286, |
Web SmartConsole |
UPDATE: Released Take 67 with new features and improvements. Refer to sk170314. |
PRJ-40613, |
Compliance |
In the Compliance Blade view, regulations with disabled best practices may display a result that does not correspond with the best practices listed below it. |
PRJ-41022, |
CPView |
NEW: Integrated Skyline, a solution that provides an OpenTelemetry CPView Agent service to monitor your Check Point Servers and export health metrics from the CPView tool to an external location. Refer to sk178566. |
PRJ-36192, |
Logging |
UPDATE: Amended the override_server_setting.sh script to support changes in the values of RFL_SOLR_MAX_MERGE_COUNT and RFL_SOLR_MAX_MERGE_THREAD_COUNT. |
PRJ-29738, |
Logging |
In SmartView, exporting views or reports that do not have tables may indefinitely continue processing. |
PRJ-40194, |
Logging |
After an upgrade from R81 to R81.10, maintenance cleanup may remove some recent logs while not erasing other logs from the disk. |
PRJ-28112, |
Logging |
In rare scenarios, logs may not be indexed on the Domain Log Server in a Multi-Domain Log Module (MLM) or on the Secondary Multi-Domain Management Server. |
PRJ-39590, |
Logging |
The FWD process may unexpectedly exit and create core dump files. |
PRJ-40358, |
Logging |
In some scenarios, the FWD process may unexpectedly exit in a Log Server environment. Refer to sk179596. |
PRJ-30965, EPS-562 |
Logging |
In some scenarios, the Forensics report fails to open from Harmony Endpoint logs. |
PRJ-36477, |
Logging |
In SmartConsole, when Endpoint Policy Management Blade is enabled, the "SmartView server certificate is invalid" error may be shown when opening a new tab in the Logs & Monitor view. Refer to sk177713. |
PRJ-32207, |
Logging |
The "show-logs" Management API command fails when iterating over many pages of queries, and the total fetched records number exceeds 219,900 records. |
PRJ-41360, |
Logging |
Running the "cpstat ls -f logging" command on the Security Gateway may show the "disconnected" status after a reboot, although a new connection is established successfully. |
PRJ-41103, |
Logging |
When an object name begins with a digit, SmartView Monitor displays a name consisting of the letter "v" and UID instead of the actual object name. |
PRJ-34680, |
Security Gateway |
UPDATE: Decreased the threshold for connections suspected as heavy from 5 to 3 seconds. Refer to sk164215. |
PRJ-40505, |
Security Gateway |
UPDATE: Added a defense mechanism against partial header attacks known as "Slowloris DoS" (CVE-2007-6750). |
PRJ-38144, |
Security Gateway |
UPDATE: Added support for RADIUS UPN authentication with MS-CHAPv2. To use it, enable the registry configuration in ckp_regedit -a SOFTWARE/Checkpoint/VPN1 RADIUS_MSCHAPV2_UPN -n 1. |
PRJ-40098, |
Security Gateway |
UPDATE:
|
PRJ-40459, |
Security Gateway |
In a rare scenario, the FWK process may unexpectedly exit because of a memory allocation issue on the Security Gateway. |
PRJ-38591, |
Security Gateway |
In a cluster environment, an ICAP implied rule may not be enforced after policy installation. |
PRJ-35393, |
Security Gateway |
It may not be possible to load specific sites. The Security Gateways drops the traffic from those web servers with "Reason: PSL Drop: MUX_PASSIVE". |
PRJ-39640, |
Security Gateway |
When running the "g_fw monitor" command (Global Firewall Monitor), the traffic capture outputs can be created successfully but cannot be merged. Refer to sk179431. |
PRJ-41091, |
Security Gateway |
A kernel crash may occur during system shutdown when PIM is enabled. |
PRJ-39927, |
Security Gateway |
When Anti-Virus Blade is enabled, the Security Gateway may crash multiple times with core dump files. |
PRJ-41030, |
Security Gateway |
Topology auto update may fail because of a too long interface name. |
PRJ-41033, |
Security Gateway |
The Security Gateway may run out of memory when retrieving topology. |
PRJ-37210, |
Security Gateway |
During a failover, BGP session may be re-established due to equal connection timers between two Security Gateways. |
PRJ-40024, |
Security Gateway |
Access Control policy installation may fail with a "Load on Module failed - problem with the Commit Function" message. |
PRJ-36867, |
Security Gateway |
After an upgrade, VSX cluster may have frequent failovers. |
PRJ-38553, |
Security Gateway |
After an upgrade, Anti-Virus Blade may cause increased memory consumption. |
PRJ-39580, |
Security Gateway |
In a rare scenario, when IPS or Application Control is enabled, the Security Gateway may crash. |
PRJ-40139, |
Security Gateway |
When Strict Hold is enabled, traffic is logged with the log "HTTP parsing error detected. Bypassing the request as defined in the Inspection Settings". Refer to sk169995. |
PRJ-40500, |
Security Gateway |
Bond subordinates may be visible in the wrong plane. |
PRJ-40255, |
Security Gateway |
There may be a delay in the Logging view when more than 1000 Security Gateways are connected to the same Log Server. |
PRJ-34172, |
Security Gateway |
After an upgrade, in a setup with a single Virtual System (VS), the Security Gateway may crash. |
PRJ-39520, |
Security Gateway |
Output of the "dynamic_objects -uo_show" command on the Security Gateway may not show any updatable objects. Refer to sk178886. |
PRJ-40793, |
Security Gateway |
Enhanced connectivity during HTTP2 Inspection. |
PRJ-34404, |
Security Gateway |
Deleting IP addresses in the SAM Database may fail. |
PRJ-27779, |
Security Gateway |
The RAD daemon may fail and create core dump files on VSX Gateways. |
PRJ-40016, |
Security Gateway |
The Security Gateway with VPN may drop the traffic after enabling BGP and Equal Cost Multipath (ECMP). |
PRJ-40863, |
Security Gateway |
Improved the recovery mechanism for Dynamic Balancing. |
PRJ-41720, |
Security Gateway |
The Security Gateway with enabled Anti-Virus Blade may experience a memory allocation issue. |
PRJ-40390, |
Internal CA |
UPDATE: Added an automatic extension for Internal CA database to support more than 100,000 certificates. |
PRJ-40393, |
Internal CA |
UPDATE: Expired certificates are now cleaned from the Internal CA database every three weeks and after reboot. Refer to sk42424. |
PRJ-40433, |
Threat Prevention |
UPDATE: The "Global Detect" value will now be updated in the "ips stat" command output. |
PRJ-39989, |
Threat Prevention |
UPDATE: In the Custom Intelligence Feeds feature, decreased the hash indicators loading time. |
PRJ-29736, |
Threat Prevention |
SCP connections may get terminated. |
PRJ-40344, |
Threat Prevention |
The Custom Intelligence Feeds feature may stop enforcing traffic after Threat Prevention policy installation. |
PRJ-37560, |
Threat Prevention |
IoC feeds configured in R80.30 cause authentication problems after an upgrade to R81.10. Refer to sk180440. |
PRJ-34889, |
Threat Prevention |
When the Security Gateway is in "Detect Only" mode, Threat Prevention Blade exceptions may not be accelerated. |
PRJ-40593, |
Threat Prevention |
There may be Security Gateway memory allocation issues related to creating a new Anti-Malware policy. |
PRJ-41277, |
Threat Prevention |
Adding hash indicators may cause policy installation to fail with a warning message. |
PRJ-40856, |
Threat Prevention |
IoC feed may not load because of a parsing issue with the IP range indicator. |
PRJ-40446, |
Threat Prevention |
Deleting a Threat Emulation Gateway object in SmartConsole may fail. Refer to sk170577. |
PRJ-40438, |
Threat Prevention |
A kernel memory leak may occur during deep file inspection. |
PRJ-39828, |
Identity Awareness |
Removed unnecessary debug messages in the Identity revocation flow. |
PRJ-35836, |
Identity Awareness |
Memory consumption may increase after policy installation when Secure ID is configured. |
PRJ-39162, |
Identity Awareness |
The Nested Groups Depth value changed in CLI may not survive a reboot. |
PRJ-36385, |
Application Control |
Refer to sk178406. |
PRJ-29436, |
URL Filtering |
When the Security Gateway works in proxy mode, the Application Control and URL Filtering rules may not match correctly. |
PRJ-36136, |
URL Filtering |
In some scenarios, SSL websites are not matched correctly when categorization mode is on Hold and IDA is enabled. Refer to sk176283. |
PRJ-38816, |
URL Filtering |
When an URL Filtering rule has "Fail-Close" configuration, the Security Gateway may drop connections, and "URLF internal system error (0)" is recorded as the reason. |
PRJ-36435, |
IPS |
When ClusterXL is configured, a file may pass without inspection during a failover. |
PRJ-31432, |
IPS |
Logs generated by IPS Bypass may not show the correct CPU/Memory Utilization. |
PRJ-37727, |
DLP |
DLP logs for files uploaded to Microsoft OneDrive may not show the initial file names and extensions. Refer to sk178290. |
PRJ-33295, |
Anti-Virus |
Removed a redundant message flooding logs in /var/log/messages: "ws_write_connection: end of body reached - clearing delay write flag". |
PRJ-39152, |
Anti-Bot |
|
PRJ-40261, |
SSL Inspection |
The WSTLSD process may unexpectedly exit and produce a core dump file during certificate chain verification. |
PRJ-34074, |
Mobile Access |
Manual Web Form Single Sign-On (SSO) may fail when passwords contain special characters. |
PRJ-38436, |
Mobile Access |
When installing a specific hotfix, the CVPND process may unexpectedly exit. |
PRJ-35511, |
ClusterXL |
UPDATE: Added support for the "fw vsx fetch_all_cluster_policies" command, which can fetch policy for all Virtual Systems and Virtual Routers from cluster peers. |
PRJ-39840, |
ClusterXL |
When reconnecting the OSPF interface on both members in a cluster, a failover may occur when receiving a ROUTED PNOTE on the Active member. |
PRJ-37944, |
ClusterXL |
In a VSX cluster with three or more members, sudden failover and recovery of the Standby VS may occur, causing termination of connections from the Active member. Refer to sk179446. |
PRJ-40201, |
ClusterXL |
In a cluster configured in the Active-Active mode, there may be connectivity issues when one of the cluster interfaces is down on one of the cluster members. |
PRJ-39959, |
ClusterXL |
During a Multi-Version Cluster (MVC) upgrade, there may be state flapping when using the sync interface MAC address bit "02". |
PRJ-36734, |
ClusterXL |
In a VRRP cluster, when an identity session is revoked from a non-master member, the Identity Database may become corrupted and cause an outage. |
PRJ-37632, |
SecureXL |
UPDATE: The MSS value in the SYN Cookie response can now be configured. |
PRJ-39074, |
SecureXL |
UPDATE: Added a new kernel parameter "fw_allow_reverse_syn" for Smart Connection Reuse. This parameter allows or drops SYN packets coming from the reverse direction. The parameter is set to 0 by default, the Security Gateway drops such packets. Refer to sk24960. |
PRJ-40295, |
SecureXL |
A kernel memory leak may occur in an environment with a cluster in Active/Standby bridge mode. |
PRJ-41482, |
SecureXL |
After an upgrade, SecureXL may drop multicast traffic with "reason:Fragment drops". |
PRJ-36859, |
SecureXL |
Policy installation may cause cluster failover and impact the traffic flowing through the cluster. |
PRJ-40220, |
SecureXL |
In a rare scenario, ipsctl kernel module does not load at startup. |
PRJ-39739, |
SecureXL |
There may be high CPU or/and latency in CIFS/SMB connections. |
PRJ-41957 |
SecureXL |
SecureXL may drop traffic on a VSX Gateway with a Virtual Router (VR) or Virtual Switch (VSW), when IPS Blade is enabled. |
PRJ-40550, |
Routing |
Route Injection Mechanism (RIM) feature may advertise kernel routes that cannot be used (for example, the cable is unplugged, and the network interface is down). This may lead to traffic loss. |
PRJ-41208, |
Routing |
When changing PIM configuration, the ROUTED process may unexpectedly exit and generate a core dump due to a race condition. |
PRJ-40548, |
Routing |
If Route Injection Mechanism (RIM) is enabled, and RIM routes are added for destinations that already had dynamic or static routes, the RIM routes are deleted in favor of the existing routes. Losing routes can result in loss of connectivity. |
PRJ-40092, |
Routing |
When running CPView and working in Source-Specific Multicast Mode (PIM-SSM) simultaneously, the ROUTED process may unexpectedly exit and create a core dump file. |
PRJ-40748, |
Routing |
The ROUTED process may unexpectedly exit when querying BGP data. |
PRJ-36891, |
VPN |
UPDATE: After FIPS mode is enabled, Jitter is now automatically turned on. |
PRJ-41241, |
VPN, Multi-Portal |
UPDATE: Added a new Registry parameter "use_crl_for_revocation_method" that enables the CRL revocation method when the Security Gateway does not get a response from an OCSP Server. Refer to sk179434. |
PRJ-40730, |
VPN |
UPDATE: Added a configurable protection for blocking brute-force attacks on VPN SNX portal. Refer to sk180271. |
PRJ-38634, |
VPN |
Connection to Endpoint Security Client from the Remote Access VPN may be lost when the VPN tunnel timeout is reached. Refer to sk178891. |
PRJ-40386, |
VPN |
The "Unable to open '/dev/fw0': No such file or directory" error may be printed during cpstart. |
PRJ-40870, |
VPN |
Site-to-Site NAT-T traffic may be routed incorrectly, which can cause an outage. |
PRJ-39808, |
VPN |
Adding a Security Gateway Module (SGM) to a Security Group may cause the Security Gateway crash when Link Selection is enabled in Load Sharing mode. |
PRJ-40562, |
VPN |
Resolved the "HTTP Response splitting" vulnerability in Security Gateway portals. Refer to sk179705. |
PRJ-39236, |
VPN |
When connecting to Capsule VPN on iOS in a Multi-Domain Server or Scalable Platforms environment, loading a website may take up to one minute. |
PRJ-40555, |
VPN |
When working in Hybrid mode, it is possible to connect using Remote Access, but it may not be possible to access internal resources. |
PRJ-40664, |
VPN |
There may be a low throughput in a Site-to-Site VPN tunnel between two VSX Gateways with enabled. |
PRJ-36711, |
VPN |
Improved Site-to-Site VPN stability. |
PRJ-39584, |
VPN |
In a rare scenario, when pushing a policy, the VPND process may unexpectedly exit. |
PRJ-40583, |
VPN |
Connection over NAT-T tunnels may not be distributed well between instances of the Security Gateway with CoreXL enabled. |
PRJ-37785, |
VPN |
In SmartView Monitor (SVM), the status of tunnels with third-party peers may be inaccurate. Refer to sk169121. |
PRJ-39894, |
VSX |
UPDATE: The "vsx_util view_vs_conf" command output now shows interfaces configured on Virtual Systems in Bridge mode. |
PRJ-39888, |
VSX |
Removing a warp interface may fail on one member, which creates a mismatch between the cluster members database because the warp interface remains on other members. Refer to sk180481. |
PRJ-40799, |
VSX |
Extending SNMP with shell script (Article IV-6 in sk90860) fails for non-VS0 Virtual Systems (VSs) when queried via SNMP V3 and a "No more variables left in this MIB View (It is past the end of the MIB tree)" message is shown in the output. |
PRJ-39712, |
VSX |
When running the "reset_gw" command on a VSX cluster member, the sync interface IP address is not deleted as part of the VSX configuration that should be deleted from the Security Gateway. |
PRJ-39768, |
VSX |
Lines indicating uninstalling policies from virtual switches (VSWs) may be printed when running the "fw vsx unloadall" command. |
PRJ-40649, |
VSX |
The VSX Provisioning Tool may unexpectedly exit when adding a new virtual device. |
PRJ-40666, |
VSX |
When changing VSLS configuration with vsx_util, setting a new weight for each VS in Automatic mode fails with the "Operation failed. Can't write to database" error. Refer to sk179655. |
PRJ-38094, |
VSX |
The "Primary Slave" configuration in a Bond (MAGG) interface may not be applied to a Security Group. Refer to sk178765. |
PRJ-41363, |
VSX |
A VSX Gateway upgrade may fail with an error related to VSX Filesystem creation. |
PRJ-42180, |
VSX |
Pushing configuration to a virtual device in a Maestro VSX environment may fail. Refer to sk180107. See the Important Notes section. |
PRJ-40251, |
VSX |
In VSX, when deleting a warp interface (either by deleting the warp itself or by performing the "reset_gw" command, which deletes all Virtual Devices), the VSX Gateway may crash. |
PRJ-40073, |
VSX |
A "SIC Error for EntitlementManager: Peer sent wrong DN: CN=xxx,O=xxx" message may be displayed during boot or after running the "cpstart" command. Refer to sk179586. |
PRJ-40361, |
VSX |
Improved packet rate performance on warp interfaces. |
PRJ-34096, |
VSX |
When running the "vsx showncs" command, the "cannot retrieve vsid for VSW_gw" error may be shown. |
PRJ-34323, |
VSX |
The MTU value configured in SmartConsole may differ from the Virtual Switch (VSW) MTU value in the output of the "ifconfig" command. |
PRJ-39982, |
VSX |
The vsx_util upgrade or downgrade operation may silently fail to update the database for one or more Virtual Systems (VSs). Refer to sk179591. |
PRJ-27514, |
Gaia OS |
UPDATE: A description was added to the output of the "show backup logs" command with information about each column. Refer to sk173970. |
PRJ-40409, PRJ-42486 |
Gaia OS |
UPDATE: Gaia API updates will now be automatically installed through AutoUpdater. Refer to sk165653. |
PRJ-39480, |
Gaia OS |
For TACACS users the ">" character is missing to separate the hostname from the commands. The fix is only cosmetic. |
PRJ-36698, |
Gaia OS |
The /var/log/messages file may be flooded with "failed to update arp table file" messages. |
PRJ-40769, |
Gaia OS |
IPv6 connections with Manual NAT rules may not be stable after enabling Neighbor Discovery Protocol (NDP) on a VLAN in the $FWDIR/conf/local.ndp file. |
PRJ-40028, |
Gaia OS |
A user locked by the deny-on-nonuse mechanism cannot get unlocked. |
PRJ-40478, |
Gaia OS |
The SNMPD process may unexpectedly exit on the Security Gateway with enabled Management Data Plane Separation (MDPS). |
PRJ-40206, |
Gaia OS |
Editing RADIUS Server details multiple times may lead to deletion of this Server in WebUI. |
PRJ-41147, |
Gaia OS |
A web session on Quantum Maestro may be expired after a minute, although the configured timeout is 10 minutes. |
PRJ-40993, |
Gaia OS |
When MDPS is configured, the SNMPD process may stop responding on some Security Gateways and must be restarted. |
PRJ-32418, |
Harmony Endpoint |
Web Remote Help returns to the sign-in page after generating the response code. Refer to sk172666. |
PRJ-39026, |
Scalable Platforms |
When the "cphaprob list" command fails, CoreXL configuration pnote is not shown when expected. The issue is cosmetic only. |
PRJ-39908, |
Scalable Platforms |
CPAC-TR-10T-C transceiver is displayed as unsupported, although it is supported. |
PRJ-39842, |
Scalable Platforms |
During boot of Maestro Orchestrator, a "Linking SMO files: Not an integer value child process exited abnormally" message may be shown. The issue is cosmetic only. |
PRJ-40908, |
Scalable Platforms |
After an upgrade of a Maestro Orchestrator to R81.10 version, several Maestro Orchestrator Clish commands may fail with errors messages. |
PRJ-32196, |
Scalable Platforms |
In a VSX setup that includes members only in Site 2, asg monitoring commands (such as asg stat vs all) may incorrectly present Chassis 2 state as "N/A". |
PRJ-40342 |
Scalable Platforms |
CPUSE upgrade of Scalable Platforms may fail. |
PRJ-37793, |
Scalable Platforms |
An outage may occur when all Security Gateways are physically disconnected from one of the two Maestro Orchestrators on a dual site. |
PRJ-40454, |
Scalable Platforms |
The asg_perf test may show incorrect data related to acceleration cores number and CPU usage. |
PRJ-40885, |
Scalable Platforms |
HCP may report a false failure on the Maestro Orchestrator Daemons State test. |
PRJ-38177, |
Scalable Platforms |
When removing a Security Group from Maestro Orchestrator WebUI, Site 2 Gateways may be missing from the Unassigned Gateways pane until the refresh button is clicked. |
PRJ-41297, |
Scalable Platforms |
When NAT is configured on both Source and Destination, with delayed sync enabled, connection drops may occur. |
PRJ-40528, |
Scalable Platforms |
Improved packet processing on MHO-175 to avoid sudden drops. |
PRJ-41379, |
CloudGuard Network |
UPDATE: Added support for pushing CloudGuard Controller updates to Gateways with MDPS enabled. However, these updates are not supported on clusters. Refer to sk138672. |
PRJ-41371, |
CloudGuard Network |
UPDATE: Added support for Data Centers in AWS ap-southeast-2 (Jakarta) region. |
PRJ-35829, |
CloudGuard Network |
NSX-T NSGroup appears as the default prefix in the domain name. |
PRJ-40840, |
CloudGuard Network |
Failure to update IP addresses on a single AWS Gateway may cause delays in updating other Gateways. |
PRJ-41748, |
Public Cloud CA Bundle |
Added Take 19 of Public Cloud CA Bundle. Refer to sk172188. |
PRJ-41144, |
Smart-1 Cloud |
Added Update 5 of Quantum Smart-1 Cloud. Refer to sk166056. |
PRJ-40671, |
HCP |
Added Update 10 of HealthCheck Point (HCP) Release. Refer to sk171436. |