R81.10 Jumbo Hotfix Take 82

 

Note - This Take contains all fixes from all earlier Takes.

ID

Product

Description

Take 82

Released on 8 January 2023

PRJ-39425,
PRJ-39424

Security Management

NEW:

  • Added ability for R81.10 Security Management and Multi-Domain Security Management Server to manage R81.20 Security Gateways. It Requires R81.10 SmartConsole Build 412 (or higher).

  • Managing R81.20 Security Gateways in Autonomous Threat Prevention mode requires installing R81.20 Jumbo Hotfix Accumulator.

PRJ-42564

Security Management

UPDATE: It is now possible use multiple values when filtering in these views:

  • Global Assignments (MDS)

  • Permissions (MDS)

  • Sessions (MDS)

  • IPS (Domain level)

PRJ-38116,
PRHF-23142

Security Management

UPDATE: Install Policy Presets will now run also in multi-site environments, even if the local domain does not have a Server on the Multi-Domain Security Management Server with the Active Global Domain, where the operation is triggered from.

PRJ-34898,
PMTR-63494

Security Management

UPDATE: Improved the "Assign Global Policy" action time by approximately 50%.

PRJ-42033,
PMTR-87522

Security Management

UPDATE: Added a new Management API "mgmt_cli verify-management-license". It allows to check how many Security Gateway objects the Management Server license supports. Note that this API does not support Quantum Maestro and VSX. Refer to Management API Reference.

PRJ-42981,
ODU-747

Web SmartConsole

UPDATE: Released Take 73 with new features and improvements. Refer to sk170314.

PRJ-42981,
ODU-747

CPView

UPDATE: Added logging information. The Logging tab can be found in the Advanced tab on both the Security Management Server and Security Gateway. Refer to sk101878.

PRJ-41229

Logging

UPDATE: Port 8211 no longer accepts connections with the cipher TLS_RSA_WITH_AES_128_CBC_SHA.

PRJ-38056,
PRHF-23074

Logging

UPDATE: When there is no full license for SmartEvent, which includes the Correlation Unit component, Analyzer Client in Legacy SmartEvent Console will now show a relevant message.

PRJ-32781,
PMTR-72977

Security Gateway

UPDATE: The reset expired connections feature (fw_rst_expired_conn) is now supported on connections accelerated by SecureXL.

PRJ-41248,
PMTR-86409

Internal CA

UPDATE: Internal CA on Check Point Management Servers can now create certificates with 3072-bit RSA keys - the root ICA certificate and SIC certificates. Refer to sk96591.

PRJ-42201

Threat Prevention

UPDATE: Reduced loading time of big external Custom Intelligence Feeds.

PRJ-42702,
ODU-494

Threat Prevention

UPDATE: Added Update 16 of Autonomous Threat Prevention Management integration Release. Refer to sk167109.

PRJ-38198,
PRHF-22998

UserCheck

UPDATE: Added support for custom UserCheck objects for Threat Extraction. Previously it was not possible to configure them when using Autonomous Threat Prevention Policy. Refer to sk178764.

PRJ-41735,
PMTR-87362

CloudGuard Network

UPDATE: Added support for Data Centers in AWS me-central-1 Middle East (UAE) region.

PRJ-41713,

ODU-603

Smart-1 Cloud

UPDATE: Added Update 6 of Quantum Smart-1 Cloud. Refer to sk166056.

PRJ-27770,
PMTR-75901

Scalable Platforms

UPDATE: The "revert to snapshot" operation is now blocked on Scalable Platforms when the snapshot remains from the previous version and is not created as a part of the current upgrade process.

PRJ-40628,
PMTR-85003

Scalable Platforms

UPDATE: Blocked the ability to install Jumbo Hotfix Accumulator or to run an upgrade to a major version on Quantum Maestro Security Gateways using the Central Deployment tool in SmartConsole or the Management REST API.

PRJ-41650,
MBS-16088

Scalable Platforms

UPDATE: Upon member state change to Active, there may be minor packet drops. Added an option to not forward traffic to a new Active member until all connections are synchronized to it:

• To enable this option:

  • on the fly, run g_fw -a ctl set int fwha_force_present_state_over_active 1

  • to be boot persistent, run g_update_conf_file fwkern.conf fwha_force_present_state_over_active =1

• To disable this option:

  • on the fly, run g_fw -a ctl set int fwha_force_present_state_over_active 0

  • to be boot persistent, rung_update_conf_file fwkern.conf fwha_force_present_state_over_active =0

PRJ-40773,
PMTR-77523

Scalable Platforms

UPDATE: The "Obtain IPv4 Address Automatically" option in the IPv4 and IPv6 tabs of the Gaia Portal's Interface editor is now disabled (as it is on gClish).

PRJ-41935,
PMTR-83771

VoIP

UPDATE: Added a new CLI command "fw ctl voip [-p {sip| mgcp| sccp| h323}] [-na]". It allows printing the description of defined VoIP protections, the required action, and the logging option configured for each protection.

PRJ-38613,
PRHF-22986

Harmony Endpoint

UPDATE: Added the "-ignoreDA" flag for "epmcommands" to clean objects from the deleted users and computers, ignoring the "da_installed" flag.

PRJ-41999,
ODU-478

HCP

UPDATE: Added Update 11 of HealthCheck Point (HCP) Release. Refer to sk171436.

PRJ-40540,
PMTR-85125

Diagnostics

The cpview -s export operations may fail on VS0 when cpview_services are running.

PRJ-43904,
SMB-19002

Security Management

On R77.20 Quantum Spark appliances with some IPS packages, policy installation fails with the "Operation failed, install/uninstall has been improperly terminated" error. Refer to sk180448.

PRJ-41556,
PRHF-25556

Security Management

After an Application Control update, policy installation may fail.

PRJ-40943,
PRHF-24600

Security Management

In rare scenarios, in a large environment, after an IPS update, High Availability synchronization may fail with timeout on the Global Domain.

PRJ-41562,
PRHF-25567

Security Management

After an upgrade, in the Gateways&Servers view, searching Security Gateway objects by their interfaces' IP addresses fails.

PRJ-39392,
PRHF-23578

Security Management

In some scenarios, the "Assign Global Policy" action fails with the error message: "An internal error has occurred".

PRJ-39611,
PRHF-24007

Security Management

After an upgrade, on the Domain level, in the Administrators View, the email and phone of the administrators may be missing.

PRJ-41679,
PMTR-86014

Security Management

An upgrade may fail with timeout during the import of a large database file.

PRJ-41576,
PRHF-25434

Security Management

In an environment with many Security Gateways, login to SmartConsole after starting services may take a long time.

PRJ-34737,
PRHF-21233

Security Management

When running the "show access-rule" API command with the "show-as-ranges" parameter on rules with negated cells, the returned result may be missing the values of the negated cells.

PRJ-41071,
PRHF-25026

Security Management

Global Policy reassignment fails with "An internal error has occurred" if a Global rule, Rule Base, or section is created, moved, and then deleted without running a reassignment in between.

PRJ-41292,
PRHF-25101

Security Management

Access Policy installation may fail with the "Internal error occurred during the verification process" error.

PRJ-41127,
PMTR-85721

Security Management

Centrally managed Quantum Spark Gateway version may be missing or incorrect after performing the "Get Gateway Data" action from SmartUpdate.

PRJ-41976,
PRHF-25682

Security Management

The /var/log/dump/usermode/ directory on the Management Server may contain core dump files for the FWM process. Refer to sk180119.

PRJ-40426,
PRHF-24492

Security Management

In rare scenarios, deleting a cluster member may fail with the "Could not delete object. Failed to remove/detach objects licenses" error.

PRJ-40944,
PRHF-24601

Security Management

In rare scenarios, the FWM process may unexpectedly exit.

PRJ-41914,
PMTR-78191

Security Management

Installing Database from Security Management on an R80.x Log Server may fail.

PRJ-42240,
SMB-19124

Security Management

Installing a large Access Control policy on Quantum Spark Security Gateways may fail due to high memory consumption on the Security Management Server caused by FW_LOADER.

PRJ-42953,
PMTR-88744

Security Management

In an environment with the Endpoint Security Server, Jumbo Hotfix Accumulator installation may take a long time.

PRJ-40238,
PMTR-84358

Security Management

Policy installation may fail with "Segmentation fault" or with "INTERNAL ERROR in PutBlock: dangling block at PutBlock". Refer to sk179700.

PRJ-41671,
PRHF-25452

Security Management

When using CME (Cloud Management Extension), the FWM process may unexpectedly exit because of a memory issue.

PRJ-42859,
PRHF-26649

Security Management

After performing the "Revert to Revision" operation, new Audit logs cannot be seen in the Logging&Monitoring View in SmartConsole.

PRJ-42509,
PRHF-26349

Security Management

Access policy verification may fail when dynamic objects exist in the NAT policy.

PRJ-40823,
PMTR-85091

Security Management

Warning about multiple objects with the same IP address is displayed when there are duplicated auto-generated networks.

PRJ-41541,
PMTR-87066

Security Management

The FWK process may unexpectedly exit during Threat Prevention policy installation.

PRJ-40223,
PRHF-24307

Security Management

In a large environment, High Availability synchronization for the Global domain may fail with the "Global domain is busy syncing, please check sync status" error.

PRJ-41553,
PMTR-83511

Security Management

Policy installation may get stuck on 99% when resuming queued policy installation tasks.

PRJ-37832,
PRHF-21070

Security Management

"Automatic purge" fails on a Domain with active Global Domain Assignment and "automatic purge" configured on the Global Domain.

PRJ-40734,
PRHF-24711

Security Management

In rare scenarios, Global Policy reassignment may fail with a "Failed to find object ID UUID of class com.checkpoint.objects.ips.ThreatIpsProtectionOverride" message.

PRJ-39718,
PRHF-24047

Security Management

It may not be possible to discard a work session with a newly created admin, a "Failed to discard revoke certificate" message is shown.

PRJ-37311,
PRHF-21848

Multi-Domain Security Management

SmartEvent may unexpectedly close when clicking Global Exclusion options or creating a new event. This issue occurs after migrating a Domain from the Multi-Domain Security Management Server to the Security Management Server.

PRJ-42291,
PMTR-83191

Multi-Domain Security Management

An upgrade of the secondary Multi-Domain Security Management Server or Multi-Domain Log Server may fail when simultaneously upgrading several Servers.

PRJ-42105,
PRHF-25807

Multi-Domain Security Management

In a Multi-Domain Security Management environment, the HitCount retention mechanism may prematurely remove the HitCount data.

PRJ-41920,
PRHF-25795

Multi-Domain Security Management

In rare scenarios, in a Multi-Domain Security Management Server environment, a memory leak may occur in the FWM process. This may cause the process to exit.

PRJ-37706,
PRHF-22836

Logging

It may not be possible to filter the "Subscriber" field in SmartLog.

PRJ-37298,
PRHF-22631

Logging

When exporting logs with the fwm logexport script and there is an empty or corrupted log file, the script runs in a loop with the "Failed to read record at position 0" error printed.

PRJ-41194,
PMTR-68271

Logging

It may not be possible to filter Anti-Virus logs for malicious CIFS traffic in SmartConsole. The issue is cosmetic only.

PRJ-35880,
PRHF-21739

Logging

Although the Security Gateway is configured to send Syslog messages to the Domain Log Server (CLM), after several initial logs, they may stop coming to the Log Server.

PRJ-40492,
PRHF-24541

Logging

In a rare scenario, when using SmartEvent Automatic Reaction (Mail), the source IP address can be shown as a number and not in the dotted decimal notation format.

PRJ-40144,
PRHF-24306

Logging

Emails sent as an automatic reaction may show only the first IP address for "Source"/"Destination" fields out of all the detected IP addresses.

PRJ-38052,
PRHF-23090

Logging

Syslog messages with the "ErtFeed" type of attack are not indexed correctly in SmartLog.

PRJ-41917,
PMTR-78055

Logging

Export to CSV in SmartView may be stuck in the "running" status.

PRJ-41355,
PMTR-74878

Logging

In some scenarios, in the Logs view, the "Description" field may be missing. The issue is only cosmetic.

PRJ-41930,
PRHF-20117

Logging

When running the "show_logs" API command with "query-id argument" and the session is expired, the command ends with a timeout instead of presenting an error.

PRJ-31865,
PMTR-66327

Logging

When exporting logs in CEF format using Log Exporter and the value of the "time-in-milli" parameter is set as "true" (sk173167), the logs are not displayed in ArcSight SIEM Solution.

PRJ-42414,
PRHF-26316

Logging

When LEA spawning is turned off (sk91343), the FWD process may run out of memory.

PRJ-37500,
PRHF-22655

Logging

The "epoll is enabled" warning is incorrectly displayed during policy installation.

PRJ-40235,
PRHF-23763

Security Gateway

There may be stability issues when ICAP client is active.

PRJ-41864,
PRHF-25769

Security Gateway

After an upgrade, it is not possible to monitor Security Gateways with enabled Management Data Plane Separation (MDPS).

PRJ-39968,
PRHF-24112

Security Gateway

The Security Gateway may crash with the "xxx kernel: [fw4_27];fwatomload_unregister: module RTM not registered xxx kernel: [fw4_27];e2eDisable: fwatomload_unregister failed" errors printed in logs.

PRJ-41451,
PMTR-85044

Security Gateway

Policy verification fails when a generic Data Center contains an object with an empty range.

PRJ-42972,
MBS-16324

Security Gateway

The Security Gateway on a LightSpeed appliance may crash when a Bond interface is configured on the LightSpeed 10/25/40/100G QSFP28 Ports, and the state of this Bond interface changes between on / off, or off / on.

PRJ-40927,
PRHF-24649

Security Gateway

When installing policy and the kernel parameter "up_log_extended_reason_for_incomplete_match" is set to 1, the Security Gateway may crash.

PRJ-41580,
PMTR-65731

Security Gateway

In some scenarios, the CPD process may unexpectedly exit.

PRJ-40109,
PRHF-20889

Security Gateway

In a rare scenario, the Security Gateway may crash when offloading packets to SecureXL.

PRJ-43127,
PMTR-89008

Security Gateway

Some TCP connections may be stuck in "Both-Fin" state in the SecureXL connection table and cause high memory consumption.

PRJ-39575,
IPS-171

Security Gateway

The "sd_exception_chain_with_global_stateless: fwx_get_original_conn_key() failed" messages may flood /var/log/messages if IPS Blade is active.

PRJ-41624,
PMTR-78011

Security Gateway

When using Routing Separation and installing a Jumbo Hotfix Accumulator, MDPS configuration may be overridden. Refer to sk138672.

PRJ-40917,
PRHF-24590

Security Gateway

The Security Gateway may crash because of memory corruption, and the following error appears in the /var/log/message file: "[XXX] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: <xxxx>".

PRJ-39332,
PRHF-23528

Security Gateway

After an upgrade, Access Control policy installation may fail with an "Update process is already running" message.

PRJ-35110,
PMTR-77852

Security Gateway

There may be connectivity failure when browsing to Office 365, and ICAP Client is active on the Security Gateway with enabled "Data Trickling".

PRJ-41416,
PRHF-24690

Security Gateway

The Security Gateway may send multiple "Failed to fetch Check Point resources. Timeout was reached" logs.

PRJ-40974,
PRHF-24784

Threat Prevention

Threat Prevention policy installation may fail with a "Connection aborted by Peer" message.

PRJ-41316,
PMTR-86509

Threat Prevention

Threat prevention policy installation fails if a Custom Intelligence Feeds name includes unsupported characters.

PRJ-41489,
PMTR-84472

Threat Prevention

Loading of Custom Intelligence Feeds with authentication may fail.

PRJ-38722,
PMTR-82545

Threat Prevention

File Download using SSH with MobaXterm Client fails when SSH Deep Packet Inspection (SSH DPI) is enabled.

PRJ-40936,
PMTR-85828

Threat Prevention

In a rare scenario, the Security Gateway may have a memory allocation issue.

PRJ-41439,
PRJ-40749

Threat Prevention

After installing a hotfix in a cluster setup with a Threat Prevention policy that includes Network Objects, a member may get stuck during initialization after a reboot.

PRJ-38665,
PRHF-23320

Threat Prevention

The DLPU process may unexpectedly exit with a core dump file.

PRJ-43360

Threat Extraction

In some scenarios, Mail Transfer Agent (MTA) does not scan files with an unsupported extension if they were renamed to ".exe".

PRJ-36509,
PRHF-22053

Identity Awareness

The CPU utilization of the PDP daemon may be high during a specific authentication flow.

PRJ-38543,
PRHF-22565

Identity Awareness

The PDPD daemon may frequently exit during the user authentication flow.

PRJ-31975,
PMTR-74053

Identity Awareness

Changing the state of the "Automatic LDAP Group Update" feature for Identity Collector from CLI on the PDP Gateway does not survive a reboot.

PRJ-34571,
PRHF-21045

Identity Awareness

SNMP/cpstat queries for Identity Awareness OIDs return wrong values if the PDP daemon is not running at the time of the query.

PRJ-41820,
PMTR-87497

Identity Awareness

In a rare scenario, the PDPD process may unexpectedly exit during peer certificate verification.

PRJ-42506,
PRHF-26186

Application Control

In a rare scenario, when Application Control is enabled, the Security Gateway in AWS Cloud may crash. The issue does not occur if Application Control database on the Security Gateway is updated with Release 141122_1 and higher.

PRJ-32992,
PRHF-20460

IPS

In some scenarios, IPS logs do not show the correct memory and CPU utilization when IPS is bypassed.

PRJ-41655,
PRHF-25585

IPS

Running the "ips stats" command in CLI may cause the IPS process to unexpectedly exit with core dumps.

PRJ-39753,
PRHF-23882

Anti-Virus

The Anti-Virus Blade interprets certain types of URLs as forbidden and blocks access to those URLs, although the content behind them is not of the type supposed to be blocked.

PRJ-41216,
PRHF-23321

Anti-Virus

In a rare scenario, when Anti-Virus is enabled, there may be frequent VSX cluster failovers, and the Security Gateway may crash.

PRJ-43181,
PRHF-26878

SSL Inspection

The WSTLSD process may unexpectedly exit and create core dump files.

PRJ-41973,
PRJ-42152

Mobile Access

After an upgrade, it may not be possible to connect to SNX, it gets stuck when initializing.

PRJ-32969,
PRHF-20588

Mobile Access

Capsule Workspace push notifications do not work when the Single Sign-On (SSO) is configured to "prompt for credentials". Refer to sk176244.

PRJ-40833,
PRHF-24826

Mobile Access

After disabling the ActiveSync service on the Security Gateway, login to Capsule Workspace (CWS) may fail.

PRJ-32972,
PRHF-20670

Mobile Access

Push notification may not be working with the legacy Mobile Access (MAB) Portal. Refer to sk176243.

PRJ-38460,
PRHF-23267

Mobile Access

In some scenarios, it is not possible to connect to SSL Network Extender(SNX), and the VPND log shows: "failed to add to table connectra_sessions_to_instance".

PRJ-40745,
PRHF-24710

ClusterXL

The cphaprob show_bond command does not show newly added slaves from Virtual Systems (VSs).

PRJ-42928,
PMTR-88804

ClusterXL

A Hide NAT port may be allocated twice causing the "out of state" drops.

PRJ-37151,
PRHF-22237

ClusterXL

In an Active/Active cluster, a member may reboot because of a memory corruption issue.

PRJ-39184,
PRHF-23684

ClusterXL

In a VRRP cluster environment with a large number of interfaces, the Security Gateway may consume a lot of memory because of a memory leak.

PRJ-42445,
PRHF-26215

SecureXL

The Security Gateway may prematurely expire half-closed TCP connections and drop VoIP and HTTPS packets with "First packet isn't SYN". Refer to sk180364.

PRJ-42073,
PRHF-25880

SecureXL

In some scenarios, the change of the cphwd_enable_ecmp global parameter value on a VSX Gateway does not survive a reboot.

PRJ-42230,
PRHF-25785

SecureXL

DNS Traffic Steering feature does not work over TCP.

PRJ-41691,
PRHF-25516

SecureXL

The Security Gateway may crash and cause an outage when resolving the destination host MAC address through an interface with disabled ARP.

PRJ-42145,
PMTR-88118

SecureXL

SNDs may reach 100% CPU utilization and are not released in some Site to Site VPN scenarios.

PRJ-40266,
PRHF-23964

CoreXL

Connections matching the Access Control rules may get timed out, although they should be rejected according to the configuration.

PRJ-41504,
PMTR-75250

Routing

Some invalid nexthop and destination addresses from remote BGP peers may be incorrectly handled, causing lost BGP connection.

PRJ-41724,
PRHF-25460

Routing

The "asg diag verify" command reports inconsistent OSPFv3 routes for Security Gateway Modules in Quantum Maestro. Refer to sk179931.

PRJ-41870,
PMTR-87537

Routing

Gaia API request "show-routes" may fail with the "generic error" and the ROUTED core dump is generated.

PRJ-41708,
PRHF-25613

Routing

The ROUTED process may unexpectedly exit when the route does not have a next hop.

PRJ-41642,
VPNRA-795

VPN

In some scenarios, StrongSwan Client may get disconnected during re-authentication.

PRJ-41809,
PMTR-87347

VPN

When connecting with "Mixed" SSL Network Extender Authentication method, the SNX Client freezes with no output, and the results of the "vpn tu tlist" command show no tunnels.

PRJ-40860,
PRHF-24635

VPN

The VPND process may unexpectedly exit.

PRJ-42729,
PRHF-26453

VPN

In a rare scenario, when IPv6 is configured, and VPN is enabled, policy installation may cause a stability issue.

PRJ-39171,
PRHF-23749

VPN

Remote Access Client may fail to connect when using machine certificate authentication.

PRJ-38167,
PRHF-22957

VPN

Trying to perform the "Reset Tunnel" action for an LDAP user from SmartView Monitor fails. Refer to sk178592.

PRJ-42376,
PMTR-87326

VPN

The IKED process unexpectedly exits when the "Aggressive SLP" (Simultaneous Login Prevention) feature is enabled.

PRJ-40830,
PRHF-24812

VPN

The Security Gateway does not initiate or accept the VPN negotiation when working in Traditional Mode. Refer to sk179710.

PRJ-41560,
PRHF-25552

VPN

After an upgrade, the community name may not be visible from SmartView Monitor, and the "snmpwalk" command returns an empty value for this entry.

PRJ-42310,
PMTR-87519

VPN

Improved VPN tunnel synchronization in a Multi-Version Cluster environment (MVC).

PRJ-38516,
PRHF-23107

VSX

SecureXL may not let HTTPS traffic pass through a Virtual Router (VR).

PRJ-43356,
PMTR-89245

VSX

The SNMPD process may consume a high CPU in a VSX environment and there may be slowness when using the "fw vsx stat" command. Refer to sk180324.

See the Important Notes section.

PRJ-43140

Gaia OS

After an upgrade, the RADIUS Server is unavailable and authentication fails.

See the Important Notes section.

PRJ-41234,
PRHF-25144

Gaia OS

There are trap names duplications in chkpnt.mib and chkpnt-trap.mib which may cause incorrect values when using SNMP traps.

PRJ-41409,
PRHF-25359

Gaia OS

When configuring Gaia Cloning Group mode on the cluster, members with "off" state appear without an IP address and the "adding notification Member mvc is down" error is displayed.

PRJ-34372,
PRHF-21347

Gaia OS

After an upgrade, the backup operation on VSX fails because there is not enough space in /var/log/CPbackup/backups.

PRJ-41613,
PMTR-87176

Gaia OS

Information about scheduled backup failure is now displayed in Clish, WebUI, and in the error message inside the log file.

PRJ-41686,
PRHF-25430

Gaia OS

In a cloning group cluster, when allowed hosts are changed from "Any" host to a specific host, communication between members is blocked, and the group cannot function.

PRJ-42150,
PRJ-42015

CloudGuard Network

Improved performance of pushing Data Center Objects changes to Security Gateways.

PRJ-42855,
PRHF-26286

CloudGuard Network

A Kernel-based Virtual Machine (KVM) or a Virtual Machine using SRIOV with the i40evf/ixgbevf network driver, may boot with non-optimized performance settings.

PRJ-41846,
PRHF-25754

CloudGuard Network

Improved handling of NSX-T API responses.

PRJ-42010,
PRHF-25644

CloudGuard Network

When mapping of some Azure Subscriptions fails, assets of these Subscriptions are revoked from the Security Gateway.

PRJ-42115,
PRHF-25910

CloudGuard Network

AWS Data Center mapping fails when a Subnet with only IPv6 addresses is added to Virtual Private Cloud (VPC).

PRJ-41463,
PRHF-25422

CloudGuard Network

Import of OpenStack Data Center CloudGuard Network objects may fail.

PRJ-42257,
PRHF-26160

CloudGuard Network

After an upgrade in a Huawei Cloud environment, a network card may be renamed after a reboot.

PRJ-28732,
PRHF-11703

VoIP

In some scenarios, when using early media with NAT, the first data connections specified in the SDP get closed, although they should not. And the new data connection does not open, resulting in one-way audio. Refer to sk179651.

PRJ-40355,
PRHF-24453

Scalable Platforms

When running the "set kernel-routes on/off" and "set domainname <VALUE>" commands through gCLish, the configuration is applied only locally.

PRJ-36510,
PRHF-21993

Scalable Platforms

In some scenarios, a newly added Security Group Member (SGM) continuously reboots, and there are core dump files for the CONFD process. Refer to sk178405.

PRJ-40180,
PRHF-24199

Scalable Platforms

In a rare scenario, the FWK process may unexpectedly exit and bring down the Security Gateway Module (SGM).

PRJ-42514,
PMTR-88150

Scalable Platforms

Upon failover/failback, multicast packets are sent to Active members only. The member that changed state from Down to Active starts receiving the multicast packets before the route is resolved. This may impact traffic.

PRJ-40835,
MBS-15935

Scalable Platforms

In a rare scenario, a non-SMO member may send GARP request over the Management interface, causing traffic impact.

PRJ-41146,
PRHF-25000

Scalable Platforms

In some scenarios, the SNMPD process may unexpectedly exit.

PRJ-41473,
PMTR-84696

Scalable Platforms

Configuration of exception entries (asg_excp_conf, see sk175584) does not survive an upgrade. As a result, traffic that was configured to be forwarded to SMO is handled by the original member.

PRJ-32368,
PMTR-70507

Scalable Platforms

In a dual site environment with two Maestro Hyperscale Orchestrators on each site, the asg diag test may fail in a mixed appliances setup because of a difference in affinity configuration files.

PRJ-37829,
PRHF-22738

Scalable Platforms

Improved VPN on Quantum Maestro with Security Gateways hidden behind NAT.

PRJ-41835,
PRHF-25720

Scalable Platforms

SNMP threshold events traps may be missing "Chassis ID" and "Blade ID" fields. Refer to sk179926.

PRJ-42558,
PRHF-24528

Scalable Platforms

Policy installation may cause backplane interfaces flapping. This can affect the connectivity with the Maestro Hyperscale Orchestrator, and the members may go to Down state.

PRJ-39190,
PRHF-23723

Scalable Platforms

When a policy is configured with "SNMP trap alert script", the SNMP trap is sent with an undefined OID.

PRJ-42947,
MBS-11024

Scalable Platforms

Optimized the SNMP communication between Security Gateway Module (SGM) and Security Switch Module (SSM) to prevent timeouts.

PRJ-39318,
MBS-15404

Scalable Platforms

Failover/failback may cause a non-DR manager member to change state to Down because the ROUTED unexpectedly exits with pnote.

PRJ-41212,
PRHF-25227

Scalable Platforms

Performance data may not be collected on VSX Security Gateways.

PRJ-42820,
PMTR-88702

Scalable Platforms

In a Quantum Maestro environment, the sp_upgrade command may fail when working in VSX mode.

PRJ-42834,
PMTR-88649

Scalable Platforms

When trying to perform the downgrade procedure, a Site may be stuck in Backup state. The issue occurs if, before the downgrade, this Security Group was first upgraded and then its topology was changed.