Important Notes for R81.20 Jumbo Hotfix Accumulator
Issue | Affected Takes | Resolved in |
SK |
Reference |
---|---|---|---|---|
After a Jumbo Hotfix upgrade, the Mail Transfer Agent may fail on all Virtual Systems except one. |
Starting from Take 54 |
|
|
|
In some scenarios, outdated firmware versions on Mellanox cards may conflict with a newer interface driver software. This can potentially lead to system downtime. |
Starting from Take 38 |
|
|
|
The Multi-Version Cluster feature is enabled by default to prevent traffic loss after a failover from a cluster member running a lower Jumbo Hotfix version. |
Take 14 |
|
|
PRJ-44444 |
If the Multi-Version Cluster feature is disabled, cluster members running R81.20 GA or R81.20 with Jumbo Hotfix Accumulator Take 8 / Take 10 cannot synchronize with members upgraded to Take 14 and higher. |
Take 8, Take 10, Take 14 |
|
|
PRJ-44444 |
The FWM process may exit shortly after startup if the Compliance blade is enabled and scheduled to perform nightly scans. |
Take 70 |
Take 76 |
PRJ-56150 |
|
Security Gateway running in SecureXL User Mode (UPPAK) may crash during driver removal showing "m_free: mbuf doublefree" in the backtrace. |
Take 70 |
Take 76 |
|
PRJ-55953 |
• On Quantum Maestro/Chassis or in ClusterXL, the Security Gateway may crash while processing a VPN/correction flow with a vmcore in /var/log/crash or FWK core in /var/log/dump/usermode/. • The "kernel: xxxxx: tx_timeout" error is printed in /var/log/messages. • PSL drops packets with "PSL Drop: psl_build_pslip failed” message, potentially impacting network performance and streaming capabilities. |
Starting from Take 14 |
Take 70 |
sk182463 |
PRJ-55518 |
SSL Network Extender (SNX) may encounter connectivity issues after installing Jumbo Hotfix Accumulator. |
Take 41, Take 43, Take 45, Take 53, Take 54, Take 65 |
Take 70 |
PRJ-52048 |
|
Wrong interface names on the 9400 appliance after installing R81.20 Jumbo Hotfix Accumulator Take 54. |
Take 54 |
Take 65 |
PRJ-54482 |
|
During an upgrade from R80.40 to R81.20 in a cluster environment, connectivity to the new member may be lost. |
Take 43, Take 45, Take 53, Take 54 |
Take 65 |
|
PRJ-54611 |
R81.20 Jumbo Hotfix Accumulator Take 43 (or higher) installation fails on the Endpoint Security Management Server with "Internal error in a hook script". |
Take 43, Take 45, Take 53, Take 54 |
Take 65 |
PRJ-53184 |
|
VPN IKEv2 negotiation with a third-party peer may fail when the peer offers multiple combined encryption algorithms in one proposal. For example, AWS, by default, offers AES-GCM and AES-GCM-256. The issue triggers an IKE failure log. |
Take 43, Take 45 |
Take 53 |
|
PRJ-53367 |
The Security Gateway with 40 cores fails to boot in Kernel Mode Firewall. |
Take 43, Take 45 |
Take 53 |
PRJ-52910 |
|
In a VSX environment, LACP Bond traffic may fail with the "incomplete ARP" error. |
Take 43, Take 45 |
Take 53 |
|
PRJ-52984 |
Security Gateway with Anti-Virus enabled may sporadically crash because of memory corruption. |
Take 43, Take 45 |
Take 53 |
|
PRJ-53592 |
The CXLD process may consume the CPU at 70%-100% on VSX cluster members. |
Take 43 |
Take 45 |
PRJ-52492 |
|
When in the NAT Rule Base there are domain objects with uppercase letters, the NAT rules may not be matched. |
Take 43 |
Take 45 |
PRJ-52559 |
|
AWS CloudGuard Security Gateway boots into "Sh-4.4" shell after in-place upgrade to the R81.20 with Jumbo Hotfix Accumulator. |
Take 38, Take 41, Take 43, Take 45, Take 53 |
Take 54 |
PRJ-53729 |
|
Sizing of IP ranges in NSgroups may affect CPU and memory usage of the CloudGuard Controller process and cause a high load on the environment. |
Take 26 |
Take 41 |
PRJ-50418 |
|
After an upgrade, CloudGuard Central Licenses may be removed from the CloudGuard Central License pool on the Security Management and from the Security Gateways. For customers who use CloudGuard Central license utility, we recommend to upgrade directly to Take 38. If you upgrade to Take 26 and then to Take 38, the procedure in sk181500 is mandatory. |
Take 26 |
Take 38 |
PRJ-49933 |
|
When BGP local address is configured, BGP peer may fail to establish. |
Take 26 |
Take 38 |
|
PRJ-49906 |
In the read-only mode in SmartConsole, the "Where used failed" error appears when you right-click an object in the security policy and select "Where Used" from the drop-down menu or use the "where-used" Management API command. |
Take 26 |
Take 38 |
PRJ-49205 |
|
IPv6 connections do not survive failover. Cluster members running R81.20 or R81.20 with Jumbo Hotfix Accumulator Take 8 / Take 10 cannot synchronize IPv6 data with members upgraded to Take 14 and Take 24. |
Take 8, Take 10, Take 14, Take 24 |
Take 26 |
|
PRJ-46224 |
When the target object name is long and contains underscore or dash characters, policy installation may fail with "Target is not defined in the database".
|
Take 8, Take 10, Take 14 |
Take 24 |
|
PRJ-47103 |
After installing R81.20 Jumbo Hotfix Accumulator Take 8 on Maestro Security Group Members (SGMs), they may reboot several times and stay in Down state with a "Configuration" pnote. This issue occurs on Maestro SGMs with Identity Awareness enabled and SGMs configured to learn Identities from remote PDPs. |
Take 8 |
Take 10 |
PRJ-45903 |