Important Notes for R81.20 Jumbo Hotfix Accumulator
| Issue | Affected Takes | Resolved in |
SK |
Reference |
|---|---|---|---|---|
|
The Multi-Version Cluster feature is enabled by default to prevent traffic loss after a failover from a cluster member running a lower Jumbo Hotfix version. |
Take 14 |
|
|
PRJ-44444 |
|
If the Multi-Version Cluster feature is disabled, cluster members running R81.20 GA or R81.20 with Jumbo Hotfix Accumulator Take 8 / Take 10 cannot synchronize with members upgraded to Take 14 and higher. |
Take 8, Take 10, Take 14 |
|
|
PRJ-44444 |
|
SSL Network Extender (SNX) may encounter connectivity issues after installing Jumbo Hotfix Accumulator. The issue will be resolved in one of the future Takes. |
Take 41, Take 43, Take 45, Take 53, Take 54 |
|
PRJ-52048 |
|
|
VPN IKEv2 negotiation with a third-party peer may fail when the peer offers multiple combined encryption algorithms in one proposal. For example, AWS, by default, offers AES-GCM and AES-GCM-256. The issue triggers an IKE failure log. |
Take 43, Take 45 |
Take 53 |
|
PRJ-53367 |
|
The Security Gateway with 40 cores fails to boot in Kernel Mode Firewall. |
Take 43, Take 45 |
Take 53 |
PRJ-52910 |
|
|
In a VSX environment, LACP Bond traffic may fail with the "incomplete ARP" error. |
Take 43, Take 45 |
Take 53 |
|
PRJ-52984 |
|
Security Gateway with Anti-Virus enabled may sporadically crash because of memory corruption. |
Take 43, Take 45 |
Take 53 |
|
PRJ-53592 |
|
The CXLD process may consume the CPU at 70%-100% on VSX cluster members. |
Take 43 |
Take 45 |
PRJ-52492 |
|
|
When in the NAT Rule Base there are domain objects with uppercase letters, the NAT rules may not be matched. |
Take 43 |
Take 45 |
PRJ-52559 |
|
|
AWS CloudGuard Security Gateway boots into "Sh-4.4" shell after in-place upgrade to the R81.20 with Jumbo Hotfix Accumulator. |
Take 38, Take 41, Take 43, Take 45, Take 53 |
Take 54 |
PRJ-53729 |
|
|
Sizing of IP ranges in NSgroups may affect CPU and memory usage of the CloudGuard Controller process and cause a high load on the environment. |
Take 26 |
Take 41 |
PRJ-50418 |
|
|
After an upgrade, CloudGuard Central Licenses may be removed from the CloudGuard Central License pool on the Security Management and from the Security Gateways. For customers who use CloudGuard Central license utility, we recommend to upgrade directly to Take 38. If you upgrade to Take 26 and then to Take 38, the procedure in sk181500 is mandatory. |
Take 26 |
Take 38 |
PRJ-49933 |
|
|
When BGP local address is configured, BGP peer may fail to establish. |
Take 26 |
Take 38 |
|
PRJ-49906 |
|
In the read-only mode in SmartConsole, the "Where used failed" error appears when you right-click an object in the security policy and select "Where Used" from the drop-down menu or use the "where-used" Management API command. |
Take 26 |
Take 38 |
PRJ-49205 |
|
|
IPv6 connections do not survive failover. Cluster members running R81.20 or R81.20 with Jumbo Hotfix Accumulator Take 8 / Take 10 cannot synchronize IPv6 data with members upgraded to Take 14 and Take 24. |
Take 8, Take 10, Take 14, Take 24 |
Take 26 |
|
PRJ-46224 |
|
When the target object name is long and contains underscore or dash characters, policy installation may fail with "Target is not defined in the database".
|
Take 8, Take 10, Take 14 |
Take 24 |
|
PRJ-47103 |
|
After installing R81.20 Jumbo Hotfix Accumulator Take 8 on Maestro Security Group Members (SGMs), they may reboot several times and stay in Down state with a "Configuration" pnote. This issue occurs on Maestro SGMs with Identity Awareness enabled and SGMs configured to learn Identities from remote PDPs. |
Take 8 |
Take 10 |
PRJ-45903 |
