Important Notes for R81.20 Jumbo Hotfix Accumulator
Issue | Resolved in | Affected Takes |
SK |
Reference |
---|---|---|---|---|
In Maestro and Chassis environment, a boot loop may occur and after several boot attempts, the cluster member state is displayed as "detached" or "lost" in these scenarios:
To prevent this issue:
If you experience the issue, contact Check Point Support for assistance. |
|
Take 89 |
|
|
The latest policy may fail to load upon reboot and the default filter policy is loaded instead, in these scenarios:
To resolve this issue:
|
|
Take 89 |
|
|
In some scenarios, outdated firmware versions on Mellanox cards may conflict with a newer interface driver software. This can potentially lead to system downtime. |
|
Starting from Take 38 |
|
|
The Multi-Version Cluster feature is enabled by default to prevent traffic loss after a failover from a cluster member running a lower Jumbo Hotfix version. |
|
Take 14 |
|
PRJ-44444 |
If the Multi-Version Cluster feature is disabled, cluster members running R81.20 GA or R81.20 with Jumbo Hotfix Accumulator Take 8 / Take 10 cannot synchronize with members upgraded to Take 14 and higher. |
|
Take 8, Take 10, Take 14 |
|
PRJ-44444 |
After a Jumbo Hotfix upgrade, the Mail Transfer Agent may fail on all Virtual Systems except one. |
|
Starting from Take 54 |
|
PRJ-57058 |
The Security Gateway may drop the traffic on specific interfaces when both the QoS blade and the ISP Redundancy Load Sharing feature are simultaneously enabled. |
Take 90 |
Take 79, Take 84, Take 89 |
PRJ-58078 |
|
After an upgrade on the first member of VSX Cluster with VLANs, the member state may become unstable. Although this is a cosmetic issue and does not impact traffic flow or failover functionality, we recommend to follow the steps from sk182819 in order to proceed with the installation. |
Take 90 |
Take 89 |
PRJ-58112 |
|
In a Maestro environment with the "vpn_sync_to_all" parameter enabled, connection going through a Site to Site VPN to a remote location, may be dropped with "First packet isn't SYN". |
Take 89 |
Starting from Take 70 |
|
PRJ-57426 |
Memory leak may occur in SecureXL templates. |
Take 89 |
Starting from Take 70 |
PRJ-57108 |
|
In some scenarios, the FWM process may unexpectedly exit and generate a core dump every few days, when the Compliance Blade is enabled and the scheduled full scan is not configured according to sk182507. |
Take 84 |
Take 76, Take 79 |
|
PRJ-56858 |
The FWM process may exit shortly after startup if the Compliance blade is enabled and scheduled to perform nightly scans. |
Take 76 |
Take 70 |
PRJ-56150 |
|
Security Gateway running in SecureXL User Mode (UPPAK) may crash during driver removal showing "m_free: mbuf doublefree" in the backtrace. |
Take 76 |
Take 70 |
|
PRJ-55953 |
• On Quantum Maestro/Chassis or in ClusterXL, the Security Gateway may crash while processing a VPN/correction flow with a vmcore in /var/log/crash or FWK core in /var/log/dump/usermode/. • The "kernel: xxxxx: tx_timeout" error is printed in /var/log/messages. • PSL drops packets with "PSL Drop: psl_build_pslip failed” message, potentially impacting network performance and streaming capabilities. |
Take 70 |
Starting from Take 14 |
sk182463 |
PRJ-55518 |
SSL Network Extender (SNX) may encounter connectivity issues after installing Jumbo Hotfix Accumulator. |
Take 70 |
Take 41, Take 43, Take 45, Take 53, Take 54, Take 65 |
PRJ-52048 |
|
Wrong interface names on the 9400 appliance after installing R81.20 Jumbo Hotfix Accumulator Take 54. |
Take 65 |
Take 54 |
PRJ-54482 |
|
During an upgrade from R80.40 to R81.20 in a cluster environment, connectivity to the new member may be lost. |
Take 65 |
Take 43, Take 45, Take 53, Take 54 |
|
PRJ-54611 |
R81.20 Jumbo Hotfix Accumulator Take 43 (or higher) installation fails on the Endpoint Security Management Server with "Internal error in a hook script". |
Take 65 |
Take 43, Take 45, Take 53, Take 54 |
PRJ-53184 |
|
VPN IKEv2 negotiation with a third-party peer may fail when the peer offers multiple combined encryption algorithms in one proposal. For example, AWS, by default, offers AES-GCM and AES-GCM-256. The issue triggers an IKE failure log. |
Take 53 |
Take 43, Take 45 |
|
PRJ-53367 |
The Security Gateway with 40 cores fails to boot in Kernel Mode Firewall. |
Take 53 |
Take 43, Take 45 |
PRJ-52910 |
|
In a VSX environment, LACP Bond traffic may fail with the "incomplete ARP" error. |
Take 53 |
Take 43, Take 45 |
|
PRJ-52984 |
Security Gateway with Anti-Virus enabled may sporadically crash because of memory corruption. |
Take 53 |
Take 43, Take 45 |
|
PRJ-53592 |
The CXLD process may consume the CPU at 70%-100% on VSX cluster members. |
Take 45 |
Take 43 |
PRJ-52492 |
|
When in the NAT Rule Base there are domain objects with uppercase letters, the NAT rules may not be matched. |
Take 45 |
Take 43 |
PRJ-52559 |
|
AWS CloudGuard Security Gateway boots into "Sh-4.4" shell after in-place upgrade to the R81.20 with Jumbo Hotfix Accumulator. |
Take 54 |
Take 38, Take 41, Take 43, Take 45, Take 53 |
PRJ-53729 |
|
Sizing of IP ranges in NSgroups may affect CPU and memory usage of the CloudGuard Controller process and cause a high load on the environment. |
Take 41 |
Take 26 |
PRJ-50418 |
|
After an upgrade, CloudGuard Central Licenses may be removed from the CloudGuard Central License pool on the Security Management and from the Security Gateways. For customers who use CloudGuard Central license utility, we recommend to upgrade directly to Take 38. If you upgrade to Take 26 and then to Take 38, the procedure in sk181500 is mandatory. |
Take 38 |
Take 26 |
PRJ-49933 |
|
When BGP local address is configured, BGP peer may fail to establish. |
Take 38 |
Take 26 |
|
PRJ-49906 |
In the read-only mode in SmartConsole, the "Where used failed" error appears when you right-click an object in the security policy and select "Where Used" from the drop-down menu or use the "where-used" Management API command. |
Take 38 |
Take 26 |
PRJ-49205 |
|
IPv6 connections do not survive failover. Cluster members running R81.20 or R81.20 with Jumbo Hotfix Accumulator Take 8 / Take 10 cannot synchronize IPv6 data with members upgraded to Take 14 and Take 24. |
Take 26 |
Take 8, Take 10, Take 14, Take 24 |
|
PRJ-46224 |
When the target object name is long and contains underscore or dash characters, policy installation may fail with "Target is not defined in the database".
|
Take 24 |
Take 8, Take 10, Take 14 |
|
PRJ-47103 |
After installing R81.20 Jumbo Hotfix Accumulator Take 8 on Maestro Security Group Members (SGMs), they may reboot several times and stay in Down state with a "Configuration" pnote. This issue occurs on Maestro SGMs with Identity Awareness enabled and SGMs configured to learn Identities from remote PDPs. |
Take 10 |
Take 8 |
PRJ-45903 |