R81.20 Jumbo Hotfix Take 120

Note - This Take contains all fixes from all earlier Takes.

ID	Product	Description
Take 120 Released on 20 November 2025 and declared as Recommended on 21 December 2025
Take 120 - Improvements and Resolved Issues
PRJ-63741, PMTR-119534	Gaia OS	UPDATE: Check Point response to CVE-2019-6109, CVE-2019-6110, CVE-2019-6111. Refer to sk65269.
PRJ-61018, FMW-5200	Security Gateway	UPDATE: Improve shared memory packet flow and performance.
PRJ-62747, PRHF-40593	Threat Prevention	UPDATE: Added an option to disable enforcement on internal interfaces when IOC indicators are loaded. To configure this option, add or modify [IOC] enable_internal_interface=<value> in the file $FWDIR/conf/malware_config (for MDS, additionally in $MDS_FWDIR/conf/malware_config).
PRJ-51645, PRHF-31201	Gaia OS	UPDATE: Added mq_mng.elg to the /etc/cpshell/log_rotation.conf file (sk113241).
PRJ-63581, PRHF-41198, PMTR-119173	Harmony Endpoint	UPDATE: Directory scanner improvements for large environments. Emon JSON data payload management improvements.
PRJ-64246, ODU-3159, PRJ-64544, ODU-3225	Automatic Updates - Policy Insights	UPDATE: Added Take 77 and Take 78 of Policy Insights Release Updates. Refer to sk183421.
PRJ-64476, ODU-3143, PRJ-64637, ODU-3259	Automatic Updates - Web SmartConsole	UPDATE: New features and improvements are released in Take 155 and Take 156 via self-updatable package. Refer to sk170314.
PRJ-64547, ODU-3175	Automatic Updates - HCP	UPDATE: Added Update 24 of HealthCheck Point (HCP) Release. Refer to sk171436.
PRJ-64585, ODU-3199, PRJ-64742, ODU-3267	Automatic Updates - CPView	UPDATE: Added Take 52 and Take 53 of CPquid (QUID) Release Updates. Refer to sk181458.
PRJ-64828, ODU-3235	Automatic Updates - Threat Prevention	UPDATE: Added Update 27 of Autonomous Threat Prevention Management integration Release. Refer to sk167109.
PRJ-64904, ODU-3275	Automatic Updates - CPView	UPDATE: Added Take 210 of CPotelcol (OpenTelemetry Collector) Release Updates. Refer to sk180522.
PRJ-60643, PRHF-39082	Security Management	In some scenarios, the warning "Threat Prevention Policy: For better performance, blade exception rules with the action 'Inactive' should be placed above other exception rules" appears in SmartConsole even though no exception rules violate the recommended configuration.
PRJ-53003, PMTR-101178	Security Management	When running "mgmt_cli show central-license", it fails with "code: "generic_error" instead of returning the central license information.
PRJ-63540, PRHF-41609	Multi-Domain Security Management	In a Multi-Domain Security Management environment, when opening the License tab of a Security Gateway object in SmartConsole, the "Security Gateway was not found" error may be shown.
PRJ-63597, PRHF-41369	CPView	VSX CPU Usage calculation on multi-core devices may be incorrect.
PRJ-56659, PMTR-107477	CPView	In VS setups, the cpviewd.elg file grows excessively and fills the /var/log/ partition, causing the Gateway to become unreachable.
PRJ-63313, PRHF-41539	Security Gateway	The RAD daemon may unexpectedly exit.
PRJ-62825, PMTR-117944	Security Gateway	When the Gaia Portal accessibility is configured as "According to Firewall policy", access may be denied because of a match on an implied rule with the "Accept" action.
PRJ-63486, PRHF-41690	Security Gateway	Mirror and Decrypt feature may not function as expected when HyperFlow is enabled.
PRJ-62882, PRHF-41266	Security Gateway	In some scenarios, when HyperFlow is enabled, websites that use HTTP2 protocol do not load properly.
PRJ-63820, PRHF-41922	Security Gateway	When a Security Gateway is configured in Bridge Mode, a memory leak may occur.
PRJ-63378, PRHF-41472	Security Gateway	Threat Emulation on ICAP Server fails with "There was an Unexpected Internal error, Please try again later". Refer to sk184228.
PRJ-63087, PRHF-40865	Security Gateway	HTTP parsing fails with the "Illegal header format detected: Invalid header field" error.
PRJ-63860, PMTR-113368, TPDO-3593	Threat Prevention	In a rare scenario, SmartConsole does not display a notification when the IP reputation feed for the Anti-Bot Software Blade fails to load.
PRJ-61196, PRHF-39537, PMTR-115422	Threat Prevention	In rare scenarios, the Anti-Virus Software Blade fails to fetch the external intelligence feed because of an authentication failure.
PRJ-54475, PRHF-33776	Identity Awareness	In a rare scenario, the PDPD daemon may unexpectedly exit while updating identity session timers.
PRJ-63885, PRHF-41980	Application Control	In the Application Layer, an “any-any” rule (from any source to any destination, using any service) with long-lived connections may cause excessive memory usage. Refer to sk184196.
PRJ-63431, PMTR-118983	URL Filtering	In rare scenarios, IoC resources are not loaded or distributed as expected.
PRJ-62488, PMTR-111667	SecureXL	In some scenarios, the Security Gateway delays offloading a connection to the Quantum LightSpeed hardware accelerated card when SecureXL User Mode (UPPAK) is enabled.
PRJ-62913, PMTR-118130	SecureXL	In some scenarios, after an update of the OS route configuration, there may be a significant delay in traffic passing through the Security Gateway when SecureXL works in the User Mode (UPPAK). Refer to sk182740.
PRJ-63470, PMTR-118999	SecureXL	In some scenarios, a VSX Gateway may not optimally pass traffic from a Virtual System to a Virtual Router or Virtual Switch when connections are accelerated in SecureXL.
PRJ-63856, PMTR-119616	SecureXL	When tunnel is established and traffic is running, the USIM process may exit every 15-20 minutes and cause a failover of the second member.
PRJ-63171, PMTR-118518	SecureXL	In some scenarios, when a Security Gateway, running in SecureXL User Mode (UPPAK), receives IPv6 Neighbor Discovery Protocol (NDP) packets from the network, it may not properly forward or process them correctly.
PRJ-61340, PMTR-115628	SecureXL	In some scenarios, there is significant latency when passing traffic through bridge interfaces configured on a Security Gateway when SecureXL User Mode is enabled.
PRJ-63771, PMTR-119562	SecureXL	VPN cluster members may crash after a cluster failover with BGP enabled and the exit of the USIM process.
PRJ-63601, PMTR-119184	SecureXL	Security Gateway unexpectedly crashes with kernel logs showing segmentation faults in the USIM_x86 process. Refer to sk184340.
PRJ-63414, PMTR-118686	SecureXL	In a rare scenario, packets with malformed message headers cause the Security Gateway to crash.
PRJ-63953, PRJ-63818	VSX	In a rare scenario, the FWM process may exit on the Security Management Server managing VSX Gateways/Clusters.
PRJ-62077, PMTR-107936	VSX	After enabling Mobile Access Software Blade on a Virtual System, Mobile Access services do not run, and the Mobile Access portal cannot be reached. Refer to sk183256.
PRJ-56048, PRHF-34615	Gaia OS	After an upgrade from R81 to R81.20, backup on a VSX Gateway may fail with the "Cannot complete the backup process: not enough space in /var/log/CPbackup/backups" error.
PRJ-63210, PRHF-41484	Gaia OS	After an upgrade, the scheduled SFTP backup configuration is not fully displayed in the "show configuration" output. Refer to sk184093.
PRJ-62007, SDWANGW-4494	SD-WAN	In rare scenarios, policy installation causes traffic matched by the "prefer local breakout" rule to be incorrectly routed through the underlay private link instead of the overlay.
PRJ-62761, PMTR-117824, SDWANGW-4233	SD-WAN	In rare scenarios, new connections may continue matching "Prioritize Local Breakout" despite low ISP quality that should trigger a switch to backhaul.
PRJ-61892, PRHF-39789	Harmony Endpoint	Posture Management scans initiated manually or automatically remain stuck at the "Scan initialize" status. This issue affects all devices with Endpoint Security installed.
PRJ-61895, PRHF-39851	Harmony Endpoint	Security Management Server and Policy Server may lose connectivity after uploading production licenses. Running "cplic print -x" on the Policy Server shows no output, while the Security Management Server output is uploaded for review.
PRJ-63037, PMTR-118317, EPS-60640	Harmony Endpoint	After upgrading the Endpoint Security Client from a non-compliant version to E88.62 on Azure AD devices (protected by Full Disk Encryption), multiple clients may enter a disconnected state.
PRJ-63461, PMTR-119023, EPS-60858	Harmony Endpoint	Full Disk Encryption user update password fails with auth_type 3 (certificate and password).
PRJ-62613, PMTR-117583	Scalable Platforms	Connectivity issues may occur between Maestro sites that are connected through Cisco OTV switches. Refer to sk183666.
PRJ-60968, PRHF-39103	Scalable Platforms	In rare scenarios, "asg stat -i chassis_monitor" returns "0" even when the cluster did not start, causing "distutil" to incorrectly update the MHO topology. This can result in a traffic impact when a cluster member recovers from a FWK process exit.