R81.20 Jumbo Hotfix Take 14
|
Note - This Take contains all fixes from all earlier Takes. |
ID |
Product |
Description |
---|---|---|
Take 14 Released on 1 June 2023 |
||
PRJ-44444 |
SD-WAN |
NEW: Added support for Quantum SD-WAN that provides resilient connectivity, optimizes usage of WAN connections for Internet and Site to Site VPNs allowing dynamic application traffic steering based on measured ISP link quality. Refer to sk180605. See the Critical Information section. |
PRJ-45296, |
Security Management |
UPDATE: Added ability to block policy installation if this policy contradicts another policy installed on the Security Gateway. In this scenario, the "install-policy" Management API command will now fail with "Requested policy X does not match currently installed policy Y on gateway Z. To ignore this warning, set the 'ignore-warnings' flag to 'true'". Refer to sk180792. |
PRJ-44503, |
Security Management |
UPDATE: Significantly improved performance during upgrade and import for large Multi-Domain Security Management environments with many administrators (over 20 domains and over 100 global administrators).
|
PRJ-45675, |
Security Gateway |
UPDATE: Added a new environment variable " |
PRJ-45072, |
ClusterXL |
UPDATE: Improved the fullsync time after reboot in large scale environments. Refer to sk180742. |
PRJ-44871, |
VSX |
UPDATE: The default maximum number of processes monitored by CPWD is changed from 3000 to 10000. |
PRJ-45265, |
GaiaOS |
UPDATE: Added a defense mechanism against the hostname command injection in the Gaia Portal (CVE-2023-28130). Refer to sk181311. |
PRJ-45756, PMTR-91592 |
Scalable Platforms |
UPDATE: Improved the decision making flow for scenarios when Maestro Gateway should leave a Security Group. |
PRJ-45055, |
Security Management |
In rare scenarios, in multi-site environments, an IPS update on the Multi-Domain Security Management Server remains locked. |
PRJ-43560, PRJ-42549, |
Security Management |
In rare scenarios, in Multi-Site environments, Install Policy presets fail with "Timeout during task progress" or "You have reached the maximum number of active sessions". Refer to sk180897. |
PRJ-45061, |
Security Management |
In large Multi-Domain Security Management environments, login to SmartConsole may fail while High Availability synchronization is running. Refer to sk180858. |
PRJ-44452, |
Security Management |
In rare scenarios, in Multi-Domain Security Management environments with many administrators that have custom permissions, SmartConsole is slow, and operations take longer than usual. Refer to sk180681. |
PRJ-44096, |
Security Gateway |
In some scenarios, the FWD process may unexpectedly exit and cause a short outage related to the BGP failure. |
PRJ-44233, |
Security Gateway |
After policy installation, a VSX High Availability Cluster member may have a failover and generate a vmcore. |
PRJ-44082, |
Security Gateway |
In an Active/Standby cluster, when downloading a file using FTP protocol, the FWK process may unexpectedly exit, and a core dump file is generated. |
PRJ-44921, |
Security Gateway |
After an upgrade, memory usage may increase on all Security Gateway Modules, and the "pkt_handle_f2v_if_needed: dropping packet (failed to send notification)" error is printed in logs. |
PRJ-46341, |
Security Gateway |
In rare scenarios, memory corruption occurs during packet correction requiring fragmentation, this may cause the Security Gateway crash or freeze. |
PRJ-45085, |
Security Gateway |
Latency when the Anti-Virus Blade processes ThreatCloud response. |
PRJ-42586, PMTR-88424 |
Threat Prevention |
When using a host with automatic static NAT in a Threat Prevention policy object, the rule may not be enforced. |
PRJ-44552, |
Threat Prevention |
In some scenarios, the FWD process unexpectedly exits, and the Security Group Members state flaps between Active and Down during an Anti-Bot Blade update. |
PRJ-44317, |
Content Awareness |
When Content Awareness Blade is enabled, there is a limitation of the file size (sk118516). However, when the source object of the Content Awareness rule does not match the current connection, the limitation is not applied on this connection. |
PRJ-44384, |
Application Control |
A buffer overflow may occur and cause the FWD process to exit. This leads to the Security Group Members in a Maestro environment change from Active to Down state and creates instability. |
PRJ-42715, |
IPS |
In a rare scenario, the Security Gateway may crash during an IPS package update. |
PRJ-44456, |
ClusterXL |
After several failovers in a cluster, connections may fail to synchronize. This can cause a timeout and the "first packet isn't syn" drops. |
PRJ-44678, |
SecureXL |
After an upgrade, packets passing through a Remote Access VPN tunnel in a VSX environment may be silently dropped. |
PRJ-44875, |
SecureXL |
Traffic may be dropped and the FWACCEL core file is generated. |
PRJ-44925, |
Routing |
When PIM and state refresh are enabled, the state refresh message may not be sent automatically after a failback in ClusterXL HA Primary Up mode. |
PRJ-46129, |
Routing |
The ROUTED daemon may unexpectedly exit when aggregating routes with long AS paths. |
PRJ-44941, |
Routing |
After an update, multicast traffic may be dropped. |
PRJ-44693, |
Routing |
Cluster member may stop sending multicast PIM traffic after failover or a reboot. Refer to sk180669. |
PRJ-41031, |
Routing |
The ROUTED daemon may unexpectedly exit and generate core dumps after OSPF neighborship was established, but did not advertise routes. Lost routing causes the network to be down. |
PRJ-43596, |
VPN |
Stability issues for Data connections (RDP / RTP / FTP/ETC). Refer to sk179651. |
PRJ-46438 |
GaiaOS |
Memory allocation issue may occur during initialization time. |