R81.20 Jumbo Hotfix Take 38
|
|
Note - This Take contains all fixes from all earlier Takes. |
|
ID |
Product |
Description |
|---|---|---|
|
Take 38 Released on 23 October 2023 |
||
|
PRJ-46771, |
Security Gateway |
NEW: This Jumbo Hotfix Take introduces support for new Quantum Force appliances 19200, 29100, and 29200. Refer to sk180520.
|
|
PRJ-47822, |
Security Gateway |
NEW: Identity Awareness daemons (PDPD and PEPD) now use a modern memory allocator. The feature is disabled by default. Refer to sk181629. |
|
PRJ-42434, |
SecureXL |
NEW: Added support for User Space Mode (UPPAK) on LightSpeed Appliances (QLS250, QLS450, QLS650, and QLS800 - see sk179432). After upgrading to this Jumbo Hotfix Take, these appliances will run in UPPAK mode by default. |
|
PRJ-48144 |
Identity Awareness |
UPDATE: Added a new mode for Identity Awareness Blade - "PDP-Only", where the Security Gateway acts only as Policy Decision Point (PDP) for identity acquisition and distribution and does not enforce the identity-based policy. The new mode improves scalability for PDPs and Identity Broker. Refer to sk181605. |
|
PRJ-49556 |
SecureXL |
UPDATE: On Quantum LightSpeed appliances running in Kernel Mode (KPPAK), when using a feature that is not supported in User Space Mode (UPPAK), a notification that after upgrading to this Jumbo Take the appliance will still run in KPPAK is now displayed. |
|
PRJ-49380, |
SecureXL |
UPDATE: The VXLAN creation feature is now blocked in User Space Mode (UPPAK). |
|
PRJ-49383, |
SecureXL |
UPDATE: The GRE interface creation feature is now blocked in User Space Mode (UPPAK). |
|
PRJ-49385, |
SecureXL |
UPDATE: The VRRP interface creation feature is now blocked in User Space Mode (UPPAK). |
|
PRJ-49211 |
SecureXL |
UPDATE: When UPPAK mode is enabled, the limit in /var/log/dump/usermode/ gets automatically extended from 10 Gb to 30 Gb to prevent possible deletion of large core files. |
|
PRJ-43883, |
VSX |
UPDATE: The "IPv6 autoconfig" parameter is now disabled by default on VSX. |
|
PRJ-48405, |
HCP |
UPDATE: Added Update 13 of HealthCheck Point (HCP) Release. Refer to sk171436. |
|
PRJ-48879, |
Security Management |
|
|
PRJ-49205, |
Security Management |
Refer to sk181471. See the Critical Information section. |
|
PRJ-48791, |
Security Gateway |
An upgrade may fail with this validation message: "Install On column contains Security Gateways without Blades that exist in the 'Protection/Site/File/Blade column'_ Blades". |
|
PRJ-45207
|
Security Gateway |
In rare scenarios, the FWK process may unexpectedly exit when running an outgoing (a local connection) from the Security Gateway. |
|
PRJ-49513, |
Threat Prevention |
In a rare scenario, changes in Threat Prevention custom intelligence feeds settings may not be applied after policy installation. |
|
PRJ-48253, |
Identity Awareness |
Identity-based roles may not match the Access Roles after User and Machine were identified. |
|
PRJ-45057, |
Identity Awareness |
In a rare scenario, during authentication, the PDPD process can become unresponsive. |
|
PRJ-46844, |
Identity Awareness |
In a rare scenario, the PDPD process may unexpectedly exit during an LDAP query. |
|
PRJ-48148, |
Identity Awareness |
When Identity Agent authenticates both the machine and the user, a rare race condition may occur and disrupt the intended sequence of authentication and publishing, resulting in incorrect data handling. |
|
PRJ-47111, |
Identity Awareness |
Identity Broker may be missing some identities. |
|
PRJ-47110, |
Identity Awareness |
The PDPD process may exit during Identity Broker synchronization. |
|
PRJ-48934, |
Identity Awareness |
The PDP Gateway may be unresponsive while publishing identities to Identity Broker subscriber in the Sync flow. |
|
PRJ-47890, |
Identity Awareness |
In rare scenarios, the PDP Gateway may not be responsive when Identity Agent reconnects. |
|
PRJ-48933, |
Identity Awareness |
In a rare condition, in a large environment, the PDP Gateway may crash when publishing an IP-change message to its Identity Broker subscribers. |
|
PRJ-49339, |
ClusterXL |
In ClusterXL Bridge mode, failover fail-back may cause a short outage. |
|
PRJ-47844, |
ClusterXL |
When setting the bonding group to 8023AD mode, a "KERLAG0029 Error running cmd cphaconf bond_ls set bond1 0." message is shown. |
|
PRJ-49947, |
ClusterXL |
Standby VSX cluster members working in Virtual System Load Sharing (VSLS) mode may not be able to access the Internet. |
|
PRJ-48933 |
CoreXL |
Corrupted VS affinity configuration may cause excessive error messages "cp_set_process_vs_affinity: Error corrupt affinity file". |
|
PRJ-49239, |
Routing |
If the Security Gateway is in UPPAK mode and a PBR rule directs traffic to a Server on a different subnet, deleting the ARP entry for the Gateway on the Server can disrupt the traffic flow. |
|
PRJ-49906, |
Routing |
When BGP local address is configured, BGP peer may fail to establish. See the Critical Information section. |
|
PRJ-49485, |
VPN |
VPN connectivity may be unstable when IPv6 and VPN star communities are configured. |
|
PRJ-49351, |
VSX |
In some scenarios, in a Maestro Security Group configured in the VSX mode, a Virtual System that connects to a Virtual Switch may drop traffic as "Out of State" or wrongly drop it on the clean up rule. Refer to sk181823. |
|
PRJ-49933 |
CloudGuard Network |
After an upgrade, CloudGuard Central Licenses may be removed from the CloudGuard Central License pool on the Security Management and from the Security Gateways. Refer to sk181500. See the Critical Information section. |
|
PRJ-49308, |
Scalable Platforms |
The Security Gateway may lose connectivity to Maestro Hyperscale Orchestrator (MHO) when running the "tcpdump -i any" command. |
|
PRJ-49314, |
Scalable Platforms |
After adding a new Security Group Member to a Security Group with the default shell /bin/gclish, the status of the new Security Group Member is "Down" with a Critical Device "image_clone" pnote. |