R81.20 Jumbo Hotfix Take 41

 

Note - This Take contains all fixes from all earlier Takes.

ID

Product

Description

Take 41

Released on 20 November 2023 and declared as Recommended on 4 December 2023

PRJ-50104,

PRHF-30325

Diagnostics

UPDATE: Added SecureXL SYN Defender metrics to Skyline. Refer to the Skyline Metrics Repository.

PRJ-49892,

PMTR-95687

Security Management

UPDATE: Removed a redundant guava package.

PRJ-49825,

PMTR-95347

Security Management

UPDATE: Upgraded the commons-compress-jar package from version 1.8 to version 1.22.

PRJ-49787,

PMTR-95614

Security Management

UPDATE: properJavaRDP - an SNX-embedded application for Mobile Access is now blocked and is no longer supported because of deprecated Java library dependencies.

PRJ-50265,

PRJ-49966,

PRJ-48318,

PRJ-49012,

ODU-1121,

ODU-1137

ODU-1256,

ODU-1304

Web SmartConsole

UPDATE: New features and improvements are released in Take 81, Take 85 and Take 90 via self-updatable package. Refer to sk170314.

PRJ-49109,

PMTR-94517

SmartConsole

UPDATE: Applied security related improvements to the Jetty open source library.

PRJ-50125,

PRJ-50124,

ODU-1217,
ODU-1328

CPView

UPDATE: Added Take 68 and Take 70 of CPotelcol (OpenTelemetry Collector) Release Updates. Refer to sk180522.

PRJ-50043,
ODU-1264

CPView

UPDATE: Added Take 14 of CPquid (QUID) Release Updates. Refer to sk181458.

PRJ-50093,
PRHF-30702

Security Gateway

UPDATE: Improved traffic classification of GTP traffic on the Security Gateway to enhance the stability.

PRJ-49494,
ODU-1170

Threat Prevention

UPDATE: Added Update 21 of Autonomous Threat Prevention Management integration Release. Refer to sk167109.

PRJ-49746,

PMTR-95099

Mobile Access

UPDATE: SNX used to connect back to Mobile Access Blade's portal FQDN by resolving its IP address locally. This method makes it sensitive to DNS poisoning attacks such as those specified by TunnelCrack. Therefore, it was modified to connect back to the Security Gateway / Cluster member IP address by default.

PRJ-50418,

PRHF-30748

CloudGuard Network

UPDATE: The automatic scanning of NSX-T IP ranges feature is now disabled by default. Refer to sk181614.

See the Important Notes section.

PRJ-48340,
ODU-1081

CloudGuard Network

UPDATE: Added Take 20 of Public Cloud CA Bundle. Refer to sk172188.

PRJ-49936

Harmony Endpoint

UPDATE: Upgraded symmetricDS to the 3.14.9 version.

PRJ-45981,
ODU-1154

Scalable Platforms

UPDATE: Added Take 29 of Check Point Support Data Collector (CPSDC) for Scalable Platforms and Maestro Security Appliances. Refer to sk164414.

PRJ-50543,
ODU-1113

HCP

UPDATE: Added Update 14 of HealthCheck Point (HCP) Release. Refer to sk171436.

PRJ-50030,

PMTR-95988

Security Management

The Gaia Clish command "show configuration user" fails with "Segmentation fault" on a Management Server. Refer to sk181626.

PRJ-50899,

PRHF-31187

Security Gateway

A double-free flaw that leads to a possible Security Gateway crash was identified. This release includes the fix to enhance system stability and security.

PRJ-50191,

PMTR-96205

IPS

Policy installation may fail on Security Gateways with enabled IPS and configured Strict profile and IPv6.

PRJ-49379,

PRHF-30056

SecureXL

SYN Defender may not correctly handle reused connections.

PRJ-49467,

PRHF-30344

Scalable Platforms

On a Security Group with MDPS enabled:

  • The "asg perf" command on a Security Group does not show any output - the Gaia OS prompt appears immediately after entering the command and pressing the Enter key.

  • When running the "mac_verifier" and other commands on a Security Group, the output may show the error message "mount of /sys failed: device or resource busy".

  • The "distutil verify -v" command on a Security Group returns "verification failed".

After installing this Take, when MDPS plane separation is enabled, in the context of the Management plane, the directory /sys/class/net/ now shows interfaces that belong to the Data plane, although it should show interfaces that belong to the Management plane.

See sk182076.