R81.20 Jumbo Hotfix Take 54

 

Note - This Take contains all fixes from all earlier Takes.

ID

Product

Description

Take 54

Released on 8 April 2024

Take 54 - New Functionality

 

PRJ-52942,

PRJ-52484

Security Gateway

NEW: This Jumbo Hotfix Take introduces support for new Quantum Force appliances 19100 / 9800 / 9700 / 9400 / 9300 / 9200 / 9100 appliances. Refer to sk181698 and to sk180520.

  • Requires installing SmartConsole R81.20 Build 653 or higher.

PRJ-49213,
PMTR-94735

Security Gateway

NEW: Added a new Expert mode command on the Security Gateway to revert the installed Access Control policy to one of the previous revisions: "policy_rev_tool <action> [args]". Refer to sk181437.

PRJ-49827,

ACCESS-799

Application Control

NEW: Added ability to drop the traffic of specific UDP applications per packet. For example, the Security Gateway can now drop the specific commands and allow the other commands of the BACNet Protocol.

This ability is enabled by default.

  • To disable this ability, run: "fw ctl set int appi_drop_packet_enabled 0".

  • To enable this ability, run: "fw ctl set int appi_drop_packet_enabled 1".

PRJ-53513,

PRHF-30322

SecureXL

NEW: It is now possible to configure additional TCP options in the Accelerated SYN Defender configuration file:

cookie_mss_v4, cookie_mss_v6, cookie_sack_permitted, cookie_window_scale. Refer to R81.20 Performance Tuning Administration Guide.

PRJ-47019,
CRYPTOIS-2878

VPN

NEW:Added support for a new tool (shell script) on a Management Server that can show and renew IKE certificates for VPN, Multi-Portal, and Identity Broker on all managed Security Gateways and VSX Virtual Systems. Refer to sk182070.

PRJ-50987,

PMTR-95463

VPN

NEW: Added ability to track RAM usage of the VPND process using the "cpstat" command in CLI. Refer to sk181815.

Take 54 - Improvements and Resolved Issues

 

PRJ-50565,

SDWANGW-1681

SD-WAN

UPDATE: Added support for the AU (Australia) and IN (India) regions in Infinity Portal.

PRJ-46069,

SDWANM-822

SD-WAN

UPDATE: SD-WAN Logs now appear in the dedicated SD-WAN log card in SmartView and SmartConsole.

PRJ-48780,
SL-8207

Security Management

UPDATE: Added validation for new permissions to configure a script to run on the Security Gateway from Gateway object > Logs Alerts/Storage > the "Run the following script before deleting old files" option.

PRJ-48124,
CPM-5007

Security Management

UPDATE: Creating a Domain via Management API now allows the allocation of the Domain IP address from a predefined IP address range on the Multi-Domain Security Management Server.

PRJ-48096,

PMTR-77299

CPView

UPDATE: CPView now shows statistical data also for servers with 256/512 CPU cores.

PRJ-50429,

PMTR-96484

Security Gateway

UPDATE: During certificate validation, the Security Gateway now retrieves the Certificate Revocation List (CRL) from all CRL distribution points (CDP) listed in certificate extensions.

PRJ-50741,

PRHF-30794

Security Gateway

UPDATE: Added an ability to configure objects for the HTTPS Inspection CA using labels.

  • There are now handle-based and label-based configurations.

  • Hardware Security Module in High Availability mode (HSM HA) now supports only the label-based configuration.

PRJ-50977,
PRHF-31196

Threat Extraction

UPDATE: Added an option in ICAP Server for logging benign files scanned by the Anti-Virus Blade. By default, logging for benign files is disabled. To enable it, add to the ICAP Server configuration file this entry: "LogBenign on".

PRJ-50500,
IDA-5167

Identity Awareness

UPDATE: The identity synchronization from Policy Decision Point (PDP) to Smart-Pull Policy Enforcement Point (PEP) client now takes several seconds instead of a few minutes, especially beneficial in environments with a single PDP Security Gateway sharing to multiple PEP Security Gateways.

PRJ-46626,
PMTR-87439

VPN

UPDATE: The "Server Authentication" attribute within the "Extended Key Usage" field is now included by default in IKE certificates generated by the Security Management Server.

PRJ-50915,
PRHF-31000

Gaia OS

UPDATE: When a Gaia OS Server has a Cloning Group feature enabled, it now accepts other Gaia OS Servers that join this Cloning Group over TLS1.2 or higher (over the TCP port 1129).

PRJ-53022,

ODU-1468

Automatic Updates - Security Management

UPDATE: Added Update 2 of Server-Side Change Report Generator Release Updates. Refer to sk179508.

PRJ-52628,

PRJ-53586,

ODU-1571,

ODU-1392

Automatic Updates - Web SmartConsole

UPDATE: New features and improvements are released in Take 94 and Take 97 through self-updatable package. Refer to sk170314.

PRJ-52696,

ODU-1408

Automatic Updates - Smart-1 Cloud

UPDATE: Added Update 7 of Quantum Smart-1 Cloud. Refer to sk166056.

PRJ-52820,
ODU-1491

Automatic Updates - CPView

UPDATE: Added Take 34 of CPviewExporter Release Updates. Refer to sk180521.

PRJ-52596,
ODU-1499

Automatic Updates - CPView

UPDATE: Added Take 77 of CPotelcol (OpenTelemetry Collector) Release Updates. Refer to sk180522.

PRJ-52587,

PRJ-53541,

ODU-1476,

ODU-1460

Automatic Updates - Threat Prevention

UPDATE: Added Update 23 and Update 24 of Autonomous Threat Prevention Management integration Release. Refer to sk167109.

PRJ-52867,

PRJ-53688,

ODU-1595,
ODU-1531

Automatic Updates - HCP

UPDATE: Added Update 15 and Update 16 of HealthCheck Point (HCP) Release. Refer to sk171436.

PRJ-53397,

PRJ-5368,

ODU-1611,

ODU-1563

Automatic Updates - CPSDC

UPDATE: Added Take 31 and Take 33 of Check Point Support Data Collector (CPSDC) for Scalable Platforms and Maestro Security Appliances. Refer to sk164414.

PRJ-50214,
PRHF-30688

Security Management

Packet mode search in SmartConsole may show rules that do not match the query if the query contains four or more filters.

PRJ-51089,
PRHF-31285

Security Management

In some scenarios, the change report sent via email by SmartTasks after publishing appears blank, even though there were modifications in the published session.

PRJ-50047,
PRHF-30714

Security Management

In High Availability environments, task progress notifications may get updated only every 5 minutes, even when the task is complete.

PRJ-49953,
PRHF-30373

Security Management

Login to SmartConsole may fail while the Compliance Blade is running a full scan.

PRJ-50797,

PMTR-97183

Security Management

When configuring an email address in SmartTasks, Top Level Domain (TLD) is limited to 3 characters, for example, ".com"

PRJ-51068,
PRHF-31283

Security Management

In a rare scenario, the FWK and CPD processes may exit with core dumps at approximately the same time.

PRJ-51279,
PMTR-97942

Security Management

When the value of the "asm_ips_cci" property is updated manually to a number higher than 500,000:

  • login to the Security Management Server fails due to timeout.

  • the FWM process may consistently consume 100% CPU.

PRJ-50355,
PRHF-30825

Security Management

SmartConsole may unexpectedly close after policy installation when SmartTasks return invalid characters from a user-defined script.

PRJ-50436,
PMTR-96433

Security Management

The FWM process on the Management Server may unexpectedly exit, creating a core dump file.

PRJ-49944,
PRHF-30561

Security Management

In environments with many network objects, SmartConsole may freeze while it loads the VPN tab of a Security Gateway object.

PRJ-50405,

PRHF-30796

Security Management

In some scenarios, in SmartConsole, when clicking the picker to add Security Gateway to the "Install On" column in the Threat Prevention policy, no Security Gateway objects may appear.

PRJ-50187,

PRHF-30766

Security Management

In some scenarios, Access Policy installation fails with "Policy load / verification failed because it required more than the maximum allowed memory of 4GB. Follow sk161874 to improve the performance and prevent excessive memory consumption".

PRJ-45023,
PRHF-28126

Security Management

The "show users" Management API command fails if a user is configured to be able to connect on specific days, but the days are not selected.

PRJ-50390,
PRHF-30846

Security Management

The $MDS_FWDIR/scripts/cpm_debug.sh script may fail with "The element type "Loggers" must be terminated by the matching end-tag "/Loggers"."

PRJ-51074,
PRHF-31280

Security Management

Running a Gaia API command on the Security Gateway through the Management API from the Security Management Server fails when configuring the "target" parameter with either the Security Gateway name or UID.

PRJ-50851,
PMTR-97291

Security Management

Access Policy verification may fail when groups with exclusions are used in rules.

PRJ-46935,
PRHF-28412

SmartConsole

Defining more than two hundred GUI clients causes the "Command Line" tab in SmartConsole to be greyed out and the "api status" command to show an error status.

PRJ-49345,
PMTR-95009

Security Management

SmartConsole may unexpectedly close after deleting an object in the Object Explorer view.

PRJ-47691,
PMTR-93300

Security Management

In some scenarios, an upgrade may fail if a scheduled IPS update occurs simultaneously with the upgrade or domain migration.

PRJ-48916,

PRHF-29502

Security Management

In some scenarios the "show access rulebase" Management API command with "details-level full" can take a significant amount of time to complete or time out after five minutes. Refer to sk181397.

PRJ-50563,
PRHF-30717

Security Management

In environments with more than one hundred fifty administrators, SmartConsole may unexpectedly close when submitting changes for approval via Workflow. Refer to sk181649.

PRJ-51134,

PRHF-30631

Security Management

Installing security policy with a rule that contains the "Internet" object in the destination column may fail with error message "Topology is not defined on the policy "Install On" target <cluster object name>", if the target cluster is marked as "Geo Mode in a Cloud".

PRJ-50408,

PRHF-30754

Security Management

The Change Report generated before publishing a session, may contain internal system changes that were made by the user.

PRJ-50580,
PRHF-30902

Multi-Domain Security Management

In rare scenarios, in a Multi-Domain Security Management environment:

  • Login to the Security Management Server may fail with timeout.

  • Publish operations may take a long time.

PRJ-51665,
PMTR-98552

Web SmartConsole

An "Error logging into domain" message is displayed in Web SmartConsole when connecting to a Domain on a peer Multi-Domain Security Management Server. Refer to sk181801.

PRJ-48003,
PRHF-29744

CPView

Offload may fail in CPView with "ERROR! Reason not initialized".

PRJ-44498,
PMTR-90355

CPView

In rare scenarios, CPView does not handle VS context correctly.

PRJ-49974,
PMTR-94928

CPView

CPU statistics may be incorrect or missing in CPView. Refer to sk182286.

PRJ-51064,

PMTR-97643

CPUSE

SmartConsole does not show all available packages for Security Gateways that run on the 15000 and 16000 Check Point appliances, even if these packages are located in the Package Repository on the Security Management Server.

PRJ-47984,
PRHF-29667

Logging

Some Access Rule Base logs may be generated with a wrong interface direction. The issue is cosmetic only.

PRJ-46288,
PRHF-27161

Logging

In SmartConsole, in the "Device License Information" view, the "New connection rate" field may indicate "please wait 10 seconds".

PRJ-48806,
SL-8218

Logging

Some attributes in SNMP MIB file may not be accessible.

PRJ-49390,
PRHF-30398

Logging

In SmartView, incorrect results may be displayed when filtering logs using the "src_machine_name" field.

PRJ-46207,
PRHF-27710

Logging

Security Gateway forwards logs to the real IP address of the Management Server instead of the public (NATed) IP address. Refer to sk181609.

PRJ-48242,
PRHF-29837

Logging

The "source", "destination", "user" and "action" fields are not exported when exporting logs with the "visible columns" option to CSV in the SmartView Web application. Refer to sk181706.

PRJ-49499,
PRHF-28245

Logging

Duration of Log Sharing on-boarding or migration to Smart-1 Cloud may take a long time (up to two minutes).

PRJ-53009,

PRHF-32426

Logging

The Syslog messages are not sent to the Security Management Server and cannot be seen in SmartLog if the Security Management Server IP address is not configured under the "Remote System Logging" section in the Gaia WebUI.

PRJ-44687,
PRHF-27417

Logging

When using Log Exporter to export logs to Splunk, a log entry in Splunk is split to separate lines if it contains the CRLF characters.

PRJ-45297,

PRHF-26975

Logging

In a rare scenario, a Security Gateway / Cluster Member may stop logging locally or to configured Log Servers. Refer to sk170331.

PRJ-47316,
PRHF-29126

Logging

When the active log file, for example, the fw.log for the Security Gateway is older than two days, the CPLogFilePrint utility does not print the log records correctly.

PRJ-49736,
PMTR-95580

Logging

In rare cases, the LOG_EXPORTER process exits and the CPWD process does not start it because of the "exit_code 0" error.

PRJ-53337,

PMTR-101195

Logging

When the "IP Options drop" tracking Global Properties setting is configured to "Log" and the policy is installed, the Security Gateway drops traffic with disallowed IPv4 options or IPv6 extension headers, but no log is shown in SmartConsole.

PRJ-52675,

PRHF-32203

Security Gateway

CVE-2023-51764 - Postfix SMTP Smuggling vulnerability. Refer to sk181944.

PRJ-47957,
PMTR-93503

Security Gateway

The CPVIEW_API_SERVICE process may exit with a timeout.

PRJ-52114,
PMTR-98129

Security Gateway

Incorrect CPU statics may be shown in CPView when using Dynamic Split.

PRJ-52471,

PMTR-98658

Security Gateway

CIFS traffic may cause CPU spikes in the FWK process.

PRJ-50761,

PRHF-31092

Security Gateway

On Security Gateways with enabled Hyper Flow feature, during policy installation and re-offload process of the connections, accelerated connections may be interrupted. Refer to sk181671.

PRJ-53051,

PMTR-100847

Security Gateway

Security Gateway does not pass traffic through an external interface when it is managed by Smart-1 Cloud, and SecureXL works in User Mode (UPPAK) mode. Refer to sk182016.

PRJ-46203,
PRHF-25771

Security Gateway

In rare scenarios, updating the NTP Server may cause a temporary outage.

PRJ-50314,

PMTR-96671

Security Gateway

In a large environment, updating policy with 20000 IP addresses may take up to eighteen minutes. When publishing such changes, Data Center updates are not sent to the Security Gateway.

PRJ-50660,
PRHF-30938

Security Gateway

The proxy IP address of users surfing HTTP sites may be displayed instead of the real source IP address.

PRJ-50603,
PRHF-28340

Security Gateway

In some scenarios, the PDPD process may consume high CPU in the Identity Acquisition flow.

PRJ-49807,
PRHF-30576

Security Gateway

Enabling MDPS fails with the "clish: symbol lookup error: /usr/lib/cli/lib/libcli_mdps.so: undefined symbol: cp_is_usim" error.

PRJ-50932,
PMTR-94510

Security Gateway

Multiple "fw_fna_hold_prepare: creating table" entries may be printed in /var/log/messages. The issue is cosmetic only.

PRJ-48322,
PRHF-29953

Security Gateway

The system may not automatically end or interrupt the RAD process if it takes longer than a specified timeout duration.

PRJ-53290

Security Gateway

In rare scenarios, during active HTTP streaming, the FWK process may unexpectedly exit due to memory corruption.

PRJ-50140,
PRHF-30588

Security Gateway

Accounting info may not be displayed in logs for IPv6 Cluster VRRP environments.

PRJ-47460,
PRHF-29514

Threat Prevention

In a rare scenario, there may be an unexpected reboot and a vmcore file generated in /var/log/crash.

PRJ-50050,
PRHF-30177

Threat Prevention

Security Gateway with a large number of CPU cores allocated to CoreXL SND may experience performance issues when an IoC Feed and the "fwaccel dos deny" feature are configured. See sk182223.

PRJ-46444,
PRHF-28775

Threat Prevention

Files that undergo emulation while operating from a corporate location are transformed into PDF format. However, when the same files are accessed through a VPN remote client, they do not get the pdf file extension.

PRJ-43530, PMTR-87666

Threat Prevention

When configuring an IoC Feed in SmartConsole, the "Test Feed" action does not support Full High Availability clusters.

PRJ-46597,
PRHF-29036

Threat Extraction

The "scrub send_orig_email <email_id> <recipient>" command fails. Refer to sk180974.

PRJ-51423,
PRHF-31468

Identity Awareness

In a rare scenario, an Identity Gateway (PEP) becomes unresponsive while unregistering a network.

PRJ-45136,

PRHF-27966

Identity Awareness

In Multi-User Host setups, some accounts may be identified as service accounts, although they should not be flagged.

PRJ-45142,
PMTR-90996

Identity Awareness

A memory leak may occur in the PDPD process when storing new identities.

PRJ-52495,

PRHF-32042

Identity Awareness

Setting custom configuration of PEP Identity Conciliation with the "Connect_Time" factor does not work as expected.

PRJ-49534,
PMTR-95032

Application Control

In some scenarios, the Application Control and URL Filtering scheduled updates may occur more frequently than configured.

PRJ-43457,
PRHF-26010

Application Control

When policy contains a white list, some packets may not match the listed applications.

PRJ-49687,
PMTR-95514

Application Control

Anti-Spoofing drops packets that arrive at a Security Gateway through interfaces with Topology "External" if there are routes configured for internal interfaces that overlap with routes configured for external interfaces. Refer to sk181768.

PRJ-42481,
PRHF-26320

IPS

Core IPS Protection "Unknown Resource Record" drops valid requests of specific DNS types.

PRJ-49298,
PRHF-23253

Anti-Virus

Anti-Virus fails to release held connections after the inspection.

PRJ-50529,
PMTR-96396

Anti-Virus

In a rare scenario, the Security Gateway may crash during inspection of file downloads.

PRJ-49521,
TPP-3592

Anti-Virus

The Anti-Virus Blade may inspect files on an SMB appliance although the "SMB" checkbox is disabled on the matched profile.

PRJ-49793,
PRHF-30328

SSL Inspection

Policy installation fails on the Security Gateway when using HTTPS Inspection with Hardware Security Module (HSM).

PRJ-45151,
PMTR-83342

SSL Inspection

When HTTPS Inspection is enabled, the Security Gateway generates a log that includes the message "Certificate Chain is not signed by a Trusted CA" when an end-user connects to an HTTP site or a site with an untrusted SSL certificate. But, in some scenarios, the log does not include this text.

PRJ-50870,
PRHF-31176

ClusterXL

The output of the "cphaprob -m -a if" command may show an incorrect high VLAN ID address. This is a cosmetic issue.

PRJ-52731,

PRHF-32237

ClusterXL

When working in ClusterXL mode with MDPS enabled on the cluster nodes, enabling a Cloning Group may get stuck in the "synchronizing" status.

PRJ-52498,

PMTR-99746

ClusterXL

During a Multi-Version Cluster (MVC) upgrade, full synchronization between the upgraded member and another member may not function correctly. This can cause an interruption of IPv6 traffic.

PRJ-48414,
PRHF-29594

ClusterXL

In a cluster connected to Smart-1 Cloud, local probing may start on the "maas_tunnel" interface, although it is not monitored by the cluster. Output of the Expert command "cphaprob -i list" or the Gaia Clish command "show cluster members pnotes problem" shows that the Critical Device "Local Probing" reports its state as "problem".

PRJ-51136,
PRHF-31303

SecureXL

The Security Gateway may crash with vmcore during boot while upgrading.

PRJ-48761,
PMTR-93332

SecureXL

The port beacon feature also known as interface discovery or port blinking may not work correctly in User Mode (UPPAK).

PRJ-50546,
PRJ-50419

SecureXL

High CPU utilization may be triggered when User Mode (UPPAK) and VPN are enabled under high load.

PRJ-50950,
PRHF-30474

SecureXL

In some scenarios, the VSX Security Gateway may not be able to pass VPN encrypted traffic from one Virtual System to another Virtual System through a Virtual Router/Switch.

PRJ-48284,
PRHF-29906

SecureXL

The "fwaccel dos rate get -S IP" command fails to connect to the Security Gateway.

PRJ-50833,
PMTR-96490

Routing

The "force-if-symmetry" setting in IPv4 static routes fails to mark IP addresses as unreachable, leading to the static route inaccurately remaining active in asymmetric scenarios.

PRJ-49579,
PRHF-30498

Routing

The CLI Parameters for the "netflow fwrule" command are displayed incorrectly: "set netflow fwrule ?" instead of "set netflow fwrule 0" or "set netflow fwrule 1". The issue is cosmetic only, the functionality works as expected.

PRJ-51347,
PMTR-97885

VSX

High CPU usage on SND cores when many interfaces are configured. Refer to sk181860.

PRJ-50176,
PRHF-30759

VSX

In some scenarios, installing policy via vsx_util may be stuck.

PRJ-46143,
PRHF-28669

Gaia OS

Taking a snapshot on the Security Management Server fails because of the error during copying the /boot/config/ content.

PRJ-50487,
PRHF-30667

Gaia OS

SNMP query does not bring the CPUSE package information for a single OID (not a table).

PRJ-48720,
PRHF-29974

Gaia OS

The "show configuration password-controls command output does not print the "set password-controls deny-on-fail block-admin on" option.

PRJ-50509,
PRHF-30939

Gaia OS

There may be some inconsistent syntax in the "comment" section for interface and static-route commands.

PRJ-47177,
PRHF-29200

Gaia OS

When rebooting the Security Gateway, some VLANs may lose their IPv6 configuration.

PRJ-51220,
PMTR-92877

Gaia OS

Clish may deny access of a non-local RADIUS user.

PRJ-50692,

PMTR-96606

Gaia OS

Link may not come up automatically in the 2-Port 40G/100G NIC, 4-Port 10G/25G NIC, and 10G/25G Sync Port. Refer to sk181487.

PRJ-45116,
PRHF-28172

Gaia OS

Lock database override may not work as expected when it is set via Ansible playbook, and another admin was connected to SSH before that.

PRJ-49218,
PRHF-30327

VPN

Redundant log prints in /var/log/messages may be generated, although they should be printed only when the debug flags are enabled.

PRJ-49560,
PRHF-30457

VPN

When using the "fw tab" command to view the IKE_SA_table, the output shows a column containing the IP addresses that are not meant to be displayed while the correct IP addresses are not printed.

PRJ-53729

CloudGuard Network

AWS CloudGuard Security Gateway boots into "Sh-4.4" shell after in-place upgrade to R81.20 with Jumbo Hotfix Accumulator from Take 38 to Take 53. Refer to sk182112.

See the Important Notes section.

PRJ-50162,
PMTR-91756

CloudGuard Network

After installing this Take, after an out-of-memory event, the CloudGuard Controller will automatically restart with increased memory settings, and the "CloudGuard IaaS" log with the Description: "CloudGuard Controller is restarting with new memory settings" will be sent.

PRJ-50161,
PRHF-30734

Harmony Endpoint

Due to a synchronization issue between the Policy Server and Primary Server, the Endpoint clients may be connected to the Primary Server instead of the Policy Server.

PRJ-46991,
PRHF-28944

VoIP

In some scenarios, SIP TCP connections are dropped after a cluster failover.

PRJ-47995,
PRHF-29577

VoIP

When the SIP Multi-core feature is enabled, and a SIP over UDP rule with one-way calls (only outgoing calls, for example) is defined, the returned traffic is dropped. Refer to sk181525.

PRJ-49104,
PMTR-93551

Scalable Platforms

When creating a Security Group creation in Maestro Orchestrator WebUI, and the password contains the "(" "&" or ";"characters, the operation fails with "Failed to apply new topology" or with "Gaia Web-UI recognized a non-valid input data".

PRJ-48724,
PMTR-67380

Scalable Platforms

When running the "asg if script" command, the "Bridge Master" output does not fit in one line in the "Info" column. The issue is cosmetic only.

PRJ-52079,
PMTR-99328

Scalable Platforms

The Maestro Fastforward feature cannot be enabled when there is a bond interface with an ID consisting of two or three digits.

PRJ-50738,
PRHF-29610

Scalable Platforms

The Gaia gClish command "installer verify CPUSE Package ID member_ids all" fails with "Quitting due to time-out" on a Scalable Platform Security Group. Refer to sk181674.

PRJ-46064,
PRHF-28410

Scalable Platforms

Querying SP Interface Data via SNMP may intermittently fail.

PRJ-50747,
PRHF-30416

Scalable Platforms

Performance data collected from all members including the Standby site, may cause the "Instance Load" and "Accelerate Load" values to be different from the asg perf tool data.

PRJ-47762,
PRHF-29491

Scalable Platforms

Gaia Clish prompt does not appear after a TACACS user logs into a Maestro Security Group. Refer to sk181149.

PRJ-50681,

PRHF-30764

Scalable Platforms

Scalable Platform Interface data OIDs (1.3.6.1.4.1.2620.1.48.26) may not be refreshed.

PRJ-48930,
PMTR-92547

Scalable Platforms

Connectivity issues may occur in a Maestro Security Group when VLAN encapsulation is disabled on Orchestrators in a Maestro Dual Site environment. Refer to sk181385.