Important Notes for R81 Jumbo Hotfix Accumulator

Issue Resolved in Affected Takes

SK

Reference

In some scenarios, outdated firmware versions on Mellanox cards may conflict with a newer interface driver software. This can potentially lead to system downtime.

Starting from Take 89

sk182403

Starting from Take 89, it is possible to import the Database only with upgrade_tool Build #995000647 and higher.

Starting from Take 89

Any manual change of $FWDIR/conf/rad_conf.C file may be overridden by the next Jumbo Hotfix installation. If you edited this file manually, follow the instructions of the SK on how to keep your manual changes.

Starting from Take 34

sk163793

If you use a cluster with enabled Identity Awareness, follow the SK after the first installation of Jumbo Hotfix to avoid unexpected behavior with Identity Awareness.

Take 11,

Take 13

sk170516

After an upgrade on the first member of VSX Cluster with VLANs, the member state may become unstable. Although this is a cosmetic issue and does not impact traffic flow or failover functionality, we recommend to follow the steps from sk182819 in order to proceed with the installation.

Take 107

Take 99

sk182819

PRJ-58221

• On Quantum Maestro/Chassis or in ClusterXL, the Security Gateway may crash while processing a VPN/correction flow with a vmcore in /var/log/crash or FWK core in /var/log/dump/usermode/.

• The "kernel: xxxxx: tx_timeout" error is printed in /var/log/messages.

• PSL drops packets with "PSL Drop: psl_build_pslip failed” message, potentially impacting network performance and streaming capabilities.

Take 106

Starting from Take 87

sk182463

PRJ-55516

The FWM process may exit shortly after startup if the Compliance blade is enabled and scheduled to perform nightly scans.

Take 106

Take 99

sk182507

PRJ-56148

In a Maestro environment with the "vpn_sync_to_all" parameter enabled, connection going through a Site to Site VPN to a remote location, may be dropped with "First packet isn't SYN".

Take 106

Take 99

PRJ-57437

Memory leak may occur in SecureXL templates.

Take 106

Take 99

sk182648

PRJ-57106

The CXLD process may consume the CPU at 70%-100% on VSX cluster members.

Take 99

Take 89,

Take 92

sk181891

PRJ-52490

SSL Network Extender (SNX) may encounter connectivity issues after installing Jumbo Hotfix Accumulator.

Take 99

Take 89,

Take 92

sk181805

PRJ-52046

When the target object name is long and contains underscore or dash characters, policy installation may fail with "Target is not defined in the database".

  • Note that the issue is more likely to occur when using Cloud Management Extension (CME), which automatically adds underscore and dash characters to the target names when creating a scale-set instance.

Take 87

Take 82

PRJ-47101

When uninstalling a Jumbo Hotfix, some of the REST APIs may not work. The "gaia_api status" command returns an error and requests may fail. .

Take 82

Starting Take 74

PRJ-44160

In VSX, after adding instances to a Virtual System (VS), their state may be inactive.

Take 81

Take 77,

Take 79

PRJ-44013,

PMTR-89893

After an upgrade to Take 51 or higher, Access Control policy fails, if it is configured with an IoC local feed and hash indicators are added.

Take 79

Starting from Take 51

PRJ-43513

The SNMPD process may consume a high CPU level in a VSX environment and there may be slowness when using the "fw vsx stat" command.

Take 79

Take 72,

Take 74,

Take 77

sk180324

PRJ-43355

After an upgrade, the RADIUS Server is unavailable and authentication fails. To restore the configuration, update one of the RADIUS Server attributes or add a new Server.

Take 79

Take 72,

Take 74,

Take 77

PRJ-43269

After an upgrade of the on-premises Endpoint Management Server to Jumbo Hotfix Accumulator R81 Take 72 login to the Web Management Server fails and the "API error 9999" message is shown.

Take 79

Take 72,

Take 74,

Take 77

sk180230

PRJ-42719,

PRJ-42687

Pushing configuration to a virtual device in a Maestro VSX environment fails.

Take 77

Take 69,

Take 72,

Take 74

sk180107

PRJ-42179,

PMTR-81701

Take 68 introduces a temporary solution for sk177605 - R80.x Security Gateways do not block traffic when an R81.x Management Server installs a Threat Prevention policy with Security Zone objects. The solution is to fail the Threat Prevention policy installation.

Take 74

Take 68,

Take 72

sk177605

PRJ-42064,

PRHF-25946

In a specific HTTP connection scenario, the Security Gateway may become unresponsive. And the /var/log/messages file contains these messages during the time of the issue: "FW-1: fw_kfree: wrong magic number at tail end of XXX (XXX) caller is 'cmik_loader_fw_pm_match_cb' sz=80. FW-1 panic: cmik_loader_fw_pm_match_cb: fw_kfree: wrong magic number at tail (kiss_memory.c:XXX)".

Take 72

Take 68,

Take 69

PRJ-41445,

PRHF-25374

Remote Access Office Mode IP allocation may fail when using DHCP.

Take 68

Take 60

sk178767

PRJ-38810,

PRJ-38729

SIP flow may fail under high load when SIP Multi-core feature is enabled.

Take 65

Take 60

PRJ-37849,

PRHF-22617

Take 34 is not compatible with the CloudGuard Network for Public Cloud due to incompatibility with cloud cluster fail-over flow.

Take 36

Take 34

PRJ-28195

Hardened the ability to use narrowed IKEv2 tunnels.

Take 60

Take 34,

Take 36,

Take 42,

Take 44,

Take 51,

Take 56,

Take 58

sk166417

PRJ-31290,

PRHF-19707

Publish and install policy may fail after purging database revisions.

Take 42

Take 27,

Take 29,

Take 34,

Take 36

sk174703

PRJ-29004,

PRHF-18817

In environments that use Data Type Group objects, the Management Server may fail to start after installing Jumbo Hotfix.

Take 27

Take 23,

Take 25

PRJ-24974,
PRHF-16965

Web SmartConsole is not available for customers who install Take 23 without having installed a Jumbo Hotfix before.

Take 25

Take 23

An upgrading in a VSX environment (SP and non-SP), the VSX Gateway may experience a crash and corrupt the file system.

Take 34

Take 17,

Take 23,

Take 25,

Take 27

sk174191

PRJ-27489

CloudGuard Controller is not supported on Active/Active Cluster (Geo Cluster) in Amazon Web Services (AWS).

Take 68

Take 13

sk175904

PRJ-37053,

PRHF-20096