Important Notes for R81 Jumbo Hotfix Accumulator
| Issue | Resolved in | Affected Takes |
SK |
Reference |
|---|---|---|---|---|
|
In some scenarios, outdated firmware versions on Mellanox cards may conflict with a newer interface driver software. This can potentially lead to system downtime. |
|
Starting from Take 89 |
|
|
|
Starting from Take 89, it is possible to import the Database only with upgrade_tool Build #995000647 and higher. |
|
Starting from Take 89 |
|
|
|
Any manual change of $FWDIR/conf/rad_conf.C file may be overridden by the next Jumbo Hotfix installation. If you edited this file manually, follow the instructions of the SK on how to keep your manual changes. |
|
Starting from Take 34 |
|
|
|
If you use a cluster with enabled Identity Awareness, follow the SK after the first installation of Jumbo Hotfix to avoid unexpected behavior with Identity Awareness. |
|
Take 11, Take 13 |
|
|
|
After an upgrade on the first member of VSX Cluster with VLANs, the member state may become unstable. Although this is a cosmetic issue and does not impact traffic flow or failover functionality, we recommend to follow the steps from sk182819 in order to proceed with the installation. |
|
Take 99 |
PRJ-58221 |
|
|
• On Quantum Maestro/Chassis or in ClusterXL, the Security Gateway may crash while processing a VPN/correction flow with a vmcore in /var/log/crash or FWK core in /var/log/dump/usermode/. • The "kernel: xxxxx: tx_timeout" error is printed in /var/log/messages. • PSL drops packets with "PSL Drop: psl_build_pslip failed” message, potentially impacting network performance and streaming capabilities. |
Take 106 |
Starting from Take 87 |
sk182463 |
PRJ-55516 |
|
The FWM process may exit shortly after startup if the Compliance blade is enabled and scheduled to perform nightly scans. |
Take 106 |
Take 99 |
PRJ-56148 |
|
|
In a Maestro environment with the "vpn_sync_to_all" parameter enabled, connection going through a Site to Site VPN to a remote location, may be dropped with "First packet isn't SYN". |
Take 106 |
Take 99 |
|
PRJ-57437 |
|
Memory leak may occur in SecureXL templates. |
Take 106 |
Take 99 |
PRJ-57106 |
|
|
The CXLD process may consume the CPU at 70%-100% on VSX cluster members. |
Take 99 |
Take 89, Take 92 |
PRJ-52490 |
|
|
SSL Network Extender (SNX) may encounter connectivity issues after installing Jumbo Hotfix Accumulator. |
Take 99 |
Take 89, Take 92 |
PRJ-52046 |
|
|
When the target object name is long and contains underscore or dash characters, policy installation may fail with "Target is not defined in the database".
|
Take 87 |
Take 82 |
|
PRJ-47101 |
|
When uninstalling a Jumbo Hotfix, some of the REST APIs may not work. The "gaia_api status" command returns an error and requests may fail. . |
Take 82 |
Starting Take 74 |
|
PRJ-44160 |
|
In VSX, after adding instances to a Virtual System (VS), their state may be inactive. |
Take 81 |
Take 77, Take 79 |
|
PRJ-44013, PMTR-89893 |
|
After an upgrade to Take 51 or higher, Access Control policy fails, if it is configured with an IoC local feed and hash indicators are added. |
Take 79 |
Starting from Take 51 |
|
PRJ-43513 |
|
The SNMPD process may consume a high CPU level in a VSX environment and there may be slowness when using the "fw vsx stat" command. |
Take 79 |
Take 72, Take 74, Take 77 |
PRJ-43355 |
|
|
After an upgrade, the RADIUS Server is unavailable and authentication fails. To restore the configuration, update one of the RADIUS Server attributes or add a new Server. |
Take 79 |
Take 72, Take 74, Take 77 |
|
PRJ-43269 |
|
After an upgrade of the on-premises Endpoint Management Server to Jumbo Hotfix Accumulator R81 Take 72 login to the Web Management Server fails and the "API error 9999" message is shown. |
Take 79 |
Take 72, Take 74, Take 77 |
PRJ-42719, PRJ-42687 |
|
|
Pushing configuration to a virtual device in a Maestro VSX environment fails. |
Take 77 |
Take 69, Take 72, Take 74 |
PRJ-42179, PMTR-81701 |
|
|
Take 68 introduces a temporary solution for sk177605 - R80.x Security Gateways do not block traffic when an R81.x Management Server installs a Threat Prevention policy with Security Zone objects. The solution is to fail the Threat Prevention policy installation. |
Take 74 |
Take 68, Take 72 |
PRJ-42064, PRHF-25946 |
|
|
In a specific HTTP connection scenario, the Security Gateway may become unresponsive. And the /var/log/messages file contains these messages during the time of the issue: "FW-1: fw_kfree: wrong magic number at tail end of XXX (XXX) caller is 'cmik_loader_fw_pm_match_cb' sz=80. FW-1 panic: cmik_loader_fw_pm_match_cb: fw_kfree: wrong magic number at tail (kiss_memory.c:XXX)". |
Take 72 |
Take 68, Take 69 |
|
PRJ-41445, PRHF-25374 |
|
Remote Access Office Mode IP allocation may fail when using DHCP. |
Take 68 |
Take 60 |
PRJ-38810, PRJ-38729 |
|
|
SIP flow may fail under high load when SIP Multi-core feature is enabled. |
Take 65 |
Take 60 |
|
PRJ-37849, PRHF-22617 |
|
Take 34 is not compatible with the CloudGuard Network for Public Cloud due to incompatibility with cloud cluster fail-over flow. |
Take 36 |
Take 34 |
|
PRJ-28195 |
|
Hardened the ability to use narrowed IKEv2 tunnels. |
Take 60 |
Take 34, Take 36, Take 42, Take 44, Take 51, Take 56, Take 58 |
PRJ-31290, PRHF-19707 |
|
|
Publish and install policy may fail after purging database revisions. |
Take 42 |
Take 27, Take 29, Take 34, Take 36 |
PRJ-29004, PRHF-18817 |
|
|
In environments that use Data Type Group objects, the Management Server may fail to start after installing Jumbo Hotfix. |
Take 27 |
Take 23, Take 25 |
|
PRJ-24974, |
|
Web SmartConsole is not available for customers who install Take 23 without having installed a Jumbo Hotfix before. |
Take 25 |
Take 23 |
|
|
|
An upgrading in a VSX environment (SP and non-SP), the VSX Gateway may experience a crash and corrupt the file system. |
Take 34 |
Take 17, Take 23, Take 25, Take 27 |
PRJ-27489 |
|
|
CloudGuard Controller is not supported on Active/Active Cluster (Geo Cluster) in Amazon Web Services (AWS). |
Take 68 |
Take 13 |
PRJ-37053, PRHF-20096 |
