Important Notes for R81 Jumbo Hotfix Accumulator
Issue | Affected Takes | Resolved in |
SK |
Reference |
---|---|---|---|---|
In some scenarios, outdated firmware versions on Mellanox cards may conflict with a newer interface driver software. This can potentially lead to system downtime. |
Starting from Take 89 |
|
|
|
Starting from Take 89, it is possible to import the Database only with upgrade_tool Build #995000647 and higher. |
Starting from Take 89 |
|
|
|
Any manual change of $FWDIR/conf/rad_conf.C file may be overridden by the next Jumbo Hotfix installation. If you edited this file manually, follow the instructions of the SK on how to keep your manual changes. |
Starting from Take 34 |
|
|
|
If you use a cluster with enabled Identity Awareness, follow the SK after the first installation of Jumbo Hotfix to avoid unexpected behavior with Identity Awareness. |
Take 11, Take 13 |
|
|
|
The FWM process may exit shortly after startup if the Compliance blade is enabled and scheduled to perform nightly scans. The issue will be resolved in one of the future Takes. |
Take 99 |
|
PRJ-56148 |
|
• On Quantum Maestro/Chassis or in ClusterXL, the Security Gateway may crash while processing a VPN/correction flow with a vmcore in /var/log/crash or FWK core in /var/log/dump/usermode/. • The "kernel: xxxxx: tx_timeout" error is printed in /var/log/messages. • PSL drops packets with "PSL Drop: psl_build_pslip failed” message, potentially impacting network performance and streaming capabilities. The issue will be fixed in one of the future Takes. |
Starting from Take 87 |
|
sk182463 |
PRJ-55516 |
The CXLD process may consume the CPU at 70%-100% on VSX cluster members. |
Take 89, Take 92 |
Take 99 |
PRJ-52490 |
|
SSL Network Extender (SNX) may encounter connectivity issues after installing Jumbo Hotfix Accumulator. |
Take 89, Take 92 |
Take 99 |
PRJ-52046 |
|
When the target object name is long and contains underscore or dash characters, policy installation may fail with "Target is not defined in the database".
|
Take 82 |
Take 87 |
|
PRJ-47101 |
When uninstalling a Jumbo Hotfix, some of the REST APIs may not work. The "gaia_api status" command returns an error and requests may fail. . |
Starting Take 74 |
Take 82 |
|
PRJ-44160 |
In VSX, after adding instances to a Virtual System (VS), their state may be inactive. |
Take 77, Take 79 |
Take 81 |
|
PRJ-44013, PMTR-89893 |
After an upgrade to Take 51 or higher, Access Control policy fails, if it is configured with an IoC local feed and hash indicators are added. |
Starting from Take 51 |
Take 79 |
|
PRJ-43513 |
The SNMPD process may consume a high CPU level in a VSX environment and there may be slowness when using the "fw vsx stat" command. |
Take 72, Take 74, Take 77 |
Take 79 |
PRJ-43355 |
|
After an upgrade, the RADIUS Server is unavailable and authentication fails. To restore the configuration, update one of the RADIUS Server attributes or add a new Server. |
Take 72, Take 74, Take 77 |
Take 79 |
|
PRJ-43269 |
After an upgrade of the on-premises Endpoint Management Server to Jumbo Hotfix Accumulator R81 Take 72 login to the Web Management Server fails and the "API error 9999" message is shown. |
Take 72, Take 74, Take 77 |
Take 79 |
PRJ-42719, PRJ-42687 |
|
Pushing configuration to a virtual device in a Maestro VSX environment fails. |
Take 69, Take 72, Take 74 |
Take 77 |
PRJ-42179, PMTR-81701 |
|
Take 68 introduces a temporary solution for sk177605 - R80.x Security Gateways do not block traffic when an R81.x Management Server installs a Threat Prevention policy with Security Zone objects. The solution is to fail the Threat Prevention policy installation. |
Take 68, Take 72 |
Take 74 |
PRJ-42064, PRHF-25946 |
|
In a specific HTTP connection scenario, the Security Gateway may become unresponsive. And the /var/log/messages file contains these messages during the time of the issue: "FW-1: fw_kfree: wrong magic number at tail end of XXX (XXX) caller is 'cmik_loader_fw_pm_match_cb' sz=80. FW-1 panic: cmik_loader_fw_pm_match_cb: fw_kfree: wrong magic number at tail (kiss_memory.c:XXX)". |
Take 68, Take 69 |
Take 72 |
|
PRJ-41445, PRHF-25374 |
Remote Access Office Mode IP allocation may fail when using DHCP. |
Take 60 |
Take 68 |
PRJ-38810, PRJ-38729 |
|
SIP flow may fail under high load when SIP Multi-core feature is enabled. |
Take 60 |
Take 65 |
|
PRJ-37849, PRHF-22617 |
Take 34 is not compatible with the CloudGuard Network for Public Cloud due to incompatibility with cloud cluster fail-over flow. |
Take 34 |
Take 36 |
|
PRJ-28195 |
Hardened the ability to use narrowed IKEv2 tunnels. |
Take 34, Take 36, Take 42, Take 44, Take 51, Take 56, Take 58 |
Take 60 |
PRJ-31290, PRHF-19707 |
|
Publish and install policy may fail after purging database revisions. |
Take 27, Take 29, Take 34, Take 36 |
Take 42 |
PRJ-29004, PRHF-18817 |
|
In environments that use Data Type Group objects, the Management Server may fail to start after installing Jumbo Hotfix. |
Take 23, Take 25 |
Take 27 |
|
PRJ-24974, |
Web SmartConsole is not available for customers who install Take 23 without having installed a Jumbo Hotfix before. |
Take 23 |
Take 25 |
|
|
An upgrading in a VSX environment (SP and non-SP), the VSX Gateway may experience a crash and corrupt the file system. |
Take 17, Take 23, Take 25, Take 27 |
Take 34 |
PRJ-27489 |
|
CloudGuard Controller is not supported on Active/Active Cluster (Geo Cluster) in Amazon Web Services (AWS). |
Take 13 |
Take 68 |
PRJ-37053, PRHF-20096 |