Important Notes for R81 Jumbo Hotfix Accumulator

Issue Affected Takes Resolved in

SK

Reference

Starting from Take 89, it is possible to import the Database only with upgrade_tool Build #995000647 and higher.

Starting from Take 89

Any manual change of $FWDIR/conf/rad_conf.C file may be overridden by the next Jumbo Hotfix installation. If you edited this file manually, follow the instructions of the SK on how to keep your manual changes.

Starting from Take 34

sk163793

If you use a cluster with enabled Identity Awareness, follow the SK after the first installation of Jumbo Hotfix to avoid unexpected behavior with Identity Awareness.

Take 11,

Take 13

sk170516

The CXLD process may consume the CPU at 70%-100% on VSX cluster members. The issue will be resolved in one of the future Takes.

Take 89,

Take 92

sk181891

PRJ-52490

When uninstalling a Jumbo Hotfix, some of the REST APIs may not work. The "gaia_api status" command returns an error and requests may fail. The issue will be resolved in one of the future Takes.

Take 74,

Take 77,

Take 79,

Take 81

PRJ-44160,

PRJ-43959

When the target object name is long and contains underscore or dash characters, policy installation may fail with "Target is not defined in the database".

  • Note that the issue is more likely to occur when using Cloud Management Extension (CME), which automatically adds underscore and dash characters to the target names when creating a scale-set instance.

Take 82

Take 87

PRJ-47101

In VSX, after adding instances to a Virtual System (VS), their state may be inactive.

Take 77,

Take 79

Take 81

PRJ-44013,

PMTR-89893

After an upgrade to Take 51 or higher, Access Control policy fails, if it is configured with an IoC local feed and hash indicators are added.

Starting from Take 51

Take 79

PRJ-43513

The SNMPD process may consume a high CPU level in a VSX environment and there may be slowness when using the "fw vsx stat" command.

Take 72,

Take 74,

Take 77

Take 79

sk180324

PRJ-43355

After an upgrade, the RADIUS Server is unavailable and authentication fails. To restore the configuration, update one of the RADIUS Server attributes or add a new Server.

Take 72,

Take 74,

Take 77

Take 79

PRJ-43269

After an upgrade of the on-premises Endpoint Management Server to Jumbo Hotfix Accumulator R81 Take 72 login to the Web Management Server fails and the "API error 9999" message is shown.

Take 72,

Take 74,

Take 77

Take 79

sk180230

PRJ-42719,

PRJ-42687

Pushing configuration to a virtual device in a Maestro VSX environment fails.

Take 69,

Take 72,

Take 74

Take 77

sk180107

PRJ-42179,

PMTR-81701

Take 68 introduces a temporary solution for sk177605 - R80.x Security Gateways do not block traffic when an R81.x Management Server installs a Threat Prevention policy with Security Zone objects. The solution is to fail the Threat Prevention policy installation.

Take 68,

Take 72

Take 74

sk177605

PRJ-42064,

PRHF-25946

In a specific HTTP connection scenario, the Security Gateway may become unresponsive. And the /var/log/messages file contains these messages during the time of the issue: "FW-1: fw_kfree: wrong magic number at tail end of XXX (XXX) caller is 'cmik_loader_fw_pm_match_cb' sz=80. FW-1 panic: cmik_loader_fw_pm_match_cb: fw_kfree: wrong magic number at tail (kiss_memory.c:XXX)".

Take 68,

Take 69

Take 72

PRJ-41445,

PRHF-25374

Remote Access Office Mode IP allocation may fail when using DHCP.

Take 60

Take 68

sk178767

PRJ-38810,

PRJ-38729

SIP flow may fail under high load when SIP Multi-core feature is enabled.

Take 60

Take 65

PRJ-37849,

PRHF-22617

Take 34 is not compatible with the CloudGuard Network for Public Cloud due to incompatibility with cloud cluster fail-over flow.

Take 34

Take 36

PRJ-28195

Hardened the ability to use narrowed IKEv2 tunnels.

Take 34,

Take 36,

Take 42,

Take 44,

Take 51,

Take 56,

Take 58

Take 60

sk166417

PRJ-31290,

PRHF-19707

Publish and install policy may fail after purging database revisions.

Take 27,

Take 29,

Take 34,

Take 36

Take 42

sk174703

PRJ-29004,

PRHF-18817

In environments that use Data Type Group objects, the Management Server may fail to start after installing Jumbo Hotfix.

Take 23,

Take 25

Take 27

PRJ-24974,
PRHF-16965

Web SmartConsole is not available for customers who install Take 23 without having installed a Jumbo Hotfix before.

Take 23

Take 25

An upgrading in a VSX environment (SP and non-SP), the VSX Gateway may experience a crash and corrupt the file system.

Take 17,

Take 23,

Take 25,

Take 27

Take 34

sk174191

PRJ-27489

CloudGuard Controller is not supported on Active/Active Cluster (Geo Cluster) in Amazon Web Services (AWS).

Take 13

Take 68

sk175904

PRJ-37053,

PRHF-20096