R81 Jumbo Hotfix Take 10

 

 

List of Resolved Issues and New Features

ID

Product

Description

Take 10

Released on 14 December 2020

PRJ-18770,
PRHF-13728

Security Management

NEW: Improved FWM process performance during policy or database installation.

PRJ-19096,
PMTR-61758

Security Management

Fetch policy on Security gateway may fail after installing Accelerated policy on it.

PRJ-19137,
PMTR-61781

Security Management

In some scenarios, policy installation may fail with verification errors when the installation is accelerated.

PRJ-18392,
PMTR-60541

Security Management

In a rare scenario, the FWM process unexpectedly exits.

PRJ-19085,
PRHF-13972

Security Management

In some scenarios, HA synchronization may fill up the disk space of a standby Management Server. Refer to sk168492.

PRJ-18493,
PRHF-13681

Security Management

In rare scenarios, a policy installation task may never complete.

PRJ-18955,
PRHF-13948

Security Management

Policy verification may fail with error "For security gateways R80.40 and higher, rules that use Access Roles can only have "Any Traffic" or "RemoteAccess" in the VPN column"

PRJ-18818,
PRHF-13819

Security Management

Management HA synchronization between Multi-Domain Management Servers may fail with "Failed to import data" error due to manual or automatic updates of contracts.

PRJ-18945,
PMTR-61616

Security Management

In rare scenarios, FWM process may unexpectedly exit after a login attempt to the Management server.

PRJ-18908,
PMTR-61579

Multi-Domain Management

In some scenarios, size of MDS backup file increases after each policy installation.

PRJ-19072

SmartConsole

NEW: Added ability to view policies, objects and logs from the new Web SmartConsole. Refer to Take 24 sk170314.

PRJ-16059,
PRHF-12395

SmartConsole

In some scenarios, certain Gateways do not appear in the IPS Core protections list. Refer to sk168474.

PRJ-18350,
PRHF-13223

SmartConsole

When removing an object from a group using the "groups" field of the object's module in the Ansible collection, the group will not be changed and Ansible will show that no changes are needed.

PRJ-20142,
PMTR-60372

SmartConsole

Duplicate central licenses may be added to the management database. In some rare scenarios, this may lead to heavy load on the FWM process and prevent login.

PRJ-18554,
PMTR-60476

SmartConsole

After enabling the Endpoint Policy Management Blade on the Security Management Server, some views on SmartConsole may not load properly and SmartClient may disconnect.

PRJ-16978,
PRHF-12928

SmartConsole

In some scenarios, some Web APIs fail with "Script stopped running due to severe error!" message when SMB gateway is defined as a policy target. Refer to sk169557.

PRJ-17644,
PRHF-13379

SmartConsole

When creating a user with Check Point password authentication through the Management API, log in to Mobile Access portal may fail. Refer to sk170412.

PRJ-15815,
PRHF-12352

SmartConsole

In some scenarios, Management API does not start automatically after restart, although automatic start is enabled. Refer to sk168332.

PRJ-18383,
PRHF-13609

SmartConsole

In some scenarios, running an action on a ROBO Gateway behind NAT does not work during sync on SMB appliances.

PRJ-18366,
PRHF-12819

SmartConsole

Enabling Threat Prevention policy may fail with validation errors when the policy's targets include cluster members running a version lower than R80.10.

PRJ-17483,
PRHF-12997

SmartProvisioning

In some scenarios, when recreating a ROBO object with the same name, the new object receives the previous status.

PRJ-18953,
PRJ-18833

Security Gateway

In rare scenarios, Security Gateway memory consumption may increase.

PRJ-18931,
PMTR-61541

Security Gateway

NAT may not work properly when Domain objects are used in the Translated Destination column.

PRJ-19177,
PMTR-61822

Security Gateway

Connections may be wrongly matched on Domain or Updatable objects used in Security policy.

PRJ-19004,
PRHF-13892

Security Gateway

In some scenarios, when using routing separation, connection from data plane to management plane is dropped.

PRJ-18685,
PMTR-56181

Security Gateway

In some scenarios, compilation errors during policy installation are ignored instead of immediately failing the policy. This may cause drops on the Security Gateway.

PRJ-17806,
PRHF-12119

Anti-Malware

In a rare scenario, Security gateway may crash after a match of the Anti-Bot Blade.

PRJ-19107,
IDA-3240

Identity Awareness

NEW: Performance optimization for Identity broker.

PRJ-18443,
PMTR-59795

DLP

In a rare scenario, "SEC Filings - Draft or Recent" Data Type in DLP is not properly enforced.

PRJ-18826,
PRHF-13605

HTTPS Inspection

The user may not be able to browse with Chrome when using mixed chain with ECDSA subordinate CA in HTTPS Inspection. Refer to sk170332.

PRJ-17828,
PRHF-13029

SecureXL

In some scenarios, CPView may show incorrect statistics for VPN encrypted/decrypted packets.

PRJ-18027,
PRHF-13480

Routing

SNMP queries for bgpPeerFsmEstablishedTime return an incorrect constant value. Refer to sk170074.

PRJ-18530

Gaia OS

NEW: Added Jumbo Hotfix for Scalable Platforms support. Refer to sk169954.
This Jumbo Hotfix Take is mandatory for Scalable Platform installation.

PRJ-19156,
PMTR-61729

Gaia OS

NEW: Allow Amazon Web Services (AWS) to modify partitioning via lvm_manager.

PRJ-18242,
PRHF-13451

Gaia OS

"cphaprob -h" shows wrong explanation for "cphaprob show_bond [<bond_name>]" command.

PRJ-19331,
PRHF-14073

Gaia OS

In some scenarios, login from data plane context fails (no connectivity to server).

PRJ-19150,
PMTR-57495

Gaia OS

"Docker0" bridge interface with assigned IP address from class B private pool may appear in the system, causing routing issues.

PRJ-19051,
PRHF-13949

Gaia OS

In some scenarios, when using routing separation, modifying interface IP address fails.

PRJ-18068,
PMTR-59437

VPN

NEW: Added Remote Access VPN performance improvements.

PRJ-19165

VPN

UPDATE: Added support for fetching CRL through proxy in Site to Site VPN configuration.

PRJ-18535,
PMTR-61276

VPN

In rare scenarios, when a Wire-Mode is configured on a community, it may cause a Security gateway from another community not to accelerate connections in SecureXL.

PRJ-18167,
CRYPTOIS-661

VPN

In some scenarios, Security Gateway Portals and Remote Access VPN clients show wrong certificate after certificate renewal. Refer to sk131212.

PRJ-18733,
PMTR-61360

VPN

In some scenarios, userspace cores may appear on Security gateways with enabled AES-GCM-256 and AES-256 VPN encryption. Refer to sk169417.

PRJ-18313,
PMTR-60933

VPN

"Decryption failed" drop logs may appear under heavy VPN load for accelerated tunnels using SHA 384 or SHA 512 Ciphers.