R81 Jumbo Hotfix Take 79

NEW:

• Added ability for R81 Security Management or Multi-Domain Server to manage R81.20 Security Gateways. It requires R81 SmartConsole Build 564 (or higher).

• Managing R81.20 Security Gateways in Autonomous Threat Prevention mode requires installing R81.20 Jumbo Hotfix Accumulator.

UPDATE: Improved the "Assign Global Policy" action time by approximately 50%.

UPDATE: When there is no full license for SmartEvent, which includes the Correlation Unit component, Analyzer Client in Legacy SmartEvent Console will now show a relevant message.

UPDATE: Added Update 16 of Autonomous Threat Prevention Management integration Release. Refer to sk167109.

UPDATE: File Download using SSH with MobaXterm Client fails when SSH Deep Packet Inspection (SSH DPI) is enabled.

UPDATE: Blocked the ability to install Jumbo Hotfix Accumulator or to run an upgrade to a major version on Quantum Maestro Security Gateways using the Central Deployment tool in SmartConsole or the Management REST API.

UPDATE: Added a new CLI command "fw ctl voip [-p {sip| mgcp| sccp| h323}] [-na]". It allows printing the description of defined VoIP protections, the required action, and the logging option configured for each protection.

UPDATE: Added Update 11 of HealthCheck Point (HCP) Release. Refer to sk171436.

Global Domain Assignment may fail if a rule in the global policy was recently enabled or disabled.

Policy installation may fail with "Segmentation fault" or with "INTERNAL ERROR in PutBlock: dangling block at PutBlock". Refer to sk179700.

Packet mode search in HTTPS Inspection policy may not work.

The /var/log/dump/usermode/ directory on the Management Server may contain core dump files for the FWM process. Refer to sk180119.

In rare scenarios, deleting a cluster member may fail with the "Could not delete object. Failed to remove/detach objects licenses" error.

"Automatic purge" fails on a Domain with active Global Domain Assignment and "automatic purge" configured on the Global Domain.

It may not be possible to discard a work session with a newly created admin, a "Failed to discard revoke certificate" message is shown.

Access policy verification may fail when dynamic objects exist in the NAT policy.

Installing a large Access Control policy on Quantum Spark Security Gateways may fail due to high memory consumption on the Security Management Server caused by FW_LOADER.

After creating a new administrator in SmartConsole, the Administrators view may fail to load with "Error retrieving results".

Installing Database from Security Management on an R80.x Log Server may fail

SmartEvent may unexpectedly close when clicking Global Exclusion options or creating a new event. This issue occurs after migrating a Domain from the Multi-Domain Management Server to the Security Management Server.

In rare scenarios, in a Multi-Domain Management Server environment, a memory leak may occur in the FWM process. This may cause the process to exit.

When LEA spawning is turned off (sk91343), the FWD process may run out of memory.

When exporting logs with the fwm logexport script and there is an empty or corrupted log file, the script runs in a loop with the "Failed to read record at position 0" error printed.

The LOG_INDEXER process on the SmartEvent Server may unexpectedly exit, generating a core dump file, if the Log Server used by the correlation unit is deleted.

It may not be possible to filter the "Subscriber" field in SmartLog.

Syslog messages with the "ErtFeed" type of attack are not indexed correctly in SmartLog.

In some scenarios, in the Logs view, the "Description" field may be missing. The issue is only cosmetic.

When using Routing Separation and installing a Jumbo Hotfix Accumulator, MDPS configuration may be overridden. Refer to sk138672.

The "sd_exception_chain_with_global_stateless: fwx_get_original_conn_key() failed" messages may flood /var/log/messages if IPS Blade is active.

After an upgrade, it is not possible to monitor Security Gateways with enabled Management Data Plane Separation (MDPS).

The Security Gateway may crash with the "xxx kernel: [fw4_27];fwatomload_unregister: module RTM not registered xxx kernel: [fw4_27];e2eDisable: fwatomload_unregister failed" errors printed in logs.

In a rare scenario, the mal_conns table may consume a large amount of memory.

After an upgrade to Take 51 or higher, Access Control policy fails, if it is configured with an IoC local feed and hash indicators are added.

See the Important Notes section.

In some scenarios, Mail Transfer Agent (MTA) does not scan files with an unsupported extension if they were renamed to ".exe".

Changing the state of the "Automatic LDAP Group Update" feature for Identity Collector from CLI on the PDP Gateway does not survive a reboot.

The CPU utilization of the PDP daemon may be high during a specific authentication flow.

In some scenarios, IPS logs do not show the correct memory and CPU utilization when IPS is bypassed.

Push notification may not be working with the legacy Mobile Access (MAB) Portal. Refer to sk176243.

The Security Gateway may prematurely expire half-closed TCP connections and drop VoIP and HTTPS packets with "First packet isn't SYN". Refer to sk180364.

SNDs may reach 100% CPU utilization and are not released in some Site to Site VPN scenarios.

The ROUTED process may unexpectedly exit when the route does not have a next hop.

In a rare scenario, when IPv6 is configured, and VPN is enabled, policy installation may cause a stability issue.

When connecting with "Mixed" SSL Network Extender Authentication method, the SNX Client freezes with no output, and the results of the "vpn tu tlist" command show no tunnels.

Trying to perform the "Reset Tunnel" action for an LDAP user from SmartView Monitor fails. Refer to sk178592.

The SNMPD process may consume a high CPU in a VSX environment and there may be slowness when using the "fw vsx stat" command. Refer to sk180324.

See the Important Notes section.

Information about scheduled backup failure is now displayed in Clish, WebUI and in the error message inside the log file.

When configuring Gaia Cloning Group mode on the cluster, members with "off" state appear without an IP address and the "adding notification Member mvc is down" error is displayed.

• After an upgrade of the on-premises Endpoint Management Server to Jumbo Hotfix Accumulator R81.10 Take 75, it is not possible to connect to the Web Management Server.

• When logging into the Web Management Console, an "API error 9999" message is displayed.

Refer to sk180230. See the Important Notes section.

Improved handling of NSX-T API responses.

AWS Data Center mapping fails when a Subnet with only IPv6 addresses is added to Virtual Private Cloud (VPC).

In some scenarios, when using early media with NAT, the first data connections specified in the SDP get closed, although they should not. And the new data connection does not open, resulting in one-way audio. Refer to sk179651.

Performance data may not be collected on VSX Security Gateways.

SNMP threshold events traps may be missing "Chassis ID" and "Blade ID" fields. Refer to sk179926.

In some scenarios, the SNMPD process may unexpectedly exit.

Improved VPN on Quantum Maestro with Security Gateways hidden behind NAT.

When a policy is configured with "SNMP trap alert script", the SNMP trap is sent with an undefined OID.

After an upgrade to Jumbo Hotfix Accumulator R81.10 Take 75 or higher, a member may be in Down state with a "pull_config" pnote.