R82.10 Jumbo Hotfix Take 19

NEW: Policy Auditor is a policy analytics and auditing tool that provides visibility into traffic behavior within the user's network. In SmartConsole > Security Policies > Access Control, Policy Auditor presents a matrix view of the network's logical segments and the access rules defined between them. The tool allows administrators to audit these security rules and verify that they align with organizational access policies and segmentation requirements.

• Requires R82.10 SmartConsole Build 424 or higher.

NEW: Added a new Management API command to retrieve an entire Access Control Layer (including inline layers) - "export-access-rulebase".

UPDATE: Resolved CVE-2026-48132 - VPN process may restart unexpectedly when processing IKE traffic over NAT-T 4500/UDP. Refer to sk184982.

UPDATE: Resolved CVE-2026-48134 - SQL injection issue in UserCheck Web Portal when DLP is active. Refer to sk184983.

UPDATE: Resolved CVE-2026-48136 - Authenticated Administrator Role-Based Access Control Bypass in Compliance. Refer to sk184992.

UPDATE: Upgraded OpenSSL from version 3.5.4 to version 3.5.5 to fix CVE-2025-66199.

UPDATE: The HSM password is now configured in the secrets_manager tool using the "secrets_manager setpassword hsm" command. This provides centralized management and improved handling after configuration.

UPDATE: Policy installation is now accelerated after performing Global Domain Reassignment.

UPDATE: Added a new HCP test that analyzes load balancing and NAT utilization, and suggests optimal distribution adjustments accordingly. Refer to sk171436.

UPDATE: Added the ability to automatically stop kernel debugging after a specified number of seconds. See the R82 Quantum Security Gateway Administration Guide. Refer to the command "fw ctl debug -T <Number of Seconds>".

UPDATE: Added support for Microsoft Azure Network Adapter (MANA) driver. Refer to sk183754.

UPDATE: Added Take 43 of Check Point Support Data Collector (CPSDC) for Scalable Platforms and Maestro Security Appliances. Refer to sk164414.

UPDATE: Added Update 27 of HealthCheck Point (HCP) Release. Refer to sk171436.

UPDATE: Added Update 28 of Autonomous Threat Prevention Management Integration Release. Refer to sk167109.

Reinstallation of R82.10 Jumbo Hotfix Accumulator Take 6 may result in configuration loss.

See the Critical Information section.

The "set-checkpoint-host" Management API command with the "interfaces" field may fail with the "generic_err_invalid_parameter" error.

In some scenarios, SmartConsole disconnects during policy installation.

If the MGMTCOMP-DIFF-REPORT-CLIENT process becomes suspended on the Security Management Server, the Server-side Change Report Generator fails to generate and send reports when processing a large number of changes.

Upon creation of a new Domain on a Multi-Domain Security Management Server, the Domain Server's virtual IP address is not added to the Gaia database, making it inaccessible via Clish commands. Refer to sk183941.

The delay may be observed during the "compiling policy" and "generating policy files" stages in SmartConsole.

In some scenarios, CPVIEW_API_SERVICE may unexpectedly restart and generate a core dump file.

The CPVIEWD daemon may exit during startup.

CPView may display "N/A" values for logging-related metrics when there is insufficient free disk space in the log partition.

In some scenarios, non-ASCII characters may appear garbled in SmartEvent Automatic Reaction emails.

In SmartView Monitor, opened from Logs & Events > Tunnel & User Monitoring, the "SmartEvent Correlation Unit" status may be displayed as "Not running" although the CPSEMD process is running.

Test feed fails when testing a Network Feed object with the feed parsing format configured as JSON. Refer to sk183618.

Running the "g_tcpdump mcap" with "-C" flag fails with the file matching or captured packets merging error.

In rare scenarios, the FWK process may exit when parsing an invalid SIP packet.

The SD-WAN NAT rule may not be applied when no NAT is defined in the Access Control policy.

In rare scenarios, after an upgrade, the Security Gateway may crash because of a missing route.

Legitimate files may be incorrectly flagged as malicious when scanned with ICAP. Refer to sk184628.

In some scenarios, when processing HTTPS traffic in the accelerated pipelined path, the FWK process may unexpectedly exit.

The Security Gateway may fail to correctly handle return traffic for pass-through GRE connections in scenarios with NAT.

In Smart-1 Cloud environments, the "Threat Prevention" view may display 0 in the "Logs" column under the "Top Protections" widget. Refer to sk184505.

The TLS-based Identity Sharing connection between the Policy Decision Point (PDP) and Policy Enforcement Point (PEP) may fail to establish when using IPv6 transport.

Identity Awareness AD user authentication takes a long time. Refer to sk183748.

In a rare scenario, when using Dynamic URL List, updating the version file may result in a FWK process restart.

In some scenarios, the Security Gateway may drop DNS traffic with non-malicious Domains.

When Mobile Access is working in Path Translation (PT) Link Translation mode, the Citrix application may not load after an upgrade to Citrix version LTSR 2507.

After rebooting specific Security Group Members (SGMs) in a dual-site Maestro environment, PDP (Policy Decision Point) to PEP (Policy Enforcement Point) connections are not always corrected to the SMO (Single Management Object) as expected. This results in connection restarts and additional CPU load.

When MDPS is enabled, cluster members may remain in INIT or DOWN state after reboot.

IPv4 addresses in the SYN Defender Allow List in SmartConsole may be loaded with the address octets reversed.

When loading the SYN Defender Allow List from the Gateway CLI using only the "-L" parameter, the entries are merged with the existing Allow List (including those configured in SmartConsole), rather than overwriting it.

The USIM process may exit on Check Point Firewall 3900 appliances during IPsec VPN traffic decryption.

In some scenarios in a VSX Maestro Security Group, when SecureXL User Mode (UPPAK) is enabled, a cluster member may incorrectly forward traffic through a Warp interface to the incorrect Virtual System. This results in traffic not being processed by the intended Virtual System, potentially causing "Out of State" drops.

When using Virtio or net_iavf drivers, when configuring "mq_mng" and setting the core count to match the SND (Send) core count, a portion of network traffic may be lost.

In some scenarios, when installing a policy fails, the Sand Blast Security Gateway becomes unresponsive and reboots automatically. The "Installation failed. Reason: Due to a timeout value of 600000 (millisecond) (port) (IP), Security Management Server aborted the connection with the peer" error is displayed in SmartConsole.

The Security Gateway with SecureXL User Mode (UPPAK) enabled may not properly update routes when bond interfaces are configured.

A ROUTED daemon may exit with a dump file during an OSPF route lookup on a route being redistributed between BGP and OSPF.

Custom log rotation configured using Gaia OS does not apply to SAML-related log files, so these logs are not rotated automatically. Refer to sk113241.

Cloning groups may fail during configuration updates. Refer to sk184701.

Newly added SGM remains "Down" on Scalable Chassis with SSM440 configured with MTU higher than 9000. Refer to sk184653.

CPU spikes may occur in a cluster when SNMP is enabled.

Multiple Entry Point (MEP) validation may be incorrectly triggered when switching a Star Community to a Route-Based community.

SSL Network Extender Portal is accessible even when it is disabled in SmartConsole. Refer to sk184344.

When switching a VPN community from Route-Based to Domain-Based mode, the Tunnel Sharing setting may not reset to its default value. After the switch, Tunnel Sharing remains set to Per Gateway Pair instead of reverting to the Domain-Based default of Per Subnet Pair. No notification is displayed to alert about the discrepancy, which may impact performance.

In some scenarios, over time, prolonged VPN traffic may lead to gradual memory growth.

VPN traffic from L2TP clients may fail to pass through the Security Gateway working in SecureXL User Mode (UPPAK).

Remote Access Endpoint Security Client may fail to connect.

When a Virtual System (VS) is deleted from a VSX Security Gateway, the Dynamic Split feature does not properly recognize the removal and continues to attempt fetching data or updating CPU affinity for the deleted VS. This results in repeated errors or log entries referencing the non-existent Virtual System, and may interfere with CPU core allocation and affinity management for the remaining VSs.

The "show configuration" gClish command may fail for showing configuration for LLDP, VSNext, VSLS, SSH, and OSPF.

Incorrect MAC address configuration on WRP interfaces in a VSNext environment leads to ClusterXL Load Sharing malfunctions and traffic correction issues.

In VSNext ElasticXL and VSNext Maestro, running the "cpconfig" command from Clish/gClish within a Virtual System context may trigger execution in the Global context.

The FWM may unexpectedly exit when attaching a license to a Security Gateway using vSEC license distribution (vsec_lic_cli).

Registration of Data Center assets with a numeric, non-UID unique identifier may fail, potentially causing performance impact on the Security Management Server.

A VPN IPv6 traffic outage may occur when a host/network object is defined with the Security Gateway's main IPv6 address.

Security Gateway may drop legitimate H323 traffic with "Illegal H.225(Q931) No Q.931 User-user IE found". Refer to sk184591.

In a Maestro environment with Multi-Domain Security Management and enabled MDPS, SNMP per member queries do not survive member failover. Additionally, SNMP queries to the SMO may be routed to the dplane instead of the mplane.

In a Maestro environment, deleting a configured VXLAN from the Security Gateway using gClish on VS0 results in a "Segmentation fault (core dumped)" error, despite successful deletion from SmartConsole.

If a management interface on ElasticXL Security Gateway is a part of a bond, the license distribution mechanism may not work as expected.

Rebooting an Active member in the Single Management Object (SMO) role may trigger a brief connectivity loss.

After an upgrade to R82.10 of the Maestro environment, connecting using SSL Network Extender (SNX) fails. The Security Gateway drops the packets with the reason "clear text packet should be encrypted".

In VSX setup, a configuration note may be generated after a reboot, although the configuration is synchronized.

Members added to an ElasticXL Security Group with the MDPS feature enabled may remain in the Down state because of a missing license. Licenses are not automatically distributed from the SMO member to newly added Security Group members.

On Maestro running VSNext, when a Virtual Switch (VSW) shares a physical interface with a Virtual System (using different VLANs), the VSW's VLAN interface may not be propagated to the Maestro Hyperscale Orchestrator (MHO).

The FWK process may exit when GTP Intra Tunnel Inspection is enabled.