List of All Resolved Issues and New Features in R82 Jumbo Hotfix Accumulator

 

 

Take

 Available Since Recommended Since

R82 Jumbo Hotfix Take 12

26 Feb 2025

18 Mar 2025

R82 Jumbo Hotfix Take 10

27 Jan 2025

-

ID

Product

Description

Take 12

Released on 26 February 2025 and declared as Recommended on 18 March 2025

Improvements and Resolved Issues

PRJ-59635,

PMTR-113416

Gaia OS

In a rare scenario, when installing a blink package, the Security Gateway may get stuck in a boot loop.

Take 10

Released on 27 January 2025

Improvements and Resolved Issues

PRJ-56747,
PMTR-106894

SmartConsole

UPDATE: Resolved CVE-2024-3596 - Blast-RADIUS attacks. Fix for Remote Access VPN and login to SmartConsole, Mobile Access and Identity Awareness Captive Portal. Refer to sk182516.

PRJ-58281,

PMTR-97400

Security Gateway

UPDATE: Deprecated RC2-CBC cipher for SIC in OpenSSL.

PRJ-57491,
PMTR-108994

Security Management

UPDATE: The Management API command "set-https-rule" now automatically sets the negative value to "false" when modifying the destination, source, service, or site-category fields, regardless of its previous setting.

PRJ-57066,
PRHF-34509

SecureXL

UPDATE:

  • Improved debugging in the Security Gateway to identify problematic hosts when resolving their next-hop IP addresses.

  • The custom ADP queue size configuration now persists after rebooting the Security Gateway. The relevant global parameters are located in the $PPKDIR/conf/adpkern.conf file:

    • "adp_nh_total_max_arp_qents"

    • "adp_nh_local_max_arp_qents"

PRJ-58125,

PMTR-106186

Scalable Platforms

UPDATE: Added support for Multicast Listener Discovery (MLD) on Maestro Hyperscale Orchestrator (MHO).

PRJ-57074,
PRHF-35818

Security Management

In rare scenarios, when exporting policy hitcounts to CSV format, the "Hitcount" column may appear blank in the exported file.

PRJ-58104,
PRHF-32246

Security Management

Audit logs may not be generated when changes are made to an inline (shared) layer that appears multiple times within the same policy.

PRJ-57319,
PRHF-25950

Security Management

The Database Installation progress bar may not update during task execution.

PRJ-59004,

PMTR-111056

Security Management

When editing the administrator expiration date, after publishing, the expiration date resets to "Never". Refer to sk182997.

PRJ-56542,
PRHF-34752

Multi-Domain Security Management

In some scenarios, in a Multi-Domain Security Management environment, the Hit Count retention mechanism may not remove the Hit Count data from all the Domains.

PRJ-56532,
PRHF-35418

Multi-Domain Security Management

The Multi-Domain Security Management Server experiences high CPU usage when communicating with the Multi-Domain Log Server. And the cpm.elg log prints the "You have reached the maximum number of active session" error. Refer to sk182738.

PRJ-57531,
PRHF-36514

Multi-Domain Security Management

In rare scenarios, in Multi-Domain Security Management environments, login to SmartConsole fails.

PRJ-57310,
MCFG-666

SmartConsole

SmartConsole fails to connect with "Unable to connect to server. Server is initializing". Refer to sk182507.

PRJ-57273,

PMTR-108672

SmartConsole

When the Security Management has an additional NAT configuration in the SD-WAN policy (Infinity Portal), an indicating banner may not appear in SmartConsole NAT Rule Base. This is a cosmetic issue.

  • Requires R82 SmartConsole Build 1051 or higher.

PRJ-58519,

PMTR-110408

Logging

In some scenarios, in Log Servers or Multi-Domain Log Modules (MLM):

  • The SOLR process consumes high CPU.

  • There is a delay in displaying logs in the Logs view.

PRJ-58050,
PMTR-109735

Security Gateway

In a rare scenario, the FWK process may exit when processing traffic over QUIC protocol.

PRJ-58659,

PMTR-110556

Security Gateway

In a rare scenario, the FWK process may exit due to a race condition.

PRJ-56911,

PRJ-56840,
PRHF-33037,

PRHF-35918

Security Gateway

The Security Gateway may crash after a failure in policy installation.

PRJ-56702,
PRHF-35624

Security Gateway

Anti-Spoofing may drop IPv6 traffic that arrives at an interface with an IPv6 address configured. Refer to sk182725.

PRJ-57844,
PMTR-109616

Security Gateway

In a rare scenario, when multiple Elephant Flows are running in parallel in the accelerated pipelining path, there may be high CPU utilization. Refer to sk183007.

PRJ-58100,
PMTR-109857

Security Gateway

Traffic through specific interfaces is dropped when the QoS blade is active and "ISP redundancy-LS" is configured. Refer to sk182807.

PRJ-57109,
PRHF-36116

Security Gateway

Memory leak may occur in SecureXL templates. Refer to sk182648.

PRJ-57895,

PMTR-108660

Security Gateway

DoS protection and connection rate limiting configurations may fail to effectively enforce rules.

PRJ-57098,

PMTR-108273

SD-WAN

In a rare scenario, when SD-WAN transport is incorrectly marked as "UP" despite its underlying ISP interface is "DOWN", traffic fails to reach the remote peer because of incorrect routing decisions.

PRJ-58021,
PMTR-109729

Threat Prevention

In a VSX environment, enabling Threat Prevention blades may cause continuous file accumulation on the Security Gateway's hard drive.

PRJ-57007,

PRHF-35823

Threat Prevention

In some scenarios, when Zero Phishing is enabled, kernel crash may occur.

PRJ-57926,
PMTR-109709

Identity Awareness

Identity Broker Subscriber configured with recalculation of Access Roles does not match all Access Roles after the User and Machine are identified.

PRJ-56869,
PRHF-35625,

PRJ-56873,

PRHF-35636

Identity Awareness

In rare scenarios:

  • The PDPD process may become unresponsive during termination.

  • PDP to PEP Identity synchronization fails on the PEP side when Identity Sharing is configured with PUSH Identity Sharing.

Refer to sk182613.

PRJ-57046,
PRHF-36045

Identity Awareness

In a rare scenario, the PDPD process may unexpectedly exit during policy installation.

PRJ-57411,
PMTR-108321

SSL Inspection

The Trusted CA package update fails when the Security Management Server connects to the Internet only through a Proxy Server.

PRJ-57682,
PRHF-36561

SecureXL

A memory leak may occur in the SIM process when using DOS/Rate Limiting rules.

PRJ-58592,

PMTR-110486

SecureXL

When working with SecureXL in User mode (UPPAK), some CPUs may reach 100% utilization when enabling or disabling debug filters.

PRJ-57801,
PMTR-109570

SecureXL

Policy installation failures can disrupt the expected behavior of "fwaccel dos" commands.

PRJ-57558,
PRHF-34632

VPN

SSL Network Extender (SNX) traffic on Maestro may be dropped with "vpnk_tcpt invalid negative tunnel id". Refer to sk182806.

PRJ-56335,
PRHF-35251

VPN

An ECDH object may be deleted before its associated event is completed processing.

PRJ-57901,
PMTR-109649

VPN

After a cluster failover, VPN tunnels may be not stable.

PRJ-56499,
PRHF-35416

VPN

There is no audio during the first 5 seconds of each VoIP call. Refer to sk182730.

PRJ-57825,
PRHF-17665

VSX

Multi-Queue configuration does not survive reboot on VSX. Refer to sk173950.

PRJ-56915,
PRHF-35806

VSX

In SmartConsole, in the Device and License Information view, the Compliance Blade license status may incorrectly display "Quota Exceeded" when Virtual Routers or Virtual Switches are present.

PRJ-57059,

PRHF-34508

VSX

After a Jumbo Hotfix upgrade, the Mail Transfer Agent may fail on all Virtual Systems except one.

PRJ-56875,
EPS-57790

Harmony Endpoint

During patch deployment in Posture Management, attempting to patch multiple systems for a specific application using the "Group By Application" option fails with the "Failed to Start Patching Process" error.

PRJ-57473,
PRHF-36424

Scalable Platforms

In rare scenarios, Interface Active check may cause a Security Gateway crash when probing a local network.

PRJ-58056,

PRHF-37015

Scalable Platforms

When handling multiple shared uplinks across numerous interfaces, errors related to LACP bond uplink updates may be printed in logs.

PRJ-58195,

PMTR-109784

Scalable Platforms

In a rare scenario, the FWK process may unexpectedly exit and bring down the Security Gateway Member (SGM).

PRJ-58127,

PMTR-109620

Scalable Platforms

In rare scenarios, authentication between MHOs is not established. Trying to establish authentication manually fails with the "TrustEstablishmentError: Failed to set up communication user on host 1_1: invalid literal for int() with base 10" error.