R82 Jumbo Hotfix Take 41

NEW: This Take introduces the Dynamic URL List feature is an enhancement to the Custom Applications / Sites object (sk165094), allowing to maintain a dynamic list of URLs based on a feed file.

Refer to R82 Security Management Administration Guide > Topic "Creating Application Control and URL Filtering Rules".

UPDATE: Updated CRL and OCSP validation in Remote Access VPN, Site-to-Site VPN, and HTTPS Inspection to use HTTP/1.1 instead of HTTP/1.0. This ensures continued compatibility with DigiCert's updated requirements and prevents certificate validation failures. Refer to sk183884.

UPDATE: Added a new API version (2.0.1). Refer to the Management API Reference.

UPDATE:  The upgrade duration for the Security Management Server and Multi-Domain Security Management Server has been reduced by up to 60%.

• The fix will only be applied if the upgrade to R81.20 Jumbo Hotfix Accumulator Take 41 or higher is done using a Blink image or the Advanced Upgrade method.

UPDATE: Added the "show-only-local-domain" field to API queries to return only objects from the current local Domain.

UPDATE: Extended the "show logs" API to support Infinity Copilot queries in on-premises logs.

UPDATE: Modified the default behavior of the legacy Policy Server daemon (DTPSD). By default, this daemon now starts in the "DOWN" state unless explicitly configured otherwise. Refer to sk183803.

UPDATE: Added support for GCP NSI (Google Cloud Platform Network Security Integration) solution.

UPDATE: In the Insights tool -

• Added support for the Insights tool, which was previously only available on Scalable Platforms.

• Added Virtualization table (a VSX feature) when running Insights from VS0.

• The Performance widget is now also accessible with the "show cluster info performance" Clish command.

The $MDS_FWDIR/log directory may contain multiple api_status_UUID.json files.

In some scenarios, the PostgreSQL database fully utilizes disk space on the Security Management Server.

Backup file size on the Security Management Server grows after an upgrade. Refer to sk183835.
See the Critical Information section.

In rare scenarios, reassigning Global Policy fails after an IPS update.

SAML authentication fails for Web SmartConsole on port 4434, redirecting to an invalid URL (https://localhost:4434:4434/smartconsole/transport) and preventing SSO login, while SmartConsole GUI authentication works normally.

Compliance scan finishes successfully but does not show any data in SmartConsole.

The Management API command "add-custom-ca-certificate" may fail with a "general error" if the administrator does not provide the Base64-certificate parameter.

In some scenarios, the "where-used" Management API command with details-level set to "full" may fail with a "generic_internal_error" message, if the queried object is part of a Threat Prevention Exception Group.

The FWM daemon may leak and then exit.

In the Compliance view, when clicking the picker in the "Source" or "Destination" columns while creating a custom Firewall Best Practice, the network objects list shows "Loading" and loads slowly.

Incorrect bonds may be shown in the Data Plane when using MDPS and running the "show configuration bonding" command.

Non-HTTP connections may be incorrectly dropped because of a missing Host header when the Gateway operates as a proxy.

Traffic is dropped with a"Matched Optimized Drop" message, although it is allowed by configurations in the Rule Base. Refer to sk183443.

In some scenarios, the "Use of undefined constant session" warning is frequently printed in the SAML Portal's error_log file.

The update_license_conf script incorrectly parses the allowed cores count, setting "ALLOWED_CORES=-1" and causing Check Point Virtual Machine system corruption and daemon failures when CPU increases.

Stability issues for Data connections (RDP / RTP / FTP/ETC). Refer to sk179651.

Unexpected cluster flapping may occur during signature load.

After a system restarts (for example, reboot or cprestart), FWD-related sub-processes such as VPND and PDP may not run. Refer to sk183446.

In certain scenarios, the $SAMLPORTAL_HOME/logs/error_log file may continuously grow, potentially consuming a significant amount of disk space.

The FW_FULL process may exit in the Dynamic URLs list update flow.

Security Gateway blocks the download of files larger than 4 GB with the log "Application Control - HTTP parsing error occurred" in SmartConsole. Refer to sk183681.

False threat alerts may appear in Anti-Virus logs for benign traffic (action: accept). This is a cosmetic issue with no security impact.

After an upgrade, the USIM process may exit.

When there are a large number of SNDs operating with Intel NICs, the system could run low on available jumbo mbufs, leading to connectivity issues. Refer to sk183771.

IKE related core files may be generated when passing traffic through a VPN tunnel.

The VPND or IKED daemon may exit during IKEv2 negotiation.

In rare scenarios in a VSX environment, after a Virtual System (VS) starts, it becomes stuck in Down state with a "FullSync" pnote.

In the VS0 context, physical resources per VS may not be visible when using the "cpview -m" command, although they are available in the CPView tool.

Traffic routing may fail between the host and PPPoE / DNS Server through the Security Gateway, even though host-to-gateway and gateway-to-DNS connections work as expected.

SNMP data types under the ASG MIB tree ( for Scalable Platform Security Groups) may be incorrect.

Changes made to the JSON file of a Generic Data Center object may take a long time to appear in SmartConsole or Management API, although enforcement on the Security Gateway functions as expected.

Redundant logs from "Alerts Events" in the Insights tool. The issue is cosmetic only.

The "asg diag verify" command reports inconsistent OSPFv3 routes for Security Gateway Modules on Quantum Maestro. Refer to sk179931.

Security Group members changing from ACTIVE state to READY state may cause traffic impact.