List of Upcoming Resolved Issues in R82 Jumbo Hotfix Accumulator

The below issues are planned to be addressed in our future Jumbo Hotfix Accumulator Takes.

The list is not final and may change.

ID

Product

Description

PRJ-62023,
PRHF-40184

Security Management

In SmartConsole, deleting a license in the Licenses tab of a Security Cluster object fails with the "Domain Management Server licenses cannot be removed from the Domain Management Server level" error.

PRJ-61293,
PRHF-39777

Security Management

The $MDS_FWDIR/log directory may contain multiple api_status_UUID.json files.

PRJ-61290,
PRHF-39256

Security Management

In rare scenarios, login to the Security Management Server may fail with timeout.

PRJ-59085,
PRHF-37999

Security Management

Policy installation is delayed because of the FWM process load. Refer to sk183563.

PRJ-61322,
PRHF-39817

Security Management

Reassigning Global Policy takes a few hours after updating IPS Snort protections.

PRJ-61400,
PRHF-39940

Security Management

In rare scenarios, reassigning Global Policy fails after an IPS update.

PRJ-59928,
PRHF-38237

Security Management

In some scenarios, the Changes Report is not attached to the email sent by the SmartTask configured with the "After Publish" trigger and the "Send Mail" action.

PRJ-61669,
PRHF-39885

Security Management

In some scenarios, SmartConsole disconnects when installing policy if there are 50 installation targets or more.

PRJ-59666,
PRHF-37860

Security Management

Compliance scan finishes successfully but does not show any data in SmartConsole.

PRJ-62138,
PMTR-115488

Security Management

Running the Management API "show-object on access-role object" command may fail with "generic_server_error".

PRJ-62230,
MGMTPROD-436

Security Management

When adding an application to an Access Control rule with service set to "None" and track set to "Log", the "set-access-rule" Management API command triggers an error: "You must enable the Granularity option 'Session' for the Track option 'Log' if the rule specifies an application or a Contact Type".

PRJ-57314,
PRHF-36228

Security Management

In some scenarios, the "where-used" Management API command with details-level set to "full" may fail with a "generic_internal_error" message, if the queried object is part of a Threat Prevention Exception Group.

PRJ-62093,
PRHF-40268

Security Management

In SmartConsole, when viewing the License tab of a Security Gateway object, multiple duplicated VSEC licenses with the same signature may be shown.

PRJ-62314,
PRHF-40748

Security Management

The FWM daemon may leak and then exit.

PRJ-60678,
PMTR-114726

Security Management

The "add-lsm-gateway" or "add-lsm-cluster" Management API commands may report success even when IKE certificate creation fails.

PRJ-61533,
PRHF-39869

Security Management

In the Compliance view, when clicking the picker in the "Source" or "Destination" columns while creating a custom Firewall Best Practice, the network objects list shows "Loading" and loads slowly.

PRJ-59194,
PRHF-38042

Logging

When viewing certain reports in SmartView, the "No data found" error may appear even when matching logs exist.

PRJ-62598,

PRHF-41141

Logging

On Multi-Domain Log Modules (MLMs) installed on 7000 series appliances, log queries spanning more than 7 days may take a long time.

PRJ-58762,
PRHF-37638

Security Gateway

Incorrect bonds may be shown in the Data Plane when using MDPS and running the "show configuration bonding" command.

PRJ-60754,
PRHF-39368

Security Gateway

Non-HTTP connections may be incorrectly dropped because of a missing Host header when the Gateway operates as a proxy.

PRJ-61909,
PMTR-116366

Security Gateway

Missing cleanup when template connection creation fails prevents the system from exiting new connection context mode, causing subsequent connection operations to write incorrectly to the cache instead of the connection table.

PRJ-60900,
PRHF-39414

Security Gateway

Traffic is dropped with a"Matched Optimized Drop" message, although it is allowed by configurations in the Rule Base. Refer to sk183443.

PRJ-61425,
FMW-4633

Security Gateway

VSEC licenses may be automatically deleted and re-added on the Security Management Server (SmartCenter in Azure), creating duplicate license strings with mismatched signatures and causing intermittent "License with CK already exists" errors.

PRJ-59546,
PRHF-38154

Security Gateway

In some scenarios, the "Use of undefined constant session" warning is frequently printed in the SAML Portal's error_log file.

PRJ-61865,
PRHF-40249

Security Gateway

In rare scenarios, the WSDNS daemon may exit instead of shutting down gracefully.

PRJ-57282,
PRHF-36273

Security Gateway

The update_license_conf script incorrectly parses the allowed cores count, setting "ALLOWED_CORES=-1" and causing Check Point Virtual Machine system corruption and daemon failures when CPU increases.

PRJ-62107,
PRHF-40509

Security Gateway

The Clone Policy Package task in SmartConsole fails with the "The object name must not contain whitespace characters at the beginning or the end" error. Refer to sk161294.

PRJ-62462,
PRHF-27185

Security Gateway

Stability issues for Data connections (RDP / RTP / FTP/ETC). Refer to sk179651.

PRJ-62121,
PRHF-40597

Security Gateway

The SAML authentication flow may fail on a VSX Gateway.

PRJ-62418,
PRHF-31491

Security Gateway

Unexpected cluster flapping may occur during signature load.

PRJ-61012,
PRHF-39339

Security Gateway

After upgrading the Security Gateway to R81.20 Jumbo Hotfix Accumulator Take 92, Remote Access IPSec VPN connections using Endpoint Security VPN E88.60 fail. Authentication succeeds, but all client connections through the Security Gateway are dropped by the Cleanup Rule.

PRJ-61053,
PRHF-39655

Security Gateway

After a system restarts (for example, reboot or cprestart), FWD-related sub-processes such as VPND and PDP may not run. Refer to sk183446.

PRJ-60757,

PMTR-114362

Security Gateway

In rare scenarios, the local connection route may be incorrect when the ICAP client is active.

PRJ-57055,
PRHF-28783

Content Awareness

Disk space may not be cleared as expected when Content Awareness is the only enabled blade.

PRJ-62792,
PMTR-115931

URL Filtering

The FW_FULL process may exit in the Dynamic URLs list update flow.

PRJ-62257,
PMTR-116639

URL Filtering

In rare scenarios, the FWK process may crash when the URL Filtering Software Blade is enabled.

PRJ-62443,
PRHF-40727

IPS

Security Gateway blocks the download of files larger than 4 GB with the log "Application Control - HTTP parsing error occurred" in SmartConsole. Refer to sk183681.

PRJ-60271,
PMTR-113602

DLP

A potential memory leak because of many DLP/FILE_CONVERT processes spawned.

PRJ-60840,

PRJ-60821

Anti-Virus

False threat alerts may appear in Anti-Virus logs for benign traffic (action: accept). This is a cosmetic issue with no security impact.

PRJ-57445,
PRHF-36348

ClusterXL

Virtual System in a VSX VSLS Cluster does not fail over when a cluster interface goes down. Refer to sk182734.

PRJ-62145,
PMTR-116446

SecureXL

After an upgrade, the USIM process may exit.

PRJ-62691,

PMTR-117113

SecureXL

When the Security Gateway runs in User Mode SecureXL (UPPAK), removing a VLAN impacts connectivity on other VLANs in Bridge mode that share the same physical interface.

PRJ-63032,

PRHF-41230

SecureXL

When there are a large number of SNDs operating with Intel NICs, the system could run low on available jumbo mbufs, leading to connectivity issues.

PRJ-59180,
PRHF-37771

Routing

The multicast stream may not resolve correctly in VSX topologies. Packets are dropped with the "IP multicast routing failed (missing OS route)" message.

PRJ-59305,
PMTR-111436

VPN

IKE related core files may be generated when passing traffic through a VPN tunnel.

PRJ-60073,
AAD-5014

VPN

Rare VPN connectivity issues caused by Encryption Domain overrides in communities with third-party Gateways.

PRJ-61969,
PRHF-40481

VPN

The VPND or IKED daemon may exit during IKEv2 negotiation.

PRJ-62379,

PMTR-117339

VSNext

The Security Gateway may crash when recreating a Virtual Gateway.

PRJ-61295,
HEC-1345

VSNext

In the VS0 context, physical resources per VS may not be visible when using the "cpview -m" command, although they are available in the CPView tool.

PRJ-59657,

PRHF-38449

Gaia OS

The 1.3.6.1.4.1.2620.1.6.7.5.1.5 SNMP OID (multiProcUsage) reports wrong values when HyperFlow is enabled.

PRJ-61756,
PMTR-115846

Gaia OS

Traffic routing may fail between the host and PPPoE / DNS Server through the Security Gateway, even though host-to-gateway and gateway-to-DNS connections work as expected.

PRJ-61814,
PRHF-40409

Gaia OS

SNMP Agent may report a wrong value for VLAN Interface Speed.

PRJ-62384,
PRHF-40893

Gaia OS

SNMP data types under the ASG MIB tree ( for Scalable Platform Security Groups) may be incorrect.

PRJ-62222,
PRHF-40517

CloudGuard Network

If the User Center connection fails, contracts may be retrieved incorrectly, resulting in erroneous contracts getting pushed to the Security Gateway.

PRJ-61980,
PRHF-40203

CloudGuard Network

Changes made to the JSON file of a Generic Data Center object may take a long time to appear in SmartConsole or Management API, although enforcement on the Security Gateway functions as expected.

PRJ-59366,
HEC-1235

Scalable Platforms

Redundant logs from "Alerts Events" in the Insights tool. The issue is cosmetic only.

PRJ-59780,
PMTR-111817

Scalable Platforms

Policy installation may fail on newly added Security Group members because an updatable object package is missing.

PRJ-61345,
PRHF-39863

Scalable Platforms

The "asg diag verify" command reports inconsistent OSPFv3 routes for Security Gateway Modules on Quantum Maestro. Refer to sk179931.

PRJ-62519,
PMTR-117435

Scalable Platforms

The CPVIEWD daemon may exit on a VSX Gateway.

PRJ-62574,
PMTR-117483

Scalable Platforms

Security Group members changing from ACTIVE state to READY state may cause traffic impact.

PRJ-59056,
PRHF-37439

Carrier Security

The Security Gateway may crash after dropping corrupt GTP-C (control traffic) packets.