List of Upcoming Resolved Issues in R82 Jumbo Hotfix Accumulator

The below issues are planned to be addressed in our future Jumbo Hotfix Accumulator Takes.

The list is not final and may change.

ID

Product

Description

PRJ-61645,
PMTR-115879

Security Management

In rare scenarios, CME (Cloud Management Extension) fails to run because of the "show-simple-gateway" Management API command failure. The CME logs show such entries: "Product - CMESeverity - criticalDescription - Error during synchronization with Security Gateways. Error details: Failed to scan for gateway instances in the cloud account".

PRJ-63826,
PRHF-41884

Security Management

Best Practices may be missing or show incorrect results in the Security Best Practices view of the Compliance Software Blade. Refer to sk184239.

PRJ-63948,
PRHF-41979

Security Management

Policy installation may fail when an inline layer is used more than once in the same policy and this error is displayed "Policy installation had failed due to an internal error. If the problem persists please contact Check Point support".

PRJ-62989,
PRHF-41049

Security Management

In some scenarios, when updatable objects are used in the policy, policy installation fails with error code "0-2-2000245". Refer to sk183844.

PRJ-62087,

PRHF-40511

Security Management

In a Full High Availability (HA) ClusterXL deployment, the Infinity Portal does not display the Active Management Server as connected. As a result, Configuration Sharing is not working as expected in the Infinity Portal.

PRJ-64206,

PMTR-120236

CPView

Apostrophes used in CPView strings cause CPDiag to fail. CPView History data is not shown.

PRJ-65906,

PMTR-121592

Logging

In the "HTTPS Inspection Statistics" in SmartView, filtering by the "bypass_reason" field returns no results.

PRJ-64074,
SL-9462

Logging

In some scenarios, incorrect values are shown in the "Total Bytes" field in the logs. Refer to sk184237

PRJ-65053,
PRHF-42145

Security Gateway

In some scenarios, SNMPv3 monitoring fails on Data Plane when MDPS is enabled. Refer to sk184379.

PRJ-63235,

PRHF-41491

Security Gateway

Enabling ForceAuth for Remote Access VPN fails because of a typo in the saml_force_authn_override.sh script (sk182042).

PRJ-60571,
PRHF-39093

Content Awareness

In some scenarios, a memory leak may occur in the DLPU process. The /var/log directory on the Active Cluster member reaches critical disk usage levels.

PRJ-63611,
PMTR-119233

IPS

In rare scenarios, the IPS update package may become corrupted. This could cause the Security Gateway to load the initial policy instead of the active security policy.

PRJ-58810,
PRJ-58737

Mobile Access

After an upgrade, the Mobile Access Software Blade's CVPND daemon fails to load and the Mobile Access Portal becomes inaccessible when adding new Virtual Systems or converting to a VSX Gateway, due to improper updates to the gateway-side configuration file cvpnd.C. Refer to sk183293

PRJ-61390,
PRHF-42606

SecureXL

When configuring PIM in Sparse Mode across multiple Virtual Systems on a VSX Security Gateway, the Security Gateway may crash, resulting in loss of connectivity.

PRJ-65451,

PMTR-121744

SecureXL

Permanently disabling the "cphwd_enable_ecmp" global parameter on a VSX Gateway using the "-f" option of the "fwl ctl set" command may fail.

PRJ-65601,

PMTR-122439

SecureXL

When SecureXL works in User Mode (UPPAK) on Security Gateways with CPAC-4-10F-C interface modules, invalid Ethernet frames permanently shut down the port's transmit queue, causing complete connectivity loss.

PRJ-62566,
PMTR-117103

Routing

When SecureXL runs in User Mode (UPPAK), local IGMP and MLD multicast groups are not added to listener reports. This causes the output of the "show igmp groups" command to miss expected local group memberships. Additionally, the router does not send MLD reports for IPv6 multicast groups, breaking IPv6 Dynamic Routing.

PRJ-65220,
PRHF-42915

Gaia OS

SNMP monitoring systems may report format errors related to the structure of the chkpnt.mib file.

PRJ-62338,
PRHF-40826

Gaia OS

LLDP data formatting issues when querying using SNMP. Refer to sk183733.

PRJ-65223,
PRHF-42944

Gaia OS

When integrating SNMP monitoring systems with Gaia OS, compilation of the GaiaTrapsMIB.mib file with the CHECKPOINT-MIB (chkpnt.mib) may fail. SNMP management stations or MIB browsers (such as HP OpenView, CA Spectrum, or HP Network Node Manager) return errors like "File GaiaTrapsMIB.mib failed to parse" or "ERROR : Cannot find symbol file://GaiaTrapsMIB.mib:Line XX:Column XX:multiDiskName".

PRJ-61179,

PRHF-33954

Gaia OS

On a Scalable Platform Security Group, although an SHA hash type was configured for Gaia OS passwords with the Gaia Global Clish command "set password-controls password-hash-type", the Gaia Global Clish command "set expert-password" saves the password as an MD5 hash in the Gaia OS database. Refer to sk182339.

PRJ-65857,

PMTR-122180

Gaia OS

Users cannot create read-only roles, cannot modify roles by removing permissions, or assign roles with all features to specific virtual servers, and all operations fail silently without warnings.

PRJ-63238,

PRHF-41507

Gaia OS

The SSHD process unexpectedly exits on the Multi-Domain Log Server (MLM) after an SSH session ends. Refer to sk183972.

PRJ-65026,

PRHF-42775

Gaia OS

"No Such Instance currently exists at this OID" message is displayed when querying the OID tree 1.3.6.1.4.1.2620.1.48 on a Maestro Security Group. Refer to sk184363.

PRJ-65526,
PRHF-43016

Gaia OS

Upon logging in to the Gaia Portal, the login page accepts the credentials, briefly displays the homepage, and then automatically redirects back to the login screen.

PRJ-65857,

PMTR-122180

Gaia OS

Users cannot create read-only roles, cannot modify roles by removing permissions, and cannot assign roles with all features to specific virtual servers, with all operations failing silently without warnings.

PRJ-62344,
PRHF-40386

VPN

In some scenarios, only a partial list of traffic selectors may be sent during tunnel negotiation for Remote Access IKEv2 tunnels.

PRJ-63697,

PMTR-119366

VSNext

When capturing packets on a warp interface in a Virtual System (VS) of a VSX Security Gateway with SecureXL User Mode (UPPAK) enabled, certain reply packets may not be captured, for example, ICMP Echo Replies to traffic directed at the Security Gateway.

PRJ-65483,

PRHF-43055

VSNext

Three out of four Virtual Systems (VS) on a single site may show a "Problem" Health status in the output of the "asg stat vs all" test. This is a cosmetic issue.

PRJ-65592,

PMTR-122597

CloudGuard Network

When a new CloudGuard Network Security Gateway is added to the Security Management Server, and a security policy is installed, the Security Gateway may not appear in the Central License Tool (vsec_lic_cli). As a result, the Security Gateway fails to receive a central license.

PRJ-64070,

PRHF-41754

SD-WAN

In SD-WAN overlay environment when there is no matching rule, the /var/log/messages directory may contain many "could not find rule uuid for connection", "invalid return value from callback" errors.

PRJ-66015,
PMTR-123154

Scalable Platforms

Using a unique IP address with the Same VMAC feature enabled may cause connections to the Standby unique IP address to fail.

PRJ-64393,
PMTR-119685

Scalable Platforms

When adding a subordinate to an LACP bond, a member may go down, which triggers a site failover.

PRJ-63868,
PRJ-62493

Scalable Platforms

In a Maestro Security Group with a Threat Prevention policy applied, performing an SIC reset may cause non-Single Management Object (non-SMO) Security Group members to enter a Down state. The affected members display an Anti-Malware pnote as the reason for the state change.

PRJ-65500,

PMTR-122485

Scalable Platforms

These actions applied through the Web Portal are not applied to all Security Group members, but only to the SMO:

  • create/delete/edit scheduled backup

  • edit mail-address/notification-level for mailing

  • delete backup

PRJ-64390,
PMTR-120706

Scalable Platforms

In a Maestro deployment, the file $PPKDIR/conf/adpkern.conf may not be synchronized between Security Group members.

PRJ-60645,
PRHF-21006

Carrier Security

GTPv1 traffic may be dropped with code description "Invalid IE length value", "GTP info: Parsing IE type 133 failed".