R80.40 Jumbo Hotfix Accumulator - Take 161 (2023)

Take 161

Released on 30 May 2022 and declared as Recommended on 13 July 2022

PRJ-34227,
PRHF-21357

Security Management

Deleting a Domain may fail when there is an administrator with API key authentication associated with this Domain.

PRJ-35949,
PRHF-21894

Security Management

In the Compliance view, after changing "Policy Range" to a value smaller than 100%, best practices results become not available. Refer to sk177544.

PRJ-34177,
PRHF-20991

Security Management

In rare scenarios, Install Policy Presets may fail with "Failed to run Install Policy on the active Domain Server".

PRJ-35338,
PRHF-21851

Security Management

In rare scenarios, the Management Server may fail to start after an upgrade.

PRJ-37494,
PRHF-22409

Security Management

In some scenarios, the "show-hosts" Management API command fails with "generic_error" when running it with "details-level full". Refer to sk178249.

PRJ-34181,
PRHF-21215

Security Management

In rare scenarios, the Management Server becomes inaccessible if there are more than 5000 objects in the Gateways and Servers view.

PRJ-35224,
PRHF-21778

Security Management

When exporting rules with "hit counts" and the timeframe is set to a different value than "all", the "hit counts" are missing from the export file. Refer to sk177265.

PRJ-37577,
PMTR-80846

Security Management

In some scenarios, after editing blades in simple-gateway/cluster Ansible modules, the blades are not changed and Ansible shows that no changes occurred.

PRJ-35016,
PRHF-21705

Security Management

Install Policy Verification may fail with the "Rule has security zone objects that are not attached to any interface used" error when configuring cluster's interfaces on only one member. Refer to sk177129.

PRJ-37395,
PRHF-22603

Security Management

After performing the Solr Cure procedure, objects may appear as duplicated in SmartConsole. Refer to sk178084.

PRJ-35297,
PMTR-75023

Security Management

When cloning an IPS profile, the advanced settings of cloud protection are not copied to the new profile.

PRJ-32816,
PRHF-20492

Security Management

In rare scenarios, when installing a policy after performing "revert to revision", some changes made to a policy may not be installed on the Security Gateway. Refer to sk176768.

PRJ-32745,
PRHF-20512

Security Management

In a rare scenario, the FWM process unexpectedly exits.

PRJ-39176,

PRHF-23750

Security Management

In some scenarios, the Management API command "show-packages" with "details-level full" may fail with the "Could not commit JPA transaction" error.

PRJ-36621,

PMTR-79023

Logging

UPDATE: SmartView reports will now show the new Check Point logo.

PRJ-36197

Logging

UPDATE: Mapping of IP addresses to country/flag is now automatically updated every day. They are visible in the Logs and Events views.

PRJ-30549,
PRHF-19084

Logging

In rare scenarios, when QoS blade is enabled, the FWD process may unexpectedly exit. Refer to sk177783.

PRJ-32372,
PRHF-18699

Logging

When running CPinfo in a large scale environment, the SmartEventCollectLogs process may get stuck.

PRJ-34249,
PRHF-21188

Logging

There may be an incorrect error message related to MakeConnection method.

PRJ-35200,
PRHF-20349

Logging

In a rare scenario, the Security Management Server does not automatically delete older log files. Refer to sk177627.

PRJ-34805,
PRHF-21554

Logging

In some scenarios, logs related to Content Awareness are missing.

PRJ-29173,
PRHF-18866

Logging

Removed unnecessary debug messages: "fwbintabreplace: table svm_range_gateways not found" and "fwbintabreplace: table svm_range_gateways_valid not found" from the fwd debug log.

PRJ-30144,
PMTR-60786

Logging

Recurring "Unable to open '/dev/fw0': No such file or directory" may be printed in the fwd.elg file.

PRJ-34141,
PRHF-21218

Logging

On the Domain level, in the Logs view, available services may not appear in the drop-down filter list. Refer to sk178904.

PRJ-32579,
PRHF-20447

Logging

In some scenarios, it is not possible to add the "Policy Rule UID" column to the Logs view in the SmartView Web Application.

PRJ-33516,
PMTR-71704

Logging

Improved samples visibility in SmartView Widgets.

PRJ-37896,
PRHF-22858

Logging

Logs may be missing from Smart Console after upgrading the Log Server if a VS object is configured without an IP.

PRJ-35097,
PMTR-76491

Security Gateway

UPDATE: Added a new global parameter: "fw_daf_module_mac_mode". It allows mirroring traffic to a Linux-based device. It is set to "0" by default. Refer to sk178127.

PRJ-19035,
PMTR-61532

Security Gateway

UPDATE: In CPView overview, the "FW" field will now show physical memory used instead of virtual memory. The change is only cosmetic.

PRJ-31665,
PMTR-68092

Security Gateway

UPDATE: Adding Connection and Packet Distribution statistics in CPView.

PRJ-38235,
PMTR-81910

Security Gateway

UPDATE: Apache HTTPD version was updated from 2.4.51 to 2.4.53.

PRJ-29962,
UP-452

Security Gateway

UPDATE: Added two minutes grace period before dropping the non-TCP server-to-client packets upon policy installation and rematch flow. Refer to sk173287.

PRJ-31494,
PRHF-7049

Security Gateway

UPDATE: Following sk110157, adding a shadow SAM V1 rule is now possible only if the new rule and the existing rule have different timeouts. If a shadow rule exists, the new shadow rule will override the existing shadow rule.

PRJ-37528,
PRHF-22491

Security Gateway

Improved Security Gateway internal memory allocation logic.

PRJ-36047,
PMTR-78861

Security Gateway

In a rare scenario, DNS connection may be dropped with "up_manager_cmi_handler_match_cb: connection not found".

PRJ-26984,
PRHF-17754

Security Gateway

In rare scenarios, connectivity issues to specific websites may occur during web traffic inspection.

PRJ-34726,
PRHF-21103

Security Gateway

In rare scenarios, if temporary files were not deleted successfully, downloading certain file types may fail with an error.

PRJ-33273,
PMTR-26836

Security Gateway

The control connection may not be refreshed together with the data connection if the data connection is accelerated. Refer to sk168952.

PRJ-23479,
PRHF-16013

Security Gateway

Policy installation may fail when reaching out of memory on the Security Gateway.

PRJ-37356,
PRJ-35902

Security Gateway

Uninstalling Jumbo Hotfix may cause interfaces to disappear.

PRJ-35006,
PRHF-21742

Security Gateway

The dynamic NAT allocation port warning is continuously printed in /var/log/messages. Refer to sk177228.

PRJ-34787,
PMTR-65164

Security Gateway

In some scenarios, Security Gateway drops GRE traffic. Kernel debug shows "simi_reorder_enqueue_packet: reached the limit of maximum enqueued packets for conn".

PRJ-34015

Security Gateway

Bond slaves may be visible in the wrong plane.

PRJ-34088,
PRJ-34218

Threat Prevention

IPS and other Threat Prevention logs may not contain packet capture. And dmesg may be flooded with related errors.

PRJ-36164,
PRHF-21680

Identity Awareness

The PDP process may unexpectedly exit with a core dump file.

PRJ-35820,
PRHF-21396

Identity Awareness

On Scalable Platforms\Cluster LS, the Identity Database may become corrupted when an identity session is revoked from a non-master member.

PRJ-35851,
PRHF-22037

Identity Awareness

The PEP process may unexpectedly exit.

PRJ-28218,
PRHF-15223

Identity Awareness

There may be connectivity issues and high CPU spikes on the PDPD, VPND processes, and on the Gateway when installing policy. Refer to sk174144.

PRJ-34514,
PRHF-20998

URL Filtering

In a rare scenario, when URL Filtering blade is active, in Website categorization background mode, the FWK process crashes and creates a core dump.

PRJ-32742,
PMTR-70772

IPS

After installing a Threat Prevention policy with many rules and/or exceptions, on multiple Gateways together, Gateways may consume more CPU during rule-match of new connections.

PRJ-37543,
PRHF-22301

IPS

In a rare scenario, when the Security Gateway is configured as a proxy, downloading files may fail.

PRJ-32609,
PRHF-20132

IPS

When Anti-Virus and/or gzip inspection are enabled on the Gateway, during CloudFlare inspection of specific websites,the Security Gateway may drop the traffic.

PRJ-30124,
PMTR-66344

SSL Inspection

When HTTPS Inspection is enabled and traffic is inspected, detect logs for HTTPS traffic may show the "Invalid CRL Retrieved" and "No Valid CRL" error messages. Refer to sk172345.

PRJ-36298,
PMTR-76171

SSL Inspection

A memory leak related to TLS probe may occur in the WSTLSD process.

PRJ-32908,
PRHF-1527

Mobile Access

In a rare scenario, some options in a web application may be missing in Mobile Access Portal.

PRJ-35167,
PMTR-77780

ClusterXL

A single cluster member with Dynamic Routing configuration may stay permanently in DOWN state producing ROUTED pnote during a boot.

PRJ-35980,
PMTR-74818

ClusterXL

A cluster failover may take longer than it should.

PRJ-38369,
PRHF-23291

ClusterXL

Multicast packets may be dropped after policy installation.

PRJ-36470,
PRHF-21775

SecureXL

The VSX Gateway may crash when trying to route traffic from a VS to a Virtual Switch (VSW).

PRJ-33581,
PMTR-75970

SecureXL

In some scenarios, fragmented Cluster LS packets are dropped by SecureXL.

PRJ-34902,
PRJ-36073

SecureXL

In some scenarios, related to sending multicast packets, the ICMP errors may be shown.

PRJ-30713,
PRHF-18975

Routing

Connectivity issues may occur after configuration of route-based VPN (VTI interface). Refer to sk176368.

PRJ-35400,
PRJ-35403,
PRJ-35345,
VPNS2S-2848,
VPNS2S-2457,
VPNS2S-2770

VPN

IKEv2 Improvements for DAIP Gateway behind Hide NAT.

PRJ-34210,
PMTR-74824

VPN

IKEv2 ID configuration may not be applied when an IPv6 address is written as a certificate's alternative name.

PRJ-34492

VPN

Remote Access users are unable to connect when authenticating using a certificate issued by a subordinate CA.

PRJ-35397,
VPNS2S-2822

VPN

Improvements for DAIP Gateway behind Hide NAT.

PRJ-35534,
PMTR-78432

VPN

A memory leak may occur in the VPND process when using remote Access Back Connection.

PRJ-37462,
PRHF-21891

VPN

The VPND process may unexpectedly exit causing VPN connections to restart.

PRJ-34373,
PMTR-75526

VPN

In rare scenarios, Remote Access users cannot connect to the Gateway because of certificate authentication failure.

PRJ-35429,
PMTR-78314

VPN

In some scenarios, L2TP users cannot connect to the Gateway in a cluster environment.

PRJ-35386,
VPNS2S-2726

VPN

In some scenarios, the RIM script is not activated in DPD Tunnel monitoring.

PRJ-35557,
PMTR-78462

VPN

A memory leak may occur in the VPND process when using Remote Access Secondary Connect.

PRJ-35555,
PMTR-78436

VPN

A memory leak may occur in the VPND process when using Remote Access with Multiple Entry Points configured.

PRJ-35046,
PMTR-77549

VPN

In some scenarios, NAT-T tunnel establishment may fail.

PRJ-33322,
VPNS2S-1482

VPN

After initiating a tunnel between a regular Gateway and a DAIP Gateway, running the "vpn tu tlist'" command on the peer, may show the peer IP instead of the DAIP IP.

PRJ-29880,
PRHF-19050

VPN

Improved VPN interoperability.

PRJ-37589,
PRHF-22751

VPN

During policy installation when using DAIP behind hide NAT, CPU usage for the VPND process may be high.

PRJ-36237,
PRHF-22206

VPN

A memory leak may occur in the VPND process.

PRJ-38811,
PRJ-38729

VPN

In some scenarios, it is not possible to connect with Remote Access using DHCP for Office Mode. Refer to sk178767.

PRJ-34671,
PMTR-77130

VSX

UPDATE: The "vsx_util reconfigure" operation is not supported on a VSX cluster member or VSX Gateway which has no virtual systems configured. The operation will now alert about the absence of virtual systems.

PRJ-34999,
PMTR-77287

VSX

The "vsx_util reconfigure" command may fail without printing the cause of the error.

PRJ-32078,
PMTR-74295

VSX

When creating a static route on a virtual system, some network objects may be created with the same name inside the network group which causes failure in writing the object to the database.

PRJ-36767,
PMTR-52576

VSX

VSX Cluster Internal Communication Network IP address is shown in ifconfig after changing the name or VLAN of a VR physical interface.

PRJ-35503,
PMTR-62860

VSX

There may be a mismatch of policy name on virtual switch when using the "fw stat" and "vsx stat -v" commands. The issue is only cosmetic.

PRJ-33470,
PMTR-73998

VSX

In some scenarios, the "vsx_util reconfigure" command cannot fetch the policy installed previously.

PRJ-38202,
PRHF-23118

VSX

In some scenarios, the VSX Security Gateway may not decrease the packet's TTL.

PRJ-34602,
PMTR-74840

VSX

In some scenarios, the VSX Gateway may incorrectly handle broadcast packets received from a Virtual Switch.

PRJ-36786,
PMTR-79249

VSX

The "snmpwalk" command may time out after reaching SNMPv2-SMI::mib-2.68.1.2.0.

PRJ-36771,
PRJ-36756

Gaia OS

NEW: Gaia API (version 1.6 with python3 support) will now be deployed via Jumbo Hotfix. Refer to sk143612.

PRJ-24453,

PRHF-16628

Gaia OS

UPDATE: Changed the Syslog message severity from "error" to "info" and removed the exclamation mark in a specific message which is displayed during the normal backup operation flow.

PRJ-37415,
PMTR-74360

Gaia OS

In a rare scenario, while idle, the Security Gateway may crash producing a vmcore file.

PRJ-37225,
PMTR-63343

Gaia OS

Upgrade process may fail due to corrupted sic_local_cert.p12 certificate. Refer to sk171253.

PRJ-27908,
PRHF-17814

Harmony Endpoint

In some scenarios, logs related to Harmony Endpoint may be missing.

PRJ-37118,
PRHF-18358

VoIP

When static NAT is configured, VoIP calls may not work.

PRJ-38022,
ODU-342

Public Cloud CA Bundle

Added Take 18 of Public Cloud CA Bundle. Refer to sk172188.

PRJ-36703,
ODU-244

Public Cloud CA Bundle

Added Take 14 of Public Cloud CA Bundle. Refer to sk172188.

PRJ-34518,
PRJ-37145,
ODU-200,
ODU-286

Smart-1 Cloud

Added update 4 of Quantum Smart-1 Cloud. Refer to sk166056.

PRJ-37602,
PRHF-22145

CloudGuard Network

In Amazon Web Services (AWS), some Gateways may frequently crash with vmcores.

PRJ-35547,
PRHF-21841

CloudGuard Network

When there are virtual systems with the same name prefix, the CloudGuard Controller fails to update the VS with Data Center Objects.

PRJ-36273,
PRHF-22059

CloudGuard Network

In some scenarios, incorrect data center updates are pushed to the Gateway.

PRJ-37950,
PRHF-22994

CloudGuard Network

In some scenarios, mapping of AWS Data Centers may take a long time to complete.

PRJ-37052,
PRHF-20096

CloudGuard Network

In some scenarios, Data Center objects are not enforced on an AWS GEO cluster (Active/Active) Gateway. Refer to sk175904.

PRJ-38035,
ODU-341

Scalable Platforms

Added Take 21 of Check Point Support Data Collector (CPSDC) for Scalable Platforms and Maestro Security Appliances. Refer to sk164414.

PRJ-38223,
ODU-349

HCP

Added Update 8 of HealthCheck Point (HCP) Release. Refer to sk171436.

PRJ-36829,
ODU-287

HCP

Added Update 7 of HealthCheck Point (HCP) Release. Refer to sk171436.

Top Articles
Latest Posts
Article information

Author: Chrissy Homenick

Last Updated: 01/19/2023

Views: 5518

Rating: 4.3 / 5 (54 voted)

Reviews: 85% of readers found this page helpful

Author information

Name: Chrissy Homenick

Birthday: 2001-10-22

Address: 611 Kuhn Oval, Feltonbury, NY 02783-3818

Phone: +96619177651654

Job: Mining Representative

Hobby: amateur radio, Sculling, Knife making, Gardening, Watching movies, Gunsmithing, Video gaming

Introduction: My name is Chrissy Homenick, I am a tender, funny, determined, tender, glorious, fancy, enthusiastic person who loves writing and wants to share my knowledge and understanding with you.