R80.40 Jumbo Hotfix Accumulator - Take 83 (2023)

Take 83

Released on 04 October 2020 and declared as Recommended on 25 October 2020

PRJ-8954,
MCFG-246

Upgrade Tools

Upgrade from R80.10 to R80.40 may fail with messages related to cmsobfuscationkey. Refer to sk168933.

PRJ-15610,
PMTR-57447

Security Management

NEW: Added ability to run Management REST API on a Multi-Domain Log Server.

PRJ-16147,
PMTR-58152

Security Management

NEW: The "cma_migrate" command will continue working if the SSH connection with the Multi-Domain Server was lost.

If the user presses "Ctrl+C" while cma_migrate is running, the user will be asked whether to stop cma_migrate or to continue.

PRJ-15501,
PMTR-56638

Security Management

NEW: The $MDS_FWDIR/scripts/cpm_status.sh script will show if the CPM process fails to start.

PRJ-15497,
PMTR-57275

Security Management

$MDS_FWDIR/scripts/solr_start.sh script may fail to start Solr Cure if sk123417 is applied.

PRJ-16876,
PRHF-12879

Security Management

In some scenarios, sessions that were opened for the third parties or automatic scripts that use Management API, remain open. Refer to sk169072.

PRJ-11704,
PRHF-9017

Security Management

The Purge Revisions operation may not clean deleted objects of previous revisions

PRJ-14297,
PRHF-11704

Security Management

In rare scenarios, High Availability sync fails with "NGM failed to import data" error after the user deletes a Permission Role.

PRJ-13463,
PMTR-54975

Security Management

In rare scenarios, Install Policy Presets are not triggered.

PRJ-14492,
SMCUPG-1384

Security Management

In some scenarios, migrating two different Security Management Servers to domains in the same Multi-Domain Management Server fails.

PRJ-13919,
MCFG-242

Security Management

In some scenarios, exporting the Security Management Server in order to migrate it to Domain in Multi-Domain Environment fails.

PRJ-13613,
PRHF-11300

Security Management

In rare scenarios, the "where-used" API command fails with "Management server failed to execute command" error.

PRJ-13727,
PMTR-55574

Multi-Domain Management

NEW:

  • Global object deletion will be blocked if used in Domains on the Multi Domain Server.
  • The "Unused Objects" filter in the Global Domain will show objects only if not used by all of the Domains on the Multi-Domain Server.

PRJ-14455,
PRHF-11940

Multi-Domain Management

Policies may disappear from the Global Domain Assignments view after running the Solr Cure utility. Refer to sk168060.

PRJ-15720,
PRHF-12271

Multi-Domain Management

When the user attempts to add/change the Leading Interface through mdsconfig, it may fail with the "no external interfaces found on this machine" error. Refer to sk168319.

PRJ-16427,
PMTR-58559

Multi-Domain Management

Management HA incremental synchronization may break on the MDS level with "failed to import data" error message due to an operation related to the Compliance Blade.

PRJ-16438,
PRHF-12236

Multi-Domain Management

After upgrading a Multi-Domain Management Server, the object version of the Domain Management Servers or Domain Log Servers in the MDS SmartConsole may not have changed.

PRJ-17307,
PMTR-59799

Multi-Domain Management

In rare scenarios, the FWM process may unexpectedly exit and fail the Multi-Domain Management server upgrade.

PRJ-15972,
PRHF-10916

SmartConsole

Global Policy reassign in MDS may fail with "An internal error has occurred" message after adding overrides to Snort protections.

PRJ-15372,
PMTR-57065

SmartConsole

The user may not be able to delete objects that are referenced by a previously deleted policy. Refer to sk122954.

PRJ-16091,
PMTR-55032

SmartConsole

The "Get Interfaces" operation fails when admin creates a new cluster and decides to remove one of the members before he selects "Get Interfaces".

PRJ-13906,
PMTR-54935

SmartConsole

In some scenarios, when working with older applications like SmartView or SmartProvisioning, the admin count in SmartConsole presents an incorrect number of connected admins.

PRJ-16342,
PMTR-58390

SmartConsole

Setting or creating HTTPS layer (add-https-layer) with the "shared" parameter using the API may fail with the "Unrecognized parameter [shared]" error.

PRJ-12855,
PRHF-10453

SmartConsole

Hit count data may not be deleted automatically.

PRJ-13456,
PRHF-10952

SmartConsole

In some scenarios, Management API commands with "details-level":"full" Payload return a truncated output and fail to complete. Refer to sk170414.

PRJ-15482,
PMTR-39061

SmartProvisioning

In some scenarios, when the user installs policy on R77.30 Central Office Security Gateway from Management version R80 and higher, VPN tunnels may be dropped for LSM Gateways.

PRJ-13171,
PRHF-9994

Compliance

Compliance Partial Scans in Multi-Domain environments using Global Policies may lead to SmartConsole freeze or long publish times. Refer to sk170562.

PRJ-13562,
PMTR-53242

Logging

In rare scenarios, the evstop script does not stop all logging processes. As a result, upgrade procedures may hang and show no progress.

PRJ-14357,
SL-4323

SmartView

In SmartView, when the user sends a generated report via email in a language with non-standard English letters (Accented, Cyrillic, Chinese, Japanese, etc), some of the text may appear as question marks (?).

PRJ-14362,
PMTR-54723

SmartView

In SmartView, the icon is missing from the cover page of Compliance and Content Awareness PDF reports.

PRJ-12208,
PMTR-52793

Security Gateway

UPDATE: Added the latest fixes and security improvements to OpenSSL.

PRJ-16624,
PMTR-58538

Security Gateway

Updated Dynamic Balancing Clish commands. Refer to sk164155.

PRJ-16995,
PMTR-59154

Security Gateway

In some scenarios, Dynamic Balancing is unable to configure MQ setting for some interfaces.

PRJ-16401,
PRHF-12631

Security Gateway

When using Management Data Plane Separation (MDPS), schedule backup may fail.

PRJ-14126,
PMTR-56181

Security Gateway

In some scenarios, compilation errors during policy installation are ignored instead of immediately failing the policy. This may cause drops on the Security Gateway.

PRJ-14634,
PRHF-12058

Security Gateway

In rare scenarios, Security Gateway memory consumption may increase.

PRJ-15633,
PMTR-57462

Security Gateway

In a rare scenario, Security gateway may crash due to NULL pointer reference.

PRJ-13346,
PRHF-8408

Security Gateway

In a rare scenario, the FWD process opens connections to port 111.

PRJ-13888,
PRHF-9759

Security Gateway

An interface name with more than 15 characters may cause the policy installation to fail. Refer to sk167955.

PRJ-15841,
PRHF-12221

Security Gateway

ICAP block page displays virus name as "Unknown" instead of the virus name as it appears in the logs.

PRJ-16406,
PRHF-12305

Security Gateway

In some scenarios, when VPN blade or ISP Redundancy are used, traffic may be routed to the wrong interface. Refer to sk168881.

PRJ-16159,
PMTR-58124

Security Gateway

In a rare scenario, Security Gateway may crash after policy installation.

PRJ-12947,
PRHF-10972

Security Gateway

After policy installation, the output of the "cphaprob stat" command may show "HA module not started" when a large number of non-monitored Cluster interfaces are configured in SmartConsole.

  • This fix adds support for multiple non-monitored interfaces in SmartConsole.

PRJ-15771,
PMTR-57606

Security Gateway

In some scenarios, DNS protections configured on inspection settings may not be enforced.

PRJ-14449,
PMTR-10041

Security Gateway

In some scenarios, large number of interfaces defined on Security gateway may cause high CPU utilization by CPD process. Refer to sk168674.

PRJ-9849,
PRHF-7150

Security Gateway

In some scenarios, SCCP traffic may be dropped by the Security Gateway. Refer to sk108124.

PRJ-17223,
PMTR-59359

Security Gateway

Enabling both Dynamic Balancing and MDPS causes Dynamic Balancing to stop.

PRJ-17097,
PMTR-59478

Security Gateway

In rare scenarios, Dynamic Balancing fails to start after boot due to state verification failure.

PRJ-15849,
PMTR-57739

Security Gateway

SXL drop due to routing configuration when using security zone on bridge (layer2).

PRJ-17421,
PMTR-54539

Threat Emulation,
Security Gateway

In a rare scenario, Threat Emulation and 2 core appliances may freeze. Refer to sk169575.

PRJ-16107,
PRHF-12463

URL Filtering

In some scenarios, there may be sporadic connectivity issues in the Anti-Malware/URLF service (RAD).

PRJ-15689,
PRHF-12067

HTTPS Inspection

In some scenarios, web traffic may be blocked with "Content Awareness - Error: Internal system error (1000)" error log.

PRJ-14543,
PMTR-56472

HTTPS Inspection

In some scenarios, a CRL timeout may occur, which may cause slowness in HTTPS Inspection. Refer to sk169876.

PRJ-15800,
PMTR-57645

IPS

In some scenarios, invalid characters are sent to gw-stat report.

PRJ-15581,
PRHF-9645

Application Control

In some scenarios, deprecated applications are not removed/replaced during an upgrade from R77.30 to R80.x. Refer to sk131372.

PRJ-11730,
PMTR-52415

Anti-Malware

In some scenarios, custom intelligence feeds with URL encoding characters may not be parsed correctly. Refer to sk168077.

PRJ-14067,
AVIR-1090

Anti-Malware

In rare scenarios, Security Gateway may crash due to memory allocation failure.

PRJ-16500,
PMTR-58709

Anti-Malware

In rare scenarios, Security Gateway crashes during CIFS traffic when the Anti-Virus blade is in Hold mode and the CIFS feature is enabled for Anti-Virus or Threat Extraction (see sk101606).

PRJ-15540,
PMTR-54954

Mobile Access

Mobile Access Secure Workspace feature does not work with SAML/IDP-based authentication when running Secure Workspace is optional.

PRJ-14652,
PMTR-56622

Mobile Access

The Mobile Access Blade's portal dialog for editing web application SSO credentials may not work correctly.

PRJ-16998,
PRJ-16965

Mobile Access

Mobile Access portal may become unresponsive after Jumbo Hotfix uninstallation. Refer to sk169152.

PRJ-17446

Mobile Access

Mobile Access Blade may fail to install on VSX environments due to a missing configuration file.

PRJ-16681,
PRHF-12714

SecureXL

In a rare scenario, Security gateway may crash when receiving packets from an MDPS management interface.

PRJ-14463,
PRHF-4457

SecureXL

In a rare scenario, the Security Gateway may crash when deleting certain non-TCP connections.

PRJ-10498,
PMTR-50926

SecureXL

In some scenarios, SecureXL makes an offload decision to not accelerate multicast traffic for route-based VPN.

PRJ-15902,
PRHF-12374

SecureXL

An asymmetric routing issue may occur between a Virtual System and a Virtual Switch/Router.

PRJ-15485,
PMTR-54930

Routing

BGP fails to establish with high MTU setting on Gaia 3.10.

PRJ-15393,
PRHF-11950

Routing

A TCP connection between cluster master and slave may flap on OSPF attempt to delete a non-Max-Aage LSA.

PRJ-16575,
SPC-3089

Routing

In some scenarios, the routed daemon may unexpectedly exit with BGP.

PRJ-14407,
PMTR-54728

VPN

Connectivity improvements for Remote Access VPN with L2TP.

PRJ-15534,
PMTR-56073

VPN

The "vpn tu tlist" command shows the wrong number of clients connected in Visitor mode.

PRJ-10953,
PRHF-8923

VPN

In some scenarios, VPN tunnel connection is dropped with "no MSA for MSPI" error. Refer to sk167393.

PRJ-15331,
VPNRA-379

VPN

In some scenarios, Remote Access VPN traffic may be dropped when XFF is enabled.

PRJ-15322,
PMTR-48973

VPN

In some scenarios, using LS/HA mode on a VPN tunnel may cause packets to be dropped. Refer to sk160612.

PRJ-14576,
PMTR-54771

VPN

IP compression may not work in some scenarios when IKEv2 is configured.

PRJ-15622,
PMTR-57459

VPN

Access Roles with MAB SNX as the client type may not work.

PRJ-11052,
PRHF-7972

VPN

Improved NAT Detection with 3rd party peers in IKEv1 and IKEv2. Refer to sk165003.

PRJ-16211,
VPNRA-469

VPN

Stability improvement for Remote Access VPN.

PRJ-15467,
PMTR-46467

VPN

When IKEv2 is configured, traffic that originated from the DAIP external interface may fail to pass.

PRJ-15838,
PMTR-40895

VPN

When a Gateway does not recognize the SPI, it sometimes sends the "Invalid SPI" notification in clear. As a result, the peer may ignore it, resulting in an outage.

PRJ-16015,
PMTR-55514

VPN

In rare scenarios, Remote Access clients may not be able to re-connect after a failover.

PRJ-15996,
PRHF-11856

Gaia OS

NEW: Added Multi-Queue (MQ) support for Sync interface.

PRJ-14591,
PRHF-12060

Gaia OS

Reduced the logging of vague messages when the user adds a known host in Clish.

PRJ-12864,
PMTR-51379

Gaia OS

Creating LOM users for Smart-1 525/625/5050/5150 appliances may fail if the username length is shorter then 4 characters.

PRJ-11861,
PRHF-9702

Gaia OS

It is not allowed to create usernames with reserved words, such as 'eval', 'apply' etc., in the middle of the username in WebUI. Refer to sk170681.

PRJ-11994,
PRHF-10312

Gaia OS

In rare scenarios, a snapshot creation may fail.

PRJ-12741,
PMTR-51157

Gaia OS

Restore backup may fail due to unmatched upgrade tools.

PRJ-17321,
PMTR-58887

Gaia OS

Certain Clish commands, like "show interfaces all", may cause confd to crash. Refer to sk170324.

PRJ-16922,
PRHF-12593

Gaia OS

In a rare scenario, the "Allowed-clients" feature does not work as expected for SSH.

PRJ-13942,
PRHF-11368

Gaia OS

In some scenarios, when the RADIUS user enables bash logging (as per sk99134) and moves to expert mode, the username in the log files appears as admin instead of RADIUS.

PRJ-16080,
PMTR-57581

Gaia OS

In some scenarios, when the user tries to return to the factory default, the machine reverts to a different snapshot.

PRJ-16567,
PRHF-12526

Gaia OS

In the Management Data Plane Separation (MDPS) environment, the output for the "show asset network" command may not report some line cards if they have mixed management/data plane interfaces.

PRJ-10079,
PMTR-50675

Gaia OS

When enlarging the partition via lvm_manager from a small partition to a larger partition, the user may reach an internal filesystem settings limit. As a result, some filesystem monitoring commands unexpectedly exit. Refer to sk165258.

PRJ-15861,
PMTR-57779

Gaia OS

The "Error I40E_AQ_RC_EINVAL adding RX filters on PF" error may appear during i40e driver operation and RSS key may be reset during certain driver operations.

PRJ-11130,
PMTR-51775

Gaia OS

Setting LACP rate does not survive a reboot on Gaia 3.10.

PRJ-15600,
PRHF-11404

Endpoint Security

Gaia backup with Endpoint Management may miss some information from the Endpoint database. Refer to sk168062.

PRJ-16474,
PRHF-11087

Endpoint Security

"An unexpected error occurred" message may appear when the user clicks on 'View Current Status' in SmartEndpoint's 'Overview' tab. Refer to sk167176.

PRJ-15423,
PMTR-57126

CloudGuard Network

NEW: Added support for VMware vCenter version 7 to CloudGuard Controller.

PRJ-12838,
PMTR-53868

CloudGuard Network

NEW: Added new AWS regions af-south-1, ap-northeast-3, and eu-south-1.

PRJ-16019,
PRHF-12425

CloudGuard Network

In some scenarios, CloudGuard Controller may lose connection to GCP projects. Refer to sk168499.

PRJ-16254,
PRHF-12538

CloudGuard Network

Scanning of GCP Data Center may fail when instance does not have disks.

PRJ-12185,
VSECC-1293

CloudGuard Network

CloudGuard Controller may sometimes update the Standby cluster member in VSLS mode.

PRJ-16223,
PRHF-12510

CloudGuard Network

Azure Data Center scan may fail and no updated are sent to the Security gateway.

PRJ-15355,
STRM-152

QoS

In some scenarios, QoS Policy installation fails with the following message: "Error - QoS Policy does not apply to any network interface. Please edit your Network Object and check the interfaces you wish to install on" when policy is defined properly on the interface.

Top Articles
Latest Posts
Article information

Author: Ouida Strosin DO

Last Updated: 12/28/2022

Views: 5522

Rating: 4.6 / 5 (56 voted)

Reviews: 87% of readers found this page helpful

Author information

Name: Ouida Strosin DO

Birthday: 1995-04-27

Address: Suite 927 930 Kilback Radial, Candidaville, TN 87795

Phone: +8561498978366

Job: Legacy Manufacturing Specialist

Hobby: Singing, Mountain biking, Water sports, Water sports, Taxidermy, Polo, Pet

Introduction: My name is Ouida Strosin DO, I am a precious, combative, spotless, modern, spotless, beautiful, precious person who loves writing and wants to share my knowledge and understanding with you.