This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Danny
Champion Champion
Champion
‎2019-01-03 01:57 AM

R80.10: New Jumbo Hotfix (Take 169) GA-Release

A new General Availability Jumbo Hotfix Accumulator take for R80.10 (Take 169) is available.

Also download and install the updated R80.10 SmartConsole (Build 093).

Take_169 is the latest General Availability release that can be directly downloaded from Check Point Cloud using CPUSE and from sk116380.

Resolved issues since previous GA-Take:

IDProductDescription
R80.10 Jumbo HotFix - General Availability Take 169 (27 November 2018, GA from 26 December 2018)
PMTR-23990,
PRHF-1450		Security Management

Policy installation fails with "Policy installation had failed due to an internal error" message when Security gateway has more than hundred interfaces.
Refer to sk138592.

PMTR-24005,
PMTR-22022		Security ManagementRemote Access users configured with Pre-Shared Secret Key (PSK) cannot connect after upgrade from R77.x. 
PMTR-22277,
PMTR-23219,
PMTR-23217		Security ManagementLog in to the primary Multi-Domain Management GUI fails due to HA and logging objects synchronization generating high load. 
PMTR-22725,
PMTR-22508,
PMTR-23500		Security ManagementUpgrade from R77.30 fails with "Object SyncUsrCntr could not be deleted because it is referenced by other objects" exception. 
PMTR-22894,
PMTR-10245		Security ManagementThe /var/log partition fills up with the core dump files when Management server is overloaded.
PMTR-23698,
02499554		Security Gateway

The following errors may be displayed while uploading archive with several data types:

  • "Application Control - HTTP parsing error occurred"
  • "Content Awareness - Error: Invalid state in protocol (11)" 
  • "HTTP parsing error occurred, bypass request"
PMTR-14596,
PMTR-10574		Security GatewayDCOM traffic (part of DCERPC services) is dropped by Security gateway when allowing specific DCOM services.
PMTR-25227,
PMTR-25078,
PMTR-25181,
IDA-1226		Identity Awareness

Improved error handing when Identity Sharing is used and remote PDP server does not respond due to prolong outage.
Refer to sk141152.

PMTR-23898Logging
  • Added new "GDPR security report" report. 
  • The "Security Checkup report" was updated with the new content.
PMTR-22950,
02490101		VPNVPN Tunnel instability problem when working with Cisco Gateway using IKEv2. Refer to sk116776
PMTR-22825,
VSECC-734		CloudGuardCloudGuard Controller Data Center objects are not enforced on Multi-Domain Security Management.
Refer to sk139372.
PMTR-22521All

Added ability for R80.10 Security Management or Multi-Domain Server to manage R80.20 Security gateway. To enable this:

  • Install R80.10 Jumbo Hotfix Accumulator Take 167 or higher
  • Install R80.10 SmartConsole Build 89 or higher (refer to sk119612)
Note that if you choose to not upgrade to R80.20 Security Management server or Multi-Domain Server, the new features will not be supported.
PMTR-20498Gaia OSAdded SHA2 encryption for Gaia users passwords (excluding Smart-1 525, 5050 and 5150).
PMTR-16440,
PRHF-530,
01743689		Gaia OS Sensors display order is incorrect in the output of "cpstat os -f sensors" command.
Refer to sk107672.
PMTR-20038,
PMTR-22373		Gaia OS"/opt/CPInstLog/uninstall_SecurePlatform_R80_10_JHF_PLATO:Uninstallation failed!" error during uninstallation of Jumbo Hotfix Take on Smart-1 device. Newer version of RPMs remain installed after uninstall. 
PMTR-11977,
PMTR-20018,
02567615		Gaia OSAn event logged in /var/log/messages is generated multiple times in consecutive order, and the syslog daemon compresses all repeated attempts with entry "last message repeated X times" in /var/log/messages file. 
Refer to sk119913.
PMTR-20425,
PMTR-14191,
PMTR-20370		Gaia OSIn some scenarios, machines with the igb driver (on-board Mgmt/Sync and 1G expansion cards) receive the "Detected Tx Unit Hang" messages in /var/log/messages file.
PRHF-734, PMTR-11728 Security ManagementIn rare scenarios, the CPM service does not start on machine startup. 
PMTR-22967,
MCFG-45		Multi-Domain ManagementThe license status for the MDS shows as "N/A" in SmartConsole's License Report. 
Refer to sk132575.
PMTR-18007,
PMTR-18004		Multi-Domain ManagementAfter cloning a policy package that has an assigned Global Policy package, the Domain layers in the placeholder of some of the assigned global layers are not cloned and empty. 
Refer to sk134012.
PMTR-12050,
PMTR-13198		Multi-Domain ManagementCannot synchronize secondary Domain Server after migrating new Domain with cma_migrate.
Refer to sk127954
PMTR-20295,
API-409		SmartConsoleWhen specifying from-date in the "show-changes" Management API command, changes of the first session in range are not displayed. 
PMTR-23062,
PMTR-22415		SmartUpdateSmartUpdate hangs on launch due to over 4000+ unattached licenses. 
Refer to sk136512.
PMTR-20272,
02692416		SmartView MonitorIn some scenarios, SmartView Monitor shows more throughput than what actually goes through the Security gateway.
PMTR-15575,
02436860		Content AwarenessContent Awareness supports HTML forms using URL encoding (also known as Percent-encoding). HTML traffic, encoded (binary to text encoding) as Base64 and NCR, is not properly inspected for content. 
PMTR-14858,
PMTR-14633		Threat ExtractionTIFF images replacement on PDF files sometimes fails and can corrupt the file. 
PMTR-21559,
PMTR-21393		Anti-MalwareIn rare scenarios, a Security gateway crashes in mail_security code due to out of bound memory access. 
PMTR-21913,
PMTR-16557		DLPImproved DLP file type detection when uploading files to Gmail.
PMTR-6238,
IDA-623		Identity AwarenessHigh CPU usage after policy installation when PDPD is running. Refer to sk122352
PMTR-19899,
PMTR-19733		Identity AwarenessEnabling Packet Tagging and MUH traffic enforcement takes effect only after reboot.
PMTR-21289,
PMTR-19167		SSL InspectionSeveral applications are not matched correctly when Application Control and HTTPS Inspection are enabled.
PMTR-18923,
PRHF-743		SSL InspectionHTTPS traffic is inspected when it is configured to be bypassed: when HTTPS Inspection is enabled and probe bypass is 0. 
Refer to sk132913
PMTR-19664,
PMTR-19049		RoutingPIM standby node crashes when adding multiple VPN tunnels with the same local endpoint as PIM interfaces.
PMTR-20075,
PMTR-18338		SecureXL"sume_from_fw_forward: dropping packet of for vsid=0 due to loop prevention" dmesg errors during policy installation failure. 
PMTR-11941,
PMTR-13827,
02482488		CoreXLCoreXL FW instance offloads a partial/anticipated connection that already exists.
Refer to Scenario 5 in sk100467.
PMTR-20161,
PMTR-5366		CoreXLWhen running the "fw ctl multik stop" command several times, only the target instance of the last command is stopped, while others start working again. 
PMTR-21760,
02630742		Mobile AccessIn some scenarios, Capsule Workspace Push notifications are not received. Refer to sk120334.
PMTR-21684,
VPNRA-99		VPNIn rare scenarios, Security gateway randomly drops all SNX packets on a connection attempt.
PMTR-19532,
02550811		VPNWhen a second user behind the same router connects with an L2TP client, the first user that is already connected gets disconnected.
Refer to sk119141
PMTR-12787,
IDA-982,
PMTR-23382		VPNUser cannot connect to a VPN site that belongs to a group that has a special character in its name.
Refer to sk124514.
PMTR-17652,
PMTR-16730,
PMTR-17651, PMTR-16731,
PMTR-17648,
PMTR-16734		VPNImproved IKE negotiation stability in S2S with 3rd party devices.
PMTR-17650,
PMTR-16732		VPNWhen NAT-T is detected, Security gateway not always switches to port 4500, causing a VPN tunnel termination. 
PMTR-10457,
02708339		VPNSite-to-Site VPN cannot be established with IKEv2 on VSec for Azure / CloudGuard for Azure.
Refer to sk122675
PMTR-21859,
VPNS2S-280		VPNImproved fragmentation handling for TCP over VPN.
PMTR-19703,
PMTR-8170		VPNTunnel to 3rd party device fails if IKE-ID is not equal to local outbound interface. 
PMTR-17289VSXIn rare scenarios, VSX gateway crashes under heavy load when SecureXL is enabled.
PMTR-19973,
02757621		Endpoint Security"Cannot create certificate" error message when cannot enroll user certificate on Endpoint Security VPN client after January 24th 2018.
Refer to sk122874
PMTR-18402,
PMTR-9755		Acceleration CardIn rare scenarios, Security gateway crashes after enabling Acceleration Card and using the ipsctl utility.
1 Reply
David_Herselman
Advisor
‎2019-01-06 11:08 AM

Upgrading vSEC R80.10 take 421 JHA take 154 to 169 results in 30/30 KVM virtuals sitting on GRUB prompt on restart.

I'll log a query with TAC. Experienced this when upgrading HFA take 154 to 167, again when rolling back to 154 and every instance where we upgraded 154 to 169.

Remediation process involves manually entering the minimal GRUB configuration lines necessary to boot the system and then subsequently re-installing GRUB:

·         On ‘grub>’ prompt enter the following:

root (hd0,0)

kernel /vmlinuz-x86_64 ro root=/dev/vg_splat/lv_current noht panic=15 crashkernel=128M@16M 3

initrd /initrd-x86_64

boot

·         Once started connect via SSH and do the following:

[Expert@fwcp1:0]# grub

grub> device (hd0) /dev/vda

grub> root (hd0,0)

grub> setup (hd0)

grub> quit

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top