cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Danny
Jade

R80.10: New Jumbo Hotfix (Take 169) GA-Release

A new General Availability Jumbo Hotfix Accumulator take for R80.10 (Take 169) is available.

Also download and install the updated R80.10 SmartConsole (Build 093).

Take_169 is the latest General Availability release that can be directly downloaded from Check Point Cloud using CPUSE and from sk116380.

Resolved issues since previous GA-Take:

IDProductDescription
R80.10 Jumbo HotFix - General Availability Take 169 (27 November 2018, GA from 26 December 2018)
PMTR-23990,
PRHF-1450
Security Management

Policy installation fails with "Policy installation had failed due to an internal error" message when Security gateway has more than hundred interfaces.
Refer to sk138592.

PMTR-24005,
PMTR-22022
Security ManagementRemote Access users configured with Pre-Shared Secret Key (PSK) cannot connect after upgrade from R77.x. 
PMTR-22277,
PMTR-23219,
PMTR-23217
Security ManagementLog in to the primary Multi-Domain Management GUI fails due to HA and logging objects synchronization generating high load. 
PMTR-22725,
PMTR-22508,
PMTR-23500
Security ManagementUpgrade from R77.30 fails with "Object SyncUsrCntr could not be deleted because it is referenced by other objects" exception. 
PMTR-22894,
PMTR-10245
Security ManagementThe /var/log partition fills up with the core dump files when Management server is overloaded.
PMTR-23698,
02499554
Security Gateway

The following errors may be displayed while uploading archive with several data types:

  • "Application Control - HTTP parsing error occurred"
  • "Content Awareness - Error: Invalid state in protocol (11)" 
  • "HTTP parsing error occurred, bypass request"
PMTR-14596,
PMTR-10574
Security GatewayDCOM traffic (part of DCERPC services) is dropped by Security gateway when allowing specific DCOM services.
PMTR-25227,
PMTR-25078,
PMTR-25181,
IDA-1226
Identity Awareness

Improved error handing when Identity Sharing is used and remote PDP server does not respond due to prolong outage.
Refer to sk141152.

PMTR-23898Logging
  • Added new "GDPR security report" report. 
  • The "Security Checkup report" was updated with the new content.
PMTR-22950,
02490101
VPNVPN Tunnel instability problem when working with Cisco Gateway using IKEv2. Refer to sk116776
PMTR-22825,
VSECC-734
CloudGuardCloudGuard Controller Data Center objects are not enforced on Multi-Domain Security Management.
Refer to sk139372.
PMTR-22521All

Added ability for R80.10 Security Management or Multi-Domain Server to manage R80.20 Security gateway. To enable this:

  • Install R80.10 Jumbo Hotfix Accumulator Take 167 or higher
  • Install R80.10 SmartConsole Build 89 or higher (refer to sk119612)
Note that if you choose to not upgrade to R80.20 Security Management server or Multi-Domain Server, the new features will not be supported.
PMTR-20498Gaia OSAdded SHA2 encryption for Gaia users passwords (excluding Smart-1 525, 5050 and 5150).
PMTR-16440,
PRHF-530,
01743689
Gaia OS Sensors display order is incorrect in the output of "cpstat os -f sensors" command.
Refer to sk107672.
PMTR-20038,
PMTR-22373
Gaia OS"/opt/CPInstLog/uninstall_SecurePlatform_R80_10_JHF_PLATO:Uninstallation failed!" error during uninstallation of Jumbo Hotfix Take on Smart-1 device. Newer version of RPMs remain installed after uninstall. 
PMTR-11977,
PMTR-20018,
02567615
Gaia OSAn event logged in /var/log/messages is generated multiple times in consecutive order, and the syslog daemon compresses all repeated attempts with entry "last message repeated X times" in /var/log/messages file. 
Refer to sk119913.
PMTR-20425,
PMTR-14191,
PMTR-20370
Gaia OSIn some scenarios, machines with the igb driver (on-board Mgmt/Sync and 1G expansion cards) receive the "Detected Tx Unit Hang" messages in /var/log/messages file.
PRHF-734, PMTR-11728 Security ManagementIn rare scenarios, the CPM service does not start on machine startup. 
PMTR-22967,
MCFG-45
Multi-Domain ManagementThe license status for the MDS shows as "N/A" in SmartConsole's License Report. 
Refer to sk132575.
PMTR-18007,
PMTR-18004
Multi-Domain ManagementAfter cloning a policy package that has an assigned Global Policy package, the Domain layers in the placeholder of some of the assigned global layers are not cloned and empty. 
Refer to sk134012.
PMTR-12050,
PMTR-13198
Multi-Domain ManagementCannot synchronize secondary Domain Server after migrating new Domain with cma_migrate.
Refer to sk127954
PMTR-20295,
API-409
SmartConsoleWhen specifying from-date in the "show-changes" Management API command, changes of the first session in range are not displayed. 
PMTR-23062,
PMTR-22415
SmartUpdateSmartUpdate hangs on launch due to over 4000+ unattached licenses. 
Refer to sk136512.
PMTR-20272,
02692416
SmartView MonitorIn some scenarios, SmartView Monitor shows more throughput than what actually goes through the Security gateway.
PMTR-15575,
02436860
Content AwarenessContent Awareness supports HTML forms using URL encoding (also known as Percent-encoding). HTML traffic, encoded (binary to text encoding) as Base64 and NCR, is not properly inspected for content. 
PMTR-14858,
PMTR-14633
Threat ExtractionTIFF images replacement on PDF files sometimes fails and can corrupt the file. 
PMTR-21559,
PMTR-21393
Anti-MalwareIn rare scenarios, a Security gateway crashes in mail_security code due to out of bound memory access. 
PMTR-21913,
PMTR-16557
DLPImproved DLP file type detection when uploading files to Gmail.
PMTR-6238,
IDA-623
Identity AwarenessHigh CPU usage after policy installation when PDPD is running. Refer to sk122352
PMTR-19899,
PMTR-19733
Identity AwarenessEnabling Packet Tagging and MUH traffic enforcement takes effect only after reboot.
PMTR-21289,
PMTR-19167
SSL InspectionSeveral applications are not matched correctly when Application Control and HTTPS Inspection are enabled.
PMTR-18923,
PRHF-743
SSL InspectionHTTPS traffic is inspected when it is configured to be bypassed: when HTTPS Inspection is enabled and probe bypass is 0. 
Refer to sk132913
PMTR-19664,
PMTR-19049
RoutingPIM standby node crashes when adding multiple VPN tunnels with the same local endpoint as PIM interfaces.
PMTR-20075,
PMTR-18338
SecureXL"sume_from_fw_forward: dropping packet of for vsid=0 due to loop prevention" dmesg errors during policy installation failure. 
PMTR-11941,
PMTR-13827,
02482488
CoreXLCoreXL FW instance offloads a partial/anticipated connection that already exists.
Refer to Scenario 5 in sk100467.
PMTR-20161,
PMTR-5366
CoreXLWhen running the "fw ctl multik stop" command several times, only the target instance of the last command is stopped, while others start working again. 
PMTR-21760,
02630742
Mobile AccessIn some scenarios, Capsule Workspace Push notifications are not received. Refer to sk120334.
PMTR-21684,
VPNRA-99
VPNIn rare scenarios, Security gateway randomly drops all SNX packets on a connection attempt.
PMTR-19532,
02550811
VPNWhen a second user behind the same router connects with an L2TP client, the first user that is already connected gets disconnected.
Refer to sk119141
PMTR-12787,
IDA-982,
PMTR-23382
VPNUser cannot connect to a VPN site that belongs to a group that has a special character in its name.
Refer to sk124514.
PMTR-17652,
PMTR-16730,
PMTR-17651, PMTR-16731,
PMTR-17648,
PMTR-16734
VPNImproved IKE negotiation stability in S2S with 3rd party devices.
PMTR-17650,
PMTR-16732
VPNWhen NAT-T is detected, Security gateway not always switches to port 4500, causing a VPN tunnel termination. 
PMTR-10457,
02708339
VPNSite-to-Site VPN cannot be established with IKEv2 on VSec for Azure / CloudGuard for Azure.
Refer to sk122675
PMTR-21859,
VPNS2S-280
VPNImproved fragmentation handling for TCP over VPN.
PMTR-19703,
PMTR-8170
VPNTunnel to 3rd party device fails if IKE-ID is not equal to local outbound interface. 
PMTR-17289VSXIn rare scenarios, VSX gateway crashes under heavy load when SecureXL is enabled.
PMTR-19973,
02757621
Endpoint Security"Cannot create certificate" error message when cannot enroll user certificate on Endpoint Security VPN client after January 24th 2018.
Refer to sk122874
PMTR-18402,
PMTR-9755
Acceleration CardIn rare scenarios, Security gateway crashes after enabling Acceleration Card and using the ipsctl utility.
1 Reply

Re: R80.10: New Jumbo Hotfix (Take 169) GA-Release

Upgrading vSEC R80.10 take 421 JHA take 154 to 169 results in 30/30 KVM virtuals sitting on GRUB prompt on restart.

I'll log a query with TAC. Experienced this when upgrading HFA take 154 to 167, again when rolling back to 154 and every instance where we upgraded 154 to 169.

Remediation process involves manually entering the minimal GRUB configuration lines necessary to boot the system and then subsequently re-installing GRUB:

·         On ‘grub>’ prompt enter the following:

root (hd0,0)

kernel /vmlinuz-x86_64 ro root=/dev/vg_splat/lv_current noht panic=15 crashkernel=128M@16M 3

initrd /initrd-x86_64

boot

·         Once started connect via SSH and do the following:

[Expert@fwcp1:0]# grub

grub> device (hd0) /dev/vda

grub> root (hd0,0)

grub> setup (hd0)

grub> quit

0 Kudos