|R80.10 Jumbo HotFix - General Availability Take 169 (27 November 2018, GA from 26 December 2018)|
Policy installation fails with "Policy installation had failed due to an internal error" message when Security gateway has more than hundred interfaces.
Refer to sk138592.
|Security Management||Remote Access users configured with Pre-Shared Secret Key (PSK) cannot connect after upgrade from R77.x. |
|Security Management||Log in to the primary Multi-Domain Management GUI fails due to HA and logging objects synchronization generating high load. |
|Security Management||Upgrade from R77.30 fails with "Object SyncUsrCntr could not be deleted because it is referenced by other objects" exception. |
|Security Management||The /var/log partition fills up with the core dump files when Management server is overloaded.|
The following errors may be displayed while uploading archive with several data types:
- "Application Control - HTTP parsing error occurred"
- "Content Awareness - Error: Invalid state in protocol (11)"
- "HTTP parsing error occurred, bypass request"
|Security Gateway||DCOM traffic (part of DCERPC services) is dropped by Security gateway when allowing specific DCOM services.|
Improved error handing when Identity Sharing is used and remote PDP server does not respond due to prolong outage.
Refer to sk141152.
- Added new "GDPR security report" report.
- The "Security Checkup report" was updated with the new content.
|VPN||VPN Tunnel instability problem when working with Cisco Gateway using IKEv2. Refer to sk116776. |
|CloudGuard||CloudGuard Controller Data Center objects are not enforced on Multi-Domain Security Management.|
Refer to sk139372.
Added ability for R80.10 Security Management or Multi-Domain Server to manage R80.20 Security gateway. To enable this:
Note that if you choose to not upgrade to R80.20 Security Management server or Multi-Domain Server, the new features will not be supported.
- Install R80.10 Jumbo Hotfix Accumulator Take 167 or higher
- Install R80.10 SmartConsole Build 89 or higher (refer to sk119612)
|PMTR-20498||Gaia OS||Added SHA2 encryption for Gaia users passwords (excluding Smart-1 525, 5050 and 5150).|
|Gaia OS ||Sensors display order is incorrect in the output of "cpstat os -f sensors" command.|
Refer to sk107672.
|Gaia OS||"/opt/CPInstLog/uninstall_SecurePlatform_R80_10_JHF_PLATO:Uninstallation failed!" error during uninstallation of Jumbo Hotfix Take on Smart-1 device. Newer version of RPMs remain installed after uninstall. |
|Gaia OS||An event logged in /var/log/messages is generated multiple times in consecutive order, and the syslog daemon compresses all repeated attempts with entry "last message repeated X times" in /var/log/messages file. |
Refer to sk119913.
|Gaia OS||In some scenarios, machines with the igb driver (on-board Mgmt/Sync and 1G expansion cards) receive the "Detected Tx Unit Hang" messages in /var/log/messages file.|
|PRHF-734, PMTR-11728 ||Security Management||In rare scenarios, the CPM service does not start on machine startup. |
|Multi-Domain Management||The license status for the MDS shows as "N/A" in SmartConsole's License Report. |
Refer to sk132575.
|Multi-Domain Management||After cloning a policy package that has an assigned Global Policy package, the Domain layers in the placeholder of some of the assigned global layers are not cloned and empty. |
Refer to sk134012.
|Multi-Domain Management||Cannot synchronize secondary Domain Server after migrating new Domain with cma_migrate.|
Refer to sk127954.
|SmartConsole||When specifying from-date in the "show-changes" Management API command, changes of the first session in range are not displayed. |
|SmartUpdate||SmartUpdate hangs on launch due to over 4000+ unattached licenses. |
Refer to sk136512.
|SmartView Monitor||In some scenarios, SmartView Monitor shows more throughput than what actually goes through the Security gateway.|
|Content Awareness||Content Awareness supports HTML forms using URL encoding (also known as Percent-encoding). HTML traffic, encoded (binary to text encoding) as Base64 and NCR, is not properly inspected for content. |
|Threat Extraction||TIFF images replacement on PDF files sometimes fails and can corrupt the file. |
|Anti-Malware||In rare scenarios, a Security gateway crashes in mail_security code due to out of bound memory access. |
|DLP||Improved DLP file type detection when uploading files to Gmail.|
|Identity Awareness||High CPU usage after policy installation when PDPD is running. Refer to sk122352. |
|Identity Awareness||Enabling Packet Tagging and MUH traffic enforcement takes effect only after reboot.|
|SSL Inspection||Several applications are not matched correctly when Application Control and HTTPS Inspection are enabled.|
|SSL Inspection||HTTPS traffic is inspected when it is configured to be bypassed: when HTTPS Inspection is enabled and probe bypass is 0. |
Refer to sk132913.
|Routing||PIM standby node crashes when adding multiple VPN tunnels with the same local endpoint as PIM interfaces.|
|SecureXL||"sume_from_fw_forward: dropping packet of for vsid=0 due to loop prevention" dmesg errors during policy installation failure. |
|CoreXL||CoreXL FW instance offloads a partial/anticipated connection that already exists.|
Refer to Scenario 5 in sk100467.
|CoreXL||When running the "fw ctl multik stop" command several times, only the target instance of the last command is stopped, while others start working again. |
|Mobile Access||In some scenarios, Capsule Workspace Push notifications are not received. Refer to sk120334.|
|VPN||In rare scenarios, Security gateway randomly drops all SNX packets on a connection attempt.|
|VPN||When a second user behind the same router connects with an L2TP client, the first user that is already connected gets disconnected.|
Refer to sk119141.
|VPN||User cannot connect to a VPN site that belongs to a group that has a special character in its name. |
Refer to sk124514.
|VPN||Improved IKE negotiation stability in S2S with 3rd party devices.|
|VPN||When NAT-T is detected, Security gateway not always switches to port 4500, causing a VPN tunnel termination. |
|VPN||Site-to-Site VPN cannot be established with IKEv2 on VSec for Azure / CloudGuard for Azure.|
Refer to sk122675.
|VPN||Improved fragmentation handling for TCP over VPN.|
|VPN||Tunnel to 3rd party device fails if IKE-ID is not equal to local outbound interface. |
|PMTR-17289||VSX||In rare scenarios, VSX gateway crashes under heavy load when SecureXL is enabled.|
|Endpoint Security||"Cannot create certificate" error message when cannot enroll user certificate on Endpoint Security VPN client after January 24th 2018.|
Refer to sk122874.
|Acceleration Card||In rare scenarios, Security gateway crashes after enabling Acceleration Card and using the ipsctl utility.|