cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Employee+
Employee+

R80.10: New Jumbo Hotfix (Take 185) On-Going Release

A new On-Going Jumbo Hotfix Accumulator take for R80.10 (Take185) is available. Please refer to sk116380

To get this take please use the package identifier mentioned in sk116380.

Product

Description

Security Management

Values updated in resourceProfiles files to handle high CPU utilization for "Java" process (described in sk123417) are not resistant and get overridden after Jumbo Hotfix Accumulator installation or backup/restore or export/import procedures.

Security Management

Once user performs any change to his configuration, the Compliance blade performs a partial scan and calculates the relevant Best practices. During this scan, exceptions of relevant objects for these Best practices are deleted. Meaning, if previously obj1 was excluded from applying Best practice #1, during partial scan obj1 will be relinked to Best practice #1. 

Security Gateway

Added support for NAT on payload of H323 packets when different IP addresses are used for payload and control.

Security Gateway

In some scenarios, traffic is dropped when using non-FQDN Domain object in policy. 

Identity Awareness

In some scenarios, Identity Agent fails to authenticate using Kerberos SSO due to very large Kerberos ticket and the agent fallback to User/Password authentication. Refer to sk145832.

Anti-Malware

Added support for more than 10000 IOC indicators to improve capacity and performance. 

Threat Emulation

Added ability to update Threat Emulation file types in an offline environment.

Threat Extraction

The scrub_cleanup script fails to delete files when there is a large amount of files (over 5000) in the /tmp/scrub directory.

SmartConsole

"Error: SIC initialization failed because of failure in parsing the certificate file" error when user attempts to log in with certificate to API (mgmt_cli) with password including "!". 

SmartConsole

"Synchronization with Check Point UserCenter" feature displays "Synchronization with Check Point UserCenter requires a valid license." warning message even though all licenses are valid. 

SmartConsole

Web API show-package fails if the package was installed on a cluster member which is already deleted. Refer to sk144132.

Logging

When Security gateway is configured to send alerts only to a specific Log server, logs may be written locally on the gateway instead to be sent to the Log server. 

Logging

After upgrading from R80.10 to Jumbo Hotfix Accumulator Take 142 or higher, emails from Check Point server arrive with blank email body. Refer to sk142492.

Logging

When scheduled log switch is set to midnight in SmartConsole, logs and indexes are not being deleted according to configuration.

Logging

After Daylight saving time change, the logs from the time of change until the end of the day are not indexed and the "Illegal instant due to time zone offset transition (daylight savings time 'gap')" error is displayed in solr.elg file.

Logging

In some scenarios, Log indexer stopped indexing logs because of a corrupted row in FetchedFiles. 

VPN

Remote Access VPN connectivity process when authenticating with certificates was improved.

VPN

After Cluster failover, VPN tunnel is down and "Unknown SPI for IPsec packet" log is shown. Refer to sk112339.

HTTPS Inspection

When HTTPS Inspection is enabled and "Hide X-Forwarded-For in outgoing traffic" option is selected, the XFF header is not obfuscated on HTTPs traffic.

SSL Inspection

Change SSL Network Extender on MacOS to 64-bit architecture to support 32-bit apps depreciation in OSX.

SSL Inspection

Traffic to HTTPS websites is dropped on "Unknown Traffic" category, if the certificate length sent from web server exceeds the limit. Refer to sk105321.

SSL Inspection

Added support to custom extension used by Apple. 

ClusterXL 

In some scenarios, local traffic between cluster members is dropped due to out of state. Refer to sk123795

SecureXL

Memory consumption on Security Gateway increases after enabling NetFlow v9 in Gaia OS. Refer to sk118719

SecureXL

Connectivity issues with "handle_outbound_pac, Reason: connection not found" debug messages on dropped traffic. Refer to sk101134, Scenario 2.

Gaia OS

When using conv2db to recreate Gaia database from /config/active, comments are not skipped and the new database file may contain irrelevant information. Refer to sk139832. Note: the issue is cosmetic only.

Gaia OS

The "iotop" command does not work on Smart-1 525, 5050 and 51580 appliances. 

Gaia OS

CVE-2018-15473: Username enumeration is possible due to a premature bail-out while dealing with a malformed packet. The issue exists in several authentication protocols. 

Gaia OS

Connectivity problem for 10 Gigabit fiber network interfaces (be2net driver) after upgrade from R77.30.

Gaia OS 

In some scenarios, BIOS sensor randomly goes into "unknown" state. Refer to sk138332.

VSX

In some scenarios, vpnd process stops working and there is no decrypt log.

VSX

There is no failover after disabling a monitored VLAN after upgrade to R80.10. Refer to sk128692.

VSX

Traffic from a Virtual System in VSX Cluster to Security Management Server is dropped with "Local interface address spoofing" log. Refer to sk110473