Product | Description |
Security Management | Values updated in resourceProfiles files to handle high CPU utilization for "Java" process (described in sk123417) are not resistant and get overridden after Jumbo Hotfix Accumulator installation or backup/restore or export/import procedures. |
Security Management | Once user performs any change to his configuration, the Compliance blade performs a partial scan and calculates the relevant Best practices. During this scan, exceptions of relevant objects for these Best practices are deleted. Meaning, if previously obj1 was excluded from applying Best practice #1, during partial scan obj1 will be relinked to Best practice #1. |
Security Gateway | Added support for NAT on payload of H323 packets when different IP addresses are used for payload and control. |
Security Gateway | In some scenarios, traffic is dropped when using non-FQDN Domain object in policy. |
Identity Awareness | In some scenarios, Identity Agent fails to authenticate using Kerberos SSO due to very large Kerberos ticket and the agent fallback to User/Password authentication. Refer to sk145832. |
Anti-Malware | Added support for more than 10000 IOC indicators to improve capacity and performance. |
Threat Emulation | Added ability to update Threat Emulation file types in an offline environment. |
Threat Extraction | The scrub_cleanup script fails to delete files when there is a large amount of files (over 5000) in the /tmp/scrub directory. |
SmartConsole | "Error: SIC initialization failed because of failure in parsing the certificate file" error when user attempts to log in with certificate to API (mgmt_cli) with password including "!". |
SmartConsole | "Synchronization with Check Point UserCenter" feature displays "Synchronization with Check Point UserCenter requires a valid license." warning message even though all licenses are valid. |
SmartConsole | Web API show-package fails if the package was installed on a cluster member which is already deleted. Refer to sk144132. |
Logging | When Security gateway is configured to send alerts only to a specific Log server, logs may be written locally on the gateway instead to be sent to the Log server. |
Logging | After upgrading from R80.10 to Jumbo Hotfix Accumulator Take 142 or higher, emails from Check Point server arrive with blank email body. Refer to sk142492. |
Logging | When scheduled log switch is set to midnight in SmartConsole, logs and indexes are not being deleted according to configuration. |
Logging | After Daylight saving time change, the logs from the time of change until the end of the day are not indexed and the "Illegal instant due to time zone offset transition (daylight savings time 'gap')" error is displayed in solr.elg file. |
Logging | In some scenarios, Log indexer stopped indexing logs because of a corrupted row in FetchedFiles. |
VPN | Remote Access VPN connectivity process when authenticating with certificates was improved. |
VPN | After Cluster failover, VPN tunnel is down and "Unknown SPI for IPsec packet" log is shown. Refer to sk112339. |
HTTPS Inspection | When HTTPS Inspection is enabled and "Hide X-Forwarded-For in outgoing traffic" option is selected, the XFF header is not obfuscated on HTTPs traffic. |
SSL Inspection | Change SSL Network Extender on MacOS to 64-bit architecture to support 32-bit apps depreciation in OSX. |
SSL Inspection | Traffic to HTTPS websites is dropped on "Unknown Traffic" category, if the certificate length sent from web server exceeds the limit. Refer to sk105321. |
SSL Inspection | Added support to custom extension used by Apple. |
ClusterXL | In some scenarios, local traffic between cluster members is dropped due to out of state. Refer to sk123795. |
SecureXL | Memory consumption on Security Gateway increases after enabling NetFlow v9 in Gaia OS. Refer to sk118719. |
SecureXL | Connectivity issues with "handle_outbound_pac, Reason: connection not found" debug messages on dropped traffic. Refer to sk101134, Scenario 2. |
Gaia OS | When using conv2db to recreate Gaia database from /config/active, comments are not skipped and the new database file may contain irrelevant information. Refer to sk139832. Note: the issue is cosmetic only. |
Gaia OS | The "iotop" command does not work on Smart-1 525, 5050 and 51580 appliances. |
Gaia OS | CVE-2018-15473: Username enumeration is possible due to a premature bail-out while dealing with a malformed packet. The issue exists in several authentication protocols. |
Gaia OS | Connectivity problem for 10 Gigabit fiber network interfaces (be2net driver) after upgrade from R77.30. |
Gaia OS | In some scenarios, BIOS sensor randomly goes into "unknown" state. Refer to sk138332. |
VSX | In some scenarios, vpnd process stops working and there is no decrypt log. |
VSX | There is no failover after disabling a monitored VLAN after upgrade to R80.10. Refer to sk128692. |
VSX | Traffic from a Virtual System in VSX Cluster to Security Management Server is dropped with "Local interface address spoofing" log. Refer to sk110473. |
