Product | Symptoms |
Security Management | Values updated in resourceProfiles files to handle high CPU utilization for "Java" process (described in sk123417) are not resistant and get overridden after Jumbo Hotfix Accumulator installation or backup/restore or export/import procedures. |
Security Management | Running the fwm sic_reset command from CMA fails with "reset_objects: updateMultiple failed". Refer to sk142512. |
Security Management | Once user performs any change to his configuration, the Compliance blade performs a partial scan and calculates the relevant Best practices. During this scan, exceptions of relevant objects for these Best practices are deleted. Meaning, if previously obj1 was excluded from applying Best practice #1, during partial scan obj1 will be relinked to Best practice #1. |
Multi-Domain Management | After new Domain creation, logs from this Domain are not seen in SmartConsole. |
Multi-Domain Management | Upgrade of the Primary Multi-Domain Server from R80.10 fails when its Global Domain is in Standby mode. Refer to sk143892. |
Multi-Domain Management | CPView is not supported on Multi-Domain Security Management environments. |
SmartConsole | "Synchronization with Check Point UserCenter" feature displays "Synchronization with Check Point UserCenter requires a valid license." warning message even though all licenses are valid. |
SmartConsole | If administrator updates his details (e.g. name, phone, email) and tries to publish the session, it fails with "Internal error" message. - After Jumbo HFA installation, the session cannot be published or discarded and any further update will fail.
|
SmartConsole | When using Global VPN Community with permanent tunnel gateways list (matrix / permanent tunnel gateways), upgrade from R7x fails. |
SmartConsole | "Error: SIC initialization failed because of failure in parsing the certificate file" error when user attempts to log in with certificate to API (mgmt_cli) with password including "!". |
SmartConsole | Web API show-package fails if the package was installed on a cluster member which is already deleted. Refer to sk144132. |
SmartConsole | Attempt to update Threat Emulation images fails with "Could not send Threat Emulation images update command, validate SIC connectivity and install policy with Threat Emulation enabled for [name]" message. |
SmartConsole | The existing regulation is not updated and appears as "EU Data Privacy" instead of "GDPR". |
Security Gateway | Traffic is dropped when using non-FQDN Domain object in Security policy. |
Security Gateway | Added support for NAT on payload of H323 packets when different IP addresses are used for payload and control. |
Threat Emulation | Added ability to update Threat Emulation file types in an offline environment. |
HTTPS Inspection | When HTTPS Inspection is enabled and "Hide X-Forwarded-For in outgoing traffic" option is selected, the XFF header is not obfuscated on HTTPs traffic. |
Identity Awareness | In some scenarios, Identity Agent fails to authenticate using Kerberos SSO due to very large Kerberos ticket and the agent fallback to User/Password authentication. |
Anti-Malware | During upgrade, if Anti-Virus is enabled, all emails are stuck in MTA queue due to missing certificate. |
IPS | The "A general error has occurred" message is displayed when trying to change the IPS protection configuration in "MySQL -> General settings". |
Web Intelligence | In some scenarios, connectivity issues between Capsule Workspace and Security gateway. |
Web Intelligence | Potential memory leak due to "Out of state" HTTP response. |
SSL Inspection | Added support for custom extension used by Apple. |
Logging | In rare scenarios, when the Log server miscalculates the available disk space, it may stop receiving logs from the connected gateways and cause the logs to accumulate locally on the Security gateway.
Refer to sk146152. |
Logging | After two or more upgrades of a Security gateway / Security Management server / Log server or SmartEvent server, log maintenance fails to delete logs from older version. |
Logging | After Daylight saving time change, the logs from the time of change until the end of the day are not indexed and the "Illegal instant due to time zone offset transition (daylight savings time 'gap')" error is displayed in solr.elg file. |
Logging | After upgrade from R80.x to R80.20 GA, the pre-upgrade logs data will not be deleted according to the logs retention policy. |
Logging | In rare scenarios, due to a connection attempt failure to the Security Management, the Security gateway starts logging locally. |
Logging | When Security gateway is configured to send alerts only to a specific Log server, logs may be written locally on the gateway instead to be sent to the Log server. |
Logging | Added Threat Emulation forensic report in SmartView Log card. |
SecureXL | Memory consumption on Security Gateway increases after enabling NetFlow v9 in Gaia OS. Refer to sk118719. |
SecureXL | Concurrent connections monitoring can become inaccurate when "fw samp quota" rules are changed. |
SecureXL | In rare scenarios, Security gateway crashes when penalty checkbox is selected. |
SecureXL | In some scenarios, large number of incorrectly classified "simlinux_br_port: dev == NULL !!!" debug messages appear in kernel message logs. |
ClusterXL | In some scenarios, standby cluster member sends PIM Hello packets. |
VSX | In some scenarios, the cpd and fw_full processes stop working when the TDERROR debug flag is enabled. |
VSX | Traffic from a Virtual System in VSX Cluster to Security Management Server is dropped with "Local interface address spoofing" log.
Refer to sk110473. |
Gaia OS | CVE-2018-15473: Username enumeration is possible due to a premature bail-out while dealing with a malformed packet. The issue exists in several authentication protocols. |
Gaia OS | When using conv2db to recreate Gaia database from /config/active, comments are not skipped and the new database file may contain irrelevant information. Refer to sk139832.
Note: the issue is cosmetic only. |
Gaia OS | SNMPD process fails to send Coldstart on reboot. Coldstart is configured by threshold that can be too short comparing to the OS boot time. |
Gaia OS | Connectivity problem for 10 Gigabit fiber network interfaces (be2net driver) after upgrade from R77.30. |
Gaia OS | Added support for "/", "(", and "*" characters as part of the system message banner. |
Gaia OS | syslog messages forwarded to external Syslog server, do not contain the host name.
Refer to sk100727. |
Gaia OS | In some scenarios, snmpwalk reports false values of bond interface. |
Gaia OS | In some scenarios, sporadic timeouts occur during snmpwalk run. |
Gaia OS | Different LOM versions are reported in WebUI and Clish. |
VPN | After Cluster failover, VPN tunnel is down and "Unknown SPI for IPsec packet" log is shown. Refer to sk112339. |
