cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Employee+
Employee+

R80.20: New Jumbo Hotfix (Take 43) On-Going Release

Hi,

 

A new Ongoing Jumbo Hotfix Accumulator take for R80.20 (take 43) is available. Please refer to sk137592

Resolved Issues:

Product

Symptoms

Security Management

Values updated in resourceProfiles files to handle high CPU utilization for "Java" process (described in sk123417) are not resistant and get overridden after Jumbo Hotfix Accumulator installation or backup/restore or export/import procedures.

Security Management

Running the fwm sic_reset command from CMA fails with "reset_objects: updateMultiple failed". Refer to sk142512

Security Management

Once user performs any change to his configuration, the Compliance blade performs a partial scan and calculates the relevant Best practices. During this scan, exceptions of relevant objects for these Best practices are deleted. Meaning, if previously obj1 was excluded from applying Best practice #1, during partial scan obj1 will be relinked to Best practice #1. 

Multi-Domain Management

After new Domain creation, logs from this Domain are not seen in SmartConsole. 

Multi-Domain Management

Upgrade of the Primary Multi-Domain Server from R80.10 fails when its Global Domain is in Standby mode. Refer to sk143892.

Multi-Domain Management

CPView is not supported on Multi-Domain Security Management environments. 

SmartConsole

"Synchronization with Check Point UserCenter" feature displays "Synchronization with Check Point UserCenter requires a valid license." warning message even though all licenses are valid. 

SmartConsole

If administrator updates his details (e.g. name, phone, email) and tries to publish the session, it fails with "Internal error" message.

  • After Jumbo HFA installation, the session cannot be published or discarded and any further update will fail. 

SmartConsole

When using Global VPN Community with permanent tunnel gateways list (matrix / permanent tunnel gateways), upgrade from R7x fails.

SmartConsole

"Error: SIC initialization failed because of failure in parsing the certificate file" error when user attempts to log in with certificate to API (mgmt_cli) with password including "!".

SmartConsole

Web API show-package fails if the package was installed on a cluster member which is already deleted. Refer to sk144132

SmartConsole

Attempt to update Threat Emulation images fails with "Could not send Threat Emulation images update command, validate SIC connectivity and install policy with Threat Emulation enabled for [name]" message.

SmartConsole

The existing regulation is not updated and appears as "EU Data Privacy" instead of "GDPR".

Security Gateway

Traffic is dropped when using non-FQDN Domain object in Security policy. 

Security Gateway

Added support for NAT on payload of H323 packets when different IP addresses are used for payload and control.

Threat Emulation

Added ability to update Threat Emulation file types in an offline environment.

HTTPS Inspection

When HTTPS Inspection is enabled and "Hide X-Forwarded-For in outgoing traffic" option is selected, the XFF header is not obfuscated on HTTPs traffic.

Identity Awareness

In some scenarios, Identity Agent fails to authenticate using Kerberos SSO due to very large Kerberos ticket and the agent fallback to User/Password authentication. 

Anti-Malware

During upgrade, if Anti-Virus is enabled, all emails are stuck in MTA queue due to missing certificate.

IPS

The "A general error has occurred" message is displayed when trying to change the IPS protection configuration in "MySQL -> General settings".

Web Intelligence

In some scenarios, connectivity issues between Capsule Workspace and Security gateway.

Web Intelligence

Potential memory leak due to "Out of state" HTTP response.

SSL Inspection

Added support for custom extension used by Apple.

Logging

In rare scenarios, when the Log server miscalculates the available disk space, it may stop receiving logs from the connected gateways and cause the logs to accumulate locally on the Security gateway.
Refer to sk146152.

Logging

After two or more upgrades of a Security gateway / Security Management server / Log server or SmartEvent server, log maintenance fails to delete logs from older version. 

Logging

After Daylight saving time change, the logs from the time of change until the end of the day are not indexed and the "Illegal instant due to time zone offset transition (daylight savings time 'gap')" error is displayed in solr.elg file. 

Logging

After upgrade from R80.x to R80.20 GA, the pre-upgrade logs data will not be deleted according to the logs retention policy. 

Logging

In rare scenarios, due to a connection attempt failure to the Security Management, the Security gateway starts logging locally.

Logging

When Security gateway is configured to send alerts only to a specific Log server, logs may be written locally on the gateway instead to be sent to the Log server. 

Logging

Added Threat Emulation forensic report in SmartView Log card. 

SecureXL

Memory consumption on Security Gateway increases after enabling NetFlow v9 in Gaia OS. Refer to sk118719.

SecureXL

Concurrent connections monitoring can become inaccurate when "fw samp quota" rules are changed. 

SecureXL

In rare scenarios, Security gateway crashes when penalty checkbox is selected.

SecureXL

In some scenarios, large number of incorrectly classified "simlinux_br_port: dev == NULL !!!" debug messages appear in kernel message logs.

ClusterXL

In some scenarios, standby cluster member sends PIM Hello packets.

VSX

In some scenarios, the cpd and fw_full processes stop working when the TDERROR debug flag is enabled.

VSX

Traffic from a Virtual System in VSX Cluster to Security Management Server is dropped with "Local interface address spoofing" log. 
Refer to sk110473

Gaia OS

CVE-2018-15473: Username enumeration is possible due to a premature bail-out while dealing with a malformed packet. The issue exists in several authentication protocols. 

Gaia OS

When using conv2db to recreate Gaia database from /config/active, comments are not skipped and the new database file may contain irrelevant information. Refer to sk139832
Note: the issue is cosmetic only. 

Gaia OS

SNMPD process fails to send Coldstart on reboot. Coldstart is configured by threshold that can be too short comparing to the OS boot time.

Gaia OS

Connectivity problem for 10 Gigabit fiber network interfaces (be2net driver) after upgrade from R77.30. 

Gaia OS

Added support for  "/", "(", and "*" characters as part of the system message banner. 

Gaia OS

syslog messages forwarded to external Syslog server, do not contain the host name. 
Refer to sk100727

Gaia OS

In some scenarios, snmpwalk reports false values of bond interface.  

Gaia OS

In some scenarios, sporadic timeouts occur during snmpwalk run.

Gaia OS

Different LOM versions are reported in WebUI and Clish.

VPN

After Cluster failover, VPN tunnel is down and "Unknown SPI for IPsec packet" log is shown. Refer to sk112339.

Thanks!

Release Management Group

Tags (3)
1 Reply

Re: R80.20: New Jumbo Hotfix (Take 43) On-Going Release

How do we find out more information about the symptoms fixed by "

SSL Inspection

Added support for custom extension used by Apple.

I tried logging a support ticket but didn't receive any additional information.

I am used to things like Cisco Bugtraq that gives usually good info to help you determine if a fix applies to the problems you are experiencing.

Thanks

Pedro

0 Kudos