Support Center > Search Results > SecureKnowledge Details
Check Point R77.20 Known Limitations Technical Level

This article lists all of the R77.20 specific known limitations. 

This is a live document that may be updated without special notice. We recommend registering to our weekly updates in order to stay up to date. To register go to UserCenter > ASSETS / INFO > My Subscriptions.


Important notes:


Table of Contents

  • General
  • Installation and Upgrade
  • Security Gateway
  • Gaia
  • Security Management
  • SmartDashboard
  • Multi-Domain Security Management
  • Endpoint Security
  • Mobile Access
  • VPN
  • Cluster
  • SSL Network Extender
  • VSX
  • Appliances
  • Threat Prevention
  • Threat Emulation
  • URL Filtering
  • SmartProvisioning
  • Compliance
  • SmartView Tracker
  • Application Control
  • DLP
  • Virtual Edition (VE) Network Mode
  • SecureXL
  • Identity Awareness
  • SmartEvent / SmartReporter
  • Anti-Bot / Anti-Virus / Anti-Spam
  • IPS
  • HTTPS Inspection
  • Dynamic Routing
  • SNMP
  • VoIP
  • SmartView Monitor
  • CoreXL
  • SmartLog


ID Symptoms Integrated In
Reinstalling R77.20 Add-on through CPUSE (Gaia Software Updates) by clicking 'Reinstall' after it was previously successfully installed, can cause failure of the Deployment Agent's self-test.

Workaround: Reboot the system after reinstalling the Add-on.
01418009 Upgrade of the Endpoint Security Management Server to R77.20 with CPUSE sometimes fails. -
01425142 When you run cpstop on SecurePlatform OS, this error message can show incorrectly: "Updating of persistent storage failed: Invalid argument". You can safely ignore this error. -
Installation and Upgrade
01422537 If you uninstall the R77.20 Add-on, you must open a new shell and run "cpstop;cpstart" commands.
Refer to sk103407.
01419551 Before uninstalling the R77.20 Add-on from a Multi-Domain environment, you must de-activate it from all Domains. -
01424166 If Push Notifications were enabled on VS0 before an upgrade to R77.20, refer to sk101310 for instructions for enabling them on new Virtual Systems created after the upgrade. -
01432453 When upgrading to R77.20, if this message shows: "HFA upgrade is not supported with the current software version", continue with the instructions in sk101488. -
01421519 When upgrading RHEL to R77.20, start the installation process from the console connection only (not over SSH). Otherwise, plugin installation will fail. -

In-place upgrade of Multi-Domain Management / Multi-Domain Log Server from releases prior to R77 may fail due to missing disk space on root partition. In order to avoid this, refer to sk101589.

Note: The issue is solved on July 20, 2014 by replacement of Gaia Upgrade Package from R76 and R75.4x and SecurePlatform Upgrade Package for Multi-Domain from R76.

01423581 Before upgrading a Security Management Server on Windows OS, make sure all SmartConsoles are closed. -
01422033 The FTP Control Connection over VPN does not survive failover from the old cluster member (still running the previous release) to the upgraded cluster member (already running R77.20). -
01537825, 01538791 Viewing Machine Info during installation process causes crash.
Refer to sk104011.
Security Gateway
01433753, 01439099, 01445919, 01450548, 01459998, 01460566, 01462474 Security Gateway configured as Proxy occasionally stops processing all traffic..
Refer to sk102134.
01453522 When choosing the "Reset to factory defaults - R77.20" option, the following error appears: "Selected: Reset to factory defaults - Gaia R77.20 Error 15: File not found Press any key to continue...".
Refer to sk102438.
01409490, 01414575, 01450816, 01490344, 01492069, 01492561, 01493022, 01493551 Possible memory leak on Security Gateway when duplicate packets are received (e.g., during packet retransmission).
Refer to sk103077.
01458064, 01342859, 01355465, 01510959, 01519461, 01535250 "cp_ipaddrs:SIOCGIFCONF failed: Bad address" error when starting a user mode process under valgrind on Gaia OS 64-bit.
Refer to sk103768.
01573799, 01572187,
High CPU load caused by 'clish' daemon and 'confd' daemon after SSH session for non-local TACACS user has been expired/killed.
Refer to sk104579.
01504351, 01513713, 01523144, 01553674, 01571597, 01577996 Security Gateway might crash when working with Multi-Portal (Mobile Access portal, User Check portal, Identity Awareness portal, DLP portal, Gaia Portal).
Refer to sk104698.
01460867 ISP Redundancy fails over during policy installation when Anti-Malware blade is enabled.
Refer to sk102830.
01601692, 01603883 Security Gateway is unable to complete the boot after running the "control_bootsec -r" command
Refer to sk105137.
01466177, 01466794, 01539703 The fwd process crashes frequently. -
01488900, 01505055, 01491395 tcpdump command is not working when authenticating with RADIUS user, even if user is SuperUser.
Refer to sk105175.
01493992, 01536735 The vpnd process crashes frequently. -
01611509 cpconfig core file created after closing the SSH session while in CoreXL configuration screen. -
01519150, 01522004 cpstart fails to start processes if SSH session is disconnected.
Refer to sk105392.
01525172, 01529706 Mounting a directory using NFSv3 over IPv6 through Security Gateway fails because traffic is not matched to the relevant rule.
Refer to sk105843.
01522404, 01523490 Traffic does not pass correctly after ISP Redundancy fail-over when Gaia OS Cloning Group is used.
Refer to sk105864.
01637419, 01675312, 01677809 Some fields are missing in SmartView Tracker logs generated by a rule with URI Resource, in which "Optimize URL logging" was enabled.
Refer to sk106215.
In 1 out of 5 reboots, ISP Redundancy fails over to the Backup link instead of the Primary. -
01685162, 01686626, 01691851, 01692710 Connectivity issues through Security Gateway in Proxy mode due to an extra space in DNS Query sent by the Security Gateway.
Refer to sk106428.
01689739, 01751479, 01751874, 01751965 Misconfiguration of "Management" interface on Check Point Security Gateway causes outage
Refer to sk106447.
01694455, 01695011 Policy compilation error when installing Security Policy on R76 Security gateway.
Refer to sk106569.
High CPU consumption when polling SNMP OID "raIkeOverTCP" (
Refer to sk106504.
in.ahttpd process constantly consuming high CPU (100%), crashes and restarts.
Refer to sk106916
01734383 Security Gateway might crash in some scenarios when inspecting H.323 traffic.
Refer to sk107184.
01696483 Customized HTML pages for Legacy Client Authentication are not displayed.
Refer to sk106583.
01820423, 01820957 After applying sk98839, installing Security Policy on top of NGX R65 gateway failes with error: "unknown format local_sync".
Refer to sk107863.
01831524, 01835440 Policy installation / fetch fails, cluster is in down status due to sam.dat file corruption.
Refer to sk108315.
Unresolved Dynamic Object causes NAT rule matching to fail and packet drop.
Refer to sk109216
01910250, 01910653 After installing fw1_wrapper_HOTFIX_R77_20_T91_HF_963 build on Domain, its status in SmartView Monitor is shown as "Problem".
Refer to sk109350.
01931113, 01949193 SAM rules are occasionally not deleted in SmartView Monitor.
Refer to sk110157.
01619796, 01737680, 01829540, 01624428, 01727265, 01848066, 01743287, 01985335  Security Gateway does not load policy after reboot.
Refer to sk110560.
01680856 CPD process crash on Security Gateway during Anti-Virus update.
Refer to sk110684
01698657, 01698670, 01698705 HTTP/HTTPS traffic drop when Domain Object is configured
Refer to sk110687.
02001366, 02014218, 02002841, 02019862
Memory leak in CPD daemon when thresholds are enabled with "threshold_config" command.
Refer to sk111880.
01705016, 01723483, 01778440, 01710137, 01848363, 01707360, 01856715 Issues with traffic and with web pages when Security Gateway is configured in Proxy Non-Transparent mode.
Refer to sk106663.
Cannot connect to ftp from a Windows 10 client when DLP enabled. Refer to sk112822.  -
02275187, 02279192 Logs with resource only shown when track set to 'none' in URI resource rule.
Refer to sk112827
DNS NAT malfunction for IPV4 when parser encounters an IPV6 record in DNS servers answer.
Refer to sk121346
01426622, 01459776, 01459783

It is not possible to disable a Bond interface on Gaia OS:

  • In Gaia Portal, the "enable" checkbox of a Bond interface is greyed out (so it is not possible to clear this box)
  • "NMSETH0029 Interface Name_of_Bond state cannot be set to off, it can only be deleted" error in Clish when running the 'set interface Name_of_Bond state off' command.
Refer to sk102230.
01428668 After upgrade from SecurePlatform OS to Gaia OS on an Open Server, the LVM (Logical Volume Manager) is not installed. Thus, Snapshot Manager and LVM Manager do not work.
Refer to Scenario 5 in sk103397.
The cpbackup_util snapshot command is obsolete, do not use it in Gaia OS. Use the Snapshot Management or System Backup Gaia features. -
01434138, 01445642, 01492259 "syslogd: local sendto: Invalid argument" message in /var/log/messages file.
Refer to sk83160.
01518592, 01526067 NTP configuration does not work on Gaia OS after importing the converted SecurePlatform NTP configuration.
Refer to sk103746.

00267458, 01526068, 01539200

Gaia IP Broadcast Helper does not forward Directed Broadcast traffic.
Refer to sk103963.
01523950, 01524716 Backup from Gaia OS to FTP server fails if user name is defined as "Domain\User".
Refer to sk104105.
01530077, 01531603 Date stamp in the Gaia backup file changed from "DD_MM_YYYY_HH_MM" to "DD_MMM_YYYY_HH_MM".
Refer to sk104106.
01467555, 01468600 When running Clish command "show configuration", user is sometimes logged out from Clish / SSH / console.
Refer to sk113266.
01561217, 01561480, 01564882, 01566775 kipmi0 daemon consumes CPU at 100% on Gaia OS.
Refer to sk104316.
01482873, 01487355 Scroll stops working in Gaia Portal - 'Network Management' pane - 'Network Interfaces' page - inside the table with interfaces, if machine has multiple interfaces that are displayed on several pages.
Refer to sk102799.
01577790, 01578357 'syslog' daemon crashes after enabling 'Send Syslog messages to management server' in Gaia Portal.
Refer to sk113266.
01402294, 01402384, 01575332, 01417801, 01579916, 01580345 syslog messages forwarded by Gaia OS to an external Syslog server do not contain hostname or timestamp.
Refer to sk100727.
01615045, 01616545 The syslog server shows Year in the Hostname column when using fix from sk100727. This is caused by the timestamp field in syslog message not being formatted according to RFC 5424. -
01583793, 01584749 Clish crashes with Segmentation fault after running any 'show cloning-group ...' Clish command (e.g, 'show cloning-group members') on cluster members.
Refer to sk104885.
01515984, 01516394 NTP synchronization does not work when using FQDN of the NTP server instead of IP address.
Refer to sk104819.
01517800, 01520211, 01520218, 01520221
  • "Gaia Web-UI recognized a non-valid input data" error when adding SNMP Trap receiver in Gaia Portal
  • "NMSSNM002 Community names cannot contain spaces or special characters" error when adding SNMP Trap receiver in Gaia Clish.
Refer to sk107513.
01572680, 01574137 Wrong speed and duplex value is displayed when Auto-Negotiation is enabled.
Refer to sk105010.
01535073 Cron mailto settings are not displayed when running 'show configuration cron'.
Refer to sk105012.
01606631, 01607862 Gaia Portal 'New Scheduled Backup' page is displayed incomplete in Internet Explorer - not all options are visible in the section 'Backup Schedule'.
Refer to sk105244.
01549207 Cannot install R77.20 on Dell machine because installation process (anaconda) tries to utilize the USB flash drive as part of the disk space to format and install. -
01513530, 01513706, 01513535, 01513704 VMCORE dump file is not created during the crash in Gaia OS with 64-bit kernel on a machine that has more than 4GB of RAM.
Refer to sk103328.
01619301, 01619525 Temporary short traffic outage on Check Point appliance running Gaia OS when viewing and clicking one of the options in Gaia Portal - "Maintenance" section - "Hardware Health" page..
Refer to sk105563.
01622702, 01713997

Gaia OS syslogd daemon and Check Point syslog daemon can not run simultaneously on Security Management Server / Domain Management Server / Log Server on Gaia OS in the following scenario:

  • "Accept Syslog messages" is enabled in the properties of Management Server / Log Server object (SmartDashboard - object properties - "Logs" menu - "Additional Logging Configuration").
  • Gaia OS on Management Server / Log Server is configured to forward the received syslog messages to another Syslog server (Gaia Portal - "System Management" pane - "System Logging" - click on "Add" - enter the IP address of another Syslog server).
Refer to sk105580.
01621051, 01621272 "syntax error" when adding an interface to the redistribution of routes in Gaia OS.
Refer to sk105643.
01527601, 01529778 In the Gaia Portal - Network Management pane - Network Interfaces configuration, when editing a slave interface, which is shown on a different page from its parent Bond interface, the "IPv4" tab and "IPv6" tab are not grayed out (although they should be).
Refer to sk105839.
01667372, 01670966, 01668517 When password expiration period passes, the admin password expired along with passwords for manually created users.
Refer to sk106160.
01499739, 01500368, 01652671, 01658690 "syslogd" daemon crashes after reboot of Gaia OS.
Refer to sk103254.
01680532, 01686696, 01686824;
Random failovers in Gaia cluster with configured OSPF.
Refer to sk106407.
01689766, 01689882 Not able to log in to Gaia Portal anymore after running Clish command "show user <username> homedir".
Refer to sk106427.
01690654, 01692637 IPv6 static route in Gaia OS with "ping" option fails to send ping in a ClusterXL with IPv6 Virtual IP.
Refer to sk106572.
01611609, 01614716,
01695755, 01697615
  • When TACACS+ non-local user runs clish -c "some_clish_syntax" command from Expert mode (e.g., clish -c "show interface eth0"), the following errors appear:

    [Expert@HostName]# clish -c "some_clish_syntax"
    CLINFR0829  Unable to get user permissions.
    CLINFR0599  Failed to build ACLs.
  • When TACACS+ non-local user runs clish -c "some_clish_syntax" command from Expert mode (e.g., clish -c "show interface eth0") on VSX Gateway, the following error appears:

    [Expert@HostName:0]# clish -c "some_clish_syntax"
    CLINFR0220  User is not allowed to access any virtual-system.
Refer to sk105322.
01710460 The routes are not sorted are not sorted based on the IP address in Gaia Portal - "IPv4 Static Routes" page - "Gateways" column.
Refer to sk106747.
01708195, 01708998 "show asset network" command command does not display all installed cards on Check Point appliance.
Refer to sk106785.
01510241, 01788651, 01517283;
01525621, 01788708;
01708280, 01860789, 01787201;
01814633, 01860853, 01831464;
01827496, 01860903;
01818312, 01860924

Not possible to configure AES and SHA1 for SNMPv3 USM user on Gaia OS.

Refer to sk90860 - section "(IV-5) Advanced SNMP configuration - Configure SNMPv3 users to use SHA / AES authentication".

01710253, 01711169 Specific tunnel is not retrieved on first SNMP querying.
Refer to sk106788.
01711326, 01712799 Unable to add static ARP to a cluster with a VIP cofigured in a different subnet.
Refer to sk106790.
01700724 Random traffic outage when a fail-over occurs in 3rd party Cluster in the following topology:
[Check Point machine on Gaia OS / SecurePlatform OS] --- [3rd party Cluster, e.g., Citrix NetScaler cluster]
Refer to sk106852.
01687238, 01687427 Locally configured DNS Servers on Gaia OS are not restored after disconnecting from a DHCP Server. As a result, Gaia machine is not able resolve hostnames, which impacts the traffic.
Refer to sk107174.
01732379 "smartctl" command returns "Device does not support SMART" on Smart-1 225/3050/3150.
Refer to sk107187.
01689282, 01729926, 01733403

During policy installation, /var/log/messages file on Security Gateway shows the following Gaia Clish auditlog entries:

clish[PID]: user logged from admin
... ... ...
clish[PID]: User admin logged in with ReadWrite permission
clish[PID]: cmd by admin: Start executing : show interfaces ... (cmd md5: XXX)
clish[PID]: cmd by admin: Processing : show interfaces all (cmd md5: XXX)
... ... ...
clish[PID]: User admin logged out from CLI shell

Refer to sk107203.
01799770, 01802554 The show message banner command fails with Segmentation fault.
Refer to sk107522.
01790218, 01799658 Backup Schedule Name and Backup Type changed after joining Gaia Cloning Group.
Refer to sk107495.
01814751 "Warning! The configuration is not saved." in Clish when executing "reboot" / "halt" commands (after first login just after reboot).
Refer to sk107753.
01814732, 01814997 "Loading..." message is stuck in Gaia Portal when trying to open the 'Snapshot Management', 'System Backup' or 'Status and Actions' page after installing a Hotfix / Jumbo Hotfix.
Refer to sk111167.
01806258, 01817654 "snmpd" daemon occasionally consumes CPU at very high level on machine with several hundred interfaces.
Refer to sk110361.
  • Domain name (FQDN) that was configured in First Time Configuration Wizard does not appear in the /etc/hosts file on Gaia OS.
  • Not possible to add Domain name (FQDN) of hosts to the /etc/hosts file on Gaia OS.
Refer to sk110363.
Security Management

To get logs from a newly installed Security Gateway (Security mode or VSX mode):

  1. Install a Security policy on the Security Gateway.
  2. Install the database on the Security Management Server (Policy > Install Database).
01410326 Security Gateways with a Dynamic IP address cannot be part of a group that is included in the Source or Destination columns of the Security Rulebase. -

On a Security Management Server running on Linux OS, an FTP command sometimes results in an error: "Auth type not supported".

Workaround: Navigate to the /usr/bin/ directory and then run FTP commands.

01408654, 01433847, 01501001
  • During policy installation, SmartDashboard suddenly disconnects from Security Management Server / Domain Management Server. There are no error messages.
  • After the failed policy installation, Edge devices are not able to connect to this Service Center.
    Only after manual restart of SMS process resolves this issue.
  • FWM process and SMS process crash with core dump files during policy installation.
Refer to sk103118.
01583167, 01585256 Cannot delete license from the cpconfig menu - the "delete" button is always disabled.
Refer to sk104901.
01584694, 01584783 "install/uninstall has been improperly terminated" error when trying to Install Database.
Refer to sk104998.
01456672, 01456938, 01564902 GuiDBedit Tool crashes on every search.
Refer to ssk116863.
01477506, 01477815 Policy installation fails with the error "Operation failed, install/uninstall has been improperly terminated" because Remote Access rule contains Host/Network object in the "Source" column instead of the User object.
Refer to sk103918.
01492381, 01497899 Clicking "Management High Availability" in SmartDashboard shows 'Unexpected Failure' message.
Refer to sk103247.
01482837, 01487287 Policy installation fails when renaming category.
Refer to sk105174.
01475712, 01477031 FWM process frequently crashes on the Security Management Server. -
01522785, 01522914, 01683799, 01716154 FWM process frequently crashes due to memory leak on the Security Management Server (triggered when a Security Gateway with Dynamic IP address is monitored in SmartView Monitor and an IP address is changed on that DAIP Security Gateway). -
01619673, 01619868

Installing policy on R77.X Security Gateway(s) and UTM-1 Edge device(s) at the same time might fail during Policy Compilation with the following error:
cpp: line N, Error: Inside #ifdef block at end of input, depth = X
1 error in preprocessor

Refer to sk105488.
01574417, 01574682, 01579060 User is not able at some point to re-connect with any SmartConsole application to Security Management Server / Domain Management Server after working in SmartConsole applications (e.g., SmartDashboard) multiple times.
Refer to sk105860.
01655093, 01655258, 01812866 False alerts in SmartEvent GUI / SmartView Monitor about low disk space on Security Gateway.
Refer to sk106040
E-mail alerts are obfuscated, printing ****** instead of real information.
Refer to sk106430.
01684937, 01685396 Smartview Monitor crashes when opening FireWall History report.
Refer to sk106449.
01521197 The "veconfig" command shows only some of the configured clusters / shows Virtual Machines only from some of the configured clusters.
Refer to sk106742.
When fetch topology from Security Management, route that leads to logical interface as nexthop is ignored. Refer to sk106817 -
No Audit to the "Negate" of src/dst/svc when adding a new rule.
Refer to sk107257
01579686, 01606242 Threat Emulation Policy verification warning when install target is gateway cluster in bridge mode. Refer to sk110366. -
01391602 After upgrade, the 'Hardware' field in the appliance's object shows "Other".

Workaround: Manually select the correct Appliance model in 'Hardware' field.
01477749, 01477950

SmartEvent dialog box is empty when going to 'Application & URL Filtering' tab - clicking on 'Overview' pane - in 'Top Users' widget hovering with a mouse cursor over a user - clicking on 'More info...'.
Refer to sk102629.

01510936, 01513364 Pushing VSX Configuration to VSX Gateway running on 61000/41000 appliance fails.
Refer to sk102820.
01544699, 01545840 "Get Topology" in VRRP Cluster object on Gaia OS changes the "Network Objective" of interfaces from "Cluster" to "Monitored Private".
Refer to sk103957.
01581024 Unicode (e.g., Russian, Japanese, Chinese) letters are not displayed correctly in SmartDashboard (appear as question marks "?" or as gibberish).
Refer to sk95049.
01568021, 01583894

The following message appears in SmartDashboard when trying to delete a Satellite Gateway object from an IPsec VPN community:

MEP can only be configured on communities with more than one central gateway.
If you choose to continue, MEP will be disabled.
Are you sure you want to continue ?

Refer to sk104843.
01468010, 01471681 Object list category is changed when expanding node on objects tree.
Refer to sk105070.
01504663, 01506391, 01513691, 01523249, 01518667 Certain scenario of rules copy/paste causes rule UUID duplication.
Refer to sk103251.
01601860, 01602187

When trying to rename an Interoperable Device object, the following warning appears in SmartDashboard:

Rename is not allowed, as the object is a member of Remote Access
To rename object, uncheck Mobile Access from the Check Point
Software Blades, press OK, and reopen editor.

Refer to sk105159.
01459091, 01502815, 01459410 License expiration warnings regarding old licenses during policy installation.
Refer to sk105358.
01513225, 01614807, 01513368, 01515379, 01523347

"Installation failed. Reason: Load on module failed, failed to load security policy" error in SmartDashboard when installing policy from Security Management Server R77 (and above) onto Security Gateways R76 and lower.

Refer to sk33893.

01615214, 01618417, 01619083 Aggressive Aging Timeout is set to very large value and can not be changed in a user defined TCP/UDP service.
Refer to sk105418.
01629246, 01631748 Cluster objects have status "Not communicating" in "Overview" page of the DLP tab, although "cpstat" command shows that statuses are OK.
Refer to sk105782.
01645733, 01646003 Hotkeys do not work in SmartConsole Login Dialog.
Refer to sk105978.
01664842, 01666230, 01667491 Security Management Server that was configured to forward local log files to a Log Server without deleting them per sk106039, forwards all existing local log files instead of forwarding only the new log files that were created since the last scheduled forwarding event (i.e., also all those local log file that were already forwarded during the past scheduled forwarding events).
Refer to sk106039.
01668953, 01669484 When configuring Virtual Link in SmartDashboard, the End point combo boxes are blank.
Refer to sk106085.
01667415, 01667544 "The rule does not exist any more" error in SmartDashboard after clicking in SmartView Tracker on "Go to Policy" link in Application Control log, even though the relevant rule exists in the Application & URL Filtering Policy.
Refer to sk106197.
Cluster members are not deleted after canceling cluster modification.
Refer to sk106321.
SmartDashboard hangs when trying to view AD user's LDAP groups.
Refer to sk106312.
01687346 SmartDashboard Help incorrectly shows "You can assign up to 8 instances on a Virtual System"
(SmartDashboard - Virtual System object - "CoreXL" pane - click on "?" button in the upper right corner).
The correct number is up to 10.
"Get Topology" operation takes several hours.
Refer to sk106699.
01719070 Some buttons are grayed out in Threat Prevention profile "Anti-Virus Settings" when working with SmartDashboard in Read Only mode.
Refer to sk106935.
01927892, 01929317 SmartDashboard "Overview" pane shows wrong "Install Date" in "My Organization" widget (date is based on UTC without UTC offset).
Refer to sk109715.
01650224, 01662217 "First to connect" option does not work when adding second 1100 appliance.
Refer to sk110364.
Added warning to users on DB revision restore attempt when there are VSX objects in the DB.
Refer to sk110492
02024636, 02035668, 02028806, 02297587
Virtual System becomes unresponsive after adding a route and pushing VSX configuration.
Refer to sk110992.
Multi-Domain Security Management
01395379 On Linux OS installations, the IP address of the Multi-Domain Server must be defined in the /etc/hosts file before the Check Point products are installed. -
01279910 Domain Management Servers sometimes do not restart when running the mdsstart command. If this happens, run mdsstart -s command, to start each Domain Management Server sequentially. -

Sometimes, the R77.20 Add-on column does not show in SmartDomain Manager after the Add-on package is installed on the Multi-Domain Management Server.

Workaround: Restart the MDS processes. Run: mdsstop -s and mdsstart -s.


Sometimes, a new Domain cannot be created after the installation of the R77.20 Add-on.

Workaround: Restart the MDS processes. Run: mdsstop -m and mdsstart -m.

01446678, 01449567, 01450004 High memory usage of all Multi-Domain Management Servers in Multi-Site environment after R77.20 installation.
Refer to sk101830.
01523435, 01523571 Pushing VSX configuration fails with "Domain Management Server NAME_of_DOMAIN is not responding".
Refer to sk103616.
01471409, 01473195 Upgrading Multi-Domain Security Management Server from SecurePlatform OS to Gaia OS using CLI method ("patch add cd" command) repeatedly shows the following error:
"shell-init: could not get current directory: getcwd: cannot access parent directories: No such file or directory"
Refer to sk103843.
01536719 When installing Threat Prevention Policy from the Blade, it installs on all gateways regardless of explicit installation targets and different Threat Prevention Policies on the gateways.
Refer to sk104559.
01606313, 01606356 "mdscmd deletemanagement <Domain_Name> -i <IPv4_Address_of_Domain_Management_Server>" command might delete wrong Domain Management Server.
Refer to sk105172.
01473624, 01474743 FWM process in context of MDS consumes CPU at 100% on all Multi-Domain Management Servers / Multi-Domain Log Servers.
Refer to sk105139.
01475299, 01476322 SmartDomain Manager crashes when attempting to connect to Multi-Domain Security Management. R77.30
SmartDomain Manager shows that status of Domains is flapping between "Synchronized" / "Not Synchronized".
Refer to sk106313.
01574443, 01574669 Removing a local Domain policy from one Global Policy removes that local Domain policy from all other Global Policies.
Refer to sk105844.

"Unexpected error" pops up in the SmartDashboard when trying to connect to Primary Security Management Server after failover.
Refer to sk107176.

01810260, 01810362 The cma_migrate script deletes the source directory content when wrong path is used.
Refer to sk107647.
When adding a new CMA, the $FWDIR/conf/vip_index.conf file contains the wrong interface. Refer to sk108763. -
01949696, 01953607 Global services are not transferred to CMA / Domain when selecting "Assign all global objects" option in the "When assigning global policy" section.
Refer to sk26068.
01789471, 01825778, 01965868

FW process crash on CLM when running the "fw fetchlog" command.

Refer to sk110733.

Endpoint Security
01352465 The Endpoint Security Management Server (Endpoint Policy Management Blade) does not support IPv6. -
00673768 WOL (Temporary Pre-boot Bypass) fallback does not work on E80.40 FDE Mac OS X clients when enabled from script setting is active in policy. -
01403750 Remote Help server is supported only on Gaia OS. -
00673734 Temporary Pre-boot Bypass with scripts is not supported on Mac OS X. -
01426013, 01427071 Push operations fail if a permission profile contains push operations, but does not have policy views. -
01424519 If you select Menu > Manage > Endpoint Servers > Add/Edit object in SmartEndpoint GUI and then click on 'Cancel', the object disappears from the menu. You must refresh the SmartEndpoint GUI to remove this object when you install the database. -
01412604 You cannot define WebRH users in SmartDashboard. Instead, define them as WebRH accounts in SmartEndpoint GUI. You can use token login for these accounts. -
01432810 After deactivating the Endpoint Security Management blade, SmartView Tracker does not show the logs. -
01471620, 01471913, 01471913 If Visitor Mode port is changed, Endpoint Security VPN cannot establish site.
Refer to Scenario 3 in sk128652.
01480039 Cannot include digit 0 in port number when configuring Directory Scanner instance.
Refer to sk102658.
Mobile Access
01399938 The letters in a path for File Shares can only be English letters. -
01456061, 01463349 Kerberos authentication fails on Mobile Access Gateway.
Refer to sk102194.
01454984, 01455527, 01463441 Windows Domain specified in Single Sign On (SSO) configuration of File Shares applications is not enforced by Mobile Access
Refer to sk102307.
01459334, 01463070 HTTP Based SSO authentication fails to internal Web / Application servers if Single Sign On (SSO) is disabled in the application properties.
Refer to sk102308.

Uploading a large attachment with Outlook Web App 2010 sometimes fails.

To fix: Install the Microsoft patch on Windows Servers 2008 and lower.

01508210, 01508222 Mobile Access Blade option to change language in webmail is not working.
Refer to sk104001.
01611014, 01623277 Accessing Mobile Access Portal applications takes very long time.
Refer to sk105525.
01280843 Not able to open an attached file in Outlook Web App (OWA) while working in SecureWorkspace.
Refer to sk105866.
SNX [Network Mode] users unable to login to gateway and see "Authentication Failure" error message.
Refer to sk106299.
01689396 Web application requires double authentication.
Refer to sk106448.
01281738 Microsoft Word and Excel apps cannot be opened in SecureWorkspace.
Refer to sk107175.
01281764 Windows Authentication Credentials are cached in system and can be reused by other SecureWorkspace user.
Refer to sk107256.
01679094, 01866036 Mobile Access users do not receive push notifications if their usernames contain domain name.
Refer to sk108836.
01892881, 01892889, 01898695, 01898696 Push Notifications are not shown on handheld devices after failover in Mobile Access cluster.
Refer to sk109318.
deleteUserSettings command does not work.
Refer to sk110494
cvpnd core in failed authentication flow.
Refer to sk110495.
Web application that worked with R76 Mobile Access Blade, does not work with R77.20 Mobile Access Blade.
Refer to sk110497.
01511779, 01536687, 01556032 VPND daemon crashes every ~30 minutes on Security Gateway due to memory leak.
Refer to sk105841.
01381144, 01439006, 01534244 If MultiCore support for SSL is enabled, then SSL Network Extender roaming is not supported.
Refer to sk101223.
01376618, 01371231 If MultiCore support for SSL is enabled, then connections between SSL Network Extender clients are not supported.
Refer to sk101223.
01429354 If MultiCore support for SSL is enabled, then VoIP inspection over SSL Network Extender tunnel does not work. -
01414820 If MultiCore support for SSL is enabled, then Endpoint Security client licenses are sometimes counted incorrectly. -

If a Security Gateway is configured for NAT and belongs to a community with IKEv2, then the IKEv2 negotiation sometimes fails.

Workaround: Disable NAT for the IPsec VPN community.

01429190 When SecureXL is enabled, Security Gateways running Gaia OS that use trusted links for IPsec VPN will encrypt traffic, although encryption is not required on trusted links. -
01407500 IPv6 fragmentation does not work properly when SecureXL and VPN are enabled. -
00650516, 01452593, 01457701, 01287519, 01602903 IKE Phase 1 with DAIP device fails after IP address of DAIP device was changed.
Refer to sk101911.
01478729, 01479254, 01479380 "Failed to allocate an IP address" error when using IP Pool to assign Office Mode IP address. R77.30
01472346, 00267397 When SecureXL is enabled, traffic through the VPN trusted interface is sent encrypted instead of clear.
Refer to sk102742.
01546309, 01560344, 01547340 SmartView Monitor shows "no data" in tunnel information under "Tunnels on gateway" for R77.20 gateways using Traditional Mode VPN.
Refer to sk104103.
01493720, 01513252, 01551056 VPND daemon might crash during SSL handshake.
Refer to sk104474.
01395232, 01396707, 01532845, 01535285, 01556053, 01579042 The 'vpn tu' command shows the real IP address when using the command to show the tunnels, but when using one of the delete commands, it does not accept the real IP address to delete the tunnel.
Refer to sk100346.
01544048, 01554294 SmartView Monitor shows wrong community for SmartProvisioned Edges.
Refer to sk105140.
01474694, 01558870, 01559881, 01559938, 01580640, 01463675, 01559835, 01559883, 01559932, 01580632 Remote Access VPN clients are not assigned their static IP addresses configured in $FWDIR/conf/ipassignment.conf file, but from a general Office Mode IP Pool.
Refer to sk105162.
01503096, 01534743 "Accept all encrypted traffic" option does not work on VSX clusters.
Refer to sk105344.
01621521, 01622056 Security Gateway does not answer SSLv2 handshake.
Refer to sk105718.
01621111, 01621720, 01621973 Some VPN clients are not able to connect to Security Gateway because kernel table "ccc_sessions" fills up very rapidly.
Refer to sk105721.
SCEP replies are assumed to be using MD5 regardless of the hash algorithm used in the request.
Refer to sk106405.
VPN outage when SecureXL is on and peer uses Link Selection Load Sharing.
Refer to sk106698.
VPND CPU usage at 90-100% following policy installation.
Refer to sk109096.
If RADIUS user belongs to 15 or more runtime RADIUS groups, connect fails.
Refer to sk109336
01686368, 01686422, 01959400

IPv6 routing issue in Star community when VPN Routing is set to "To center, or through the center to other satellites, to internet and other VPN targets" (VPN Community properties - "Advanced Settings" - "VPN Routing"):

  • If IPv6 is enabled on the Center Gateway, then all IPv6 traffic will be sent through the Center Gateway
  • If IPv6 is disabled on the Center Gateway, then IPv6 traffic between internal networks will be dropped by the Center Gateway with "Clear text packet should be encrypted"
IPv6 Interoperable gateways converted to invalid IPv6 type.
Refer to sk110499.
02051695, 02084158, 02071852, 02074138
MSS value is not applied to IPsec VPN traffic, although MSS Adjustment (Clamping) for IPsec VPN traffic is enabled.
Refer to sk112094.
02702969, 02706012 Security Gateway accepts an other Diffie-Helman group then is configred.
Refer to sk122438
00508602 PPPoE interfaces are not supported as ClusterXL interfaces. -
01427700, 01427703, 01427694 Connectivity Upgrade does not support Threat Emulation, Dynamic Routing and IPv6. -
01427689 Mobile Access VPN connections do not survive failover during Connectivity Upgrade. -
01427685 Remote Access VPN sessions do not survive the failover during Connectivity Upgrade. -
01422954 During Connectivity Upgrade, FTP control connections with NAT do not survive failover from the old cluster member to the upgraded one. -

When traffic passes through a VSX in Bridge mode, a connection may fail after the failover to an upgraded member.

Workaround: Set the value of Forward Delay parameter for Bridge interface to 1 (one).
Refer to sk66531.

01368863 If a session authenticated with Identity Awareness is open when you start Connectivity Upgrade, the session is terminated. -
01421182, 01421557 If the members of a cluster are not installed with the same version, a local connection from the cluster member with the newer version cannot be opened. -
01580859, 01565007, 01564383, 01563234 When using PIM Sparse-mode with ClusterXL, if the Backup member is disabled via "clusterXL_admin down" and then re-enabled via "clusterXL_admin up", it is possible that the routing daemon on the Backup member will experience core dumps.
Refer to sk104847.
01506443, 01507676, 01526443 RouteD daemon on Gaia cluster consumes CPU at high level when Master quits.
Refer to sk103352.
01612772, 01614573 When running cluster debug "fw ctl debug -m cluster + df", the Destination IP address of a new connection is printed in network (reversed) order instead of host order.
Example (debug should have printed ;fwha_df_mod_lookup: new connection detected ; src= ; dst =;
01557456, 01567559, 01575580 Running fw fullsync with wrong arguments may cause it crash. -
01516713, 01546299, 01546302, 01547500, 01582543 RouteD daemon might consume CPU at high level on Standby / VRRP Backup cluster member running Gaia OS.
Refer to sk105863.
01544799, 01545225, 01644686 Some interfaces are missing in the output of "cpstat -f all ha" command on VRRP / OPSec cluster members running Gaia OS compared to the output of Clish command "show vrrp summary" and output of Expert command "cphaprob -a if".
Refer to sk105868.
01532706, 01536326, 01651492, 01653126, 01655747, 01656044 RouteD daemon might crash on Gaia VRRP cluster member if a fail-over is triggered on an interface with VLANs.
Refer to sk105957.
01664419, 01666863 Disabling "Check Point ClusterXL for Bridge Active/Standby" in "cpconfig" menu also disables the Monitor Interface Link State (MILS) feature (refer to sk31336) on ClusterXL member.
Refer to sk106213.
01664580; 01691035; 01690959; 01690976 Cluster members crash simultaneously when running kernel debug of Delta Sync and IPv6 traffic is passing through the cluster, which is inspected by IPS (PSL).
Refer to sk106571.
01415023, 01432373

State of R77.10 / R77.20 ClusterXL member changes to "Down" due to Critical Device "Interface Active Check" in the following scenario:

  1. Monitoring of the lowest and highest VLANs is enabled (default; fwha_monitor_low_high_vlans=1)
  2. A new VLAN is added on the ClusterXL member with VLAN ID, which is lower/higher than any existing VLAN ID
Refer to sk106776.
01651850, 01801408 Both the VRRP Master and VRRP Backup members in Gaia VRRP cluster respond to ARP Requests for Proxy ARP entries (configured per sk30197).
Refer to sk107614.
01621229; 01783925; 01861396 Traffic does not pass through ClusterXL with enabled VMAC mode and SecureXL.
Refer to sk105577.
01942734, 01943294 SmartView Tracker logs show that Active member drops PIM packets from Standby member due to address spoofing.
Refer to sk110015.
01615742, 01815508, 01615766 VRRP cluster member stops responding when queried over SNMP, or when SNMP Traps should be sent.
Refer to sk110355.
01659684  VRRPv3 multicast address removed from interface when a different monitored interface goes down. Refer to sk110417.
01602068, 01612382, 01622690  routed process crashes after restart and it starts into VRRP Cold Start Delay. Refer to sk110543. -
SSL Network Extender
01386596, 01353737

SSL Network Extender in Application Mode does not support applications that use IPV6 or IPV4-mapped IPV6 addresses. The default action for such connections is to go directly to the destination and not through the SSL tunnel even if its destination is in the encryption domain. To enhance security, you can change the default behavior of such connections to drop.

To do this, change the DWORD 32 registry key decimal value to:
11, HKEY_CURRENT_USER\Software\Checkpoint\SSL Network Extender\parameters\DropIpv6

Refer to sk97444.

When attempting to log in to SNX server, crash and see "Page cannot be displayed".
Refer to sk106419.
Application names containing special characters are not shown properly in SNX portal.
Refer to sk110493
01657585 Traffic latency on VSX Gateway if MTU larger than 4096 (Jumbo Frames) is configured on an interface.
Refer to sk110351.
01453316 Check Point VSX OID Branch can not be queried per Virtual System. The SNMP response contains the data from all configured Virtual Systems.
Refer to sk90860.
00892773 VTI interfaces are not supported in VSX mode.  -

To query a VSX Gateway / VSX cluster member over SNMPv2 / SNMPv3, the query should be sent to the VSX machine itself (context of VS0):

  • In DMI configuration:
    • In case of a single VSX Gateway, the SNMP query should be sent to the IP address of the DMI interface.
    • In case of a VSX cluster, the SNMP query should be sent to the physical IP address (of the DMI interface) of each cluster member.
  • In non-DMI configuration:
    • The SNMP query should be sent to the physical IP address of the external interface on the VSX machine.
Refer to sk90860.
01425422, 01436496

After a VSX cluster member is upgraded to R77.20 and rebooted, its cluster state changes to 'Ready' before all the Virtual Systems are up. This may lead to a failure during the failover.

Workaround: Make sure each Virtual System has restarted, before you continue with the rest of the VSX cluster upgrade and failover.
On each Virtual System run:

  1. cphaprob state
    Make sure the Virtual System is in Ready state.
  2. ps auxw | grep fwk
    Make sure that the fwk process started on the Virtual System.
01367090, 01436558

In VSLS, when a MGMT interface is disconnected from a cluster member:

  • Cannot install policy on Virtual Systems on the member with the disconnected Management interface
  • Active Virtual Systems on that member do not failover
01394245 The vsx_util change_mgmt_ip command works for IPv6 addresses only if the VSX Gateway / VSX cluster was configured with a DMI (Dedicated Management Interface). -
01456150 In SmartDashboard, it is not possible to select VSX Gateway itself as 'Next Hop Gateway' in 'Advanced Routing Rule':
  1. Open Virtual System / Virtual Router object.
  2. Go to 'Topology' pane.
  3. Click on 'Advanced Routing...' button.
  4. Click on 'Add...' button.
  5. When configuring a rule, VSX Gateway itself does not appear in the 'Next Hop Gateway' list (only other Virtual Systems / Virtual Routers appear).
01378000, 01436483, 01450417 If the Security Management Server also works as a DHCP server, then on VSX cluster DHCP does not work for Virtual Systems other than VS0. This is because traffic to Security Management Server is not hidden behind the Cluster VIP.

Workaround: Add the DHCP ports (67 and 68) to management_specific_ports_hide table.

01405956, 01450409 If you change number of CoreXL FW instances during a VSX cluster setup, the system Firewall Kernel can become unstable. If this occurs, the Firewall Kernel restarts automatically with the correct number of CoreXL FW instances. There are no known side effects and you can ignore the core dump file. R77.30
01398303, 01386502

Conversion of a Security Gateway to VSX mode fails when the Threat Emulation blade is enabled. An error message incorrectly says that Threat Emulation is not supported for VSX.

Workaround: Disable Threat Emulation blade before you start the conversion and then enable it when the conversion completes.

01459347, 01465758, 01465937 VSX Gateway intermittently stops passing traffic during high traffic load.
Refer to sk102310.
01455404, 01456722, 01471442 FWK process might crash when running the 'cpstop -fwflag -driver' command (e.g., when following kernel memory leak procedure sk35496).
Refer to sk102448.
00890032, 00894802, 00894832, 01547384, 01547534 cphaprob syncstat command on VSX cluster member with large number of Virtual Systems fails with "get_fwha_debug_from_kernel: ioctl failed. size is 2048: Invalid argument".
Refer to sk104059.
01585616, 01593962 SmartView Tracker logs from VSX cluster members are displayed with VSX Cluster VIP address in the "Origin" column when 'Resolve IP' option is disabled.
Refer to sk104886.
01537853, 01539535 SNMP request for Virtual System's SIC state "vsxStatusSicTrustState" (OID . returns wrong data.
Refer to sk104035.
01595170, 01595299, 01596203 When creating a new route in a Virtual System's object and checking the box "Propagate route to adjacent Virtual Devices (IPv4)", this route is propagated to other Virtual Systems even if such route already exists on those Virtual Systems. As a result, this route is duplicated in other Virtual Systems' routing tables.
Refer to sk105040.
01502814, 01510702 'vsx_util reconfigure' fails on VSX cluster with non-DMI configuration with Virtual Router.
Refer to sk105394.
01520879, 01523332 Output of 'vsx_util view_vs_conf' shows !NH (Next Hop Mismatch) for IPv6 interface routes.
Refer to sk105397.

State of Virtual System in VSX High Availability cluster changes to "Down" due to Critical Device "Interface Active Check" in the following scenario:

  1. Monitoring of the lowest and highest VLANs is enabled (default; fwha_monitor_low_high_vlans=1)
  2. VLAN with lowest VLAN ID was configured on one Virtual System "A" ("VS_A")
  3. VLAN with highest VLAN ID was configured on another Virtual System ("VS_B")
  4. VLAN was configured on Virtual System "A" ("VS_A") with VLAN ID, which is higher than any existing VLAN ID on Virtual System "B" ("VS_B")
Refer to sk106777.
01712482 Adding a static ARP entry in a Virtual System does not survive reboot.
Refer to sk106794.
01822081, 01823228, 01822102 All Virtual Systems with enabled SecureXL drop traffic with log "drop reason: Address spoofing" if these Virtual Systems and a Virtual Switch are connected to VLAN interfaces on the same physical interface / Bond interface.
Refer to sk107976.
01898071, 01918033 External networking commands (e.g., ping) executed in Clish by RBA user on VSX Gateway do not work correctly.
Refer to sk109972.
01942523 "kernel: VRF ERROR: Illegal parameters during call to sock_setsockopt()" error appears randomly in /var/log/messages file on Active member of VSX cluster with enabled Mobile Access blade.
Refer to sk111101.
00186960 Per Virtual System High Availability or Virtual System Load Sharing (VSLS) requires a physical interface connected to Virtual Switch.
Refer to sk36980
01573527, 01578223, 01612617, 01573714 "No License to Manage QoS UTM-1 Sites" error in SmartDashboard when installing policy on 1100 object after enabling QoS blade in 1100 object.
Refer to sk105838.
Threat Prevention
01575068, 01575106

Threat Prevention policy installation fails:

  • In SmartDashboard with "Compilation failed" error.

  • When manually loading the policy under debug, with these errors:

    amw_add_key: fread() failed
    amw_load: amw_add_key() failed
    amw_load_main: amw_load has failed
    main: amw_load_main() failed
Refer to sk105783.
01431595, 01471820 Threat Emulation file type statistics does not show the correct values in SmartView Monitor. It shows 0 instead of the real statistics. R77.30
01434059, 01445037, 01436435 Anti-Virus and Threat Emulation blades miss inspection.
Refer to sk101708.
01534587, 01550413, 01554630, 01562032 Security Gateway might crash when Threat Prevention "Fail Mode" is set to "Block all connections (Fail-close)".
Refer to sk104866.
01555675, 01558315 Traditional Anti-Virus blocks large file transfer over FTP with "Archive has exceeded the maximum allowed limits".
Refer to sk104224.
Threat Emulation
01472793, 01480487 Threat Emulation does not emulate the file, and the "File Name" field in Threat Emulation log (in SmartView Tracker) shows some garbage string instead of original file name.
Refer to sk105164.
01481725, 01487517

When name of file attached to e-mail is written in non-ASCII characters, it is displayed as "unsafe string" in received e-mail.
Refer to sk105164.

01480623, 01483130 "Email Subject" field in Threat Emulation log shows the ISO-2022 string instead of original e-mail subject when Mail Transfer Agent (MTA) is configured.
Refer to sk105164.
01696858, 01697082 "Email Subject" field in Threat Emulation log shows the ISO-2022 string instead of original e-mail subject when Mail Transfer Agent (MTA) is disabled.
Refer to sk105164.
URL Filtering
01448602, 01449446, 01450281 URL Filtering blocks HTTPS traffic with 'Internal System Error occurred, blocking request...' log when both 'Fail-close' and 'Categorize HTTPS sites' are enabled.
Refer to sk64162.
01612968, 01640299, 01652963, 01662822, 01670027, 01674403, 01675502 Random issues with HTTP web browsing - traffic latency increases, and at some point web browsing stops working.
Refer to sk64162 - scenario 2.
01439385, 01481655, 01481657, 01493586, 01493588, 01493594, 01495016, 01433683, 01462548, 01481652, 01493585, 01493587, 01493590, 01495015 Improvement in negotiation rate of HTTPS traffic through Security Gateway R76 and above.
Refer to sk103081.
01404671 If you add a UTM-1 Edge Gateway object, and edit it in SmartProvisioning to enabled provisioning, an "Error creating Provisioning Object ..." error message incorrectly shows. This occurs only when you create a UTM Edge Gateway object. You can safely ignore the message. -
01577599, 01577998 SmartProvisioning 'Link speed/Duplex' configuration is not applied correctly to the provisioned device.
Refer to sk104838.
01502519, 01502986 Firmware upgrade on Edge device using generic4_safe in SmartProvisioning fails.
Refer to sk105340.
01570785, 01571119 "File not found" error appear in SmartProvisioning when opening one of the UTM-1 Edge device objects, going to the "Backup" tab and clicking on "OK".
Refer to sk105413.
01518762, 01520311 Edge devices managed by SmartProvisioning connect to wrong VPN community after policy installation.
Refer to sk105683.
01458976 "Status: Pending" on 'Compliance' tab - 'Advanced' - 'Settings' view - section 'Engine Status' after enabling 'Session Description' and saving the settings.
Refer to sk102115.
01783122, 01783325 Compliance blade Regulations tab does not show any requirements.
Refer to sk107321.
SmartView Tracker
01481842, 01234636, 01234368, 01481914, 01234633, 01234630 SmartView Tracker "origin" filter does not works correctly.
Refer to sk102715.
Application Control
00267191, 01493069, 01495399 Amount of transmitted traffic in Application Control Accounting logs is much higher than the amount of transmitted traffic reported by the relevant outbound interface.
Refer to sk103071.
01604908 Certificate length sent from web server to Security Gateway exceeds maximum defined size.
Refer to sk105321.
01700242, 01706241, 01799186 Memory leak on heavily loaded gateway with Application Control / URL Filtering with UserCheck rules in the Security policy.
Refer to sk110362.
01705582, 01861525

UserCheck block page is not shown when some sites are blocked and HTTPS Inspection is on.

Refer to sk110689

01495884, 01496456 Security Gateway with enabled DLP blade might crash during DLP session.
Refer to sk103070.
01517177, 01280494, 01511668, 01530458, 01522782, 01530038 "DLP Recipients" field in DLP log contains truncated e-mail addresses.
Refer to sk103635.
01563293, 01570131, 01570138 DLP is not enforced on Korean language.
Refer to sk102548.
01598596, 01599198 cp_file_convertd process consumes high CPU and exits.
Refer to sk105039.
01605153, 01605266, 01605254 DLP fingerprint scan failure on Full HA cluster.
Refer to sk105157.
Virtual Edition (VE) Network Mode
01481843 TX/RX ringsize configuration via Gaia OS is not supported.
Refer to sk105382.
00568259 Only up to 2 virtual CPUs for the Security Gateway Virtual Edition can be configured. -
01501271, 01505007, 01506385 Output of "fwaccel stat" command shows:
Accelerator Status : off by Firewall (too many general errors (NUMBER) (caller: Name_of_Function)).
Refer to sk100467 (Scenario 2 - "Collision of partial connections in SecureXL due to SecureXL Optimized Drops feature").
01531963, 01532575, 01532628, 01532760 VSX Gateway might crash if SecureXL is disabled in the context of Virtual System 0 (VSX Gateway itself), but is enabled in the context of any other Virtual System.
Refer to sk103835.
01622390, 01622646, 01680791 Specific UDP traffic is dropped after upgrade to R77.20.
Refer to sk105581.
01560458, 01560789, 01561579, 01566368, 01567351, 01573268, 01573318 Security Gateway configured in Monitor Mode (per sk101670) with enabled SecureXL might freeze intermittently.
Refer to sk105842.
01557358, 01557500, 01558119, 01592593, 01605468, 01612306, 01613064, 01639751 Security Gateway with enabled SecureXL and passing multicast traffic crashes every several days.
Refer to sk105854.
01575253, 01544235, 01576518, 01578421, 01580830, 01605460, 01612309, 01633437, 01639728

SecureXL drops DNS packets in the following scenario:

  1. Drop Optimization is enabled in Security Gateway / Cluster object (per sk90861)
  2. DNS fast expiry feature is enabled (value of "delete_on_reply" attribute in the "domain-udp" service is set to "true")
Refer to sk105855.
01778058, 01745305, 01545578, 01605342 SecureXL sends the traffic with Destination MAC Address 00:00:00:00:00:00.
Refer to sk107436.
01585371, 01809152, 01585371 Security Gateway with enabled SecureXL and IPSec VPN blade might crash when traffic passes over VPN tunnel.
Refer to sk107912.
01620339, 01626384, 01712188 SecureXL is automatically enabled on DAIP Gateway and it is not possible to disable it.
Refer to sk110356.
01701468, 01714208

TCP traffic is dropped with "TCP packet out of state: First packet isn't SYN; tcp_flags: SYN-ACK" log in SmartView Tracker in the following scenario:

  • Security Gateway is configured in Bridge mode
  • SecureXL is enabled
  • Application Control blade / URL Filtering blade is enabled
Refer to sk109735.
02045079, 02046045 Traffic outage after a fail-over between Virtual Systems in VSLS Bridge Mode when SecureXL is enabled.
Refer to sk111635.
Identity Awareness
01518127 Access to web sites fails with multiple "Internal System Error" logs from Application Control / URL Filtering.
Refer to sk103423.
01474286, 01474579, 01474449, 01487885, 01511858, 01515006, 01515116, 01513787 AD Query does not update user groups when a change is made on the Active Directory Server to user groups.
Refer to sk102656.
01539450, 01541152 "Multiple account units are using the same Domain name" warning appears during security policy installation.
Refer to sk104248.
01500409, 01569426, 01502027 Identity Awareness does not properly identify RADIUS user with name in "user@domain" format.
Refer to sk106133.
01474077, 01555626, 01494408, 01474405 The PDPD process crash when sending log on MUH authentication.
Refer to sk105069.
01505808, 01506056, 01556019 VPN clients authenticated by RADIUS protocol are not mapped to Access role.
Refer sk105173.
01553174, 01553863, 01554012, 01569537 Identity Awareness RADIUS Accounting clients are not assigned their specific user-defined RADIUS Message Attributes.
Refer to sk105786.
01620753, 01320209, 01476558 Transparent authentication sometimes fails on Captive portal.
Refer to sk105678
01576852, 01579812, 01683565;
01603880, 01692019, 01607850;
01604573, 01605489
Security Gateway might crash when Identity sharing and Application Control rules (with access roles) are configured.
Refer to sk106420.
01726535 Regular Expressions do not work to exclude users from Identity Awareness AD Query.
Refer to sk107156.
01467812, 01468456 Identity Awareness Agent disconnects with no apparent reason after some time of operation when Kerberos SSO is defined, but Kerberos authentication fails (or not working).
Refer to sk107155.
01711454 MUH user randomly is not able to reach any resources, although Terminal Servers Identity Agent shows that MUH user was authenticated and a list of TCP/UDP ports was defined in the Terminal Servers Identity Agent.
Refer to sk107192.
SmartEvent / SmartReporter
01577697, 01577791

evs_backup command sometimes fails with the following messages:

Postgres service is down, starting postgres
Failed to start postgres service. Please check backup.err for detailed errors

eva_db_backup.csh fail
error has occurred. evs_backup will stop

Refer to sk104839.
01581394, 01581791 A new consolidation database table does not appear in SmartReporter GUI - 'Database Maintenance' tab - 'Tables' tab.
Refer to sk104842.
01608053, 01610190 SMTP blocking 'HELO localhost' message for SmartEvent reports sent by mail.
Refer to sk105279.
01497273, 02370708 "ERROR: duplicate key value violates unique constraint "seam_event_XXX_pkey"" in $RTDIR/log/cpsemd.elg file.
Refer to sk105185.
01572885, 01573246 SmartReporter fails to generate report for selected hours with "ERROR: syntax error at or near ','LINE 1: SELECT MOD(((EXTRACT(HOUR FROM , SUM(...".
Refer to sk105840.
01654100, 01654409 Origin field is missing from the event raw log.
Refer to sk106043.
01664681, 01666486 Domains and their objects are missing from report filters in Global SmartEvent GUI (only Global objects are shown).
Refer to sk106212.
Suspicious mail links cause database error messages in SmartEvent.
Refer to sk107173.
01939566, 01940591, 01940456, 01940535 SmartEvent R77.20 / R77.30 stops showing new events occasionally due to failure to get the valid license when checking the contract.
Refer to sk110016.
Anti-Bot / Anti-Virus / Anti-Spam
01477760, 01549918

Security Gateway fails to fetch new IntelliStore feeds.
Refer to sk102649.

01550919, 01559846, 01572451 Downloading Anti-Virus Database updates fails when Security Management server is down.
Refer to sk105409.
01602329, 01611607, 01611620, 01611875, 01611951, 01613024, 01613027, 01613028 Amount of consumed memory constantly increases on Security Gateway with enabled Anti-Virus blade.
Refer to sk105565.
01666523, 01685521, 01691680 in.emaild.mta process crashes when overloaded with Anti-Spam block.
Refer to sk106240.
01655335 CPU load and traffic latency after activating Anti-Bot and/or Anti-Virus blade on Security Gateway (especially for complex traffic like CIFS, NFS).
Refer to sk106062.
01477760, 01549918;
01560077, 01560814, 01637414, 01638207

IPS Exception with Protection ANY does not work.
Refer to sk117397.

01547935, 01563277, 01575572 When transferring a large file via FTP, the fw_worker process consumes 100% CPU.
Refer to sk105411.
01536673, 01541460 "The TCP off-path sequence protection was not found" error pops up when trying to add an exception for specific IPS protection.
Refer to sk105414.
01563743, 01573877, 01579105 When IPS rejects HTTPS traffic (TCP port 443), the 'Attack Information' field in SmartView Tracker logs is empty.
Refer to sk105784.
01657311, 01666931 IPS protection "Malicious IPs" does not work on Virtual Systems.
Refer to sk21534.
01606982, 01623159  When uploading an eicar file, it is not always detected / blocked by the gateway by Anti-Virus and SSL inspection. Refer to sk110564. -
HTTPS Inspection
01500893, 01500980 HTTPS Inspection allows SSLv3 even if it is disabled. R77.30
01827198, 01779781, 01732856, 01980269, 01815535 HTTPS traffic is not routed according to Policy Base Routing (PBR) when HTTPS inspection is enabled.
Refer to sk110690.
Dynamic Routing
01468506, 01470238, 01509815, 01509726, 01509822 RouteD asserts on VTI interface with OSPF configured on it.
Refer to sk105163.
01469537, 01500556, 01546059, 01507020, 01582572 Following failover routeD sends Hellos with no DR/BDR.
Refer to sk105169.
01465741, 01500540, 01507018, 01582569, 01616094, 01616296 RouteD daemon on Gaia OS might crash when working with OSPF.
Refer to sk103508.
01602475, 01626418 When running "ifdown <interface_name>", RIM routes are removed. However, when running "show route" in Clish, these routes are still visible.
Refer to sk105527.
01628483; 01305272; 01361988; 01786202; 01786888 RouteD daemon might crash when BGP is configured on Gaia OS
Refer to sk105698.
01539457, 01546505, 01567556, 01577303 Time stamps in RouteD traces on Gaia OS are printed only with seconds, which makes troubleshooting harder.
Refer to sk105852.
01517292, 01528918, 01567485, 01575577 Random flapping of OSPF neighbors on Gaia OS.
Refer to sk105865.
01520048, 01528920, 01567491, 01577304, 01577887 Not possible to configure the maximal number of OSPF packets processed at once by RouteD daemon on Gaia OS.
Refer to sk105870.
01714924, 01717601 Security Gateway / Cluster randomly stops forwarding the IGMP traffic.
Refer to sk106858.
01733929, 01738188 PIM SM: multicast traffic received on an interface, which is in non-DR, but assert winner state is not processed by Security Gateway
Refer to sk107186.
01732299 Static route / Default route is deleted and not added back on Standby cluster member after disconnecting and reconnecting a cable.
Refer to sk107185.
01778857, 01783081 Security Gateway on Gaia OS with configured Dynamic Routing and ECMP might freeze when an interface is added/removed.
Refer to sk107418.
01809754, 01809755; 01646795, 01646796 PIM neighbor refresh is slow on Check Point Security Gateway / Cluster after neighbor PIM router failover (it takes noticeable time for multicast traffic to recover).
Refer to sk107595.
01823191 Adding/changing an IP address on a VRRP interface causes the BGP connections on that VRRP interface to restart.
Refer to sk107977.
01829722, 01830835 OSPFv3 (over IPv6) inter area routes are not distributed to backbone area by Security Gateway on Gaia OS.
Refer to sk108157.
01464764, 01829565, 01702566 OSPF might break upon fail-over in cluster on Gaia OS.
Refer to sk108655.
01872610 Confederation group type is selected automatically when working in WebUI.
Refer to sk108952
01677491 On VSX Gateway, Static routes are stuck in the Kernel after ROUTED process restart.
Refer to sk111619.
02272759, 02281536, 02279276 Some eBGP routes are advertised with the source IP address of BGP peer as the next-hop, instead of the next-hop configured in routemap.
Refer to sk112834.
Static routes with ping enabled reset ping count on configuration change. Refer to sk113454 -
01509785, 02083430, 01518596, 01518594, 01696761
RouteD daemon on Gaia OS / IPSRD daemon on IPSO OS might crash when processing PIM-DM traffic.
Refer to sk113622.
02358179, 02361256, 02358189 Loss of PIM state during failover and failback in ClusterXL High Availability on Gaia OS, or VRRP cluster on Gaia OS / IPSO OS.
Refer to sk113623.
01447246, 01487646, 01487644, 01447660, 01447913 Incorrect source IP address returned in SNMP.
Refer to sk105138.
01583464, 01583510, 01584275 SNMP counters for "packets rate" / "throughput" show incorrect values - . and .
Refer to sk104882.
01530562, 01534523, 01579063 SNMP v1 query on port 260 (via CPSNMPD daemon) for Check Point OIDs (. returns "Wrong Type (should be INTEGER): Counter32".
Refer to sk105178.
00622297, 01600895, 01601136, 01604485, 01618271 When continuously querying SNMP OID "ifInUcastPkts" (., sometimes the next returned number is less than the previous returned number.
Refer to sk105562.
01455870, 01666037, 01456126, 01555587 Gaia OS / SecurePlatform OS: SNMP Response for OID . ( is "Active" from all members of R77.20 ClusterXL High Availability mode.
Refer to sk106291.
01703064 SNMP OID vsxCountersConnTableLimit (. returns wrong value on VSX if IPv6 is enabled.
Refer to sk106736.
01616096, 01619159 SIP Call Transfer stopped working after upgrade to R77.20.
Refer to sk105564.
SmartView Monitor
01626242, 01626310 E-mail alerts from SmartView Monitor arrive with MIME boundary headers "_NextPart_...".
Refer to sk105578.
01785739, 01786408 "In traffic rate" on TCP connections is "zero", accelerated by SecureXL when selecting the "Use only external interfaces" option in SmartView Monitor "Traffic" view.
Refer to sk107353.
01532511, 01532943
  • IPv6 traffic does not pass through Security Gateway with configured CoreXL IPv6 FW instances.
  • Kernel debug ('fw ctl debug -m fw + drop') shows that IPv6 traffic is dropped by CoreXL SND:
    ;[cpu_X];[fw6_X];fw_log_drop_ex: Packet proto=58 ... dropped by fwmultik_dispatch_outbound Reason: No instance (outbound);
Refer to sk93000.
01646298, 01647109 SmartView Tracker does not show successful log in or log out Audit logs for SmartLog Client.
Refer to sk105881.
01963673, 01963806 smartlog_server process occassionally crashes with core dump files. -
This solution is about products that are no longer supported and it will not be updated

Give us Feedback
Please rate this document