Check Point R77.20 Resolved Issues

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk101211
Technical Level
Product	All
Version	R77.20
Date Created	03-Jul-2014
Last Modified	27-Jan-2020

Solution

This article lists all of the issues that have been resolved in R77.20.

Important notes:

To see if an issue has been fixed in other releases, search for the issue ID in Support Center.
For more information on R77.20, see the R77.20 Release Notes, R77.20 Home Page and R77.20 Known Limitations. You can also visit our Firewall and VPN Blades forum or any other Check Point discussion forum to ask questions and get answers from technical peers and Support experts.

Table of Contents

General
Upgrade
Security Gateway
ClusterXL
Gaia / SecurePlatform
Dynamic Routing
Identity Awareness
Anti-Malware
UserCheck
Application Control
URL Filtering
IPS
DLP
Threat Prevention (Anti-Bot / Anti-Virus / Threat Emulation)
Internal CA
Mobile Access
SSL Network Extender
SecureXL
Security Management
Multi-Domain Security Management
SmartDashboard, SmartView Tracker and SmartView Monitor
SmartEvent / SmartReporter
SmartProvisioning
SNMP
QoS
VPN
VSX
Compliance Blade
VoIP
Endpoint Security Unified Management
CoreXL
Appliances
IPSO
HTTPS Inspection

ID	Symptoms
General
01404337, 01408283	On SecurePlatform, some static routes configured on an interface are deleted when using the 'eth_set' command to set speed/duplex on that interface to 'autoneg'. Refer to sk100988.
01369132, 01395955	Clean install from USB device fails on Check Point Appliance because the installation process (anaconda) includes the USB installation media as part of the installation target. Refer to sk100566.
Upgrade
01375792	"`Check Point SmartEvent Client experienced a serious problem and must close immediately...`" when trying to connect with SmartEvent GUI to SmartEvent Server for the first time after upgrade to R77.10. Refer to sk98878.
Security Gateway
01322955, 01323223, 01323225, 01339025, 01404871	Specific traffic is dropped by Security Gateway, although it should be accepted by the relevant security rule because in FireWall rulebase, the Service may be evaluated before evaluating the Source or the Destination. Refer to sk97876.
01202691	TCP SACK (Selective Acknowledgment) option is not supported with IPS protection 'ISN Spoofing'.
01364112, 01366286, 01366291	RTSP '`SETUP`' request packets are dropped by Security Gateway. Refer to sk99114.
01354607, 01360314, 01359114, 01360313, 01361087, 01368930, 01375852, 01384279, 01384850, 01399125, 01399635, 01402104, 01402197, 01402236, 01402238, 01402247, 01404673, 01405817, 01413670	Enabling URL Filtering blade and Application Control blade might cause Security Gateway to hang. Refer to sk99027.
01322060, 01345585, 01345586, 01345587, 01391617, 01442718, 01463778	Manual Client authentication unexpectedly fails when connecting to the Security Gateway on port 900.
01361721, 01363508	SMTP transparent proxy does not work with NAT when CoreXL is enabled. Refer to sk98730.
01366133, 01373298, 01383099	Memory leak when using Client Authentication on port 259. Refer to sk98966.
01371145, 01373299, 01383102; 01371146, 01373300, 01383104	SmartView Tracker shows logs about Client Authentication although '`Successful Authentication Tracking`' is set to '`None`'. Refer to sk98966.
01322325, 01323049, 01340776, 01372400, 01376344, 01455920	VPN and/or NAT traffic between accelerated and non-accelerated interfaces, or between non-accelerated interfaces, is not allowed.
01336864, 01352515, 01353560, 01353561	ARP table on Security Gateway is cleared after policy installation (which causes traffic outage). As a result, policy installation progress shows "success" even if it failed when running the '`fw fetch local`' command on Security Gateway.
01380461, 01382310	Syntax error in the output of fw ctl affinity -l.
01391750, 01392406. 01386379	Syntax error during policy installation after upgrade to R77. Refer to sk100197.
01400226, 01399995, 01400636, 01417154, 01401303, 01400439, 01400003, 01400042, 01401879, 01384130, 01417966, 01417401, 01412347, 01418494, 01402060, 01400443, 01400606, 01400044, 01400624, 01382860, 01400018, 01400441, 01423125	Security Gateway might become unstable after an upgrade to R76 / R77 / R77.10. Refer to sk100431.
01393071, 01383424	When running the fw pstat command, negative values are shown for fragments.
01401585, 01407075	The in.ahttpd process consumes CPU at high level when working with Websense. Refer to sk100787.
00900938, 00465321, 00826456, 00756312, 00493578, 01233665, 01205224, 00556489, 00466319, 01380209, 00520464, 01298159, 00466318, 01293982, 01145500, 00744959, 00733322, 01267217	Manual Client Authentication with ACE server (RSA tokens) fails randomly because in.ahclientd daemon is stuck due to ACE services. Refer to sk97473.
01399192, 01399049	"IPv6 is not compatible with Drop Templates. Please make sure that IPv6 is not enabled on Security Gateway" false warning is generated when installing Security policy. Refer to sk100489.
01384154, 01407376, 01407752, 01408686	When malformed DHCP relay packet arrives, Security Gateway drops this packet and stops the connection. But then the next NOT malformed packet that arrives is also dropped on the same connection. Refer to sk100233.
01347637, 01352509, 01355809, 01355861, 01357797, 01359052, 01359339, 01396359, 01407277	Every few weeks, the firewall suddenly loses all Proxy ARP entries. Output of fw ctl arp command returns "No proxy arps found". Refer to sk98740.
01375562, 01376256	Executing 'fw sam' command refreshes timeouts of all entries in the Connections Table. Refer to sk99066.
01320745, 01338315, 01344610, 01360229, 01360918, 01360919, 01372939, 01372940	When SCCP video conference is initiated, the VoIP phone hangs with "Connection to server lost, temporary error". Refer to sk98836.
01402038, 01402476, 01432001, 01402472, 01402588	If the database is large and has many rules with domain objects, Domain Object rules are bypassed.
01388808, 01395285, 01413258, 01419870	In Load Sharing Unicast mode cluster with ISP Redundancy enabled, TCP connections to the cluster Virtual IP addresses fail.
01394743, 01423889, 01393444, 01433745, 01424374	SSH session to an IP address defined on a VLAN interface fails. Refer to sk101120.
01426202, 01460773	Security Gateway under high traffic load might freeze after several days of uptime. Refer to sk102190.
01426872, 01467589; 01427791, 01471887	Security Gateway might crash when available memory is low. Refer to sk102719.
01292768, 01310693, 01310694, 01310695, 01310695; 01305054, 01310696, 01310697, 01310698, 01310698	'`fw sam`' command fails to process the SAM rule with "`sam: Name_of_GW_Object (FW_Index/FW_Total) ... failed 'Syntax of SAM rule' processing`" error. Refer to sk97306.
ClusterXL
01373809	Connectivity Upgrade is not supported for 3rd Party clusters.
01354819, 01361433, 01361435, 01364125, 01407594, 01426889, 01430677	SmartView Monitor randomly shows the state of a 3rd party cluster member (e.g., VRRP) as "Active attention". Refer to sk98698.
01346966, 01351988, 01351990, 01369718, 01372574, 01382138, 01421084	When ARP reply packets received by the Active member are forwarded to other members on non-Gaia gateways, connectivity issues may arise on some Layer 3 devices connected to the cluster, for example on Cisco ACE load balancer. Refer to sk98417.
01101309, 01295443, 01323188, 01323304, 01347032, 01385102, 01400575, 01405365, 01431662, 01433263	Output of 'cphaprob syncstat' command does not show any peers: '`IDs of F&A Peers - None`' . Refer to sk98167.
01317978, 01339635, 01342581, 01344714, 01402655	Some IPv6 pings are lost in the following IPv6 topology (ICMPv6 "Neighbor Advertisement" Type 136 packets are dropped due link collision): Host_1 on Net_1 --- ClusterXL High Availability with IPv6 --- Host_2 on Net_2 where: IPv6 address of Host_1 is NATed to an IPv6 address on Net_2 IPv6 address of Host_2 is NATed to an IPv6 address on Net_1 Refer to sk98075.
00927546, 01392636, 01415314, 01417159, 01421988	After change of member state in R77.10 cluster on Gaia OS, Proxy ARP configuration from the $FWDIR/conf/local.arp file is lost. Refer to sk98853.
01371278, 01381638, 01407798, 01429238, 01449315, 01455215	Pings sent by Standby cluster member consume a large number of NAT high ports. Refer to sk99108.
01382069, 01312678, 01382133	Output of the cphaprob state command shows "none" instead of Sync IP address. Refer to sk98701.
01343146, 01344075, 01344079	Cluster debug message "FW-1: fwha_check_confirm: X machines did not confirm my state (<STATE>) yet;" might be misleading. Refer to sk98202.
01341828, 01342888, 01342890, 01375740, 01352765, 01376129	Traffic outages and routing table drops in ClusterXL High Availability in Primary Up configuration. Refer to sk98168.
01402180, 01461361	ClusterXL member with enabled HTTP/HTTPS Proxy might crash while internal client downloads a big file through the HTTP proxy. Refer to sk102714.
01111297, 01320815, 01322895, 01322900, 01382195, 01405958	Port flapping on the switch, to which the Synchronization interfaces are connected of three and more ClusterXL members. Refer to sk95150.
01361034, 01361390, 01361391, 01453256	Maximum limits of concurrent connections do not match on members of Full HA cluster. Output of "fw tab -t connections" command on the Primary member of Full HA cluster shows the maximum limit of concurrent connections as "unlimited". Refer to sk98697.
Gaia / SecurePlatform
01092980, 01094857, 01094858, 01322316, 01342118, 01380501, 01401142	Incorrect netmask displayed in Clish when running show interface command.
01323619, 00265675, 00265808	When an IPv6 routing command is entered twice, the IPv6 address is not formatted correctly.
01363876, 01371042, 00266018, 01396279	RouteD daemon crashes with core dump file during cluster failover when RouteD tries to delete the ClusterXL listen task that has not finished yet. Refer to sk104222.
01292823, 00266184, 01381941, 01393900, 01457952	RouteD daemon crashes with core dump files when Dynamic Routing manager goes down and up. Refer to sk100203.
01318867, 01369738, 01321216, 01374588	Zombie process 'cciss_vol_status' appears on HP Open Server running Gaia OS. Refer to sk97857.
01321363, 01336243, 01360976, 01363927, 01364356, 01370330, 01373098, 01377079, 01401249, 01422203	/var/log/messages file on Gaia OS gateways repeatedly shows: modprobe: FATAL: Could not open '/lib/modules/2.6.18-92cpx86_64/kernel/net/ipv6/ipv6.ko'. Refer to sk95222.
01349373, 01349246, 01349371, 01360255, 01412845	Core dump files are not compressed on Gaia OS after upgrading from SecurePlatform OS. Refer to sk98341.
01364855, 01365145, 01365146, 01372380, 01374186, 01375344, 01379853, 01393166, 01394331, 01412840, 01418719, 01450060, 01473986	After reboot of Gaia OS, some interfaces are named as 'ethX_rename'. Refer to sk97446.
01351038, 01351124, 01351126, 01395397, 01412667	Gaia clishd daemon becomes unstable and might crash with core dump file. Refer to sk98329.
01306241, 01320769	Update timezone data to tzdata2013g.
01204771, 01294031, 01294032, 01433846	Installation fails because of missing PCI table records.
01319366, 01321433, 01370011	Gaia Clish command '`show rba role monitorRole`' shows that built-in 'monitorRole' can run extended command, which it is not allowed to. Refer to sk98115.
01373478, 01373679, 01404998, 01418898, 01451667	SCP backup on Gaia OS fails when user password greater than 16 characters. Refer to sk100215.
00981634, 00982105, 00982109, 01118403, 01180913, 01185614, 01187940, 01202762, 01206740, 01219314, 01219703, 01255374, 01261375, 01271946, 01273207, 01292302, 01301033, 01342212, 01345877, 01352316, 01358795, 01364807, 01372387, 01380304, 01386106, 01403739, 01430676, 01446912, 01456174	The following messages appear in /var/log/messages file: "`syslogd: sendto: Invalid argument`" "`syslogd: sendto: Bad File Descriptor`" "`syslogd: sendto: Connection refused`" "`syslogd: write: Connection refused`" on R77.10 Refer to sk83160.
01406839, 01407599, 01464194	'cpstat os -f sensors' command does not show the hardware sensors information on some Open Servers. Refer to sk102193.
01377392, 01379912, 01418601, 01419376	RouteD daemon terminates on Gaia OS after enabling IPv6. Refer to sk98863.
01321667, 01323048, 01361452, 01365127	"`KERPHY0069 Static Arp IP instance does not belong to any existing subnet`" error in Clish when running "add arp static" command on VSX gateway. Refer to sk98852.
01373582, 01399427, 01378428, 01373903, 01463118	RADIUS users with UID=0 and /bin/bash as the default shell, receive UID=96 and do not get the permissions to execute Check Point commands
01395337, 01395366	Clish crashes when logging in to Expert mode from Clish. Refer to sk113266.
01377096, 01377305	Gaia backup does not collect files from $CVPNDIR/conf/ directory. Refer to sk99079.
01455461, 01455632	Gaia backup on VSX R77.10 machine does not collect the contents of $CVPNDIR directory. Refer to sk102027.
01395540, 01395748	Unable to add VLAN in Gaia Portal when interface is not on the same page. Refer to sk100538.
01319366, 01321433, 01370011	'show rba role monitorRole' command shows that built-in '`monitorRole`' can run extended command that are not allowed for the role. Example: # show rba role monitorRole You can find the following line: read-only-feature ext_cphastop. Refer to sk98115.
00266007, 00266009, 00266071, 00266277	Redistributing interface routes in Gaia Portal from an interface with capital letters in its name (e.g., "Mgmt", "DMZ") fails - only the static routes are exported. Refer to sk99067.
01382318, 01382397, 01423823, 01440537, 01475757	Clish or Gaia Portal might become unresponsive. Refer to sk100174.
00265904, 00265905, 01323107	The IPv6 router discovery page in the Gaia Portal shows the 6-in-4 tunnel interface option. This is not a valid option.
01323103, 00265906, 00265907	In the Gaia Portal (Advanced Routing > IPv6 OSPF), if you select a 6-in-4 tunnel for OSPFv3 an incorrect syntax error message shows.
00265760, 00265682, 01319704	In Gaia Portal in VRRP6 section, it is possible to configure a virtual router without a valid link local address. This causes RouteD daemon to crash.
00265909, 01323097, 00265908	In Gaia Portal in VRRP configuration, selecting 6in4 or 4in6 tunnel interfaces causes many syntax error messages.
00265915, 01348919, 00265812	Enhancement: If Gaia Portal -> OSPF -> 'Election Priority' value is deleted, it is reset to default, which is displayed in the Gaia Portal.
01337071, 01360875, 01360833	After connecting to an ISP, the PPPoE Interface in the Gaia Portal is still shown as "`Connecting`".
01430768, 01428654, 01400536, 01243892, 01361459, 01430732	After upgrading the Gaia OS, querying the SNMP OID 'SysObjectID' returns a specific appliance model instead of "generic Linux system".
01349748	An interface Rx/Tx ring size parameter modified in the Gaia Portal does not survive reboot. Refer to sk100626.
01381429, 01386313, 01381179	RADIUS user connects with UID 96 although UID 0 is configured, and not able to run any command. Refer to sk98958.
01323125, 00265902, 00265683	When you define a 6-in-4 tunnel interface as an outgoing interface for an fe80 address, a syntax error appears.
01286240, 01289153, 01289155, 01289156, 01302544, 01320932, 01352385, 01363913, 01396455, 01409261, 01417079, 01426966, 01430143, 01438582, 01463990; 01319377, 01319795, 01319796, 01363914, 01364339, 01369651, 01396470, 01409247, 01417082, 01438584, 01463992	Intermittently, non-local TACACS user is not able to login: CLINFR0829 Unable to get user permissions. CLINFR0599 Failed to build ACLs. /var/log/messages file shows: User not logged in. He has no configured role. Refer to sk97409.
01148068, 01149572, 01149573, 01149574, 01187282, 01407570	'`Scheduled Backup`' in SecurePlatform WebUI does not work. Refer to sk92747.
01360794, 01377768, 01398924, 01418165, 01449155, 01471854	Security Gateway might crash when setting MTU of 9000 and above on a Bond interface. Refer to sk99113.
01346327, 01346375, 01346679, 01346680, 01350141, 01372665, 01372988, 01378331, 01381375, 01381376, 01381377	Gaia OS configured as NTP client responds to NTP queries from hosts. Refer to sk98287.
00935189, 00935303, 01075844, 01090386, 01160985, 01180805, 01186421, 01342226, 01456153; 00956291, 00956369, 01082333, 01105026, 01186598, 01342210, 01456165; 01399215, 01401007, 01452067, 01475275, 01595558, 01597357, 01599477	/var/log/messages file on Security Gateway running Gaia OS and SmartView Tracker logs from Security Gateway running Gaia OS repeatedly show the following messages about Hardware Sensors: Several times per second in /var/log/messages file: `xpand[PID]: Sending request to System Interface xpand[PID]: The max bit is 0 value is 0 max is 0.000000 xpand[PID]: The min bit is 0 value 0 min is 0.000000` Every minute: `xpand[PID]: Note: no Name_of_Sensor sensors` Refer to sk79140.
Dynamic Routing
01355732, 00265618, 00265619, 00267091	In a cluster configured for PIM SM, RouteD daemon crashes with core dump files on the Standby member.
00265664, 00265671, 00265953, 00265999, 00266288, 00266364, 00266656, 01367471	After a neighboring router restarts, a Security Gateway running OSPF with Graceful Restart Helper fails to re-establish adjacency status with the neighbor. The state shows as 'DOWN' instead of 'FULL'.
01322077, 01322763, 01322765, 01322766, 01440852	When using '`aspath-prepend-count`' in routemap for BGP, the prepend count is not exported to the BGP peer. Refer to sk101789.
00406474, 00264022, 00266212, 00266273, 01223750, 01140690, 01176722	OSPF routes are lost after a long period of time from a cluster member on SecurePlatform OS. Refer to sk92997.
01375782, 01382255; 01374376, 01382252	RouteD daemon becomes unstable on Gaia ClusterXL when the 'ping' option is set on a static route. Note: If the nexthop does not respond to the pings, RouteD daemon can still become unstable in certain scenarios. Refer to sk99025.
00777831, 01401071, 01400572	RouteD becomes unstable, when OSPF and RIP are enabled, and RIP code handles non-RIP routes.
01350372, 01370331	When exporting Static/Direct/RIP routes into OSPF without a routemap, or when not configuring automatic or manual tag, tag value is set to an unexpected value in the uninitiated variable in that function. Refer to sk98415.
00265919, 00265305, 00265745	Enhancement: Gaia Portal and Clish reject non-local addresses for the bootstrap-candidate field in PIM configuration.
01319770, 01360831, 01360867	Clish command "show route ospf" was modifed to include the tag field in the output.
01382407, 01382560, 01382407	Various PBR commands end with "Invalid gateway address" error. Refer to sk99124.
00265918, 00265829, 00265306	The CLI command for PIM candidate-rp accepts any non-local IP address as a local address.
Identity Awareness
01323615, 01323845, 01323856, 01323859	Custom MSI package for Identity Awareness Multi-User Host Agent (Terminal Servers Identity Agent) requires to enter credentials during the installation, although it should contain pre-shared secret. Refer to sk97879.
01336133, 01336588, 01371398	Identity Awareness Agent fails to connect after a reboot on Windows XP SP3.
01360356, 01362304, 01362305	PDP Advanced rulebase configuration is not saved when creating a custom Identity Agent.
01363794, 01363810, 01363812	If a permission script is run with the 'username' option, where the user belongs to more than one SID, the script throws an exception.
01322219, 01342540, 01346299, 01346300, 01346301, 01346386, 01350554, 01355824	In Check Point '`Identity Agent - Distributed Configuration`' tool - go to '`Server Configuration`' pane: Add default rule Add at least 2 additional rules Edit one of these rules Inside the rule, all the fields are empty, but when clicking on OK, the the Identity Server's IP address appears correctly in '`Identity Server`' column Refer to sk101894.
01322471, 01322911, 01322912, 01322913, 01336551, 01363705, 01376783	Mobile phone users are logged out from Captive Portal every several minutes during web surfing. Refer to sk97868.
01338036, 01354354, 01354355, 01399652, 01399685	Identity Agent crashes randomly. Refer to sk98426.
01342598, 01370423, 01370424, 01370427	In "Identity Agent - Distributed Configuration" window, when changing a regular rule from the middle of the rule base to be a 'default' rule, the list displays the rules incorrectly. Refer to sk98206.
01350837, 01352695, 01353620, 01353766	When an LDAP group is nested in another LDAP group, and the parent group is used in an 'AccessRole', users in the nested group will not be identified as part of the parent group and will not be assigned to this '`AccessRole`'. As a result, enforcement based on this '`AccessRole`' (within Firewall, Application Control, etc. policies) will be incorrect. Refer to sk98328.
01364961, 01373957, 01366849, 01372531	Identity Agent is disconnected from Security Gateway, and it takes a long time to reconnect. Refer to sk99030.
01362283, 01363268, 01363270, 01432221, 01439398, 01456751, 01460002	HTTP connections for TCP services with non standard HTTP ports (e.g., port 5555, instead of port 80 or port 8080) are not redirected to Captive Portal. Refer to sk99030.
01339379, 01354358, 01354359, 01399654, 01399710	Roaming does not reactivate after Identity Agent disconnects and then reconnects.
01342605, 01346287, 01346288, 01346298	In Check Point '`Identity Agent - Distributed Configuration`' tool - go to '`Server Configuration`' pane: When editing a default rule, radio buttons for '`IPv4 Range`' and '`AD Site`' are available and can be selected. However, after clicking on OK, the changes are not applied. '`Subnet Mask`' for '`IPv4 Range`' can be assigned an invalid value (e.g. 1.1.1.1). '`AD Site`' can be assigned empty. Refer to sk99014.
01353767, 01355483, 01355484, 01398550	PDP daemon might crash when PEP daemon disconnects from it. Refer to sk98526.
01341104, 01354356, 01354357, 01368947, 01399655, 01399725	Identity Agent roaming is not activated on hosts with Windows Vista or later versions.
01349619, 01351284, 01351285, 01357977, 01362696, 01457006	PDP daemon crashes with core dump files after upgrading to R77. Refer to sk98342.
01349850, 01408224, 01408077	When configuring the Microsoft NPS (Windows RADIUS Server) with RADIUS accounting, this causing the "RADIUS packets are not parsed correctly" error message by parsing Vendor-Specific attribute, where data was changed from one value to multiple values.
01383383, 01382233, 01382918	Kerberos Authentication timeout for Browser-Based Authentication. Refer to sk100168.
Anti-Malware
01369179, 01316402	Firewall drops DNS Queries when the AD Bit is set (1) - RFC allows it. RFC 6840 (DNSSEC) section 5.7 (Setting the AD Bit on Queries). Refer to sk97730.
01371645, 01364092, 01365030, 01421751, 01369833, 01361489, 01367220, 01369323	Check Point Online Web Service failure. "Refer to sk74040 for more information" log appears repeatedly in SmartView Tracker when Anti-Virus or Anti-Bot or both are enabled. Refer to sk98717, sk95827, sk98285 and sk96192.
UserCheck
01396595, 01396692, 01397545, 01398410, 01404169, 01404182, 01404184, 01404197	Random traffic outages when UserCheck is enabled on Security Gateway. Refer to sk100505.
Application Control
01382637, 01383002, 01410612	Application Control Blade does not block some TCP over DNS applications. Refer to sk99044.
01425390, 01456120	Security Gateway with enabled Application Control blade might crash after resetting SIC in '`cpconfig`' menu and exiting from '`cpconfig`' menu. Refer to sk102121.
URL Filtering
01422411, 01377452, 01379645, 01405849, 01396795, 01404287, 01362385, 01414498, 01366990, 01402500	URL Filtering drops the traffic with an "Internal Error" log. Refer to sk98743.
IPS
01370016, 01371192, 01381780	PPTP GRE connections are not deleted from Connections Table when IPS inspection for PPTP is enabled. Refer to sk100201.
01404684, 01405875	The IPS Global exception is not enforced by the "Non Compliant DNS" protection. It is enforced by other protections.
01371106, 01371106, 01369029, 01373092, 01373146, 01373340 , 01373341, 01374176, 01374992, 01375066, 01379576, 01380064, 01380537, 01380654, 01380694, 01380904, 0138129 , 01407054	Some protections do not work for specific HTTP evasions. Refer to sk98814.
01341601, 01345469, 01352653, 01356253, 01356256, 01377944, 01379164, 01379826, 01379870, 01381145, 01384008, 01392357, 01392855, 01399478, 01402849, 01415574, 01426888, 01470230	Traffic rate is decreased significantly when assigning any IPS profile other than 'Default_Protection'. Refer to sk92527.
01367531, 01375276, 01375404, 01375414, 01375713, 01375715, 01375716, 01380512, 01511033	IPS protection "TCP Off-Path Sequence Inference" drops TCP "RST" packets with "ACK" value 0. Refer to sk104640.
DLP
01407930, 01409377, 01410583, 01465357	Memory consumption on DLP Gateway constantly increases when SMTP / HTTP inspection is enabled. Refer to sk102211.
Threat Prevention (Anti-Bot / Anti-Virus / Threat Emulation)
00522494, 00532012, 00668652, 00858519, 00861495, 00875802, 00899420, 01145587, 01383108, 01383190	FTP connection in Passive Mode does not work after configuring Anti-Virus Blade to scan FTP traffic. To enable the fix, set the value of kernel parameter '`fw_ftp_allow_double_parenthesis_termination`' to 1. Refer to sk45085.
01377195, 01379692, 01468191	Security Gateway with enabled Anti-Virus blade might crash during Anti-Virus scan of a file transferred over File Share (Common Internet File System, CIFS). Refer to sk102488.
01380688, 01467858	Security Gateway with enabled Anti-Virus blade / Anti-Bot blade and policy 'Action' set to 'Prevent' might crash under high load. Refer to sk102489.
Internal CA
01323357, 01343905, 01346144, 01346145, 01362289, 01427578	ICA Tool does not show '`Expired`' status for expired certificates (certificates still appear as '`Valid`'). Refer to sk101049.
Mobile Access
01344463, 01356902, 01374713, 01400844	Mobile Enterprise clients get disconnected and must relogin after enabling Hostname Translation (HT) on Mobile Access gateway. Refer to sk98199.
01346097, 01347184, 01353120, 01347202, 01381192	When accessing Outlook Web Access (OWA) through the Mobile Access Portal, this message shows: "Error: Access Denied. The format or content of your request has been detected as invalid or unsafe (400)." Refer to sk98215.
01351290, 01353108, 01356928	When you upgrade a VSX Gateway from R77 to R77.10, before enabling the Mobile Access Software Blade, it is necessary to install an upgrade package on the VSX Gateway. Refer to sk98352.
01054881, 01363324	Secure Network Extender fails to resolve DNS through proxy.
01322353, 01322920, 01322922, 01377737	When a browser sends a cookie that it got from another page on a different port, the Mobile Access gateway does not recognize the cookie.
01365409, 01365508	Multiple Authentication Schemes with certificate not enforced correctly on Check Point Mobile VPN clients. Refer to sk98592.
01365190, 01392800	Enhancement: Improved /cvpn/Scripts/sendsms script.
01410021, 01410492, 01422633, 01433800	Link Translation fails to translate HTML pages with correct content type. Refer to sk101076
01353168, 01353697, 01353705	Links with Unicode Hexadecimal encoding are not translated by Mobile Access Path Translation (PT). Refer to sk98976.
01386027, 01391576	When using the SSL Network Extender inside a Secure Work Space, after 10 minutes it stops working.
01373378, 01374229, 01377765, 01420441, 01455351	Citrix StoreFront main page is not loaded through the Mobile Access. Refer to sk100322.
01396169, 01398504	If Simultaneous Login Prevention (SLP) is enabled, the SharePoint session disconnects after you open a Microsoft Office document.
01206850, 01207032, 01207033, 01207466, 01367463, 01463847	SNX client is rejected with "`Access denied - wrong user name or password`" error in Mobile Access Portal when trying to change the password. Refer to sk95026.
01426823, 01427362, 01427363, 01469797, 01470830	Mobile Access Portal might become unstable if an authenticated user sends a password that contains Extended ASCII characters (e.g., euro €). Refer to sk102487.
SSL Network Extender
01363323, 00544011	SSL tunnel will sometimes terminate on failure to send data.
01207032	"Access denied - wrong user name or password" error when using password with special characters.
SecureXL
01005615, 00262552, 00262768, 00263066, 00263390, 00263494, 01025284	Endpoint client fails during policy installation when SecureXL is enabled.
01379842, 01383740, 01384330, 01405757, 01407753, 01412661, 01429733	Some pings are lost when passing through Security Gateway with enabled SecureXL. Refer to sk99112.
01407414, 01409468	SecureXL sends ICMP Fragmentation packets even if the DF flag is off.
01383940, 00266263	SecureXL gets disabled automatically after upgrade to R77.10. Refer to sk99041.
01405942, 01398592, 01398302, 01418762, 01421012	The output of fwaccel stat command shows: Accelerator Status : off by Firewall (too many general errors (Number_Larger_than_10) (caller: cphwd_offload_drop_templates)) Refer to sk100467 (Scenario 1 - Number of elements in kernel table 'src_ranges_list' exceeds the limit).
01407353, 00266535, 00266599, 00266601, 00266763, 01414222, 01438463, 01438902	SecureXL drops UDP connections with "Dropped Traffic: dropped by handle_outbound_pac, Reason: connection not found". Refer to sk101134.
01403403, 01407248, 01412797, 01429528, 01433211	SmartView Monitor shows incorrect traffic amounts when SecureXL is enabled. Refer to sk101107.
01336995, 00265456, 00266019, 00266053, 01341519, 01364424, 01364425, 01365920, 01399776	IPS protection "Sequence Verifier" drops legitimate packets when SecureXL is enabled. Refer to sk98830
01269753, 01289912, 00266020, 00266120, 00266148, 01289911, 01289913, 01504572, 01521559	Traffic sent over VPN tunnel does not reach its destination because SecureXL does not start fragmenting the packets. Refer to sk98070.
01337381, 00266060, 00266160, 00266427, 00266654, 00266716, 01551843	Security Gateway with enabled SecureXL might crash when available memory is low. Refer to sk102719.
Security Management
01368104	In SmartView Tracker, DLP email log, if you select Send, this message shows: "This action is only supported on gateways that are version R75.20 and higher".
00949658, 01339246, 01339247, 01339252	Memory leak in FWM daemon.
01381866, 01386063, 01395376	FWD daemon might crash under debug.
01340456, 01340731, 01340734, 01346077, 01393797, 01413728, 01426136, 01448520, 01453279	Policy Verification takes very long time and eventually times out. Refer to sk98106.
01361034, 01361390, 01361391, 01453256	When converting Standalone to Full HA there are 2 parameters that are not "transferred" to members from the cluster member. Refer to sk98697.
01338842, 01340526, 01340527	Policy installation in SmartDashboard connected to Secondary HA Management Server fails with "`No License to Manage QoS UTM-1 Sites`" error. Refer to sk98097.
01378687, 01380213	Login to SmartLog with a Global Manager username (from SmartDomain Manager) fails with: "The connection to Multi-Domain Server has been refused because the database could not be opened".
01047516, 01366704, 01368761	When policy is installed from Secondary Management server, Endpoint Connect fails with error 'OM: xxxx tried to connect, but you have reached the number of purchased licenses'.
01192796	If Enable drop optimization feature is enabled in an R76 Security Gateway object (SmartDashboard -> R76 Security Gateway Properties -> Optimizations pane), policy installation can fail on R76 Security Gateway.
01360844, 01362223, 01362224	The $CPDIR/tmp/ directory is filled with 'file...' files. Example: [Expert@HostName]# ls -l $CPDIR/tmp/file* ... -rw-rw---- 1 admin root 771506 Jan 13 13:01 /opt/CPshrd-R77/tmp/fileR5LELI -rw-rw---- 1 admin root 904722 Jan 13 13:25 /opt/CPshrd-R77/tmp/fileRcK0nz -rw-rw---- 1 admin root 240090 Jan 13 13:25 /opt/CPshrd-R77/tmp/fileRfA9jP Refer to sk98567.
01391939, 01392258	Policy installation becomes unstable when Application Control or URL Filtering blade is enabled.
01400327, 01419340, 01400566, 01400243	Management HA status changing from Synchronized to Lagging approximately every two hours. Refer to sk100555.
01406724, 01407013	The fwm logexport command fails with 'Error: Failed to read field FollowUp' after enabling Anti-Virus / Anti-Bot blades. Related to sk91620.
01402368, 01402165	"License allows only a single Virtual System" error message during policy installation. Refer to sk100463.
01407810, 01410109, 01419951, 01433897, 01436598	In a Management HA configuration, when changing the rulebase and saving it, the audit log record for the automatic sync shows an incorrect client IP address.
01368631, 01371531, 01427548	Resource field shows "`* Confidential *`" in Application Control / DLP logs on 3rd party LEA OPSEC client when using Permissions Profile. Refer to sk101570.
01415906, 01456935	FWD daemon crashes on Security Management Server / Domain Management Server with core dump file when creating new Security Gateway objects with Identity Awareness blade. Refer to sk102120.
01349964, 01352693, 01352694, 01396070, 01404453, 01413833, 01421334, 01453206	SmartView Tracker does not display any logs when filtering in '`Origin`' column by Security Gateway's object name. Refer to sk98349.
01357827, 01360076, 01360258, 01360259, 01395307, 01426058, 01426251	ClusterXL with ISP Redundancy sends VPN traffic with wrong source IP address after VPN link failover. Refer to sk98532.
Multi-Domain Security Management
01366715, 00499297, 00816100, 00525150, 00929341	Administrator names cannot include the "@" and "\" characters. To enable this fix, set this environment variable on the Multi-Domain Server and Security Management server: CP_P1_DISABLE_STRICT_ADMIN_NAME_VALIDATION Refer to sk44759
01392300, 01395213	If you add a second Domain Management Server (DMS) or a Domain Log Server (DLS) to an existing domain it will be created with the wrong software version (R77 instead of R77.10). Refer to to sk98809.
01404568, 01404266	SmartUpdate does not support Linux50 packages. Refer to sk100946.
01427929	Size of $MDSDIR/log/cpwd.log file grows rapidly (to several gigabytes) on Multi-Domain Server. Refer to sk109675.
01322609, 01322803, 01322804	"The Global History file is not found" error in SmartDomain Manager. Related to sk97812.
01353886, 01365307, 01365309, 01378060	Session description information is not provided in Domain Management Server "change-to-active" audit log. Refer to sk98695.
01364741, 01366005, 01366007, 01368102	SmartView Tracker is not able to fetch firewall log file from Security Gateway. Refer to sk98647.
01380563, 01380792, 01815829	Output of '`top`' command shows that threshold_config process consumes CPU at 100% on Multi-Domain Security Management Server. Refer to sk99081.
SmartDashboard, SmartView Tracker and SmartView Monitor
01371627, 01372064, 01372714, 01372855, 01374089, 01375067	When using a trusted link with site-to-site VPN, the tunnel is down because the unencrypted tunnel test packets are dropped.
01362293, 01365748, 01365750	The View Rule option in SmartView Tracker does not show the rule. Refer to sk98716.
01346262, 01343273, 01346260	When selecting SmartDashboard -> File menu -> Installed Policies -> select policy for a Virtual Router -> View Policy, the operation fails with "View Installed Policy operation failed" error. Refer to sk98275.
01382864, 01382987	When a rule name contains non ASCII characters, policy installation fails with the error "Load on module failed - failed to load security policy". Refer to sk33893.
01382845, 01382196, 01382427	Right-click on APN (Access Point Name) object causes SmartDashboard to become unstable. Refer to sk99127
01402103, 01405328, 01405435	"`Where Used...`" dialog shows interface UID and not its name.
01370009, 01370366	SmartView Tracker - View menu -> Query Properties option is always selected (although clicking on this option toggles the Query Properties filter window correctly). Refer to sk99077.
01351236, 01350069, 01381412, 01351234, 01401893,	cpstat os -f routing command and Smartview Monitor show nexthop as 0.0.0.0 Refer to sk98420.
01149900, 01295432, 01358114	Following a migrate, and prior to explicitly installing a policy, editing a VSX cluster object will result in overriding the existing policy with a default one.
01312882, 01313567, 01319015, 01406001	Search-Field in Mobile Access policy does not work when connected with SmartDashboard in Read-Only mode.
01373058, 01373864, 01410456	SmartDashboard does not accept usernames or passwords longer than 30 characters. Refer to sk99020.
01352011, 01373827	If you configure a cluster with the same IP address as Cluster IP already configured on the interface of the cluster node, there is no error message. Refer to sk100211.
01368608, 01405357, 01371697	When exiting SmartDashboard, if "Find in Rule Base" window (still) open, SmartDashboard crashes. Refer to sk98952.
01352197, 01354317, 01354318	In SmartDashboard, when creating new object with space in its name, space is changed to underscore "_". Refer to sk98455.
01342385, 01347611, 01347612, 01412607	When changing placeholder's state only (expanding / collapsing without any database changes), the changes are not saved. Refer to sk98278.
SmartEvent / SmartReporter
01375792	"`Check Point SmartEvent Client experienced a serious problem and must close immediately...`" when trying to connect with SmartEvent GUI to SmartEvent Server for the first time after upgrade to R77.10. Refer to sk98878.
01337798, 01338189, 01338190, 01400331	Using an external script in "automatic reactions" in SmartEvnet does not work. Refer to sk97632.
01361419, 01363419, 01363421, 01368780, 01370804, 01395373, 01447069, 01449264, 01453125	R77.10 Log Server stops forwarding logs to LEA clients: New events are not coming to SmartEvent. Logs are not processed by SmartReporter consolidation session. Logs are not forwarded to 3rd-party OPSEC clients. Refer to sk98588.
01339672, 01339954, 01352471, 01374073	SmartEvent 'Top Users By Traffic' view does not show any events for Active Directory users. Refer to sk98092.
01339272, 01379224, 01339952, 01339953	Country filter in SmartEvent returns empty for countries with apostrophe, such as Cot'e Divor.
01338561, 01338574, 01338575, 01383641	In Network Activity report, the total network traffic in the 'Summary' section is smaller than the total traffic in the 'Top Network Activity' section. Refer to sk98073.
01339464, 01339214, 01340543	Value of 'days_to_keep' configured per sk69706 is not applied. Refer to sk98095.
01346234, 01346578, 01375667, 01346579	SmartEvent reports fail with no data found, if AD name has a comma (,) in it. Refer to sk98275.
01380916, 01381197	SmartReporter license for 25 Security Gateways allows only 20. Refer to sk99111.
01382558, 01382557	Timeline View section is empty in SmartEvent GUI client. Refer to sk98900.
01368648, 01371514, 01371650	SmartEvent keeps old events longer than configured. Refer to sk99021.
01340644, 01340537, 01340359, 01383941	Network Activity by Date shows duplicate week entries.
01385997, 01384305	Cannot query event if UserName contains quotes comma apostrophe. Refer to sk99043.
01377756, 01403467, 01377610, 01395497	When trying to restart an existing session / create a new consolidation session, it appears to start, then the status goes into 'Abort' almost immediately. Refer to sk99080.
01400328, 01400316	When you generate a DLP report with a filter in SmartEvent, we get the following errors: Unable to complete generation for: Section: 5. DLP User Actions by User Unit: 5.1 DLP User Actions by User Additional information: :ERROR: column "dlp_violation" does not exist LINE 1: ..._VIEW ON (TEMP_VIEW.rowid=USERS_VIEW.eventid, dlp_violat... Refer to sk100547.
01370563, 01371218	The SmartEvent GUI client becomes unstable when creating an event based on an existing event from the "Mobile Access" group. Refer to sk99110.
01313659, 01336916, 01336955, 01319013	After an upgrade, SmartEvent does not show any events and shows an error "No connection to correlation unit". Refer to sk97632.
00863374, 00866796, 00905558, 01079529, 01127897, 01140149, 01186407, 01226490, 01227438, 01227439, 01227440, 01265819, 01374971, 01375023	In E-mail alerts sent by SmartEvent, the user name field contains '* Confidential *' instead of real data. Refer to sk68020.
01410542, 01410560, 01410563, 01465990	Memory leaks in cpsemd process on SmartEvent server when it fails to connect to log storage. Refer to sk102266.
SmartProvisioning
01319138, 01317912, 01344395	Filtering by 'Firmware' does not work. Refer to sk98092.
SNMP
01311922, 01320010, 01320011, 01365028, 01367709, 01412793	SNMPD daemon fails to start / crashes on Gaia OS. Refer to sk98324.
01323376, 01324127, 01324128, 01351121, 01351585, 01366207, 01461578	SNMPD process crashes with "`Segmentation fault`" error. Refer to sk98066.
01392172, 01392626, 01400511	Not able to load the Check Point MIB files from R76SP into MIB Browser (e.g., CA Spectrum OneClick) - MIB Browser shows multiple errors: Could not parse the file CHECKPOINT-MIB. Could not parse the file CHECKPOINT-GAIA-TRAP-MIB. The MIB CHECKPOINT-MIB referenced by the selected file appears to contain more than one MIB definition. The MIB RFC1155-SMI referenced by the selected file appears to contain more than one MIB definition. Refer to sk100169.
01373662, 01375761	MIB tree in the $CPDIR/lib/snmp/chkpnt.mib file is missing OID branches, which appear in the output of snmpwalk command: 1.3.6.1.4.1.2620.1.1.26.11.1.0 1.3.6.1.4.1.2620.1.1.26.11.2.0 1.3.6.1.4.1.2620.1.1.26.11.3.0 1.3.6.1.4.1.2620.1.1.26.11.4.0
01376058, 01376770, 01379432, 01401320	CPD daemon crashes due to a file-descriptor leak, if SNMP traps are enabled with the threshold_config command.
01402619, 01402835	Description of SNMP OID 1.3.6.1.4.1.2620.1.38.24.1.5 (identityAwarenessDistributedEnvTableStatus) in the $CPDIR/lib/snmp/chkpnt.mib file is incorrect. Refer to sk100990.
01373656, 01375758	MIB syntax causes a Java error in HP Network Node Manager (NNM) when working with Check Point MIB file$CPDIR/lib/snmp/chkpnt.mib file.
01378261, 01378643, 01394806	SMI syntax error in Check Point MIB file$CPDIR/lib/snmp/chkpnt.mib file: extra comma after 'haClusterSyncNetMask' before closing bracket '}' in 'HaClusterSyncEntry' extra comma after 'svnNetIfOperState' before closing bracket '}' in 'SvnNetIfTableEntry' Refer to sk73440.
01386495, 01386346, 01401324	The snmpwalk command for Check Point OID 1.3.6.1.4.1.2620 stops in the middle of the query with "Timeout: No Response from" error, and core dump files are created for snmpd process in the /var/log/dump/usermode directory. Refer to sk100193.
01398870, 01399409, 01418605, 01440524, 01453530, 01469745	SNMPD process crashes with core dump files. Refer to sk100514.
01382326, 01386014, 01394013	The SNMP query for IP-FORWARD-MIB::ipCidrRouteMask shows output of mask in reversed-endian order.
01355690, 01363319, 01363321, 01381841, 01391819, 01407756, 01414243	SNMP query for any OID under 1.3.6.1.4.1.2620.1.6.7.5 (multiProcTable) returns 0 (zero). Refer to sk98570.
01311467, 01311997, 01311998, 01311999, 01392708, 01428858, 01430113	SNMPD daemon crashes.
01323200, 01336334, 01336335, 01364361, 01364471, 01380312, 01407801, 01433095	The SNMP agent stops working correctly after a period of time.
QoS
01343078, 01355467, 01371032	VPN traffic might be dropped in some cases on Anti-Spoofing when SecureXL and QoS are enabled on R77.10 Security Gateway. Refer to sk98172.
VPN
00833986, 00835824, 01101966, 01104905, 01379596, 01379730, 01461368	VPND daemon might crash during policy installation. Refer to sk102716.
01352900, 01353061, 01353062, 01355363, 01372789, 01372862, 01374864	VPND memory usage rises steadily until the machine runs out of memory. Refer to sk98388.
01361432, 01362498, 01362506, 01362507, 01379840, 01414249	When you open the VPN SSL Network Extender portal in Internet Explorer 11, SSL Network Extender will only start in Java, not ActiveX.
01371627, 01372064, 01372714, 01372855, 01374089, 01375067	SmartView Monitor shows that a tunnel is down when using link selection with a trusted link.
01360917	There is no way to set waiting time for smaller packets before fragmentation. Fix: new global variable 'ipsec_mtu_icmp_wait_timeout' was introduced. It can be set to values from 1 to 10
01382259, 01395861, 01395878, 01395881, 01395884, 01395885, 01395888	Remote access VPN clients (IPsec) connect with Visitor Mode (TCPT) during install policy instead of NAT-T.
01266307, 01361806, 01417081	VPN shell command option 'tunnels/' is not supported on Gaia.
01360983, 01361317, 01361503, 01361504	VPND stability issue with L2TP clients.
01398492, 01337987, 01403407	VPND becomes unstable when many applications, rules, or user groups are defined in Mobile Access Software Blade policy. Refer to sk100488.
01381022, 01381542, 01412083, 01459083, 01468193	Traffic over remote access VPN tunnels is interrupted during policy installation onto VPN Gateway. Refer to sk98914.
01217021, 01361797	IKE selectors are not chosen properly when ike_use_largest_possible_subnets is false. Refer to sk101219.
01395232, 01396707	Users cannot use the real IP address of DAIP gateway when using the 'vpn tu' command. Refer to sk100346.
01231095, 01231254, 01231255, 01231256, 01234787, 01262160, 01361863, 01383011, 01465966	"`Failed to allocate an IP address`" error when using '`ipassignment.conf`' file to assign Office Mode IP address and Check Point Mobile VPN clients for Android/iOS. Refer to sk95088.
VSX
-	IP addresses that belong to VSX Internal Communication Network appear in routing tables and are published by dynamic routing protocols. Refer to sk102177.
-	SmartDashboard and '`ifconfig`' command show different IP address for interfaces of VSX objects. Refer to sk92596.
01258154, 01347285, 01356724	VPN configurations that use the IP-per-user and IP-Pool-per-group features may not work correctly on the Virtual Systems because $FWDIR/conf/ipassignment.conf file contains identical configuration on all Virtual Systems. Refer to sk97992.
01394079, 01397060	After adding a new USM (User-based Security Model) user, query from vs0 on vs2 works with user credentials, but after setting the SNMP agent off and on again, same query with same user credentials responds with: "snmpwalk: Unknown user name". Refer to sk100218
01351290, 01353108, 01356928	Mobile Access blade does not function as expected when enabled on Virtual Systems of a VSX gateway that was upgraded from R77 to R77.10. Refer to sk98352 for upgrade package download and installation instructions.
01290516, 01295822, 01359798, 01338428, 01358508	Gaia Clish command "show virtual-system all" displays empty virtual system list when logging with TACACS+ / RADIUS user (non-local) to VSX Gateway. Refer to sk105342.
01402165, 01402368	"License allows only a single Virtual System" error message during policy installation. Refer to sk100463
01394915	When using vsx_util change_private_net to change an IPv6 address, you must supply an IPv4 address, even if the addresses were not changed. Refer to sk117062.
01375670, 01370177	The CoreXL tab in the Virtual Sysyem object is empty.
01415541	Enhancement: Rate limiting for each Virtual System in VSX is supported. Run: "vsenv VSID" in Expert mode, or "set virtual-system VSID" in Clish, and then run the "fw samp ..." commands. Refer to sk112454 - How to configure Rate Limiting rules for DoS Mitigation.
01291155, 01347249, 01347240, 01347249, 01356757	Remote Wipe on a Check Point Mobile Enterprise, connected to a Virtual System, takes effect up to 24 hours after its user certificate has been revoked.
01321032, 01347407, 01356785	The vsx_util add_member command does not work with IPv6 address. Refer to sk97995.
01262108, 01358857, 01359659, 01362993, 01373866	On VSX machine, output of Clish command 'show arp' shows the ARP table only for Virtual System 0, even if the command is run from a context of the different Virtual System. Refer to sk98003.
01372432	Policy installation on VSX gateways (of version VSX NGX R65) fails when 140 or more VPN communities are in use. Refer to sk25827.
01383273, 01384856, 01392830, 01394068, 01415010, 01424740, 01440515, 01444143, 01444357	SNMP query for OID '`vsxCounters`' (.1.3.6.1.4.1.2620.1.16.23) returns incorrect values after deleting a Virtual System. Refer to sk101477.
01279754, 01471922, 01471953	Traffic outage might occur through Virtual Systems with enabled Application Control blade. Refer to sk102720.
01368553, 01368927, 01401772, 01475358, 01572817; 01392700	Traffic passing through the VSX cluster is lost (during more than several seconds) when cluster state of Standby member changes: if a cable is disconnected from the Standby member and then reconnected if a switch port, to which the Standby member connects, is shut down and then brought up Refer to sk104567.
01386051, 01749692, 01769512	Output of "ifconfig <Name_of_Interface>" command in the context of VSX cluster member (VS0) shows wrong IP address. Refer to sk108700.
00972349, 01368630, 01749694	Output of "ifconfig" command in the context of Virtual Systems shows Internal Communication (Funny) IP addresses instead of Real IP addresses. Refer to sk108699.
01380189, 01381264, 01568713, 01380553	Multi-Queue configuration might be reset during reboot on VSX Gateway. Refer to sk98945.
Compliance Blade
01345316, 01355290, 01371433	Compliance Blade does not recognize network objects after advanced upgrade from R77 to R77.10 / R77.20. Refer to sk98204.
01395492, 01472683, 01470595	Stealth Rule compliance check does not work as expected. See sk102424.
VoIP
01386074, 01392936	SIP call fails - call receiver can hear voice, call initiator can not hear voice from call receiver. Refer to sk100410.
01379712, 01383038, 01413378, 01379691, 01383036, 01413392	External VoIP phones are not able to connect to Internal VoIP phones (behind the Security Gateway) that use Gatekeeper because 'alternativeAddress' in H.225 Facility Message payload is not NATed. Refer to sk98970.
01375859, 01376023, 01376384, 01402195, 01402203, 01402212, 01402215, 01404681, 01405846, 01410025	MGCP traffic is dropped with log "Response to unknown Request. Bad Call-ID" after upgrade to R76 / R77 / R77.10. Refer to sk99026.
00362320, 00374502, 00413223, 01391913, 01392318, 01415004, 01419975, 01461248	SIP connections may be regularly dropped with "Number of reinvites exceeded the limit" error. New "sip_expire" parameter added to enable users to customize how much time a registration request should take.
Endpoint Security Unified Management
01360520, 01386165	In Web Remote Help, user name auto-complete only works for login name, common name, and display name. Resolution: run this script to configure name types for autocompletion: $UEPMDIR/system/install/wrhAutoCompletionConfig
00673732	Full Disk Encryption clients on Mac computers show dynamic token (challenge/response) in Preboot, but it is not supported.
CoreXL
01418503, 01366672, 01365459, 01400272, 01365150, 01284703, 01365149, 01380924, 01407041, 01365460, 01366671, 01403930	Kernel debug fw ctl debug command is not applied to all CoreXL FW instances: Kernel debug is disabled only for CoreXL FW instance 0 (and not for all instances) Kernel debug flag 'all' is enabled only for CoreXL FW instance 0 (and not for all instances) Kernel debug specified flags are enabled only for CoreXL FW instance 0 (and not for all instances) The CPU consumption may remain high after running the 'fw ctl debug 0' command Refer to sk98625.
Appliances
01405092, 01405869, 01405909	Policy installation on 1100 appliance fails with '`Failed to generate the rulebase`' error. Refer to sk100613.
01401717, 01207926, 01407638, 01408221	Output of "show asset" command does not show the CPU model and CPU frequency properly. Refer to sk100468.
IPSO
01397287	VPN traffic with IKEV1, B-GCM-256, or B-GCM-128 on IPSO gateways does not work with SecureXL. Workaround: Disable SecureXL to use these encryption methods.
00209685, 01372378, 01378009, 1380848	CPSNMPD process consumes CPU at high level on IPSO OS. Refer to sk40258.
HTTPS Inspection
01372343, 01398701, 01372648, 01402055, 01422259	Occasionally, certificate errors appear for some HTTPS sites, although HTTPS Inspection policy is configured to '`Bypass`' these sites. Refer to sk98972.

This solution is about products that are no longer supported and it will not be updated

Give us Feedback

Please rate this document

[1=Worst,5=Best]

Comment
	Submitting rating