This is a live document that may be updated without special notice. We recommend registering to our weekly updates in order to stay up to date. To register go to UserCenter > ASSETS / INFO > My Subscriptions.
When upgrading from R77, R77.10 or R77.20 to R77.30, the following error might appear:
Welcome to Check Point R77.30 installation
There is insufficient disk space for the installation of this application.
In order to install this application <VOLUME-SIZE> MB is required under <PARTITION>
Distribution of a R77.30 package in SmartUpdate R77.20 to Security Gateways R77.20 fails when the option "Revert installation to image on failure" is enabled. Refer to sk101438.
Upgrade from R77.20 with hotfix "R77_20_HF9" ("Bar Mitzvah", sk106478) to R77.30 fails due to a fix conflict as this hotfix is not included in Check Point R77.30. Follow the instructions in sk107233.
Upgrade process to Gaia R77.30 on HP platforms that use CCISS driver might end with unresponsive system. Refer to sk106708.
If you install the R77.30 Add-on on a Security Management Server / Multi-Domain Security Management Server running on Gaia OS using CPUSE in Gaia Portal, then you must reboot the server after R77.30 Add-on installation is complete. Otherwise, some Check Point processes might not start correctly.
The Check Point trial license is not retained during an upgrade to R77.30 using CPUSE in Gaia Portal. Install a standard Check Point license before the upgrade.
If R77.30 Add-on package (that was installed using CPUSE in Gaia Portal on another machine and then exported using CPUSE) is manually imported using CPUSE, it appears in the "Minor Versions (HFAs)" section instead of the "Hotfixes" section. In addition, the "Re-install" option is enabled, although it should be disabled.
The error message "FW1: Internal error - failed to determine operation mode" can be ignored in R77.30 Add-on installation logs files (/opt/CPInstLog/install_scrub_plg_R77.elg and /opt/CPInstLog/install_indicators_plg_R77.elg).
If you have gateways of different R77 versions and GX is enabled on a R77.30 Security Gateway only, policy installation will fail. Solution: Use the "Install On" column for the GTP rules.
01362643, 01416065, 01614707
During in-place upgrade from VSX R77.x to VSX R77.30, the $FWDIR/conf/amon_vsx_refresh_interval file is overwritten. If the refresh interval of VSX SNMP counters should be a value other than default 30 (seconds), you will have to edit the file manually after upgrade as described in sk101713 (and in sk97947).
If Multi-Domain Security Management Server was upgraded from SecurePlatform OS to R77.30 Gaia, you must manually install the latest build of Deployment Agent to use CPUSE. Refer to sk92449.
To upgrade from R77.20 Endpoint Security Manager on Gaia OS, which runs with Java 64-bit:
Gaia OS: Clean install from USB device fails on Open Server because the installation process (anaconda) includes the USB installation media as part of the installation target. Refer to sk100566.
Red Hat Linux OS: When installing Multi-Domain Security Management Server, the server's IP address must be manually defined in the /etc/hosts file before the Check Point products are installed.
Red Hat Linux OS: If you installed the R77.30 Add-on on top of Multi-Domain Security Management Server, then you must uninstall the R77.30 Add-on before you can configure the Multi-Domain Security Management Server.
Hardware Sensors reading are incomplete on 15000 and 23000 appliances until the Gaia First Time Configuration Wizard is run. Refer to sk114595.
Timeout when trying to assign IP addresses to more than 200 VLANs on 23800 appliance running R77.30 Gaia OS Build 18. Refer to sk120553.
01816080, 01822237, 01822236
DHCP Relay and DHCP Server do not function when configured together on the same Gaia OS.
Between DHCP Relay (routed) process and DHCP Server (dhcpd) process, the last process to start up will receive all the UDP unicast traffic. The first process sees no unicast traffic.
Both DHCP Relay (routed) process and DHCP Server (dhcpd) process will see UDP broadcasts.
If DHCP Server (dhcpd) process starts first, then this joint configuration will work, because dhcpd process only cares about UDP broadcasts. If DHCP Relay (routed) process starts first, then this joint configuration would fail to work, because the replies from DHCP Server that should be relayed are UDP unicasts.
Timezone data of few regions is missing from Gaia OS R77.30. Refer to sk105902.
01561217, 01561480, 01564882, 01566775
kipmi0 daemon consumes CPU at 100% on Open Servers running Gaia OS. Refer to sk104316.
In a Hyper-V environment, the Virtual Machine's clock (OS time) moves faster than the hardware (Host) time. As a result, the Virtual Machine's clock drift can accumulate rapidly and prevent NTP from working correctly. Refer to sk105862.
01691878, 01693135, 01692055
"This page is currently in read only mode, the requested action cannot be performed" message appears in Gaia Portal when logging in with the TACACS+ user and clicking on the "Enable TACACS+ authentication" button at the top. Refer to sk106324.
Scheduled Gaia backup in R77.30 fails to transfer backup file to remote server. Refer to sk106647.
"libdb set: missing or invalid argument" error in Gaia Portal when creating snapshot. Refer to sk106646.
"IMAGE MANAGEMENT: going to restore system image .. Error: 'Couldn't connect to /tmp/xgets: No such file or directory" on the console when reverting to snapshot or to factory default image on Check Point appliance. This message can be ignored. Functionality is not affected.
01362834, 01363388, 01749317, 01769560
Gaia configuration commands are not saved sorted in way that guarantees continuation when loading them. Refer to sk107286.
/var/log/messages file on Gaia OS repeatedly shows: xpand[PID]: image_mgmt_get_version: version was get from registry major=[X] minor=[.Y] xpand[PID]: version is X.Y
"Gaia Web-UI recognized a non-valid input data" error when creating a Scheduled Job in Gaia Portal. Refer to sk107513.
01817116, 01820170, 01820171
/etc/snmp/userDefinedSettings.conf file on Gaia OS (see sk90860) is overwritten during a hotfix installation. Refer to sk107861.
"CLINFR0479 You can't start interactive session from another interactive session" error when trying to log in / switch to Clish over SSH. Refer to sk108058.
"SKU is invalid" error when pasting the License "cplic put" string in Gaia Portal and clicking on "OK". Refer to sk108895.
Kernel panic during cpinfo creation due to ip command invoked by cpinfo.
Output of "raid_diagnostic" command shows some garbage characters in "ProductID" field. Refer to sk109612.
Backup restore includes the original MAC addresses of the machine. Refer to sk109934.
01940689, 01944407, 01944426
OSPF configuration cannot be updated/changed in Gaia Portal when working in Internet Explorer (IE) browser - after changing the settings and clicking on "Apply", the settings do not take affect and revert to default settings. Refer to sk109946.
Output of Clish command "show sysEnv all" / Expert mode command "dbget sysEnv:all" is corrupted (text is not ordered). Refer to sk110220.
Clish commands "show configuration" and "save configuration" do not show / save the configured user's "realname". Refer to sk110222.
Security Gateway running on Gaia OS randomly becomes unresponsive when DLP blade is configured with Fingerprinting and external storage repository is used. Refer to sk110801.
"WARNING The following features: NameOfFeature, , provide a privilege level equivalent to that of 'adminRole'" message in Clish when adding some read-only commands to RBA role. Refer to sk110772.
Gaia OS might crash when removing a Bond interface in Gaia Portal. Refer to sk111673.
Proxy ARP table is not loaded after reboot causing entry's to be out of date in case of bond interfaces that uses different MAC address. Refer to sk111675.
Syslog Protocol version is not sent in syslog packets as per RFC 5424. Refer to sk112159.
Setting state of interface to "off" on Gaia OS does not turn off the link on that interface. Refer to sk112598.
01919246, 02088229, 02091344
eBGP peers connected over an OSPF adjacency are using wrong next hop for BGP routes. Refer to sk112112.
Hardware Diagnostic Tool test fails on "Self-test" for 1GbE expansion cards when an SFP transceiver for RJ45 (Copper) is connected to the appliance. Refer to sk112857.
02332735, 02335959, 02335269
Output of lspci utility contains many "Unknown devices" messages. Refer to sk113214.
Firewall-1 information is not restored from a backup when Threat Emulation is enabled. Refer to sk113594.
/var/log/messages file is filled with Audit Logs for Gaia Clish commands: clish[PID]: user logged from admin clish[PID]: cmd by admin: Start executing : xxx (cmd md5: ...) clish[PID]: cmd by admin: Processing : xxx (cmd md5: ...) clish[PID]: cmd by admin: Start executing : exit (cmd md5: ...) Refer to sk113897.
02356738, 02365245, 02357833
confd process crashes with core dump files when running the cpinfo command. Refer to sk113750
01111060, 02356903, 01309032
Saving the configuration on Gaia OS times out with 'NMSCFD0026 Timeout waiting for response from database server' error. Refer to sk113746
02415990, 02419964, 02416200, 02419960
In SmartUpdate, on Windows Servers, "Generate cpinfo" not working. Refer to sk115193
Newly configured user (with UID that is not 0) is not able to log in from Gaia Clish to Expert mode on VSX Gateway. Refer to sk115221.
"confd" process consumes the CPU at almost 100% on Check Point appliance with installed LOM card. Refer to sk115634.
"confd" process crashes with core dump file when running the Gaia Clish command "show asset all" every several minutes.
"Authentication failure" error in Gaia Portal when logging in with TACACS+ user, whose password contains special characters, such as "<", ">", "&", ";", "*", ":", "$", "|". Refer to sk101332.
Snapshot creation on Gaia OS is stuck at 1-2%. Refer to sk116679.
02490383, 02491329, 02491797
Multicast PIM traffic register packets are sent with checksum 0xd63f that non-compliant with RFC (should be 0xdeff).
/var/log/CPbackup.elg file shows the following errors: Error:'get_xml_val': cannot find XML:nil Error : 'xml_text_to_hash': Failed to read <nil> from content buffer Refer to sk118718.
02559704, 02561586; 02561478, 02561588
After adding the RBA roles Gaia commands (add rba role TACP-0 virtual-system-access all), the lines are missing from "show configuration" command output, but the values can be seen in Expert mode (/config/active). Refer to sk119394.
When umounting an ext3 file system, Security gateway crashes with vmcore.
Routed process enters slave/slave state after fwd crash.
'show message motd' clish command output is corrupted. Refer to sk122199
Cannot run scheduled backup using a Windows SCP server. Refer to sk122792
RADIUS user with special characters in a class attribute field is stuck on the spinning icon when logging into the WebUI.
Security Gateway stops advertising default route into OSPF NSSA area. Refer to sk123074
'show asset' command do not show network information. Refer to sk123342
If the SecurePlatform WebUI "Snapshot" page looks corrupted, then use this workaround:
Connect to command line.
Log in to Expert mode.
Run this command: lvs
If you see 100% in the 'Snap%' column of image named 'lv_current_snap', then run this command: lvremove -f /dev/vg_splat/lv_current_snap
Connect ot SecurePlatform WebUI.
Snapshot creation reaches 93% and stops, although there is enough space. Refer to sk119675.
SecurePlatform OS sets the timezone to "UTC" when the zone is entered with a space character in the "sysconfig" menu. Refer to sk117737.
NAT stops working completely at some point. Refer to sk116013.
Security Gateway with PPPoE external interface installs "defaultfilter" policy instead of an expected policy when PPPoE interface is administratively shut down. Refer to sk43293.
01717808, 01718192, 01647153
"fw_getifs: filter interface <interface_name> - no IP" message appears for every interface when running "fw getifs" command under "TDERROR" debug, although those interfaces have an IP address assigned. Refer to sk106856.
"Service Name" field in SmartView Tracker logs shows wrong service. Refer to sk107416.
01786162, 01789060; 01408308, 01424553, 01437963
Errors when modifying default filter / Initial Policy on Security Gateway running IPSO 6.2. Refer to sk103999.
MGCP call fails to establish after upgrade from R75.45 to R77.30. Refer to sk107975.
01860616, 01863650, 02053111
Security Gateway on Gaia OS crashes with vmcore dump file while adding/removing an interface during policy installation, during 'cpstop;cpstart' commands, during policy unload. Refer to sk108816.
"Via" field in HTTP Request sent to a web server by Security Gateway in Non Transparent proxy mode contains incomplete HTTP version - only major version (e.g., only "1" instead of "1.0" / "1.1"). Refer to sk108900.
Connections are broken for short time after disabling SecureXL, or after installing a policy. Refer to sk109468.
in.ahclientd process occasionally crashes with core dump files.
01825619, 01664184, 01962131
Security Gateway / Virtual System might crash due to double record of a connection in Connections Table. Refer to sk110476.
01928723, 01929760; 01928725, 01929762
Traffic is dropped without any logs
Policy installation fails with "Load on Module failed" and kernel debug shows "fwk_atomic_load_prepare: fwk_mtcounter_prepare failed"
HTTP/HTTPS traffic drop when Domain Object is configured Refer to sk110687.
01710137, 01848363, 01707360, 01856715
Issues with traffic and with web pages when Security Gateway is configured in Proxy Non-Transparent mode. Refer to sk106663.
"Error 324 (net::ERR_EMPTY_RESPONSE): The server closed the connection without sending any data" in web browser when accessing a web server through Security Gateway in Non-Transparent Proxy mode without next proxy. Refer to sk111741.
TCP traffic fails to return from static NAT host when using ISP Redundancy and SecureXL. Refer to sk113236.
02342651, 02345193, 02350210, 02363864, PRHF-122
/etc/hosts stops resolving URL on Security Gateway configured as Proxy. Refer to sk113453.
02359254, 02361607, 02362029
"fwd" process or "fw_full" process on Security Gateway consumes memory at high level and crashes with core dump file. Refer to sk113736.
02422575, 02425040, 02428176; 02446698 02447665
Stability issue on Security gateway.
Once the Log server is down for a long period of time, the gateways do not try to reconnect to it and logs are being saved locally. Refer to sk116233.
In SmartDashboard, the "Hits" counter in a specific rule does not increase even though traffic was matched to this rule. Refer to sk115098.
Memory leak in FWD process, followed by "Segmentation fault" error in /var/log/messages file.
Logging session does not switch to the backup logging server after connectivity loss. Refer to sk118697.
Cannot create events based on "sys_message:" filter. Refer to sk119995.
Security Gateway crashes during policy push. Refer to sk122755
Security Gateway is sending wrong format BSD Syslog logs. Refer to sk122952
Logs with action "Hold" are seen in SmartView Tracker. Refer to sk125892
02367178, 02367230, 02367241, 01831439, 02389976
Kernel memory usage keep increasing, regardless of the connection amount. Refer to sk129052
Policy installation might fail with "ERROR: stab identifier <lsv_profiles> for host redefined" in the following scenario:
R77.30 Security Management Server running on Gaia OS or IPSO OS.
There are two R77.x Security Gateways / Clusters (e.g., "GW_1" and "GW_2") managed by this server:
"GW_1" has IPSec VPN blade enabled
"GW_2" has DLP blade enabled, IPSec VPN blade disabled, and belongs to VPN Encryption Domain of "GW_1"
Workaround: Enable IPSec VPN blade on "GW_2" and install policy on "GW_2".
If the Security Management Server is installed on Linux OS, sometimes the IP address field in the Security Management Server's object is empty. Workaround: In SmartDashboard, manually enter the main IP address.
Users are deleted after R77.30 Management Add-on installation. Refer to sk110887.
On a Security Management Server installed on Linux OS, an "ftp" command sometimes results in an error "ftp: relocation error". Workaround: Run FTP commands from the /usr/bin/ directory (# cd /usr/bin).
00419335, 01134550, 01648694
$CPDIR/tmp/ directory is filled with 'CKP_mutex::_opt_CPsuite-RXX_fw1_log__...' files.. Refer to sk36754.
Policy Verification fails to find overlapping rules. Refer to sk106854.
01732223, 01732576, 01732588
Policy verification fails abnormally on R77.30 Security Management Server (SmartDashboard might disconnect / close unexpectedly, or even crash) when rulebase contains Address Range objects with IPv6 addresses. Refer to sk107182.
01801629, 01802130, 01811077, 01805365
"Warning: Rule <N> contains a domain object. It will not be enforced by IPv6 policy." during policy verification refers to wrong rule number. Refer to sk107601.
"Unable to contact Certificate Authority on the Security Management Server" error in SmartDashboard after running "cpstop ; cpstart" commands. Refer to sk107593
Manual policy verification does not catch manual NAT rules where the Source of the original packet is defined as 'Any'. Refer to sk108278.
"fw logswitch" command on Log Server fails if its object in SmartDashboard is defined with a NAT IP Address. Refer to sk108291.
Manual NAT policy verification passes while it should fail. Refer to sk108389.
"Get Topology" action shows "fe80::" in results. Refer to sk108760.
Policy installation fails with core dump when Security gateway and Security Management server run R77.30. Refer to sk109616.
The "cprinstall install" command fails. Refer to sk109617.
Applying policy update to Security Gateway Virtual Edition from "veconfig" menu fails with "Failed - Connection to gateway failed". Refer to sk109739.
URL Filtering does not work on Edge device. Refer to sk110219.
"Gaia OS Best Practices" on the Compliance tab of SmartDashboard shows status "N/A" for clusters. Refer to sk110474.
In Management HA environment, FWM daemon might crash during an attempt to delete Security Gateway / Cluster object in SmartDashboard. Refer to sk110748.
"Where used" does not show results while logged into Log server via SmartDashboard. Refer to sk111077.
Imported data from fwm logexport is not properly aligned. Refer to sk111304.
"URL" field shows "*** Confidential ***" in HTTPS Inspection logs on 3rd party LEA OPSEC client. Refer to sk101570.
IPS Bypass under load thresholds are not tuneable in Full HA environment. Refer to sk112659.
01911675, 02103719, 02103172
Memory leak in CPD daemon (in cpmon) causes the daemon to crash (due to exhaustion of available memory).
01912502, 02103768, 02103182
Memory leak in CPD daemon (in licutil) causes the daemon to crash (due to exhaustion of available memory).
02456777, 02456968, 02457349
FWM process crashes while pushing configuration to VSX cluster with Identity Awareness blade enabled and AD server configured.
FWM process crashes sporadically when deleting the Security gateway object in SmartDashboard.
FWM process crashes after installation of Install R77.30 Add-On.
FWM process crashes while debug is enabled.
02555706, 02556381, 02555760, 02556390
Memory leak in FWM CPM module.
Security Management server stops receiving logs from all gateways. Refer to sk120316
SmartDashboar crashes at 40% on "Loading objects list" stage.
R77.20/R77.30 Add-on activation or deactivation fails due to timeout. Refer to sk121436.
Creating secondary CMA overrides files in $FWDIR/lib/ directory оn the primary CMA. Refer to sk122538.
The Compliance blade status for Best Practices APP113 and URL148 show "Poor" instead of "Secure".
Multi-Domain Security Management
You must install the R77.30 Add-on on Multi-Domain Security Management Server R77.30 before importing the database that was exported from Multi-Domain Security Management Server R77.20 with installed R77.20 Add-on. Otherwise, database import fails.
To uninstall the R77.30 Add-on from a Multi-Domain Security Management Server, first you must de-activate it on all Domains:
In SmartDomain Manager, go to "Version & Blades Updates" tab
Double-click on the Domain - go to "Version & Blades Updates" tab
Select the "R77.30" - click on "Remove" button - click on OK
The Gaia alias feature is not supported on the Multi-Domain Security Management Server, and it overrides the aliases Domain Management Servers.
SmartLog GUI client connected to the Multi-Domain Server (global database) does not show logs from the remote Multi-Domain Server or Multi-Domain Log Server in the following environments:
At least two R77.30 Multi-Domain Servers (regardless whether they are configured in Management HA or not)
R77.30 Multi-Domain Server with R77.30 Multi-Domain Log Server
mds_backup procedure is stuck at "Releasing all databases" stage. Refer to sk107862.
01640559, 01802714, 01641851
"Error: Cannot assign the Global IPS policy - The version of IPS on the Domain Management Server and in the Global policy must be the same". Refer to sk108877.
01894840, 01909809, 01909714
Assigning of Global Policy fails on some Domain Management Servers after modifying a global object. Refer to sk109436.
Global Policy assignment problem after failing IPS update. Refer to sk110498.
Users ($FWDIR/conf/fwmusers file) and GUI clients ($FWDIR/conf/gui-clients file) are overwritten on Security Management Server during MDS synchronization when Domain Management Server and Security Management Server are configured in High Availability mode Refer to sk111175
Global Policy assign fails with "There is already local object with the name: among the Domain Management Server's objects" error. Refer to sk112342.
"Global object modification is prohibited!" error in SmartDashboard connected to a Domain Management Server during policy installation. Refer to sk114154.
SmartDomain Manager loads very slowly and might even crash. Refer to sk114618.
02699530, 02699530, 02699530
Top process is not killed after closing ssh session and running at 100%.
SmartDashboard Help incorrectly shows "You can assign up to 8 instances on a Virtual System" (SmartDashboard - Virtual System object - "CoreXL" pane - click on "?" button in the upper right corner). The correct number is up to 10.
When editing protections in R77.30 SmartDashboard -> IPS blade -> Protections (for example, SIP Filtering), it is impossible to exit the protection editing. Refer to sk106444.
01693797, 01932180, 01694050
"Changing the hardware to <New_Selected_Check_Point_Appliance> Appliances is blocked" warning in R77.30 SmartDashboard when changing a hardware platform in a gateway object that is used in Identity Sharing of another gateway. Refer to sk106434.
"Changing the hardware to <Hardware type> is blocked." warning when editing cluster object that shares Identity Awareness. Refer to sk106482.
SmartDashboard overrides authentication scheme database field for mobile_realm. Refer to sk107278.
When cloning an interoperable Device in SmartDashboard, the following error is displayed and the name cannot be changed: "Rename is not allowed because the object contains shared secrets. First, remove the shared secrets from the object and click OK." Refer to sk107455.
When opening Account Unit tree, see "The parameter is incorrect" error. Refer to sk108137.
SmartDashboard does not display one of cluster interfaces because of case sensitive name uniqueness. Refer to sk108264.
SmartDashboard crashes when trying to delete Override category. Refer to sk108615.
In Read Only mode, right-click on object in NAT policy does not bring up the context menu. Refer to sk108618.
When Security Management manages many VPN gateways, the VPN Tab is stuck on loading and may crash the GUI. Refer to sk108628.
01856760, 01857716, 01858017
SmartDashboard displays "Internal error" message and crashes when clicking on Threat Prevention tab and going to Policy and than back to overview. Refer to sk108629.
"Hide NAT" icon is displayed for "Static NAT" method in "Destination" column of "Translated Packet". Refer to sk109013.
"An unexpected error occurred - Sorry for the inconvenience, please restart the application" error in SmartEndpoint, when going to Deployment tab - expanding Advanced Package Settings - clicking on VPN Client Settings - selecting a VPN Site, which has "Authentication method" defined as "CAPI-certificate" - clicking on Edit... Refer to sk109126 - Scenario 2.
There is no prompt message on exit attempt after making changes in Application & URL Filtering or DLP tab - the changes are saved automatically without asking. Refer to sk109813
Deleting a network object (that is a part of a Group object) while filtering "By IP address" causes the order of objects to change back to default order "By Name". Refer to sk109704.
01796510, 01799558, 01907575, 01799727, 01933963
Wrong icon for Automatic NAT rules. On automatic NAT rules, the icon of hide NAT rules always shows the letter "S". This letter should indicate the adtr method, and should be "H" when the method is Hide. Refer to sk109836.
SMTP property is not shown on VSX Cluster Object. Refer to sk110266.
SmartDashboard Picker filtering does not show the correct result. Refer to sk112057.
02127822, 02127888, 02128542
Access roles objects are not synchronized with the Log server. Refer to sk112359.
Users and user groups added to an Access Role are not saved in SmartDashboard when FIPS is enabled on Windows OS. Refer to sk112494.
"Unhandled exception - Value does not fall within the expected range" error when saving user-defined regulation in Compliance blade of R77.30 SmartDashboard opened in Demo mode. Refer to sk112581.
SmartDashboard does not get the topology of VTI interfaces from cluster members running on Gaia Embedded OS. Refer to sk119832.
Administrators with Customized permission profile cannot manage VSX objects.
Workaround: Use Read/Write all permission.
SmartConsole is not disconnected after time specified in 'SmartConsole > Manage & Settings > Permissions & Administrators > Administrators > Idle Timeout'.
HiDPI (High Dots Per Inch) is not supported in R77.30
Endpoint Security Server
If no licenses are applied on Security Management Server, then it automatically uses a Plug and Play license for the first 15 days. If during that time, Endpoint Policy Management blade is activated, then an Endpoint Policy trial license is shown in the output of "cplic print" command, although the Plug and Play license is still valid. The trial license is not used until the Plug and Play license expires.
Garbled characters in Action name in SmartEndpoint. Refer to sk109575.
SmartEvent / SmartReporter
01450132, 01451865, 01477664, 01491056, 01599078
"No data available for [SmartReporter]" error in reports. Refer to sk102007.
evs_backup command sometimes fails with the following messages:
Postgres service is down, starting postgres Failed to start postgres service. Please check backup.err for detailed errors eva_db_backup.csh fail error has occurred. evs_backup will stop
SmartReporter PDF reports are shown incorrectly. Refer to sk104840
"Dev Mode: ON - Syntax error" in SmartEvent/SmartReporter reports. Refer to sk108979.
Core dump files for CPSEMD process are generated in /var/log/dump/usermode/ directory after each reboot of SmartEvent server. Refer to sk109714.
The CPSEMD process crashes with core dump due to signal 15 when SmartEvent machine is rebooted.
SmartEvent GUI client may crash when trying to apply Learning Mode recommendations.
"No relevant data found" warning when running Login Failures report. Refer to sk115658.
Scanned hosts value is incorrect in Threat Prevention report. Refer to sk115680
02472200, 02473138, 02473784, 02475632
Report generation with custom Service field filter (for example SMTP), fails. Refer to sk116312.
Mail alerts that contain IPv6 show 0.0.0.0 instead of the real IP address. Refer to sk119714.
CPSEAD crashes when using an Offline Job for a log file with a high rate of logs. The issue is resolved since R80.10.
IPS events in SmartEvent contain an invalid link for CVE.
01692615, 01694011, 01697239
SmartView Monitor shows the status of cluster interfaces as "Partially up". Refer to sk106488.
01879709, 01885825, 01881984, 01937995
The rtmd process crashes due to memory corruption.
SmartView Monitor "Top QoS Rules" view shows that almost all traffic matches the "No Match" rule when SecureXL is enabled on Security Gateway. Refer to sk118720.
SmartView Tracker displays ROBO gateways / Edge devices managed by SmartProvisioning in the "Origin" column as Device ID "0.0.0.X" instead of the Device real IP address. Refer to sk106966.
SmartProvisioning profile change generates duplicated IP ranges. Refer to sk109457.
SmartProvisioning Configuration script does not work for 1180 SMB appliance. Refer to sk114735.
SmartProvisioning GUI shows VLAN interfaces as "ethX.NNN:Resolve:DataStruct:Encode:..." in ROBO Gateway properties window. Refer to sk115135.
Online Certificate Status Protocol (OCSP) verification of certificates signed with SHA-256 is not supported. Refer to sk108752 - "Scenario 3".
01616679, 01626526; 01600927, 01626372
Dead Peer Detection (DPD) does not work in Aggressive Mode. Refer to sk105390.
upgrade-export overwrites files from Cross-Site Request Forgery (CSRF) fix (01491932) rendering the ICA portal non-functional. Refer to sk106697.
01727625, 01730966, 01729434
"vpn debug on TDERROR_ALL_ALL=5" command does not update the previously set debug flags. Refer to sk107172.
Security Gateway might crash after running 'cpstop' command if MSS Adjustment (Clamping) for IPsec VPN traffic is enabled (fw_clamp_vpn_mss=1). Refer to sk101219.
After ISP failover on LSV peer, gateway keeps using the old MSPI. Refer to sk108388.
01841784, 01844569, 01844802
"According to the policy the traffic should not have been decrypted" drop log for traffic from VPN peers managed via SmartProvisioning (e.g., Edge devices) after upgrade of Security Gateway to R77.30. Refer to sk108427.
Not possible to establish Site-to-Site VPN tunnel with Large Scale VPN (LSV) peer, which is a DAIP device. Refer to sk109473.
When center gateway receives encrypted traffic to which it has no keys to decrypt AND peer is dynamically assigned (DAIP), VPN does not work properly. Refer to sk109853.
Site-to-Site VPN using IKEv2 fails when SecureXL is enabled. Refer to Scenario 5 in sk114834.
01956286, 01986659, 01986240
Remote Access users are unable to connect when authenticating using a certificate issued by a subordinate CA. Refer to sk110747.
Unable to store Intermediate CAs in CertCache. Refer to sk111272.
Concurrent IKA SAs counter is too large on Standby member. Refer to sk111373.
Site-to-Site VPN tunnel fails after some time and has to be renegotiated, if the IKEv2 SA was initiated by the peer. Refer to sk112137.
IKEv2 negotiation for Site-to-Site VPN tunnel fails if IKEv2 SA payload contains more than 8 proposals. Refer to sk112139.
Site-to-Site VPN fails between Check Point Security Gateway and Check Point Virtual Appliance for Amazon Web Services (AWS). Refer to sk112141.
02059238, 02060173, 02060616
Fail to authenticate with 3rd party peers when using Diffie-Hellman Group 19, or Diffie-Hellman Group 20. Refer to sk112156.
Randomly, new VPN tunnels are not being established with the peers. Randomly, traffic is not passing over multiple VPN tunnels. Refer to sk113837.
Security Gateway is sending incorrect IDs in IKE Phase 2 if using IP Range object for encryption domain. Refer to sk114494.
VPN traffic fails when collecting kernel debug with a filter "fw ctl debug -e" and SecureXL is disabled. Refer to sk115580.
Traditional Mode with User Authentication FTP traffic failing. Refer to sk115614
When connected with L2TP client to the Security Gateway's alias IP address, the returned encrypted traffic is sent out with the source IP address of the physical interface. Refer to sk116655
VPN Tunnel instability issues with Cisco Gateway using IKEv2. Refer to sk116776.
DAIP gateway takes a long time to establish a VPN permanent tunnel (DPD) after reboot. Refer to sk117513.
02514005; 02534915; 02529275
DAIP devices deployed as VPN Satellite gateways, do not support VPN link fail-over between a static link (using permanent IP address) to the DAIP link, and vice-versa.
Trusted interfaces are not supported for DAIP devices.
02536801, 02537327, 02540697
IKEv1 using DH group 19/20 fails to encrypt / decrypt packets. Refer to sk118713
Problems with supernetting during IKE negotiation with Large Scale VPN (LSV) peer. Refer to sk118855
Client Setting "Calculate IP based on topology" breaks when using host. Refer to sk120121
02564111, 02565222, 02590209
MTU on VPN traffic is limited by MTU of 1500. Refer to sk120122
"You cannot receive an office Mode IP address because the security gateway does not have a license for Office mode" error on SSL Remote Access VPN client (SNX client / Capsule VPN client / Capsule Connect client / Endpoint Connect client) that tries to connect to a Cluster in High Availability mode. Refer to sk120652.
Unable to connect with SHA-512 user certificate on Windows Capsule. Refer to sk121418
Security Gateway accepts an other Diffie-Helman group then is configred. Refer to sk122438
RADIUS authentication fails for LDAP users as the gateway uses sAMAccountName and not UPN when UPN is needed. Refer to sk122477
3rd party VPN peer rejects IDs proposed in IKE phase 2 and tunnel not established (unless initiated from peer side). Refer to sk122478
Site-to-site VPN traffic issue in vSEC for Azure deployment. Refer to sk122754
When Endpoint Security VPN client connects without Office Mode, upon disconnect, ccc_sessions entry not deleted. sk127452
By forging CCP packets, it is possible to "confuse" cluster members about the state of peer members and cause denial of service (cluster members could be forced to incorrectly change their state to "Ready"). Refer to sk108360.
"Interface table" in SmartView Monitor and in the output of "cpstat ha -f all" command shows only one configured cluster interface on IPSO-based cluster members running R77.20 / R77.30. Refer to sk109143.
Cluster member with highest priority is not able to become new Active after changing the Members' Priorities. Refer to sk110999.
00443545, 01492996; 01888621, 02221764, 02221768
NAT rule on cluster does not hide the Source IP address behind the configured IP address if the packet is sent to Cluster VIP address
NAT rule on cluster does not hide the Source IP address behind the Cluster VIP address if the packet is sent to Cluster VIP address
UserCheck daemon (usrchkd) crashes every few days. Refer to sk122953
The Mobile Access tab > Additional Settings > Link Translation page is not supported when working with SmartDashboard in Read-Only mode.
RAsession_util command (see sk104644) will show Capsule Connect and Check Point integrated VPN for Win 8.1 session, although the user disconnected the VPN tunnel from the mobile client side. No further data will pass between the client and the Security Gateway. The record, from RAsession_util, will expire according to the session's original expiration time, with a session expiration log in SmartLog.
When used without specifying the full path, cvpnd_settings crashes. Refer to sk106673.
01704233, 01706873, 01706888
ActiveSync Capsule Workspace users get authentication pop-ups using every few minutes after upgrading to R77.30. Refer to sk106607.
Web Form SSO with configured login page does not work. Refer to sk107254.
Accessing the MAB portal without providing certificate results in unclear log in SmartView Tracker. Refer to sk107812.
Mobile Access Gateway does not send domain as part of Web Form SSO response. Refer to sk108498.
01853732, 01862399, 01854127
Mobile Access log on SmartView Tracker shows the browser version instead of the OS version. Refer to sk108711
01734925, 01854129, 01862401
"[CVPN_ERROR] statusToString: Unrecognized status: 5" error in the debug of CVPND daemon on Mobile Access Gateway. Refer to sk108876.
Web application not displayed correctly in Mobile Access Blade when using Path Translation. Refer to sk109579.
Client Certificates Tab is not showing in Read mode in Mobile Access. Refer to sk109837.
External User groups are not matched correctly when connecting to SNX Portal - users get permissions to access resources, which they are not supposed to access. Refer to sk110014.
01932329, 01940409, 01953139
"Error: Page cannot be displayed. An error occurred while processing the request" in web browser after entering the credentials in Mobile Access Portal. Refer to sk110072.
After one SNX user disconnects, all other connected users are disconnected. Mobile Access gateway becomes non responsive. Refer to sk110316.
Mobile Access deleteUserSettings command does not work when user name contains spaces. Refer to sk112467
02156587, 02157190, 02172262
SSL Inspection: Site does not load for the first time after a renegotiation. Refer to sk112599
Relativity web application accessed via MAB does not show open folders until web page is refreshed. sk114259
"failed to establish trust" error message when try to enroll the certificate from Capsule Workspace. Refer to sk116095
Failed to overwrite existing files using Mobile Access File Share Application. Refer to sk116238
Pages not translated when header Content-Type: */* in HT Link Translation. Refer to sk117514
Untranslated links in iNotes Web Application when using Hostname Translation. Refer to sk118037
Endpoint Security on Demand Secure Workspace does not automatically support Windows 10 Creators Update or later versions.
The Mobile Access Portal does not support Web-Form SSO for Citrix StoreFront Web interface.
Mobile Access does not support viewing or editing files with 'Office Online apps', Microsoft's browser-based Office applications. Outlook Web Access is supported, however you cannot open or edit Office Online app files from emails.
Rule mismatch on SSL inspection rulebase. Refer to sk123718
SSL Network Extender
01381144, 01439006, 01534244
If MultiCore support for SSL is enabled, then SSL Network Extender roaming is not supported. Refer to sk101223.
01432574, 01432727, 01461593
The SSL Network Extender connection from command line "snx -l <CA_Di>> -s <Server>" fails with "SNX: Authentication failed" when authenticating with a user certificate. Refer to sk101588.
If MultiCore support for SSL is enabled, then connections between SSL Network Extender clients are not supported. Refer to sk101223.
"Cannot establish connection to SSL Network Extender gateway. Try to reconnect." error from SNX client on Mac OS X / macOS after disabling both RC4 and 3DES cipher suites on the Mobile Access Gateway. Refer to sk116156.
01554849, 01576112, 01611699
TCP packets are not dropped as Out-of-State when SecureXL is enabled. Refer to sk104557.
01385943, 00266287; 01463835, 00267250
TCPdump shows wrong IP addresses for NATed traffic when SecureXL is enabled. Refer to sk100194.
01919249, 01915798, 01915162
Output of "fwaccel stat" command shows: Accelerator Status : off by Firewall (too many general errors (NUMBER) (caller: Name_of_Function)). Refer to sk100467 (Scenario 3 - "UDP traffic causes too many general errors").
01536546, 01596104, 01596291, 01598767, 01615398
SecureXL Accept Templates not created when ISP Redundancy is enabled in Primary/Backup mode. Refer to sk104679.
Security Gateway might crash when disabling and re-enabling SecureXL. Refer to sk106934.
01769402, 01777881, 01771790
Multiple "cphwd_pslglue_can_offload_template: error, psl_opaque is NULL" errors in /var/log/messeges file after upgrade to R77.30. Refer to sk107258
01846041, 01852946, 01846244
SecureXL on Standby cluster member drops traffic with "Address spoofing" log. Refer to sk108502.
Check Point 21000 series appliance with SAM card might crash while handling fragmented TCP packets. Refer to sk108589.
01845461, 01853546; 01906167
Check Point 21000 series appliance with SAM card might crash during policy installation. Refer to sk108643.
Check Point 21000 series appliance with SAM card might crash due to removal of Layer 2 header by SAM card. Refer to sk108652.
Check Point 21000 series appliance with SAM card is not able to boot after installing Take 210, Take 213 or Take 216 of R77.30 Jumbo Hotfix Accumulator. Refer to sk116070.
If SNMP traps for hardware sensors are configured on Open Server running Gaia OS, then the traps for sensor values outside of the threshold can be sent, even when they are within the threshold limits.
After enabling the SNMP Trap "coldStart" in Gaia OS, it is sent every time the SNMP Agent (SNMPD daemon) is started, regardless of the current system up-time. Refer to sk107616.
Output of "snmptranslate" command returns different OIDs for objects in "chkpntTrap" branch. Refer to sk108697.
01899551, 01907792, 01900061
snmpd process might crash with core dump file (due to Segmentation fault) when it exits.
"Wrong Type (should be INTEGER)" errors when querying SNMP OID 'vsxCountersTable' on VSX Gateway. Refer to sk109469.
"No Such Instance currently exists at this OID" error message after installing R77.30 Jumbo Hotfix Take_225. Refer to sk117353.
Captive login portal page is shown in a baby frame of web site. Refer to sk122257
Traffic latency on VSX Gateway if MTU larger than 4096 (Jumbo Frames) is configured on an interface. Refer to sk110351.
01298013, 01347319, 01356763
The "vsx_util reconfigure" command fails with "Failed to fetch configuration information from <Name_of_VSX_object>". Refer to sk98001.
An upgraded cluster member goes into Ready state after the reboot, even before the rest of the cluster members are upgraded. Workaround:
Run cphaprob state command to verify that all the Virtual Systems are in Ready state.
Run ps -elL | grep fwk command to verify that fwk process is running on every Virtual System.
When you create a new bond in Gaia Clish with only two physical slaves, the output of cphaconf show_bond command shows the second added slave as "Not available", and the bond cannot fail over. Refer to sk105999.
If a Virtual System is the Hub of a Star VPN Community, it cannot support SmartLSM gateways as satellites.
The "vsx_util change_mgmt_subnet" command does not support IPv6.
"vsx_util reconfigure" command on Security Management Server / Domain Management Server fails to resume with "Error: Interface 'Interface_Name' exists in the management database, but not on the gateway". Refer to sk105441.
Pushing VSX configuration fails with "Internal Error - Failed to commit changes in the OS". Refer to sk103844.
"Bridge uses two different VLAN tags for interfaces. This configuration cannot be used with Active-Active bridge mode" error in SmartDashboard when creating a Virtual System in Bridge mode between interfaces with different VLAN tags. Refer to sk107972.
01848953, 01853474, 01854369
Issues with FWD daemon on VSX Gateway with Bypass Card (FONIC) installed on the appliance. Refer to sk108588.
Clients behind a Virtual System configured as Non Transparent HTTP/HTTPS Proxy are not able to connect to any site. Refer to sk107313.
New routes configured in Virtual System object are not shown as "Hidden" on Virtual System, which causes VSX internal IP addresses to being published to Dynamic Routing protocols. Refer to sk109738.
"Illegal routing gateway or interface retrieved from the VSX GW" error in SmartDashboard when creating a new VSX Gateway / VSX Cluster object. Refer to sk109815.
01868018, 01892596, 01888862; 01959895
Virtual Systems are "Down" after reboot of VSX Cluster Member because FWD pnote and CPHAD pnote are reported as "NOT UP". Refer to sk110073.
Virtual Systems are in "Unknown" state after reboot of VSX Cluster Member. Refer to sk110074.
"SmartView Monitor error has occurred (error code: 2147483647)" pop-up in SmartView Monitor GUI when viewing data from a VSX Gateway / VSX Cluster Member. Refer to sk112154.
VTI interfaces are not supported in VSX mode.
02338729; 02338820; 02338954; 02338696
During policy installation, Virtual Systems on VSX VSLS cluster shortly go to "Down" state due to "Interface Active Check" pnote. Refer to sk114234.
"vsx_util reconfigure" fails with "Failed to commit changes in the OS.Management interface must have an IP address." error in non-DMI configuration. Refer to sk115131.
02537316; 02151898, 02103463
Virtual Switches in VSX cluster are shown in "PROBLEM" status in SmartView Monitor without any error message. Refer to sk112067.
"CLINFR0699 Invalid command" error when a user with read-only Gaia OS role runs the "set virtual-system" command on VSX Gateway. Refer to sk118693.
02651720, 02656447, 02652003
Traffic outage when rebooting a VSX cluster member in case there is no connectivity to the Management Server. Refer to sk120842.
Per Virtual System High Availability or Virtual System Load Sharing (VSLS) requires a physical interface connected to Virtual Switch. Refer to sk36980
FireWall-1 GX is not supported on VSX Cluster.
FireWall-1 GX is not supported on VSX Virtual System in Bridge mode.
If the Security Management Server or Domain Management Server manages gateways of earlier versions, and at least one R77.30 Security Gateway with GTP rules, then the GTPMGT license is required. Without this license, policy installation fails.
SecureXL Templates are disabled starting from GTP rules in the Firewall Policy. To improve the performance of Security Gateway, the GTP rules have to be placed below the rules for traffic that should be accelerated by SecureXL Templates. For more details, refer to sk32578.
GTP PDU Integrity Tests (Verify Flow Labels and G-PDU sequence number checks) are not supported in accelerated mode. For more details, refer to the Firewall-1 GX 5.0 Administration Guide - "GTP PDU Integrity Tests".
If Carrier Grade NAT (CGN) and traditional Hide NAT are configured, there must not be overlap in the translated packet source address (public IP address). If there is an overlap, policy verification fails.
Carrier Grade NAT (CGN) is not compatible with R77.30 CoreXL Dynamic Dispatcher and Priority Queues features. If you want to use CGN in rules, you have to completely disable those features with "fw ctl multik set_mode 0" command (refer to sk105261).
Kernel Syslog supports only Firewall blade logs. Kernel Syslog is not supported for IPv6 logs or Software Blade logs.
Kernel Syslog is not supported when the R77.30 Security Gateway is managed by R76 Security Management Server with LTE Hotfix.
When Overbilling Attack Protection is enabled, you must define a rule that allows FW1_sam traffic from the GX object to the Check Point Security Gateway. For more details, refer to Firewall-1 GX 5.0 Administration Guide - "Enabling Overbilling Attack Protection".
GTP Bandwidth Management using QoS is not supported.
When establishing a SIC connection with a newly installed GX 5.0 cluster object in SmartDashboard, the platform version must be manually set to R70.
When using the IPS and the Full Intra-Tunnel features, GTP traffic may not be inspected.
The workaround is to change the IPS protection scope from "Protect internal hosts" only to "Perform IPS inspection on all traffic":
Double-click on the FireWall-1 GX object in SmartDashboard.
Go to IPS pane (if IPS pane is missing, verify the IPS blade was enabled).
In Protection Scope, select Perform IPS inspection on all traffic and click on OK.
Install the Policy.
When using the default "Protect internal hosts only" mode, the IPS blade inspects traffic from either the Internal to External interface, or vice versa, using the Security Gateway's topology (which is set in the GX object). Since the inner-GTP traffic does not have its own distinct topology settings and rule base, the IPS blade inspects the inner-GTP packet using the GX object's topology settings, which may cause it to skip the inspection. To override this, you must set the "Perform IPS inspection on all traffic" option.
Full Intra-Tunnel inspection is enforced only on encapsulated IPv4 traffic.
IPS "Aggressive Aging" protection is not supported by FireWall-1 GX gateway (if you enable IPS blade in FireWall-1 GX object, you must set this protection to "Inactive" in the IPS profile applied to FireWall-1 GX. Otherwise, unexpected behavior can occur).
SCTP or Diameter objects cannot be the service of a manual NAT rule. Static NAT will still be applied for rules that match SCTP if the service is set to "Any". All NAT methods can be applied for Diameter over TCP traffic if the service is set to "Any".
01692002, 01560455, 01692033, 01692705
Downloaded file might be bypassed instead of being blocked by DLP in the following scenario:
DLP blade is enabled.
Threat Emulation blade is enabled.
Threat Emulation Connection Handling Mode is set to "Background"
Threat Prevention Engine Fail Mode is set to "Allow all connections (Fail-open)"
Large file not being dropped by DLP, even though it is configured to drop such files due to extreme condition. Refer to sk108893.
User receive notification "Your emails are about to expire" from Data Leak Prevention. However, there are no e-mails in the DLP portal. Refer to sk110314.
When Security gateway is enabled with proxy and DLP, HTTP connections to external sites are allowed on Implied rules. Refer to sk118698.
DLPU sync issue with huge files. Refer to sk122258
SWG-1078, PRHF-130, PRHF-100
Memory leak when DLP works with HTTPS Inspection.
01688777, 01689576, 01690566
HTTP 206 "Partial Content" error in SmartView Tracker. Refer to sk106446.
01749088, 01782611, 01749108
High memory utilization on Security Gateway during Anti-Virus scan of large files transferred over HTTP. Refer to sk107384.
01856214, 01860237, 01904755
High CPU utilization on Security Gateway during Anti-Virus scan of large files transferred over CIFS/SMB2. Refer to sk109582.
01728021, 01778247, 01867575
Image Upload button is disabled on ok.ru site when Anti-Virus and IPS are enabled. Refer to sk109580.
RAD is consuming high CPU with HTTP traffic. Refer to sk110501.
02488332, 02491746, 02496568
Connectivity to internal mail server fails when Anti-Virus with deep inspection scanning is enabled. Refer to sk116738.
02496107, 02502978, 02641393; 02653578, 02655762
In rare cases, Security Gateway does not sent "SMTP 554" response when Anti-Virus blade detects an e-mail with malicious attached file. Refer to sk120841.
Threat Emulation logs show "Detect" for e-mail attachments instead of "Prevent" when Threat Extraction blade is also enabled. Refer to sk115252.
Mail Transfer Agent (MTA) protection bypass. Refer to sk114664.
01696858, 01697082, 01697348
SmartView Tracker displays e-mail subject as ISO string if it is written not in English. Refer to sk105164 (Scenario 4).
01714845, 01859125, 01896617
E-mail client receives timeout error, e-mails do not reach their destinations, and SmartView Tracker shows duplicated Threat Emulation logs from a cluster. Refer to sk109198.
01664717, 01661636, 01705031, 01891039
Files are emulated even though their MD5 is added as 'Exception' to Threat Prevention policy. Refer to sk109438.
TED daemon affinity is not updated by the "tecli set affinity <num_of_instances> <num_of_ted_cpus>" command. Refer to sk109818.
"Maximum delay time" setting for Mail Transfer Agent is not applied if the defined value is greater than 15 minutes. Refer to sk109893.
"Used disk space percent" counter in the $FWDIR/log/emaild.mta.elg log file shows unrealistic large value. Refer to sk110555.
File download from some web sites over HTTP through Threat Emulation gateway times out. Refer to sk111136.
Postfix process is not monitored by any WatchDog. Refer to sk111783.
Threat Emulation / Threat Extraction removes some key characters at the end of each e-mail. Refer to sk113556
CPD becomes unstable during contract / license entitlement.
"An error has occurred while extracting file" log from Threat Extraction blade when it blocks files attached to e-mails. Refer to sk115892.
02452806, 02454286, 02454288
The "Message-ID:" header of the original email is capitalized differently when Threat Extraction is enabled. Refer to sk115954.
User connected from mobile phone cannot send original e-mail to their mailbox through UserCheck portal. Refer to sk118856
Attachment file name is garbled when using Threat Extraction with Apple Mail. Refer to sk121800
02687319, 02691461, 02696459
Persistence of UserCheck incidents is not preserved when quarantine time is very high. Refer to sk122099
PRHF-19, PRHF-35, PRHF-45
Threat Extraction incidents are not stored for longer than 15 minutes. Refer to sk124792
02710284, 02711076, PRHF-207
Extracted (cleaned) PDF files in Threat Extraction are malformed Tiff images.
After upgrade to R77.30, SmartLog becomes non-responsive. The "smartlog_server" process consumes CPU at 100%. Refer to sk106782.
SmartLog GUI freezes occasionally, and it is not possible to log in to SmartLog GUI again. Refer to sk107153.
SmartLog displays the wrong hostname for a DHCP re-assigned IP. SmartView Tracker shows the correct hostname (corresponding to the user). Refer to sk108710
"User" column in Global SmartLog GUI shows asterisks "******" instead of "User@Domain". Refer to sk108771.
Packet Capture hyperlink is missing in SmartLog GUI. Refer to sk108934.
In some records, the Origin field in the SmartLog is displayed in the 0.0.0.0.x format. Refer to sk109820.
SmartLog GUI of Global SmartLog does not sort the logs by time when running a query. Refer to sk112826.
"Server is disconnected!" message appears in SmartLog GUI, and it closes when running a query, or scrolling in SmartLog GUI. Refer to sk112140.
Some of the entries in fw.log are not displayed in SmartLog. Refer to sk115698
Cannot select local Security Management in SmartLog's "Servers view" although it is displayed in the list. Refer to sk117573.
"Xml Parse error" when trying to display Threat Emulation logs in SmartLog. Refer to sk120982.
IPS blade is automatically enabled on R7X Security Gateway during policy installation from R80.X Management Server, although IPS blade is disabled in the Security Gateway object. Refer to sk121152.
When Geo Protection mechanism is activated, Geo logs are generated for connections from reserved IP addresses (RFC 1918) (which creates too many logs).
Upon Geo Protection match, the "Source Country" field is populated according to the matching country in the rule base and not according to the actual country source IP. Countries that are not included in the policy are logged as "OTR" in log's "Source Country" and "Destination Country" fields.
Security Gateway becomes unresponsive and memory consumption increases when HTTP traffic passes through. Refer to sk109801.
01835506, 01849370, 01884821, 01886146, 01844696
Whith Anti-Virus, Application Control and URL Filtering blades enabled and APPI rule base configured to block "Malware / Malicious sites" with UserCheck message, when downloading Eicar test file over HTTPS, the UserCheck page is not displayed. Refer to sk109802.
Global IPS Exception for protection "Any" does not work for e-mail traffic. Refer to sk117397.
DNS traffic is dropped by IPS with log "Attack Information: Bad Resource Record format, Illegal EDNS0 RR". Refer to sk112578.
02333892, 02336619, 02334787
Outage after IPS database upgrade and install policy. Refer to sk113251.
Multiple queries in a single DNS Query packet might cause the FWK daemon to crash on VSX Gateway. Refer to sk115254.
when IPS is enabled, see many "fwconn_chain_is_data_conn" errors messages in dmesg log. Refer to sk119952
FWK crashes when malformed DNS packet arrives to the Security gateway.
SCTP traffic dropped by by 'SCTP Unknown Chunk Type'. Refer to sk123561
HTTPS Inspection drops traffic to a web site that uses untrusted server certificate even when the "Untrusted server certificate" is disabled. Refer to sk107288.
Probe Bypass is initiated on non-SSL connection. Refer to sk108294.
01827198, 01779781, 01732856, 01980269, 01815535
HTTPS traffic is not routed according to Policy Base Routing (PBR) when HTTPS inspection is enabled. Refer to sk110690.
Security Gateway crashes with vmcore while creating the report (fw ctl sdstat report\stop ).
02267698, 02465120, 02413999
Some HTTPS sites do not load when HTTPS Inspection is enabled, if TLS 1.2 with ECDHE cipher is used. Refer to sk112954.
Applications, Dynamic objects and Domain objects are available for use in the HTTPS Inspection policy, but these objects are not enforced on the Security Gateway. Refer to sk119276.
Skype for Business not working when HTTPS inspection is enables and Security Gateway is configured as a proxy. Refer to sk121473.
Do not have the ability to create your own Best Practices (resolved by installing R77.30 Add-On).
Do not have the ability to to manage your own internal policy (resolved by installing R77.30 Add-On).
Do not have the ability to view Compliance configuration from the SmartDomain Manager (resolved by installing R77.30 Add-On).
Security Alert notification are not received in the e-mail (resolved by installing R77.30 Add-On).
Status of Compliance Best Practice "AB105" is "Poor" although "Update Malware database on the Security Gateway" is enabled. Refer to sk107373.
Status of Compliance Best Practice "APP103" is "Poor" although "Supports file transfer" block rule is defined under 'Application & URL Filtering' rulebase. Refer to sk107165.
Compliance Blade shows "N/A" status for various Firewall Best Practices. Refer to sk110318.
FTP traffic speed decreases when Application Control blade is enabled. Refer to sk109012.
When Security Gateway configured as proxy, Skype blocked by Application Control. Refer to sk113124.
01861543, 01878274, 01884021, 01885550
Ability to increase the speed of RAD daemon's connection creation/deletion by configuring the number of categorization queries sent by RAD daemon to Check Point cloud in one connection (via parameter RAD_QUERIES_NUMBER_PER_CONNECTION in Check Point Registry). Refer to sk109474.
01910074, 01972747, 01973174, 01912245
Some HTTPS web sites are not categorized correctly when "Categorize HTTPS sites" is enabled. Refer to sk110475.
01938571, 01938659, 01938796
QoS (Floodgate) policy install randomly causes Security Gateway to crash and reboot. Refer to sk109840.
QoS rule with Time object is enforced one hour later\earlier than time configured after daylight saving. Refer to sk117893.
02563501, 02567776, 02567790
No warning is displayed if an empty network group object appears in the source or destination column.
Some QoS log fields are with gibberish. Refer to sk121476.
QoS policy installation on Security Gateway with more than 1024 interfaces is failing. Refer to sk134812.
These features are not supported for NAT64:
HTTP header spoofing
You cannot use stateless NAT46 for FTP, VoIP or other protocols that require state information between control and data connections
vSEC Gateway for NSX
Management High Availability and Log Server are not supported on a standalone vSEC Gateway for NSX.
Performance Pack (SecureXL) Heavy Load Quality of Service feature (HLQoS) is not supported.
Cloning and templates are supported for vSEC Gateway for NSX Virtual Machine, if:
The VM is a newly deployed vSEC Gateway for NSX (immediately following the first boot).
You have not yet configured any Check Point products.
You have not yet done any configuration steps, such as sysconfig or cpconfig.
CPU consumption for the vSEC Gateway for NSX might show inaccurate results. To resolve this issue, reserve CPU resources on the ESX:
In the vSphere client, right click the vSEC Gateway for NSX.
Select Edit Settings.
On the Resources tab, move the Reservation slider to allocate a guaranteed CPU share (in MHz).
You can configure up to 2 virtual CPUs for the vSEC Gateway for NSX. Starting from Take_84 of Jumbo Hotfix Accumulator for R77.30, it is possible to configure more than 2 CPUs on vSEC Gateway for NSX.
Check Point Appliances
02192187, 02361143, 02366385
Multi-Queue does not work on 3200 / 5000 / 15000 / 23000 appliances when it is enabled for on-board interfaces. Refer to sk114625.
Gaia Clish command "show asset all" on 21400 appliance does not show the amount of RAM present and the Power Supply status. Refer to sk116677.
Power supply status is 'Dummy' in 'cpstat' output on 5100/5200/5400 appliances. Refer to sk125573
Security Gateway / Active cluster member freezes / locks up randomly when processing H.323 traffic. Refer to sk114977.
02356285, 02402646; 02057823; 01920648, 02337230
H.323 VoIP call drops after exactly one hour because Keep Alive "ACK" packets are not forwarded to the VoIP clients. Refer to sk113749.
02398266, 02398945, 02401774
VoIP calls over VPN with destination in Internet fail. Refer to sk114817.
01557130, 02017992, 01633237
VPN Central Gateway drops SIP RTP traffic between the SIP Call Manager and the VPN Satellite Gateway, where the SIP call was initiated. Refer to sk111839.
SIP VoIP call is disconnected / stops working several minutes after establishing the connection when SecureXL is enabled. Refer to sk112913.
VoIP traffic, or traffic that uses reserved VoIP ports is dropped after enabling CoreXL Dynamic Dispatcher. Refer to sk106665.
Avaya VoIP calls with Avaya Call Manager fail through Check Point Security Gateway. Refer to sk104786.
02490592, 02491121, 02491840
SIP session progress packets are not being NATed. Refer to sk116739.
Security gateway crashes while handling SIP traffic.
CPView history shows large number of pps on the interfaces after running cpstop command. Refer to sk116368.
Randomly Anti-spam is dropping email. Refer to sk121344.
02709578, 02710785, 02711336
When Security gateway is configured as MTA, Anti-Spam blade does not stamp email subjects as 'spam' or 'suspected spam'
Give us Feedback
Thanks for your feedback!
Are you sure you want to rate this stars?