The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Check Point R80 Known Limitations
IPS, Security Management, SmartEvent / Eventia Analyzer, SmartConsole / SmartDashboard, SmartUpdate, Small and Medium Business Appliances, Mobile Access / SSL VPN, Multi-Domain Management, Compliance, Threat Emulation, Threat Extraction
Show more details
Show less details
This article lists all of the R80 specific known limitations.
Click here to see the list of R80 Known Limitations.
This article lists all of the R80 specific known limitations.
This is a live document that may be updated without special notice. We recommend registering to our weekly updates in order to stay up to date. To register go to UserCenter -> ASSETS / INFO -> My Subscriptions.
These blades and features are not supported in R80:
Legacy Management Portal - Web-based management functionality - Similar and more advanced functionality can be implemented with the new API in R80.
In R80, indexing is done by a new process called Indexer. Indexer works similar to SmartLog R77.xx but has its own configuration files stored in $INDEXERDIR directory. Customers who defined manually indexing configuration from remote Log servers (via LEA) in SmartLog R77.x or below should manually move them to the new configuration files. To copy settings from SmartLog R77.x configuration files to the new Indexer process configuration files:
For SmartLog servers only: After upgrading to R80, copy the remote Log servers configured in $SMARTLOGDIR/smartlog_settings.txt file to $INDEXERDIR/log_indexer_custom_settings.conf.
For SmartEvent with SmartLog server: Remote Log servers configured in $SMARTLOGDIR/smartlog_settings.txt file are not automatically upgraded. Manually configure the Log servers in SmartEvent GUI -> correlation unit policy. For more, refer to the R80 Logging and Monitoring Administration Guide.
Policy revisions are not migrated to R80 Management server during the upgrade process.
After upgrading to R80, SmartConsole disconnects from the server during the first policy install. Before a first policy installation on Standalone servers, allow the CPM service in the Services & Applications column of the rulebase.
After upgrading, the Gateway Properties -> HTTP inspection page shows "Failed to load Plug-in Page: SSLInpectionPage". To resolve the issue, perform the following on the Security Management server:
Delete the $FWDIR/conf/newDleSchema.xsd file
SmartEvent blade disabled after advanced upgrade to R80 Management. On the Security Management server, run "evconfig" to enable the SmartEvent server.
After upgrading to R80, there is no visible way to switch between Classic mode and Wizard mode to create a Security Gateway object. New gateways can only be created depending on the setting in Global Properties -> SmartDashboard customization prior to upgrade. To restore both options:
Close all SmartConsole windows.
Connect to Security Management / Domain Management Server with GuiDBedit Tool.
On the Tables tab, open Global Properties -> Properties.
Select the firewall_properties object.
In the Field Name column, select "hide_use_CP_GW_wizard".
Change the value to false.
After Multi-Domain Server upgrade, the Domain Management Server version and operating system are not updated. You must manually update this information in SmartConsole.
After upgrading to R80, the Gateways & Servers view does not show version numbers in the Version column. To see the version numbers, open the gateway object for editing, make sure the correct version is selected and click OK.
In a High Availability deployment of Multi-Domain Security Management Servers, until the MDS that hosts the active Domain server has been upgraded, it is not possible:
To edit an administrator assigned to that Domain
To edit a client assigned to that Domain
To view global assignments of that Domain
Importing a large SmartEvent database can take a long time to complete. Check the upgrade status for progress.
CPUSE is not supported for installation of / upgrade to R80.
IPv6 addresses for management interface are not supported on R80 Security Management Server.
If you refresh the browser while running the First Time Configuration Wizard, or try to run the Wizard twice, one of these messages will show:
Cannot install Check Point Security Management Server. Incompatible hardware
Internal Error: Cannot install Check Point Security Management Server
Cannot install Check Point Security Management Server. Please contact Check Point Technical Support.
After seeing one of these messages, you must reinstall the device or revert to the factory image.
If you change the members of a Gaia Cloning Group with many members down, you are logged out of the Gaia Portal with an incorrect error message: "Unable to connect to server". The correct message is: "An error occurred while applying configuration change to all cloning group members" - the operation was successful only for online members. This is the normal behavior of the cloning group. This error does not indicate a critical failure.
When connecting to the network interfaces page in the Gaia Portal, an "Unable to connect to server" error shows. To resolve, disable the Adblock EasyPrivacy extension of the Adblock plus add-on and try again.
The last stage of the First Time Configuration Wizard takes a long time on some machines. To see the progress of the First Time Configuration Wizard, the user must check if these files were created on the machine:
/etc/.wizard_accepted - means that the First Time Configuration Wizard has finished.
/var/log/ftw_install.log - means the First Time Configuration Wizard has started and the user must wait until the file /etc/.wizard_accepted is created.
Different numbers of recommended updates are displayed in R80 SmartConsole and in R80 Gaia Portal. Refer to sk115456.
External NIC is not detected after upgrade to R80 / clean install of R80. Refer to sk116587.
Security Management Server
When the Gaia portal on the Security Management server does not use the default port 443, the following issues may occur:
Management commands using the GUI do not work.
Management commands using the Management command line "mgmt_cli" tool do not work.
Management commands using clish do not work.
The api status command fails with "test failed" error.
If you create an administrator in cpconfig, you must run cpstop and cpstart, as instructed by cpconfig. After cpstart, no administrators are shown in cpconfig. Administrators configured before the upgrade to R80 are also not shown in cpconfig. Manage administrator accounts through SmartConsole.
Login to the Secondary Management from the Management High Availability window fails. Make sure the SmartEvent Server and SmartEvent Correlation Unit blades are not be enabled on the secondary Management object.
Fail to add a VSX objects (router, switch, or system) from the secondary Multi-Domain Server when the primary server is powered off. The creation wizard fails to open and an "Operation finished successfully message" shows. To resolve the issue, power on the primary Multi-Domain Server and try again.
When selecting the "Use Gaia administrator: admin" option in the First Time Wizard, it lets to reuse the Gaia administrator password for SmartConsole. If you later change this password in SmartConsole, the Gaia administrator password remains unchanged.
Connection to the Security Management server after running cpstart command fails. The cpstart process may not have finished. Give it more time then try again.
High Availability CLI commands like 'set standby' and 'set active' that are part of the send_command tool, are no longer available.
Domain server fails to start with "Check valid licence" error message. If licensing is not the issue, make sure the name of the domain server starts with a letter (and not with a number).
Internal user names must contain only English language characters. Names in other languages (unicode) will show as question marks in the Users and Administrators window.
"Check your connection settings (Proxy, DNS and gateway)" error shows after IPS and Application Control & URL Filtering update fails if there is no proxy defined. To resolve the problem, run cpstop and cpstart and try again.
If policy installation fails on R75.20 1100 gateways, the selected version of the gateway object is probably incorrect. Solution: In the gateway object properties, make sure the correct version is selected.
Publishing fails with validation error regarding unique names. SmartConsole will let you create new objects with the same name as an existing object. But before you publish you must give the object or objects a unique name.
These commands are not supported in the SmartConsole's CLI: login, logout, discard and publish. Use the SmartConsole GUI instead.
Applications like Provider.exe and Fwpolicy.exe (SmartDashboard) cannot be used to connect directly to the Security Management server or the Multi-Domain Security Management server.
When creating a new object with IP address or name of a deleted object, the following message might show:
"There is another network object with the same IP address, are you sure you want to continue?"
"Name already used!"
To resolve the issue, close and reopen SmartConsole.
After converting a gateway to a cluster member and publishing, this error message shows: "com.checkpoint.management.coresvc.ObjectNotFounfException: Satellite object of type GatewayAggregator not found for core object..." To resolve, click Discard.
SIC is not allowed by default with upgraded OPSEC applications (OPSEC applications not compiled with SHA-256 support). To fix:
On the Security Management server, run: cpca_client set_sign_hash sha1 (refer to sk103840)
The initial full synchronization of a new High Availability server, either Security Management or Multi-Domain, can take a long time in large environments.
If you create or delete Domain servers of the same Domain from many Multi-Domain Servers, the Domain can become corrupted, with recovery from Check Point Support required.
Changing the Security Management server's time, for example using an NTP server, while there are SmartConsole clients connected, may cause the client to disconnect from the server.
For Gateways below R80, 2nd layer behaves like Application Control policy.
01713602, 01626242, 01896195, 01626310
A SmartView Monitor email alert sometimes has a closing "_NextPart_..." boundary, which causes the email to be blocked by some mail servers as spam. Refer to sk105578.
At irregular intervals, the session information fails to update. To see the most updated session, switch to another view and then switch back.
Automating a Check Point Management server using the Management API blade is supported only on Gaia OS Management servers.
Login to primary Domain SmartConsole fails with "Database is locked by another application" error. To resolve, run the cprestart command on the Security Management Server.
Sync failure between primary and secondary servers in a High Availability deployment. To prevent this, make sure the interfaces are enabled before starting the processes (cpstart, mdsstart).
Install database task hangs if SmartConsole is closed before the task completes. Reconnect and install the database again.
R80 does not support Security Gateway / VSX gateway conversion, or conversion in the opposite direction.
lvm_manager fails to resize partitions with "ERROR :Cannot kill process (id XXXXX)".
Workaround: Boot the machine into Maintenance Mode and then run lvm_manager.
"Internal error occurred during the verification process" during policy installation after reverting to a previous policy revision that has a disabled rule with an object that has been deleted since then. Refer to sk110614.
In a High Availability deployment, purging revisions causes the High Availability incremental sync to all Standby Security Management servers to fail with "NGM Failed to import data" error message. To resolve the issue, after purging revisions, perform a full sync.
"Authentication to server failed"error shows when logging in to the SmartEvent server using the local administrator account (created in cpconfig). Create a new administrator account with a name not used on the remote SmartEvent server or the Multi-Domain server managing the SmartEvent server.
OSE devices are not supported in R80. The Pre-Upgrade verifier warns about this and policy installation from R80 Security Management on an OSE Device fails.
The CLI command fwm dbexport is not supported. After running the command to export the user database, the process finishes successfully but the file contains only headers, no data.
Global assignment removal fails with "Object could not be deleted because it is referenced by other objects" error. If the search fails to locate the object in the domain, check each application object in the Domain for a reference to the permission profile specified in the error message. Refer to sk110630.
02349143, 02349405, 02350931
Although it is possible to create a Time group object with a long name, policy installation fails with "Time objects name cannot be more than 11 characters" error. Refer to sk113498.
Migration of Security Management server or CMA R80.x to R80.x Multi-Domain Security Management is not supported.
02459792, 02462601, 02468700
Publishing Gateway objects rewrites manual changes in database. Refer to sk116194.
"Get Interfaces" in the Cluster object does not update the Topology after changing a physical interface to VLAN interface with the same IP address, or vice versa. Refer to sk116582.
Wrong license status for 'virtual systems' blade for VSX objects in R80 SmartConsole. Refer to sk117675.
SMS daemon does not start on startup. Refer to sk118083.
Install policy from Multi-Domain Server - the ability to directly install the policy on all Domain gateways as part of assigning the Global Policy on the Domains is not supported. Install the policy from the specified Domains.
For Multi-Domain Log Servers, Remote Log Servers that are not defined as Domain Log Servers are not supported.
After you upgrade a Multi-Domain Server with a IP address change, you must remove the license with the old IP address. If you do not do this, failures will occur in the License view and on some Management Blades.
A Security Management server cannot be installed as a secondary Management for a Domain server.
There is no cross-Domain search for network objects. Search in each Domain for the specific network object.
After a Global policy has been assigned to a Domain, the revert option in the Domain "Network Layer -> History" window no longer functions.
You cannot assign only the Global objects used in a specific Access Control policy or Threat Prevention policy. All the global objects are assigned to the Domain.
Multi-Domain Management server unexpectedly terminates after assigning a Global policy to a Domain imported using the cma_migrate command. To avoid the issue, run mdsstop;mdsstart after running the cma_migrate command.
An administrator defined on the Multi-Domain Server, can log in to the Global SmartEvent server in read-only mode only. To resolve this, connect to the SmartEvent server with the local administrator account (created in mdsconfig), configure the relevant Domains and install the Event policy.
Some domains might be missing from the drop-down list of the Multi Domain Security Management connection launcher. To resolve this, run: mdsstop;mdsstart
Private sessions are not synchronized between Multi-Domain Servers. A session that is open on one Multi-Domain Server cannot be seen or moved to a different Multi-Domain Server
An administrator with Manage Session permissions on a Multi-Domain Server but not on a specific domain, can manage the session from sessions view in the MDS level. Session publish may fail.
You cannot add licenses from the Multi-Domain Server or Domain Management configuration windows or wizards. To add licenses, click "Manage Licenses and Packages" in the SmartConsole main menu.
Administrator groups and Domain groups are not supported in R80 and cannot be viewed or used in the SmartConsole.
In Multi-Domain Security Management, OPSEC application permission profiles are not visible on the Domain's object bar. Use the OPSEC application editor to change the permissions.
The Multi-Domain Management Server must have 4 or more cores.
When upgrading a Multi-Domain Security Management environment, you can change the IP address of the primary MDM, but not the IP address of secondary MDMs.
Each database can be migrated only once with cma_migrate. If you try to migrate the same database to another Domain Server, migration fails with the "Internal runtime error"... "The folder in the dleObject can't be null." error.
After you define the SmartEvent object in the global database, first you must assign Global Policy to Domain Servers in order the Domain Level Only administrators can log in to SmartEvent.
Multi-Domain Super User has no permission to install policy when connected the Domain Server. Workaround: Restart SmartConsole, connect to the Domain server, and try again.
"Unexpected error" message is shown when an administrator with insufficient permissions on a Domain assigns or reassigns a Global Policy to the Domain. Make sure the administrator account has the required permissions.
02359963, 02361015, 02361167
Multi-Domain Management server (MDS) creates a snapshot during the OS level backup procedure, causing the backup to fail or be extremely small. Refer to sk113740.
FWM daemon becomes unstable when using RADIUS Authentication.
Getting "Cannot create a new Domain server. Reason: License violation detected: Multi-Domain Server HostName. The license of Multi-Domain Server HostName allows to manage 0 Domain Management/Log Servers. X is already defined" error when trying to create a new Domain. Refer to sk116499.
02528737, 02529416, 02533097
Several cpsm-domains-X licenses are counted only once. Refer to sk118316.
These products do not support the new licensing visibility features:
Network Security: Advanced Networking and Clustering, Capsule Cloud and Capsule Workspace.
Security Management: Endpoint Policy Management, SmartPortal, User Directory (LDAP)
Multi-Domain Security Management: Security Domain
Remote Access & Endpoint
"Licensing status not available for current OS" message shows in the Logs & Monitoring view. SmartConsole does not support licensing information for Windows, SecurePlatform and Virtual Systems. Use the licenses tab in SmartUpdate to see the licensing information for the OS.
If the SmartEvent Software Blade is activated, but only the SmartEvent Intro license is installed, the License Status shows "N/A".
The Device and License Status of Threat Emulation is incorrect. Use the Logging -> License Status view.
When loaded for the first time, web components such as the licensing or monitoring view can take up to thirty seconds to show.
In the License Status View, the Additional Info column is not available for pre-R80 gateways and servers.
The proxy that synchronizes license information with the User Center, must be an R80 server.
On a Pre-R80 SmartEvent NGSE dedicated machine, license information is not automatically updated when Installing Database.
When you enable or disable a blade, one of the following will update the license information with the change:
If you force a license update, changes occur immediately. To force a license update: On the R80 Management Server, run the following command in Expert mode: [Expert@HostName:0]# $CPDIR/bin/esc_db_complete_linux_50 bc_refresh <Name of Target Object>
Automatic update at midnight
If you manually change a license or contract on a dedicated machine, changes take effect within 20 minutes
In the License Status View, quota information and quota statuses are not available for pre-R80 gateways and servers.
Automatic license activation on Check Point appliances is not available on pre-R80 appliances.
On pre-R80 gateways, license information is updated every 20 minutes. To force a license update, perform one of the following actions:
Either install security policy on the pre-R80 gateway
Or on the R80 Management Server, run the following command in Expert mode:
On Security Management Server:
[Expert@HostName:0]# $CPDIR/bin/esc_db_complete_linux_50 bc_refresh <Name of Target Object>
On Multi-Domain Security Management Server:
[Expert@HostName:0]# mdsenv <Name of Domain Management Server> [Expert@HostName:0]# $CPDIR/bin/esc_db_complete_linux_50 bc_refresh <Name of Target Object>
License Data for all supported software blades shows on all machines, even if the blade is not relevant to the role of the machine. For example, license data for the Network Policy Management blade shows on a Log server.
Automatic license activation on a Multi-Domain Management Server machine works only on the MDS level and not on the Domain level. Add licenses manually for each Domain.
After installation, the Device License Status shows N/A and the Device License View is not accessible until Install Policy or Install Database is performed. When blades are enabled or disabled, the changes are not visible in the Device LIcense Views and Status until Install Policy or Install Database is performed.
The SmartConsole client is not aware of license or quota changes in real time. Reopen SmartConsole in Compliance blade to see the license changes. Quota data changes in the entitlement or Compliance will be updated after:
Compliance midnight scan
SmartConsole installed on a computer without access to the Internet cannot open Help files. Refer to sk110774.
"Import Applications / Sites" option (the same feature that was under "Application & URL Filtering" tab - > "Applications/Sites" - > Actions - > Import) is missing in R80 SmartConsole.
Cannot log into SmartConsole after changing the time in the Gaia Portal. To resolve the problem, restart the Management server using cpstop;cpstart commands or, for Multi-Domain Security Management, run mdsstop;mdsstart
These rules are not shown in SmartConsole:
A VPN rule created using the "Accept all encrypted traffic" option in the VPN community object.
Slow rendering and reaction to user interactions. SmartConsole is a Windows-based application that uses the Windows Presentation Foundation (WPF) for rendering graphics and the user-interface. WPF applications are optimized to work with hardware acceleration. Under certain circumstances, the framework falls back on software-rendering only, causing SmartConsole to render slowly and react slowly to user interactions. This occurs when SmartConsole runs:
Via Remote Desktop session (RDP).
When installed on Windows-Server 2012.
In environments with old graphics hardware drivers.
In virtual environments that lack the required integration with graphics hardware.
"<VSX object name> is used by another object and cannot be deleted" error in R80 SmartConsole when attempting to delete a newly created VSX object (Virtual System, Virtual Router, VSX Gateway / VSX Cluster). Refer to sk113932.
Disconnecting the SmartConsole session while creating or configuring VSX objects, can cause the management database corruption and Administrator will be unable to do any changes with VS. "Internal Error: Cannot get object XXX from table vs_slot_object" message pops-up.
After a failure in the VSX cluster creation wizard, if Cancel is clicked, the wizard closes, but the VSX cluster and VSX cluster member objects are not deleted.
Workaround: Delete the VSX cluster and VSX cluster member objects manually.
When publishing remote session, through the Sessions View, there is no option for updating the session name and the description. Before you can publish a session, you must connect to it and set the session name and description.
A customized role that has no write permissions, does not appear as read-only in the session view, although it is actually read-only.
The Tasks tab -> Script Results supports up to 10,000 characters only.
"The communication with the server was lost" error shows after pushing the configuration to VSX objects - Virtual Systems, Virtual Routers, and Virtual Switches. To resolve the issue:
Open the directory where SmartConsole is installed.
Open "SmartConsole.exe.config" file in some advanced editor.
After creating "interoperable" device and adding it to a star community, cannot add a shared secret password to this device because it is not listed in the "Shared Secret" tab. Refer to sk112182.
In SmartConsole, "Get topology" button is not displayed. Refer to sk113455.
Different numbers of recommended updates are displayed in R80 SmartConsole and in R80 Gaia Portal. Refer to sk115456.
R80 SmartConsole crashes when FIPS is enabled on Windows OS. Refer to sk111585
SmartConsole is not disconnected after time specified in SmartConsole -> Manage & Settings -> Permissions & Administrators -> Administrators -> Idle Timeout.
SmartEndpoint GUI error on UserCheck message property. Refer to sk112157.
"Challenge Format" column text, shown in a table within the "Installation" dialog of SmartEndpoint is wrong. Refer to sk112158.
When configuring a Threat Prevention rule to save packet captures, the packets are saved only for Anti-Virus and Anti-Bot. Packet capture is not activated on IPS. Use the IPS Protections window to configure packet capture for individual IPS protections.
"Internal error occurred" message if you assign/reassign a Global Configuration at the same time that an IPS update is running on a local Domain.
Workaround: First run the IPS update on the local Domain, then assign/reassign the Global Configuration.
Some IPS protocols from early releases are discontinued. If these are mistakenly included in the Firewall Rule Base, policy installation will fail. For the list of Deprecated protocols and services that are no longer used by the IPS blade, refer to sk103766
Snort protections are not supported in R80.
A Forensics Tracking option is shown in Threat Prevention rules. This feature will be supported with R80.x gateways.
Install policy will fail if the name of the profile contains a forward slash (/). Remove the invalid character.
Application Control / URL Filtering
Application Control offline updates are supported from command line only.
When the "Categorize HTTPS Sites" option is enabled, accessing HTTP URLs can cause an "Internal System Error" logs in SmartLog and failure to open the web page.
After upgrading to R80, services defined in the Application Control rulebase are overridden with the Application's recommended services. Refer to sk109711.
Security Gateway might sometimes crash when the user tries to send a failure log of an Application Control event.
Application Control updates fail for SMB appliances 1100 / 1200R / 1400 that are Centrally Managed by R80 Security Management Server. Refer to sk111073.
In R80, you can only define SmartEvent at the global level and then configure it to read logs from one domain or a number of domains. SmartEvent cannot be defined in a specified domain.
When connecting R80 SmartEvent to an R77.30 Security Management Server, only local administrators (that are configured from cpconfig) are supported.
SmartEvent R80 crashes with core dump while attempting to connect to R77.30 Multi-Domain Management. Refer to sk112238.
02310643, 02310889, 02333477
"No Permissions Events or Reports permissions are required to view this page" error when authenticating with Check Point certificate to R80 Legacy SmartEvent GUI. Refer to sk113034.
Authentication into R80 Legacy SmartEvent GUI from R80 SmartConsole fails when using Check Point certificates. Refer to sk113036.
On a R80 dedicated SmartEvent server which assigned to MDS, when you enable or disable a blade, the license information is not immediately updated. An automatic updates takes place at midnight. To update immediately:
On server's command line, run: $CPDIR/bin/esc_db_complete_linux_50 activation_data entitlement_data.
If you manually change a license or contract, the changes take effect immediately.
Not possible to generate separate report for each Domain Management Server in R80 SmartEvent. Refer to sk113494.
Not possible to set a value greater than 250 in the "Number of values (up to)" field of a SmartEvent report
Not possible to set a value greater than 2000 in the "Maximum number of logs" field of a SmartEvent report
Wrong object name is displayed in R80 SmartEvent Domain-based report when different Domain Management Servers contain objects with identical IP address. Refer to sk115861.
Gateway packages do not show for Domain gateways, when you open SmartUpdate from the SmartConsole Multi-Domain view. You must connect to SmartConsole for each Domain to see the packages for its gateways.
You cannot detach a Domain license from the SmartConsole Multi-Domain view. Instead, connect to each Domain with SmartConsole and detach the license there.
Block Intruder (SAM) is not supported.
If you upgrade a management server or log server running SmartLog, SmartLog indexing files will be lost. To keep the logs, do one of these:
Use the new Open a Log File feature in the SmartConsole Logs and Monitor view
Users connected with SmartConsole to specific Domain, will not be able to see Global objects assigned to this Domain in SmartLog logs results, and cannot search by Global objects (but can search by IP address).
SmartLog Indexing mode is not enabled by default after upgrade or new installation, on Smart-1 205, Smart-1 210, or Open Servers with less than 4 cores.
A mix of SmartLog Indexing Mode and Non-Indexing mode on Domain Management Servers or Domain Log Servers is not supported.
To change SmartLog mode from Indexing to Non-Indexing on a Domain Management Server or Domain Log Server, edit the Domain Server object on the Domain level. There is no option to change the entire Multi-Domain Server or Multi-Domain Log Server to Non-Indexing mode.
The Open Log File Form in the SmartConsole of a Multi-Domain Server will not show log files of Domain Management Servers or Domain Log Servers. You must open SmartConsole to the domain, to open log files.
If you change a High Availability server to Non-Index mode, you must force a failover to the standby server and then run evstop;evstart from the Expert mode. If you change a dedicated Log server to Non-index mode, you must run evstop;evstart from the Expert mode.
You cannot see log files of different servers in Non-Index mode. You must open SmartConsole directly to the Security Management or Log server with the required log file.
If you connect a SmartEvent R80 server to an R77.x or lower management server, you must enable SmartLog to avoid CPSEMD crashes.
In SmartLog Non-Index mode: free text search is applied only on specific fields like source, destination, service, etc.. , there is no Top results pane, and the Threat Prevention Rulebases and Profiles logs tab do not show log results.
Log export is supported on visible logs only.
Save As to a log file is not supported
Fetch local files from a remote machine is available from command line only.
A "SmartView in not available" message shows after opening a new tab in the Logs & Monitor view. You may have changed the Gaia port number using the clish command "set web ssl-port".
After setting the Gaia port, open the Security Management object -> General Properties and click "Get".
Save and publish to update the object with the new port number.
SmartView graphics do not display properly in Internet Explorer. Accessing SmartEvent server from the web (SmartView) is supported only from Google Chrome and Mozilla Firefox.
Log Server can work in non-index mode to save disk storage, but if you deactivate the "Enable Log Indexing" option in the Log Server object, the following limitations will apply:
All Log Servers in the environment must be in non-index mode.
There is no unified view for all Log Servers. You must query each Log Server separately.
Disabling log indexing on a distributed Log server does not stop the indexing processes. To stop the indexing processes, run: cpstop;cpstart.
Connections from SmartConsole to a Multi-Domain log server are not supported. To view logs stored on the Multi-Domain log server, connect to each Domain log server separately. Note: if the "lockout administrator account after x failed authentication attempts" option is selected, failed attempts to login to the Multi-Domain log server will also lock the administrator out of the Domain Log server. To resolve, run the "unlock-administrator" command on the API command line.
When using a VPN client, activity logs are not generated for ICMP traffic.
Convert Traditional VPN to Simplified is not supported.
"Desktop Security policy is empty. At least one rule should be configured. Desktop policies will not be installed on Policy Servers." error shows during policy install when removing a Desktop policy (that was imported with a policy package) and adding it back. Refer to sk110656.
Convert QoS from Express to Traditional is not supported.
Small and Medium Business Appliances (SMB)
R80 Security Management cannot manage Security Gateway 80 appliance with a firmware version that is lower than R75.20
If there is a "Commit function failed" error on policy installation failure on 1100 series appliance, refer to sk105217. With R80 Management, make sure that "Optimized profile" is selected and that only the server protections are deactivated.
SIC error status might occur when the gateway object is defined in a "Management first" scenario before it is deployed, but the device's IP address is already accessible. The Security Management tries to create SIC with the gateway's IP address. Instead of the policy ending in a "waiting for first connection" status, an error message states the SIC status must be rectified first.
Upgrade from vSEC Controller R77.30 with Data Center objects to Security Management Server / Multi-Domain Security Management Server R80 is not supported. Refer to sk109796.
"vsx_util vsls" command fails with "Failed to redistribute the virtual systems. Can't save database." error on R80 Management Server. Refer to sk115029.
60000 / 40000 appliances
R80 is not able to manage 60000 / 40000 appliances running R76SP.40 and above, when Threat Emulation blade is enabled.
Give us Feedback
Thanks for your feedback!
Are you sure you want to rate this stars?