R80.10 Jumbo Hotfix Accumulator is an accumulation of stability and quality fixes resolving multiple issues in different products.
This Incremental Hotfix and this article are periodically updated with new fixes.
The list below describes each resolved issue and provides a Take number, in which the fix was included. A resolved issue is included in the Incremental Hotfix starting from the Take number listed in this table (inclusive). In addition, you can find the date when the take was published in the table below.
Effective January 18th, 2018, the R80.10 image has been replaced with Take 462. R80.10 image Take 462 can be installed with R80.10 Jumbo Hotfix Accumulator Take 70 and above. R80.10 image Take 421 can be installed with any released R80.10 Jumbo Hotfix Accumulator Take.
General Availability Take
Take_121 is the latest General Availability release that can be directly downloaded from Check Point Cloud using CPUSE and from this article:
Product
Take
Date
CPUSE offline package
SmartConsole package
All suitable (except Smart-1 525/5050/5150 appliances)
Take_121
6 July 2018
(TGZ)
(EXE)
Smart-1 525/5050/5150 appliances
(TGZ)
Effective Aug 7th 2018, General Availability Take_121 is available for CPUSE online installation (it replaces Take_112)
Effective July 3rd 2018, SmartConsole package has been updated (Build 056). Refer to sk119612.
Smart-1 525 / 5050 / 5150 R80.10 Jumbo Hotfix Accumulator bundle is suitable for Smart-1 525 / 5050 / 5150 appliances only and cannot be installed on other Check Point appliances
To Install R80.10 Jumbo Hotfix on Smart-1 525 / 5050 / 5150 appliances, use Check_Point_R80_10_JUMBO_HF_Bundle_Txx_sk116380Smart-1_525_5050_5150_FULL.tgz
For other Check Point appliances use Check_Point_R80_10_JUMBO_HF_Bundle_Txx_sk116380_FULL.tgz
This Hotfix is not supported for Google Cloud environment. For details refer to sk109141.
Effective July 3rd 2018, SmartConsole package has been updated (Build 056). Refer to sk119612.
Important Notes
For Takes 70, 79, 85 and 91, for backup via Gaia Portal or CLISH backup commands, refer to sk123352 prior R80.10 Jumbo Hotfix Accumulator Take 103 and above installation.
Each of the Jumbo Hotfix Accumulator Takes is based on Check Point R80.10.
For CPUSE installation, CPUSE Agent build 1298 and above (refer to sk92449) must be used.
It is recommended to install Jumbo Hotfix Accumulator on all the R80.10 machines running on Gaia OS.
This Jumbo Hotfix Accumulator is suitable for these products and configurations:
Security Gateway
StandAlone
Cluster
VSX
Security Management Server
Multi-Domain Management Server
Log Server
Multi-Domain Log Server
SmartEvent Server
CloudGuard / vSEC
This Jumbo Hotfix Accumulator has to be installed only after successful completion of Gaia First Time Configuration Wizard and reboot.
To check the Take number of the currently installed R80.10 Jumbo Hotfix Accumulator (if it is installed): [Expert@HostName:0]# cpinfo -y all
List of resolved issues per HotFix
Enter the string to filter the below table:
ID
Product
Symptoms
R80.10 Jumbo HotFix - Ongoing Take 131 (19 July 2018)
PMTR-9748
Security Management
Monitoring view does not show the ClusterXL status of VSX members.
PMTR-14149, PMTR-14416, PMTR-16997
Security Management
In some scenarios, API login requests fail with "errorCode [CP_ERR_COULD_NOT_CONNECT_FWM]" error in api.elg file.
PMTR-9440, API-280
Management Console
When changing the administrator profile by API in Multi-Domain Management, the following scenarios may occur:
Modifying administrator's profile may not take effect, previous permissions are still configured and might be enforced.
User can configure "Permission profile per domain" in addition to "Multi-Domain Super User" or "Domain Super User" not knowing it may not take effect.
PMTR-15572, API-338
Management Console
In some scenarios, the "show package" API command fails due to timeout.
PMTR-14634, 02775187
Security Gateway
Using two Domain objects for the same domain name, one with "www." prefix and the other without, in different rules in the rulebase might cause those rules not to be enforced correctly.
PMTR-2653, PMTR-4733
Security Gateway
Domain objects of domain names that are defined in local hosts file are not enforced.
PMTR-14694, PRHF-257
Security Gateway
A rule with Security Zone object may not be correctly matched for broadcast traffic.
PMTR-16561, PMTR-15022
Security Gateway
Performance optimization of services and applications matching process.
PMTR-9133, PMTR-12783, SL-982
SmartEvent
After upgrade of a dedicated SmartEvent server, Object synchronization status appears as "Failed" in the status window of SmartEvent GUI.
PMTR-9186, PMTR-10070
SmartEvent
When setting up clear connection between the Security Management server and R80.10 SmartEvent server per sk101928, Log indexer clear connection could not be established. Refer to sk123580.
PMTR-10074, PMTR-13687
SmartEvent
Added ability to filter logs in queries and reports using the "Packets" field.
PMTR-10072, PMTR-3320, 02504996
SmartEvent
Automatic reaction is not initiated when selecting the "Send automatic reactions but do not generate an event" option in SmartEvent policy.
PMTR-8959, SL-1112
Logging
In some scenarios, the "Logs & Monitor" view is stuck on searching and does not respond to any query.
PMTR-13098, 02714001
Threat Emulation
The system cannot emulate files due to lack of disk space. Refer to sk124712.
In CloudGuard Azure clusters environments, some packets are incorrectly identified as Cluster Control Protocol packets, potentially causing error logs related to cluster state. In some cases, this can lead to a cluster failover.
PMTR-12884, PMTR-12109
SecureXL
In some scenarios, when SecureXL is enabled, Security gateway crashes under heavy load while opening a new connection from template mask.
R80.10 Jumbo HotFix General Availability Take 121 (24 June 2018, GA from 7 Aug 2018)
PMTR-14713
Data Center Security Appliances
Added support for 23900 appliances. Refer to sk107516.
PMTR-8482, 02693254
Security Management
When configuring Legacy User Authentication rules, it is not possible to choose 'Group-With-Exclusion' in the option. Refer to sk122100.
PMTR-10959, PMTR-10810
Multi-Domain Management
FWM process stops working during initialization when there are many VSs in database.
PMTR-9350, CPM-1454, PMTR-12823
Multi-Domain Management
Domain migration from R77.30 to R80.10 fails when the exported Domain is of a standalone machine.
PMTR-8236
Multi-Domain Management
The mdsstat command was updated for Smart-1 525 , 5050 and 5150 Appliances.
PMTR-10811, PMTR-10803, CPM-1525
Multi-Domain Management
It is impossible to install policy from Domain Server after failing attempt to install policy from Multi-Domain Management Server.
PMTR-9439, 02644200
Multi-Domain Management
Import of R77.30 Security Management to R80.10 Multi-Domain Management using cma_migrate fails with "error 0x80004005 (Unspecified error)" in upgrade log. Refer to sk120497.
PMTR-7160, 02718576
Management Console
In some cases, SmartConsole exits when changing a name entry in the user field. Refer to sk122917.
PMTR-2800
Management Console
In some scenarios, SmartLog returns results from time, different from the original query time.
PMTR-3115
Management Console
When creating new 1400 SMB appliance in SmartConsole, the Platform Type menu is empty. Refer to sk111292.
PMTR-8793
Management Console
The "api status" command was enhanced to include Apache status and to collect additional log files.
PMTR-12268
Management Console
When reinstalling policy on two cluster members, the override policy dialog does not display all cluster members in the list.
PMTR-7073, PMTR-8716
Management Console
"Update operation failed" error when editing a group of Applications/Sites which are used in a Threat Prevention Exception rule. Refer to sk124932.
PMTR-10011
Management Console
In some scenarios, when trying to remove gateways from VPN community or edit a VPN community object, the operation fails with "Update operation failed" error.
VSECC-551, PMTR-10257, PMTR-10344
CloudGuard
OpenStack v3 is now supported on Keystone server v3.
PMTR-9619, 02665634
Identity Awareness
DynamicID authentication randomly stops working after policy installation. Refer to sk121213.
PMTR-13831, PMTR-12971
Logging
No "query resolution failed" logs on natted Management after following solution for Scenario 1 from sk100583.
PMTR-9968, 02562533
Logging
The 'Access Rule Name' field is blank/missing in "Logs & Monitor" view when using filter blade: "URL Filtering" or blade:"Application Control". Refer to sk123974.
PMTR-11244, PMTR-11242
Logging
When searching for logs in "Logs & Monitor" view with specific time filter from the past, the response may contain logs generated after that time range.
PMTR-12009, PMTR-12000, PMTR-3665
Logging
In SmartView Monitor, changes to the Threshold settings of a Gateway are not properly saved or shown.
PMTR-12052, 01646584
Cluster
Various traffic issues on cluster due to FWD daemon taking all slots on cluster subscriber list. Refer to sk109596.
PMTR-11902, PMTR-13723, PMTR-13723, UP-11, UP-211
LTE
Firewall session logs without application or protocol are generated. Refer to sk123715.
R80.10 Jumbo HotFix - General Availability 112 (23 May 2018, GA from 19 June 2018)
PMTR-2477, PMTR-10469, PMTR-2468
WebUI
Gaia Portal shows blank page after log in with Firefox 5x or Chrome 66. Refer to sk121373.
PMTR-8249
Security Management, Multi-Domain Management
Creating a Domain (Log) Server using an IP address that is already in use, fails with an uninformative error message "Update Domain 'name' failed:Create Domain: 'name' - Create Domain server 'name'.Cannot create domain 'name'".
PMTR-7418
Security Management
FWM process stops working when there is a soft link to $FWDIR/tmp/fwmtrace.log file that reaches 2GB due to enabling debug for a long period of time.
PMTR-8570, 02698348
Security Management
fw_loader process stops working due to invalid VPN community configuration.
PMTR-8206
Security Management
"An internal error has occurred" message when trying to discard the disconnected session. Refer to sk123741.
PMTR-6048, PMTR-7403, 02512737
Security Management
In some scenarios, Compliance blade Best practices show incorrect N/A status. Refer to sk117292.
PMTR-5747
Security Management
In some scenarios, CPM and Solr may consume high CPU, causing SmartConsole to disconnect.
PMTR-2649
Security Management
When connecting to an earlier revision version, some objects may not be visible if you:
ran Purge Revisions and rebooted your machine.
performed HA full sync from a Security Management server that ran Purge Revisions.
CPM-945, PMTR-9176
Security Management
"You have reached the maximum number of active sessions" error on login failure when expired Web API sessions appear as disconnected in SmartConsole Sessions view and cannot be discarded.
PMTR-9180
Security Management
Performance and stability improvements in Security Management Server when using CloudGuard IaaS.
PMTR-7670
Security Management
In some scenarios, policy installation does not progress when installing policy from several Domains simultaneously.
PMTR-9029
Multi-Domain Management
Global Domain Assignment may fail with "Global Domain Assignment Failed: Failed to connect to FWM" message when FWM is busy or not responsive.
PMTR-10840, PMTR-8562, 02686845, 02686649
Multi-Domain Management
Some Security gateway objects are missing from the Gateways view in R80.10 Multi-Domain Management server after migration. Refer to sk121890.
PMTR-5840, 02540859
Management Console
When editing Security Management or Gateway object, the "The referred entity does not exist in the Certificate Authority" or Failed to save object. Server error is: An internal error has occurred. error pops up. Refer to sk118938.
PMTR-10665
Management Console
When running multiple scripts on short time intervals from the Management API, the progres of some of the scripts stops at 10-20%.
PMTR-8679
Management Console
In Multi-Domain Management, reassign or removal of a Global Domain assignment fails if you clone an assigned Threat Prevention profile in the Local Domain.
PMTR-7874, API-254
Management Console
In Multi-Domain Management, when the user overrides global values in the UI or the API and then performs 'show service', the global values are displayed instead of the changes made by user. When the user tries to override the global values twice, the second try fails with "Validation error" message. Refer to sk123334.
PMTR-9564, API-283
Management Console
The web_api_show_package.sh script fails if TLSv1.0 is disabled on Apache server, displaying errors:
ERROR: failed connecting to the server: 127.0.0.1 Script stopped running due to severe error!
PMTR-8136, 02726944
Management Console
Cluster object still appears in the MDS level after it was deleted from a Domain. Refer to sk123343.
PMTR-7942
Management Console
Cannot open WebUI to cluster member if SecurePlatofrm Main URL of the cluster has been changed. Refer to sk123195.
PMTR-8929, 02733670
Management Console
"Validation error - Invalid Domain name at .<Domain name>" message after successful upgrade to R80.10 or when creating a Domain object with an invalid name.
PMTR-9333
Management Console
Using Management API to get Access rule hit count values without specifying start date returns 0 hits for all rules. Refer to sk123736.
PMTR-8114
SmartUpdate
When clicking "Generate CPInfo" in SmartUpdate, the progress bar indicates that action is successful but CPInfo file is not created.
PMTR-5359
CloudGuard
Data Center objects can be deleted for a short period of time due to disconnections of a Data Center.
PMTR-8934
Security Gateway
Improved connectivity when using Domain objects and/or when gateway is configured as HTTP/HTTPs proxy.
PMTR-3901
Security Gateway
In rare scenarios, CPD process stops working when running for a long time period.
PMTR-11991
Security Gateway
Traffic is droped with "Rulebase - ERROR" error in kernel debug. Refer to sk133176.
PMTR-3871
Gaia OS
In some scenarios, routed process stops working when OSPF is configured.
PMTR-8801
Gaia OS
Gaia OS hardening fix.
PMTR-5560
Gaia OS
In some scenarios, routed process stops working when unnumbered interfaces are configured.
PMTR-7741, 02553209, 02669458
Logging
When receiving logs with ELA protocol, FWD process core file may be generated. Refer to sk121594.
PMTR-5671, 02705815
SecureXL
When sending multicast packets to multiple receivers behind several interfaces and SecureXL enabled, either only the hosts behind the VLAN outgoing interfaces receive the multicast packets or none will receive them. Refer to sk122481.
PMTR-6725, PMTR-11741
Identity Awareness
PEP opens an unnecessary connection to PDP while there is no sharing configured between the PDP and PEP.
PMTR-10466, 02758290, 02722485
HTTPS Inspection
Improved handling of Trusted CAs certificates when HTTPS Inspection is enabled. Refer to sk122973.
PMTR-7811, PMTR-8999
Mobile Access
SNX traffic is dropped by Security Gateway with "Rulebase - ERROR" message in "fw ctl zdebug drop" debug. Refer to sk123336.
PMTR-10782
VSX
CPM Server fails to start due to postgres idle open connections.
R80.10 Jumbo HotFix - General Availability Take 103 (12 Apr 2018, GA from 03 May 2018)
PMTR-7377
Security Management
Management HA fails to synchronize with "The Security Management Servers contain different Hotfixes" error even though the same packages are installed on servers. Refer to sk123048.
PMTR-7668
Security Management
Upgrade might get stuck if there is not enough memory allocated to the upgrade process. Refer to sk123136.
PMTR-6398
Security Management
Externally managed gateways are displayed in SmartView Monitor although they should not be.
For each externally managed gateway that was already defined in the database, after Take installation, open this gateway object in SmartConsole, close the window and publish the session. After this you will not see them anymore in the SmartView Monitor.
PMTR-7583
Security Management
If one administrator creates a rule, deletes it, and publishes the changed policy (meaning that the rule's creation and deletion were published together), other administrators connected via SmartConsole will see an "any any drop" rule in the policy where the original rule was meant to be created.
PMTR-7164, PMTR-7803
Security Management
Management HA performance improvements. Refer to sk123313.
PMTR-5407
Security Gateway
Security fix for Client Authentication rule matching.
PMTR-3038
Security Gateway
SecureXL forwards non-accelerated packets to the gateway, causing it to crash if the packet contains corrupted data.
PMTR-3433, 02667797
Management Console
"Could not delete object. An internal error has occurred" error when removing old Security gateway object. Refer to sk121593.
PMTR-7055
Management Console
After IPS update, protections with release date older than one year are removed from staging if they were changed during the update.
PMTR-7891
Management Console
Performance improvement in basic Access policy functionalities (like add/remove rules and layer scroll).
PMTR-7565, CPM-1375, CPM-1277
Management Console
Delete operation of a service, source or destination in a single Publish operation does not appear in audit log, although it does exists in the Security Management server database. Refer to sk123324.
PMTR-2666, CRYPT-51
Management Console
"An error occurred while receiving the HTTP response to..." error when trying to log in to the R80.10 SmartConsole. Refer to sk122073.
PMTR-2743
Management Console
When publishing operation via API fails, the failure reason is not displayed. Refer to sk121414.
PMTR-2445, API-180
Management Console
Policy installation via API ends with unclear status: within the response, the "statusCode" field value is "in progress" and the "statusDescription" field value is "Performing Legacy data dump". Refer to sk121217.
PMTR-1489
SmartEvent
In rare scenarios where R80.10 SmartEvent is managed by an R77.x Security Management server and there are many Domains which are updated/deleted/added, the dbsync process may stop working.
PMTR-697
Logging
Added ability to filter the "File operation" field in SmartLog.
PMTR-3942, 02655514
Logging
In environments with large amount of gateways managed by a single Security Management server or Domain, FWM process stops working printing the "T_get_event: cannot register socket x (1024 sockets already registered for exp)" error to the fwm.elg file.
PMTR-7185
Logging
On Multi-Domain Management, log storage maintenance does not work with SmartEvent, thus not freeing up the disk space.
PMTR-1483
Logging
In environments with many log activities, report generation may fail causing progress bar to stuck.
PMTR-6585
Gaia OS
Deleting last backup IP address from VRRP Interface triggers a transition from master state to backup.
PMTR-5157
Gaia OS
When a user invokes tcpdump on a 40GbE/100GbE interface, using mlx5_core driver 3.2-2.0.4.12, a small packet in a narrow size range causes a driver to crash.
PMTR-5158, PMTR-2681
Gaia OS
Multi-Queue (MQ) cores performance optimization.
PMTR-8779, 02707238
Gaia OS
After installing R80.10 Jumbo Hotfix Take_70, data and rules are not restored correctly with backup/restore via Gaia Portal -> Maintenance -> System Backup or CLISH backup/restore commands. Refer to sk123352.
PMTR-4236
Cluster
In ClusterXL, when using VMAC, Gratuitous ARP Request (GARP) packets are generated with both VMAC address and physical MAC address.
PMTR-7312, PMTR-791
Cluster
Enhancement: adding a grace period before failover when detecting 'Interface Active Check' state to prevent unneeded failovers.
PMTR-4475
DLP
Files are not deleted from the $FWDIR/tmp/dlpu directory causing the Security gateway's hard drive to fill up.
PMTR-6303, IDA-762
Identity Awareness
In rare scenarios, when Terminal Server Identity Agent is used and SecureXL is enabled, connections from the Terminal Server can be matched on the wrong user.
PMTR-6581, 02398542, 02500815
Identity Awareness
In some scenarios, Kerberos based authentication fails when Kerberos ticket is encrypted using AES-128. Refer to sk111945.
MAGB-254, MAGB-268, PMTR-5386
Mobile Access
"Mobile Access - Reject. Reason: Error in disconnecting user. Access Denied." message in SmartLog when user tries to use the SNX Network Mode. Refer to sk123037.
PMTR-6169, MAGB-240
Mobile Access
When a browser sends a cookie that it got from another page on a different port, the Mobile Access gateway does not recognize the cookie.
PMTR-2141
VPN
In a certain Remote Access flow, Security gateway crashes when kernel cannot allocate memory.
PMTR-4469
Compliance
First Scan must be performed after R80.10 Jumbo Hotfix installation to update the Best Practice IPS114. Initial First Scan in Compliance blade:
From the CLI, enter Expert mode, run dbedit and press Enter for Server name.
In DBedit type: grc_test_elements grc_interpreter first_scan true. Then type update_all You should get a message "grc_test_elements::grc_interpreter Updated Successfully".
Verify the value of first_scan is true by typing: print grc_test_elements grc_interpreter
Quit.
Perform Full Scan in Compliance blade via the SmartConsole or type interpreter full_scan.
GAIA-2218, PMTR-9922
Smart-1
On Smart-1 525 appliance, Raid diagnostics from Clish and WebUI display status "Degraded" instead of "Optimized" when two disks are 100% synced. Refer to sk123847.
R80.10 Jumbo HotFix - General Availability Take 91 (6 Mar 2018, GA from 01 Apr 2018)
PMTR-5419, PMTR-2799, PMTR-5418
Security Management
Cannot delete OPSEC application with AMON entity. Refer to sk121377.
PMTR-507
Security Management
FWM process stops working in case a malformed license file is reported from the Security gateway.
PMTR-3190
Security Management
When installing policy following Global Domain Assignment a false message of policy installation is currently in progress" appears, while there isnt any. Refer to sk122253.
PMTR-3847
Multi-Domain Management
"Get License" operation in SmartUpdate of Multi-Domain Management hangs on "Operation started" stage.
PMTR-6825, PMTR-7453, CPM-456
Multi-Domain Management
Cannot change the IP address of Domain Server when using R80.10 GA Take 462 or Takes 70, 79 and 85 of the R80.10 Jumbo Hotfix Accumulator.
PMTR-3718
Multi-Domain Management
Synchronization failure after purge operation in MDS level.
PMTR-6095
Multi-Domain Management
Only a single report is generated in SmartView MDS level when selecting multiple Domain Management Servers.
PMTR-2815, API-196
SmartEvent
"SmartView server certificate is invalid" error when connecting to Domain (via SmartConsole) from MDS level and navigating to 'Logs and Monitor' tab. Refer to sk121443.
PMTR-3271
Security Gateway
When installing policy on gateways with different profiles (where netquota or malicious IPs protection is enabled on one of the profiles), traffic is dropped with "dropped by fw_runfilter_ex Reason: function does not exist" error. Refer to sk123040.
PMTR-3544
Gaia OS
Random routes are sometimes missing after rebooting the system.
PMTR-3783
Gaia OS
routed process stucks at slave/slave state in ClusterXL setup.
PMTR-1602
Gaia OS
routed process restarts infrequently when Bootp/DHCP Relay is enabled.
PMTR-3546
Gaia OS
routed process repeatedly exits on standby cluster member when VPN is configured on a cluster.
GAIA-1619
Gaia OS
Security hardening for Gaia Clish.
PMTR-3318, 02639628
Gaia OS
Security gateway may crash during unmount operation on a remote network filesystem (samba).
PMTR-4374, 02677981
ClusterXL
Active member in ClusterXL HA sends an ARP request for cluster VIP causing a temporary outage. This can happen in a rare scenario as described in sk121846.
PMTR-4362, PMTR-1582
DLP
DLP Exchange Server Agent load when Security gateway is configured as MTA was optimized to enable a better stability of MTA functionality.
PMTR-5289
VSX
Threat Prevention blade failure can occure in the following scenarios:
No Threat Prevention blade is active on VS0 and a Threat Prevention blade is active on a different VS
That VS has no connectivity to the Internet
VS0 has connectivity to the Internet but through a proxy
PMTR-4457
VPN
BGP traffic initiated by the gateway is not matched by the VPN directional rule.
PMTR-2372
VPN
IPsec renegotiation fails with peer DAIP gateways.
R80.10 Jumbo HotFix - General Availability Take 85 (15 Feb 2018) Note: include support for Smart-1 525/5050/5150 appliances
PMTR-7017
Smart-1
Added support for Smart-1 525 / 5050 / 5150 appliances. Refer to sk120453.
R80.10 Jumbo HotFix - Ongoing Take 79 (05 Feb 2018)
PMTR-2818
Security Management
Some API commands fail with "Internal error" message when called with "details-level" flag set to "full". Refer to sk121475.
PMTR-2819
Security Management
The "show gateways-and-servers" API command fails with the "Runtime error: An internal error has occurred." error.
PMTR-2812
Security Management
After global policy assignment, when running the "show access-rulebase" API command with a filter, no results are shown.
API-120
Security Management
When executing an API request via CLI, cannot set the custom timeout using the "-conn-timeout" flag. The default timeout of 3 minutes is always used.
PMTR-4816, PMTR-4499
Security Management
Stabilization improvement of fwm, fw_loader and dbedit Security Management processes.
PMTR-2597
Security Management
Enhancement: Improved policy installation performance when installing policy on multiple targets.
CPM-654, PMTR-2439
Multi-Domain Management
Deletion of Domain Management Server might fail on timeout when few dozens of administrators with customized permission profiles are assigned to the Domain Management Server.
IDA-170, PMTR-2973
Identity Awareness
When Full Identity Agent is used with packet tagging feature, Anti-Spoofing may not be enforced for some of the connection packets.
PMTR-2944
Identity Awareness
Many "ida_classifier_send_log_cb: dst clob is active but there is no identity sharing!" errors in /var/log/messages file after upgrade to R80.10.
PMTR-3375
Logging
Logs are shown with delay after policy installation if there are more than ten thousands Binary Large Objects (BLOBs) on the Log Server.
PMTR-5782
Logging
When more than 50 Log servers are created in SmartEvent, sometimes a Log server the administrator is searching for is not in the query and is not available for service.
R80.10 Jumbo HotFix - General Availability Take 70 (15 Jan 2018)
TPM-494
Multi-Domain Management
Global policy assignment fails after removing staging overrides in the Global Domain.
PMTR-1458, 02659051
Multi-Domain Management
Attaching a central license from Multi-Domain Management to a Domain/CMA creates duplicate license objects in SmartUpdate, which cannot be deleted. Refer to sk120833.
API-146
Security Management
Enhancement: New flags to control the API commands output in full details level. Refer to sk121292.
API-124
Security Management
The "show-access-rulebase" API command fails if the rulebase contains rules with "Encrypt" or "Client Encrypt" action.
CPM-948
Security Management
There is no status in the SmartView Monitor for Mobile Access blade.
PMTR-2379
Security Management
querydb_util generates core file when cannot connect to Security Management server.
PMTR-2376
Security Management
fwm process is down during gateway creation after configuring shared secret for VPN community.
PMTR-2722
Security Management
After reboot or HA Full sync, some objects are not visible in a specific private session.
PMTR-712
Security Gateway
CPD process exits with core dump generated while stopping CPD / rebooting the system / restarting watchdog.
PMTR-1310
Security Gateway
Connections configured with Drop and Block message were actually dropped, but log appears as Accept log.
PMTR-1388
Security Gateway
Upon packet loss, the clients' retransmit "strategy" triggers an issue of reassembling the TCP stream incorrectly. The SSL stream cannot be decrypted like this, so the SSL session is closed. Refer to sk121738.
PMTR-2660, 02666905
Security Gateway
When DHCP is configured to work with VPN, DHCP Relay traffic is dropped.
PMTR-709
Logging
Enhancement: Allow viewing HTTPS related fields according to permission profile in LEA. When configuring a permission profile that allows HTTPS, you will be able to see the related fields when receiving them with LEA OPSEC client, instead of obfuscating them.
PMTR-1771, 02525352
Gaia OS
Gaia backup files are not created on Multi-Domain Management server. Refer to sk119401.
PMTR-2368
Gaia OS
Configuring more than 200 logical interfaces can cause routed to crash upon the next change in configuration.
PMTR-1442, 02554018
SmartLog
SmartConsole search does not work for strings that include non-English characters. For example, Cyrillic characters and characters with accent marks. Refer to sk120293.
PMTR-1224, 02562873
SmartLog
After performing a Gradual Upgrade of the Domain Management Server, no logs are displayed in the relevant domain until running the mdsstop;mdsstart commands on MLM.
TEX-412
Threat Extraction
Security enhancements for Data Loss Prevention and Threat Extraction blades
PMTR-1932, 02590986
Threat Emulation
Links inside email with domain suffix (e.g. www.example.com) are emulated as .com files.
PMTR-2891
Anti-Virus, Threat Emulation
Enhancement in Anti-Virus to allow replacement of Kaspersky Labs components. For removal instructions see sk118539. For further information visit http://www.checkpoint.com/kaspersky
PMTR-1303
Mobile Access
Connection to internal sites or Capsule Docs server via Mobile Access Blade's Reverse Proxy feature fails due to an incorrectly forwarded 'Host' header.
PMTR-2089
Mobile Access
An incorrect policy installation warning "R80.10 gateways cannot be included in the Mobile Access Legacy Policy when Mobile Access Unified Policy is the selected policy source" is shown when installing the Access Control policy on a Mobile Access gateway and the legacy Mobile Access policy is empty.
PMTR-1183
URL Filtering
Enhancements in categorization in cases where only URL Filtering is enabled.
PMTR-2594
HTTPS Inspection
HTTPS based traffic is bypassed when using a category based HTTPS inspection rulebase on a SMB gateway without URL Filtering blade enabled.
R80.10 Jumbo HotFix - General Availability Take 56 (23 Nov 2017)
PMTR-683, 02648460
Security Management
Users that are not configured with Multi-Domain super user permissions, experience slowness in running queries.
PMTR-2697
Security Management
FWM process restarts when trying to read the $FWDIR/tmp/fwmtrace.log file from an incorrect directory where this file does not exist.
R80.10 Jumbo HotFix - Ongoing Take 53 (25 Oct 2017)
PMTR-1702
Security Management
Policy installation fails when Access Role is configured in the Access Control policy on a gateway with no Identity Awareness enabled.
SMCPOL-122
Security Management
When policy installation fails with "Operation incomplete due to timeout" error, timeout can be increased via GuiDBedit Tool. Refer to sk112353.
CPM-830
Security Management
FWM process crash in Management HA environment when $FWDIR/tmp/fwmtrace.log file reaches 2GB.
PMTR-738
Security Gateway
Cluster member IP addresses is not added correctly during policy generation.
PMTR-1421
Gaia OS
Outputs of "top" and "ps -aux" commands show lspci as zombie process. Refer to sk121891.
PMTR-330
DLP
Enhancement: Maximum allowed SMTP headers length can be configured. Refer to sk119293.
PMTR-332
DLP
Enhancement: Improved DLP stability.
GM-2855
SMB Appliances
Enhancement: IPv6 support for 700 / 1200R / 1400 SMB Appliances. Refer to sk118816.
R80.10 Jumbo HotFix - General Availability Take 42 (17 Sept 2017) Note: This Take replaces Take 40 released on 12 Sept 2017. It is recommended to install Take 42
GAIA-1060
Security Gateway
SIC status is "Not Communicating" and CPD process restarts after installing R80.10 Jumbo HotFix Take 40. Refer to sk120494.
UP-94, 02556604
Security Gateway
Websites with short Host headers (like ab.com) cannot be loaded.
TEX-328
Threat Extraction
Security gateway hangs when enabling Threat Extraction Web API.
TPM-373
Threat Prevention
The API command "show threat-profile" wrongly reports configuration of internal settings which causes failure in certain scenarios.
PMTR-748
Anti-Virus, Anti-Bot
Crash in Anti-Virus & Anti-Bot blades.
CPM-806
Security Management
Policy installation fails on DAIP gateways after changing Domain Server from Standby to Active.
PMTR-464
Security Management
After upgrade to R80.x, Administrator's "email" field does not show in SmartConsole.
PMTR-466
Security Management
Rulebase initialization fails after CMA migration from R77.30 to R80.10 via cma_migrate.
TPM-419
Management Console
After a period of time in which multiple IPS updates have been performed, the database size can become very large because of unused data.
Enhancement: new procedure to clean old / unused IPS version in the database
TPM-334
Management Console
Geo policy allows to configure several rules for the same country, causing incorrect policy enforcement.
PMTR-631
SmartEvent
In SmartEvent policy, when selecting two 'Event Fields' with the same 'Log Field' in 'Event Format' tab, the Event fails to generate.
PMTR-625
SmartEvent
When automatic reaction mail is sent, the resolving name of source and destination is missing and only the source and destination IP address is shown.
PMTR-655
SmartEvent
When automatic reaction email is sent, wrong "Start time" is displayed.
R80.10 Jumbo HotFix - Take 37 (04 Sept 2017)
PMTR-397
Security Gateway
export_p12 feature is missing in VPN utilities.
PMTR-418
Security Gateway
Security Gateway / Active cluster member freezes / locks up randomly. Refer to sk114977.
PMTR-454
Security Gateway
Login to Smart Console fails with "The server did not provide a meaningful replay; This might be caused by a contract mismatch, a Premature session shutdown or an internal server error" error.
PMTR-469
Security Gateway
FWM process consumes high CPU in case of unreachable DAIP objects existing in the system.
PMTR-458
Security Gateway
Enhancement: Performance of Global Domain Assignment for Open Servers with 9-24 GB memory is improved.
PMTR-473
Security Gateway
Enhancement: Improved Security Gateway stability when it is configured as proxy.
BS-175
Security Gateway
Some objects are missing when querying for unused objects.
SL-441
Security Gateway
In environment with more than 50 Log servers, log queries return results only from 50 log servers.
GAIA-634
Gaia OS
Enhancement: Improved clish stability.
CPM-792
Security Management
Log Server status in Monitoring view is not presented for cluster members of Full HA environment.
CPM-734
Multi-Domain Management
Global policy assignment fails after section manipulation in the Global Domain's rulebase.
BS-149
Multi-Domain Management
Policy installation from Multi-Domain Management following a Threat policy uninstall, fails.
API-99
Management Console
Security Management API server fails under heavy load. Refer to sk119553.
API-92
Management Console
API "show-packages" (when set to "details-level" : "full") fails where the revision in one of the packages installation targets has been purged from the database.
API-93
Management Console
If object is used inside a disabled rule, the "where-used" Security Management API command shows that the rule is enabled.
API-94
Management Console
Reply to Security Management API "show-gateways-and-servers" misspells the name of the "identity-awareness" blade as "identical-awareness".
API-88
Management Console
Under certain conditions, after restarting Security Management Server, the API server, although configured to accept requests from GUI clients, no longer does so, but reverts to the default behavior of accepting only calls from the local host.
R80.10 Jumbo HotFix - General Availability Take 35 (22 Aug 2017)
MAGB-27, MAGB-28
Mobile Access
Improved stability of Mobile Access WebMail application.
PMTR-172
Security Gateway
Security hardening for Client Authentication portal.
CPM-534
Security Management
migrate_global_policies and cma_migrate commands can run when processes are down.
PMTR-436
Security Management
Long duration of policy installation for large number of NAT rules.
CPM-665
Security Management
Performance improvements.
DP-1079
Check Point Appliances
"Can't validate base version is a GA take of R80.10" error message when installing Jumbo Hotfix Accumulator Take 24 on 405 / 410 appliances.
R80.10 Jumbo HotFix - General Availability Take 24 (01 Aug 2017)
PMTR-290
Application Control
Support for user-defined application with encoded escaped characters within the URL.
GAIA-760
Gaia OS
BGP does not work for VTIs and Point-to-Point interfaces with mask length of 32 with Virtual IPs.
TEX-329
DLP, Threat Extraction
Security enhancements for Data Loss Prevention and Threat Extraction blades.
02559994, PMTR-385
SmartLog
On Open Servers with 24G-35G of RAM running R80.10 Jumbo Hotfix (Take 10/15/18) logs are not indexed and SmartLogs queries fail.
R80.10 Jumbo HotFix - General Availability Take 18 (24 July 2017)
ACM-520
Application Control
Improved Policy Verification for Pre-R80.10 Security Gateways that support only services of type "TCP" or "UDP" in the Application Control layer.
02522974, PMTR-100
Identity Awareness
Improved Access Role identification for different login/logout scenarios.
02524894, PMTR-99
Security Management
Automatic NAT rule is not removed after the corresponding network object is removed.
02521459, GM-2678
Security Management
Policy installation fails in some cases when installing policy on all managed Security Gateways at once, if Security Management manages both standard Security Gateways and UTM-1 Edge devices.
R80.10 Jumbo HotFix - General Availability Take 15 (11 July 2017)
02536538, PMTR-147
Security Gateway
Improved URL recognition mechanism for Anti-Virus, Anti-Bot, and URL Filtering blades.
PMTR-44
vSEC
vSEC objects are not enforced on part of the gateways. Problem is relevant only for large scale environment with more than 50 gateways/cluster/vs/member.
PMTR-45
vSEC
In large scale Azure environments, Data Center objects are partialy imported.
PMTR-167
SmartView
Security hardening of SmartView.
02539824, PMTR-164
Security Management
Security Management access hardening.
R80.10 Jumbo HotFix - General Availability Take 10 (28 June 2017)
02530810
Smart-1
Added support for Smart-1 405 / 410 appliances. Refer to sk117578.
02524737, PMTR-88
VSX
Wrong license status for 'Virtual Systems' blade for VSX objects in R80 SmartConsole.
R80.10 Jumbo HotFix - Take 7 (22 June 2017)
02528737, 02529416, 02533097, CPM-535
Multi-Domain Management
Several cpsm-domains-X licenses are counted only once. Refer to sk118316.
02520574, CPM-462
Multi-Domain Management
Upgrade failure of secondary Multi-Domain Log Server when using NGX license.
02520796, CPM-460
Multi-Domain Management
mds_import fails with "CPM server failed to start, see server logs" message when trying to import a database exported from R80.10 Multi-Domain Management Server.
02524769, PMTR-87
Security Management
While updating a User name, the logged in User name in the logs is wrongly reported with the old User name.
02449460, CPM-465
Security Management
Management High Availability synchronization between primary server upgraded from R80 Jumbo Hotfix to R80.10 and new R80.10 secondary server, fails.
02532395, ACM-335
Security Management, Security Gateway
Security rules that should be installed on a specific Security Gateway wrongly can be installed on another R80.10 Security Gateway. Refer to sk118153.
02526608, PMTR-81
Security Gateway
Improved non-compliant HTTP protection to enforce more rare cases of non-compliant HTTP traffic.
02523046, PMTR-47
Security Gateway
in.emaild.mta process may crash randomly (once every few days was observed) when the Security gateway is configured as Mail Transfer Agent (MTA). Mails under inspection may be delayed by up to a few minutes.
02513631, PMTR-96
IPS
When an IPS protection is overridden, it is enforced correctly however it may cause higher performance load.
PMTR-98
SmartConsole
Translated Source column with "Original" object wrongly has a Hide NAT option.
R80.10 Jumbo HotFix - General Availability Take 3 (06 June 2017)
02521398
Threat Emulation
Fixed Mail Transfer Agent (MTA) enforcement issue.
Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").
Install the latest build of CPUSE Agent from sk92449.
Connect to the Gaia Portal on your Check Point machine and navigate to Upgrades (CPUSE) section - click on Status and Actions.
In the upper right corner, click on the Import Package button.
In the Import Package window, click on Browse... - select the CPUSE package (either offline TGZ file, or exported TAR file) - click on Import.
Above the list of all software packages, click on the Showing Recommended packages button - selectAll.
Select the imported package Check Point R80.10 Jumbo hotfix T<number> for sk116380 - click on More button on the toolbar - click on Verifier (or right-click on the package and click on Verifier).
Select this package and click on Install Update button on the toolbar.
Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").
Install the latest build of CPUSE Agent from sk92449.
Connect to command line on target Gaia OS.
Log in to Clish.
Acquire the lock over Gaia configuration database: HostName:0> lock database override
Import the package from the hard disk: Note: When import completes, this package is deleted from the original location. HostName:0> installer import local <Full_Path>/<Package_File_Name>.TGZ_or_TAR
Show the imported packages: Note: Refer to the top section "Hotfixes" - refer to "Check Point R80.10 Jumbo hotfix T<number> for sk116380" HostName:0> show installer packages imported
Verify that this R80 Jumbo Hotfix Accumulator package can be installed without conflicts: HostName:0> installer verify <Package_Number>
Install the imported package: HostName:0> installer install <Package_Number>
Uninstall instructions
Important Note: This Jumbo Hotfix Accumulator removes all its packages during uninstall.
CPUSE Software Updates Policy should be configured to allow self-update of CPUSE Agent. Otherwise (and if this machine is offline), users should manually install the latest build of CPUSE Agent from sk92449.
Connect to the Gaia Portal on your Gaia machine and navigate to the 'Upgrades (CPUSE)' section - click on 'Status and Actions'.
Above the list of all software packages, click on the 'Showing Recommended packages' button - select 'All'.
Right-click on the Jumbo Hotfix Accumulator package - click on 'Uninstall'.
A warning will be displayed that after this uninstall, the machine will be automatically rebooted. Click on 'OK' to start the uninstall.
CPUSE Software Updates Policy should be configured to allow self-update of CPUSE Agent. Otherwise (and if this machine is offline), users should manually install the latest build of CPUSE Agent from sk92449.
Connect to command line on Gaia OS.
Log in to Clish.
Acquire the lock over Gaia configuration database: HostName:0> lock database override
Uninstall the package: HostName:0> installer uninstall <Package_Number> Note: The progress (in per cent) will be displayed in Clish.
Machine will be rebooted automatically.
List of replaced files
List of files replaced by this Jumbo Hotfix Accumulator can be provided upon request by Check Point Support.
