R80.10 Jumbo Hotfix Accumulator is an accumulation of stability and quality fixes resolving multiple issues in different products.
This Incremental Hotfix and this article are periodically updated with new fixes.
The list below describes each resolved issue and provides a Take number, in which the fix was included. A resolved issue is included in the Incremental Hotfix starting from the Take number listed in this table (inclusive). In addition, you can find the date when the take was published in the table below.
R80.10 Jumbo Hotfix Accumulator Take #35 is a General Availability release that can be directly downloaded from Check Point Cloud using CPUSE (Check Point Update Service Engine) and from this article:
Previous General Availability Takes can be directly downloaded from Check Point Cloud using CPUSE and from this article:
Take
Date
CPUSE offline package
SmartConsole package
Take_24
01 Aug 2017
(TGZ)
(EXE) (Build 005)
Important:
When installing take_24 on 405/410 appliances, run the following command from the Expert mode before installation: echo "hugo1;421" > /sysimg/CPwrapper/linux/MiniWrapper/take.info
Important Notes
Each of the Jumbo Hotfix Accumulator Takes is based on Check Point R80.10.
It is recommended to install Jumbo Hotfix Accumulator on all the R80.10 machines running on Gaia OS.
This Jumbo Hotfix Accumulator is suitable for these products and configurations:
Security Gateway
StandAlone
Cluster
VSX
Security Management Server
Multi-Domain Security Management Server
Log Server
Multi-Domain Log Server
SmartEvent Server
vSEC
This Jumbo Hotfix Accumulator has to be installed only after successful completion of Gaia First Time Configuration Wizard and reboot.
To check the Take number of the currently installed R80.10 Jumbo Hotfix Accumulator (if it is installed): [Expert@HostName:0]# cpinfo -y all
List of resolved issues per HotFix
Enter the string to filter the below table:
ID
Product
Symptoms
R80.10 Jumbo HotFix - Take 35 (22 Aug 2017)
MAGB-27, MAGB-28
Mobile Access
Improved stability of Mobile Access WebMail application.
PMTR-172
Security Gateway
Security hardening for Client Authentication portal.
CPM-534
Security Management
migrate_global_policies and cma_migrate commands can run when processes are down.
PMTR-436
Security Management
Long duration of policy installation for large number of NAT rules.
CPM-665
Security Management
Performance improvements.
DP-1079
Check Point Appliances
"Can't validate base version is a GA take of R80.10" error message when installing Jumbo Hotfix Accumulator Take 24 on 405 / 410 appliances.
R80.10 Jumbo HotFix - Take 24 (01 Aug 2017)
PMTR-290
Application Control
Support for user-defined application with encoded escaped characters within the URL.
GAIA-760
Gaia OS
BGP does not work for VTIs and Point-to-Point interfaces with mask length of 32 with Virtual IPs.
TEX-329
DLP, Threat Extraction
Security enhancements for Data Loss Prevention and Threat Extraction blades.
02559994, PMTR-385
SmartLog
On Open Servers with 24G-35G of RAM running R80.10 Jumbo Hotfix (Take 10/15/18) logs are not indexed and SmartLogs queries fail.
R80.10 Jumbo HotFix - Take 18 (24 July 2017)
ACM-520
Application Control
Improved Policy Verification for Pre-R80.10 Security Gateways that support only services of type "TCP" or "UDP" in the Application Control layer.
02522974, PMRT-100
Identity Awareness
Improved Access Role identification for different login/logout scenarios.
02524894, PMTR-99
Security Management
Automatic NAT rule is not removed after the corresponding network object is removed.
02521459, GM-2678
Security Management
Policy installation fails in some cases when installing policy on all managed Security Gateways at once, if Security Management manages both standard Security Gateways and UTM-1 Edge devices.
R80.10 Jumbo HotFix - Take 15 (11 July 2017)
02536538, PMTR-147
Security Gateway
Improved URL recognition mechanism for Anti-Virus, Anti-Bot, and URL Filtering blades.
PMTR-44
vSEC
vSEC objects are not enforced on part of the gateways. Problem is relevant only for large scale environment with more than 50 gateways/cluster/vs/member.
PMTR-45
vSEC
In large scale Azure environments, Data Center objects are partialy imported.
PMTR-167
SmartView
Security hardening of SmartView.
02539824, PMTR-164
Security Management
Security Management access hardening.
R80.10 Jumbo HotFix - Take 10 (28 June 2017)
02530810
Smart-1
Added support for Smart-1 405 / 410 appliances. Refer to sk117578.
02524737, PMTR-88
VSX
Wrong license status for 'Virtual Systems' blade for VSX objects in R80 SmartConsole.
R80.10 Jumbo HotFix - Take 7 (22 June 2017)
02528737, 02529416, 02533097, CPM-535
Multi-Domain Security Management
Several cpsm-domains-X licenses are counted only once. Refer to sk118316.
02520574, CPM-462
Multi-Domain Security Management
Upgrade failure of secondary Multi-Domain Log Server when using NGX license.
02520796, CPM-460
Multi-Domain Security Management
mds_import fails with "CPM server failed to start, see server logs" message when trying to import a database exported from R80.10 Multi-Domain Management Server.
02524769, PMTR-87
Security Management
While updating a User name, the logged in User name in the logs is wrongly reported with the old User name.
02449460, CPM-465
Security Management
Management High Availability synchronization between primary server upgraded from R80 Jumbo Hotfix to R80.10 and new R80.10 secondary server, fails.
02532395, ACM-335
Security Management, Security Gateway
Security rules that should be installed on a specific Security Gateway wrongly can be installed on another R80.10 Security Gateway. Refer to sk118153.
02526608, PMTR-81
Security Gateway
Improved non-compliant HTTP protection to enforce more rare cases of non-compliant HTTP traffic.
02523046, PMTR-47
Security Gateway
in.emaild.mta process may crash randomly (once every few days was observed) when the Security gateway is configured as Mail Transfer Agent (MTA). Mails under inspection may be delayed by up to a few minutes.
02513631, PMTR-96
IPS
When an IPS protection is overridden, it is enforced correctly however it may cause higher performance load.
PMTR-98
SmartConsole
Translated Source column with "Original" object wrongly has a Hide NAT option.
R80.10 Jumbo HotFix - Take 3 (06 June 2017)
02521398
Threat Emulation
Fixed Mail Transfer Agent (MTA) enforcement issue.
Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").
Install the latest build of CPUSE Agent from sk92449.
Connect to the Gaia Portal on your Check Point machine and navigate to Upgrades (CPUSE) section - click on Status and Actions.
In the upper right corner, click on the Import Package button.
In the Import Package window, click on Browse... - select the CPUSE package (either offline TGZ file, or exported TAR file) - click on Upload.
Above the list of all software packages, click on the Showing Recommended packages button - selectAll.
Select the imported package Check Point R80.10 Jumbo hotfix T<number> for sk116380 - click on More button on the toolbar - click on Verifier (or right-click on the package and click on Verifier).
Select this package and click on Install Update button on the toolbar.
Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").
Install the latest build of CPUSE Agent from sk92449.
Connect to command line on target Gaia OS.
Log in to Clish.
Acquire the lock over Gaia configuration database: HostName:0> lock database override
Import the package from the hard disk: Note: When import completes, this package is deleted from the original location. HostName:0> installer import local <Full_Path>/<Package_File_Name>.TGZ_or_TAR
Show the imported packages: Note: Refer to the top section "Hotfixes" - refer to "Check Point R80.10 Jumbo hotfix T<number> for sk116380" HostName:0> show installer packages imported
Verify that this R80 Jumbo Hotfix Accumulator package can be installed without conflicts: HostName:0> installer verify <Package_Number>
Install the imported package: HostName:0> installer install <Package_Number>
Uninstall instructions
Important Note: This Jumbo Hotfix Accumulator removes all its packages during uninstall.
CPUSE Software Updates Policy should be configured to allow self-update of CPUSE Agent. Otherwise (and if this machine is offline), users should manually install the latest build of CPUSE Agent from sk92449.
Connect to the Gaia Portal on your Gaia machine and navigate to the 'Upgrades (CPUSE)' section - click on 'Status and Actions'.
Above the list of all software packages, click on the 'Showing Recommended packages' button - select 'All'.
Right-click on the Jumbo Hotfix Accumulator package - click on 'Uninstall'.
A warning will be displayed that after this uninstall, the machine will be automatically rebooted. Click on 'OK' to start the uninstall.
CPUSE Software Updates Policy should be configured to allow self-update of CPUSE Agent. Otherwise (and if this machine is offline), users should manually install the latest build of CPUSE Agent from sk92449.
Connect to command line on Gaia OS.
Log in to Clish.
Acquire the lock over Gaia configuration database: HostName:0> lock database override
Uninstall the package: HostName:0> installer uninstall <Package_Number> Note: The progress (in per cent) will be displayed in Clish.
Machine will be rebooted automatically.
List of replaced files
List of files replaced by this Jumbo Hotfix Accumulator can be provided upon request by Check Point Support.
