Support Center > Search Results > SecureKnowledge Details
Jumbo Hotfix Accumulator for R80.10 (R80_10_jumbo_hf)
Solution

Table of Contents:

  • Introduction
  • Availability
  • Important Notes
  • List of resolved issues per HotFix
  • Installation instructions
  • Uninstall instructions
  • List of replaced files
  • Revision History
Show the Entire Article

 

Introduction

R80.10 Jumbo Hotfix Accumulator is an accumulation of stability and quality fixes resolving multiple issues in different products.

This Incremental Hotfix and this article are periodically updated with new fixes.

The list below describes each resolved issue and provides a Take number, in which the fix was included. A resolved issue is included in the Incremental Hotfix starting from the Take number listed in this table (inclusive). In addition, you can find the date when the take was published in the table below.

Refer to sk98028 - Jumbo Hotfix Accumulator FAQ.

 

Availability

  • General Availability Take

    R80.10 Jumbo Hotfix Accumulator Take #42 is a General Availability release that can be directly downloaded from Check Point Cloud using CPUSE (Check Point Update Service Engine) and from this article:

    Take Date CPUSE offline
    package    		 SmartConsole package
    Take_42 17 Sept 2017 (TGZ) (EXE)
    (Build 005)


  • Previous General Availability Take

    Previous General Availability Takes can be directly downloaded from Check Point Cloud using CPUSE and from this article:

    Take Date CPUSE offline
    package    		 SmartConsole package
    Take_35 22 Aug 2017
    		 (TGZ) (EXE)
    (Build 005) 



Important Notes

  • Each of the Jumbo Hotfix Accumulator Takes is based on Check Point R80.10.
  • For CPUSE installation, CPUSE Agent build 1298 and above (refer to sk92449) must be used.
  • It is recommended to install Jumbo Hotfix Accumulator on all the R80.10 machines running on Gaia OS.
  • This Jumbo Hotfix Accumulator is suitable for these products and configurations:
    • Security Gateway
    • StandAlone
    • Cluster
    • VSX
    • Security Management Server
    • Multi-Domain Security Management Server
    • Log Server
    • Multi-Domain Log Server
    • SmartEvent Server
    • vSEC
  • This Jumbo Hotfix Accumulator has to be installed only after successful completion of Gaia First Time Configuration Wizard and reboot.
  • To check the Take number of the currently installed R80.10 Jumbo Hotfix Accumulator (if it is installed):
    [Expert@HostName:0]# cpinfo -y all

 

List of resolved issues per HotFix

Enter the string to filter the below table:

ID Product Symptoms
R80.10 Jumbo HotFix - Take 42 (17 Sept 2017)
Note: This Take replaces Take 40 released on 12 Sept 2017.
It is recommended to install Take 42
GAIA-1060
 Security Gateway  SIC status is "Not Communicating" and CPD process restarts after installing R80.10 Jumbo HotFix Take 40.
Refer to sk120494.
UP-94,
02556604		 Security Gateway Websites with short Host headers (like ab.com) cannot be loaded.
TEX-328 Threat Extraction Security gateway hangs when enabling Threat Extraction Web API.
TPM-373 Threat Prevention The API command "show threat-profile" wrongly reports configuration of internal settings which causes failure in certain scenarios. 
PMTR-748 Anti-Virus, Anti-Bot Crash in Anti-Virus & Anti-Bot blades. 
CPM-806 Security Management  Policy installation fails on DAIP gateways after changing Domain Server from Standby to Active.
PMTR-464 Security Management After upgrade to R80.x, Administrator's "email" field does not show in SmartConsole. 
PMTR-466 Security Management Rulebase initialization fails after CMA migration from R77.30 to R80.10 via cma_migrate.
TPM-419  Management Console  After a period of time in which multiple IPS updates have been performed, the database size can become very large because of unused data. 
  • Enhancement: new procedure to clean old / unused IPS version in the database
TPM-334  Management Console  Geo policy allows to configure several rules for the same country, causing incorrect policy enforcement.
PMTR-631 SmartEvent  In SmartEvent policy, when selecting two 'Event Fields' with the same 'Log Field' in 'Event Format' tab, the Event fails to generate. 
PMTR-625 SmartEvent When automatic reaction mail is sent, the resolving name of source and destination is missing and only the source and destination IP address is shown. 
PMTR-655 SmartEvent When automatic reaction email is sent, wrong "Start time" is displayed.
R80.10 Jumbo HotFix - Take 37 (04 Sept 2017)
PMTR-397 Security Gateway  export_p12 feature is missing in VPN utilities.
PMTR-418 Security Gateway Security Gateway / Active cluster member freezes / locks up randomly.
Refer to sk114977.
PMTR-454 Security Gateway  Login to Smart Console fails with "The server did not provide a meaningful replay; This might be caused by a contract mismatch, a Premature session shutdown or an internal server error" error. 
PMTR-469 Security Gateway  FWM process consumes high CPU in case of unreachable DAIP objects existing in the system.
PMTR-458 Security Gateway  Enhancement: Performance of Global Domain Assignment for Open Servers with 9-24 GB memory is improved.
PMTR-473 Security Gateway Enhancement: Improved Security Gateway stability when it is configured as proxy. 
BS-175 Security Gateway  Some objects are missing when querying for unused objects.
SL-441 Security Gateway  In environment with more than 50 Log servers, log queries return results only from 50 log servers.
GAIA-634 Gaia OS  Enhancement: Improved clish stability.
CPM-792 Security Management  Log Server status in Monitoring view is not presented for cluster members of Full HA environment. 
CPM-734 Multi-Domain Security Management
 Global policy assignment fails after section manipulation in the Global Domain's rulebase. 
BS-149 Multi-Domain Security Management Policy installation from Multi-Domain Management following a Threat policy uninstall, fails.
API-99  Management Console Security Management API server fails under heavy load.
Refer to sk119553.
API-92 Management Console API "show-package" (when set to "details-level" : "full") fails where the revision in one of the package’s installation targets has been purged from the database.
API-93 Management Console  If object is used inside a disabled rule, the "where-used" Security Management API command shows that the rule is enabled. 
API-94 Management Console  Reply to Security Management API "show-gateways-and-servers" misspells the name of the "identity-awareness" blade as "identical-awareness".
API-88 Management Console  Under certain conditions, after restarting Security Management Server, the API server, although configured to accept requests from GUI clients, no longer does so, but reverts to the default behavior of accepting only calls from the local host.
R80.10 Jumbo HotFix - Take 35 (22 Aug 2017)
MAGB-27, MAGB-28  Mobile Access  Improved stability of Mobile Access WebMail application.
PMTR-172  Security Gateway Security hardening for Client Authentication portal.
CPM-534 Security Management  migrate_global_policies and cma_migrate commands can run when processes are down. 
PMTR-436  Security Management  Long duration of policy installation for large number of NAT rules.
CPM-665  Security Management  Performance improvements.
DP-1079 Check Point Appliances  "Can't validate base version is a GA take of R80.10" error message when installing Jumbo Hotfix Accumulator Take 24 on 405 / 410 appliances.
R80.10 Jumbo HotFix - Take 24 (01 Aug 2017)
PMTR-290
 Application Control Support for user-defined application with encoded escaped characters within the URL.
GAIA-760 Gaia OS  BGP does not work for VTIs and Point-to-Point interfaces with mask length of 32 with Virtual IPs. 
TEX-329  DLP, Threat Extraction  Security enhancements for Data Loss Prevention and Threat Extraction blades. 
02559994,
PMTR-385 		 SmartLog  On Open Servers with 24G-35G of RAM running R80.10 Jumbo Hotfix (Take 10/15/18) logs are not indexed and SmartLogs queries fail.
R80.10 Jumbo HotFix - Take 18 (24 July 2017)
ACM-520 Application Control Improved Policy Verification for Pre-R80.10 Security Gateways that support only services of type "TCP" or ‎"UDP" in the Application Control layer.
Refer to sk120556.
02522974, PMTR-100 Identity Awareness Improved Access Role identification for different login/logout scenarios.
02524894, PMTR-99 Security Management Automatic NAT rule is not removed after the corresponding network object is removed.
02521459, GM-2678 Security Management Policy installation fails in some cases when installing policy on all managed Security Gateways at once, if Security Management manages both standard Security Gateways and UTM-1 Edge devices.
R80.10 Jumbo HotFix - Take 15 (11 July 2017)
02536538,
PMTR-147		 Security Gateway Improved URL recognition mechanism for Anti-Virus, Anti-Bot, and URL Filtering blades.
PMTR-44 vSEC vSEC objects are not enforced on part of the gateways. Problem is relevant only for large scale environment with more than 50 gateways/cluster/vs/member.
PMTR-45 vSEC In large scale Azure environments, Data Center objects are partialy imported.
PMTR-167 SmartView Security hardening of SmartView.
02539824,
PMTR-164		 Security Management Security Management access hardening.
R80.10 Jumbo HotFix - Take 10 (28 June 2017)
02530810 Smart-1 Added support for Smart-1 405 / 410 appliances.
Refer to sk117578.
02524737,
PMTR-88		 VSX Wrong license status for 'Virtual Systems' blade for VSX objects in R80 SmartConsole.
R80.10 Jumbo HotFix - Take 7 (22 June 2017)
02528737,
02529416,
02533097,
CPM-535		 Multi-Domain Security Management Several cpsm-domains-X licenses are counted only once.
Refer to sk118316.
02520574, CPM-462 Multi-Domain Security Management Upgrade failure of secondary Multi-Domain Log Server when using NGX license.
02520796,
CPM-460		 Multi-Domain Security Management mds_import fails with "CPM server failed to start, see server logs" message when trying to import a database exported from R80.10 Multi-Domain Management Server.
02524769,
PMTR-87		 Security Management While updating a User name, the logged in User name in the logs is wrongly reported with the old User name.
02449460, CPM-465 Security Management Management High Availability synchronization between primary server upgraded from R80 Jumbo Hotfix to R80.10 and new R80.10 secondary server, fails.
02532395,
ACM-335		 Security Management,
Security Gateway		 Security rules that should be installed on a specific Security Gateway wrongly can be installed on another R80.10 Security Gateway.
Refer to sk118153.
02526608,
PMTR-81		 Security Gateway Improved non-compliant HTTP protection to enforce more rare cases of non-compliant HTTP traffic.
02523046, PMTR-47 Security Gateway in.emaild.mta process may crash randomly (once every few days was observed) when the Security gateway is configured as Mail Transfer Agent (MTA). Mails under inspection may be delayed by up to a few minutes.
02513631, PMTR-96 IPS When an IPS protection is overridden, it is enforced correctly however it may cause higher performance load.
PMTR-98  SmartConsole  Translated Source column with "Original" object wrongly has a Hide NAT option.
R80.10 Jumbo HotFix - Take 3 (06 June 2017)
02521398 Threat Emulation Fixed Mail Transfer Agent (MTA) enforcement issue.

 

Installation instructions

Procedure:

  • Show / Hide instructions for installation in Gaia Portal - using CPUSE (Check Point Update Service Engine)

    • Offline installation

      Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").

      1. Install the latest build of CPUSE Agent from sk92449.
      2. Connect to the Gaia Portal on your Check Point machine and navigate to Upgrades (CPUSE) section - click on Status and Actions.
      3. In the upper right corner, click on the Import Package button.
      4. In the Import Package window, click on Browse... - select the CPUSE package (either offline TGZ file, or exported TAR file) - click on Upload.
      5. Above the list of all software packages, click on the Showing Recommended packages button - select All.
      6. Select the imported package Check Point R80.10 Jumbo hotfix T<number> for sk116380 - click on More button on the toolbar - click on Verifier (or right-click on the package and click on Verifier).
      7. Select this package and click on Install Update button on the toolbar.


  • Show / Hide instructions for installation in Gaia Clish - using CPUSE (Check Point Update Service Engine)

    For detailed installation instructions, refer to CPUSE - Gaia Software Updates (including Gaia Software Updates Agent) - section "(4) How to work with CPUSE".

    • Offline installation

      Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").

      1. Install the latest build of CPUSE Agent from sk92449.
      2. Connect to command line on target Gaia OS.
      3. Log in to Clish.
      4. Acquire the lock over Gaia configuration database:
        HostName:0> lock database override
      5. Import the package from the hard disk:
        Note: When import completes, this package is deleted from the original location.
        HostName:0> installer import local <Full_Path>/<Package_File_Name>.TGZ_or_TAR
      6. Show the imported packages:
        Note: Refer to the top section "Hotfixes" - refer to "Check Point R80.10 Jumbo hotfix T<number> for sk116380"
        HostName:0> show installer packages imported
      7. Verify that this R80 Jumbo Hotfix Accumulator package can be installed without conflicts:
        HostName:0> installer verify <Package_Number>
      8. Install the imported package:
        HostName:0> installer install <Package_Number>

 

Uninstall instructions

Important Note: This Jumbo Hotfix Accumulator removes all its packages during uninstall.

Procedure:

 

List of replaced files

List of files replaced by this Jumbo Hotfix Accumulator can be provided upon request by Check Point Support.


Revision History

Show / Hide revision history

Date Description
24 Sep 2017 Added note regarding CPUSE Agent build 1298 
18 Sep 2017 Added reference to sk120494
17 Sep 2017  Released Take 42 of R80.10 Jumbo Hotfix Accumulator
12 Sep 2017  Released Take 40 of R80.10 Jumbo Hotfix Accumulator
04 Sep 2017 Released Take 37 of R80.10 Jumbo Hotfix Accumulator 
22 Aug 2017 Released Take 35 of R80.10 Jumbo Hotfix Accumulator 
09 Aug 2017 Added note regarding SmartConsole build 005 
01 Aug 2017 Released Take 24 of R80.10 Jumbo Hotfix Accumulator 
27 July 2017

Added the following notes:
24 July 2017 Released Take 18 of R80.10 Jumbo Hotfix Accumulator
Released updated R80.10 SmartConsole for R80.10 Jumbo Hotfix Accumulator (for Take 7 and above)
19 July 2017 Added an important note that to check the Take number of the installed R80.10 Jumbo Hotfix Accumulator, user should run the "cpinfo -y all" command
11 July 2017 Released Take 15 of R80.10 Jumbo Hotfix Accumulator
28 June 2017 Released Take 10 of R80.10 Jumbo Hotfix Accumulator
22 June 2017 Released Take 7 of R80.10 Jumbo Hotfix Accumulator
06 June 2017 First release of R80.10 Jumbo Hotfix Accumulator (Take 3)

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment