Support Center > Search Results > SecureKnowledge Details
Jumbo Hotfix Accumulator for R80.10 (R80_10_jumbo_hf)
Solution

Table of Contents:

  • Introduction
  • Availability
  • Important Notes
  • List of resolved issues per HotFix
  • Installation instructions
  • Uninstall instructions
  • List of replaced files
  • Revision History
Show the Entire Article

 

Introduction

R80.10 Jumbo Hotfix Accumulator is an accumulation of stability and quality fixes resolving multiple issues in different products.

This Incremental Hotfix and this article are periodically updated with new fixes.

The list below describes each resolved issue and provides a Take number, in which the fix was included. A resolved issue is included in the Incremental Hotfix starting from the Take number listed in this table (inclusive). In addition, you can find the date when the take was published in the table below.

Refer to sk98028 - Jumbo Hotfix Accumulator FAQ.

 

Availability

Effective October 16th, 2018, the R80.10 image has been replaced with Take 479.
R80.10 image Take 479 can be installed with R80.10 Jumbo Hotfix Accumulator Take 154 and above.

R80.10 image Take 462 can be installed with R80.10 Jumbo Hotfix Accumulator Take 70 and above.
R80.10 image Take 421 can be installed with any released R80.10 Jumbo Hotfix Accumulator Take.

  • General Availability Take

    Take_154 is the latest General Availability release that can be directly downloaded from Check Point Cloud using CPUSE and from this article:

    Product Take Date CPUSE offline
    package    		 SmartConsole package
    All suitable
    (except Smart-1 525/5050/5150 appliances)    		 Take_154  
    23 Oct 2018
         		 (TGZ) (EXE) 
    Smart-1 525/5050/5150 appliances  (TGZ)

    • Effective October 23rd 2018, the General Availability Take_154 is available for CPUSE online installation (it replaces Take_121)

    • Effective November 12th 2018, SmartConsole package has been updated (Build 089)

     

  • Ongoing Take

    Product Take Date CPUSE Online Identifier SmartConsole package
    All suitable
    (except next row)    		 Take_167 12 Nov 2018 Check_Point_R80_10_JUMBO_HF_Bundle_T167_sk116380_FULL.tgz
    		 (EXE)
    Smart-1 525/5050/5150 Check_Point_R80_10_JUMBO_HF_Bundle_T167_sk116380_Smart-1_525_5050_5150_FULL.tgz 

    Note:

    • Customers using R80.10 Jumbo Hotfix Accumulator Take 151 do not need to install Take 154.

    • Smart-1 525 / 5050 / 5150 R80.10 Jumbo Hotfix Accumulator bundle is suitable for Smart-1 525 / 5050 / 5150 appliances only and cannot be installed on other Check Point appliances

    • To Install R80.10 Jumbo Hotfix on Smart-1 525 / 5050 / 5150 appliances, use
      Check_Point_R80_10_JUMBO_HF_Bundle_Txx_sk116380Smart-1_525_5050_5150_FULL.tgz

    • For other Check Point appliances use Check_Point_R80_10_JUMBO_HF_Bundle_Txx_sk116380_FULL.tgz

    • Contact Check Point Support to get this Ongoing Jumbo Hotfix Accumulator

    • Effective November 12th 2018, SmartConsole package has been updated (Build 089)

 

Important Notes

  • For Takes 70, 79, 85 and 91, for backup via Gaia Portal or CLISH backup commands, refer to sk123352 prior R80.10 Jumbo Hotfix Accumulator Take 103 and above installation.
  • Each of the Jumbo Hotfix Accumulator Takes is based on Check Point R80.10.
  • For CPUSE installation, CPUSE Agent build 1298 and above (refer to sk92449) must be used.
  • It is recommended to install Jumbo Hotfix Accumulator on all the R80.10 machines running on Gaia OS.
  • This Jumbo Hotfix Accumulator is suitable for these products and configurations:
    • Security Gateway
    • StandAlone
    • Cluster
    • VSX
    • Security Management Server
    • Multi-Domain Management Server
    • Log Server
    • Multi-Domain Log Server
    • SmartEvent Server
    • CloudGuard / vSEC for AWS, Microsoft Azure and Google Cloud (see sk109141)
  • This Jumbo Hotfix Accumulator has to be installed only after successful completion of Gaia First Time Configuration Wizard and reboot.
  • To check the Take number of the currently installed R80.10 Jumbo Hotfix Accumulator (if it is installed): [Expert@HostName:0]# cpinfo -y all

 

List of resolved issues per HotFix

Enter the string to filter the below table:

ID Product Description
R80.10 Jumbo HotFix - Ongoing Take 167 (12 November 2018)
PMTR-22521 All Added support for R80.10 Security Management managing R80.20 Security gateway.
PMTR-20498,
PMTR-20499		 Gaia OS Added SHA2 encryption for Gaia users passwords.
PMTR-16440,
PRHF-530,
01743689		 Gaia OS  Sensors display order is incorrect in the output of "cpstat os -f sensors" command.
Refer to sk107672.
PMTR-20038,
PMTR-22373		 Gaia OS "/opt/CPInstLog/uninstall_SecurePlatform_R80_10_JHF_PLATO:Uninstallation failed!" error during uninstallation of Jumbo Hotfix Take on Smart-1 device. Newer version of RPMs remain installed after uninstall. 
PMTR-11977,
PMTR-20018,
02567615		 Gaia OS An event logged in /var/log/messages is generated multiple times in consecutive order, and the syslog daemon compresses all repeated attempts with entry "last message repeated X times" in /var/log/messages file. 
Refer to sk119913.
PMTR-20425,
PMTR-14191,
PMTR-20370		 Gaia OS In some scenarios, machines with the igb driver (on-board Mgmt/Sync and 1G expansion cards) receive the "Detected Tx Unit Hang" messages in /var/log/messages file.
PMTR-19350,
PMTR-21871		 Gaia OS  Added support for HP Gen10 hardware on Security Management server.
PRHF-734, PMTR-11728  Security Management In rare scenarios, the CPM service does not start on machine startup. 
PMTR-22967,
MCFG-45		 Multi-Domain Management The license status for the MDS shows as "N/A" in SmartConsole's License Report. 
Refer to sk132575.
PMTR-18007,
PMTR-18004		 Multi-Domain Management After cloning a policy package that has an assigned Global Policy package, the Domain layers in the placeholder of some of the assigned global layers are not cloned and empty. 
Refer to sk134012.
PMTR-12050,
PMTR-13198		 Multi-Domain Management Cannot synchronize secondary Domain Server after migrating new Domain with cma_migrate.
Refer to sk127954
PMTR-20295,
API-409		 SmartConsole When specifying from-date in the "show-changes" Management API command, changes of the first session in range are not displayed. 
PMTR-23062,
PMTR-22415		 SmartUpdate SmartUpdate hangs on launch due to over 4000+ unattached licenses. 
Refer to sk136512.
PMTR-20272,
02692416		 SmartView Monitor In some scenarios, SmartView Monitor shows more throughput than what actually goes through the Security gateway.
PMTR-15575,
02436860		 Content Awareness Content Awareness supports HTML forms using URL encoding (also known as Percent-encoding). HTML traffic, encoded (binary to text encoding) as Base64 and NCR, is not properly inspected for content. 
PMTR-14858,
PMTR-14633		 Threat Extraction TIFF images replacement on PDF files sometimes fails and can corrupt the file. 
PMTR-21559,
PMTR-21393		 Anti-Malware In rare scenarios, a Security gateway crashes in mail_security code due to out of bound memory access. 
PMTR-21913,
PMTR-16557		 DLP Improved DLP file type detection when uploading files to Gmail.
PMTR-6238,
IDA-623		 Identity Awareness High CPU usage after policy installation when PDPD is running. Refer to sk122352
PMTR-19899,
PMTR-19733		 Identity Awareness Enabling Packet Tagging and MUH traffic enforcement takes effect only after reboot.
PMTR-21289,
PMTR-19167		 SSL Inspection Several applications are not matched correctly when Application Control and HTTPS Inspection are enabled.
PMTR-18923,
PRHF-743		 SSL Inspection HTTPS traffic is inspected when it is configured to be bypassed: when HTTPS Inspection is enabled and probe bypass is 0. 
Refer to sk132913
PMTR-19664,
PMTR-19049		 Routing PIM standby node crashes when adding multiple VPN tunnels with the same local endpoint as PIM interfaces.
PMTR-20075,
PMTR-18338		 SecureXL "sume_from_fw_forward: dropping packet of for vsid=0 due to loop prevention" dmesg errors during policy installation failure. 
PMTR-11941,
PMTR-13827,
02482488		 CoreXL  CoreXL FW instance offloads a partial/anticipated connection that already exists.
Refer to Scenario 5 in sk100467.
PMTR-20161,
PMTR-5366		 CoreXL When running the "fw ctl multik stop" command several times, only the target instance of the last command is stopped, while others start working again. 
PMTR-21760,
02630742		 Mobile Access In some scenarios, Capsule Workspace Push notifications are not received. Refer to sk120334.
PMTR-21684,
VPNRA-99		 VPN In rare scenarios, Security gateway randomly drops all SNX packets on a connection attempt.
PMTR-19532,
02550811		 VPN When a second user behind the same router connects with an L2TP client, the first user that is already connected gets disconnected.
Refer to sk119141
PMTR-12787,
IDA-982,
PMTR-23382		 VPN User cannot connect to a VPN site that belongs to a group that has a special character in its name.
Refer to sk124514.
PMTR-17652,
PMTR-16730,
PMTR-17651, PMTR-16731,
PMTR-17648,
PMTR-16734		 VPN Improved IKE negotiation stability in S2S with 3rd party devices.
PMTR-17650,
PMTR-16732		 VPN When NAT-T is detected, Security gateway not always switches to port 4500, causing a VPN tunnel termination. 
PMTR-10457,
02708339		 VPN Site-to-Site VPN cannot be established with IKEv2 on VSec for Azure / CloudGuard for Azure.
Refer to sk122675
PMTR-21859,
VPNS2S-280		 VPN Improved fragmentation handling for TCP over VPN.
PMTR-19703,
PMTR-8170		 VPN Tunnel to 3rd party device fails if IKE-ID is not equal to local outbound interface. 
PMTR-17289 VSX In rare scenarios, VSX gateway crashes under heavy load when SecureXL is enabled.
PMTR-19973,
02757621		 Endpoint Security "Cannot create certificate" error message when cannot enroll user certificate on Endpoint Security VPN client after January 24th 2018.
Refer to sk122874
PMTR-18402,
PMTR-9755		 Acceleration Card In rare scenarios, Security gateway crashes after enabling Acceleration Card and using the ipsctl utility.
R80.10 Jumbo HotFix - General Availability 154 (16 October 2018, GA from 23 October 2018)
PMTR-23151 All R80.10 Jumbo HotFix support for R80.10 image Take 479.
R80.10 Jumbo HotFix - Ongoing Take 151 (02 October 2018)
PMTR-18655 Security Management Changes for LDAP Account Unit priority performed from SmartConsole per Security gateway, are not saved in database. 
PMTR-17198,
PMTR-9087,
PMTR-13128		 Multi-Domain Management Global Policy Assignment fails with "Task failed" error with no details.
Refer to sk123578.
PMTR-15142,
PMTR-19143		 Multi-Domain Management There is no clear error message in case of a license violation during Multi-Domain Management database import.
PMTR-15111,
PMTR-18242		 Multi-Domain Management CMA/Domain upgrade failure indication was improved.
PMTR-14649,
PMTR-12942		 Multi-Domain Management In Multi-Domain environment, Compliance updates do not take effect although a success message is presented in Compliance Overview.
PMTR-7361 Multi-Domain Management When trying to delete a Domain in a Multi-Domain Management server, operation fails with  "Delete Domain failed: Trying to update a detached objectthrough ObjectStoreSession" error.
Refer to sk124492.
PMTR-12247,
THREATEMUL-3847		 Threat Emulation Added new implied rule to allow communication from TED to SYMO.
PMTR-22236,
PMTR-20344		 Application Control The fw_full (fwd daemon) stops working producing a core dump fila and causing a cluster failover.
PMTR-9852,
PMTR-19993		 HTTPS Inspection The following errors may be seen in dmesg and /var/log/messages when enabling HTTPS Inspection: 
[ERROR]: rad_kernel_urlf_request_set_url: cp_lstring_search for path slash failed
[ERROR]: nrb_https_inspection_column_category_fill_rad_request: rad_kernel_urlf_request_set_url() failed
[ERROR]: nrb_rulebase_default_match: virtual match_func failed for column 'External Column' (11)
[ERROR]: nrb_rb_https_inspection_match: virtual rb_match_func failed
PMTR-18692,
IDA-1150		 Identity Awareness MUH Agent sends unnecessary MUH updates causing high CPU on PEP, which leads to delays with getting identities and can cause connectivity issues. 
PMTR-19154,
IDA-1250,
IDA-648		 Identity Awareness PDPD daemon stops working periodically when the configured Account Unit contains Domain Controllers that are all defined as "Ignored".
PMTR-18661,
PRHF-808		 Identity Awareness In rare scenarios, PDPD daemon stops working repeatedly during groups update process.
PMTR-20144,
IDA-1176,
PRHF-721		 Identity Awareness Update with "-" machine name from the Domain Controller causes the Identity Collector to create un-authenticated sessions on the PDP. 
PMTR-16060,
PMTR-10601,
IDA-763		 Identity Awareness  In some cases, users are associated not with all LDAP groups to which they actually belong. Therefore, data from the LDAP server may be sent in different order.
PMTR-8958,
PMTR-21600,
SL-690		 SmartEvent "No matches found for your search" message in the browser when searching for a user's name when it starts with 0 and contains only numbers.
Refer to sk122294.
PMTR-16588,
SL-1363		 Logging When setting 'log_delete_below_metrics' to MBytes, 'log_delete_below_value' cannot be set to more than quarter of disk size. When setting it with 'log_delete_below_metrics' to percent, 'log_delete_below_value' is unlimited. 
Refer to sk133473.
PMTR-17415,
PMTR-15486		 SmartConsole SmartConsole exits at the "Initializing Services" stage of login.
PMTR-15841,
PMTR-2085,
PMTR-19958,
PMTR-14469		 SmartConsole Running "Get Interfaces without Topology" automatically enables Anti-Spoofing.
Refer to sk136372.
PMTR-9858,
GAIA-2202
02526946		 Gaia OS tcpdump exits with "Buffer overflow" messages when running "tcpdump -i any -eP" command.
PMTR-8477,
PMTR-8479,
PMTR-2295		 Gaia OS New connections to the gateway are rejected due to too many "kernel: dst cache overflow" messages in /var/log/messages file.
PMTR-14932,
MPTT-141		 VPN Route based VPN stability was improved. 
PMTR-14933,
VPNS2S-215		 VPN MSS clamping cooperation with SecureXL in certain scenarios was improved.
PMTR-14920,
PMTR-8075		 VPN Improving IPSEC renegotiation stability in S2S with 3rd parties. 
PMTR-15949,
PMTR-15954,
PMTR-15955,
PMTR-16379		 Security Gateway R80.10 Security Gateway send some wrong SNMP VRRP OID’s.
Refer to sk130412
PMTR-5259,
PMTR-18368,
02536701		 Security Gateway Client packets stay not NATed in connection table if NAT fails. 
PMTR-11894,
PMTR-4734		 Security Gateway Link collisions in Security Gateway due to race condition in cluster environment.
PMTR-18574,
CLUS-1097		 ClusterXL ClusterXL stability during policy installation was improved.
Refer to sk133372.
PMTR-20985,
ROUT-125		 ClusterXL When there is a large number of BGP peers and interfaces and ClusterXL failover occurs, resulting CPU utilization can be high for a few minutes on the old active member. During this time, routed did not respond to queries such as "show route" command in clish.
PMTR-19667,
PMTR-17973		 ClusterXL With a large number of eBGP peers (>200), RouteD daemon repeatedly stops working. 
R80.10 Jumbo HotFix - Ongoing Take 142 (21 August 2018)
PMTR-19132 Threat Prevention

Added new Threat Prevention capabilities. For more information, refer to sk122853
New feature in Mail Transfer Agent (MTA): MTA is now updatable (refer to sk123174).
The first MTA engine update contains several enhancements and new features, including:

  • Setting a next-hop server by Domain name.
  • Removing/replacing malicious links & attachments from e-mails with a customizable text.
  • Adding a customized text to a malicious e-mail's body or subject.
  • Malicious e-mail tagging using an X-header.
  • Sending a copy of the malicious e-mail.
PMTR-5685,
02696314		 Security Management Inplace upgrade from R77.30 to R80.10 fails with "Invalid white space character" message.
Refer to sk122098.  
PMTR-10306,
PMTR-19066		 Security Management Security Management migration to R80.10 fails due to NumberFormatException.
Refer to sk125272
PMTR-9663,
PMTR-18829		 Security Management Following an upgrade from R77 to R80.10, 'Inspection Settings' view will not correctly reflect overridden actions. This does not affect the Security Gateway that continues to receive the correct overridden actions. 
PMTR-15318,
PMTR-15613		 Security Management Performance issues in the Management HA incremental HA synchronization mechanism of the Global Domain.
PMTR-12006,
PMTR-11175		 Security Management Performance optimization of Compliance Blade in large scale environment.  
PMTR-12446 Security Management Added infrastructure support for AWS Transit VPC. 
PMTR-9000,
PMTR-18966		 Security Management,
Multi-Domain Management		 Upgrade to R80.10 fails with "Maximum Number of Child Elements limit (50000) Exceeded" message.
Refer to sk123857
PMTR-16063 Multi-Domain Management Global Domain Assignment fails with "Missing protection 'Protection_Name' in profile 'Default Inspection' in the global domain" message.
Refer to sk130492.  
PMTR-15065,
CPM-1625		 Multi-Domain Management When attempting to import Multi-Domain Server or Multi-Domain Log Server database onto R80.10 machine, the import script fails with "The IP address of the source and target Secondary Multi-Domain Servers/Multi-Domain Log Servers must be the same." error.
Refer to sk129092.
PMTR-717,
02569693		 Multi-Domain Management DBsync stops working during a CMA import from R77.x.
CPM-1404,
PMTR-12819		 Multi-Domain Management After changing the name of a Multi-Domain Management Server, the previous name is still shown in the Domain editor.
PMTR-3872,
PMTR-18309		 Multi-Domain Management "No MD role specified" error when migration\upgrade of Multi-Domain Management Server from pre-R80 MDS to R80.10 fails.
Refer to sk123862
PMTR-8236 Multi-Domain Management The mdsstat command was updated for Smart-1 525, 5050 and 5150 Appliances. 
PMTR-7744,
PMTR-18982		 Multi-Domain Management "dleserver.utils.UidManager" errors on cma_migrate failure on Multi-Domain Management upgraded from R80.
PMTR-16843,
PMTR-9344		 Multi-Domain Management Upgrade from R77.X to R80.10 of Multi-Domain Management environments that use partial assignments and have more than 50 Domains and local policies (combined), has inconsistent assignment settings (loss of data). 
PMTR-17774 Multi-Domain Management  Cannot log in to upgraded Multi-Domain Management Server due to IP duplication source database. 
PMTR-20164 Security Gateway Check Point response to SegmentSmack (CVE-2018-5390) & FragmentSmack (CVE-2018-5391).
Refer to sk134253
PMTR-17571,
PMTR-17576		 Security Gateway After upgrade to R80.10, BGP peer is stuck in Active state.
Refer to sk131592
PMTR-6011,
02701016		 Security Gateway Dynamic ID does not send correctly a username using the $NAME tag.
PMTR-6008,
02669026		 Security Gateway Dynamic ID fails with "Dynamic ID authentication failed" error after upgrade to R80.10.
Refer to sk124953.
PMTR-9982,
PMTR-6005,
IDA-775		 Security Gateway Dynamic ID does not work with specific vendors that require user's phone number.
PMTR-17083,
PMTR-17901		 Security Gateway BGP communities are not correctly matched by routemaps, resulting BGP routes not being populated and not advertised. 
PMTR-16621,
PMTR-18028		 Security Gateway BGP connections from point-to-point clustered interfaces are rejected. 
PMTR-11667,
PMTR-15610		 Security Gateway Security Gateway stops working in some scenarios when Mobile Access blade is enabled in Unified Policy mode and Security Zones are used in the security policy. 
DOMO-9,
PMTR-16311		 Security Gateway Traffic drops after adding rules with Domain objects and installing policy.
Refer to sk133253
PMTR-17414,
02689115		 Security Gateway Emails remain in the spool when SMTP Resource Rule is defined.
Refer to sk122010
PMTR-12167 Security Gateway "dynamic objects -c" command returns partial output when more than 20 Dynamic objects are defined on the Security Gateway. 
PMTR-15421 Security Gateway Traffic to span port interfaces is dropped when Security Zones are used in Access policy.
PMTR-17399 Security Gateway,
Security Management

The CPView Utility was improved:

  • Added new capability to collect and present I/O data.
  • Enabled CPView History collection on Management machines.
PMTR-8455 Routing NetFlow IPv6 daemon cannot be started after upgrade from R77.30 due to missing bindings in configuration file. 
PMTR-10917,
02426496,
02474798		 Routing RouteD daemon stops working or OSPF Adjacency is stuck in "Loading" state when receiving OSPF LSA of Type 10 and Type 11. 
Refer to sk115314.
PMTR-11392,
01593435		 Routing  VRRP member freezes when deleting a VLAN interface.
Refer to sk106226
PMTR-12798,
PMTR-10503		 Routing Enabling ping option for static routes causes the routes to disappear on the standby member.
CPM-1381,
PMTR-10927		 SmartConsole After upgrade to R80.10, validation incidents do not disappear although solving the error. 
Refer to sk123357
PMTR-14250,
PMTR-18053		 SmartConsole "Policy installation had failed due to an internal error" message on policy installation failure when using Native Mobile Access application that uses '*Any' services (with no other existing Native Mobile Access applications that use other services in the system).
PMTR-12813,
TPM-1007		 SmartConsole  Cannot update the Security gateway object when using permission profile without write permissions for Threat Prevention policy. 
PMTR-14653,
API-180		 SmartConsole API is missing targets information in reply of "install-policy" command when installing on more than 50 targets. The reply holds the first 50 targets only. 
PMTR-12782,
SL-1110		 SmartEvent SmartEvent's Automatic Reaction emails are missing information in some fields.
Refer to sk133032.
SL-1464,
PMTR-18204		 SmartEvent In 'LOGS & MONITOR' tab, HTTPS Inspection queries show no results.
Refer to sk133392
PMTR-7545,
PMTR-7405,
02489539		 Logging When certain security rule definition includes the "Alert -> mail" log track option, email alerts have ".." at the end which means some fields were truncated.
Refer to sk123240
PMTR-13899 Logging When running "SmartConsole -> Logs & Monitor -> Queries -> Threat Prevention -> IPS Blade -> Staging" query in non-index mode, the "There is a problem to read log file. Try again" error is displayed. 
PMTR-10071,
PMTR-3322,
02503468		 Logging When generating a view of any report, the "Problem has occurred during search" errorpops up with details: "Query resolution failed. Logs might not display properly". 
PMTR-17353 Mobile Access Multi-factor authentication with Dynamic ID using Email does not work when the email address ends with 't' or 'n'.
IDA-735,
PMTR-7985		 Identity Awareness Identities are not synced to PEP if two PDPs will report the same network
Refer to sk130373
PMTR-6226,
IDA-550,
PMTR-8718		 Identity Awareness  When using multiple PEP gateways with the same internal IP address, only one of the PEP gateways gets identities from PDP.
PMTR-13166,
IDA-949		 Identity Awareness  RADIUS accounting server does not understand accounting-response from Check Point gateway.
Refer to sk130532
PMTR-11965,
01500409		 Identity Awareness "Group membership of the required account (user or machine) could not be retrieved from the AD. Make sure the account exists in the AD." log is received from Identity Awareness blade when format of RADIUS user is "user@domain".
Refer to scenario 6 in sk106133.
PMTR-17129,
01786753		 Identity Awareness AD users with special characters in their names cannot authenticate.
Refer to sk131872.
PMTR-10269,
PMTR-663		 DLP The dlp_fingerprint and cp_file_convert processes consume CPU at high level although DLP blade is disabled. 
Refer to sk102213.
PMTR-17822,
PMTR-17783		 IPS New logs of IPS update tool are created in $FWDIR/log directory on a daily basis. For more information refer to sk131652
PMTR-7252,
PMTR-17432,
PMTR-3135		 IPS No packet capture is received with IPS protection log.
Refer to sk121605
PMTR-17134,
PMTR-17469		 IPS Failures during batch update of IPS objects.
PMTR-9114 IPS Snort protections are not fully enforced after upgrade from R77.x to R80.10. Refer to sk123575.
PMTR-7924,
PMTR-3091		 Anti-Malware Threat Prevention policy installation fails with "malware_policy_get_ioc_override() failed" message when disabling the "Enable indicator scanning" option.
PMTR-15102,
PMTR-16351		 Application Control Some non-SSL applications are identified as 'Unknown Traffic' when Application Control, URL Filtering and 'Categorize HTTPS Sites' are enabled. 
PMTR-12335,
01431893		 Application Control Non-SSL traffic is dropped with "appi_rad_uf_cmi_handler_server_response: no hello done, failed" error message in dmesg when "Categorize HTTPS sites" feature is enabled. 
Refer to sk64162.
PMTR-9355,
PMTR-17726,
02694599		 Gaia OS Output of "show message motd" clish command is corrupted if the "motd" message is too long.
Refer to sk122199.
GAIA-1532,
PMTR-7822		 Smart-1 Pressing <TAB> (autocomplete mechanism) from the Expert mode of Smart-1 525, 5050 and 5150 does not convert paths stored in variables (like $FWDIR) to full paths.
PMTR-5576 VSX Trusted Source feature does not work in VSX environment.
Refer to sk122533
PMTR-12886,
02667600		 SecureXL Multiple RX drops during policy installation under high load traffic.
Refer to sk123312
PMTR-15631,
02508263		 SecureXL Connectivity issue during policy installation when NAT templates are enabled between CPUs. 
PMTR-13127,
PMTR-10631		 SecureXL  EIGRP traffic going through Security Gateway in bridge mode with SecureXL enabled, is randomly dropped.
Refer to sk125632
PMTR-11321,
02340209		 SecureXL When the Dynamic Dispatcher is enabled together with SecureXL NAT templates, traffic on port 80 and 443 is dropped with "Instance mismatch (inbound)" messages.
Refer to sk113398
PMTR-16773,
02447010		 VPN "You cannot receive an office Mode IP address because the security gateway does not have a license for Office mode" error on SSL Remote Access VPN client (SNX client / Capsule VPN client / Capsule Connect client / Endpoint Connect client) that tries to connect to a Cluster in High Availability mode.
Refer to sk120652.
PMTR-5487,
02669997		 Hardware Improved forensics with host-side PCIe drivers during shutdown, during Seurity gateway crash triggered by a SAM-related problem.
PMTR-10569,
VSECC-609		 CloudGuard After installing policy, when adding a new Data Center object and running "Menu" -> "Verify Access Control Policy", the verification might fail with the "Rule 1 Hides rule 2 for Services & Applications: Any" error message. 
Refer to sk123572.
R80.10 Jumbo HotFix - Ongoing Take 131 (19 July 2018)
PMTR-9748 Security Management Monitoring view does not show the ClusterXL status of VSX members.
PMTR-14149,
PMTR-14416,
PMTR-16997		 Security Management In some scenarios, API login requests fail with "errorCode [CP_ERR_COULD_NOT_CONNECT_FWM]" error in api.elg file.
PMTR-9440,
API-280		 SmartConsole

When changing the administrator profile by API in Multi-Domain Management, the following scenarios may occur:

  1. Modifying administrator's profile may not take effect, previous permissions are still configured and might be enforced.
  2. User can configure "Permission profile per domain" in addition to "Multi-Domain Super User" or "Domain Super User" not knowing it may not take effect.
PMTR-15572,
API-338		 SmartConsole In some scenarios, the "show package" API command fails due to timeout.
PMTR-10861,
API-268		 SmartConsole  On environments with many revisions, "show-changes" API calls take long time to finish and can cause API server to terminate unexpectedly. 
PMTR-14634,
02775187		 Security Gateway Using two Domain objects for the same domain name, one with "www." prefix and the other without, in different rules in the rulebase might cause those rules not to be enforced correctly.
PMTR-2653,
PMTR-4733		 Security Gateway Domain objects of domain names that are defined in local hosts file are not enforced. 
PMTR-14694,
PRHF-257		 Security Gateway A rule with Security Zone object may not be correctly matched for broadcast traffic. 
PMTR-16561,
PMTR-15022		 Security Gateway Performance optimization of services and applications matching process.
Refer to sk128452
PMTR-9133,
PMTR-12783,
SL-982		 SmartEvent After upgrade of a dedicated SmartEvent server, Object synchronization status appears as "Failed" in the status window of SmartEvent GUI.
PMTR-9186,
PMTR-10070		 SmartEvent  When setting up clear connection between the Security Management server and R80.10 SmartEvent server per sk101928, Log indexer clear connection could not be established.
Refer to sk123580.  
PMTR-10074,
PMTR-13687		 SmartEvent Added ability to filter logs in queries and reports using the "Packets" field. 
PMTR-10072,
PMTR-3320,
02504996		 SmartEvent Automatic reaction is not initiated when selecting the "Send automatic reactions but do not generate an event" option in SmartEvent policy. 
PMTR-8959,
SL-1112		 Logging In some scenarios, the "Logs & Monitor" view is stuck on searching and does not respond to any query.
PMTR-13098,
02714001		 Threat Emulation  The system cannot emulate files due to lack of disk space.
Refer to sk124712
PMTR-14612,
PMTR-14587,
PMTR-14621,
PMTR-14619,
PMTR-16581		 Gaia OS Security hardening for Gaia OS WebUI.
PMTR-15646,
CLUS-938		 ClusterXL In CloudGuard Azure clusters environments, some packets are incorrectly identified as Cluster Control Protocol packets, potentially causing error logs related to cluster state. In some cases, this can lead to a cluster failover. 
PMTR-12884,
PMTR-12109		 SecureXL In some scenarios, when SecureXL is enabled, Security gateway crashes under heavy load while opening a new connection from template mask.
R80.10 Jumbo HotFix – General Availability Take 121 (24 June 2018, GA from 19 June 2018)
PMTR-14713 Data Center Security Appliances  Added support for 23900 appliances. Refer to sk107516
PMTR-8482,
02693254		 Security Management When configuring Legacy User Authentication rules, it is not possible to choose 'Group-With-Exclusion' in the option.
Refer to sk122100
PMTR-10959,
PMTR-10810		 Multi-Domain Management FWM process stops working during initialization when there are many VSs in database.
PMTR-9350,
CPM-1454,
PMTR-12823		 Multi-Domain Management Domain migration from R77.30 to R80.10 fails when the exported Domain is of a standalone machine.
PMTR-10811,
PMTR-10803,
CPM-1525		 Multi-Domain Management It is impossible to install policy from Domain Server after failing attempt to install policy from Multi-Domain Management Server.
PMTR-9439,
02644200		 Multi-Domain Management Import of R77.30 Security Management to R80.10 Multi-Domain Management using cma_migrate fails with "error 0x80004005 (Unspecified error)" in upgrade log.
Refer to sk120497.
PMTR-7160,
02718576		 SmartConsole
 In some cases, SmartConsole exits when changing a name entry in the user field.
Refer to sk122917.
PMTR-2800 SmartConsole In some scenarios, SmartLog returns results from time, different from the original query time.
PMTR-3115 SmartConsole
 When creating new 1400 SMB appliance in SmartConsole, the Platform Type menu is empty. 
Refer to sk111292.
PMTR-8793 SmartConsole The "api status" command was enhanced to include Apache status and to collect additional log files. 
PMTR-12268 SmartConsole
 When reinstalling policy on two cluster members, the override policy dialog does not display all cluster members in the list.
PMTR-7073,
PMTR-8716		 SmartConsole "Update operation failed" error when editing a group of Applications/Sites which are used in a Threat Prevention Exception rule. 
Refer to sk124932.
PMTR-10011 SmartConsole
 In some scenarios, when trying to remove gateways from VPN community or edit a VPN community object, the operation fails with "Update operation failed" error. 
VSECC-551,
PMTR-10257,
PMTR-10344		 CloudGuard OpenStack v3 is now supported on Keystone server v3.
PMTR-9619,
02665634		 Identity Awareness DynamicID authentication randomly stops working after policy installation. 
Refer to sk121213.
PMTR-13831,
PMTR-12971		 Logging

No "query resolution failed" logs on natted Management after following solution for Scenario 1 from sk100583.
PMTR-9968,
02562533		 Logging The 'Access Rule Name' field is blank/missing in "Logs & Monitor" view when using filter blade: "URL Filtering" or blade:"Application Control".
Refer to sk123974
PMTR-11244,
PMTR-11242		 Logging  When searching for logs in "Logs & Monitor" view with specific time filter from the past, the response may contain logs generated after that time range. 
PMTR-12009,
PMTR-12000,
PMTR-3665		 Logging  In SmartView Monitor, changes to the Threshold settings of a Gateway are not properly saved or shown. 
PMTR-12052,
01646584		 Cluster Various traffic issues on cluster due to FWD daemon taking all slots on cluster subscriber list.
Refer to sk109596
PMTR-11902, PMTR-13723, PMTR-13723, UP-11, UP-211 LTE Firewall session logs without application or protocol are generated.
Refer to sk123715.
R80.10 Jumbo HotFix - General Availability 112 (23 May 2018, GA from 19 June 2018)
PMTR-2477,
PMTR-10469,
PMTR-2468		 WebUI Gaia Portal shows blank page after log in with Firefox 5x or Chrome 66.
Refer to sk121373.
PMTR-8249 Security Management,
Multi-Domain Management		 Creating a Domain (Log) Server using an IP address that is already in use, fails with an uninformative error message "Update Domain 'name' failed:Create Domain: 'name' - Create Domain server 'name'.Cannot create domain 'name'".
PMTR-7418 Security Management FWM process stops working when there is a soft link to $FWDIR/tmp/fwmtrace.log file that reaches 2GB due to enabling debug for a long period of time. 
PMTR-8570,
02698348		 Security Management fw_loader process stops working due to invalid VPN community configuration.
PMTR-8206 Security Management "An internal error has occurred" message when trying to discard the disconnected session.
Refer to sk123741.
PMTR-6048,
PMTR-7403,
02512737		 Security Management In some scenarios, Compliance blade Best practices show incorrect “N/A” status. 
Refer to sk117292.
PMTR-5747 Security Management In some scenarios, CPM and Solr may consume high CPU, causing SmartConsole to disconnect.
PMTR-2649 Security Management

When connecting to an earlier revision version, some objects may not be visible if you:

  • ran Purge Revisions and rebooted your machine.
  • performed HA full sync from a Security Management server that ran Purge Revisions.
CPM-945,
PMTR-9176		 Security Management "You have reached the maximum number of active sessions" error on login failure when expired Web API sessions appear as disconnected in SmartConsole Sessions view and cannot be discarded.
PMTR-9180 Security Management

Performance and stability improvements in Security Management Server when using CloudGuard IaaS.
PMTR-7670 Security Management In some scenarios, policy installation does not progress when installing policy from several Domains simultaneously.
PMTR-9029 Multi-Domain Management

Global Domain Assignment may fail with "Global Domain Assignment Failed: Failed to connect to FWM" message when FWM is busy or not responsive.
PMTR-10840,
PMTR-8562,
02686845,
02686649		 Multi-Domain Management Some Security gateway objects are missing from the Gateways view in R80.10 Multi-Domain Management server after migration.
Refer to sk121890
PMTR-5840,
02540859		 SmartConsole When editing Security Management or Gateway object, the "The referred entity does not exist in the Certificate Authority" or “Failed to save object. Server error is: An internal error has occurred.” error pops up.
Refer to sk118938.
PMTR-10665 SmartConsole
 When running multiple scripts on short time intervals from the Management API, the progres of some of the scripts stops at 10-20%. 
PMTR-8679 SmartConsole

In Multi-Domain Management, reassign or removal of a Global Domain assignment fails if you clone an assigned Threat Prevention profile in the Local Domain.
PMTR-7874,
API-254		 SmartConsole
 In Multi-Domain Management, when the user overrides global values in the UI or the API and then performs 'show service', the global values are displayed instead of the changes  made by user.
When the user tries to override the global values twice, the second try fails with "Validation error" message. 
Refer to sk123334.
PMTR-9564,
API-283		 SmartConsole

The web_api_show_package.sh script fails if TLSv1.0 is disabled on Apache server, displaying errors:

ERROR: failed connecting to the server: 127.0.0.1
Script stopped running due to severe error!
PMTR-8136,
02726944		 SmartConsole
 Cluster object still appears in the MDS level after it was deleted from a Domain. 
Refer to sk123343.
PMTR-7942 SmartConsole Cannot open WebUI to cluster member if SecurePlatofrm Main URL of the cluster has been changed.
Refer to sk123195
PMTR-8929,
02733670		 SmartConsole
 "Validation error - Invalid Domain name at .<Domain name>" message after successful upgrade to R80.10 or when creating a Domain object with an invalid name.
PMTR-9333 SmartConsole Using Management API to get Access rule hit count values without specifying start date returns 0 hits for all rules.
Refer to sk123736.
PMTR-8114 SmartUpdate When clicking "Generate CPInfo" in SmartUpdate, the progress bar indicates that action is successful but CPInfo file is not created.
PMTR-5359 CloudGuard Data Center objects can be deleted for a short period of time due to disconnections of a Data Center.
PMTR-8934 Security Gateway Improved connectivity when using Domain objects and/or when gateway is configured as HTTP/HTTPs proxy. 
PMTR-3901 Security Gateway In rare scenarios, CPD process stops working when running for a long time period.
PMTR-11991  Security Gateway Traffic is droped with "Rulebase - ERROR" error in kernel debug.
Refer to sk133176
PMTR-3871 Gaia OS In some scenarios, routed process stops working when OSPF is configured.
PMTR-8801 Gaia OS Gaia OS hardening fix. 
PMTR-5560 Gaia OS  In some scenarios, routed process stops working when unnumbered interfaces are configured. 
PMTR-7741,
02553209,
02669458
 Logging When receiving logs with ELA protocol, FWD process core file may be generated. 
Refer to sk121594.
PMTR-5671,
02705815 		 SecureXL  When sending multicast packets to multiple receivers behind several interfaces and SecureXL enabled, either only the hosts behind the VLAN outgoing interfaces receive the multicast packets or none will receive them.  
Refer to sk122481.
PMTR-6725,
PMTR-11741 		 Identity Awareness PEP opens an unnecessary connection to PDP while there is no sharing configured between the PDP and PEP. 
PMTR-10466,
02758290,
02722485 		 HTTPS Inspection  Improved handling of Trusted CAs certificates when HTTPS Inspection is enabled.
Refer to sk122973
PMTR-7811,
PMTR-8999 		 Mobile Access SNX traffic is dropped by Security Gateway with "Rulebase - ERROR" message in "fw ctl zdebug drop" debug.
Refer to sk123336.
PMTR-10782 VSX CPM Server fails to start due to postgres idle open connections.
R80.10 Jumbo HotFix - General Availability Take 103 (12 Apr 2018, GA from 03 May 2018)
PMTR-7377 Security Management Management HA fails to synchronize with "The Security Management Servers contain different Hotfixes" error even though the same packages are installed on servers.
Refer to sk123048.
PMTR-7668 Security Management Upgrade might get stuck if there is not enough memory allocated to the upgrade process.
Refer to sk123136.
PMTR-6398 Security Management Externally managed gateways are displayed in SmartView Monitor although they should not be.
  • For each externally managed gateway that was already defined in the database, after Take installation, open this gateway object in SmartConsole, close the window and publish the session. After this you will not see them anymore in the SmartView Monitor.
Refer to sk122999.
PMTR-7583 Security Management If one administrator creates a rule, deletes it, and publishes the changed policy (meaning that the rule's creation and deletion were published together), other administrators connected via SmartConsole will see an "any any drop" rule in the policy where the original rule was meant to be created.
PMTR-7164,
PMTR-7803		 Security Management Management HA performance improvements.
Refer to sk123313.
PMTR-5407 Security Gateway Security fix for Client Authentication rule matching.
PMTR-3038 Security Gateway SecureXL forwards non-accelerated packets to the gateway, causing it to crash if the packet contains corrupted data.
PMTR-3433,
02667797		 SmartConsole
 "Could not delete object. An internal error has occurred" error when removing old Security gateway object.
Refer to sk121593.
PMTR-7055 SmartConsole After IPS update, protections with release date older than one year are removed from staging if they were changed during the update.
PMTR-7891 SmartConsole
 Performance improvement in basic Access policy functionalities (like add/remove rules and layer scroll).
PMTR-7565,
CPM-1375,
CPM-1277		 SmartConsole Delete operation of a service, source or destination in a single Publish operation does not appear in audit log, although it does exists in the Security Management server database.
Refer to sk123324.
PMTR-2666,
CRYPT-51		 SmartConsole
 "An error occurred while receiving the HTTP response to..." error when trying to log in to the R80.10 SmartConsole.
Refer to sk122073.
PMTR-2743 SmartConsole When publishing operation via API fails, the failure reason is not displayed.
Refer to sk121414.
PMTR-2445
 SmartConsole

Policy installation via API ends with unclear status: within the response, the "statusCode" field value is "in progress" and the "statusDescription" field value is "Performing Legacy data dump". 
Refer to sk121217.
PMTR-1489 SmartEvent In rare scenarios where R80.10 SmartEvent is managed by an R77.x Security Management server and there are many Domains which are updated/deleted/added, the dbsync process may stop working.
PMTR-697 Logging Added ability to filter the "File operation" field in SmartLog.
PMTR-3942,
02655514		 Logging In environments with large amount of gateways managed by a single Security Management server or Domain, FWM process stops working printing the "T_get_event: cannot register socket x (1024 sockets already registered for exp)" error to the fwm.elg file.
PMTR-7185 Logging On Multi-Domain Management, log storage maintenance does not work with SmartEvent, thus not freeing up the disk space.
PMTR-1483 Logging

In environments with many log activities, report generation may fail causing progress bar to stuck.
PMTR-6585 Gaia OS Deleting last backup IP address from VRRP Interface triggers a transition from master state to backup.
PMTR-5157 Gaia OS When a user invokes tcpdump on a 40GbE/100GbE interface, using mlx5_core driver 3.2-2.0.4.12, a small packet in a narrow size range causes a driver to crash. 
PMTR-5158,
PMTR-2681		 Gaia OS Multi-Queue (MQ) cores performance optimization.
PMTR-8779,
02707238		 Gaia OS After installing R80.10 Jumbo Hotfix Take_70, data and rules are not restored correctly with backup/restore via Gaia Portal -> Maintenance -> System Backup or CLISH backup/restore commands. 
Refer to sk123352.
PMTR-4236 Cluster In ClusterXL, when using VMAC, Gratuitous ARP Request (GARP) packets are generated with both VMAC address and physical MAC address.
PMTR-7312,
PMTR-791		 Cluster Enhancement: adding a grace period before failover when detecting 'Interface Active Check' state to prevent unneeded failovers.
PMTR-4475 DLP Files are not deleted from the $FWDIR/tmp/dlpu directory causing the Security gateway's hard drive to fill up.
PMTR-6303,
IDA-762		 Identity Awareness In rare scenarios, when Terminal Server Identity Agent is used and SecureXL is enabled, connections from the Terminal Server can be matched on the wrong user. 
PMTR-6581,
02398542,
02500815		 Identity Awareness In some scenarios, Kerberos based authentication fails when Kerberos ticket is encrypted using AES-128.
Refer to sk111945.
MAGB-254,
MAGB-268,
PMTR-5386		 Mobile Access

"Mobile Access - Reject. Reason: Error in disconnecting user. Access Denied." message in SmartLog when user tries to use the SNX Network Mode.  
Refer to sk123037.
PMTR-6169,
MAGB-240		 Mobile Access When a browser sends a cookie that it got from another page on a different port, the Mobile Access gateway does not recognize the cookie. 
PMTR-2141 VPN In a certain Remote Access flow, Security gateway crashes when kernel cannot allocate memory.
PMTR-4469  Compliance First Scan must be performed after R80.10 Jumbo Hotfix installation to update the Best Practice IPS114.
Initial First Scan in Compliance blade:
  1. From the CLI, enter Expert mode, run dbedit and press Enter for Server name.
  2. In DBedit type: grc_test_elements grc_interpreter first_scan true.
    Then type update_all 
    You should get a message "grc_test_elements::grc_interpreter Updated Successfully".
  3. Verify the value of first_scan is true by typing:
    print grc_test_elements grc_interpreter
  4. Quit.
  5. Perform Full Scan in Compliance blade via the SmartConsole or type interpreter full_scan. 
GAIA-2218,
PMTR-9922		 Smart-1 On Smart-1 525 appliance, Raid diagnostics from Clish and WebUI display status "Degraded" instead of "Optimized" when two disks are 100% synced. 
Refer to sk123847.
PMTR-14895 VSX After updating Virtual System object and pushing configuration to VSX object, most of the routes are removed. 
R80.10 Jumbo HotFix - General Availability Take 91 (6 Mar 2018, GA from 01 Apr 2018)
PMTR-5419,
PMTR-2799,
PMTR-5418		 Security Management Cannot delete OPSEC application with AMON entity.
Refer to sk121377.
PMTR-507 Security Management FWM process stops working in case a malformed license file is reported from the Security gateway.
PMTR-3190 Security Management When installing policy following Global Domain Assignment a false message of “policy installation is currently in progress" appears, while there isn’t any.
Refer to sk122253.
PMTR-3847 Multi-Domain Management "Get License" operation in SmartUpdate of Multi-Domain Management hangs on "Operation started" stage.
PMTR-6825,
PMTR-7453,
CPM-456		 Multi-Domain Management Cannot change the IP address of Domain Server when using R80.10 GA Take 462 or Takes 70, 79 and 85 of the R80.10 Jumbo Hotfix Accumulator.
PMTR-3718 Multi-Domain Management Synchronization failure after purge operation in MDS level.
PMTR-6095 Multi-Domain Management Only a single report is generated in SmartView MDS level when selecting multiple Domain Management Servers.
PMTR-2815,
API-196		 SmartEvent "SmartView server certificate is invalid" error when connecting to Domain (via SmartConsole) from MDS level and navigating to 'Logs and Monitor' tab.
Refer to sk121443.
PMTR-3271 Security Gateway When installing policy on gateways with different profiles (where netquota or malicious IPs protection is enabled on one of the profiles), traffic is dropped with "dropped by fw_runfilter_ex Reason: function does not exist" error.
Refer to sk123040.
PMTR-3544 Gaia OS Random routes are sometimes missing after rebooting the system.
PMTR-3783 Gaia OS routed process stucks at slave/slave state in ClusterXL setup.
PMTR-1602 Gaia OS routed process restarts infrequently when Bootp/DHCP Relay is enabled.
PMTR-3546 Gaia OS routed process repeatedly exits on standby cluster member when VPN is configured on a cluster.
GAIA-1619 Gaia OS Security hardening for Gaia Clish.
PMTR-3318,
02639628		 Gaia OS Security gateway may crash during unmount operation on a remote network filesystem (samba).
PMTR-4374,
02677981		 ClusterXL Active member in ClusterXL HA sends an ARP request for cluster VIP causing a temporary outage. This can happen in a rare scenario as described in sk121846
PMTR-4362,
PMTR-1582		 DLP DLP Exchange Server Agent load when Security gateway is configured as MTA was optimized to enable a better stability of MTA functionality.
PMTR-5289 VSX

Threat Prevention blade failure can occure in the following scenarios:

  1. No Threat Prevention blade is active on VS0 and a Threat Prevention blade is active on a different VS
  2. That VS has no connectivity to the Internet
  3. VS0 has connectivity to the Internet but through a proxy
PMTR-4457 VPN BGP traffic initiated by the gateway is not matched by the VPN directional rule.
PMTR-2372 VPN IPsec renegotiation fails with peer DAIP gateways. 
R80.10 Jumbo HotFix - General Availability Take 85 (15 Feb 2018)
Note: include support for Smart-1 525/5050/5150 appliances
PMTR-7017 Smart-1 Added support for Smart-1 525 / 5050 / 5150 appliances. Refer to sk120453.
R80.10 Jumbo HotFix - Ongoing Take 79 (05 Feb 2018)
PMTR-2818 Security Management Some API commands fail with "Internal error" message when called with "details-level" flag set to "full".
Refer to sk121475.
PMTR-2819 Security Management The "show gateways-and-servers" API command fails with the "Runtime error: An internal error has occurred." error.
PMTR-2812 Security Management After global policy assignment, when running the "show access-rulebase" API command with a filter, no results are shown.
API-120 Security Management When executing an API request via CLI, cannot set the custom timeout using the "-conn-timeout" flag. The default timeout of 3 minutes is always used. 
PMTR-4816,
PMTR-4499		 Security Management Stabilization improvement of fwm, fw_loader and dbedit Security Management processes. 
PMTR-2597 Security Management Enhancement: Improved policy installation performance when installing policy on multiple targets.
CPM-654,
PMTR-2439		 Multi-Domain Management Deletion of Domain Management Server might fail on timeout when few dozens of administrators with customized permission profiles are assigned to the Domain Management Server.
IDA-170,
PMTR-2973		 Identity Awareness  When Full Identity Agent is used with packet tagging feature, Anti-Spoofing may not be enforced for some of the connection packets.
PMTR-2944 Identity Awareness Many "ida_classifier_send_log_cb: dst clob is active but there is no identity sharing!" errors in /var/log/messages file after upgrade to R80.10. 
PMTR-3375 Logging  Logs are shown with delay after policy installation if there are more than ten thousands Binary Large Objects (BLOBs) on the Log Server.
PMTR-5782 Logging  When more than 50 Log servers are created in SmartEvent, sometimes a Log server the administrator is searching for is not in the query and is not available for service. 
R80.10 Jumbo HotFix - General Availability Take 70 (15 Jan 2018)
TPM-494 Multi-Domain Management Global policy assignment fails after removing staging overrides in the Global Domain.
PMTR-1458,
02659051		 Multi-Domain Management  Attaching a central license from Multi-Domain Management to a Domain/CMA creates duplicate license objects in SmartUpdate, which cannot be deleted.
Refer to sk120833.
API-146 Security Management  Enhancement: New flags to control the API commands output in full details level.
Refer to sk121292
API-124 Security Management The "show-access-rulebase" API command fails if the rulebase contains rules with "Encrypt" or "Client Encrypt" action.
CPM-948 Security Management There is no status in the SmartView Monitor for Mobile Access blade. 
PMTR-2379 Security Management querydb_util generates core file when cannot connect to Security Management server. 
PMTR-2376 Security Management fwm process is down during gateway creation after configuring shared secret for VPN community. 
PMTR-2722 Security Management After reboot or HA Full sync, some objects are not visible in a specific private session. 
PMTR-712 Security Gateway CPD process exits with core dump generated while stopping CPD / rebooting the system / restarting watchdog.
PMTR-1310 Security Gateway Connections configured with Drop and Block message were actually dropped, but log appears as Accept log.
PMTR-1388 Security Gateway  Upon packet loss, the clients' retransmit "strategy" triggers an issue of reassembling the TCP stream incorrectly. The SSL stream cannot be decrypted like this, so the SSL session is closed. 
Refer to sk121738.
PMTR-2660,
02666905		 Security Gateway When DHCP is configured to work with VPN, DHCP Relay traffic is dropped. 
PMTR-709 Logging Enhancement: Allow viewing HTTPS related fields according to permission profile in LEA. When configuring a permission profile that allows HTTPS, you will be able to see the related fields when receiving them with LEA OPSEC client, instead of obfuscating them.
PMTR-1771,
02525352		 Gaia OS  Gaia backup files are not created on Multi-Domain Management server.
Refer to sk119401
PMTR-2368 Gaia OS  Configuring more than 200 logical interfaces can cause routed to crash upon the next change in configuration.
PMTR-1442,
02554018		 SmartLog  SmartConsole search does not work for strings that include non-English characters. For example, Cyrillic characters and characters with accent marks.
Refer to sk120293
PMTR-1224,
02562873		 SmartLog  After performing a Gradual Upgrade of the Domain Management Server, no logs are displayed in the relevant domain until running the mdsstop;mdsstart commands on MLM.
TEX-412 Threat Extraction Security enhancements for Data Loss Prevention and Threat Extraction blades
PMTR-1932, 02590986  Threat Emulation Links inside email with domain suffix (e.g. www.example.com) are emulated as .com files. 
PMTR-2891
 Anti-Virus,
Threat Emulation 

Enhancement in Anti-Virus to allow replacement of Kaspersky Labs components.
For removal instructions see sk118539. For further information visit http://www.checkpoint.com/kaspersky
PMTR-1303  Mobile Access  Connection to internal sites or Capsule Docs server via Mobile Access Blade's Reverse Proxy feature fails due to an incorrectly forwarded 'Host' header. 
PMTR-2089  Mobile Access An incorrect policy installation warning "R80.10 gateways cannot be included in the Mobile Access Legacy Policy when Mobile Access Unified Policy is the selected policy source" is shown when installing the Access Control policy on a Mobile Access gateway and the legacy Mobile Access policy is empty. 
PMTR-1183  URL Filtering  Enhancements in categorization in cases where only URL Filtering is enabled. 
PMTR-2594  HTTPS Inspection HTTPS based traffic is bypassed when using a category based HTTPS inspection rulebase on a SMB gateway without URL Filtering blade enabled. 
R80.10 Jumbo HotFix - General Availability Take 56 (23 Nov 2017)
PMTR-683,
02648460		 Security Management Users that are not configured with Multi-Domain super user permissions, experience slowness in running queries.
PMTR-2697 Security Management FWM process restarts when trying to read the $FWDIR/tmp/fwmtrace.log file from an incorrect directory where this file does not exist.
R80.10 Jumbo HotFix - Ongoing Take 53 (25 Oct 2017)
PMTR-1702 Security Management Policy installation fails when Access Role is configured in the Access Control policy on a gateway with no Identity Awareness enabled. 
SMCPOL-122 Security Management When policy installation fails with "Operation incomplete due to timeout" error, timeout can be increased via GuiDBedit Tool.
Refer to sk112353
CPM-830 Security Management FWM process crash in Management HA environment when $FWDIR/tmp/fwmtrace.log file reaches 2GB.
PMTR-738,
02608827		 Security Gateway Cluster member IP addresses is not added correctly during policy generation. 
PMTR-1421 Gaia OS  Outputs of "top" and "ps -aux" commands show lspci as zombie process.
Refer to sk121891.
PMTR-330 DLP  Enhancement: Maximum allowed SMTP headers length can be configured.
Refer to sk119293.
PMTR-332 DLP Enhancement: Improved DLP stability.
GM-2855  SMB Appliances Enhancement: IPv6 support for 700 / 1200R / 1400 SMB Appliances.
Refer to sk118816.
R80.10 Jumbo HotFix - General Availability Take 42 (17 Sept 2017)
Note: This Take replaces Take 40 released on 12 Sept 2017.
It is recommended to install Take 42
GAIA-1060
 Security Gateway SIC status is "Not Communicating" and CPD process restarts after installing R80.10 Jumbo HotFix Take 40.
Refer to sk120494.
UP-94,
02556604		 Security Gateway Websites with short Host headers (like ab.com) cannot be loaded.
TEX-328 Threat Extraction Security gateway hangs when enabling Threat Extraction Web API.
TPM-373 Threat Prevention The API command "show threat-profile" wrongly reports configuration of internal settings which causes failure in certain scenarios. 
PMTR-748 Anti-Virus, Anti-Bot Crash in Anti-Virus & Anti-Bot blades. 
CPM-806 Security Management Policy installation fails on DAIP gateways after changing Domain Server from Standby to Active.
PMTR-464 Security Management After upgrade to R80.x, Administrator's "email" field does not show in SmartConsole. 
PMTR-466 Security Management Rulebase initialization fails after CMA migration from R77.30 to R80.10 via cma_migrate.
TPM-419  SmartConsole After a period of time in which multiple IPS updates have been performed, the database size can become very large because of unused data. 
  • Enhancement: new procedure to clean old / unused IPS version in the database
TPM-334  SmartConsole  Geo policy allows to configure several rules for the same country, causing incorrect policy enforcement.
PMTR-631 SmartEvent  In SmartEvent policy, when selecting two 'Event Fields' with the same 'Log Field' in 'Event Format' tab, the Event fails to generate. 
PMTR-625 SmartEvent When automatic reaction mail is sent, the resolving name of source and destination is missing and only the source and destination IP address is shown. 
PMTR-655 SmartEvent When automatic reaction email is sent, wrong "Start time" is displayed.
R80.10 Jumbo HotFix - Take 37 (04 Sept 2017)
PMTR-397 Security Gateway  export_p12 feature is missing in VPN utilities.
PMTR-418 Security Gateway Security Gateway / Active cluster member freezes / locks up randomly.
Refer to sk114977.
PMTR-454 Security Gateway  Login to Smart Console fails with "The server did not provide a meaningful replay; This might be caused by a contract mismatch, a Premature session shutdown or an internal server error" error. 
PMTR-469 Security Gateway  FWM process consumes high CPU in case of unreachable DAIP objects existing in the system.
PMTR-458 Security Gateway  Enhancement: Performance of Global Domain Assignment for Open Servers with 9-24 GB memory is improved.
PMTR-473 Security Gateway Enhancement: Improved Security Gateway stability when it is configured as proxy. 
BS-175 Security Gateway  Some objects are missing when querying for unused objects.
SL-441 Security Gateway  In environment with more than 50 Log servers, log queries return results only from 50 log servers.
GAIA-634 Gaia OS  Enhancement: Improved clish stability.
CPM-792 Security Management  Log Server status in Monitoring view is not presented for cluster members of Full HA environment. 
CPM-734 Multi-Domain Management Global policy assignment fails after section manipulation in the Global Domain's rulebase. 
BS-149 Multi-Domain Management Policy installation from Multi-Domain Management following a Threat policy uninstall, fails.
API-99  SmartConsole Security Management API server fails under heavy load.
Refer to sk119553.
API-92 SmartConsole
 API "show-packages" (when set to "details-level" : "full") fails where the revision in one of the package’s installation targets has been purged from the database.
API-93 SmartConsole  If object is used inside a disabled rule, the "where-used" Security Management API command shows that the rule is enabled. 
API-94 SmartConsole  Reply to Security Management API "show-gateways-and-servers" misspells the name of the "identity-awareness" blade as "identical-awareness".
API-88 SmartConsole Under certain conditions, after restarting Security Management Server, the API server, although configured to accept requests from GUI clients, no longer does so, but reverts to the default behavior of accepting only calls from the local host.
R80.10 Jumbo HotFix - General Availability Take 35 (22 Aug 2017)
MAGB-27, MAGB-28  Mobile Access  Improved stability of Mobile Access WebMail application.
PMTR-172  Security Gateway Security hardening for Client Authentication portal.
CPM-534 Security Management  migrate_global_policies and cma_migrate commands can run when processes are down. 
PMTR-436  Security Management  Long duration of policy installation for large number of NAT rules.
CPM-665  Security Management  Performance improvements.
DP-1079 Check Point Appliances  "Can't validate base version is a GA take of R80.10" error message when installing Jumbo Hotfix Accumulator Take 24 on 405 / 410 appliances.
R80.10 Jumbo HotFix - General Availability Take 24 (01 Aug 2017)
PMTR-290
 Application Control Support for user-defined application with encoded escaped characters within the URL.
GAIA-760 Gaia OS  BGP does not work for VTIs and Point-to-Point interfaces with mask length of 32 with Virtual IPs. 
TEX-329  DLP, Threat Extraction  Security enhancements for Data Loss Prevention and Threat Extraction blades. 
02559994,
PMTR-385 		 SmartLog  On Open Servers with 24G-35G of RAM running R80.10 Jumbo Hotfix (Take 10/15/18) logs are not indexed and SmartLogs queries fail.
R80.10 Jumbo HotFix - General Availability Take 18 (24 July 2017)
ACM-520 Application Control Improved Policy Verification for Pre-R80.10 Security Gateways that support only services of type "TCP" or ‎"UDP" in the Application Control layer.
02522974, PMTR-100 Identity Awareness Improved Access Role identification for different login/logout scenarios.
02524894, PMTR-99 Security Management Automatic NAT rule is not removed after the corresponding network object is removed.
02521459, GM-2678 Security Management Policy installation fails in some cases when installing policy on all managed Security Gateways at once, if Security Management manages both standard Security Gateways and UTM-1 Edge devices.
R80.10 Jumbo HotFix - General Availability Take 15 (11 July 2017)
02536538,
PMTR-147		 Security Gateway Improved URL recognition mechanism for Anti-Virus, Anti-Bot, and URL Filtering blades.
PMTR-44 vSEC vSEC objects are not enforced on part of the gateways. Problem is relevant only for large scale environment with more than 50 gateways/cluster/vs/member.
PMTR-45 vSEC In large scale Azure environments, Data Center objects are partialy imported.
PMTR-167 SmartView Security hardening of SmartView.
02539824,
PMTR-164		 Security Management Security Management access hardening.
R80.10 Jumbo HotFix - General Availability Take 10 (28 June 2017)
02530810 Smart-1 Added support for Smart-1 405 / 410 appliances.
Refer to sk117578.
02524737,
PMTR-88		 VSX Wrong license status for 'Virtual Systems' blade for VSX objects in R80 SmartConsole.
R80.10 Jumbo HotFix - Take 7 (22 June 2017)
02528737,
02529416,
02533097,
CPM-535		 Multi-Domain Management Several cpsm-domains-X licenses are counted only once.
Refer to sk118316.
02520574, CPM-462 Multi-Domain Management Upgrade failure of secondary Multi-Domain Log Server when using NGX license.
02520796,
CPM-460		 Multi-Domain Management mds_import fails with "CPM server failed to start, see server logs" message when trying to import a database exported from R80.10 Multi-Domain Management Server.
02524769,
PMTR-87		 Security Management While updating a User name, the logged in User name in the logs is wrongly reported with the old User name.
02449460, CPM-465 Security Management Management High Availability synchronization between primary server upgraded from R80 Jumbo Hotfix to R80.10 and new R80.10 secondary server, fails.
02532395,
ACM-335		 Security Management,
Security Gateway		 Security rules that should be installed on a specific Security Gateway wrongly can be installed on another R80.10 Security Gateway.
Refer to sk118153.
02526608,
PMTR-81		 Security Gateway Improved non-compliant HTTP protection to enforce more rare cases of non-compliant HTTP traffic.
02523046, PMTR-47 Security Gateway in.emaild.mta process may crash randomly (once every few days was observed) when the Security gateway is configured as Mail Transfer Agent (MTA). Mails under inspection may be delayed by up to a few minutes.
02513631, PMTR-96 IPS When an IPS protection is overridden, it is enforced correctly however it may cause higher performance load.
PMTR-98  SmartConsole  Translated Source column with "Original" object wrongly has a Hide NAT option.
R80.10 Jumbo HotFix - General Availability Take 3 (06 June 2017)
02521398 Threat Emulation Fixed Mail Transfer Agent (MTA) enforcement issue.

 

Installation instructions

Procedure:

  • Show / Hide instructions for installation in Gaia Portal - using CPUSE (Check Point Update Service Engine)

    • Offline installation

      Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").

      1. Install the latest build of CPUSE Agent from sk92449.
      2. Connect to the Gaia Portal on your Check Point machine and navigate to Upgrades (CPUSE) section - click on Status and Actions.
      3. In the upper right corner, click on the Import Package button.
      4. In the Import Package window, click on Browse... - select the CPUSE package (either offline TGZ file, or exported TAR file) - click on Import.
      5. Above the list of all software packages, click on the Showing Recommended packages button - select All.
      6. Select the imported package Check Point R80.10 Jumbo hotfix T<number> for sk116380 - click on More button on the toolbar - click on Verifier (or right-click on the package and click on Verifier).
      7. Select this package and click on Install Update button on the toolbar.


  • Show / Hide instructions for installation in Gaia Clish - using CPUSE (Check Point Update Service Engine)

    For detailed installation instructions, refer to CPUSE - Gaia Software Updates (including Gaia Software Updates Agent) - section "(4) How to work with CPUSE".

    • Offline installation

      Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").

      1. Install the latest build of CPUSE Agent from sk92449.
      2. Connect to command line on target Gaia OS.
      3. Log in to Clish.
      4. Acquire the lock over Gaia configuration database:
        HostName:0> lock database override
      5. Import the package from the hard disk:
        Note: When import completes, this package is deleted from the original location.
        HostName:0> installer import local <Full_Path>/<Package_File_Name>.TGZ_or_TAR
      6. Show the imported packages:
        Note: Refer to the top section "Hotfixes" - refer to "Check Point R80.10 Jumbo hotfix T<number> for sk116380"
        HostName:0> show installer packages imported
      7. Verify that this R80 Jumbo Hotfix Accumulator package can be installed without conflicts:
        HostName:0> installer verify <Package_Number>
      8. Install the imported package:
        HostName:0> installer install <Package_Number>

 

Uninstall instructions

Important Note: This Jumbo Hotfix Accumulator removes all its packages during uninstall.

Procedure:

  • Show / Hide instructions for uninstall in Gaia Portal - using CPUSE (Check Point Update Service Engine)

    1. CPUSE Software Updates Policy should be configured to allow self-update of CPUSE Agent.
      Otherwise (and if this machine is offline), users should manually install the latest build of CPUSE Agent from sk92449.
    2. Connect to the Gaia Portal on your Gaia machine and navigate to the 'Upgrades (CPUSE)' section - click on 'Status and Actions'.
    3. Above the list of all software packages, click on the 'Showing Recommended packages' button - select 'All'.
    4. Right-click on the Jumbo Hotfix Accumulator package - click on 'Uninstall'.
    5. A warning will be displayed that after this uninstall, the machine will be automatically rebooted.
      Click on 'OK' to start the uninstall.


  • Show / Hide instructions for uninstall in Gaia Clish - using CPUSE (Check Point Update Service Engine)

    1. CPUSE Software Updates Policy should be configured to allow self-update of CPUSE Agent.
      Otherwise (and if this machine is offline), users should manually install the latest build of CPUSE Agent from sk92449.
    2. Connect to command line on Gaia OS.
    3. Log in to Clish.
    4. Acquire the lock over Gaia configuration database:
      HostName:0> lock database override
    5. Uninstall the package:
      HostName:0> installer uninstall <Package_Number>
      Note: The progress (in per cent) will be displayed in Clish.
    6. Machine will be rebooted automatically.


 

List of replaced files

List of files replaced by this Jumbo Hotfix Accumulator can be provided upon request by Check Point Support.


Revision History

Show / Hide revision history

Date Description
12 Nov 2018 
  • Released Take 167 of R80.10 Jumbo Hotfix Accumulator
  • Added R80.10 SmartConsole Build 089
23 Oct 2018 Take 154 of R80.10 Jumbo Hotfix Accumulator is now in General Availability 
16 Oct 2018 Released Take 154 of R80.10 Jumbo Hotfix Accumulator
02 Oct 2018 
  • Released Take 151 of R80.10 Jumbo Hotfix Accumulator
  • Added R80.10 SmartConsole Build 073
2 Sep 2018  Added PMTR-14532 to Take 131
30 Aug 2018  Updated description of PMTR-19132
27 Aug 2018 Added PMTR-17399, PMTR-14653 and PMTR-12446 to Take 142
21 Aug 2018 Released Take 142 of R80.10 Jumbo Hotfix Accumulator
19 July 2018 Released Take 131 of R80.10 Jumbo Hotfix Accumulator
03 July 2018 Added R80.10 SmartConsole Build 056
19 June 2018 Take 112 of R80.10 Jumbo Hotfix Accumulator is now in General Availability
12 June 2018 Take 112 for Smart-1 525/5050/5150 appliances was removed.
28 May 2018 Added R80.10 SmartConsole Build 042
23 May 2018 Released Take 112 of R80.10 Jumbo Hotfix Accumulator 
3 May 2018
  • Take 103 of R80.10 Jumbo Hotfix Accumulator is now in General Availability
  • Important Notes were updated
12 Apr 2018 Released Take 103 of R80.10 Jumbo Hotfix Accumulator 
01 Apr 2018 Take 91 of R80.10 Jumbo Hotfix Accumulator is now in General Availability 
21 Mar 2018 Take 85 of R80.10 Jumbo Hotfix Accumulator is now in General Availability 
06 Mar 2018 Released Take 91 of R80.10 Jumbo Hotfix Accumulator 
15 Feb 2018 Released Take 85 of R80.10 Jumbo Hotfix Accumulator
05 Feb 2018
  • Released Take 79 of R80.10 Jumbo Hotfix Accumulator
  • Take 70 of R80.10 Jumbo Hotfix Accumulator is now in General Availability 
15 Jan 2018 Released Take 70 of R80.10 Jumbo Hotfix Accumulator 
18 Dec 2017 Added R80.10 SmartConsole Build 013
12 Dec 2017 Take 56 of R80.10 Jumbo Hotfix Accumulator is now in General Availability
23 Nov 2017 Released Take 56 of R80.10 Jumbo Hotfix Accumulator 
07 Nov 2017  Added CPUSE Online Identifier of Take 53
25 Oct 2017 Released Take 53 of R80.10 Jumbo Hotfix Accumulator 
24 Sep 2017 Added note regarding CPUSE Agent build 1298 
18 Sep 2017 Added reference to sk120494
17 Sep 2017  Released Take 42 of R80.10 Jumbo Hotfix Accumulator
12 Sep 2017  Released Take 40 of R80.10 Jumbo Hotfix Accumulator
04 Sep 2017 Released Take 37 of R80.10 Jumbo Hotfix Accumulator 
22 Aug 2017 Released Take 35 of R80.10 Jumbo Hotfix Accumulator 
09 Aug 2017 Added note regarding SmartConsole Build 005 
01 Aug 2017 Released Take 24 of R80.10 Jumbo Hotfix Accumulator 
27 July 2017

Added the following notes:
24 July 2017 Released Take 18 of R80.10 Jumbo Hotfix Accumulator
Released updated R80.10 SmartConsole for R80.10 Jumbo Hotfix Accumulator (for Take 7 and above)
19 July 2017 Added an important note that to check the Take number of the installed R80.10 Jumbo Hotfix Accumulator, user should run the "cpinfo -y all" command
11 July 2017 Released Take 15 of R80.10 Jumbo Hotfix Accumulator
28 June 2017 Released Take 10 of R80.10 Jumbo Hotfix Accumulator
22 June 2017 Released Take 7 of R80.10 Jumbo Hotfix Accumulator
06 June 2017 First release of R80.10 Jumbo Hotfix Accumulator (Take 3)

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment