Support Center > Search Results > SecureKnowledge Details
Jumbo Hotfix Accumulator for R80.10 (R80_10_jumbo_hf) Technical Level
Solution
Click Here to Show the Entire Article

Availability | Important Notes| List of resolved issues | Installation instructions | Uninstall instructions | Revision History

 

Introduction

R80.10 Jumbo Hotfix Accumulator is an accumulation of stability and quality fixes resolving multiple issues in different products.

This Incremental Hotfix and this article are periodically updated with new fixes.

The list below describes each resolved issue and provides the Take number which includes the fix. A resolved issue is included in the Incremental Hotfix starting from the Take number listed in this table (inclusive). In addition, the table includes the date the take was published. List of files replaced by this Jumbo Hotfix Accumulator can be provided upon request by Check Point Support.

The Jumbo Hotfix Accumulator supports these products and configurations: Security Gateway, StandAlone, Security Management Server, Multi-Domain Management Server, Log Server, Multi-Domain Log Server, SmartEvent Server, Endpoint Security Server, VSX, Cluster and  CloudGuard / vSEC for AWS, Microsoft Azure and Google Cloud (see sk109141).

  • Install this Jumbo Hotfix Accumulator only after you successfully complete the Gaia First Time Configuration Wizard and reboot.
  • We recommended to install Jumbo Hotfix Accumulator on all R80.10 devices.
  • Each of the Jumbo Hotfix Accumulator Takes is based on Check Point R80.10.
  • For CPUSE installation, use CPUSE Agent build 1848 and higher (refer to sk92449).

Also refer to sk98028 - Jumbo Hotfix Accumulator FAQ.

 

Availability

Effective October 16th, 2018, the R80.10 image has been replaced with Take 479.
R80.10 image Take 479 can be installed with R80.10 Jumbo Hotfix Accumulator Take 154 and higher.
R80.10 image Take 462 can be installed with R80.10 Jumbo Hotfix Accumulator Take 70 and higher.
R80.10 image Take 421 can be installed with any released R80.10 Jumbo Hotfix Accumulator Take.

  • General Availability Take

    Take_283 is the latest R80.10 Jumbo Hotfix Accumulator General Availability release that can be directly downloaded from Check Point Cloud using CPUSE and from this article:

    Product Take Date CPUSE offline
    package
    SmartConsole package
    All suitable
    (except Smart-1 525/5050/5150 appliances)
    Take_283 07 Oct 2020 (TGZ) (EXE)
    Build 183 
    Smart-1 525/5050/5150 appliances (TGZ)
    Blink Image for Security Gateway (All suitable)
    Clean Install / Upgrade
    R80.10 GA Take + Jumbo HF Take_283 26 Nov 2020 (TGZ)
    Blink Image for Security Management - Clean Install
    (All except Smart-1 525/5050/5150 appliances)
    (TGZ)
    • For Gaia Fast Deployment mechanism "Blink", refer to sk120193.

    • Effective October 7th 2020, SmartConsole package has been updated (Build 183)

     

 

Take 283 | Take 279 | Take 278 | Take 275 | Take 272


Important Notes

  • R80.20 GA release is aligned with R80.10 Jumbo Hotfix Accumulator Take 142.
  • R80.30 GA release is aligned with R80.10 Jumbo Hotfix Accumulator Take 203.
  • To check the Take number of the currently installed R80.10 Jumbo HotFix (if it is installed), run: [Expert@HostName:0]# cpinfo -y all
  • Before you perform an upgrade, refer to sk164258 to check the compatibility of Jumbo Hotfix Takes between different releases.
  • Starting from Take 245,  on a Multi-Domain Server/Multi-Domain Log Server, several Domain smartlog_server processes may fail to load printing a "Failed to start web server (Probably another server listens on the same port)" message into smartlog_server.elg file. Refer to sk165262.
  • Starting from R80.10 Jumbo Hotfix Take 275, clients that do not support MFA (such as Mac OS and iOS) cannot connect as Remote Access clients if MFA is enabled.
  • For information about Jumbo Hotfix support on different appliances, refer to sk166536.

 

List of resolved issues per HotFix Take

ID Product Description
R80.10 Jumbo HotFix - General Availability Take 283 (07 October 2020, GA from 26 November 2020)
PRJ-15562,
PRHF-12170
Security Management NEW: In some scenarios, modifying or deleting objects in bulk may cause slowness in SmartConsole responses and long duration of operations. Ability to improve performance in such cases was added. Refer to sk135972.
PRJ-12062,
PMTR-51885
Security Management NEW: Tasks that fail to complete within 18 hours will be stopped automatically and appear as failed. Refer to sk166455.
PRJ-15498,
PMTR-56638
Security Management NEW: The $MDS_FWDIR/scripts/cpm_status.sh script will show if the CPM process fails to start. 
PRJ-15494,
PMTR-57275
Security Management $MDS_FWDIR/scripts/solr_start.sh script may fail to start Solr Cure if sk123417 is applied.
PRJ-10056,
PRHF-8924
Security Management In some scenarios, Security policy deletion or installation may fail when there are many Application Control objects used in this policy.
PRJ-7003,
PMTR-39797
Security Management In a rare scenario, the $CPDIR/tmp/ directory is filled with "CKP_mutex::_opt_CPsuite-RXX_fw1_log__..." files. Refer to sk36754.
PRJ-13046,
PRHF-11033
Security Management After the user adds new Threat Indicators, Management HA may fail with "NGM failed to import data" error. Refer to sk167156
PRJ-13610,
PRHF-11300
Security Management In rare scenarios, the "where-used" API command fails with "Management server failed to execute command" error. 
PRJ-13460,
PMTR-54975
Security Management In rare scenarios, Install Policy Presets are not triggered.
PRJ-14294,
PRHF-11704
Security Management In rare scenarios, High Availability sync fails with "Ngm failed to import data" error after the user deletes a Permission Role. 
PRJ-15456,
PRHF-6093
Multi-Domain Management Policy Installation may fail due to an internal error in an MDS environment where there is a Global Dynamic object usage inside Networks Groups with a depth that is higher than 2-level (group inside a group).
PRJ-14452,
PRHF-11940
Multi-Domain Management Policies may disappear from the Global Domain Assignments view after the user runs the Solr Cure utility. Refer to sk168060.
PRJ-16424,
PMTR-58559
Multi-Domain Management Management HA incremental synchronization may break in the MDS level with "failed to import data" error message due to an operation related to the Compliance Blade.
PRJ-12243,
PRHF-10477
Multi-Domain Management In some scenarios, a Global Administrator connected to the Logging and Monitoring view in MDS cannot see auto-complete suggestions when typing in the logs search box. Refer to sk166752
PRJ-16435,
PRHF-12236
Multi-Domain Management After upgrading a Multi-Domain Management Server, the object version of the Domain Management Servers or Domain Log Servers in the MDS SmartConsole may not have changed.
PRJ-13453,
PRHF-10952
SmartConsole In some scenarios, Management API commands with 'details-level'=full return a truncated output.
PRJ-16212 SmartConsole In some scenarios, the user cannot establish SIC between R80.10 Security Management and R77.30 Security Gateway. 
PRJ-15970,
PRHF-10916
SmartConsole A Global Policy reassignment in the MDS may fail with an "internal error" message after the user deletes Snort protections and chooses to manage protection actions.
PRJ-13026,
PMTR-51691
SmartConsole When a VSX Cluster object is edited, no changes are made and the "Topology has changed. Please reinstall Security Policy" message is always displayed after clicking OK, even if no changes are made.
PRJ-13005,
PRHF-10998
SmartConsole In the Management API, the "show objects" command with details-level full may return the "ip-address" field even if it is empty.
PRJ-15369,
PMTR-57065
SmartConsole The user may not be able to delete objects that are referenced by a previously deleted policy. Refer to sk122954
PRJ-12852,
PRHF-10453
SmartConsole Hit count data may not be deleted automatically. 
PRJ-12702,
PRHF-10295
SmartView The SmartView Timeline may be distorted when logs contain an empty value for the field specified in the “Series” settings and when the Legend is enabled. Refer to sk167095.
PRJ-13390,
CRYPT-19
SmartEvent SmartEvent may not read logs from the external Security Management Server after the user applies sk35288. Refer to sk123493.
PRJ-4108,
SL-1767
SmartEvent In a SmartEvent policy, adding an exclusion for a sensor alert event by event id (e.g., id=20300) causes policy install failure. Refer to sk139854.
PRJ-13168,
PRHF-9994
Compliance Compliance Partial Scans in Multi-Domain environments using Global Policies may lead to a SmartConsole freeze or long publish times.
PRJ-16997,
PRJ-16965
Mobile Access Mobile Access portal may become unresponsive after Jumbo Hotfix uninstallation. Refer to sk169152.
PRJ-11886,
PRHF-10057
Logging In some scenarios, searching for logs using "client_name" in the logging tab returns no values.
PRJ-5572,
PRHF-6592
Logging When a Log Server is configured to parse Syslog messages, the field "User" may be truncated in the parsed log in the Log Details view if the field contains an underscore.
PRJ-13559,
PMTR-53242
Logging In rare scenarios, the evstop script does not stop all logging processes. As a result, upgrade procedures may hang and show no progress. 
PRJ-5898,
PRHF-6120
Logging It is not possible to query the "file_name" field on a Log server that does not have SmartEvent activated.
PRJ-8211,
PRHF-7592
Logging "Problem has occurred during search < External Log server > Disconnected" error may appear in the "Logs & Monitor" tab after creating a dummy object for NAT.
PRJ-4127,
PRHF-2711
Logging In some scenarios, it may not be possible to filter logs by the field "IKE IDs:" when searching the log files directly.
PRJ-14046,
PRHF-11502
Logging In some scenarios, the command "cp_log_export status" prints "last log read at: N/A" rather then a timestamp.
PRJ-432,
PRHF-2797
Logging In SmartEvent, when the user customizes an event to accumulate logs by the field UUID, logs with UUID equal to 0 may not be correlated. 
PRJ-10361,
PMTR-46596
Logging Log_indexer may stop working on a SmartEvent server with a large number of CPUs (32 and up), and\or when the total number of log servers declared in correlation units is above 30.
PRJ-5648,
PRHF-6080
Logging In some scenarios, when the user creates a table widget in SmartView, there is no option to add the “hostname” field. Refer to sk162752.
PRJ-4608,
PRHF-5209
Logging When the user tries to open a Forensic report in SmartLog, the "Error getting report." message may appear if there is a network object configured with the same IP address as that of the Endpoint Security Management Server.
PRJ-8920,
PRHF-8148
Logging When the user searches logs in the "Logs and Monitor" tab in SmartConsole and applies a filter using the "?" wildcard, incorrect logs may be returned. 
PRJ-13431,
PRHF-1197
Security Gateway In some scenarios, "cmik_loader_fw_get_connkey: Invalid streaming opaque type: (3)" message appears in dmseg. Refer to sk137494
PRJ-13692,
PMTR-55510
Security Gateway Proxy arp change is applied only after the second policy installation.
PRJ-15606,
PRJ-13567
Security Gateway In some scenarios, policy installation fails with "Error code 0-2000121".
PRJ-13885,
PRHF-9759
Security Gateway An interface name with more than 15 characters may cause the policy installation to fail. Refer to sk167955
PRJ-15821,
PMTR-59347
Security Gateway In a rare scenario, policy installation may fail with error code 0-2000107 after the user changes the order of cluster members in SmartConsole.
PRJ-877,
PRHF-1727
Security Gateway In some scenarios, after the user makes a change to the ciphers suites configuration on the Gateway, some portals may not be accessible.
PRJ-12944,
PRHF-10972
Security Gateway After policy installation, the output of the "cphaprob stat" command may show "HA module not started" when a large number of non-monitored Cluster interfaces are configured in SmartConsole.

This fix adds support for multiple non-monitored interfaces in SmartConsole. 
PRJ-9846,
PRHF-7150
Security Gateway In some scenarios, SCCP traffic may be dropped by the Security Gateway. Refer to sk108124.
PRJ-16308,
PRHF-12058
Security Gateway In rare scenarios, Security Gateway memory consumption may increase.
PRJ-10770,
PRHF-8926
Internal CA In some scenarios, there is no SIC between R80.x Security Management and R77 Security Gateway after the user performs the ICA certificate replacement procedure described in sk158096.
PRJ-12617,
PMTR-45782
Identity Awareness After the user disables and re-enables the Identity Collector in SmartConsole, the Identity Collector may fail to connect to the PDP Gateway again.
PRJ-17648,
PMTR-44711
Identity Awareness In some scenarios, user cannot authenticate to Captive Portal as a Guest User.
PRJ-13512,
PMTR-55246
Identity Awareness In some scenarios, a XFF allowed proxy list is enforced only for instance 0 in VSLS environment after VS has transitioned from Backup to Active.
PRJ-16260,
PRHF-2081
Identity Awareness In some scenarios, the user cannot connect to the AD server when the account is set to “never expires” on Microsoft Active Directory. Refer to sk143672
PRJ-5229,
PRHF-4808
Identity Awareness Failure in LDAP groups membership query for specific user that was reported by MUH agent, may cause all users under the same MUH agent to be removed from the PDP database.
PRJ-12562,
IDA-2983
Identity Awareness PDP process may consume high CPU during policy installation because of a large amount of Access Roles.
PRJ-13563,
PRHF-561
Identity Awareness In some scenarios, when the user changes the TACACS+ server to a different one, the configuration is applied only after an MDS reboot.
PRJ-8710,
PRHF-7978
Identity Awareness In some scenarios, Dynamic ID authentication fails when the SMS server returns HTTP status code 2xx but not 200 or 202.
PRJ-8901,
PRJ-8880
IPS In a rare scenario, Security Gateway may crash due to NULL pointer reference.
PRJ-16488,
PMTR-57645
IPS In some scenarios, invalid characters are sent to gw-stat report.
PRJ-7757,
PMTR-40495
SSL Inspection DynamicID authentication may fail due to server certificate validation failure. Refer to sk167177
PRJ-13114,
PMTR-52580
DLP Improved DLP functionality when working with IDA MUH1 and MUH2 agents.
PRJ-13107,
PRHF-11112
HTTPS Inspection In some scenarios, HTTPS websites may show garbled text when HTTPS Inspection and Anti-Virus are enabled.
PRJ-9403,
PMTR-51402
HTTPS Inspection In some scenarios, HTTPS Inspection shows an incorrect certificate for some websites, including certificates issued by "CloudFlare Inc ECC CA-2". Refer to sk118392.
PRJ-8610,
NSS-2348
Anti-Malware In some scenarios, dmesg may show many "rad_client id 6 is not register" errors. 
PRJ-8418,
PMTR-32574
Anti-Malware In a rare scenario, the acapd process stops working during debug. Refer to sk166324.
PRJ-16952,
PRJ-16953
Anti-Malware In some scenarios, a file with HTTP chunked encoding is drooped if  there is a Fail-Close configuration on the Anti-Virus blade. Refer to sk169312.  
PRJ-1453,
PRHF-3790
Anti-Malware In rare scenarios, Security Gateway crashes during CIFS traffic when CIFS feature is enabled for Anti-Virus or Threat Extraction (see sk101606).
PRJ-11193,
PRHF-9801
ClusterXL In some scenarios, "fw ctl affinity" and "sim affinity" commands show wrong IRQ numbers. Refer to sk166356.
PRJ-14226 ClusterXL In some scenarios, SmartConsole shows ClusetXL status as "is not responding". Refer to sk168187
PRJ-15898,
PRHF-12374
SecureXL An asymmetric routing issue may occur between a Virtual System and a Virtual Switch/Router.
PRJ-2921,
PRHF-4457
SecureXL In a rare scenario, the Security Gateway may crash when deleting certain non-TCP connections.
PRJ-16393 SecureXL In a rare scenario, TCP data connections may not get established with protocols that create reverse connections (e.g., Remote shell).
PRJ-7367,
PRHF-7025
CoreXL In some scenarios, FWK Manual CPU Affinity is not preserved after system reboot.
PRJ-1363,
PMTR-12883
VSX In a rare scenario, portals are not reachable after the fwk process stops working.
PRJ-16398,
PRHF-12508
VSX Latency and/or packet loss may occur for traffic which passes through a Virtual Switch in a VSX Gateway. Refer to sk168592.
PRJ-6172,
PMTR-19924
Routing In some scenarios, the routed process may stop working.
PRJ-16576,
SPC-3089
Routing In some scenarios, the routed daemon may stop working with BGP.
PRJ-5700,
PMTR-42483
VPN NEW: Improved policy installation performance when the MAB blade is enabled with Legacy Policy and Native Application rules.
PRJ-7057,
PMTR-41386
VPN NEW: Added functionality enhancements for the authentication realms used with Remote Access VPN
PRJ-15616,
PMTR-57459
VPN Access Roles with MAB SNX as the client type may not work.
PRJ-14208,
PRHF-1490
VPN The vpnd process may stop working and a "CvpnUMD process crashed" error is printed into /var/log/messages. Refer to sk160735.
PRJ-15834,
PMTR-40895
VPN When a Gateway does not recognize the SPI, it sometimes sends the "Invalid SPI" notification in clear. As a result, the peer may ignore it, resulting in an outage.
PRJ-13339,
PRHF-1164
VPN In some scenarios, L2TP client fails to connect with "failed to write L2TP session params to kernel" error in vpnd.elg file. Refer to sk167636.
PRJ-10950,
PRHF-8923
VPN In some scenarios, VPN tunnel connection is dropped with "no MSA for MSPI" error. Refer to sk167393.
PRJ-12462,
PRHF-388
VPN In a rare scenario, Security Gateway may crash when using Remote Access VPN with L2TP clients.
PRJ-15990,
PRJ-15983
VPN Starting from R80.10 Jumbo Hotfix Take 275, clients that do not support MFA (such as Mac OS and iOS) cannot connect as Remote Access clients if MFA is enabled. Refer to sk168493.
PRJ-14572,
PMTR-54771
VPN IP compression may not work in some scenarios when IKEv2 is configured.
PRJ-15327,
VPNRA-379
VPN In some scenarios, Remote Access VPN traffic may be dropped when XFF is enabled.
PRJ-14403,
PMTR-54728
VPN Connectivity improvements for Remote Access VPN with L2TP.
PRJ-12888,
PRHF-10685
VPN IKEv2 rekey may fail when the resolved peer IP address is not the main IP address. Refer to sk166897.
PRJ-12893,
PRJ-8726
VPN In some scenarios, vpnd cores may be generated sporadically during boot time/cluster failovers on the Cluster Standby Member. 
PRJ-32 VPN In rare scenarios, vpnd stops working when using the SNX client.
PRJ-16207,
VPNRA-469
VPN In rare scenarios, the Security Gateway may crash after VPN users connect to the network. 
PRJ-11486 VPN In a rare scenario, a memory leak may appear in VPN.
PRJ-14240,
PRHF-7995
VPN VPN traffic may be dropped when working with peer behind NAT - Hide NAT with Port Translation. 
PRJ-234 VPN Connectivity improvements for Remote Access Endpoint clients that connect without Office Mode IPs.
PRJ-13527,
VPNRA-398
VPN In some scenarios, Remote Access VPN users are not matched against the Access Control policy and traffic is dropped. Refer to sk167432
PRJ-8113,
PMTR-49502
VPN vpn_trap_multik: - wrong header length 36 != 72” message may appear in  the vpnd.elg when working with multiple users with the same credentials.
PRJ-11802,
VPNRA-357
VPN In some scenarios, SmartView Monitor displays an incorrect number of connected Remote Access users. Refer to sk167297
PRJ-11049,
PRHF-7972
VPN Improved NAT Detection with 3rd party peers in IKEv1 and IKEv2. Refer to sk165003.
PRJ-14431,
PMTR-53221
Gaia OS NEW: Added support for CPAC-4-10-AB cards. 
PRJ-12251,
PMTR-52663
Gaia OS UPDATE: on Smart-1 5050:
  • Line card 1 model PE2G2SFPi35*-CP* is changed to CPAC-2-1F-SM*-C*
  • Line card 2 model PE210G2SPI9A-XR*-CP* is changed to CPAC-2-10F-SM*-C*
PRJ-6169,
PRJ-16502,
PRHF-6118
Gaia OS In some scenarios, the monitord process may consume high CPU. Refer to sk163614.
PRJ-11634 Gaia OS In some scenarios, an MDS environment that runs on a Smart-1 525, Smart-1 5050, or Smart-1 5150 may not create a Gaia backup file properly. In these scenarios, the command returns the following output:
"Creating backup package...
Done
mv: cannot stat '/var/log/CPbackup/backups/backup_xx.tgz': No such file or directory". 
PRJ-9116,
PRHF-4435
Gaia OS In some scenarios, SNMP fails to report disk utilization.
PRJ-14460,
PRHF-9702
Gaia OS It is not allowed to create usernames with reserved words, e.g., 'eval', 'apply' etc., in the middle of the username in the WebUI.
PRJ-13939,
PRHF-11368
Gaia OS In some scenarios, when the RADIUS user enables bash logging (as per sk99134) and moves to expert mode, the username in the log files appears as admin instead of RADIUS.
PRJ-11967,
PRJ-15611,
PRHF-9336
Gaia OS The confd process may stop working when the user runs the "show/set/add interface" long command. Refer to sk167635.  
PRJ-16076,
PMTR-57581
Gaia OS In some scenarios, when the user tries to return to the factory default, the machine reverts to a different snapshot. 
PRJ-6610,
PMTR-17149
Gaia OS In some scenarios, snapshot creation on Gaia OS may get stuck at 1-2% because of a large number of tmp files. Refer to sk116679
PRJ-12759,
PMTR-52834
Gaia OS In some scenarios, the WebUI shows unknown HDDs that are not part of RAID.
PRJ-5957,
PRHF-6250
Gaia OS In some scenarios, commands that were entered into Clish can be executed later on if the SSH session was uninterruptedly terminated.
PRJ-12419,
GAIA-7499
Gaia OS In some scenarios, concurrent CIFS mount/umount processes to the same Windows machine may crash the kernel. 
PRJ-15593,
PRJ-13624,
PRHF-11367
Gaia OS The "show configuration" clish command may show 'Exported by admin' instead of the correct user name. 
PRJ-11464 Gaia OS In some scenarios, the CPU usage monitor parameter is incorrect: The "Average CPU" value on SmartMonitor shows an incorrect value.
PRJ-13614,
PRJ-13619,
PMTR-54707
Gaia OS The user may not be able to log in to the WebUI after performing "gaia_api access -u admin -e true". 
PRJ-13239,
PRJ-13264,
GAIA-7496
Gaia OS In some scenarios, the value for the Voltage/Fan/Temperature sensor may appear as "NotValid".
PRJ-11371,
PRHF-7532
Gaia OS In some scenarios, latency issues may occur in Clish and in the WebUI when using web scanning tools (Qualys). Refer to sk164153.
PRJ-10800,
PMTR-56454
Gaia OS In some scenarios, due to backup compression errors, restoring a backup does not restore all files.
PRJ-14412,
PRHF-11683
Gaia OS In some scenarios, snapshot creation fails because of compression errors.
PRJ-13649,
PRHF-8760
Gaia OS In rare scenarios, clish consumes 100% CPU when the user runs a Tenable scan. Refer to sk166195
PRJ-11495,
PMTR-51462
Gaia OS In some scenarios, the PSU status is reflected even if there is no PSU on the appliance.
PRJ-13721,
PRJ-13722
Gaia OS In some scenarios, a snapshot creation may fail.
PRJ-13751,
PRJ-13752
Gaia OS In some scenarios, SNMPD daemon stops working with core dump, causing the SNMP service to become unavailable.
PRJ-8947,
GAIA-7018
Gaia OS In some scenarios, interface names may not correspond to the correct ports on 4-ports 10GbE SFP+ Rev 1.1 on 12200/4200/4400/4600/4800/TE250 appliances. 
PRJ-11808,
PRJ-11807,
PRHF-9221
Gaia OS Only 1024 characters of a cron jobs output are displayed when using show cron jobs from clish. Refer to sk167632
PRJ-12516,
PRHF-10672
Gaia OS In some scenarios, a backup on a Gaia device with Threat Emulation Blade enabled may fail with "Cannot complete the backup process: not enough space". Refer to sk166833
PRJ-3024,
PRHF-4557
Gaia OS Backup on Gaia machine may fail with "Cannot complete the backup process: not enough space". Refer to sk98609
PRJ-5270,
PMTR-40400
Gaia OS Any of the following may occur in vSphere on a Management appliance:
  • vSphere client/WebUI does not show the instance IP in the instance summary window.
  • vSphere client/WebUI reports that VMware tools are "not running" in the instance summary window.
  • Machine time/date is not synchronized with the ESX host.
PRJ-13477,
PMTR-55154
Gaia OS Intake and outlet temperature sensors display incorrect values on 15400 appliance. 
PRJ-12182,
VSECC-1293
CloudGuard IaaS CloudGuard Controller may sometimes update the Standby cluster member in VSLS mode. 
PRJ-9400,
STRM-152
QoS In some scenarios, QoS Policy installation fails with the following message: "Error - QoS Policy does not apply to any network interface. Please edit your Network Object and check the interfaces you wish to install on" when policy is defined properly on the interface.
PRJ-5184,
PRHF-5617
Endpoint Security The log description of the "Media Encryption & Port Protection" blade may state that the "Media Storage" is encrypted even though it is not. The details in the log show the correct value. Refer to sk162812
R80.10 Jumbo HotFix - General Availability Take 279 (22 July 2020, GA from 13 Aug 2020)
PRJ-14608 SecureXL On gateways with SAM-108 enabled card, the "fwaccel stat" command may show "Waiting for policy load" state for gateways that are up for more that 249 days.
R80.10 Jumbo HotFix - Ongoing Take 278 (05 July 2020)
PRJ-9500,
PMTR-11284
Diagnostics IPS update time may not be displayed in CPView.
PRJ-12008,
PMTR-52087
Security Management NEW: Significant performance improvement for policy installation time when many groups are defined on the Management Server.
PRJ-10898,
PMTR-49801
Security Management NEW: Set values for environment variables on the Management Server that will remain there after a Management Server upgrade, as well as Backup/Restore and Export/Import of the Management Server. Refer to sk165938.
PRJ-11708,
PMTR-27164
Security Management NEW: Performance and stability improvements for large setups.
PRJ-11115,
PMTR-51778,
PRJ-10992,
PMTR-51743
Security Management NEW: Added ICA Management security enhancements.
PRJ-9263,
PMTR-49516
Security Management Policy verification may fail after the user does the following steps: Configures specific install targets for a policy, publishes them, changes the install targets back to "All Gateways", and tries to install them on a Gateway which is not in the original list of targets. 
PRJ-7411,
CPM-2541
Security Management In a rare scenario, all users connected to the Management Server get disconnected and new logins fail until the Management Server is restarted.
PRJ-5445,
PMTR-40663
Security Management In some scenarios, an unclear error appears when the user imports a global policy on a Multi-Domain Management Server. The error is caused by a mismatch between the leading interface defined on the machine and the one defined in the database. 
PRJ-8791,
VPNRA-316
Security Management Improved the Access Control Policy installation time for environments with high amount of objects and enabled IPSEC VPN blade. Refer to sk166321.
PRJ-9297,
PRHF-8336
Security Management In a rare scenario, the "SmartDashboard component failed to connect to server <IP address>. Please contact technical support" error is displayed in SmartConsole when opening the Management object for editing.
PRJ-9320,
PRHF-8494
Security Management In some scenarios, a disconnected SmartView Monitor session appears in SmartConsole with a grayed out 'Disconnect' option, which cannot be discarded. Refer to sk165037
PRJ-10518,
PMTR-36302
Security Management In some scenarios, Check Point services fail to start and the CPM log shows that there are duplicate session aggregators. Refer to sk162773.
PRJ-7588,
PMTR-38305
Security Management In a rare scenario, following a failure to delete a Domain, the Management Server may fail to start.
PRJ-8863,
PMTR-48673
Security Management When an administrator fails to publish another administrator’s session, the session of the other administrator disappears from the Sessions view in SmartConsole.
PRJ-5792,
PMTR-40790
Security Management In some scenarios, after the user manually performs "Full Sync", a newly created secondary Domain Server or Domain Log Server is not shown in SmartConsole's Domains view.
PRJ-9164,
PMTR-48267
Security Management When reverting a security layer to a previous revision, if there are rules which are currently disabled, but were enabled in the selected previous revision (or vice versa), their status may not be reverted.
PRJ-7885,
PMTR-46703
Security Management In some scenarios, when the user modifies a policy rule and creates a section above it in the same session, the log tracker shows that the rule was created instead of modified.
PRJ-9212,
PRHF-8370
Security Management Logging into SmartConsole to the Standby Management Server with a Radius or TACACS user may fail after changing the shared secret on the Radius or TACACS object. 
PRJ-9595,
PMTR-38555
Security Management Security hardening: The Management Server will block connection requests with a TLS version below 1.2 on port 19009. Refer to sk164973.
PRJ-8228,
PRHF-7728
Security Management The "Unused Objects" filter in Object Explorer may display a failure message if there are more than 20000 unused objects.
  • A limit was added so that only the first 5000 objects will be displayed.
PRJ-9087,
PRHF-8266
Security Management In a rare scenario, when an environment has many Gateways (dozens), the FWM daemon may stop working when 4 GB of memory is reached. Refer to sk165015.
PRJ-10086,
PMTR-50276
Security Management The cpm_solr process may stop working and cause one of the following:
  • The upgrade of a Management machine may stuck on 58%
  • The Management HA synchronization may fail with "NGM failed to import data" error
  • Users may not be able to log in.
PRJ-10470,
PMTR-49832
Security Management In a rare scenario, export does not complete because the Postgres dump_all process gets stuck.
PRJ-4732,
PRHF-5341
Security Management In a rare scenario, the FWD process on the Security Management may stop working during peak hours.
PRJ-8414,
PRHF-7865
Security Management When the user runs the 'add-domain' Web API command on an existing Domain, the original Domain is deleted. 
PRJ-7766,
PRHF-7425
Security Management In rare scenarios, publishing a session fails with the following error: "Action Failed due to an Internal Error".
Discarding the session in SmartConsole completes as "discarded", but the changes are still there.

The same behavior occurs in the Management API:
mgmt_cli -r true discard uid <UID>
number-of-discarded-changes: 4
message: "OK"
PRJ-9279,
PMTR-48463
Multi-Domain Management NEW: Performance improvement for Multi-Domain environments in which many administrators are connected.
PRJ-1390,
PMTR-33408
Multi-Domain Management NEW: Added ability to log in to the Management Server with SmartConsole while MDS Backup is running.
PRJ-13031,
PRHF-10917
Multi-Domain Management Global Policy reassignment may fail after performing the IPS update in the Global domain.
PRJ-5448,
PMTR-42420
Multi-Domain Management In some scenarios, an upgrade from R7x secondary Multi-Domain Server with active Domains may fail.
PRJ-12063,
PRHF-10327
Multi-Domain Management The FWM process of domains may not stop after the user runs mdsstop or mdsstop_customer.
PRJ-12553,
PRHF-10523
Multi-Domain Management In some scenarios, updating firewall_properties in GuiDBedit in the MDS context fails. Refer to sk42184
PRJ-12963,
PRHF-10944
Multi-Domain Management In some scenarios, certain deleted domain level objects are visible in the SmartConsole at the MDS level.
PRJ-12487,
PRHF-10330
Multi-Domain Management Multi-Domain Administrator configuration for RADIUS authentication may show local Domain Radius servers and groups.
PRJ-12203,
PRHF-10405
Multi-Domain Management In some scenarios, changes to a .def file in $FWDIR/lib may be reverted when creating a secondary CMA.
PRJ-6983,
PMTR-44593
Multi-Domain Management In some scenarios, there may be high Solr CPU on Multi-Domain Management Servers with dozens of Domains. 
PRJ-10524,
PRHF-8686
Multi-Domain Management Upgrade of Multi-Domain Server may fail if Sync With User Center is running.
PRJ-9598,
PRHF-8502
Multi-Domain Management In environments with more than five Multi-Domain servers, changes to objects may not be reflected in the logs. 
PRJ-11164,
PMTR-51180
Multi-Domain Management In a rare scenario, synchronization between Multi-Domain Management Servers breaks after revisions purge operation. 
PRJ-8449,
PMTR-47772
Multi-Domain Management The Administrator and Trusted Clients pop-up editors at the Multi-Domain Server level show all domain names linked to these objects. Domain Managers with partial permissions, may see the names of domains that they are not permitted to see.
PRJ-9696,
PRHF-8593
Multi-Domain Management MLM may open a connection to the reversed IP address of the Multi-Domain Server.
PRJ-10744,
PMTR-50936
Multi-Domain Management In some scenarios, policy installation from the Domain Management Server fails after mds_backup procedure that was interrupted. Refer to sk165559.
PRJ-11174,
PMTR-51890
Multi-Domain Management In some scenarios, Full synchronization fails in the Global Domain with "Full sync with peer '[Peer Name]' NGM failed to import data" error. Refer to sk145972.
PRJ-10365,
PMTR-51017
Multi-Domain Management After performing Full synchronization or failover of the Global Domain, the following operations may fail (refer to sk145972):
  • Global Domain reassignment
  • IPS or Application Control updates in the Global Domain 
PRJ-10528,
PRHF-8581
Multi-Domain Management The mds_import.sh script may fail if the IPS version for a Domain/CMA does not exist on the R80.x Multi-Domain Management Server.
PRJ-6702,
PMTR-44004
Multi-Domain Management In a rare scenario, when viewing the Layer History, some revisions not relevant to the selected Layer may be shown.
PRJ-10037,
PMTR-27672
Multi-Domain Management In some scenarios, CPUSE and advanced Multi-Domain Management upgrade are stuck at "Upgrading products: 58%". Refer to sk146933
PRJ-71 SmartConsole NEW: Added support for proxy configuration when downloading CRL from a VSX device. Refer to sk151115.
PRJ-10570,
PMTR-51246
SmartConsole NEW: SmartConsole default login timeout was increased.
PRJ-8699,
PRHF-7991
SmartConsole The shared secret's edit button may be grayed out.
PRJ-13690,
PRJ-13686
SmartConsole In some scenarios, when using many parallel management API calls, the output is not consistent.
PRJ-5098,
PMTR-41234
SmartConsole When editing the description of a revision, the "Changes" field is reset to 0.
PRJ-11256,
PRHF-9106
SmartConsole In some scenarios, Inspection Settings view under the General tab is blank.
PRJ-12962,
PRHF-10916
SmartConsole Global Policy reassign in MDS may fail with 'An internal error has occurred' message after adding overrides to Snort protections.
PRJ-12081,
PRHF-10297
SmartConsole When configuring "Visitor Mode" in SmartConsole and choosing the IP address, the wrong IP address may be displayed after clicking "OK".
PRJ-11903,
PRHF-10275
SmartConsole In rare scenarios, certain domain level objects may not be visible in SmartConsole at the MDS level. 
PRJ-12536,
PRHF-9941
SmartConsole Unable to delete Snort protections in Multi-Domain environment - they still exist after deletion.
PRJ-9077,
API-864
SmartConsole In some scenarios, the Management Server may stop working following authenticated API commands to create or update objects with extremely long comments.
PRJ-4103,
PRHF-2388
SmartConsole In "Top services" view of SmartView Monitor, "cp_tcp_A936BBAC_EBC3_4F18_B3CC_A63365F07477*" service is displayed instead of "https" service. Refer to sk146052.
PRJ-1447,
PRHF-3822
SmartConsole In some scenarios, the api.elg log is flooded with the the "Returning default standard reply class" message. 
PRJ-8015,
PMTR-46682
SmartView SmartView may show wrong time in tables and graphs for clients located in Brazil.
PRJ-10198,
PRHF-9019
SmartView SmartView may show "query failed" error message when creating table widget with filter by source/destination host name. Refer to sk119056.
PRJ-8132,
PMTR-45751
SmartView "The process <process-name> which is monitored by watchdog restarted more than once in the last half an hour" error may appear in the SmartEvent GUI status window even though the process has been up for more than 30 minutes.
PRJ-4327,
SE-331
SmartView In some scenarios, automatic reactions in SmartEvent are sent with the "Destination address" field containing the resolved country name instead of the raw IP value. Refer to sk146992.
PRJ-7495,
PRHF-7101
SmartView When using SmartEvent automatic reactions, *.MHT files in $RTDIR/tmp directory are not cleaned up in case of email sending failure.
PRJ-10371,
PRHF-8973
SmartView In some scenarios, after user imports view/report in SmartView, the imported view/report is not shown in the Catalog.
PRJ-11959,
PRJ-11897
QoS In some scenarios, SmartView Monitor shows "No Match" rule on QoS traffic.
PRJ-9417,
PRJ-9416
Security Gateway Added logs for packets that include invalid TCP options. This feature is off by default.
PRJ-8150,
PRHF-7736
Security Gateway Policy installation on Cluster may fail if the Cluster member name is longer than 64 characters.
PRJ-11952,
PMTR-52583
Security Gateway In a rare scenario, Security Gateway may crash due to NULL pointer reference.
PRJ-11693,
PRHF-9799
Security Gateway In a rare scenario, access rules with service type of "other" may not be matched correctly. Refer to sk166365
PRJ-13018,
PMTR-14138
Security Gateway In some scenarios, "Too many update logs, log has been truncated" alert logs appear in SmartConsole.
PRJ
10030,
PMTR-50431
Security Gateway In a rare scenario, when the web server is defined, policy installation fails with "Error code 0-20000111".
PRJ-9049,
PRHF-8288
Security Gateway Global connections may not be freed correctly when the Gateway acts as a Proxy. 
PRJ-9686,
PMTR-46451
Security Gateway Traffic may be dropped on DAIP gateway after the gateway IP address is changed or the gateway is rebooted. Refer to sk165176
PRJ-10848,
PRHF-1920
Security Gateway Improved the in.aftpd process memory management.
PRJ-3537,
PRHF-5333
Security Gateway In some scenarios, there may be connectivity problems with DHCP traffic. 
PRJ-5728,
PRHF-6035
Security Gateway In some scenarios, SIP traffic may be dropped by Anti-Spoofing with "fw_early_sip_nat Reason: spoofed packet on SIP traffic" error in dmseg although it is set to"detect",
PRJ-4678,
PRHF-5055
Security Gateway In some scenarios, policy installation fails with "configload_mgmt_compile: Failed to run compiler command".
PRJ-10966,
PMTR-35842
Security Gateway In some scenarios, the bridge rerouting feature's packet handling may lead to a memory leak.
PRJ-1212,
PRHF-3652
Security Gateway In a rare scenario, the Security Gateway may crash due to a NULL pointer reference.
PRJ-10622,
PMTR-17309
Security Gateway In a rare scenario, the Security Gateway may crash.
PRJ-2409,
PRHF-4282
Security Gateway DCE-RPC traffic may be dropped because of a drop template that is incorrectly created for the ALL_DCE_RPC service.
PRJ-10413,
PMTR-49504
Security Gateway In a rare scenario, after upgrading a Security Gateway to R80.10, the log_indexer process running on the Log server may consume 100% CPU and cause the indexing backlog.
PRJ-8001,
PMTR-45649
Threat Prevention Improvements in HTTP chunked encoding inspection.
PRJ-9045,
PRHF-8153
Threat Prevention The number of overrides in Threat Prevention policy -> Profile -> Overrides may also show inactivated overrides, with mismatched information between "override" and "User Modified".
PRJ-12396,
PMTR-45311
Threat Prevention In some scenarios, policy installation fails with "Error code 0-2000111".
PRJ-2333,
IPS-682
IPS In some scenarios, the interface name is not displayed correctly in the IPS log.
PRJ-9275,
PMTR-39944
Application Control In some scenarios, HTTP traffic is blocked with "HTTP parsing error occurred (2)" and "parameters are undecodable in request" errors. Refer to sk160092.
PRJ-12163,
PMTR-52106
Application Control In some scenarios, Application Control updates in Multi-Domain High Availability environments may get stuck when multiple updates from different Domains/Multi-Domains take place simultaneously.
PRJ-9391,
PMTR-49565
Identity Awareness NEW: Performance improvement in the automatic LDAP group update feature.
PRJ-8422,
IDA-2022
Identity Awareness NEW: Identity Awareness performance improvements on large scale environments. 
PRJ-9538,
PRHF-4033
Identity Awareness NEW: Policy installation process has been improved. 
PRJ-7505,
PRHF-5184
Identity Awareness When the Identity Awareness blade is enabled, a memory leak may appear in LDAP sessions.
PRJ-10555,
IDA-1828
Identity Awareness In a rare scenario, a memory leak, related to the Identity Awareness flow, may occur in the kernel.
PRJ-10384,
IDA-2719
Identity Awareness In a rare scenario, identity session groups and access roles may disappear following a policy installation.
PRJ-10222,
PMTR-39175
Identity Awareness In a rare scenario, there is a memory leak in the IDA daemon pepd. 
PRJ-10756,
IDA-2866
Identity Awareness In some scenarios, multiple "idapi_load_data_impl: session id <Session ID> not found in client_db, although ip <Session IP> was assigned to it" errors appear in /var/log/messages file. Refer to sk167174.
PRJ-10967,
SWG-2484
DLP NEW: Reading and sending files from the registry by DLP was optimized.
PRJ-9325,
PRHF-8152
DLP Improved the scanning time of files for some scenarios in SMTP and HTTP/S.
PRJ-9691,
PRHF-8503
DLP In some scenarios, DLP prints wrong error message in the log.
PRJ-10905,
PRJ-10854
DLP DLP stability for some scenarios was improved.
PRJ-5020,
PRHF-5528
DLP The DLP engine may incorrectly process the file if the file name is missing in the connection header.
PRJ-9772,
PRHF-8847
DLP In some scenarios for SMTP, when an internal user sends an email, the DLP logs may show the topology as "external to external" instead of as "internal to internal".
PRJ-10421,
PMTR-39431
DLP In a rare scenario, when Security Gateway is configured as proxy, the HTTP traffic may be not scanned by DLP.
PRJ-7994,
PMTR-46960
HTTPS Inspection WSDNSD memory leak may appear when updatable objects are configured in the policy. Refer to sk165616.
PRJ-9932,
PMTR-49938
HTTPS Inspection In some scenarios, when the minimum version of HTTPS Inspection is set to TLS 1.1, some websites may stop working. Refer to sk165555
PRJ-8473,
PMTR-44388
Logging In some scenarios, exporting a large number of logs to Excel may fail and cause SmartView to restart.
PRJ-4446,
PMTR-39444
Logging In SmartView, drilling down from the timeline widget to logs, may show less logs than expected.
PRJ-9314,
PRHF-8166
Logging Logging view may show results from the wrong day if the server Time Zone is configured to use half/quarter hour deviations from standard time.
PRJ-11004,
PRHF-9292
Logging In some scenarios, changes made to Network Objects on the Security Management Server are not reflected in the logs view. Refer to sk166493.
PRJ-1523,
SL-2379
Logging In some scenarios, Autosuggestion does not complete in SmartConsole's "Logs & Monitor" tab for users who do not have super user privileges. Refer to sk155252.  
PRJ-9704,
PRHF-7716
Logging The FWD process may stop working if one of the following changes were made using GuiDBEdit:
  1. Change to log forwarding timing
  2. Change to log switch timing
PRJ-10154,
PRHF-8586
Logging "UserCheck Reference ID” field is missing from logs when the message of the UserCheck customized page is modified and does not contain the text "reference:". Refer to sk165355.
PRJ-9969,
SL-3551
Logging In a Multi-Domain environment, one or more CMA's SMARTLOG_SERVER processes may fail to start after upgrade. Refer to sk165262.
PRJ-11095,
PMTR-51655
Logging In a rare scenario, the CPD process on a Security Management Server that manages R77.30 Security Gateway may stop working.
PRJ-8494,
PRHF-7875
Logging In SmartView, when the user exports logs to CSV using the "visible columns" option, the following fields may be missing from the CSV file: Resource, Application Risk, Application Name, and Application Category. 
PRJ-8680,
PRHF-7856
Logging In some scenarios, Threat Emulation Logs cannot be viewed in the logging or reporting views because of a certain format of the "file size" field sent from the Security Gateway. Refer to sk166997.
PRJ-9191,
PMTR-42449,
SL-3104
Logging After synchronization, MLM / Secondary MDM may have different log policy configuration. Refer to sk165692.
PRJ-6022,
PRHF-4951
Logging When restarting the FWD process on the Log server, the syslogd process (syslog daemon), may stop working.
PRJ-7923,
PMTR-42913
Logging Following changes in correlation unit settings, new logs may not be read by SmartEvent until the log_indexer process is restarted.
PRJ-1500,
PRHF-3839
ClusterXL The output of the 'cphaprob routedifcs' command may be missing interfaces.
PRJ-9346,
PMTR-43718
ClusterXL SNMP Response for OID .1.3.6.1.4.1.2620.1.5.6 ("haState") is "Active" on all members of ClusterXL High Availability mode. Refer to sk106291.
PRJ-5903,
PMTR-43772
SecureXL In some scenarios, the penalty box violation rate is configured incorrectly.
PRJ-10936,
PMTR-25593
SecureXL Rule that contains dhcpv6 services, does not disable SecureXL Accept Templates. Refer to sk32578.
PRJ-9535,
JPMC-339
SecureXL On a Security gateway with SAM Hardware card and enabled SecureXL, a memory leak may appear when trying to delete particular multicast connection after it is expired.
PRJ-7984,
PRHF-7667
SecureXL In some scenarios, multicast connections may not have the outbound routes.
PRJ-9062,
PRHF-5093
SecureXL ICMP processing may infrequently result in drops with "...dropped by handle_outbound_pac, Reason: connection not found;".
PRJ-4174,
PRHF-5051
SecureXL In some scenarios, there may be a length verification error with SCTP traffic.  
PRJ-7980,
PMTR-28466
SecureXL In a rare scenario, a memory leak may occur when FireWall updates data for connections that are offloaded to SecureXL.
PRJ-1250,
PRHF-3608
SecureXL On cluster, Drop templates are disabled on reboot. Refer to sk153412.
PRJ-4877,
PRHF-5471
VSX Resource Monitor Control may cause segmentation fault when there are more than 64 CPUs. Refer to sk125112.
PRJ-13080,
PRHF-10978
VSX When performing a provisioning operation in VSX, process may hang on "Pushing configuration to ...".  Refer to sk167175.
PRJ-10912,
PMTR-22709
VSX In VSX cluster with VMAC mode, traffic may not pass through VSX Cluster members if SecureXL is enabled. Refer to sk138894.
PRJ-3814,
PRHF-3767
Routing Active VRRP cluster member may not show full accounting information in logs. Refer to sk159432
PRJ-12800,
ROUT-541
Routing In some scenarios, when processing BGP ECMP routes, routed may stop working, resulting in loss of BGP adjacency.
PRJ-12796,
ROUT-530
Routing In some scenarios, there may be a loss of BGP adjacency when displaying BGP routes with very long AS paths or large numbers of BGP communities.
PRJ-9348 Routing Scanning large number of interfaces may cause some of the interfaces to be in "master" state on the backup member.
PRJ-3616,
PRHF-4829
Routing In some scenarios, routed stops working when receiving an LSA with a checksum value of zero.
PRJ-9072,
PRHF-8337
Routing In some scenarios, a corrupted BGP AS4_PATH attribute value may result in an invalid, long BGP update that is rejected by the BGP peer.
PRJ-5998,
ROUT-445
Routing In a rare scenario, last two (or more) nexthops of a BGP ECMP route disappear simultaneously and are not removed from the forwarding database. Refer to sk153552.
PRJ-9037,
PMTR-29811
VPN Connectivity improvement of IPSec tunnels when IKEv2 is configured.
PRJ-4251,
PRHF-2844
VPN Added L2TP Remote Access client connectivity improvements. Refer to Scenario 2 in sk145895.
PRJ-11261,
PRHF-7681
VPN In a rare scenario, vpnd process stops working due to Segmentation fault. 
PRJ-11241,
PMTR-42727
VPN Added connectivity improvement for VPN over NAT traversal (UDP 4500).
PRJ-5242 VPN Remote Access connectivity improvement.
PRJ-10047,
VPN-196
VPN In some scenarios, Remote Access clients cannot connect to a load sharing cluster. Refer to sk159052
PRJ-11641,
VPNRA-353
VPN Added stability improvement for Remote Access VPN.
PRJ-11573,
PRHF-314
VPN The fwk process may stop working on a VS, creating a core dump file. Refer to sk129772.
PRJ-4450,
PMTR-40912
VPN Improved IKEv2 negotiation flow. 
PRJ-6116,
PMTR-44901
VPN In some scenarios, NAT-D traffic goes out from the first external interface.
PRJ-7691,
PRHF-7359
VPN Improved usability of VPN tunnel monitoring "vpn tu" command.
PRJ-6717,
PRHF-6672
VPN In some scenarios, the vpnd process stops working on cluster members.
PRJ-639,
PRHF-2142
VPN In a rare scenario, a VPN memory leak may appear.
PRJ-6137,
PRHF-4292
VPN In a rare scenario, the vpnd process stops working due to memory access problem.
PRJ-11448,
PMTR-51868
Gaia OS NEW: Added support for Smart-1 3150/3050 SAN and 'show asset' line cards for SAN.
PRJ-8005,
PMTR-46037
Gaia OS NEW: Apache API was updated.
PRJ-10808,
PMTR-50836
Gaia OS CVE-2020-8597: pppd is vulnerable to buffer overflow. Refer to sk165875.
PRJ-7370,
PMTR-44835
Gaia OS In some scenarios, the iDRAC (LOM) interface is not pingable.
PRJ-444,
PRJ-446
Gaia OS In some scenarios, the ‘show asset all’ command may fail.
PRJ-468,
PRJ-469
Gaia OS During load configuration command, when the loading configuration file contains SNMP, interface config commands may not apply the configuration correctly.
PRJ-10396 Gaia OS In some scenarios, transmit queues may stop, causing packet loss.
PRJ-499,
PRJ-500
Gaia OS In some scenarios, the load configuration command fails when trying to add an SNMP user with a hashed password.
PRJ-9349,
PRHF-8098
Gaia OS Added optimization for 40GbE and 25/100GbE cards configured in multiqueue allowing better transmit performance when Hyper-Threading (SMT) is enabled.
PRJ-966 Hardware The ‘show configuration bonding’ command may list an incorrect interface type in clish when used together with 21000 appliances and a SAM acceleration card.
PRJ-2460,
PRHF-4097
VoIP In some scenarios, MGCP traffic may be dropped by the Security Gateway with the following message in fw ctl zdebug drop:
fw_mgcp_undo_earlynat: the needed early_nat request entry (with natted src) not found, dropping;
fw_conn_post_inspect Reason: Handler 'mgcp_manager' drop;
PRJ-2215,
PMTR-30347
VoIP In some scenarios, VoIP calls are dropped with "SIP Re-Invites exceeded the limit" reject reason. Refer to sk145412.
PRJ-10533,
PMTR-51177,
PRJ-9102,
PRHF-7758
VoIP In a rare scenario, with Static NAT enabled, Security gateway may crash when passing SIP traffic. Refer to sk166474.
PRJ-11242,
PRHF-9628
VoIP SIP calls with NAT (SIP packet with no SDP but content-type=sdp) may fail to open correctly.
PRJ-4234,
PRHF-4250
VoIP In some scenarios, H323 connections are dropped after "Virtual session timeout" is configured. Refer to sk156372
PRJ-9954,
PRHF-897
VoIP In some scenarios, UA traffic is dropped when packet contains more then 9 UA's. Refer to sk135114.
PRJ-5803,
VSECNSX-1211
CloudGuard IaaS NEW: Added support for Identity Sharing with CloudGuard for NSX-V.
PRJ-10865,
VSECC-1119
CloudGuard IaaS In a rare scenario, the OpenStack Data Center becomes unresponsive, which results in a loss of updates to the Security Gateway.
PRJ-9633 Compliance In some scenarios, database import on a single Domain machine on which the Compliance blade is activated fails. As a result, the FWM process stops working after the import.
PRJ-12689,
MB-731
Compliance Compliance blade may show incorrect Best Practice status if one or more relevant network objects for that Best Practice is in status "N/A".
R80.10 Jumbo HotFix - General Availability Take 275 (24 May 2020)
PRJ-9293 SmartConsole When running Management API commands, the default values for 'dereference-group-members' and 'show-membership' flags may change from "True" to "False".
PRJ-11216,
PRHF-252
ICA In a rare scenario, some daemons (like FWM, CPCA, etc.) may stop working while signing a certificate.
PRJ-12749,
PRJ-12738
VPN Some Remote Access clients that do not support Multi-Factor Authentication (MFA) are able to connect to a Security Gateway even though the "Allow older clients" option is disabled. Refer to sk166912.
R80.10 Jumbo HotFix - General Availability Take 272 (22 March 2020, GA from 05 April 2020)
PRJ-9626,
PRJ-9461
Security Management NEW: Added ability for R80.10 Security Management or Multi-Domain Server to manage R80.40 Security gateway. Refer to sk164652.
  • Requires R80.10 SmartConsole Build 177 (or higher).
R80.10 Jumbo HotFix - Ongoing Take 270 (13 February 2020)
PRJ-9396,
PMTR-44668
Security Management In a rare scenario, the FWM process will utilize 100% CPU, and connections to SmartConsole may fail.
PRJ-7916,
PRHF-7614
Security Management When installing policy to a Cisco router, an automatic ACL number change may cause networking issues.
PRJ-8797,
PMTR-48610
Security Management If the database contains an internal user object with the same account name as an administrator object, then after the user publishes any change to the internal user object, the login in SmartConsole with the administrator account may fail.
PRJ-8857,
PMTR-48652
Security Management If the database contains an internal user object with the same account name as an administrator object, then after the user publishes any change to the administrator object, the login in a VPN client with the internal user account may fail.
PRJ-8004,
PMTR-46434
Security Management In some scenarios, HA synchronization in the Global Domain fails with the "Failed to sync peer - Global Domain is incompatible with the Domains." error.
PRJ-7467,
CPM-1745
Security Management Global policy reassignment may fail after a rulebase is deleted in the Global Domain.
PRJ-7038,
PRHF-6722
Security Management The 'fwm sic_reset' command does not print which object still has an IKE certificate.
PRJ-8374,
PRHF-7874
Security Management In some scenarios, the exported database may be very large and include redundant data.
PRJ-5493,
PRHF-5881
Security Management NEW: Added the policy verifier memory enhancement and additional debugging options. Refer to sk162453.
PRJ-5095, PMTR-41712 Security Management When an administrator edits the description of a revision, he becomes the publisher of the revision.
PRJ-8093,
PRHF-7729
Security Management In some scenarios, policy installation fails when installation target is Check Point Host.
PRJ-3037,
PMTR-39305
Security Management In some scenarios, the Management Server takes a long time to start or even fails to start.
PRJ-4307,
PMTR-45046
SmartConsole When performing a login using mgmt_cli as root admin (with '-r' set to "true"), session timeout is not set.
PRJ-6841,
API-841
SmartConsole NEW: Added integration of Management API with Ansible 2.9. For more info see: https://galaxy.ansible.com/check_point/mgmt
PRJ-2436,
PRHF-4184
SmartConsole When disabling NAT for a network object and searching for the NAT IP address, the network object is still shown as part of the search results even though it should not be.
PRJ-7945,
PMTR-46715
SmartConsole In some scenarios, when the user runs the 'show-mdss' command with 'details-level full', not all domains are retrieved.  
PRJ-4684,
PMTR-41238
SmartConsole In a rare scenario, SmartConsole unexpectedly terminates when trying to create a user with certificate.
PRJ-7833,
PMTR-43461
Multi-Domain Management In some scenarios, upgrade of R7x secondary Multi-Domain Management Server or Multi-Domain Log Server fails. 
PRJ-7134,
PMTR-44390
Multi-Domain Management Improved Domain/CMA logs visibility.
PRJ-7104,
PRHF-6605
Multi-Domain Management  The cma_migrate may fail if the IPS version does not exist on the R80.x Multi-Domain Management Server.
PRJ-3792 Smart Event Added the Log Exporter functionality. Refer to sk122323.
PRJ-6045,
PMTR-43654
Security Gateway Improved misleading log for connections that terminate before detection. 
PRJ-7750,
PRHF-7389
Security Gateway In some scenarios, there is no SIC after applying the ICA certificate replacement procedure. 
PRJ-7868,
SWG-2361
Security Gateway Improved DNS caching and negative DNS response handling.
PRJ-4747,
PRHF-5313
Security Gateway In a rare scenario, the FWK process stops working during debug.
PRJ-3425,
PMTR-35854
Security Gateway In a rare scenario, changing the xmit-hash-policy of the bonding group while the machine is handling traffic causes it to crash. Refer to sk154573.
PRJ-7485,
GAIA-4638
Security Gateway Connectivity issues on some HTTPS sites (as login pages) when the Security Gateway is configured as a proxy. Refer to sk147878.
PRJ-6073,
PMTR-41138
Identity Awareness Machine identity for Terminal Server agent is not identified unless Identity Agent is also enabled on the Security Gateway.  
PRJ-7647,
PMTR-45863
SSL Inspection HTTPS Inspection's default CA certificate was upgraded to use a signing algorithm based on SHA256 instead of SHA1. Refer to sk163932
PRJ-7636,
PMTR-46064
ClusterXL The 'set router-options auto-restore-iface-routes' command is now deprecated.
PRJ-6154,
PRHF-6490
SecureXL In some scenarios, SecureXL causes an issue in the routing of multicast traffic.  
PRJ-2978,
VPNS2S-417
VPN SmartView Monitor VPN tunnel status may show incorrect or missing tunnels status for a cluster object.
PRJ-7266,
CRYPTOIS-903
VPN In some scenarios, the vpnd process stops working during decryption of SSL traffic. Refer to sk109140.
PRJ-7064,
PMTR-45006
CloudGuard In some scenarios, subnet objects may not contain all the relevant IP addresses for VMSS VMs. 
PRJ-7301, 
PRHF-4371
Mobile Access In a rare scenario, when Mobile Access blade is enabled, the Security Gateway may crash with vmcore.
PRJ-6853,
PMTR-42177
Logging In a rare scenario, the "Logs & Monitor" view in SmartConsole freezes while scrolling down the results.
PRJ-8156 Logging In some scenarios, CPSEMD remains down after restarting all processes in a SmartEvent Server.
PRJ-6188,
PRHF-6325
Logging Widgets inside SmartView's "Views and Reports" may result in "Query Failed" messages when filtered by the "Log Server Origin" field.
PRJ-7813,
PMTR-42519
Logging In a rare scenario involving multiple disconnections and reconnections between Security gateway and Log Server, connection is not automatically restored and logs may not be written locally. Refer to sk164852.
R80.10 Jumbo HotFix - General Availability Take 259 (19 December 2019, GA from 13 February 2020)
PRJ-4928,
PMTR-41602
Upgrade In some scenarios, the FWM process fails to start after a successful upgrade with the "Found an indication that the current domain was migrated, and the migration had failed. Cannot start after a migration failure" message in fwm.elg file.
PRJ-5659,
PRHF-5965
Security Management Blank lines may appear in SmartConsole Purge Revisions view after purging a large database.
PRJ-5663,
PRHF-6087
Security Management In some scenarios, purge revisions fails and blank lines, that cannot be deleted, appear in SmartConsole Revisions view. Refer to sk163116.
PRJ-5654,
PRHF-5776
Security Management In some scenarios, cpm_status.sh reports incorrect CPM status. Refer to sk162633.
PRJ-5755,
PMTR-43497
Security Management High Availability synchronization between Management Servers may fail when there is no enough disk space in the root partition. 
PRJ-4833,
PRHF-5419
Security Management The FWM process may stop working The FWM process may stop working when an incorrect license SKU with a specific format is applied.
PRJ-4969,
PRHF-5435
Security Management In some scenarios, disconnected sessions with no changes or locks appear in SmartConsloe session view.
PRJ-3691,
PMTR-36555
Security Management New policy creation may fail when there are no installation targets defined in this policy.
PRJ-3540,
UP-240
Security Management NEW: Improved debug prints in case of access policy drops.
PRJ-4873,
PRHF-5274
Security Management In some scenarios, when setting or modifying the Email/Phone fields of an administrator, the old values still appear at the bottom pane under "View Sessions" instead of the updated values. 
PRJ-5555,
PMTR-43278
Security Management In some scenarios, policy installation fails with "Policy installation failed on gateway. If the problem persists contact Check Point support (Error code: 0-2000117)". Refer to sk162554.
PRJ-5411,
PRHF-5815
Security Management In some scenarios, policy Installation fails with "Operation failed, install/uninstall has been improperly terminated" error. Refer to sk162855.
PRJ-6940,
PRHF-6754
Security Management In a rare scenario, policy installation fails with "Policy installation had failed due to an internal error". Refer to sk163482.
PRJ-6668,
PMTR-44148
Security Management In some scenarios, traffic outage may happen after policy installation from Multi-Domain SmartConsole. Refer to sk163712.
PRJ-4727,
PMTR-41157
Security Management After deleting a network object that is part of a network group, the audit log of the group modification does not show who is the removed member. Refer to sk164057.
PRJ-5721,
PMTR-42089
Security Management In some scenarios, upgrade from R7x is not aborted when there is not enough disk space to complete the import operation.
PRJ-5427,
PMTR-41518
Security Management In some scenarios, policy fetch fails if name of the Security gateway that tries to fetch this policy is not defined in DNS. Refer to sk150472.
PRJ-5027,
PRHF-4877
Security Management In some scenarios, policy verification process fails after reaching memory size of 4GB. Refer to sk161412
PRJ-4664,
PMTR-41210
Multi-Domain Management The FWM process may stop working when there is no valid license on the Multi-Domain Server. 
PRJ-3524,
PMTR-40003
Multi-Domain Management Objects on Domain level that should be shown on the Multi-Domain Server level, sometimes are not shown correctly.
PRJ-5527,
PRHF-5527
SmartConsole In some scenarios, applying "Where used" from the local Domain on an object that is used in global policies, may return results from the global policies that are not assigned to the local Domain. Refer to sk162753.
PRJ-6932,
PRHF-6842
SmartConsole Threat Prevention policy installation may include wrong topology warning on VSX cluster interfaces.
PRJ-5372,
PMTR-43427
SmartConsole In Multi-Domain environment, IPS protections become staging on each domain after global policy assignment while the protection does have override/staging status in the global domain.
PRJ-6644,
PRHF-6606
SmartConsole In some scenarios, administrator cannot open the 'RemoteAccess' - VPN community object for editing.
PRJ-4200,
PMTR-40076
SmartView NEW: Added support for "SmartView for QRadar" extension. 
PRJ-1675
SL-1890
SmartView In some scenarios, Hit Count on specific rules does not increment after they were recently created or re-ordered. Refer to sk138033
PRJ-5628,
PRHF-5810
SmartView In SmartView, when exporting logs to Excel after drill-down, the amount of logs is less than expected. Refer to sk162621
PRJ-5484,
NAT-110
Security Gateway NEW: Enhancement: NAT port exhaustion logs mechanism was updated. Refer to sk156852.
PRJ-4614,
PMTR-40937
Security Gateway In some scenarios, VoIP traffic is dropped with "allocate_port_impl: could not find a free port;" error in dmesg.
PRJ-4162,
PMTR-39641
Security Gateway In some scenarios, when the ICAP server on the Security gateway is enabled, some web pages do not load.
PRJ-5318,
NAT-137
Security Gateway In a rare scenario, Security gateway freezes when IP pool NAT and VPN are used.
PRJ-5868,
SWG-2208
Security Gateway In a rare scenario, Security gateway crashes when proxy is enabled.
PRJ-5325,
PRHF-551
Security Gateway In a rare scenario, Security gateway crashes when using the Web Servers Slow HTTP Denial of Service protection.
PRJ-2359,
PMTR-10094
Security Gateway In a rare scenario, some commands on Security gateway fail and traffic may be dropped.
PRJ-2917,
UP-293
Security Gateway In a rare scenario, Security gateway may crash due to NULL pointer reference. 
PRJ-6655 Security Gateway NEW: Performance enhancement for gzip traffic on VSX environment. 
PRJ-4526,
PMTR-34813
Security Gateway In some scenarios, traffic is dropped with "[ERROR]: network_classifier_handle_dag: failed to get uuid of DAG bogus_ip" error in dmesg.
PRJ-5935,
PRHF-5344
Logging In some scenarios, when retrieving the UserCheck logs, FWD process on the Security gateway may stop working.
PRJ-735,
SL-1290
Logging In a rare scenario, Security gateway starts writing logs locally due to the high CPU utilization by the FWD process on the Log Server. Refer to sk152113.
PRJ-4963,
SL-2456
Logging In a rare scenario, a specific log fails to be written and an alert informing on this is displayed in SmartConsole.
PRJ-7459,
PMTR-45826
IPS Cannot update the Geo Policy IPToCountry database on Security Gateways. Refer to sk163672
PRJ-1019,
PRHF-2795
DLP DLP activation was optimized to reduce the CPU consumption.
PRJ-4846,
PMTR-4178
SSL Inspection In a rare scenario, when SSL Inspection is enabled and there is big latency, Microsoft websites (for example Azure) may not respond. Refer to sk150175.
PRJ-4464,
PMTR-39191
Gaia OS While unplugging one of the power supply cables on Smart-1 5150/5050/525 appliances, a false 'No Read' message appears for ~5 seconds in both PSUs statuses (instead of Present/Input Lost/Absence).
PRJ-1543,
GAIA-4880
Gaia OS In some scenarios, the VSX Management fails to be properly restored from backup.
PRJ-6790,
PRJ-6158,
PRHF-6143
Gaia OS "Gaia Web-UI recognized a non-valid input data" error when creating a scheduled backup in WebUI via SCP or FTP with special characters used.
PRJ-960,
PRHF-2474
Gaia OS In some scenarios, user cannot access terminal from WebUI in monitor role mode. 
PRJ-1756
PRJ-6056,
PRHF-3943
Gaia OS A network interface may restart when changing its properties from WebUI if the interfaces configuration was performed via CLISH. 
PRJ-346,
PRHF-1739
Gaia OS In some scenarios, Smart-1 405 and 410 appliances may show high voltage due to incorrect VBat thresholds. 
PRJ-1259,
PRHF-3675
Gaia OS CPD process may stop working when attempting to query sensor values on Smart-1 525, Smart-1 5050 and Smart-1 5150 appliances.
PRJ-4181,
CLUS-1486
VSX In some scenarios, the vsx_util vsls commands fails to change the VSs priority. Refer to sk160832
PRJ-4676,
PMTR-41221
VSX VSX configuration cannot not be applied after upgrade from R77.x to R80.x, due to duplicated VSX routes. 
PRJ-6963,
PMTR-44031
VSX  In some scenarios, when running the cphaprob show_bond command, one of the bond's slave may be missing from the output. Refer to sk163333.
PRJ-5876,
PRJ-5875
Acceleration Card Policy installation may take a long time when using SAM-108 Acceleration Card on 21000 appliances. 
PRJ-7183,
PMTR-44859
CloudGuard Public IP addresses for Virtual Machines and Virtual Machines Scale Sets may be missing. 
PRJ-5528,
PMTR-42941
CloudGuard In some scenarios, centrally distributed license disappears from CloudGuard Gateways. Refer to sk151794.
PRJ-4075,
PMTR-25655
VPN If the VPN tunnel is configured with GCM ciphers for Phase 2, encrypted traffic may be dropped when SecureXL is enabled. Refer to sk152832.
R80.10 Jumbo HotFix - General Availability Take 249 (21 November 2019, GA from 23 December 2019)
Note: This Take updates Take 245 released on 24 October 2019. It is recommended to install Take 249
PRJ-7006,
PRJ-6992
Multi-Domain Management The Gaia restore of Multi-Domain Server fails when using Take 245 of R80.10 Jumbo Hotfix Accumulator. Refer to sk163473
PRJ-6781 ClusterXL Using R80.10 management to manage R80.30 Cluster may lead to a split brain scenario and traffic loss on the Security gateway side.
PRJ-6684,
PMTR-44076
Gaia OS  In some scenarios, Gaia restore on Multi-Domain Server fails with error "failed to edit update registry". Refer to sk163312
PRJ-2346,
PMTR-38631
VPN Remote Access client randomly disconnect / unable to connect when DHCP multi-homed server is configured.
R80.10 Jumbo HotFix - Ongoing Take 245 (24 October 2019)
PRJ-2724,
PMTR-38948
Upgrade Added a pre-upgrade verification that Global network objects with NAT configuration are not supported. 
PRJ-2982,
API-744
Security Management In some scenarios, show generic-objects API command fails with "Management Server failed to execute command". Refer to sk157693
PRJ-3187,
PMTR-39644
Security Management Added ability to automatically determine the API process memory allocation to avoid "Out of memory" errors. Refer to sk119553.
PRJ-3635,
PMTR-19721
Security Management In some scenarios, policy installation fails with "Policy installation had failed due to an internal error" message. 
PRJ-2952,
PMTR-23492
Security Management Added support for Internal CA certificate replacement.
PRJ-2337,
PRHF-4046
Security Management In some scenarios, user cannot discard or publish a worksession, receiving the general message "Internal error". 
PRJ-4277,
PRJ-4301
Security Management When a purge operation is performed on a large amount of revisions, the operation may take a long time to complete. 
PRJ-2293,
PMTR-38293
Security Management In some scenarios, QoS policy installation fails when installing the blade without installing Access or Threat blades of the same policy first. 
PRJ-4184,
PMTR-38720
Security Management

When many users are connected to and actively working in the same domain in SmartConsole, they may experience: 

  • Slowness in SmartConsole responses
  • Long duration of operations
  • High load on the Management Server
PRJ-2647,
PMTR-38095
Security Management In a rare scenario, the Security Management server does not start due to a missing object, or a duplication of objects. 
PRJ-1516,
CPM-2264
Security Management Performance and stability improvements in large High Availability setups.
PRJ-3639,
PRHF-3463
Security Management In some scenarios, size of the shadow_object.C file increases after each policy installation, eventually causing a failure in installing a policy. 
PRHF-3242,
PRJ-657
Security Management In a rare scenario, the policy verifier ignores rules with object named "Internet" used with negate operator. 
PRJ-4304,
PMTR-40468
Security Management Added a mechanism to prevent the Management Server from starting if an import process was interrupted.
PRJ-1272,
PMTR-38720
Security Management When many users are connected to and actively working in the same domain in SmartConsole, they may experience:
  • Slowness in SmartConsole responses
  • Long duration of operations
  • High load on the Management Server
PRJ-1760,
PMTR-37924
Security Management Due to a failed full sync, FWM was restarted unexpectedly and obsolete domain sessions were used in the global policy assignment. 
PRJ-2491,
PMTR-38103
Security Management In some scenarios, a validation incident about Invalid Email Address is presented in SmartConsole after upgrade from R77. 
PRJ-1864 Security Management In some scenarios, SmartConsole stops working while adding or removing many objects via Web API. 
PRJ-2748,
PRHF-4334
Security Management In some scenarios, the "migrate export" command fails on the Secondary Security Management machine.
PRJ-2680,
PRHF-3584
Security Management Added a Security Management feature that allows CPDiag to route data (in uploads and downloads) for offline Security gateway (gateway with no direct Web access) using the Management server as a proxy to the internet.  
PRJ-1442,
PRHF-3783
Multi-Domain Management In some scenarios, gateways are missing in the 'Gateways and Servers' view in SmartConsole on the MDS level. 
PRJ-2158, PMTR-33605 Multi-Domain Management In some cases on Multi-Domain environments with several servers, tasks still appear in progress after restart of the server even though they are not really running. 
PRJ-3050,
PMTR-39455
Multi-Domain Management If user deletes a CLM from a Domain (it's forbidden, the validation was added), the CLM remains as partially deleted and user cannot create a new one. 
PRJ-1532,
PRJ-1536
Multi-Domain Management In a specific scenario, Global policy rules may change order after Multi-Domain Server upgrade. Refer to sk155432.
PRJ-371,
PRHF-3285
Multi-Domain Management In a rare scenario, FWM process stops working on the Domain level during login. 
PRJ-3619,
PMTR-36765
Multi-Domain Management In some scenarios, the "Unable to connect to server. Please make sure the server is up and running." error appears when trying to log into single Domain from SmartConsole. Refer to sk153293.
PRJ-2243,
PMTR-36614
Multi-Domain Management The mds_backup command will generate an output file of format .tar instead of .tgz to improve the duration time of backup (mds_backup) and restore (mds_restore) of Multi-Domain Server. Refer to sk163300.
PRJ-1968,
PRHF-3268
SmartConsole In setups with a large quantity of network object, users may experience slowness when editing the HTTPS Inspection policy. Refer to sk147134
  • To fully resolve the issue, R80.10 SmartConsole Build 154 (or higher) should be installed.
PRJ-1343 SmartConsole In some scenarios, DNS Maximum Reply Length IPS protection is not enforced.
  • To fully resolve the issue, R80.10 SmartConsole Build 154 (or higher) should be installed.
PRJ-782,
PRJ-777
SmartConsole In a rare scenario, the FTP Bounce, Port Overflow and Known Ports IPS protections are not enforced.
  • To fully resolve the issue, R80.10 SmartConsole Build 154 (or higher) should be installed.
PRJ-3868,
PRHF-4655
SmartConsole In a rare scenario, when user clicks on Mail Transfer Agent (MTA) options in the Security gateway settings or on 'Next hop' column inside MTA settings, SmartConsole shows "Not Responding" and freezes. Refer to sk161232.
  • To fully resolve the issue, R80.10 SmartConsole Build 154 (or higher) should be installed.
PRJ-2558,
MCFG-200
SmartConsole In "Gateways and Servers" view, gateways are missing status when managing more than 1000 gateways. This fix supports statuses up to 5,000 gateways.
PRJ-783 SmartConsole In some scenarios, user cannot delete a VS object since it is referenced by an automatically generated exception rule.  Refer to sk167272.
PRJ-4431, PMTR-27392 SmartConsole In some scenarios, when there is a large quantity of unused permission profiles in the system, the CPM server takes a long time to start.
PRJ-4130,
PRHF-1847
SmartConsole Administrators with "\" in their username receive the "Error Occurred" pop-up when trying to view a packet capture. Refer to sk140992.
PRHF-2194,
PRJ-4432
SmartConsole In some scenarios, Client certificate is removed when deleting Domain that is included in certificate's permissions. 
PRJ-559,
PMTR-2800
SmartConsole In some scenarios, custom time frame filter in Logs & Monitor view returns wrong results. 
PRJ-4354,
CIS-2085
SmartConsole SmartConsole configuration settiings on Citrix clients are not saved after logging off.
MCFG-199,
PRJ-2382
SmartProvisioning SmartUpdate generates audit log even when no action was taken. 
PRJ-865,
PRHF-3392
SmartProvisioning In VPN star community managed by SmartProvisioning, VPN tunnels may not be established after installing policy to CO gateway (center). Refer to sk152612
PMTR-31278,
PRHF-4404
Security Gateway Connectivity issues on some HTTPS sites (as login pages) when Security gateway is configured as proxy. Refer to sk147878.
PRJ-4105,
PRHF-2796
Security Gateway In some scenarios, logs cannot be seen because the log_indexer process stopped working.
PRJ-3541,
PMTR-28915
Security Gateway Possible performance impact on NAT port exhaustion scenarios. 
PRJ-3029,
PRHF-1865
Security Gateway In a rare scenario, Security gateway may crash when proxy is enabled.
PRJ-2072,
PMTR-13868
Security Gateway In a rare scenario, FWD process stops working and generates a core dump file.
PRJ-4807,
PMTR-41392
Security Gateway Enabled avoiding source port allocation for specific predefined connections.
PRJ-2683,
PMTR-3739
Security Gateway Enabling by default the HTTP Strict Transport Security (HSTS) policy on Check Point's portals (WebUI, Mobile Access, DLP, Captive Portal, UserCheck). Refer to sk121795.
PRJ-3369,
PMTR-13884
Threat Prevention Deleting a Threat Prevention profile may fail if the IPS profile has many overrides. Refer to sk136552
PRJ-3551,
PMTR-3105
Web Intelligence In some scenarios, some web sites are loading for a long time and eventually fail to load.
PRJ-1919 Identity Awareness Security hardening for Identity Awareness Agent (IDA) enforcement according to XFF IP.
PRJ-4232,
PRHF-1495
URL Filtering In some scenarios, high latency for HTTPS traffic is observed when using URL Filtering. Refer to sk140213.
PRJ-1024,
PMTR-3398,
SWG-1879
URL Filtering In some scenarios, many messages similar to "appi_rad_uf_cmi_handler_async_service_cb" are listed in /var/log/messages file. Refer to sk156572.
PRJ-688,
PMTR-26827
Application Control In some scenarios, custom Application Object that was initiated with wrong "Application Risk" value may cause connectivity problems. Refer to sk140892
PRJ-3674,
PMTR-32168
Logging In a rare scenario, Security gateway starts to log locally even if logs are sent to backup server. 
PRJ-1689,
PMTR-22797
Logging  Machine statuses in "Gateways and Servers" disappear from SmartConsole and reappear periodically. 
PRJ-868,
PRHF-2806
Logging  In a rare scenario, SmartConsole does not show indexed logs because the log_indexer process stopped working. Refer to sk152934.
PRJ-1309,
PRHF-3681
Logging  In the Logs & Monitor view, the "File size" field is missing from the logs generated by Media Encryption & Port Protection blade. Refer to sk157952
PRHF-4975,
PRJ-4060
Logging  In some scenarios, when exporting logs with "Visible columns" option selected from SmartView, some columns return empty record. Refer to sk161712.
PRJ-2676,
PRHF-3831
Logging  In a rare scenario, the accounting of bytes in a report is not accurate.
PRJ-1156,
PRHF-3561
Logging In SmartView, if a view contains 2 map widgets, one displaying source countries and the other displaying destination countries, drilling down on one of them may display incorrect data.
PRJ-2643,
SL-2509
Logging  Running views and reports with a filter fails if the filter contains a "NOT" operator combined with parentheses. 
PRHF-4497,
PRJ-3208
Logging In some Full HA environment scenarios, the "Logserver <Cluster virtual IP> is disconnected" error pops up in SmartConsole log view. 
PRJ-1323,
PRHF-3690
Logging In some scenarios, when running mdsstart, the following error message is shown: "/opt/CPSmartLog-R80.20/bin/smartlogstop: line 65: /opt/CPmds-R80.20/customers/<name>/CPSmartLog-R80.20/log/smartlogRun.log: No such file or directory". 
PRJ-1240,
SL-2002
Logging  Running views or reports that contain the attack / attack_info fields may fail or not be completed. 
PRJ-2912,
PRHF-1554
Logging In some scenarios, the log maintenance mechanism deletes the earliest logs due to mistake in Emergency mode maintenance. Refer to sk161712.
PRJ-1274,
SL-1052
Logging In a rare scenario, when an environment has many gateways (dozens), FWM on the log server may crash when reaching to 4 GB memory. 
PRJ-3627,
PRHF-2607
Logging In some scenarios, when SAM activity is defined and a Log server receives a high amount of packets, the FWD porcess on the Log server stops working.
PRJ-2144,
PRHF-4105
ClusterXL In a rare scenario, the fw_workers process consumes high CPU on the Standby member of a ClusterXL. Refer to sk156333.
PRJ-419 SecureXL In some scenarios, it may take a long time to remove some connections from the SecureXL connections table.
PRJ-1173,
SPC-2008
SecureXL Fast Accelerator (sim fastaccel) does not support different number of rules for different VS's on VSX environment. 
PRJ-629,
PRHF-5533
SecureXL In some scenarios, latency is observed on the Security gateway when SecureXL is enabled. Refer to sk162914
PRJ-417,
PRHF-5267,
PRHF-3649
SecureXL  In some scenarios, DHCP relay traffic is dropped with the "dropped by handle_outbound_pac, Reason: connection not found" error, although the policy and DHCP relay are configured correctly. 
PRJ-4088,
PMTR-21608
SecureXL In some scenarios, dmesg shows drops from link collisions in Performance Pack when using NAT Dynamic port allocation.  Refer to sk162252.
PRJ-34,
ROUT-318
Routing In some scenarios, Routed Pnote in 'Problem' state and ClusterXL member is down after enabling OSPF. Refer to sk123317.
PRJ-33,
ROUT-209
Routing Enhancement: Improved the memory handling mechanism in Routed. 
PRJ-3142,
GAIA-2861
Gaia OS In some scenarios, the IGB driver interfaces are occasionally down after reboot of a Management machine. Refer to sk135532
PRJ-2334,
PRJ-2335,
PMTR-26981
Gaia OS Added 'pigz' and 'unpigz' binaries.
PRJ-4643,
PRJ-4644,
02473276
Gaia OS "Authentication failure" error when authenticating with TACACS+ user that has special characters in their password. Refer to sk101332
PMTR-37425,
PRJ-1402
Gaia OS Backup task fails if SmartConsole is open during backup.
PRJ-531,
PMTR-1424
Gaia OS In some scenarios, the LSI MegaCli tool used to monitor Smart-1 3050 and 3150, stops working.
PRJ-4933,
PRHF-4416
Gaia OS In a rare scenario, failing scheduled backup from the Management server causes the SCP server password to appear in HEX. 
PRJ-3795,
PRHF-1778
Gaia OS Enhancement: The maximum size of the arp table was increased to 4096. 
PRJ-1028,
GAIA-5047
Gaia OS Changing the xmit-hash-policy of the bond may cause all static arp entries to disappear from the arp -a output. Refer to sk152892.
PRJ-4685,
SPC-1903
VSX In some scenarios, running the "fw vsx resctrl monitor disable" command or disabling VSX Resource Monitor via CPView causes crash of the VSX Gateway. Refer to sk144432.
PRJ-161 VPN  In some scenarios, simultaneous login is not enforced on Capsule VPN / Connect for Mobile devices in IPsec flow. 
PRJ-2957,
CRYPT-210
VPN After running "cpca_client re_sign_ca" and "mcc replace", SmartConsole shows the same Internal CA certificate. 
PRJ-2875,
PMTR-38894
VPN Connectivity improvement for Remote Access clients in environments with 3rd party VPN tunnels.
R80.10 Jumbo HotFix - General Availability Take 225 (04 August 2019, GA from 04 September 2019)
PRJ-601,
PRJ-648
Security Management Added ability for R80.10 Security Management or Multi-Domain Server to manage R80.30 Security gateway. Refer to sk149272.
  • To fully resolve the issue, R80.10 SmartConsole Build 137 (or higher) should be installed.
PRJ-714,
PMTR-36761,
CPM-2191
Security Management Enhancement: added feature for tracking random CPM process crashes on Security Management server. Refer to sk150913.
PRJ-1899,
PMTR-38614
Security Management After opening and searching in pickers for a few times, the "error retrieving results" message appears when opening a picker. 
PRJ-672,
PMTR-36302
Security Management In some scenarios, Check Point services fail to start and the CPM log shows that there are duplicate session aggregators.
PRJ-1920,
CPM-2300
Security Management In a rare scenario, CPM server does nоt start after failure in deleting domain.
PRJ-1378,
PRHF-3514
Security Management In a rare scenario, upgrade from R77.x to R80.x fails with cpdb core dump file created.
PRJ-1102,
PMTR-25835
Security Management API is missing a validation letting you assign permissions to Multi-Domain Server Super User. 
PRJ-1304,
PRJ-1303
Security Management When running 'add-domain' Web API command on an existing Domain, the original Domain is deleted. 
PRJ-1241,
PRHF-2012
Security Management High CPU utilization by FWM process when SmartEvent is enabled on the Security Management Server. Refer to sk147563.
PRJ-449.
PRHF-3283
Security Management In a rare scenario, a failure in policy installation causes a false "Policy installation is currently in progress" error message.
PRJ-591,
PRHF-3300
Multi-Domain Management Multi-Domain Server processes must be down when running cma_migrate.
PRJ-1400
PMTR-29769,
CPM-1730
Multi-Domain Management The Multi-Domain Management database size grows significantly causing operations like "mds restore" and HA full sync to take much longer time.
PRJ-1687,
SMCUPG-719
Multi-Domain Management "Delete Domain Server failed: 'Could not send Message.'" error on Domain deletion attempt failure when there is a large amount of gateways in this Domain.
PRJ-2385,
PMTR-38670
Multi-Domain Management In a rare scenario, CPM server fails to start after successful Domain deletion.
PRJ-1102,
PMTR-25835 
Multi-Domain Management  API is missing a validation allowing the assignment of permissions to MDS Super-User.
PRJ-2302,
PMTR-39001,
GAIA-3984
SmartConsole

Added Management support for 16000 and 26000 appliances.

  • To fully resolve the issue, R80.10 SmartConsole Build 137 (or higher) should be installed.
PRJ-1432,
PMTR-31155
SmartConsole In some scenarios, SmartConsole unexpectedly terminates when installing policy on many targets simultaneously.
PRJ-152,
PMTR-35845
SmartConsole In some scenarios, Installation Targets do not show the correct gateways when cloning and editing the installation targets in the same session.
PRJ-1142,
API-549
SmartConsole Management API command "put file" can be used for command execution with certain permissions. 
PRJ-589,
PMTR-36527
SmartConsole Redundant layers appear in the output of show-package command when Global policy holding more than 1 layer is assigned to Domain.
PRJ-785 SmartConsole In a rare scenario, invalid IPS packages and empty lines appear in 'Switch version' window under IPS update.
PRJ-248,
PMTR-35836
SmartConsole "Runtime error: java.lang.String incompatible with com.checkpoint.management.web_api_is.common.multi_values.objects.MultiStringForSet" error when trying to set a tag to ICMP and ICMP6 services or set those services into a group with API command. 
PRJ-1188,
PRHF-3134
Security Gateway In some scenarios, when Graceful Restart is enabled, not all BGP routes are advertised.
PRJ-605,
PRHF-3117
Security Gateway In a rare scenario, routed process stops working when ECMP is enabled for both IBGP and EBGP. Refer to sk162547.
PRJ-843,
PMTR-35251,
PMTR-34543
Security Gateway OpenSSL is vulnerable to Padding Oracle Timing / Side Channel Attack.
PRJ-74,
PRHF-2868
Security Gateway Added ability to monitor the number of SYN packets on the Security Gateway.
PMTR-32539,
IDA-1803,
PRJ-1861
Identity Awareness Users are not authenticated when an identity source provides the login name in an 'User Principal Name' format "user@domain". Refer to sk147417.
PMTR-32057,
PMTR-36871,
PMTR-37867,
PRJ-1861
Identity Awareness The output of pep show pdp all command on the Identity Gateway (PEP) contains "inx invalid type (0)" instead of an Identity server (PDP) IP address. 
Refer to Scenario #3 in sk156953.
IDA-1981,
IDA-2032,
PRJ-1629,
PRJ-1861
Identity Awareness

In some scenarios, users are not propagated from the Identity server (PDP) to the Identity Gateway (PEP) on a specific network.

IDA-1987,
PRHF-4175,
PRJ-1955
Identity Awareness In a rare scenario, sessions longer than 24 hours disappear from the Identity Gateway (PEP) but exist on the Identity server (PDP).
IDA-1966,
PRHF-4508,
PRJ-1748
Identity Awareness In a rare scenario, identities are missing from all connected Identity Gateways (PEPs).
IDA-2067,
IDA-1892,
PRJ-1947
Identity Awareness Performance improvement of Identity Awareness kernel tables for Cluster and multi-fw1 instances gateways.
PRJ-942,
UP-258,
PMTR-23445
Application Control,
URL Filtering
In some scenarios, it takes time to load a website when certain applications/links in Application Control/URL Filtering rulebase are blocked. Refer to sk135132.
PRJ-1821,
PRHF-3890
SSL Inspection Added support of RDP over SSL inspection as part of HTTPS Inspection blade.  (Relevant for Remote Desktop Protocol Vulnerability CVE-2019-0708.)
PRJ-1554,
PMTR-37434
Logging
  • In some scenarios with low disk space and customized retention configuration, logs and indexes may be deleted contrary to the configuration.
  • In some cases, logs are not forwarded when log forwarding in enabled on a Log server machine.
PRJ-345,
PMTR-19854,
PRHF-1915
ClusterXL SNMP variables for VRRP MIB are now available in R80.10. Refer to sk141334
PRJ-1329,
PRHF-3032,
02541089
SecureXL In a rare scenario, Security Gateway freezes / crashes when SecureXL is enabled and multicast routing is configured. Refer to sk119299.
PRJ-2374,
PRJ-2375
Gaia OS CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479: TCP SACK PANIC - Linux Kernel vulnerabilities. Refer to sk156192
PRJ-1868, PRJ-1677  Gaia OS Clish command "show system init-services" and Expert command "service --status-all" run "mdsstart" on the server.
R80.10 Jumbo HotFix - Ongoing Take 214 (04 June 2019)
PMTR-22530,
PMTR-22677,
MBS-2739
Security Management Management API on an R80.10 Management Server does not support Security Gateways R80.20SP.
PMTR-27538,
PMTR-27797
Security Management False message "peer failed to synchronized me" appears in Multi-Domain Server HA window although machines are successfully synced. Refer to sk151392.
PRJ-95,
PRHF-2762
Security Management In some scenarios, the postgres.elg file grows and fills up the disk space. Refer to sk143852.
PMTR-22975,
PMTR-21449
Security Management In a rare scenario, Application Control policy installation fails with "Load on Module failed - failed to load security policy" error, caused by the string dictionary table overflow on the Security gateway. Refer to scenario 3G in sk33893.
PMTR-27993,
API-526
Security Management The size of the policy has a significant performance impact when adding a rule to the bottom of policy via API.
PMTR-30694,
API-569
SmartConsole When using the Threat Exception API and specifying Anti-Virus or Anti-Bot protection, the request fails with "Protection cannot be found" error message.
PMTR-17190,
PRHF-2129
SmartConsole In some scenarios, Access Policy Hitcount shows zero in the Hitcount column. Refer to sk150492.
PMTR-35705,
PRHF-3127
SmartConsole Enhanced the policy verification error message related to end of Legacy URL Filtering support by adding the list of gateways that are using it. Refer to sk110116.
PMTR-22200,
API-392
SmartConsole In some scenarios, "show package" API command fails with "generic_server_error", reporting "Unable to get all policies because access policy container not used". Refer to sk136432.
PMTR-34788,
PRHF-2252
SmartConsole "Get Gateway Data" returns "Execution error" for cluster object in SmartUpdate.
VPNRA-189,
PRJ-160
SmartView Monitor In some scenarios, SNX client is not seen in SmartView Monitor tracking page after connecting to the Security gateway.
PMTR-33423,
SL-1997
SmartView Monitor SmartView Time filter does not work correctly if the server Time Zone is different than the client Time Zone.
PMTR-35201,
PMTR-12088
Multi-Domain Management When using an inline layer in a Global policy, during installation of a policy with "rule hide rule" verification, the wrong rule numbers show in the Policy Installation window. Refer to sk125672.
PRJ-45,
PMTR-2403
Multi-Domain Management In some scenarios, Global policy assignment fails with "An internal error has occurred" error. Refer to sk155412.
PRJ-65,
PRHF-1880,
PMTR-245
Security Gateway In some scenarios, the following error appears in dmesg:
"cmik_loader_fw_dyn_parsers_is_set_conn_flag_on_up_conn: failed to retreive the 'parsers_is_opq' or it doesn't exists on that connection".
PMTR-34112,
PMTR-32168
Logging In a rare scenario, Security gateway starts to log locally even if logs are sent to backup server.
PMTR-34331,
PMTR-30064
Logging When logging in with web app to a Domain, the application name and correct IP address are not displayed in SmartConsole Sessions tab.
PMTR-31035,
IDA-1689
Identity Awareness In rare scenario during Identity Agent or Terminal Server Agent IP change, PEP database becomes corrupted.
PRJ-360,
PMTR-33177
Identity Awareness In some scenarios, when using Load Sharing, upon the same IP address used by two different users, users may be able to access or to be restricted from accessing resources without proper roles.
PMTR-33363,
IDA-1225
Identity Awareness In some scenarios, session becomes corrupted on PDP side, leading to unexpected behavior.
PMTR-33237,
PMTR-32352
IPS R77.x gateways managed by R80.x Security Management show that IPS blade is enabled while it is disabled on the gateway object. Refer to sk146592.
PRJ-118,
PRHF-327
IPS When inspecting raw logs, entries with "origin = 0.0.0.0" can be seen under IPS logs, while logs in the SmartConsole appear fine.
PMTR-35095,
MB-30
ClusterXL New validation added: Starting from R80.20, ClusterXL does not support Load Sharing mode. SmartConsole blocks such configuration with a warning message.
PMTR-34633,
PMTR-34634
Gaia OS After installing R80.10 Jumbo Hotfix on 6800/6500 appliances running R80.10 installed from Dual ISO, the Hardware diagnostic tool cannot recognize certain NICs. 
R80.10 Jumbo HotFix - General Availability Take 203 (25 March 2019, GA from 12 May 2019)
PMTR-31335 General Added support for 6500 and 6800 appliances. Refer to sk139932.
PMTR-32772,
PMTR-28379
Security Management Added ability to manage Check Point R80.20SP and Check Point Maestro.
PMTR-33029,
SMCPOL-195
Security Management OSE policy cannot be viewed without installing it on device.
PMTR-29497,
PRHF-1960
Security Management Manual changes in INSPECT files under $FWDIR/lib directory of compatibility packages are not synchronized from active to standby Management servers. Refer to sk143792.
PMTR-29584,
PMTR-29856,
PMTR-29855
Security Management Policy installation fails with "IPv6 addresses domain is not supported for Remote Access VPN community" message when using Domain object in Remote Access encryption domain. Refer to sk142832.
PMTR-29921,
PMTR-28958,
PMTR-29923
Security Management "Error retrieving results" message is displayed in SmartConsole after searching for unused objects in Object Explorer.
PMTR-23744,
MCFG-80
Security Management Unjustified validation error is displayed when installing Threat Prevention policy on Cluster object:
"Threat Prevention requires topology to be defined.
At least one internal, one external, and no undefined interfaces are required.
Incorrectly defined topology impacts performance and security.

Please install both Access Control and Threat Prevention policies after fixing the topology."
PMTR-28643,
PMTR-28557
Multi-Domain Management

In some scenarios, running the fwm sic_reset command from Domain fails with "reset_objects: updateMultiple failed" message. Refer to sk142512.

PMTR-17991,
PRHF-359,
PRHF-714
Multi-Domain Management In some scenarios, the Interpreter process stops working. Refer to sk132892.
PMTR-21787 Multi-Domain Management CPView is not supported on Multi-Domain Server environments.
PMTR-8603,
PMTR-30286
Multi-Domain Management Multi-Domain Server GUI randomly does not reflect the Domain Management objects change.
PMTR-31520,
PMTR-31800
SmartConsole When using the "add/set simple-gateway" API command and specifying backup log servers, the input servers are not saved in the same order as listed in the request. 
PMTR-34013,
API-595
SmartConsole Number of sessions in "Changes" list does not match the value of 'total'. 
PMTR-28058,
PMTR-31248
SmartConsole When an administrator publishes session for a different administrator, the name of the administrator that invoked the action will be written in the audit logs as the publisher. 
PMTR-12448,
PMTR-12430
SmartConsole When searching in the SmartConsole main search bar for network groups we can see some number of network groups, but the search inside the Logical Server object shows the different number of Logical server objects groups. 
PMTR-30570,
IDA-1120
Security Gateway Group update request is sent specifically to the originator LDAP server even if it is down. Refer to sk127833.
PMTR-21207,
PMTR-20424
Security Gateway In rare scenarios, Security Gateway runs out of kernel memory and may stop processing traffic, printing "double record of connection" message in /var/log/messages file. Refer to sk143432.
PMTR-31314,
PRHF-2244
Security Gateway In some scenarios, TCP state information is not displayed in the log despite being enabled in SmartConsole.
PMTR-21080,
UP-251
Security Gateway A large number of Time objects used in the rule base may cause rulebase matching failures resulting in connectivity issues.
PMTR-17490,
PRHF-642
Security Gateway When working with NAT on DNS payload and having disabled NAT rules, NAT on DNS payload may not work. Refer to sk132032.
PMTR-28414,
PMTR-30657
Identity Awareness When X-Forwarded-For (XFF) settings are enabled on one of the policy layers or/and on the Security gateway object, the /var/log/messages file shows errors related to asynchronous identity fetch. Refer to sk145673.
PMTR-11999,
PMTR-3286
Threat Prevention In some scenarios, creation of a new gateway upgrade to R80.10 fails with "An internal error has occurred. (Code: 0x8003001D, Could not access file for write operation)" message.
PMTR-25755 Threat Prevention In some scenarios, IPS purge makes a deadlock for some GUI clients, resulting in "Timeout error" error. Refer to sk150312.
PMTR-31100 Threat Extraction In some scenarios, extracted Microsoft Azure files contain only blank pages.
PMTR-24066,
PRHF-134
Threat Emulation Non-ASCII named files cause the undecoded non-ASCII characters to appear in the Threat Emulation log.
PMTR-27876,
AVIR-370
Anti-Malware Traffic from the client to the bogus IP address is handled according to the Access Control policy, but not logged as "prevented". Refer to sk141853.
PMTR-30608,
PMTR-29583
Logging In rare scenarios, when the Log server miscalculates the available disk space, it may stop receiving logs from the connected gateways and cause the logs to accumulate locally on the Security gateway. Refer to sk146152.
PMTR-30217,
TPM-1378
IPS "A general error has occurred" message appears when trying to edit the IPS Protection settings.
PRHF-523,
PMTR-16583
IPS Some SMTP-related IPS Core Protections remain enabled despite the IPS is disabled.
PMTR-31135,
SA-99
Mobile Access Mobile Access Portal Agent installation page is vulnerable for XSS attack in Chrome and Firefox.
PMTR-15461,
PMTR-21043,
PMTR-28348
SecureXL Added support for i40evf driver.
PMTR-22503,
MB-166,
PMTR-28064
SecureXL In some scenarios, virtio_net is not able to run multiqueue.
PMTR-35032 VPN Important security update for IPSec Site-to-Site (S2S) VPN.
PMTR-27144,
02657434
VPN Improved connectivity with 3rd party VPN peers using IKEv2. Refer to sk120835.
PMTR-30870,
PMTR-21587
VPN Connectivity improvements for certain Windows L2TP client versions. Refer to sk145895
PMTR-19379,
PMTR-23292,
PMTR-23293,
02031663
Gaia OS The CLISH command "show arp table dynamic all" and Bash command "arp -an" show different entries. Refer to sk112753.
PMTR-15738,
PRHF-270
Gaia OS In some scenarios, routed process stops working when a VPN tunnel interface is deleted without removing the dynamic routing protocols. 
PMTR-18254,
PMTR-18255
EPS-17135
Endpoint Security In some scenarios, SmartEndpoint shows different numbers of reported "Anti-Malware signature was not upgraded in the last 72 hours" between the warnings and the Active alerts section.
R80.10 Jumbo HotFix - General Availability Take 189 (12 February 2019, GA from 03 March 2019)
PMTR-32542,
PMTR-32187
Multi-Domain Management
  • Log servers are not seen in the SmartConsole Log Server tab after Advanced Upgrade to Jumbo Hotfix Accumulator Take 33 or after adding new MLM to the environment.
  • After new Domain creation, logs from this Domain are not seen in SmartConsole. 
PMTR-28470,
PMTR-329
Security Gateway  Before R80.10 Jumbo Hotfix Accumulator Take 189, the Probing feature is set, by default, to Fail Open. From Take 189, the default behavior is changed to Fail Close. Refer to sk104717
R80.10 Jumbo HotFix - Ongoing Take 185 (22 January 2019)
PMTR-29919,
PMTR-27655
Security Management Values updated in resourceProfiles files to handle high CPU utilization for "Java" process (described in sk123417) are not resistant and get overridden after Jumbo Hotfix Accumulator installation or backup/restore or export/import procedures.
PMTR-25817,
PMTR-25793
Security Management Once user performs any change to his configuration, the Compliance blade performs a partial scan and calculates the relevant Best practices. During this scan, exceptions of relevant objects for these Best practices are deleted. Meaning, if previously obj1 was excluded from applying Best practice #1, during partial scan obj1 will be relinked to Best practice #1. 
PMTR-26826,
PMTR-25909
Security Gateway Added support for NAT on payload of H323 packets when different IP addresses are used for payload and control.
PMTR-28490,
DO-902
Security Gateway In some scenarios, traffic is dropped when using non-FQDN Domain object in policy. 
PMTR-28195,
PMTR-27742
Security Gateway No service enforcement when creating "Other services" without match expression for TCP, UDP or SCTP.
PMTR-27366,
IDA-1609
Identity Awareness In some scenarios, Identity Agent fails to authenticate using Kerberos SSO due to very large Kerberos ticket and the agent fallback to User/Password authentication. Refer to sk145832.
PMTR-21925,
CP-299
Anti-Malware Added support for more than 10000 IOC indicators to improve capacity and performance. 
PMTR-24802,
PMTR-28320
Threat Emulation Added ability to update Threat Emulation file types in an offline environment.
PMTR-27869,
PMTR-27889
Threat Extraction The scrub_cleanup script fails to delete files when there is a large amount of files (over 5000) in the /tmp/scrub directory.
PMTR-26537,
PMTR-26474
SmartConsole "Error: SIC initialization failed because of failure in parsing the certificate file" error when user attempts to log in with certificate to API (mgmt_cli) with password including "!". 
PMTR-29457,
PMTR-26606
SmartConsole "Synchronization with Check Point UserCenter" feature displays "Synchronization with Check Point UserCenter requires a valid license." warning message even though all licenses are valid. 
PMTR-25588,
API-512
SmartConsole Web API show-package fails if the package was installed on a cluster member which is already deleted. Refer to sk144132.
PMTR-29045,
SL-1538
Logging When Security gateway is configured to send alerts only to a specific Log server, logs may be written locally on the gateway instead to be sent to the Log server. 
PMTR-29008,
SL-1878
Logging After configuring mail alerts to be sent using "internal_sendmail" script, emails from Check Point server arrive with blank email body. Refer to sk142492.
PMTR-25638,
SL-1752
Logging When scheduled log switch is set to midnight in SmartConsole, logs and indexes are not being deleted according to configuration.
PMTR-26697,
PMTR-26696,
CP-11
Logging After Daylight saving time change, the logs from the time of change until the end of the day are not indexed and the "Illegal instant due to time zone offset transition (daylight savings time 'gap')" error is displayed in solr.elg file.
PMTR-24738,
PMTR-18469
Logging In some scenarios, Log indexer stopped indexing logs because of a corrupted row in FetchedFiles. 
PMTR-28970,
PMTR-29049
VPN Remote Access VPN connectivity process when authenticating with certificates was improved.
PMTR-11377,
02100804
VPN After Cluster failover, VPN tunnel is down and "Unknown SPI for IPsec packet" log is shown. Refer to sk112339.
PMTR-26021,
PMTR-25770
HTTPS Inspection When HTTPS Inspection is enabled and "Hide X-Forwarded-For in outgoing traffic" option is selected, the XFF header is not obfuscated on HTTPs traffic.
PMTR-26171 SSL Inspection Change SSL Network Extender on MacOS to 64-bit architecture to support 32-bit apps depreciation in OSX.
PMTR-22965,
01604908
SSL Inspection Traffic to HTTPS websites is dropped on "Unknown Traffic" category, if the certificate length sent from web server exceeds the limit. Refer to sk105321.
PMTR-26140,
01967376
SSL Inspection Added support to custom extension used by Apple.
PMTR-16544,
CLUS-937
ClusterXL In some scenarios, local traffic between cluster members is dropped due to out of state. Refer to sk123795
PMTR-22839,
02535956
SecureXL Memory consumption on Security Gateway increases after enabling NetFlow v9 in Gaia OS. Refer to sk118719
PMTR-11959,
02567792
SecureXL Connectivity issues with "handle_outbound_pac, Reason: connection not found" debug messages on dropped traffic. Refer to sk101134, Scenario 2.
PMTR-28839,
PRHF-1502
Gaia OS When using conv2db to recreate Gaia database from /config/active, comments are not skipped and the new database file may contain irrelevant information. Refer to sk139832. Note: the issue is cosmetic only.
PMTR-8411,
PMTR-8869
Gaia OS The "iotop" command does not work on Smart-1 525, 5050 and 51580 appliances. 
PMTR-23155,
GAIA-3010,
PMTR-26453
Gaia OS CVE-2018-15473: Username enumeration is possible due to a premature bail-out while dealing with a malformed packet. The issue exists in several authentication protocols. 
PMTR-20000,
GAIA-2493
Gaia OS Connectivity problem for 10 Gigabit fiber network interfaces (be2net driver) after upgrade from R77.30.
PMTR-13024,
PMTR-9624,
GAIA-3597
Gaia OS  In some scenarios, BIOS sensor randomly goes into "unknown" state. Refer to sk138332.
PMTR-25685 VSX In some scenarios, vpnd process stops working and there is no decrypt log.
PMTR-28424,
PMTR-11165
VSX There is no failover after disabling a monitored VLAN after upgrade to R80.10. Refer to sk128692.
PMTR-28021,
VSX-1895
VSX Traffic from a Virtual System in VSX Cluster to Security Management Server is dropped with "Local interface address spoofing" log. Refer to sk110473
R80.10 Jumbo HotFix - Ongoing Take 177 (26 December 2018)
PMTR-26796,
PMTR-26802
Security Management

When creating a Security Gateway object and click OK, SmartConsole terminates with "The connection with the server was lost...." error.

PMTR-23409 Security Management Cannot create new object from SmartConsole after upgrading Security Management server to R80.10. Refer to sk139812
PMTR-25487,
PMTR-25218
Security Management When Database is more than 100 objects and searching for the objects in the Objects Explorer and scrolling down, list of items disappears and the results in the bottom-left show "No items found". Refer to sk139793.
PMTR-23377,
PMTR-25006,
PRHF-1385
Security Management In some scenarios, purge operation fails with "Task was interrupted because of server restart" message and the CPM process stops working, producing core dump file.
PMTR-22755,
PMTR-21811,
PMTR-21868
Security Management When using Global Dynamic Network objects, creating a new policy package in a local Domain fails with 'Internal error' if it is assigned to the Global Domain. 
PMTR-23132,
CPM-1662
Security Management Access role changes of public sessions are missing audit logs and causing synchronization error. 
PMTR-25183 Multi-Domain Management Cannot export logs to Excel from SmartView connected to Multi-Domain Log Server. 
Refer to sk140433.
PMTR-26180,
PMTR-21125,
PMTR-26133
SmartEvent In large-scale environments, log_indexer process may unexpectedly stop working producing 3.5GB core file.
PMTR-21633,
PMTR-27331
SmartConsole Upon resuming purge operation that was not completed in a single-domain server, the "purge is already in progress" message is displayed repeatedly, although there is no purge operation in progress. 
PMTR-23295,
PMTR-23080,
PMTR-26750,
PMTR-23297
SmartConsole HTTPS Inspection rule with mixed Access Role and network object cannot be enforced.
PMTR-14661,
TP-1953
SmartConsole "SessionInWorkLoginException" error when using the API "discard" to discard a connected session other than the current session. Refer to sk142534.
PMTR-11398,
02063066
Security Gateway UDP server to client connections are not getting rematched.  Refer to sk121933.
PMTR-23852 Security Gateway Memory leak in FWD process.
PMTR-12764,
PRHF-173,
UP-216
Security Gateway Many "fw_up_get_application_opaque: Failed to retrieve conn_opaq" messages in the /var/log/messages file.
PMTR-17087,
PMTR-12889
Security Gateway In some scenarios, when configuring rule with CIFS resource, policy enforcement does not work as expected and is denied to access all the permitted CIFS shares. As a result, all CIFS traffic is dropped. 
PMTR-19178,
PMTR-18866
Security Gateway In some scenarios, the /var/log/messages file is full with messages "Error:up_classifier_notify_clob_from_cmi: _up_handle structure is corrupt 0000000000000000
PMTR-14588,
PMTR-22784,
02768662,
02769044,
MBS-4743
Security Gateway Potential Security gateway crash after running "cpstop" when using IP pool NAT.
Refer to sk162712.
PMTR-23464,
02661309
Security Gateway DNS NAT does not work when the DNS parser encounters an IPv6 record in DNS servers answer. Refer to sk121346
PMTR-24201,
PMTR-416
Security Gateway In rare scenarios, Security gateway crashes due to certain flow in NAT dynamic port allocation.
PMTR-20173
01619796
Security Gateway Security gateway does not load policy after reboot when number of SAM rules reaches its limit of 25000. Refer to sk110560
PMTR-23317,
PMTR-23567
Logging A Domain administrator connected to a specific Domain in Multi-Domain Server environment cannot see suggestions when typing in logs search box. 
PMTR-22564,
SL-1594,
PMTR-22562
Logging In rare scenarios, monitoring information (such as licensing information, CPU usage, etc.) displayed in SmartConsole and SmartView Monitor is not updated.
Refer to sk137092
PMTR-17242,
PMTR-17241,
SL-1536
Logging Reports with enabled "Add summary row" feature fail to be processed.
PMTR-18140,
SL-1219
Logging Unable to export a 3 month report to PDF for any period other than up to current date.  Refer to sk135452.
PMTR-26423,
AVIR-125,
PMTR-21436,
PMTR-11534
Anti-Malware Anti-Spam bypass shows "Temporary Scan failure" message on IP Reputation. 
PMTR-25289,
PRHF-1556
Threat Prevention In some scenarios, Advanced Upgrade fails with different errors due to NULL pointer exception check.
PMTR-23379 Threat Emulation In rare scenarios, Threat Emulation log card description "File is pending emulation" is incorrect. 
PMTR-12790,
PRHF-1
Application Control While reporting miscategorized items using email through UserCheck Portal in the event that the activity contains the “&” character, the rest of the email message is truncated. Refer to sk124073
PMTR-26588,
IDA-1604
Identity Awareness In some scenarios, MUH session Access Role is missing on PDP but exists on PEP, causing next PEP to PDP sync to be removed from PEP and thus the accessibility loss.
PMTR-25152,
USF-215
SecureXL Added support for SecureXL Fast Accelerator (sim fastaccel). For more information, refer to sk139772
Note: This functionality is supported only for R80.10 with Jumbo HFA Take 177 and higher. Customers who upgrade to releases other than R80.10 will lose this functionality.
PMTR-9488,
PMTR-9448
SecureXL In rare scenarios, traffic is accepted or dropped although not in the time frame, defined by the Time object.
PMTR-22505 SecureXL In rare scenarios, Security gateway crashes when offloading multicast nexthops to SAM when configuring PIM in Sparse mode on the interfaces. 
PMTR-22504 SecureXL In rare scenarios, Security gateway crashes when running multicast jumbo traffic packets while the SAM Acceleration card is enabled. 
PMTR-16754,
02552764
SecureXL If SecureXL is enabled, output of "fwaccel stat" command shows "Accelerator Status : off by Firewall (failed to update link selection due to error 3)" after a policy installation. Refer to sk119833.
PMTR-22465,
PRHF-1156
SecureXL SNMP data and CPView count statistics for outgoing interfaces differs after upgrade.
PMTR-20376,
CLUS-1137
ClusterXL When working in Load Sharing mode, the value of "Not held due to no members" counter in the output of "cphaprob syncstat" command is displayed wrong.
PMTR-16007,
02663779
VPN Unable to connect with SHA-512 user certificate on Windows Capsule. Refer to sk121418.
PMTR-24290,
VSECC-785
CloudGuard Attempt to install central license on CloudGuard gateway fails with "not vSec product" error.
PMTR-17889,
PRHF-864,
PMTR-19838,
PMTR-23288,
02561478,
02559704
Gaia OS After adding the RBA roles Gaia commands (add rba role TACP-0 virtual-system-access all), the lines are missing from the "show configuration" command output, but the values can be seen in Expert mode (/config/active).
Refer to sk119394.
PMTR-20499,
PRHF-1259,
PRHF-1882,
PRHF-1571
Gaia OS Added SHA2 encryption for Gaia users passwords for Smart-1 525, 5050 and 5150. 
PMTR-11335,
PMTR-25658,
01579916
Gaia OS Added the host name column to the Syslog messages. Refer to sk100727.
PMTR-25878,
PMTR-24803
Gaia OS Security Management / Multi-Domain Management server OS backup fails due to package compression errors. Refer to sk121212.
R80.10 Jumbo HotFix - General Availability Take 169 (27 November 2018, GA from 26 December 2018)
PMTR-23990,
PRHF-1450
Security Management Policy installation fails with "Policy installation had failed due to an internal error" message when Security gateway has more than hundred interfaces.
Refer to sk138592.
PMTR-24005,
PMTR-22022
Security Management Remote Access users configured with Pre-Shared Secret Key (PSK) cannot connect after upgrade from R77.x. 
PMTR-22277,
PMTR-23219,
PMTR-23217
Security Management Log in to the primary Multi-Domain Server GUI fails due to HA and logging objects synchronization generating high load. 
PMTR-22725,
PMTR-22508,
PMTR-23500
Security Management Upgrade from R77.30 fails with "Object SyncUsrCntr could not be deleted because it is referenced by other objects" exception. 
PMTR-22894,
PMTR-10245
Security Management The /var/log partition fills up with the core dump files when Management server is overloaded.
PMTR-23698,
02499554
Security Gateway The following errors may be displayed while uploading archive with several data types:
  • "Application Control - HTTP parsing error occurred"
  • "Content Awareness - Error: Invalid state in protocol (11)" 
  • "HTTP parsing error occurred, bypass request"
PMTR-14596,
PMTR-10574
Security Gateway DCOM traffic (part of DCERPC services) is dropped by Security gateway when allowing specific DCOM services.
PMTR-25227,
PMTR-25078,
PMTR-25181,
IDA-1226
Identity Awareness Improved error handing when Identity Sharing is used and remote PDP server does not respond due to prolong outage.
Refer to sk141152.
PMTR-24535,
IDA-1434
Identity Awareness Improved error handling when Identity Sharing is used and XFF is enabled but parsing the XFF headers is not required.
PMTR-25286,
PMTR-25287,
PMTR-25106
Identity Awareness User's access to a network resource may fail in the following scenario:
  • Access to a network resource is through an Identity Awareness Gateway (configured as PEP)
  • In SmartConsole, the Identity Awareness Gateway object is configured with "Identity Awareness -> Identity Sharing -> Get identities from other gateways -> All sharing gateways"
  • The sharing Identity Awareness Gateway (configured as PDP) that shares identities with the affected Identity Awareness Gateway (configured as PEP), opens an identity sharing connection not from its main IP address
Refer to Scenario 1 in sk156953.
PMTR-25103,
IDA-1396
Identity Awareness Identity sharing fails when XFF is enabled and remote PDP does not respond.
PMTR-23898 Logging
  • Added new "GDPR security report" report. 
  • The "Security Checkup report" was updated with the new content.
PMTR-23418,
PMTR-23417
Logging In some scenarios, the Logs & Monitor -> Logs section in SmartConsole is stucked on searching. Refer to sk144313
PMTR-22950,
02490101
VPN VPN Tunnel instability problem when working with Cisco Gateway using IKEv2. Refer to sk116776
PMTR-22825,
VSECC-734
CloudGuard CloudGuard Controller Data Center objects are not enforced on Multi-Domain Server.
Refer to sk139372.
R80.10 Jumbo HotFix - Ongoing Take 167 (12 November 2018)
PMTR-22521 All Added ability for R80.10 Security Management or Multi-Domain Server to manage R80.20 Security gateway. To enable this:
  • Install R80.10 Jumbo Hotfix Accumulator Take 167 or higher
  • Install R80.10 SmartConsole Build 89 or higher (refer to sk119612)
Note that if you choose to not upgrade to R80.20 Security Management server or Multi-Domain Server, the new features will not be supported.
    PMTR-20498 Gaia OS Added SHA2 encryption for Gaia users passwords (excluding Smart-1 525, 5050 and 5150).
    PMTR-16440,
    PRHF-530,
    01743689
    Gaia OS  Sensors display order is incorrect in the output of "cpstat os -f sensors" command.
    Refer to sk107672.
    PMTR-20038,
    PMTR-22373
    Gaia OS "/opt/CPInstLog/uninstall_SecurePlatform_R80_10_JHF_PLATO:Uninstallation failed!" error during uninstallation of Jumbo Hotfix Take on Smart-1 device. Newer version of RPMs remain installed after uninstall. 
    PMTR-11977,
    PMTR-20018,
    02567615
    Gaia OS An event logged in /var/log/messages is generated multiple times in consecutive order, and the syslog daemon compresses all repeated attempts with entry "last message repeated X times" in /var/log/messages file. 
    Refer to sk119913.
    PMTR-20425,
    PMTR-14191,
    PMTR-20370
    Gaia OS In some scenarios, machines with the igb driver (on-board Mgmt/Sync and 1G expansion cards) receive the "Detected Tx Unit Hang" messages in /var/log/messages file.
    PRHF-734, PMTR-11728 Security Management In rare scenarios, the CPM service does not start on machine startup. 
    PMTR-22967,
    MCFG-45
    Multi-Domain Management The license status for the MDS shows as "N/A" in SmartConsole's License Report. 
    Refer to sk132575.
    PMTR-18007,
    PMTR-18004
    Multi-Domain Management After cloning a policy package that has an assigned Global Policy package, the Domain layers in the placeholder of some of the assigned global layers are not cloned and empty. Refer to sk134012.
    PMTR-12050,
    PMTR-13198
    Multi-Domain Management Cannot synchronize secondary Domain Server after migrating new Domain with cma_migrate. Refer to sk127954
    PMTR-20295,
    API-409
    SmartConsole When specifying from-date in the "show-changes" Management API command, changes of the first session in range are not displayed. 
    PMTR-23062,
    PMTR-22415
    SmartUpdate SmartUpdate hangs on launch due to over 4000+ unattached licenses. 
    Refer to sk136512.
    PMTR-20272,
    02692416
    SmartView Monitor In some scenarios, SmartView Monitor shows more throughput than what actually goes through the Security gateway.
    PMTR-15575,
    02436860
    Content Awareness Content Awareness supports HTML forms using URL encoding (also known as Percent-encoding). HTML traffic, encoded (binary to text encoding) as Base64 and NCR, is not properly inspected for content. 
    PMTR-14858,
    PMTR-14633
    Threat Extraction TIFF images replacement on PDF files sometimes fails and can corrupt the file. 
    PMTR-21559,
    PMTR-21393
    Anti-Malware In rare scenarios, a Security gateway crashes in mail_security code due to out of bound memory access. 
    PMTR-21913,
    PMTR-16557
    DLP Improved DLP file type detection when uploading files to Gmail.
    PMTR-6238,
    IDA-623
    Identity Awareness High CPU usage after policy installation when PDPD is running. Refer to sk122352
    PMTR-19899,
    PMTR-19733
    Identity Awareness Enabling Packet Tagging and MUH traffic enforcement takes effect only after reboot.
    PMTR-21289,
    PMTR-19167
    SSL Inspection Several applications are not matched correctly when Application Control and HTTPS Inspection are enabled.
    PMTR-18923,
    PRHF-743
    SSL Inspection HTTPS traffic is inspected when it is configured to be bypassed: when HTTPS Inspection is enabled and probe bypass is 0. Refer to sk132913
    PMTR-19664,
    PMTR-19049
    Routing PIM standby node crashes when adding multiple VPN tunnels with the same local endpoint as PIM interfaces.
    PMTR-20075,
    PMTR-18338
    SecureXL "sume_from_fw_forward: dropping packet of for vsid=0 due to loop prevention" dmesg errors during policy installation failure. 
    PMTR-19063,
    02305365
    SecureXL  In a rare scenario, in SIP implementations, call may disconnect after a few minutes. Refer to sk112913
    PMTR-11941,
    PMTR-13827,
    02482488
    CoreXL CoreXL FW instance offloads a partial/anticipated connection that already exists.
    Refer to Scenario 5 in sk100467.
    PMTR-20161,
    PMTR-5366
    CoreXL When running the "fw ctl multik stop" command several times, only the target instance of the last command is stopped, while others start working again. 
    PMTR-21760,
    02630742
    Mobile Access In some scenarios, Capsule Workspace Push notifications are not received. Refer to sk120334.
    PMTR-21684,
    VPNRA-99
    VPN In a rare scenario, Security gateway randomly drops all SNX packets on a connection attempt.
    PMTR-19532,
    02550811
    VPN When a second user behind the same router connects with an L2TP client, the first user that is already connected gets disconnected. Refer to sk119141
    PMTR-12787,
    IDA-982,
    PMTR-23382
    VPN User cannot connect to a VPN site that belongs to a group that has a special character in its name. Refer to sk124514.
    PMTR-17652,
    PMTR-16730,
    PMTR-17651, PMTR-16731,
    PMTR-17648,
    PMTR-16734
    VPN Improved IKE negotiation stability in S2S with 3rd party devices.
    PMTR-17650,
    PMTR-16732
    VPN When NAT-T is detected, Security gateway not always switches to port 4500, causing a VPN tunnel termination. 
    PMTR-10457,
    02708339
    VPN Site-to-Site VPN cannot be established with IKEv2 on VSec for Azure / CloudGuard for Azure. Refer to sk122675
    PMTR-21859,
    VPNS2S-280
    VPN Improved fragmentation handling for TCP over VPN.
    PMTR-19703,
    PMTR-8170
    VPN Tunnel to 3rd party device fails if IKE-ID is not equal to local outbound interface. 
    PMTR-17289 VSX In rare scenarios, VSX gateway crashes under heavy load when SecureXL is enabled.
    PMTR-19973,
    02757621
    Endpoint Security "Cannot create certificate" error message when cannot enroll user certificate on Endpoint Security VPN client after January 24th 2018. Refer to sk122874
    PMTR-18402,
    PMTR-9755
    Acceleration Card In rare scenarios, Security gateway crashes after enabling Acceleration Card and using the ipsctl utility.
    R80.10 Jumbo HotFix - General Availability Take 154 (16 October 2018, GA from 23 October 2018)
    PMTR-23151 General R80.10 Jumbo HotFix support for R80.10 image Take 479.
    R80.10 Jumbo HotFix - Ongoing Take 151 (02 October 2018)
    PMTR-18655 Security Management Changes for LDAP Account Unit priority performed from SmartConsole per Security gateway, are not saved in database.
    • To fully resolve the issue, R80.30 SmartConsole Build 073 (or higher) should be installed.
    PMTR-17198,
    PMTR-9087,
    PMTR-13128
    Multi-Domain Management Global Policy Assignment fails with "Task failed" error with no details.
    Refer to sk123578.
    PMTR-15142,
    PMTR-19143
    Multi-Domain Management There is no clear error message in case of a license violation during Multi-Domain Server database import.
    PMTR-15111,
    PMTR-18242
    Multi-Domain Management CMA/Domain upgrade failure indication was improved.
    PMTR-14649,
    PMTR-12942
    Multi-Domain Management In Multi-Domain Server environment, Compliance updates do not take effect although a success message is presented in Compliance Overview.
    PMTR-7361 Multi-Domain Management When trying to delete a Domain in a Multi-Domain Server, operation fails with  "Delete Domain failed: Trying to update a detached objectthrough ObjectStoreSession" error. Refer to sk124492.
    PMTR-12247,
    THREATEMUL-3847
    Threat Emulation Added new implied rule to allow communication from TED to SYMO.
    PMTR-22236,
    PMTR-20344
    Application Control The fw_full (fwd daemon) stops working producing a core dump fila and causing a cluster failover.
    PMTR-9852,
    PMTR-19993
    HTTPS Inspection The following errors may be seen in dmesg and /var/log/messages when enabling HTTPS Inspection:
    [ERROR]: rad_kernel_urlf_request_set_url: cp_lstring_search for path slash failed
    [ERROR]: nrb_https_inspection_column_category_fill_rad_request: rad_kernel_urlf_request_set_url() failed
    [ERROR]: nrb_rulebase_default_match: virtual match_func failed for column 'External Column' (11)
    [ERROR]: nrb_rb_https_inspection_match: virtual rb_match_func failed
    PMTR-18692,
    IDA-1150
    Identity Awareness MUH Agent sends unnecessary MUH updates causing high CPU on PEP, which leads to delays with getting identities and can cause connectivity issues. 
    PMTR-19154,
    IDA-1250,
    IDA-648
    Identity Awareness PDPD daemon stops working periodically when the configured Account Unit contains Domain Controllers that are all defined as "Ignored".
    PMTR-18661,
    PRHF-808
    Identity Awareness In rare scenarios, PDPD daemon stops working repeatedly during groups update process.
    PMTR-20144,
    IDA-1176,
    PRHF-721
    Identity Awareness Update with "-" machine name from the Domain Controller causes the Identity Collector to create un-authenticated sessions on the PDP. 
    PMTR-16060,
    PMTR-10601,
    IDA-763
    Identity Awareness  In some cases, users are associated not with all LDAP groups to which they actually belong. Therefore, data from the LDAP server may be sent in different order.
    PMTR-8958,
    PMTR-21600,
    SL-690
    SmartEvent "No matches found for your search" message in the browser when searching for a user's name when it starts with 0 and contains only numbers. Refer to sk122294.
    PMTR-16588,
    SL-1363
    Logging When setting 'log_delete_below_metrics' to MBytes, 'log_delete_below_value' cannot be set to more than quarter of disk size. When setting it with 'log_delete_below_metrics' to percent, 'log_delete_below_value' is unlimited. Refer to sk133473.
    PMTR-17415,
    PMTR-15486
    SmartConsole SmartConsole exits at the "Initializing Services" stage of login.
    PMTR-15841,
    PMTR-2085,
    PMTR-19958,
    PMTR-14469
    SmartConsole Running "Get Interfaces without Topology" automatically enables Anti-Spoofing. Refer to sk136372.
    PMTR-9858,
    GAIA-2202
    02526946
    Gaia OS tcpdump exits with "Buffer overflow" messages when running "tcpdump -i any -eP" command.
    PMTR-8477,
    PMTR-8479,
    PMTR-2295
    Gaia OS New connections to the gateway are rejected due to too many "kernel: dst cache overflow" messages in /var/log/messages file.
    PMTR-14932,
    MPTT-141
    VPN Route based VPN stability was improved. 
    PMTR-14933,
    VPNS2S-215
    VPN MSS clamping cooperation with SecureXL in certain scenarios was improved.
    PMTR-14920,
    PMTR-8075
    VPN Improving IPSEC renegotiation stability in S2S with 3rd parties. 
    PMTR-15949,
    PMTR-15954,
    PMTR-15955,
    PMTR-16379
    Security Gateway R80.10 Security Gateway send some wrong SNMP VRRP OID’s. Refer to sk130412
    PMTR-5259,
    PMTR-18368,
    02536701
    Security Gateway Client packets stay not NATed in connection table if NAT fails. 
    PMTR-11894,
    PMTR-4734
    Security Gateway Link collisions in Security Gateway due to race condition in cluster environment.
    PMTR-18574,
    CLUS-1097
    ClusterXL ClusterXL stability during policy installation was improved. Refer to sk133372.
    PMTR-20985,
    ROUT-125
    ClusterXL When there is a large number of BGP peers and interfaces and ClusterXL failover occurs, resulting CPU utilization can be high for a few minutes on the old active member. During this time, routed did not respond to queries such as "show route" command in clish.
    PMTR-19667,
    PMTR-17973
    ClusterXL With a large number of eBGP peers (>200), RouteD daemon repeatedly stops working. 
    R80.10 Jumbo HotFix - Ongoing Take 142 (21 August 2018)
    PMTR-19132 Threat Prevention

    NEW: Added new Threat Prevention capabilities. For more information, refer to sk122853
    New feature in Mail Transfer Agent (MTA): MTA is now updatable (refer to sk123174).
    The first MTA engine update contains several enhancements and new features, including:

    • Setting a next-hop server by Domain name.
    • Removing/replacing malicious links & attachments from e-mails with a customizable text.
    • Adding a customized text to a malicious e-mail's body or subject.
    • Malicious e-mail tagging using an X-header.
    • Sending a copy of the malicious e-mail.
    PMTR-5685,
    02696314
    Security Management Inplace upgrade from R77.30 to R80.10 fails with "Invalid white space character" message. Refer to sk122098.  
    PMTR-10306,
    PMTR-19066
    Security Management Security Management migration to R80.10 fails due to NumberFormatException. Refer to sk125272
    PMTR-9663,
    PMTR-18829
    Security Management Following an upgrade from R77 to R80.10, 'Inspection Settings' view will not correctly reflect overridden actions. This does not affect the Security Gateway that continues to receive the correct overridden actions. 
    PMTR-15318,
    PMTR-15613
    Security Management Performance issues in the Management HA incremental HA synchronization mechanism of the Global Domain.
    PMTR-12006,
    PMTR-11175
    Security Management Performance optimization of Compliance Blade in large scale environment.  
    PMTR-12446 Security Management Added infrastructure support for AWS Transit VPC. 
    PMTR-9000,
    PMTR-18966
    Security Management Upgrade to R80.10 fails with "Maximum Number of Child Elements limit (50000) Exceeded" message. Refer to sk123857.
    PMTR-16063 Multi-Domain Management Global Domain Assignment fails with "Missing protection 'Protection_Name' in profile 'Default Inspection' in the global domain" message. Refer to sk130492.
    PMTR-15065,
    CPM-1625
    Multi-Domain Management When attempting to import Multi-Domain Server or Multi-Domain Log Server database onto R80.10 machine, the import script fails with "The IP address of the source and target Secondary Multi-Domain Servers/Multi-Domain Log Servers must be the same." error. Refer to sk129092.
    PMTR-717,
    02569693
    Multi-Domain Management DBsync stops working during a CMA import from R77.x.
    CPM-1404,
    PMTR-12819
    Multi-Domain Management After changing the name of a Multi-Domain Server, the previous name is still shown in the Domain editor.
    PMTR-3872,
    PMTR-18309
    Multi-Domain Management "No MD role specified" error when migration\upgrade of Multi-Domain Server pre-R80 MDS to R80.10 fails. Refer to sk123862
    PMTR-8236 Multi-Domain Management The mdsstat command was updated for Smart-1 525, 5050 and 5150 Appliances. 
    PMTR-7744,
    PMTR-18982
    Multi-Domain Management "dleserver.utils.UidManager" errors on cma_migrate failure on Multi-Domain Server upgraded from R80.
    PMTR-16843,
    PMTR-9344
    Multi-Domain Management Upgrade from R77.X to R80.10 of Multi-Domain Server environments that use partial assignments and have more than 50 Domains and local policies (combined), has inconsistent assignment settings (loss of data). 
    PMTR-17774 Multi-Domain Management  Cannot log in to upgraded Multi-Domain Server due to IP duplication source database. 
    PMTR-20164 Security Gateway Check Point response to SegmentSmack (CVE-2018-5390) & FragmentSmack (CVE-2018-5391). Refer to sk134253
    PMTR-17571,
    PMTR-17576
    Security Gateway After upgrade to R80.10, BGP peer is stuck in Active state. Refer to sk131592
    PMTR-6011,
    02701016
    Security Gateway Dynamic ID does not send correctly a username using the $NAME tag.
    PMTR-6008,
    02669026
    Security Gateway Dynamic ID fails with "Dynamic ID authentication failed" error after upgrade to R80.10.
    Refer to sk124953.
    PMTR-9982,
    PMTR-6005,
    IDA-775
    Security Gateway Dynamic ID does not work with specific vendors that require user's phone number.
    PMTR-17083,
    PMTR-17901
    Security Gateway BGP communities are not correctly matched by routemaps, resulting BGP routes not being populated and not advertised. 
    PMTR-16621,
    PMTR-18028
    Security Gateway BGP connections from point-to-point clustered interfaces are rejected. 
    PMTR-11667,
    PMTR-15610
    Security Gateway Security Gateway stops working in some scenarios when Mobile Access blade is enabled in Unified Policy mode and Security Zones are used in the security policy. 
    DOMO-9,
    PMTR-16311
    Security Gateway Traffic drops after adding rules with Domain objects and installing policy. Refer to sk133253
    PMTR-17414,
    02689115
    Security Gateway Emails remain in the spool when SMTP Resource Rule is defined. Refer to sk122010
    PMTR-12167 Security Gateway "dynamic objects -c" command returns partial output when more than 20 Dynamic objects are defined on the Security Gateway. 
    PMTR-15421 Security Gateway Traffic to span port interfaces is dropped when Security Zones are used in Access policy.
    PMTR-17399 Security Gateway,
    Security Management
    The CPView Utility was improved:
    • Added new capability to collect and present I/O data.
    • Enabled CPView History collection on Management machines.
    PMTR-8455 Routing NetFlow IPv6 daemon cannot be started after upgrade from R77.30 due to missing bindings in configuration file. 
    PMTR-10917,
    02426496,
    02474798
    Routing RouteD daemon stops working or OSPF Adjacency is stuck in "Loading" state when receiving OSPF LSA of Type 10 and Type 11. Refer to sk115314.
    PMTR-11392,
    01593435
    Routing  VRRP member freezes when deleting a VLAN interface. Refer to sk106226
    PMTR-12798,
    PMTR-10503
    Routing Enabling ping option for static routes causes the routes to disappear on the standby member.
    CPM-1381,
    PMTR-10927
    SmartConsole After upgrade to R80.10, validation incidents do not disappear although solving the error. Refer to sk123357
    PMTR-14250,
    PMTR-18053
    SmartConsole "Policy installation had failed due to an internal error" message on policy installation failure when using Native Mobile Access application that uses '*Any' services (with no other existing Native Mobile Access applications that use other services in the system).
    PMTR-12813,
    TPM-1007
    SmartConsole  Cannot update the Security gateway object when using permission profile without write permissions for Threat Prevention policy. 
    PMTR-14653,
    API-180
    SmartConsole API is missing targets information in reply of "install-policy" command when installing on more than 50 targets. The reply holds the first 50 targets only. 
    PMTR-12782,
    SL-1110
    SmartEvent SmartEvent's Automatic Reaction emails are missing information in some fields. Refer to sk133032.
    SL-1464,
    PMTR-18204
    SmartEvent In 'LOGS & MONITOR' tab, HTTPS Inspection queries show no results. Refer to sk133392
    PMTR-7545,
    PMTR-7405,
    02489539
    Logging When certain security rule definition includes the "Alert -> mail" log track option, email alerts have ".." at the end which means some fields were truncated.
    Refer to sk123240
    PMTR-13899 Logging When running "SmartConsole -> Logs & Monitor -> Queries -> Threat Prevention -> IPS Blade -> Staging" query in non-index mode, the "There is a problem to read log file. Try again" error is displayed. 
    PMTR-10071,
    PMTR-3322,
    02503468
    Logging When generating a view of any report, the "Problem has occurred during search" errorpops up with details: "Query resolution failed. Logs may not display properly".
    PMTR-17353 Mobile Access Multi-factor authentication with Dynamic ID using Email does not work when the email address ends with 't' or 'n'.
    IDA-735,
    PMTR-7985
    Identity Awareness Identities are not synced to PEP if two PDPs will report the same network
    Refer to sk130373
    PMTR-6226,
    IDA-550,
    PMTR-8718
    Identity Awareness When using multiple PEP gateways with the same internal IP address, only one of the PEP gateways gets identities from PDP.
    PMTR-13166,
    IDA-949
    Identity Awareness RADIUS accounting server does not understand accounting-response from Check Point gateway.
    Refer to sk130532
    PMTR-11965,
    01500409
    Identity Awareness "Group membership of the required account (user or machine) could not be retrieved from the AD. Make sure the account exists in the AD." log is received from Identity Awareness blade when format of RADIUS user is "user@domain".
    Refer to scenario 6 in sk106133.
    PMTR-17129,
    01786753
    Identity Awareness AD users with special characters in their names cannot authenticate. Refer to sk131872.
    PMTR-10269,
    PMTR-663
    DLP The dlp_fingerprint and cp_file_convert processes consume CPU at high level although DLP blade is disabled. Refer to sk102213.
    PMTR-17822,
    PMTR-17783
    IPS New logs of IPS update tool are created in $FWDIR/log directory on a daily basis. For more information refer to sk131652
    PMTR-7252,
    PMTR-17432,
    PMTR-3135
    IPS No packet capture is received with IPS protection log. Refer to sk121605
    PMTR-17134,
    PMTR-17469
    IPS Failures during batch update of IPS objects.
    PMTR-9114 IPS Snort protections are not fully enforced after upgrade from R77.x to R80.10. Refer to sk123575.
    PMTR-7924,
    PMTR-3091
    Anti-Malware Threat Prevention policy installation fails with "malware_policy_get_ioc_override() failed" message when disabling the "Enable indicator scanning" option.
    PMTR-15102,
    PMTR-16351
    Application Control Some non-SSL applications are identified as 'Unknown Traffic' when Application Control, URL Filtering and 'Categorize HTTPS Sites' are enabled. 
    PMTR-12335,
    01431893
    Application Control Non-SSL traffic is dropped with "appi_rad_uf_cmi_handler_server_response: no hello done, failed" error message in dmesg when "Categorize HTTPS sites" feature is enabled. Refer to sk64162.
    PMTR-9355,
    PMTR-17726,
    02694599
    Gaia OS Output of "show message motd" clish command may be corrupted if the "motd" message is too long. Refer to sk122199.
    GAIA-1532,
    PMTR-7822
    Smart-1 Pressing <TAB> (autocomplete mechanism) from the Expert mode of Smart-1 525, 5050 and 5150 does not convert paths stored in variables (like $FWDIR) to full paths.
    PMTR-5576 VSX Trusted Source feature does not work in VSX environment. Refer to sk122533
    PMTR-12886,
    02667600
    SecureXL Multiple RX drops during policy installation under high load traffic. Refer to sk123312
    PMTR-15631,
    02508263
    SecureXL Connectivity issue during policy installation when NAT templates are enabled between CPUs. 
    PMTR-13127,
    PMTR-10631
    SecureXL EIGRP traffic going through Security Gateway in bridge mode with SecureXL enabled, is randomly dropped. Refer to sk125632
    PMTR-11321,
    02340209
    SecureXL When the Dynamic Dispatcher is enabled together with SecureXL NAT templates, traffic on port 80 and 443 is dropped with "Instance mismatch (inbound)" messages. Refer to sk113398
    PMTR-16773,
    02447010
    VPN "You cannot receive an office Mode IP address because the security gateway does not have a license for Office mode" error on SSL Remote Access VPN client (SNX client / Capsule VPN client / Capsule Connect client / Endpoint Connect client) that tries to connect to a Cluster in High Availability mode. Refer to sk120652.
    02441588,
    PRHF-233,
    PMTR-11416
    VoIP Avaya VoIP calls with Avaya Call Manager may fail through the Check Point Security Gateway. Refer to sk104786
    PMTR-5487,
    02669997
    Hardware Improved forensics with host-side PCIe drivers during shutdown, during Seurity gateway crash triggered by a SAM-related problem.
    PMTR-10569,
    VSECC-609
    CloudGuard After installing policy, when adding a new Data Center object and running "Menu" -> "Verify Access Control Policy", the verification may fail with the "Rule 1 Hides rule 2 for Services & Applications: Any" error message. Refer to sk123572.
    R80.10 Jumbo HotFix - Ongoing Take 131 (19 July 2018)
    PMTR-9748 Security Management Monitoring view does not show the ClusterXL status of VSX members.
    PMTR-14149,
    PMTR-14416,
    PMTR-16997
    Security Management In some scenarios, API login requests fail with "errorCode [CP_ERR_COULD_NOT_CONNECT_FWM]" error in api.elg file.
    PMTR-9440,
    API-280
    SmartConsole When changing the administrator profile by API in Multi-Domain Server, the following scenarios may occur:
    1. Modifying administrator's profile may not take effect, previous permissions are still configured and may be enforced.
    2. User can configure "Permission profile per domain" in addition to "Multi-Domain Super User" or "Domain Super User" not knowing it may not take effect.
    PMTR-15572,
    API-338
    SmartConsole In some scenarios, the "show package" API command fails due to timeout.
    PMTR-10861,
    API-268
    SmartConsole On environments with many revisions, "show-changes" API calls take long time to finish and can cause API server to terminate unexpectedly. 
    PMTR-14634,
    02775187
    Security Gateway Using two Domain objects for the same domain name, one with "www." prefix and the other without, in different rules in the rulebase may cause those rules not to be enforced correctly.
    PMTR-2653,
    PMTR-4733
    Security Gateway Domain objects of domain names that are defined in local hosts file are not enforced. 
    PMTR-14694,
    PRHF-257
    Security Gateway A rule with Security Zone object may not be correctly matched for broadcast traffic. 
    PMTR-16561,
    PMTR-15022
    Security Gateway Performance optimization of services and applications matching process. Refer to sk128452
    PMTR-9133,
    PMTR-12783,
    SL-982
    SmartEvent After upgrade of a dedicated SmartEvent server, Object synchronization status appears as "Failed" in the status window of SmartEvent GUI.
    PMTR-9186,
    PMTR-10070
    SmartEvent When setting up clear connection between the Security Management server and R80.10 SmartEvent server per sk101928, Log indexer clear connection could not be established. Refer to sk123580.  
    PMTR-10074,
    PMTR-13687
    SmartEvent Added ability to filter logs in queries and reports using the "Packets" field. 
    PMTR-10072,
    PMTR-3320,
    02504996
    SmartEvent Automatic reaction is not initiated when selecting the "Send automatic reactions but do not generate an event" option in SmartEvent policy. 
    PMTR-8959,
    SL-1112
    Logging In some scenarios, the "Logs & Monitor" view is stuck on searching and does not respond to any query.
    PMTR-13098,
    02714001
    Threat Emulation The system cannot emulate files due to lack of disk space. Refer to sk124712
    PMTR-14612,
    PMTR-14587,
    PMTR-14621,
    PMTR-14619,
    PMTR-16581
    Gaia OS Security hardening for Gaia OS WebUI.
    PMTR-15646,
    CLUS-938
    ClusterXL In CloudGuard Azure clusters environments, some packets are incorrectly identified as Cluster Control Protocol packets, potentially causing error logs related to cluster state. In some cases, this can lead to a cluster failover. 
    PMTR-12884,
    PMTR-12109
    SecureXL In some scenarios, when SecureXL is enabled, Security gateway crashes under heavy load while opening a new connection from template mask.
    R80.10 Jumbo HotFix – General Availability Take 121 (24 June 2018, GA from 19 June 2018)
    PMTR-14713 Data Center Security Appliances NEW: Added support for 23900 appliances. Refer to sk107516
    PMTR-8482,
    02693254
    Security Management When configuring Legacy User Authentication rules, it is not possible to choose 'Group-With-Exclusion' in the option. Refer to sk122100
    PMTR-10959,
    PMTR-10810
    Multi-Domain Management FWM process stops working during initialization when there are many VSs in database.
    PMTR-9350,
    CPM-1454,
    PMTR-12823
    Multi-Domain Management Domain migration from R77.30 to R80.10 fails when the exported Domain is of a standalone machine.
    PMTR-10811,
    PMTR-10803,
    CPM-1525
    Multi-Domain Management It is impossible to install policy from Domain Server after failing attempt to install policy from Multi-Domain Server.
    PMTR-9439,
    02644200
    Multi-Domain Management Import of R77.30 Security Management to R80.10 Multi-Domain Server using cma_migrate fails with "error 0x80004005 (Unspecified error)" in upgrade log. Refer to sk120497.
    PMTR-7160,
    02718576
    SmartConsole In some cases, SmartConsole exits when changing a name entry in the user field. Refer to sk122917.
    PMTR-3115 SmartConsole When creating new 1400 SMB appliance in SmartConsole, the Platform Type menu is empty. Refer to sk111292.
    PMTR-8793 SmartConsole The "api status" command was enhanced to include Apache status and to collect additional log files. 
    PMTR-12268 SmartConsole When reinstalling policy on two cluster members, the override policy dialog does not display all cluster members in the list.
    PMTR-7073,
    PMTR-8716
    SmartConsole "Update operation failed" error when editing a group of Applications/Sites which are used in a Threat Prevention Exception rule. Refer to sk124932.
    PMTR-10011 SmartConsole In some scenarios, when trying to remove gateways from VPN community or edit a VPN community object, the operation fails with "Update operation failed" error. 
    VSECC-551,
    PMTR-10257,
    PMTR-10344
    CloudGuard OpenStack v3 is now supported on Keystone server v3.
    PMTR-9619,
    02665634
    Identity Awareness DynamicID authentication randomly stops working after policy installation. Refer to sk121213.
    PMTR-13831,
    PMTR-12971
    Logging

    No "query resolution failed" logs on natted Management after following solution for Scenario 1 from sk100583.

    PMTR-9968,
    02562533
    Logging The 'Access Rule Name' field is blank/missing in "Logs & Monitor" view when using filter blade: "URL Filtering" or blade:"Application Control".
    Refer to sk123974
    PMTR-11244,
    PMTR-11242
    Logging When searching for logs in "Logs & Monitor" view with specific time filter from the past, the response may contain logs generated after that time range. 
    PMTR-12009,
    PMTR-12000,
    PMTR-3665
    Logging  In SmartView Monitor, changes to the Threshold settings of a Gateway are not properly saved or shown. 
    PMTR-12052,
    01646584
    Cluster Various traffic issues on cluster due to FWD daemon taking all slots on cluster subscriber list. Refer to sk109596
    PMTR-11902,
    PMTR-13723,
    PMTR-13723,
    UP-11,
    UP-211
    LTE Firewall session logs without application or protocol are generated. Refer to sk123715.
    R80.10 Jumbo HotFix - General Availability 112 (23 May 2018, GA from 19 June 2018)
    PMTR-2477,
    PMTR-10469,
    PMTR-2468
    WebUI Gaia Portal shows blank page after log in with Firefox 5x or Chrome 66. Refer to sk121373.
    PMTR-8249 Security Management,
    Multi-Domain Management
    Creating a Domain (Log) Server using an IP address that is already in use, fails with an uninformative error message "Update Domain 'name' failed:Create Domain: 'name' - Create Domain server 'name'.Cannot create domain 'name'".
    PMTR-7418 Security Management FWM process stops working when there is a soft link to $FWDIR/tmp/fwmtrace.log file that reaches 2GB due to enabling debug for a long period of time. 
    PMTR-8570,
    02698348
    Security Management fw_loader process stops working due to invalid VPN community configuration.
    PMTR-8206 Security Management "An internal error has occurred" message when trying to discard the disconnected session. Refer to sk123741.
    PMTR-6048,
    PMTR-7403,
    02512737
    Security Management In some scenarios, Compliance blade Best practices show incorrect “N/A” status. 
    Refer to sk117292.
    PMTR-5747 Security Management In some scenarios, CPM and Solr may consume high CPU, causing SmartConsole to disconnect.
    PMTR-2649 Security Management When connecting to an earlier revision version, some objects may not be visible if you:
    • ran Purge Revisions and rebooted your machine.
    • performed HA full sync from a Security Management server that ran Purge Revisions.
    CPM-945,
    PMTR-9176
    Security Management "You have reached the maximum number of active sessions" error on login failure when expired Web API sessions appear as disconnected in SmartConsole Sessions view and cannot be discarded.
    PMTR-9180 Security Management Performance and stability improvements in Security Management Server when using CloudGuard IaaS.
    PMTR-7670 Security Management In some scenarios, policy installation does not progress when installing policy from several Domains simultaneously.
    PMTR-9029 Multi-Domain Management Global Domain Assignment may fail with "Global Domain Assignment Failed: Failed to connect to FWM" message when FWM is busy or not responsive.
    PMTR-10840,
    PMTR-8562,
    02686845,
    02686649
    Multi-Domain Management Some Security gateway objects are missing from the Gateways view in R80.10 Multi-Domain Server after migration. Refer to sk121890
    PMTR-5840,
    02540859
    SmartConsole When editing Security Management or Gateway object, the "The referred entity does not exist in the Certificate Authority" or “Failed to save object. Server error is: An internal error has occurred.” error pops up. Refer to sk118938.
    PMTR-10665 SmartConsole When running multiple scripts on short time intervals from the Management API, the progres of some of the scripts stops at 10-20%. 
    PMTR-8679 SmartConsole In Multi-Domain Server, reassign or removal of a Global Domain assignment fails if you clone an assigned Threat Prevention profile in the Local Domain.
    PMTR-7874,
    API-254
    SmartConsole In Multi-Domain Server, when the user overrides global values in the UI or the API and then performs 'show service', the global values are displayed instead of the changes  made by user.
    When the user tries to override the global values twice, the second try fails with "Validation error" message. Refer to sk123334.
    PMTR-9564,
    API-283
    SmartConsole The web_api_show_package.sh script fails if TLSv1.0 is disabled on Apache server, displaying errors:

    ERROR: failed connecting to the server: 127.0.0.1
    Script stopped running due to severe error!

    PMTR-8136,
    02726944
    SmartConsole Cluster object still appears in the MDS level after it was deleted from a Domain. Refer to sk123343.
    PMTR-7942 SmartConsole Cannot open WebUI to cluster member if SecurePlatofrm Main URL of the cluster has been changed. Refer to sk123195
    PMTR-8929,
    02733670
    SmartConsole "Validation error - Invalid Domain name at .<Domain name>" message after successful upgrade to R80.10 or when creating a Domain object with an invalid name.
    PMTR-9333 SmartConsole Using Management API to get Access rule hit count values without specifying start date returns 0 hits for all rules.
    Refer to sk123736.
    PMTR-8114 SmartUpdate When clicking "Generate CPInfo" in SmartUpdate, the progress bar indicates that action is successful but CPInfo file is not created.
    PMTR-5359 CloudGuard Data Center objects can be deleted for a short period of time due to disconnections of a Data Center.
    PMTR-8934 Security Gateway Improved connectivity when using Domain objects and/or when gateway is configured as HTTP/HTTPs proxy. 
    PMTR-3901 Security Gateway In rare scenarios, CPD process stops working when running for a long time period.
    PMTR-11991 Security Gateway Traffic is droped with "Rulebase - ERROR" error in kernel debug. Refer to sk133176
    PMTR-3871 Gaia OS In some scenarios, routed process stops working when OSPF is configured.
    PMTR-8801 Gaia OS Gaia OS hardening fix. 
    PMTR-5560 Gaia OS In some scenarios, routed process stops working when unnumbered interfaces are configured. 
    PMTR-7741,
    02553209,
    02669458
    Logging When receiving logs with ELA protocol, FWD process core file may be generated. Refer to sk121594.
    PMTR-5671,
    02705815
    SecureXL When sending multicast packets to multiple receivers behind several interfaces and SecureXL enabled, either only the hosts behind the VLAN outgoing interfaces receive the multicast packets or none will receive them. Refer to sk122481.
    PMTR-6725,
    PMTR-11741
    Identity Awareness PEP opens an unnecessary connection to PDP while there is no sharing configured between the PDP and PEP. Refer to sk129392.
    PMTR-10466,
    02758290,
    02722485
    HTTPS Inspection Improved handling of Trusted CAs certificates when HTTPS Inspection is enabled.
    Refer to sk122973
    PMTR-7811,
    PMTR-8999
    Mobile Access SNX traffic is dropped by Security Gateway with "Rulebase - ERROR" message in "fw ctl zdebug drop" debug. Refer to sk123336.
    PMTR-10782 VSX CPM Server fails to start due to postgres idle open connections.
    R80.10 Jumbo HotFix - General Availability Take 103 (12 Apr 2018, GA from 03 May 2018)
    PMTR-7377 Security Management Management HA fails to synchronize with "The Security Management Servers contain different Hotfixes" error even though the same packages are installed on servers. Refer to sk123048.
    PMTR-7668 Security Management Upgrade may get stuck if there is not enough memory allocated to the upgrade process. Refer to sk123136.
    PMTR-6398 Security Management Externally managed gateways are displayed in SmartView Monitor although they should not be.
    • For each externally managed gateway that was already defined in the database, after Take installation, open this gateway object in SmartConsole, close the window and publish the session. After this you will not see them anymore in the SmartView Monitor.
    Refer to sk122999.
    PMTR-7583 Security Management If one administrator creates a rule, deletes it, and publishes the changed policy (meaning that the rule's creation and deletion were published together), other administrators connected via SmartConsole will see an "any any drop" rule in the policy where the original rule was meant to be created.
    PMTR-7164,
    PMTR-7803
    Security Management Management HA performance improvements. Refer to sk123313.
    PMTR-5407 Security Gateway Security fix for Client Authentication rule matching.
    PMTR-3038 Security Gateway SecureXL forwards non-accelerated packets to the gateway, causing it to crash if the packet contains corrupted data.
    PMTR-3433,
    02667797
    SmartConsole "Could not delete object. An internal error has occurred" error when removing old Security gateway object. Refer to sk121593.
    PMTR-7055 SmartConsole After IPS update, protections with release date older than one year are removed from staging if they were changed during the update.
    PMTR-7891 SmartConsole Performance improvement in basic Access policy functionalities (like add/remove rules and layer scroll).
    PMTR-7565,
    CPM-1375,
    CPM-1277
    SmartConsole Delete operation of a service, source or destination in a single Publish operation does not appear in audit log, although it does exists in the Security Management server database. Refer to sk123324.
    PMTR-2666,
    CRYPT-51
    SmartConsole "An error occurred while receiving the HTTP response to..." error when trying to log in to the R80.10 SmartConsole. Refer to sk122073.
    PMTR-2743 SmartConsole When publishing operation via API fails, the failure reason is not displayed. Refer to sk121414.
    PMTR-2445 SmartConsole Policy installation via API ends with unclear status: within the response, the "statusCode" field value is "in progress" and the "statusDescription" field value is "Performing Legacy data dump". Refer to sk121217.
    PMTR-1489 SmartEvent In rare scenarios where R80.10 SmartEvent is managed by an R77.x Security Management server and there are many Domains which are updated/deleted/added, the dbsync process may stop working.
    PMTR-697 Logging Added ability to filter the "File operation" field in SmartLog.
    PMTR-3942,
    02655514
    Logging In environments with large amount of gateways managed by a single Security Management server or Domain, FWM process stops working printing the "T_get_event: cannot register socket x (1024 sockets already registered for exp)" error to the fwm.elg file.
    PMTR-7185 Logging On Multi-Domain Server, log storage maintenance does not work with SmartEvent, thus not freeing up the disk space.
    PMTR-1483 Logging In environments with many log activities, report generation may fail causing progress bar to stuck.
    PMTR-6585 Gaia OS Deleting last backup IP address from VRRP Interface triggers a transition from master state to backup.
    PMTR-5157 Gaia OS When a user invokes tcpdump on a 40GbE/100GbE interface, using mlx5_core driver 3.2-2.0.4.12, a small packet in a narrow size range causes a driver to crash. 
    PMTR-5158,
    PMTR-2681
    Gaia OS Multi-Queue (MQ) cores performance optimization.
    PMTR-8779,
    02707238
    Gaia OS After installing R80.10 Jumbo Hotfix Take_70, data and rules are not restored correctly with backup/restore via Gaia Portal -> Maintenance -> System Backup or CLISH backup/restore commands. Refer to sk123352.
    PMTR-4236 Cluster In ClusterXL, when using VMAC, Gratuitous ARP Request (GARP) packets are generated with both VMAC address and physical MAC address.
    PMTR-7312,
    PMTR-791
    Cluster Enhancement: adding a grace period before failover when detecting 'Interface Active Check' state to prevent unneeded failovers.
    PMTR-4475 DLP Files are not deleted from the $FWDIR/tmp/dlpu directory causing the Security gateway's hard drive to fill up.
    PMTR-6303,
    IDA-762
    Identity Awareness In rare scenarios, when Terminal Server Identity Agent is used and SecureXL is enabled, connections from the Terminal Server can be matched on the wrong user. 
    PMTR-6581,
    02398542,
    02500815
    Identity Awareness In some scenarios, Kerberos based authentication fails when Kerberos ticket is encrypted using AES-128. Refer to sk111945.
    MAGB-254,
    MAGB-268,
    PMTR-5386
    Mobile Access "Mobile Access - Reject. Reason: Error in disconnecting user. Access Denied." message in SmartLog when user tries to use the SNX Network Mode. Refer to sk123037.
    PMTR-6169,
    MAGB-240
    Mobile Access When a browser sends a cookie that it got from another page on a different port, the Mobile Access gateway does not recognize the cookie. 
    PMTR-2141 VPN In a certain Remote Access flow, Security gateway crashes when kernel cannot allocate memory.
    PMTR-4469 Compliance First Scan must be performed after R80.10 Jumbo Hotfix installation to update the Best Practice IPS114.
    Initial First Scan in Compliance blade:
    1. From the CLI, enter Expert mode, run dbedit and press Enter for Server name.
    2. In DBedit type: grc_test_elements grc_interpreter first_scan true.
      Then type update_all 
      You should get a message "grc_test_elements::grc_interpreter Updated Successfully".
    3. Verify the value of first_scan is true by typing:
      print grc_test_elements grc_interpreter
    4. Quit.
    5. Perform Full Scan in Compliance blade via the SmartConsole or type interpreter full_scan. 
    GAIA-2218,
    PMTR-9922
    Smart-1 On Smart-1 525 appliance, Raid diagnostics from Clish and WebUI display status "Degraded" instead of "Optimized" when two disks are 100% synced. 
    Refer to sk123847.
    PMTR-14895 VSX After updating Virtual System object and pushing configuration to VSX object, most of the routes are removed. 
    R80.10 Jumbo HotFix - General Availability Take 91 (6 Mar 2018, GA from 01 Apr 2018)
    PMTR-5419,
    PMTR-2799,
    PMTR-5418
    Security Management Cannot delete OPSEC application with AMON entity. Refer to sk121377.
    PMTR-507 Security Management FWM process stops working in case a malformed license file is reported from the Security gateway.
    PMTR-3190 Security Management When installing policy following Global Domain Assignment a false message of “policy installation is currently in progress" appears, while there isn’t any. Refer to sk122253.
    PMTR-3847 Multi-Domain Management "Get License" operation in SmartUpdate of Multi-Domain Server hangs on "Operation started" stage.
    PMTR-6825,
    PMTR-7453,
    CPM-456
    Multi-Domain Management Cannot change the IP address of Domain Server when using R80.10 GA Take 462 or Takes 70, 79 and 85 of the R80.10 Jumbo Hotfix Accumulator.
    PMTR-3718 Multi-Domain Management Synchronization failure after purge operation in MDS level.
    PMTR-6095 Multi-Domain Management Only a single report is generated in SmartView MDS level when selecting multiple Domain Management Servers.
    PMTR-2815,
    API-196
    SmartEvent "SmartView server certificate is invalid" error when connecting to Domain (via SmartConsole) from MDS level and navigating to 'Logs and Monitor' tab. Refer to sk121443.
    PMTR-3271 Security Gateway When installing policy on gateways with different profiles (where netquota or malicious IPs protection is enabled on one of the profiles), traffic is dropped with "dropped by fw_runfilter_ex Reason: function does not exist" error. Refer to sk123040.
    PMTR-4106,
    02689215
    Logging In rare scenarios, enabling log forwarding may trigger a memory leak. 
    PMTR-3544 Gaia OS Random routes are sometimes missing after rebooting the system.
    PMTR-3783 Gaia OS routed process stucks at slave/slave state in ClusterXL setup.
    PMTR-2853,
    02662054
    Gaia OS DHCP Relay traffic is dropped when ClusterXL unicast load sharing mode is configured. Refer to sk121347.
    PMTR-1602 Gaia OS routed process restarts infrequently when Bootp/DHCP Relay is enabled.
    PMTR-3546 Gaia OS routed process repeatedly exits on standby cluster member when VPN is configured on a cluster.
    GAIA-1619 Gaia OS Security hardening for Gaia Clish.
    PMTR-3318,
    02639628
    Gaia OS Security gateway may crash during unmount operation on a remote network filesystem (samba).
    PMTR-4374,
    02677981
    ClusterXL Active member in ClusterXL HA sends an ARP request for cluster VIP causing a temporary outage. This can happen in a rare scenario as described in sk121846
    PMTR-4362,
    PMTR-1582
    DLP DLP Exchange Server Agent load when Security gateway is configured as MTA was optimized to enable a better stability of MTA functionality.
    PMTR-5289 VSX Threat Prevention blade failure can occure in the following scenarios:
    1. No Threat Prevention blade is active on VS0 and a Threat Prevention blade is active on a different VS
    2. That VS has no connectivity to the Internet
    3. VS0 has connectivity to the Internet but through a proxy
    PMTR-4457 VPN BGP traffic initiated by the gateway is not matched by the VPN directional rule.
    PMTR-2372 VPN IPsec renegotiation fails with peer DAIP gateways. 
    R80.10 Jumbo HotFix - General Availability Take 85 (15 Feb 2018)
    Note: include support for Smart-1 525/5050/5150 appliances
    PMTR-7017 Smart-1 NEW: Added support for Smart-1 525 / 5050 / 5150 appliances. Refer to sk120453.
    R80.10 Jumbo HotFix - Ongoing Take 79 (05 Feb 2018)
    PMTR-2818 Security Management Some API commands fail with "Internal error" message when called with "details-level" flag set to "full". Refer to sk121475.
    PMTR-2819 Security Management The "show gateways-and-servers" API command fails with the "Runtime error: An internal error has occurred." error.
    PMTR-2812 Security Management After global policy assignment, when running the "show access-rulebase" API command with a filter, no results are shown.
    API-120 Security Management When executing an API request via CLI, cannot set the custom timeout using the "-conn-timeout" flag. The default timeout of 3 minutes is always used. 
    PMTR-4816,
    PMTR-4499
    Security Management Stabilization improvement of fwm, fw_loader and dbedit Security Management processes. 
    PMTR-2597 Security Management Enhancement: Improved policy installation performance when installing policy on multiple targets.
    CPM-654,
    PMTR-2439
    Multi-Domain Management Deletion of Domain Management Server may fail on timeout when few dozens of administrators with customized permission profiles are assigned to the Domain Management Server.
    IDA-170,
    PMTR-2973
    Identity Awareness  When Full Identity Agent is used with packet tagging feature, Anti-Spoofing may not be enforced for some of the connection packets.
    PMTR-2944 Identity Awareness Many "ida_classifier_send_log_cb: dst clob is active but there is no identity sharing!" errors in /var/log/messages file after upgrade to R80.10. 
    PMTR-3375 Logging Logs are shown with delay after policy installation if there are more than ten thousands Binary Large Objects (BLOBs) on the Log Server.
    PMTR-5782 Logging When more than 50 Log servers are created in SmartEvent, sometimes a Log server the administrator is searching for is not in the query and is not available for service. 
    R80.10 Jumbo HotFix - General Availability Take 70 (15 Jan 2018)
    TPM-494 Multi-Domain Management Global policy assignment fails after removing staging overrides in the Global Domain.
    PMTR-1458,
    02659051
    Multi-Domain Management  Attaching a central license from Multi-Domain Server to a Domain/CMA creates duplicate license objects in SmartUpdate, which cannot be deleted. Refer to sk120833.
    API-146 Security Management Enhancement: New flags to control the API commands output in full details level.
    Refer to sk121292
    API-124 Security Management The "show-access-rulebase" API command fails if the rulebase contains rules with "Encrypt" or "Client Encrypt" action.
    CPM-948 Security Management There is no status in the SmartView Monitor for Mobile Access blade. 
    PMTR-2379 Security Management querydb_util generates core file when cannot connect to Security Management server. 
    PMTR-2376 Security Management fwm process is down during gateway creation after configuring shared secret for VPN community. 
    PMTR-2722 Security Management After reboot or HA Full sync, some objects are not visible in a specific private session. 
    PMTR-712 Security Gateway CPD process exits with core dump generated while stopping CPD / rebooting the system / restarting watchdog.
    PMTR-1677,
    VSECNSX-951
    Security Gateway In some scenarios, the Security gateway crashes when installing Access Control Policy and Threat Prevention Policy in parallel.
    Refer to sk140172.
    PMTR-1310 Security Gateway Connections configured with Drop and Block message were actually dropped, but log appears as Accept log.
    PMTR-1388 Security Gateway  Upon packet loss, the clients' retransmit "strategy" triggers an issue of reassembling the TCP stream incorrectly. The SSL stream cannot be decrypted like this, so the SSL session is closed. Refer to sk121738.
    PMTR-2660,
    02666905
    Security Gateway When DHCP is configured to work with VPN, DHCP Relay traffic is dropped. 
    PMTR-709 Logging Enhancement: Allow viewing HTTPS related fields according to permission profile in LEA. When configuring a permission profile that allows HTTPS, you will be able to see the related fields when receiving them with LEA OPSEC client, instead of obfuscating them.
    PMTR-1771,
    02525352
    Gaia OS  Gaia backup files are not created on Multi-Domain Server. Refer to sk119401
    PMTR-2368 Gaia OS  Configuring more than 200 logical interfaces can cause routed to crash upon the next change in configuration.
    PMTR-1442,
    02554018
    SmartLog SmartConsole search does not work for strings that include non-English characters. For example, Cyrillic characters and characters with accent marks. Refer to sk120293
    PMTR-1224,
    02562873
    SmartLog  After performing a Gradual Upgrade of the Domain Management Server, no logs are displayed in the relevant domain until running the mdsstop;mdsstart commands on MLM.
    TEX-412 Threat Extraction Security enhancements for Data Loss Prevention and Threat Extraction blades
    PMTR-1932, 02590986  Threat Emulation Links inside email with domain suffix (e.g. www.example.com) are emulated as .com files. 
    PMTR-2891 Anti-Virus,
    Threat Emulation

    Enhancement in Anti-Virus to allow replacement of Kaspersky Labs components.
    For removal instructions see sk118539. For further information visit http://www.checkpoint.com/kaspersky

    PMTR-1303 Mobile Access Connection to internal sites or Capsule Docs server via Mobile Access Blade's Reverse Proxy feature fails due to an incorrectly forwarded 'Host' header. 
    PMTR-2089 Mobile Access An incorrect policy installation warning "R80.10 gateways cannot be included in the Mobile Access Legacy Policy when Mobile Access Unified Policy is the selected policy source" is shown when installing the Access Control policy on a Mobile Access gateway and the legacy Mobile Access policy is empty. 
    PMTR-1183 URL Filtering Enhancements in categorization in cases where only URL Filtering is enabled. 
    PMTR-2594 HTTPS Inspection HTTPS based traffic is bypassed when using a category based HTTPS inspection rulebase on a SMB gateway without URL Filtering blade enabled. 
    R80.10 Jumbo HotFix - General Availability Take 56 (23 Nov 2017)
    PMTR-683,
    02648460
    Security Management Users that are not configured with Multi-Domain super user permissions, experience slowness in running queries.
    PMTR-2697 Security Management FWM process restarts when trying to read the $FWDIR/tmp/fwmtrace.log file from an incorrect directory where this file does not exist.
    R80.10 Jumbo HotFix - Ongoing Take 53 (25 Oct 2017)
    PMTR-1702 Security Management Policy installation fails when Access Role is configured in the Access Control policy on a gateway with no Identity Awareness enabled. 
    SMCPOL-122 Security Management When policy installation fails with "Operation incomplete due to timeout" error, timeout can be increased via GuiDBedit Tool. Refer to sk112353
    CPM-830 Security Management FWM process crash in Management HA environment when $FWDIR/tmp/fwmtrace.log file reaches 2GB.
    PMTR-738,
    02608827
    Security Gateway Cluster member IP addresses is not added correctly during policy generation. 
    PMTR-1421 Gaia OS  Outputs of "top" and "ps -aux" commands show lspci as zombie process. Refer to sk121891.
    PMTR-330 DLP  Enhancement: Maximum allowed SMTP headers length can be configured. Refer to sk119293.
    PMTR-332 DLP Enhancement: Improved DLP stability.
    GM-2855  SMB Appliances Enhancement: IPv6 support for 700 / 1200R / 1400 SMB Appliances. Refer to sk118816.
    R80.10 Jumbo HotFix - General Availability Take 42 (17 Sept 2017)
    Note: This Take updates Take 40 released on 12 Sept 2017. It is recommended to install Take 42
    GAIA-1060 Security Gateway SIC status is "Not Communicating" and CPD process restarts after installing R80.10 Jumbo HotFix Take 40. Refer to sk120494.
    UP-94,
    02556604
    Security Gateway Websites with short Host headers (like ab.com) cannot be loaded.
    TEX-328 Threat Extraction Security gateway hangs when enabling Threat Extraction Web API.
    TPM-373 Threat Prevention The API command "show threat-profile" wrongly reports configuration of internal settings which causes failure in certain scenarios. 
    PMTR-748 Anti-Virus, Anti-Bot Crash in Anti-Virus & Anti-Bot blades. 
    CPM-806 Security Management Policy installation fails on DAIP gateways after changing Domain Server from Standby to Active.
    PMTR-464 Security Management After upgrade to R80.x, Administrator's "email" field does not show in SmartConsole. 
    PMTR-466 Security Management Rulebase initialization fails after CMA migration from R77.30 to R80.10 via cma_migrate.
    TPM-419 SmartConsole After a period of time in which multiple IPS updates have been performed, the database size can become very large because of unused data. 
    • Enhancement: new procedure to clean old / unused IPS version in the database
    TPM-334 SmartConsole Geo policy allows to configure several rules for the same country, causing incorrect policy enforcement.
    PMTR-631 SmartEvent  In SmartEvent policy, when selecting two 'Event Fields' with the same 'Log Field' in 'Event Format' tab, the Event fails to generate. 
    PMTR-625 SmartEvent When automatic reaction mail is sent, the resolving name of source and destination is missing and only the source and destination IP address is shown. 
    PMTR-655 SmartEvent When automatic reaction email is sent, wrong "Start time" is displayed.
    R80.10 Jumbo HotFix - Take 37 (04 Sept 2017)
    PMTR-397 Security Gateway export_p12 feature is missing in VPN utilities.
    PMTR-418 Security Gateway Security Gateway / Active cluster member freezes / locks up randomly. Refer to sk114977.
    PMTR-454 Security Gateway Login to Smart Console fails with "The server did not provide a meaningful replay; This may be caused by a contract mismatch, a Premature session shutdown or an internal server error" error. 
    PMTR-469 Security Gateway FWM process consumes high CPU in case of unreachable DAIP objects existing in the system.
    PMTR-458 Security Gateway Enhancement: Performance of Global Domain Assignment for Open Servers with 9-24 GB memory is improved.
    PMTR-473 Security Gateway Enhancement: Improved Security Gateway stability when it is configured as proxy. 
    BS-175 Security Gateway  Some objects are missing when querying for unused objects.
    SL-441 Security Gateway In environment with more than 50 Log servers, log queries return results only from 50 log servers.
    GAIA-634 Gaia OS  Enhancement: Improved clish stability.
    CPM-792 Security Management Log Server status in Monitoring view is not presented for cluster members of Full HA environment. 
    CPM-734 Multi-Domain Management Global policy assignment fails after section manipulation in the Global Domain's rulebase. 
    BS-149 Multi-Domain Management Policy installation from Multi-Domain Server following a Threat policy uninstall, fails.
    API-99 SmartConsole Security Management API server fails under heavy load. Refer to sk119553.
    API-92 SmartConsole API "show-packages" (when set to "details-level" : "full") fails where the revision in one of the package’s installation targets has been purged from the database.
    API-93 SmartConsole  If object is used inside a disabled rule, the "where-used" Security Management API command shows that the rule is enabled. 
    API-94 SmartConsole  Reply to Security Management API "show-gateways-and-servers" misspells the name of the "identity-awareness" blade as "identical-awareness".
    API-88 SmartConsole Under certain conditions, after restarting Security Management Server, the API server, although configured to accept requests from GUI clients, no longer does so, but reverts to the default behavior of accepting only calls from the local host.
    R80.10 Jumbo HotFix - General Availability Take 35 (22 Aug 2017)
    MAGB-27,
    MAGB-28
    Mobile Access Improved stability of Mobile Access WebMail application.
    PMTR-172 Security Gateway Security hardening for Client Authentication portal.
    CPM-534 Security Management migrate_global_policies and cma_migrate commands can run when processes are down. 
    PMTR-436 Security Management Long duration of policy installation for large number of NAT rules.
    CPM-665 Security Management Performance improvements.
    DP-1079 Check Point Appliances  "Can't validate base version is a GA take of R80.10" error message when installing Jumbo Hotfix Accumulator Take 24 on 405 / 410 appliances.
    R80.10 Jumbo HotFix - General Availability Take 24 (01 Aug 2017)
    PMTR-290 Application Control Support for user-defined application with encoded escaped characters within the URL.
    GAIA-760 Gaia OS  BGP does not work for VTIs and Point-to-Point interfaces with mask length of 32 with Virtual IPs. 
    TEX-329 DLP, Threat Extraction  Security enhancements for Data Loss Prevention and Threat Extraction blades. 
    02559994,
    PMTR-385
    SmartLog On Open Servers with 24G-35G of RAM running R80.10 Jumbo Hotfix (Take 10/15/18) logs are not indexed and SmartLogs queries fail.
    R80.10 Jumbo HotFix - General Availability Take 18 (24 July 2017)
    ACM-520 Application Control Improved Policy Verification for Pre-R80.10 Security Gateways that support only services of type "TCP" or ‎"UDP" in the Application Control layer.
    02522974, PMTR-100 Identity Awareness Improved Access Role identification for different login/logout scenarios.
    02524894, PMTR-99 Security Management Automatic NAT rule is not removed after the corresponding network object is removed.
    02521459, GM-2678 Security Management Policy installation fails in some cases when installing policy on all managed Security Gateways at once, if Security Management manages both standard Security Gateways and UTM-1 Edge devices.
    R80.10 Jumbo HotFix - General Availability Take 15 (11 July 2017)
    02536538,
    PMTR-147
    Security Gateway Improved URL recognition mechanism for Anti-Virus, Anti-Bot, and URL Filtering blades.
    PMTR-44 vSEC vSEC objects are not enforced on part of the gateways. Problem is relevant only for large scale environment with more than 50 gateways/cluster/vs/member.
    PMTR-45 vSEC In large scale Azure environments, Data Center objects are partialy imported.
    PMTR-167 SmartView Security hardening of SmartView.
    02539824,
    PMTR-164
    Security Management Security Management access hardening.
    R80.10 Jumbo HotFix - General Availability Take 10 (28 June 2017)
    02530810 Smart-1 Added support for Smart-1 405 / 410 appliances. Refer to sk117578.
    02524737,
    PMTR-88
    VSX Wrong license status for 'Virtual Systems' blade for VSX objects in R80 SmartConsole.
    R80.10 Jumbo HotFix - Take 7 (22 June 2017)
    02528737,
    02529416,
    02533097,
    CPM-535
    Multi-Domain Management Several cpsm-domains-X licenses are counted only once.
    Refer to sk118316.
    02520574,
    CPM-462
    Multi-Domain Management Upgrade failure of secondary Multi-Domain Log Server when using NGX license.
    02520796,
    CPM-460
    Multi-Domain Management mds_import fails with "CPM server failed to start, see server logs" message when trying to import a database exported from R80.10 Multi-Domain Server.
    02524769,
    PMTR-87
    Security Management While updating a User name, the logged in User name in the logs is wrongly reported with the old User name.
    02449460, CPM-465 Security Management Management High Availability synchronization between primary server upgraded from R80 Jumbo Hotfix to R80.10 and new R80.10 secondary server, fails.
    02532395,
    ACM-335
    Security Management,
    Security Gateway
    Security rules that should be installed on a specific Security Gateway wrongly can be installed on another R80.10 Security Gateway.
    Refer to sk118153.
    02526608,
    PMTR-81
    Security Gateway Improved non-compliant HTTP protection to enforce more rare cases of non-compliant HTTP traffic.
    02523046, PMTR-47 Security Gateway in.emaild.mta process may crash randomly (once every few days was observed) when the Security gateway is configured as Mail Transfer Agent (MTA). Mails under inspection may be delayed by up to a few minutes.
    02513631, PMTR-96 IPS When an IPS protection is overridden, it is enforced correctly however it may cause higher performance load.
    PMTR-98 SmartConsole Translated Source column with "Original" object wrongly has a Hide NAT option.
    R80.10 Jumbo HotFix - General Availability Take 3 (06 June 2017)
    02521398 Threat Emulation Fixed Mail Transfer Agent (MTA) enforcement issue.

     

    Installation instructions

    Procedure:

    • Show / Hide instructions for installation in Gaia Portal - using CPUSE (Check Point Update Service Engine)

      • Offline installation

        Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").

        1. Install the latest build of CPUSE Agent from sk92449.
        2. Connect to the Gaia Portal on your Check Point machine and navigate to Upgrades (CPUSE) section - click on Status and Actions.
        3. In the upper right corner, click on the Import Package button.
        4. In the Import Package window, click on Browse... - select the CPUSE package (either offline TGZ file, or exported TAR file) - click on Import.
        5. Above the list of all software packages, click on the Showing Recommended packages button - select All.
        6. Select the imported package Check Point R80.10 Jumbo hotfix T<number> for sk116380 - click on More button on the toolbar - click on Verifier (or right-click on the package and click on Verifier).
        7. Select this package and click on Install Update button on the toolbar.


    • Show / Hide instructions for installation in Gaia Clish - using CPUSE (Check Point Update Service Engine)

      For detailed installation instructions, refer to CPUSE - Gaia Software Updates (including Gaia Software Updates Agent) - section "(4) How to work with CPUSE".

      • Offline installation

        Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").

        1. Install the latest build of CPUSE Agent from sk92449.
        2. Connect to command line on target Gaia OS.
        3. Log in to Clish.
        4. Acquire the lock over Gaia configuration database:
          HostName:0> lock database override
        5. Import the package from the hard disk:
          HostName:0> installer import local <Full_Path>/<Package_File_Name>.TGZ_or_TAR
        6. Show the imported packages:
          Note: Refer to the top section "Hotfixes" - refer to "Check Point R80.10 Jumbo hotfix T<number> for sk116380"
          HostName:0> show installer packages imported
        7. Verify that this R80 Jumbo Hotfix Accumulator package can be installed without conflicts:
          HostName:0> installer verify <Package_Number>
        8. Install the imported package:
          HostName:0> installer install <Package_Number>

     

    Uninstall instructions

    Important Note: This Jumbo Hotfix Accumulator removes all its packages during uninstall.

      Procedure:

       

      Revision History

      Show / Hide revision history

      Date Description
      26 Nov 2020 Take 283 of R80.10 Jumbo Hotfix Accumulator moved to General Availability
      10 Nov 2020 Added PRJ-15606 to Take 283
      07 Oct 2020
      • Released Take 283 of R80.10 Jumbo Hotfix Accumulator
      • Added R80.10 SmartConsole Build 183
      24 Aug 2020 Published List of upcoming resolved issues
      13 Aug 2020 Take 279 of R80.10 Jumbo Hotfix Accumulator moved to General Availability
      03 Aug 2020 Updated the Important Notes section
      22 Jul 2020 Released Take 279 of R80.10 Jumbo Hotfix Accumulator
      12 Jul 2020 Take 275 of R80.10 Jumbo Hotfix Accumulator moved to General Availability
      08 Jul 2020 Added R80.10 SmartConsole Build 180
      05 Jul 2020 Released Take 278 of R80.10 Jumbo Hotfix Accumulator
      24 May 2020 Released Take 275 of R80.10 Jumbo Hotfix Accumulator
      06 May 2020 Updated List of upcoming resolved issues
      03 May 2020 Published List of upcoming resolved issues
      22 Apr 2020 Released Blink images for R80.10 GA Take + Jumbo HF Take_272
      05 Apr 2020 Take 272 of R80.10 Jumbo Hotfix Accumulator moved to General Availability
      22 Mar 2020
      • Released Take 272 of R80.10 Jumbo Hotfix Accumulator
      • Added R80.10 SmartConsole Build 177
      03 Mar 2020 Added PRJ-5528 to Take 259
      24 Feb 2020 Added PRJ-6045 to Take 270
      18 Feb 2020 Added R80.10 SmartConsole Build 176
      13 Feb 2020
      • Released Take 270 of R80.10 Jumbo Hotfix Accumulator
      • Take 259 of R80.10 Jumbo Hotfix Accumulator moved to General Availability
      06 Jan 2020 Released Blink images for R80.10 GA Take + Jumbo HF Take 249 and Jumbo HF Take 259
      29 Dec 2019
      • Published List of upcoming resolved issues
      • Added CPUSE offline packages for Ongoing Take
      24 Dec 2019 Added R80.10 SmartConsole Build 161
      23 Dec 2019 Take 249 of R80.10 Jumbo Hotfix Accumulator moved to General Availability
      19 Dec 2019  Released Take 259 of R80.10 Jumbo Hotfix Accumulator
      10 Dec 2019  Added R80.10 SmartConsole Build 159
      21 Nov 2019 Released Take 249 of R80.10 Jumbo Hotfix Accumulator
      05 Nov 2019
      • Added R80.10 SmartConsole Build 154
      • Addeed PRJ-1968, PRJ-1343, PRJ-782 and PRJ-3868 to Take 245
      03 Nov 2019 Published List of upcoming resolved issues
      24 Oct 2019 Released Take 245 of R80.10 Jumbo Hotfix Accumulator
      04 Sep 2019 Take 225 of R80.10 Jumbo Hotfix Accumulator moved to General Availability
      04 Aug 2019
      • Released Take 225 of R80.10 Jumbo Hotfix Accumulator
      • Added R80.10 SmartConsole Build 137
      07 July 2019 Added PMTR-25878 to Take 177
      11 June 2019 Added R80.10 SmartConsole Build 128
      04 June 2019 Released Take 214 of R80.10 Jumbo Hotfix Accumulator
      12 May 2019 Take 203 of R80.10 Jumbo Hotfix Accumulator moved to General Availability 
      01 Apr 2019 Added R80.10 SmartConsole Build 122
      25 Mar 2019 Released Take 203 of R80.10 Jumbo Hotfix Accumulator
      04 Mar 2019 Take 189 of R80.10 Jumbo Hotfix Accumulator moved to General Availability
      12 Feb 2019 Released Take 189 of R80.10 Jumbo Hotfix Accumulator 
      22 Jan 2019 Released Take 185 of R80.10 Jumbo Hotfix Accumulator 
      14 Jan 2019 Added R80.10 SmartConsole Build 105
      26 Dec 2018
      • Released Take 177 of R80.10 Jumbo Hotfix Accumulator
      • Take 169 of R80.10 Jumbo Hotfix Accumulator moved to General Availability
      06 Dec 2018 Added R80.10 SmartConsole Build 093
      27 Nov 2018 Released Take 169 of R80.10 Jumbo Hotfix Accumulator 
      12 Nov 2018
      • Released Take 167 of R80.10 Jumbo Hotfix Accumulator
      • Added R80.10 SmartConsole Build 089
      23 Oct 2018 Take 154 of R80.10 Jumbo Hotfix Accumulator moved to General Availability 
      16 Oct 2018 Released Take 154 of R80.10 Jumbo Hotfix Accumulator
      02 Oct 2018
      • Released Take 151 of R80.10 Jumbo Hotfix Accumulator
      • Added R80.10 SmartConsole Build 073
      02 Sep 2018 Added PMTR-14532 to Take 131
      30 Aug 2018 Updated description of PMTR-19132
      27 Aug 2018 Added PMTR-17399, PMTR-14653 and PMTR-12446 to Take 142
      21 Aug 2018 Released Take 142 of R80.10 Jumbo Hotfix Accumulator
      19 July 2018 Released Take 131 of R80.10 Jumbo Hotfix Accumulator
      03 July 2018 Added R80.10 SmartConsole Build 056
      19 June 2018 Take 112 of R80.10 Jumbo Hotfix Accumulator moved to General Availability
      12 June 2018 Take 112 for Smart-1 525/5050/5150 appliances was removed.
      28 May 2018 Added R80.10 SmartConsole Build 042
      23 May 2018 Released Take 112 of R80.10 Jumbo Hotfix Accumulator 
      03 May 2018
      • Take 103 of R80.10 Jumbo Hotfix Accumulator moved to General Availability
      • Important Notes were updated
      12 Apr 2018 Released Take 103 of R80.10 Jumbo Hotfix Accumulator 
      01 Apr 2018 Take 91 of R80.10 Jumbo Hotfix Accumulator moved to General Availability 
      21 Mar 2018 Take 85 of R80.10 Jumbo Hotfix Accumulator moved to General Availability 
      06 Mar 2018 Released Take 91 of R80.10 Jumbo Hotfix Accumulator 
      15 Feb 2018 Released Take 85 of R80.10 Jumbo Hotfix Accumulator
      05 Feb 2018
      • Released Take 79 of R80.10 Jumbo Hotfix Accumulator
      • Take 70 of R80.10 Jumbo Hotfix Accumulator moved to General Availability 
      15 Jan 2018 Released Take 70 of R80.10 Jumbo Hotfix Accumulator 
      18 Dec 2017 Added R80.10 SmartConsole Build 013
      12 Dec 2017 Take 56 of R80.10 Jumbo Hotfix Accumulator moved to General Availability
      23 Nov 2017 Released Take 56 of R80.10 Jumbo Hotfix Accumulator 
      07 Nov 2017  Added CPUSE Online Identifier of Take 53
      25 Oct 2017 Released Take 53 of R80.10 Jumbo Hotfix Accumulator 
      24 Sep 2017 Added note regarding CPUSE Agent build 1298 
      18 Sep 2017 Added reference to sk120494
      17 Sep 2017  Released Take 42 of R80.10 Jumbo Hotfix Accumulator
      12 Sep 2017  Released Take 40 of R80.10 Jumbo Hotfix Accumulator
      04 Sep 2017 Released Take 37 of R80.10 Jumbo Hotfix Accumulator 
      22 Aug 2017 Released Take 35 of R80.10 Jumbo Hotfix Accumulator 
      09 Aug 2017 Added note regarding SmartConsole Build 005 
      01 Aug 2017 Released Take 24 of R80.10 Jumbo Hotfix Accumulator 
      27 July 2017

      Added the following notes:

      24 July 2017 Released Take 18 of R80.10 Jumbo Hotfix Accumulator
      Released updated R80.10 SmartConsole for R80.10 Jumbo Hotfix Accumulator (for Take 7 and higher).
      19 July 2017 Added an important note that to check the Take number of the installed R80.10 Jumbo Hotfix Accumulator, user should run the "cpinfo -y all" command
      11 July 2017 Released Take 15 of R80.10 Jumbo Hotfix Accumulator
      28 June 2017 Released Take 10 of R80.10 Jumbo Hotfix Accumulator
      22 June 2017 Released Take 7 of R80.10 Jumbo Hotfix Accumulator
      06 June 2017 First release of R80.10 Jumbo Hotfix Accumulator (Take 3)

      Give us Feedback
      Please rate this document
      [1=Worst,5=Best]
      Comment