Support Center > Search Results > SecureKnowledge Details
Jumbo Hotfix Accumulator for R80.20 (R80_20_jumbo_hf)
Solution

Table of Contents:

  • Introduction
  • Availability
  • Important Notes
  • List of resolved issues per HotFix
  • Installation instructions
  • Uninstall instructions
  • List of replaced files
  • Revision History
Show the Entire Article

 

Introduction

R80.20 Jumbo Hotfix Accumulator is an accumulation of stability and quality fixes resolving multiple issues in different products.

This Incremental Hotfix and this article are periodically updated with new fixes.

The list below describes each resolved issue and provides a Take number, in which the fix was included. A resolved issue is included in the Incremental Hotfix starting from the Take number listed in this table (inclusive). In addition, you can find the date when the take was published in the table below.

Refer to sk98028 - Jumbo Hotfix Accumulator FAQ.

 

Availability

  • General Availability Take

    Take_47 is the latest R80.20 Jumbo Hotfix Accumulator General Availability release that can be directly downloaded from Check Point Cloud using CPUSE and from this article:

    Product Take Date CPUSE offline
    package
    SmartConsole package
    Security Gateway / Standalone
    Take_47  
    25 Mar 2019
     
    (TGZ) (EXE)
    Build 053
    Security Management (TGZ)

  •  

  • Ongoing Take

    Product Take Date CPUSE Online Identifier SmartConsole package
    Security Gateway / Standalone
    Take_80 27 May 2019 Check_Point_R80_20_JUMBO_HF_Bundle_T80_sk137592_FULL.tgz (EXE)
    Build 053
    Security Management Check_Point_R80_20_JUMBO_HF_Bundle_T80_sk137592_GL_FULL.tgz

Important Notes

  • Each of the Jumbo Hotfix Accumulator Takes is based on Check Point R80.20.
  • For CPUSE installation, CPUSE Agent build 1573 and above (refer to sk92449) must be used.
  • It is recommended to install Jumbo Hotfix Accumulator on all the R80.20 machines running on Gaia OS.
  • This Jumbo Hotfix Accumulator is suitable for these products and configurations:
    • Security Gateway
    • StandAlone
    • Security Management Server
    • Multi-Domain Management Server
    • Log Server
    • Multi-Domain Log Server
    • SmartEvent Server
    • Endpoint Security Server
    • VSX
    • Cluster
  • This Jumbo Hotfix Accumulator has to be installed only after successful completion of Gaia First Time Configuration Wizard and reboot.
  • To check the Take number of the currently installed R80.20 Jumbo Hotfix Accumulator (if it is installed): [Expert@HostName:0]# cpinfo -y all

 

List of resolved issues per HotFix

Enter the string to filter the below table:

ID Product Description
R80.20 Jumbo HotFix - Ongoing Take 80 (27 May 2019)
PRJ-96,
PRHF-2762
Security Management In some scenarios, the postgres.elg file grows and fills up the disk space. Refer to sk143852
PMTR-34832,
CPM-2137
Security Management In a rare scenarios, policy installation from a previous revision fails with "Internal error".
PMTR-27539,
PMTR-27797
Multi-Domain Management False message "peer <name> failed to synchronized me" appears in Multi-Domain Servеr HA window although machines are successfully synced. Refer to sk151392.
PMTR-35703,
PRHF-3127
SmartConsole "Legacy URL Filtering not supported" error pops up when installing policy.. Refer to sk110116.
PMTR-25295,
PMTR-14661
SmartConsole "SessionInWorkLoginException" error when using the API "discard" to discard a connected session other than the current session. Refer to sk142534.
PMTR-30862,
PRHF-2252
SmartConsole "Get Gateway Data" returns "Execution error" for cluster object in SmartUpdate.
PRJ-103,
PRHF-3002
SmartConsole Cannot delete Global Host object from the Global Domain if the name matches the name of Multi-Domain Management. Refer to sk151192.
PMTR-29658,
VPNRA-189
SmartView Monitor In some scenarios, SNX client is not seen in SmartView Monitor tracking page after connecting to the Security gateway.
PMTR-33424,
SL-1997
SmartView Monitor SmartView Time filter does not work correctly if the server Time Zone is different than the client Time Zone.
PMTR-34742,
PMTR-34543
Security Gateway CPOpenSSL is vulnerable to padding Oracle Timing/Side Channel Attack.
PMTR-35948,
PMTR-34489
Security Gateway Security gateway crashes in a certain rare scenario.
PMTR-33337,
PMTR-33143
Security Gateway In a rare scenario, setting interface topology to "Network defined by routes" causes policy installation failures or traffic drops.
PMTR-33418,
PRJ-292,
PRHF-3248
Security Gateway In a rare scenario, Security gateway freezes when Priority Queue is enabled. Refer to sk149413.
PRJ-378,
PMTR-31289,
PMTR-26959
Security Gateway In some scenarios, Security Gateway drops ICMP traffic with "fw_conn_post_inspect Reason: First server side outbound packet is an ICMP" message. Refer to sk147492.
PMTR-34114,
PMTR-32168
Logging In a rare scenario, Security gateway starts to log locally even if logs are sent to backup server.
PRJ-833,
PRJ-748
Logging In a rare scenario, cannot open new tab in SmartView after exporting data using a relative time filter.
PMTR-34878,
PRJ-69,
PRJ-105
Threat Emulation

Management Server upgrade from R80.10 to R80.20 fails in these scenarios: 

  • There are Threat Emulation settings, which remained from Security Gateway objects that were already removed.
  • There are Threat Emulation settings, which are configured in the cluster member objects and not in the cluster object.
Refer to sk150793.
PMTR-31036,
IDA-1689
Identity Awareness In some scenarios during Identity Agent or Terminal Server Agent IP change, PEP database becomes corrupted.
PMTR-35095,
MB-30
ClusterXL New validation added: Starting from R80.20, ClusterXL does not support Load Sharing mode. SmartConsole blocks such configuration with a warning message.
PMTR-33209,
PMTR-30582
ClusterXL Unable to access ClusterXL Standby members over an IPSec tunnel or when the connections are routed through the Active member. Refer to sk147493.
PMTR-32708,
PMTR-33852
SecureXL Security gateway forwards re-transmitted TCP reset packets although fw_disable_rst_replay property is enabled.
PMTR-34750,
PMTR-32605
VPN After a Multi-Domain Management Server upgrade, if there are more than 1 certificate for internal_ca, it may cause a connectivity loss when using Global VPN Community. Refer to sk147836
PMTR-33335,
MBS-5210,
PRHF-3647
VSX In a rare scenario, VSX reboots when running with 40G NICs. 
PMTR-35083,
PMTR-26556,
PMTR-30291
CPView In some scenarios, the CPView tool does not display any sensor information under the "Hardware Health" tab.
R80.20 Jumbo HotFix - Ongoing Take 74 (14 Apr 2019)
PMTR-36350,
PRJ-503
General Alignment to Mail Transfer Agent Engine Update. Refer to sk123174.
R80.20 Jumbo HotFix - Ongoing Take 73 (08 Apr 2019)
PMTR-31335 General Added support for 6500 and 6800 appliances. Refer to sk139932.
PMTR-23799 General Added ability to FW Monitor to support monitoring of accelerated traffic by default. Refer to sk30583.
PMTR-29498,
PRHF-1960
Security Management Manual changes in INSPECT files under $FWDIR/lib directory of compatibility packages are not synchronized from active to standby Management servers. Refer to sk143792.
PMTR-29853 Security Management Policy installation fails with "IPv6 addresses domain is not supported for Remote Access VPN community" message when using Domain object in Remote Access encryption domain. Refer to sk142832.
PMTR-29923,
PMTR-28958
Security Management "Error retrieving results" message is displayed in SmartConsole after searching for unused objects in Object Explorer.
PMTR-34653,
PRHF-2891
Security Management After installing R80.20 Jumbo HFA Take 33, newly created users fail to log in into local SmartView WebUI, receiving the "Invalid username and password" error. 
Refer to sk148794.
PMTR-23745,
MCFG-80
Security Management Unjustified validation error is displayed when installing Threat Prevention policy on Cluster object:
"Threat Prevention requires topology to be defined.
At least one internal, one external, and no undefined interfaces are required.
Incorrectly defined topology impacts performance and security.

Please install both Access Control and Threat Prevention policies after fixing the topology."
PMTR-34017,
API-595
SmartConsole Number of sessions in "Changes" list does not match the value of 'total'.
PMTR-31336,
PMTR-12430
SmartConsole When searching in the SmartConsole main search bar for network groups we can see some number of network groups, but the search inside the Logical Server object shows the different number of Logical server objects groups.
PMTR-31641,
MCFG-144
SmartConsole FWM process stops working after repeatedly clicking "Update Corporate Gateways" in SmartConsole.
PMTR-31044 SmartConsole When an administrator publishes session for a different administrator, the name of the administrator that invoked the action will be written in the audit logs as the publisher.
PMTR-31136 Mobile Access Mobile Access Portal Agent installation page is vulnerable for XSS attack in Chrome and Firefox.
PMTR-26467,
PMTR-29700
Security Gateway In some scenarios, when disabling the interface, large amount of "fwmultik_f2p_routing: fw_os_route_retrieve_streaming failed" error messages appears in /var/log/messages file.
PMTR-29243,
PMTR-32515
Security Gateway When routed syslog is enabled, the "show configuration routedsyslog" command does not show any output.
PMTR-33631,
PMTR-24656
Security Gateway In some scenarios, Security Gateway crashes when Priority Queue is enabled. Refer to sk149414.
PMTR-34473,
PMTR-33518
Security Gateway R80.20 bridge with no VLAN configuration may cause connectivity disruptions on VLAN-tagged traffic passing through it.
PMTR-30245,
PMTR-29336,
PRHF-2609
Security Gateway In rare scenarios, Security Gateway crashes during file upload to Google drive when Content Awareness blade is enabled.
PMTR-33140,
PMTR-1479
Security Gateway In a rare scenario, TCP segments of HTTPS payload are missing in Mirror and Decrypt designated interface.
PMTR-33559,
IDA-1793
Security Gateway Users are not matched to access roles with nested LDAP groups or LDAP groups with filter.
Refer to sk148092
PMTR-31049,
IDA-1120
Security Gateway Group update request is sent specifically to the originator LDAP server even if it is down. Refer to sk127833
PMTR-26374,
SWG-1312
Security Gateway Added support for ICAP client working with Symantec DLP ICAP server.
PMTR-27196, PMTR-24606 Security Gateway  Starting from SmartConsole Build 46, added automatic Implied Rule for ICAP Server to allow connectivity with trusted ICAP clients. 
PMTR-31315,
PRHF-2244
Logging In a rare scenario, TCP state information is not displayed in the log despite being enabled in SmartConsole.
PMTR-32876,
PMTR-15708,
PMTR-28005
UserCheck Potential memory leak in rare scenarios when UserCheck is used on HTTP connection.
PMTR-30599 UserCheck When switching from manual expiration date in User Template to "According to global properties", the actual expiration date is not changed. 
PMTR-31422 Threat Extraction When configuring scrub_additional_file_types to "all" and enabling block_unsupported_files, file types that have no extension are not stripped.
PMTR-30657 Identity Awareness When X-Forwarded-For (XFF) settings are enabled on one of the policy layers or/and on the Security gateway object, the /var/log/messages file shows errors related to asynchronous identity fetch. Refer to sk145673.
PRHF-523,
PMTR-29857 
IPS Some SMTP-related IPS Core Protections remain enabled despite the IPS is disabled.
PMTR-33238,
PMTR-32352
IPS R77.x gateways managed by R80.x Security Management show that IPS blade is enabled while it is disabled on the gateway object.
Refer to sk146592.
PMTR-35032 VPN Important security update for IPSec Site-to-Site (S2S) VPN.
PMTR-31860,
PMTR-31863,
PMTR-21587
VPN Connectivity improvements for certain Windows L2TP client versions. Refer to sk145895.
PMTR-23293,
02031663
Gaia OS The CLISH command "show arp table dynamic all" and Bash command "arp -an" show different entries. Refer to sk112753.
PMTR-32129,
PMTR-26981,
PMTR-26979
Gaia OS Added 'pigz' and 'unpigz' binaries.
PMTR-30225,
GAIA-3093,
PMTR-30226,
02085811
Gaia OS Enhancement: administrators are allowed to use personal, remotely managed password to login to Expert mode, instead of the shared "expert password". 
PMTR-33811,
PMTR-33923
CPView "Connections from templates" property shows incorrect value Network tab ->Traffic-> Templates of CPView.
PMTR-29063,
PMTR-23710
Endpoint "User was not authenticated" errors in Capsule Docs when activating Single Sign-On in the policy.
PMTR-30683,
PMTR-30518
Compliance The grc_conditions3.xml and grc_controls.xml files in R80.20 are overwritten by the files of R80.10 from the Cloud.
R80.20 Jumbo HotFix - General Availability Take 47 (24 February 2019, GA from 25 Mar 2019)
PMTR-28379,
PMTR-28378
Security Management Added ability to manage Check Point Maestro.
PMTR-32183,
PRHF-2532,
PRHF-2618
Security Management High Availability synchronization fails on Multi-Domain Server level after Domain deletion or after updating licenses or contracts in SmartUpdate. Refer to sk151072.
PMTR-32160 IPS Accelerated HTTP traffic might not be accelerated on an R77.10 Security Gateway managed by a Security Management server.
R80.20 Jumbo HotFix - Ongoing Take 43 (11 February 2019)
PMTR-27655 Security Management Values updated in resourceProfiles files to handle high CPU utilization for "Java" process (described in sk123417) are not resistant and get overridden after Jumbo Hotfix Accumulator installation or backup/restore or export/import procedures.
PMTR-28644,
PMTR-28557
Security Management Running the fwm sic_reset command from CMA fails with "reset_objects: updateMultiple failed". Refer to sk142512.
PMTR-25816,
PMTR-25793
Security Management Once user performs any change to his configuration, the Compliance blade performs a partial scan and calculates the relevant Best practices. During this scan, exceptions of relevant objects for these Best practices are deleted. Meaning, if previously obj1 was excluded from applying Best practice #1, during partial scan obj1 will be relinked to Best practice #1. 
PMTR-32542,
PMTR-32187
Multi-Domain Management
  • Log servers are not seen in SmartConsole Log Server tab after Advanced Upgrade to Jumbo Hotfix Accumulator Take 33.
  • After new Domain creation, logs from this Domain are not seen in SmartConsole.
PMTR-29670,
PMTR-29604
Multi-Domain Management Upgrade of the Primary Multi-Domain Server from R80.10 fails when its Global Domain is in Standby mode. Refer to sk143892.
PMTR-27321,
PMTR-21282,
PMTR-24274,
PMTR-24249,
PMTR-22245
Multi-Domain Management CPView is not supported on Multi-Domain Security Management environments.
PMTR-29458,
PMTR-26606
SmartConsole "Synchronization with Check Point UserCenter" feature displays "Synchronization with Check Point UserCenter requires a valid license." warning message even though all licenses are valid.
PMTR-23395,
PMTR-29385
SmartConsole

If administrator updates his details (e.g. name, phone, email) and tries to publish the session, it fails with "Internal error" message.

  • After Jumbo HFA installation, the session cannot be published or discarded and any further update will fail. Refer to sk144214.
PMTR-25778,
PMTR-25825,
PMTR-25790
SmartConsole When using Global VPN Community with permanent tunnel gateways list (matrix / permanent tunnel gateways), upgrade from R7x fails.
PMTR-26495,
PMTR-26474
SmartConsole "Error: SIC initialization failed because of failure in parsing the certificate file" error when user attempts to log in with certificate to API (mgmt_cli) with password including "!".
API-512,
PMTR-25591
SmartConsole Web API show-package fails if the package was installed on a cluster member which is already deleted. Refer to sk144132
PMTR-25081,
PMTR-25069,
PMTR-24728
SmartConsole Attempt to update Threat Emulation images fails with "Could not send Threat Emulation images update command, validate SIC connectivity and install policy with Threat Emulation enabled for [name]" message.
PMTR-28877,
BS-859
SmartConsole The existing regulation is not updated and appears as "EU Data Privacy" instead of "GDPR".
PMTR-28488,
DO-902
Security Gateway Traffic is dropped when using non-FQDN Domain object in Security policy. 
PMTR-28593,
PMTR-25909
Security Gateway Added support for NAT on payload of H323 packets when different IP addresses are used for payload and control.
PMTR-28197,
PMTR-27742
Security Gateway No service enforcement when creating "Other services" without match expression for TCP, UDP or SCTP.
PMTR-27663,
PMTR-28320,
PMTR-24802
Threat Emulation Added ability to update Threat Emulation file types in an offline environment.
PMTR-26022,
PMTR-25770
HTTPS Inspection When HTTPS Inspection is enabled and "Hide X-Forwarded-For in outgoing traffic" option is selected, the XFF header is not obfuscated on HTTPs traffic.
PMTR-27367,
IDA-1609
Identity Awareness In some scenarios, Identity Agent fails to authenticate using Kerberos SSO due to very large Kerberos ticket and the agent fallback to User/Password authentication. 
PMTR-28368,
PMTR-28140
Anti-Malware During upgrade, if Anti-Virus is enabled, all emails are stuck in MTA queue due to missing certificate.
PMTR-30218,
TPM-1378
IPS The "A general error has occurred" message is displayed when trying to change the IPS protection configuration in "MySQL -> General settings".
PMTR-30868,
PMTR-30867
Web Intelligence In some scenarios, connectivity issues between Capsule Workspace and Security gateway.
PMTR-27702,
PMTR-20103
Web Intelligence Potential memory leak due to "Out of state" HTTP response.
PMTR-26141,
01967376
SSL Inspection Added support for custom extension used by Apple.
PMTR-30550,
PMTR-29405 
Logging Exporting 100K or more logs to Excel from SmartView fails.

PMTR-30609,
PMTR-30608,
PMTR-30607,
PMTR-29589,
PMTR-29583
Logging In rare scenarios, when the Log server miscalculates the available disk space, it may stop receiving logs from the connected gateways and cause the logs to accumulate locally on the Security gateway.
Refer to sk146152.
PMTR-27043,
PMTR-23553
Logging After two or more upgrades of a Security gateway / Security Management server / Log server or SmartEvent server, log maintenance fails to delete logs from older version. 
PMTR-26706,
PMTR-26696
Logging After Daylight saving time change, the logs from the time of change until the end of the day are not indexed and the "Illegal instant due to time zone offset transition (daylight savings time 'gap')" error is displayed in solr.elg file. 
PMTR-28160,
PMTR-23550
Logging After upgrade from R80.x to R80.20 GA, the pre-upgrade logs data will not be deleted according to the logs retention policy. 
PMTR-22357,
SL-1600
Logging In rare scenarios, due to a connection attempt failure to the Security Management, the Security gateway starts logging locally.
PMTR-29044,
SL-1538
Logging When Security gateway is configured to send alerts only to a specific Log server, logs may be written locally on the gateway instead to be sent to the Log server. 
PMTR-26040,
PMTR-25672,
PMTR-28925
Logging Added Threat Emulation forensic report in SmartView Log card.
PMTR-29233,
PMTR-22839,
02535956
SecureXL Memory consumption on Security Gateway increases after enabling NetFlow v9 in Gaia OS. Refer to sk118719.
PMTR-30162,
PMTR-22869,
PMTR-30163
SecureXL Concurrent connections monitoring can become inaccurate when "fw samp quota" rules are changed.
PMTR-27529,
MBS-4134
SecureXL In rare scenarios, Security gateway crashes when penalty checkbox is selected.
PMTR-29118,
PMTR-17539,
PMTR-27741
SecureXL In some scenarios, large number of incorrectly classified "simlinux_br_port: dev == NULL !!!" debug messages appear in kernel message logs.
PMTR-28084,
PMTR-27895
ClusterXL In some scenarios, standby cluster member sends PIM Hello packets.
PMTR-29200,
PMTR-28139,
VSX-1928
VSX In some scenarios, the cpd and fw_full processes stop working when the TDERROR debug flag is enabled.
PMTR-28022,
VSX-1895
VSX Traffic from a Virtual System in VSX Cluster to Security Management Server is dropped with "Local interface address spoofing" log.
Refer to sk110473
PMTR-23158,
PMTR-26453,
PMTR-26095
GAIA-3010
Gaia OS CVE-2018-15473: Username enumeration is possible due to a premature bail-out while dealing with a malformed packet. The issue exists in several authentication protocols. 
PMTR-28381,
PRHF-1502,
PMTR-28899
Gaia OS When using conv2db to recreate Gaia database from /config/active, comments are not skipped and the new database file may contain irrelevant information. Refer to sk139832.
Note: the issue is cosmetic only. 
PMTR-28798,
PMTR-28822,
PMTR-12070,
01515638
Gaia OS SNMPD process fails to send Coldstart on reboot. Coldstart is configured by threshold that can be too short comparing to the OS boot time.
PMTR-28277,
GAIA-2493
Gaia OS Connectivity problem for 10 Gigabit fiber network interfaces (be2net driver) after upgrade from R77.30. 
PMTR-28041,
PMTR-25332,
GAIA-3471
Gaia OS Added support for  "/", "(", and "*" characters as part of the system message banner. 
PMTR-23058,
PMTR-24458,
01579916
Gaia OS syslog messages forwarded to external Syslog server, do not contain the host name.
Refer to sk100727
PMTR-28303,
02397556,
CP-41
Gaia OS In some scenarios, snmpwalk reports false values of bond interface.  
PMTR-28312,
PMTR-28338,
01906257
Gaia OS In some scenarios, sporadic timeouts occur during snmpwalk run.
PMTR-28834,
PMTR-28836,
02489137
Gaia OS Different LOM versions are reported in WebUI and Clish.
PMTR-11377,
PMTR-25506
02100804
VPN After Cluster failover, VPN tunnel is down and "Unknown SPI for IPsec packet" log is shown. Refer to sk112339.
R80.20 Jumbo HotFix - General Availability Take 33 (08 January 2019, GA from 04 February 2019)
PMTR-25005,
PMTR-23377
Security Management In some scenarios, purge operation fails with "Task was interrupted because of server restart" message and the CPM process stops working, producing core dump file.
PMTR-28037,
PRHF-1977
Security Management Policy installation fails due to a memory allocation failure. 
PMTR-26802 Security Management When creating a Security Gateway object and click OK, SmartConsole terminates with "The connection with the server was lost...." error. 
PMTR-25488,
PMTR-25218
Security Management When Database is more than 100 objects and searching for the objects in the Objects Explorer and scrolling down, list of items disappears and the results in the bottom-left show "No items found". Refer to sk139793.
PMTR-26386,
PRHF-1656,
PMTR-25184
Security Management Cannot export logs to Excel from SmartView connected to Multi-Domain Log Server.
Refer to sk140433.
PMTR-24555,
PMTR-26219
Security Management  In some scenarios, migrate_export fails when exporting R77.30 database from Windows machine in order to import it to R80.20 on Gaia.
PMTR-26457,
PMTR-17608
Multi-Domain Management When Domain has policies that are in use in some policy installation preset, the attempt to delete this Domain fails with "Error: Unspecified error". 
PMTR-23217,
PMTR-22277
Multi-Domain Management Log in to the primary Multi-Domain Management GUI fails due to HA and logging objects synchronization generating high load.
PMTR-21125 SmartEvent In large-scale environments, log_indexer process may unexpectedly stop working producing 3.5GB core file.
PMTR-23080,
PMTR-26637
SmartConsole HTTPS Inspection rule with mixed Access Role and network object cannot be enforced. 
PMTR-25913 SmartView Added consolidated Threat Prevention dashboard, providing full threat visibility across Networks, Mobile and Endpoints. 
Refer to sk134634.
PMTR-23063,
PMTR-22415
SmartUpdate SmartUpdate hangs on launch due to over 4000+ unattached licenses.
Refer to sk136512.
PMTR-21902,
PMTR-21183
Security Gateway Memory leak in FWD process.
PMTR-29099 Security Gateway Security gateway drops multicast or broadcast packets when working in bridge mode.
PMTR-26564,
PMTR-25323
ClusterXL
  • 3rd party cluster Full-Sync does not run on startup and caused the cluster to be in down state.
  • Dynamic Routing packets are dropped on the cluster member with the lower priority.
PMTR-25290,
PRHF-1556
Threat Prevention In some scenarios, Advanced Upgrade fails with different errors due to NULL pointer exception check. 
PMTR-25286,
PMTR-25287,
PMTR-25106
Identity Awareness

User's access to a network resource may fail in the following scenario: 

  • Access to a network resource is through an Identity Awareness Gateway (configured as PEP)
  • In SmartConsole, the Identity Awareness Gateway object is configured with "Identity Awareness -> Identity Sharing -> Get identities from other gateways -> All sharing gateways"
  • The sharing Identity Awareness Gateway (configured as PDP) that shares identities with the affected Identity Awareness Gateway (configured as PEP), opens an identity sharing connection not from its main IP address
PMTR-24536,
PRHF-1462
Identity Awareness Identity sharing does not work for non-HTTP traffic when XFF is enabled only on the layer and not on the Security gateway.
PMTR-25193,
IDA-1396
Identity Awareness Identity sharing fails when XFF is enabled and remote PDP does not respond.
PMTR-26589,
IDA-1604
Identity Awareness In some scenarios, Terminal Servers Identity Agent (MUH Agent) session Access Role is missing on PDP but exists on PEP, causing next PEP to PDP sync to be removed from PEP and thus the accessibility loss. 
PMTR-25100,
IDA-1226
Identity Awareness Improved error handing when Identity Sharing is used and remote PDP server does not respond due to prolong outage.
Refer to sk141152.
PMTR-22758,
PMTR-22632
Identity Awareness In rare scenarios, PDP crashes after generating traffic for a long time.
PMTR-26173,
PMTR-26171
SSL Inspection Change SSL Network Extender on MacOS to 64-bit architecture to support 32 bit apps depreciation in OSX.
PMTR-24797 SSL Inspection HTTPS traffic is inspected when it is configured to be bypassed: when HTTPS Inspection is enabled and probe bypass is 0.
Refer to sk132913.
PMTR-23567,
PMTR-23317
Logging A Domain administrator connected to a specific Domain in Multi-Domain environment cannot see suggestions when typing in logs search box. 
PMTR-29010,
SL-1878
Logging After configuring mail alerts to be sent using "internal_sendmail" script, emails from Check Point server arrive with blank email body. Refer to sk142492.
PMTR-23288,
PMTR-19838
Gaia OS After adding the RBA roles Gaia commands (add rba role TACP-0 virtual-system-access all), the lines are missing from the "show configuration" command output, but the values can be seen in Expert mode (/config/active). Refer to sk119394.
PMTR-24293,
VSECC-785
CloudGuard Attempt to install central license on CloudGuard gateway fails with "not vSec product" error.
PMTR-24166,
PMTR-23917
SecureXL The Anti-Spoofing policy is not unloaded by running the "fw unloadlocal" command.
PMTR-25207 SecureXL "sume_from_fw_forward: dropping packet of for vsid=0 due to loop prevention" dmesg errors during policy installation failure. 
R80.20 Jumbo HotFix - General Availability Take 17 (04 December 2018, GA from 08 January 2019)
PMTR-24006,
PMTR-22022
Security Management Remote Access users configured with Pre-Shared Secret Key (PSK) cannot connect after upgrade from R77.x.
PMTR-23394,
PRHF-1450
Security Management Policy installation fails with "Policy installation had failed due to an internal error" message when Security gateway has more than hundred interfaces.
Refer to sk138592.  
PRHF-734, PMTR-11728 Security Management In rare scenarios, the CPM service does not start on machine startup. 
PMTR-20174,
01619796
Security Gateway Security gateway does not load policy after reboot when number of SAM rules reaches its limit of 25000. Refer to sk110560.
PMTR-22110,
02661309,
02662730
Security Gateway DNS NAT does not work when the DNS parser encounters an IPv6 record in DNS servers answer. Refer to sk121346.
PMTR-14588,
PMTR-22784,
02768662,
02769044
Security Gateway Security gateway with Dynamic NAT enabled, is rebooted after running "cpstop".
PMTR-20144,
IDA-1176,
PRHF-721
Identity Awareness Update with "-" machine name from the Domain Controller causes the Identity Collector to create un-authenticated sessions on the PDP.
PMTR-22826,
VSECC-734
CloudGuard Controller CloudGuard Controller Data Center objects are not enforced on Multi-Domain Security Management.
Refer to sk139372.
PMTR-24762,
PMTR-19431
SecureXL Drops from link collisions in PPAK due to Dynamic port allocation ("db_save_conn: failed to save conn <>, collision(-2)").
PMTR-23850,
PMTR-22080
ClusterXL When upgrading a VRRP cluster to R80.20 with Connectivity Upgrade (CU), CU fails due to the member not being in READY state. 
PMTR-23382,
IDA-982
VPN User cannot connect to a VPN site that belongs to a group that has a special character in its name. Refer to sk124514
PMTR-20038,
PMTR-22373
Gaia OS "/opt/CPInstLog/uninstall_SecurePlatform_R80_10_JHF_PLATO:Uninstallation failed!" error during uninstallation of Jumbo Hotfix Take on Smart-1 device. Newer version of RPMs remain installed after uninstall.
R80.20 Jumbo HotFix - General Availability Take 10 (01 November 2018, GA from 22 November 2018)
PMTR-22164 Security Management When using Global Dynamic Network objects, creating a new policy package in a local Domain fails with 'Internal error' if it is assigned to the Global Domain. 
PRHF-755,
PRHF-495,
PMTR-16967,
PMTR-16968
Multi-Domain Management Domain deleting fails with "Delete Domain failed: Error: Unspecified error". 
PMTR-22800,
PMTR-24139
Endpoint Security In some scenarios, assignment to Virtual Group does not apply properly. 
PMTR-22405 Security Gateway In rare scenario, when configured as a proxy/ICAP client, a Security gateway may crash when using HTTPS Policy Categorization.
PMTR-21081,
UP-251
Security Gateway A large number of Time objects used in the rule base may cause rulebase matching failures resulting in connectivity issues.
PMTR-22320,
PRHF-903
Security Gateway ISP redundancy OID is missing from the MIB file. 
SL-1594,
PRHF-1268,
PMTR-22564
Logging In rare scenarios, monitoring information (such as licensing information, CPU usage, etc.) displayed in SmartConsole and SmartView Monitor is not updated. 
Refer to sk137092.
PMTR-23183,
SL-1654
Logging Added new format for Log Exporter to support "Check Point App for Splunk"
PMTR-23418,
PMTR-23417
Logging In some scenarios, the Logs & Monitor -> Logs section in SmartConsole is stucked on searching. Refer to sk144313

 

Installation instructions

Procedure:

  • Show / Hide instructions for installation in Gaia Portal - using CPUSE (Check Point Update Service Engine)

    • Offline installation

      Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").

      1. Install the latest build of CPUSE Agent from sk92449.
      2. Connect to the Gaia Portal on your Check Point machine and navigate to Upgrades (CPUSE) section - click on Status and Actions.
      3. In the upper right corner, click on the Import Package button.
      4. In the Import Package window, click on Browse... - select the CPUSE package (either offline TGZ file, or exported TAR file) - click on Import.
      5. Above the list of all software packages, click on the Showing Recommended packages button - select All.
      6. Select the imported package Check Point R80.20 Jumbo hotfix T<number> for sk137592 - click on More button on the toolbar - click on Verifier (or right-click on the package and click on Verifier).
      7. Select this package and click on Install Update button on the toolbar.


  • Show / Hide instructions for installation in Gaia Clish - using CPUSE (Check Point Update Service Engine)

    For detailed installation instructions, refer to CPUSE - Gaia Software Updates (including Gaia Software Updates Agent) - section "(4) How to work with CPUSE".

    • Offline installation

      Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").

      1. Install the latest build of CPUSE Agent from sk92449.
      2. Connect to command line on target Gaia OS.
      3. Log in to Clish.
      4. Acquire the lock over Gaia configuration database:
        HostName:0> lock database override
      5. Import the package from the hard disk:
        Note: When import completes, this package is deleted from the original location.
        HostName:0> installer import local <Full_Path>/<Package_File_Name>.TGZ_or_TAR
      6. Show the imported packages:
        Note: Refer to the top section "Hotfixes" - refer to "Check Point R80.20 Jumbo hotfix T<number> for sk137592"
        HostName:0> show installer packages imported
      7. Verify that this R80 Jumbo Hotfix Accumulator package can be installed without conflicts:
        HostName:0> installer verify <Package_Number>
      8. Install the imported package:
        HostName:0> installer install <Package_Number>

 

Uninstall instructions

Important Note: This Jumbo Hotfix Accumulator removes all its packages during uninstall.

Procedure:

  • Show / Hide instructions for uninstall in Gaia Portal - using CPUSE (Check Point Update Service Engine)

    1. CPUSE Software Updates Policy should be configured to allow self-update of CPUSE Agent.
      Otherwise (and if this machine is offline), users should manually install the latest build of CPUSE Agent from sk92449.
    2. Connect to the Gaia Portal on your Gaia machine and navigate to the 'Upgrades (CPUSE)' section - click on 'Status and Actions'.
    3. Above the list of all software packages, click on the 'Showing Recommended packages' button - select 'All'.
    4. Right-click on the Jumbo Hotfix Accumulator package - click on 'Uninstall'.
    5. A warning will be displayed that after this uninstall, the machine will be automatically rebooted.
      Click on 'OK' to start the uninstall.


  • Show / Hide instructions for uninstall in Gaia Clish - using CPUSE (Check Point Update Service Engine)

    1. CPUSE Software Updates Policy should be configured to allow self-update of CPUSE Agent.
      Otherwise (and if this machine is offline), users should manually install the latest build of CPUSE Agent from sk92449.
    2. Connect to command line on Gaia OS.
    3. Log in to Clish.
    4. Acquire the lock over Gaia configuration database:
      HostName:0> lock database override
    5. Uninstall the package:
      HostName:0> installer uninstall <Package_Number>
      Note: The progress (in per cent) will be displayed in Clish.
    6. Machine will be rebooted automatically.


 

List of replaced files

List of files replaced by this Jumbo Hotfix Accumulator can be provided upon request by Check Point Support.


Revision History

Show / Hide revision history

Date Description
13 June 2019
  • SmartConsole package has been updated to Build 053
  • Added PMTR-29010 to Take 33
  • Added PRJ-378 to Take 80
  • 27 May 2019 Released Take 80 of R80.20 Jumbo Hotfix Accumulator 
    14 Apr 2019 Released Take 74 of R80.20 Jumbo Hotfix Accumulator 
    08 Apr 2019
  • Released Take 73 of R80.20 Jumbo Hotfix Accumulator 
  • SmartConsole package has been updated to Build 046
  • 25 Mar 2019 Take 47 of R80.20 Jumbo Hotfix Accumulator is now in General Availability 
    19 Feb 2019  Released Take 47 of R80.20 Jumbo Hotfix Accumulator
    11 Feb 2019 Released Take 43 of R80.20 Jumbo Hotfix Accumulator
    04 Feb 2019 Take 33 of R80.20 Jumbo Hotfix Accumulator is now in General Availability
    17 Jan 2019 SmartConsole package has been updated to Build 025
    08 Jan 2019
  • Released Take 33 of R80.20 Jumbo Hotfix Accumulator 
  • Take 17 of R80.20 Jumbo Hotfix Accumulator is now in General Availability
  • 04 Dec 2018 Released Take 17 of R80.20 Jumbo Hotfix Accumulator 
    22 Nov 2018 Take 10 of R80.20 Jumbo Hotfix Accumulator is now in General Availability
    1 Nov 2018 First release of R80.20 Jumbo Hotfix Accumulator (Take 10)

    Give us Feedback
    Please rate this document
    [1=Worst,5=Best]
    Comment