Support Center > Search Results > SecureKnowledge Details
Jumbo Hotfix Accumulator for R80.20 (R80_20_jumbo_hf)
Solution

Table of Contents:

  • Introduction
  • Availability
  • Important Notes
  • List of resolved issues per HotFix
  • Installation instructions
  • Uninstall instructions
  • List of replaced files
  • Revision History
Show the Entire Article

 

Introduction

R80.20 Jumbo Hotfix Accumulator is an accumulation of stability and quality fixes resolving multiple issues in different products.

This Incremental Hotfix and this article are periodically updated with new fixes.

The list below describes each resolved issue and provides a Take number, in which the fix was included. A resolved issue is included in the Incremental Hotfix starting from the Take number listed in this table (inclusive). In addition, you can find the date when the take was published in the table below.

Refer to sk98028 - Jumbo Hotfix Accumulator FAQ.

 

Availability

  • General Availability Take

    Take_17 is the latest R80.20 Jumbo Hotfix Accumulator General Availability release that can be directly downloaded from Check Point Cloud using CPUSE and from this article:

    Product Take Date CPUSE offline
    package
    SmartConsole package
    Security Gateway / Standalone
    Take_17  
    22 Nov 2018
     
    (TGZ) (EXE) 
    Security Management (TGZ)

  •  

  • Ongoing Take

    Product Take Date CPUSE Online Identifier SmartConsole package
    Security Gateway / Standalone
    Take_33 08 Jan 2019 Check_Point_R80_20_JUMBO_HF_Bundle_T33_sk137592_FULL.tgz (EXE)
    Security Management Check_Point_R80_20_JUMBO_HF_Bundle_T33_sk137592_GL_FULL.tgz


 

Important Notes

  • Each of the Jumbo Hotfix Accumulator Takes is based on Check Point R80.20.
  • For CPUSE installation, CPUSE Agent build 1573 and above (refer to sk92449) must be used.
  • It is recommended to install Jumbo Hotfix Accumulator on all the R80.20 machines running on Gaia OS.
  • This Jumbo Hotfix Accumulator is suitable for these products and configurations:
    • Security Gateway
    • StandAlone
    • Security Management Server
    • Multi-Domain Management Server
    • Log Server
    • Multi-Domain Log Server
    • SmartEvent Server
    • Endpoint Security Server
    • VSX
    • Cluster
  • This Jumbo Hotfix Accumulator has to be installed only after successful completion of Gaia First Time Configuration Wizard and reboot.
  • To check the Take number of the currently installed R80.20 Jumbo Hotfix Accumulator (if it is installed): [Expert@HostName:0]# cpinfo -y all

 

List of resolved issues per HotFix

Enter the string to filter the below table:

ID Product Description
R80.20 Jumbo HotFix - Ongoing Take 33 (08 January 2019)
PMTR-25005,
PMTR-23377
Security Management In some scenarios, purge operation fails with "Task was interrupted because of server restart" message and the CPM process stops working, producing core dump file.
PMTR-26802 Security Management When creating a Security Gateway object and click OK, SmartConsole terminates with "The connection with the server was lost...." error. 
PMTR-25488,
PMTR-25218
Security Management When Database is more than 100 objects and searching for the objects in the Objects Explorer and scrolling down, list of items disappears and the results in the bottom-left show "No items found". Refer to sk139793.
PMTR-26386,
PRHF-1656,
PMTR-25184
Security Management Cannot export logs to Excel from SmartView connected to Multi-Domain Log Server.
Refer to sk140433.
PMTR-26457,
PMTR-17608
Multi-Domain Management When Domain has policies that are in use in some policy installation preset, the attempt to delete this Domain fails with "Error: Unspecified error". 
PMTR-23217,
PMTR-22277
Multi-Domain Management Log in to the primary Multi-Domain Management GUI fails due to HA and logging objects synchronization generating high load.
PMTR-21125 SmartEvent In large-scale environments, log_indexer process may unexpectedly stop working producing 3.5GB core file.
PMTR-25295,
PMTR-14661
SmartConsole "SessionInWorkLoginException" error when using the API "discard" to discard a connected session other than the current session. 
PMTR-23080,
PMTR-26637
SmartConsole HTTPS Inspection rule with mixed Access Role and network object cannot be enforced. 
PMTR-25913 SmartView Added consolidated Threat Prevention dashboard, providing full threat visibility across Networks, Mobile and Endpoints. 
Refer to sk134634.
PMTR-23063,
PMTR-22415
SmartUpdate SmartUpdate hangs on launch due to over 4000+ unattached licenses.
Refer to sk136512.
PMTR-21902,
JPMC-366,
PMTR-21183
Security Gateway Memory leak in FWD process.
PMTR-29099 Security Gateway Security gateway drops multicast or broadcast packets when working in bridge mode.
PMTR-26564,
PMTR-25323
ClusterXL
  • 3rd party cluster Full-Sync does not run on startup and caused the cluster to be in down state.
  • Dynamic Routing packets are dropped on the cluster member with the lower priority.
PMTR-25290,
PRHF-1556
Threat Prevention In some scenarios, Advanced Upgrade fails with different errors due to NULL pointer exception check. 
PMTR-25286,
PMTR-25287,
PMTR-25106
Identity Awareness

User's access to a network resource may fail in the following scenario: 

  • Access to a network resource is through an Identity Awareness Gateway (configured as PEP)
  • In SmartConsole, the Identity Awareness Gateway object is configured with "Identity Awareness -> Identity Sharing -> Get identities from other gateways -> All sharing gateways"
  • The sharing Identity Awareness Gateway (configured as PDP) that shares identities with the affected Identity Awareness Gateway (configured as PEP), opens an identity sharing connection not from its main IP address
PMTR-24536,
PRHF-1462
Identity Awareness Identity sharing does not work for non-HTTP traffic when XFF is enabled only on the layer and not on the Security gateway.
PMTR-25193,
IDA-1396
Identity Awareness Identity sharing fails when XFF is enabled and remote PDP does not respond.
PMTR-26589,
IDA-1604
Identity Awareness In some scenarios, Terminal Servers Identity Agent (MUH Agent) session Access Role is missing on PDP but exists on PEP, causing next PEP to PDP sync to be removed from PEP and thus the accessibility loss. 
PMTR-25100,
IDA-1226
Identity Awareness Improved error handing when Identity Sharing is used and remote PDP server does not respond due to prolong outage.
Refer to sk141152.
PMTR-22758,
PMTR-22632
Identity Awareness In rare scenarios, PDP crashes after generating traffic for a long time.
PMTR-26173,
PMTR-26171
SSL Inspection Change SSL Network Extender on MacOS to 64-bit architecture to support 32 bit apps depreciation in OSX.
PMTR-24797 SSL Inspection HTTPS traffic is inspected when it is configured to be bypassed: when HTTPS Inspection is enabled and probe bypass is 0.
Refer to sk132913
PMTR-23567,
PMTR-23317
Logging A Domain administrator connected to a specific Domain in Multi-Domain environment cannot see suggestions when typing in logs search box. 
PMTR-23288,
PMTR-19838
Gaia OS After adding the RBA roles Gaia commands (add rba role TACP-0 virtual-system-access all), the lines are missing from the "show configuration" command output, but the values can be seen in Expert mode (/config/active). Refer to sk119394.
PMTR-24293,
VSECC-785
CloudGuard Attempt to install central license on CloudGuard gateway fails with "not vSec product" error.
PMTR-24166,
PMTR-23917
SecureXL The Anti-Spoofing policy is not unloaded by running the "fw unloadlocal" command. 
PMTR-25207 SecureXL "sume_from_fw_forward: dropping packet of for vsid=0 due to loop prevention" dmesg errors during policy installation failure. 
R80.20 Jumbo HotFix - General Availability Take 17 (4 December 2018, GA from 08 January 2019)
PMTR-24006,
PMTR-22022
Security Management Remote Access users configured with Pre-Shared Secret Key (PSK) cannot connect after upgrade from R77.x.
PMTR-23394,
PRHF-1450
Security Management Policy installation fails with "Policy installation had failed due to an internal error" message when Security gateway has more than hundred interfaces.
Refer to sk138592.  
PRHF-734, PMTR-11728 Security Management In rare scenarios, the CPM service does not start on machine startup. 
PMTR-20174,
01619796
Security Gateway Security gateway does not load policy after reboot when number of SAM rules reaches its limit of 25000. Refer to sk110560.
PMTR-22110,
02661309,
02662730
Security Gateway DNS NAT does not work when the DNS parser encounters an IPv6 record in DNS servers answer. Refer to sk121346.
PMTR-14588,
PMTR-22784,
02768662,
02769044
Security Gateway Security gateway with Dynamic NAT enabled, is rebooted after running "cpstop".
PMTR-20144,
IDA-1176,
PRHF-721
Identity Awareness Update with "-" machine name from the Domain Controller causes the Identity Collector to create un-authenticated sessions on the PDP.
PMTR-22826,
VSECC-734
CloudGuard Controller CloudGuard Controller Data Center objects are not enforced on Multi-Domain Security Management.
Refer to sk139372.
PMTR-24762,
PMTR-19431
SecureXL Drops from link collisions in PPAK due to Dynamic port allocation ("db_save_conn: failed to save conn <>, collision(-2)").
PMTR-23850,
PMTR-22080
ClusterXL When upgrading a VRRP cluster to R80.20 with Connectivity Upgrade (CU), CU fails due to the member not being in READY state. 
PMTR-23382,
IDA-982
VPN User cannot connect to a VPN site that belongs to a group that has a special character in its name. Refer to sk124514
PMTR-20038,
PMTR-22373
Gaia OS "/opt/CPInstLog/uninstall_SecurePlatform_R80_10_JHF_PLATO:Uninstallation failed!" error during uninstallation of Jumbo Hotfix Take on Smart-1 device. Newer version of RPMs remain installed after uninstall.
R80.20 Jumbo HotFix - General Availability Take 10 (1 November 2018, GA from 22 November 2018)
PMTR-22164 Security Management When using Global Dynamic Network objects, creating a new policy package in a local Domain fails with 'Internal error' if it is assigned to the Global Domain. 
PRHF-755,
PRHF-495,
PMTR-16967,
PMTR-16968
Multi-Domain Management Domain deleting fails with "Delete Domain failed: Error: Unspecified error". 
PMTR-22800,
PMTR-24139
Endpoint Security In some scenarios, assignment to Virtual Group does not apply properly. 
PMTR-22405 Security Gateway In rare scenario, when configured as a proxy/ICAP client, a Security gateway may crash when using HTTPS Policy Categorization.
PMTR-21081,
UP-251
Security Gateway A large number of Time objects used in the rule base may cause rulebase matching failures resulting in connectivity issues.
PMTR-22320,
PRHF-903
Security Gateway ISP redundancy OID is missing from the MIB file. 
SL-1594,
PRHF-1268,
PMTR-22564
Logging In rare scenarios, monitoring information (such as licensing information, CPU usage, etc.) displayed in SmartConsole and SmartView Monitor is not updated. 
Refer to sk137092.
PMTR-23183,
SL-1654
Logging Added new format for Log Exporter to support "Check Point App for Splunk"

 

Installation instructions

Procedure:

  • Show / Hide instructions for installation in Gaia Portal - using CPUSE (Check Point Update Service Engine)

    • Offline installation

      Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").

      1. Install the latest build of CPUSE Agent from sk92449.
      2. Connect to the Gaia Portal on your Check Point machine and navigate to Upgrades (CPUSE) section - click on Status and Actions.
      3. In the upper right corner, click on the Import Package button.
      4. In the Import Package window, click on Browse... - select the CPUSE package (either offline TGZ file, or exported TAR file) - click on Import.
      5. Above the list of all software packages, click on the Showing Recommended packages button - select All.
      6. Select the imported package Check Point R80.20 Jumbo hotfix T<number> for sk137592 - click on More button on the toolbar - click on Verifier (or right-click on the package and click on Verifier).
      7. Select this package and click on Install Update button on the toolbar.


  • Show / Hide instructions for installation in Gaia Clish - using CPUSE (Check Point Update Service Engine)

    For detailed installation instructions, refer to CPUSE - Gaia Software Updates (including Gaia Software Updates Agent) - section "(4) How to work with CPUSE".

    • Offline installation

      Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").

      1. Install the latest build of CPUSE Agent from sk92449.
      2. Connect to command line on target Gaia OS.
      3. Log in to Clish.
      4. Acquire the lock over Gaia configuration database:
        HostName:0> lock database override
      5. Import the package from the hard disk:
        Note: When import completes, this package is deleted from the original location.
        HostName:0> installer import local <Full_Path>/<Package_File_Name>.TGZ_or_TAR
      6. Show the imported packages:
        Note: Refer to the top section "Hotfixes" - refer to "Check Point R80.20 Jumbo hotfix T<number> for sk137592"
        HostName:0> show installer packages imported
      7. Verify that this R80 Jumbo Hotfix Accumulator package can be installed without conflicts:
        HostName:0> installer verify <Package_Number>
      8. Install the imported package:
        HostName:0> installer install <Package_Number>

 

Uninstall instructions

Important Note: This Jumbo Hotfix Accumulator removes all its packages during uninstall.

Procedure:

  • Show / Hide instructions for uninstall in Gaia Portal - using CPUSE (Check Point Update Service Engine)

    1. CPUSE Software Updates Policy should be configured to allow self-update of CPUSE Agent.
      Otherwise (and if this machine is offline), users should manually install the latest build of CPUSE Agent from sk92449.
    2. Connect to the Gaia Portal on your Gaia machine and navigate to the 'Upgrades (CPUSE)' section - click on 'Status and Actions'.
    3. Above the list of all software packages, click on the 'Showing Recommended packages' button - select 'All'.
    4. Right-click on the Jumbo Hotfix Accumulator package - click on 'Uninstall'.
    5. A warning will be displayed that after this uninstall, the machine will be automatically rebooted.
      Click on 'OK' to start the uninstall.


  • Show / Hide instructions for uninstall in Gaia Clish - using CPUSE (Check Point Update Service Engine)

    1. CPUSE Software Updates Policy should be configured to allow self-update of CPUSE Agent.
      Otherwise (and if this machine is offline), users should manually install the latest build of CPUSE Agent from sk92449.
    2. Connect to command line on Gaia OS.
    3. Log in to Clish.
    4. Acquire the lock over Gaia configuration database:
      HostName:0> lock database override
    5. Uninstall the package:
      HostName:0> installer uninstall <Package_Number>
      Note: The progress (in per cent) will be displayed in Clish.
    6. Machine will be rebooted automatically.


 

List of replaced files

List of files replaced by this Jumbo Hotfix Accumulator can be provided upon request by Check Point Support.


Revision History

Show / Hide revision history

Date Description
17 Jan 2019 SmartConsole package has been updated to Build 025
08 Jan 2019
  • Released Take 33 of R80.20 Jumbo Hotfix Accumulator 
  • Take 17 of R80.20 Jumbo Hotfix Accumulator is now in General Availability
04 Dec 2018 Released Take 17 of R80.20 Jumbo Hotfix Accumulator 
22 Nov 2018 Take 10 of R80.20 Jumbo Hotfix Accumulator is now in General Availability
1 Nov 2018 First release of R80.20 Jumbo Hotfix Accumulator (Take 10)

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment