| ID |
Symptoms |
| Installation and Upgrade |
| SMCUPG-500 |
- To upgrade a Secondary Multi-Domain Server from R80.20.M1 to the next version, users must perform a clean install of the next version on their Secondary Multi-Domain Server and connect it to their next version Primary Multi-Domain Server.
- To upgrade a Multi-Domain Log Server from R80.20.M1 to the next version, users must perform a clean install of the next version on their Multi-Domain Log Server and connect it to their next version Multi-Domain Server.
- To upgrade a secondary Security Management Server from R80.20.M1 to the next version, users must perform a clean install of the next version on their Secondary Management Server and connect it to their next version Security Management Server.
|
| Security Gateway |
02473855,
02479570 |
Once the Log server is down for a long period of time, the gateways do not try to reconnect to it and logs are being saved locally. Refer to sk116233. |
02474125,
PMTR-25458 |
cmik_loader_fw messages appear in the /var/log/messages file on Security gateway.
Refer to sk137494. |
| Gaia |
| PMTR-14334 |
The "scponly" shell (a limited shell for secure file transfers) is not included in R80.20.M1. |
02084298,
02089780 |
Syslog Protocol version is not sent in syslog packets as per RFC 5424. Refer to sk100727. |
02559704,
02561586,
02561478,
02561588,
PRHF-864 |
After adding the RBA roles Gaia commands (add rba role TACP-0 virtual-system-access all), the lines are missing from the "show configuration" command output, but the values can be seen in Expert mode (/config/active). Refer to sk119394. |
02614360,
02614646 |
Gaia Clish "load configuration <file>" command fails to load some RADIUS and SNMP configuration commands. Refer to sk120459. |
| Security Management |
PMTR-27176,
PMTR-27837 |
"cat: /proc/self/vrf: No such file or directory" message is displayed for a short period of time when running cpview. |
PMTR-28644,
PMTR-28557 |
Running the fwm sic_reset command from Domain Management Server fails with "reset_objects: updateMultiple failed". Refer to sk142512. |
| PMTR-33235 |
In the "show-changes" API command, the value in the "total" field of the reply does not match the number of the shown "session:" instances in the "changes:" list. |
PMTR-28002,
PMTR-29883,
PMTR-29650 |
Exporting R80.20 database using migrate_server export may result with a "Failed to export: Export failed." or "Failed during export process" error message.
Refer to sk142752. |
| Multi-Domain Security Management |
PMTR-29604,
PMTR-29670 |
Upgrade of the Primary Multi-Domain Management Server from R80.10 fails when its Global Domain is in the Standby mode. Refer to sk143892. |
SMCUPG-333,
CP-140 |
Upgrading a Multi-Domain Management Server with a Global VPN Community from R80.20.M1 to R80.20, from R80.20.M1 to R80.20.M2, and from R80.20 to R80.20.M2, is not supported. |
PMTR-27522,
PMTR-28864 |
Upgrade of a Multi-Domain Server from R80.20 GA to R80.20.M2 is not supported if Install Policy Presets are used.
Refer to sk142132. |
PMTR-34948,
PMTR-12088 |
When using an inline layer in a Global policy, during installation of a policy with "rule hide rule" verification, the wrong rule numbers show in the Policy Installation window. Refer to sk125672. |
| Management High-Availability |
PMTR-30911,
PMTR-27543 |
Synchronization in a Multi-Domain High-Availability setup fails post upgrade from R80 due to duplicate compliance objects. |
01825584,
PMTR-47163 |
In some scenarios, sync failure between primary and secondary servers in a Management High Availability deployment may take place. |
| DLP |
02693946,
02698363 |
In some scenarios, DLP fails to synchronize a very large files between cluster members, causing failover. Refer to sk122258. |
| Threat Prevention |
| PMTR-31614 |
Enhancement: In R80.30 Multi-Domain Management environment, only Threat Emulation and Threat Extraction file types enabled on the local Domain, will be enforced. File types can be enabled via Manage&Settings -> Blades -> Threat Prevention -> Advanced Settings. |
PMTR-23445,
UP-258 |
Website takes about 30 seconds to load when there is a rule in Application Control/URL Filtering configured to block links inside this website and SSL Inspection is disabled. Refer to sk135132. |
| SmartConsole / Management Console |
PMTR-32177,
PMTR-33016,
PMTR-33014 |
The Revision's 'Publisher' column (in the Manage & Settings section) displays the session's creator rather than the session's publisher. |
PMTR-26694,
PMTR-27413,
PMTR-27226 |
SmartConsole unexpectedly terminates while user is using the UserCheck Preview feature. |
| SmartEvent |
| PMTR-32803 |
IPS events view in SmartEvent contains a link to the wrong CVE. |
| Dynamic Routing / Advanced Routing |
| 02048037 |
If the interface is deleted from the SmartDashboard without deleting the associated cluster VIP, the routing daemon has no way to delete the VIP later on. |
| VPN |
PMTR-30425,
PMTR-30360 |
Granular IPsec encryption range tables subnet_for_range_and_peer and max_subnet_for_range, may not be enforced after Security gateway upgrade to R80.20. Refer to sk144094. |
| VoIP |
02441588,
PRHF-233,
PRHF-1633 |
Avaya VoIP calls with Avaya Call Manager fail through Check Point Security Gateway.
Refer to sk104786. |
| CloudGuard for NSX |
PMTR-27720,
PMTR-29862 |
Topology is missing in the CloudGuard for NSX Cluster object after upgrading the Security Management Server from R80.10 to R80.20.M2.
Refer to sk141955. |
