Jumbo Hotfix Accumulator for R80.30 (R80_30_jumbo

Support Center > Search Results > SecureKnowledge Details

Jumbo Hotfix Accumulator for R80.30 (R80_30_jumbo_hf)

Technical Level

Solution ID	sk153152
Technical Level
Product	Endpoint Security Server, Multi-Domain Management, Security Gateway, Security Management, VSX
Version	R80.30
Date Created	02-Jul-2019
Last Modified	06-Jul-2020

Solution

Click Here to Show the Entire Article

Introduction

R80.30 Jumbo Hotfix Accumulator is an accumulation of stability and quality fixes resolving multiple issues in different products.

This Incremental Hotfix and this article are periodically updated with new fixes.

The list below describes each resolved issue and provides the Take number which includes the fix. A resolved issue is included in the Incremental Hotfix starting from the Take number listed in this table (inclusive). In addition, the table includes the date the take was published. List of files replaced by this Jumbo Hotfix Accumulator can be provided upon request by Check Point Support.

The Jumbo Hotfix Accumulator supports these products and configurations: Security Gateway, StandAlone, Security Management Server, Multi-Domain Management Server, Log Server, Multi-Domain Log Server, SmartEvent Server, Endpoint Security Server, VSX and Cluster.

Install this Jumbo Hotfix Accumulator only after you successfully complete the Gaia First Time Configuration Wizard and reboot.
For CPUSE installation, use CPUSE Agent build 1848 and higher (refer to sk92449).
We recommended to install Jumbo Hotfix Accumulator on all R80.30 devices, running on Gaia OS 2.6.18 or Gaia OS 3.10.
R80.30 Jumbo Hotfix Accumulator Take 195 supports the new SMB 1500 appliances LSM.

Also refer to sk98028 - Jumbo Hotfix Accumulator FAQ.

Availability

General Availability Take

Take_196 is the latest R80.30 Jumbo Hotfix Accumulator General Availability release that can be directly downloaded from Check Point Cloud using CPUSE and from this article:

Product	Take	Date	CPUSE offline package	SmartConsole package
Security Gateway / Standalone Gaia 2.6.18	Jumbo HF Take_196	21 May 2020	(TGZ)	(EXE) Build 90
Security Gateway Gaia 3.10			(TGZ)
Security Management			(TGZ)
Blink Image for Security Gateway Gaia 2.6.18 - Clean Install / Upgrade	R80.30 GA + Jumbo HF Take_196	31 May 2020	(TGZ)
Blink Image for Security Gateway Gaia 3.10 - Clean Install / Upgrade			(TGZ)
Blink Image for Security Management - Clean Install			(TGZ)

For Gaia Fast Deployment mechanism "Blink", refer to sk120193.
Effective July 6th 2020, the SmartConsole package has been updated to Build 90.

Ongoing Take

Product	Take	Date	CPUSE Offline package	SmartConsole package
Security Gateway / Standalone Gaia 2.6.18	Jumbo HF Take_215	06 July 2020	(TGZ)	(EXE) Build 90
Security Gateway Gaia 3.10			(TGZ)
Security Management			(TGZ)

For CPUSE Online Identifier, use
Check_Point_R80_30_JUMBO_HF_Bundle_T<Take number>_sk153152_Security_Gateway_and_Standalone_2_6_18_FULL.tgz
Check_Point_R80_30_JUMBO_HF_Bundle_T<Take number>_sk153152_Security_Gateway_3_10_FULL.tgz
and
Check_Point_R80_30_JUMBO_HF_Bundle_T<Take number>_sk153152_Security_Management_3_10_FULL.tgz
Effective July 6th 2020, the SmartConsole package has been updated to Build 90.

Supported R80.30 Jumbo Takes per R80.30 GA Takes

Jumbo HotFix	R80.30 Takes
Jumbo HotFix	Security Gateway / Standalone Gaia 2.6.18 Take 200	Security Gateway Gaia 3.10 Take 273	Security Gateway Gaia 3.10 Take 300	Security Management Take 200
JHF Take 19	Supported	x	x	Supported
JHF Take 50	Supported	Supported	x	Supported
JHF Take 76* and higher	Supported	Supported	Supported	Supported

* Take 76 is an Ongoing Jumbo Take released on 11 October 2019

Important Notes

Starting from Take 50 of R80.30 Jumbo Hotfix:
- All gateway related fixes are relevant for both Gaia 2.6.18 and Gaia 3.10 unless otherwise mentioned.
- Each Take supports Security Gateway platforms listed in R80.30 3.10 and can be installed on CloudGuard IaaS products AWS, Azure, GCP.
Before you perform an upgrade, refer to sk164258 to check the compatibility of Jumbo Hotfix Takes between different releases.
Starting from Take 71, on a Multi-Domain Server/Multi-Domain Log Server, several Domain smartlog_server processes may fail to load printing a "Failed to start web server (Probably another server listens on the same port)" message into smartlog_server.elg file. Refer to sk165262 .
Customers using R80.30 Jumbo Hotfix Takes 163-168, should remove the redundant opt/CPsuite-R80.30/fw1/bin/cpprod_util file from the Expert mode.
Customers on cluster environments using R80.30 Jumbo Hotfix Takes 163-168 that would like to install a later Jumbo Take, should refer to sk166192.

List of resolved issues per HotFix Take

ID	Product	Description
R80.30 Jumbo HotFix - Ongoing Take 215 (06 July 2020)
PRJ-11587, PRHF-9260	Security Management	In some scenarios, when using Rulebase Search, the 'number of rules' section is incorrect. Refer to sk166003.
PRJ-12025, PMTR-51885	Security Management	NEW: Tasks that fail to complete within 18 hours will be stopped automatically and appear as failed. Refer to sk166455.
PRJ-12274, PMTR-53007	Security Management	In Management HA configuration, a hotfix installation may incorrectly fail during the verification phase.
PRJ-10058, PRHF-8924	Security Management	In some scenarios, Security policy deletion or installation may fail when there are many Application Control objects used in this policy.
PRJ-12670, PMTR-52789	Security Management	If an administrator searches for a certain text in SmartConsole, it may cause the Management Server to become inaccessible until a restart.
PRJ-13152, CPM-2811	Security Management	In rare scenarios, a session becomes unusable, and one or more of the following may occur: The user is not able to log in and make changes with this session. Publishing this session fails. Discarding this session fails. Refer to sk167735.
PRJ-1392, PMTR-33408	Multi-Domain Management	NEW: Added ability to log in to the Management Server with SmartConsole while MDS Backup is running.
PRJ-12205, PRHF-10405	Multi-Domain Management	In some scenarios, changes to a .def file in $FWDIR/lib might be reverted when creating a secondary CMA.
PRJ-11508	Multi-Domain Management	A migration from the Security Management Server to a Domain on a Multi-Domain Management Server may fail with: “didn't find ObjectStoreSessionEntity for session <uuid> return null" error in the cpm.elg file.
PRJ-8497, PMTR-48272	Multi-Domain Management	The "Recent Tasks" and "Install Policy Preset" views in MDS Domain might include Domain names, policy packages, and Gateways names. This information is not filtered according to the administrator's permission profile.
PRJ-9602, PRHF-8502	Multi-Domain Management	In environments with more than five Multi Domain servers, changes to objects might not be reflected in the logs.
PRJ-12485, PRHF-10330	Multi-Domain Management	Multi-Domain Administrator configuration for RADIUS authentication might show local Domain Radius servers and groups.
PRJ-12965, PRHF-10944	Multi-Domain Management	In some scenarios, certain deleted domain level objects are visible in the SmartConsole at the MDS level.
PRJ-13033, PRHF-10917	Multi-Domain Management	Global Policy reassignment may fail after performing the IPS update in the Global domain.
PRJ-12555, PRHF-10523	Multi-Domain Management	In some scenarios, updating firewall_properties in GuiDBedit in the MDS context fails. Refer to sk42184.
PRJ-12776, PMTR-52320	SmartConsole	NEW: Added API commands for user, user-template, user-group and identity-tag.
PRJ-12900, PMTR-53694	SmartConsole	NEW: Added more information on each Management API call to api.csv.
PRJ-11258, PRHF-9106	SmartConsole	In some scenarios, Inspection Settings view under the General tab is blank.
PRJ-12454, PMTR-37222	SmartConsole	In some scenarios, a calculation of UIDs for irrelevant rules may result in the "Cannot insert a rule into its own sub rulebase" validation error.
PRJ-12810, PMTR-53855	SmartConsole	When using the Management API "show-objects" command to show OPSEC application objects, it may fail with "Requested object [OBJECT ID] not found".
PRJ-12973, PMTR-51691	SmartConsole	When a VSX Cluster object is edited, no changes are made and the "Topology has changed. Please reinstall Security Policy" message is always displayed after clicking OK, even if no changes are made.
PRJ-12445, PRHF-8488	SmartConsole	In some scenarios, IPS update tasks may stuck when multiple machines are attempting an update within the same time frame.
PRJ-12458, PRHF-8968	SmartConsole	In some scenarios, IPS update may be locked with the message "IPS management update is locked by Scheduled update" .
PRJ-12210, PMTR-52897	SmartConsole	When running the "show-domain" API command, the "active" field may be missing from the reply.
PRJ-10670, PMTR-49128	SmartView	In SmartView, when using a language other than English, an error may occur when drilling down on a widget.
PRJ-10200, PRHF-9019	SmartView	SmartView may show "query failed" error message when creating table widget with filter by source/destination host name. Refer to sk119056.
PRJ-11432, PRHF-8506	SmartProvisioning	The SmartProvisioning application may hang when the user adds/edits Dynamic Objects in the LSM Gateway object editor.
PRJ-11695, PRJ-12363, PRHF-9799	Security Gateway	In a rare scenario, access rules with service type of "other" may not be matched correctly. Refer to sk166365.
PRJ-13204, PRJ-13205	Security Gateway	In rare scenario, a traffic outage may occur when time objects are used in the access policy.
PRJ-8675, PRJ-10168, PMTR-38384	Security Gateway	In some scenarios, "simple_debug_filter_unset: unsetting debug filter when no filter is set" messages may appear in dmesg. Refer to sk165675.
PRJ-12732, PMTR-53779	Security Gateway	In a rare scenario, memory is not freed correctly in the routing mechanism. Fix is relevant for Gaia 3.10 only.
PRJ-12101, PMTR-41300	Security Gateway	In some scenarios, when running "fw monitor" with the "-e" flag, SecureXL traffic is not filtered, and all traffic is displayed. Refer to sk166592.
PRJ-12236, PRJ-12379, PRHF-10039	Security Gateway	In a rare scenario, Security Gateway memory consumption may increase when the Anti-Virus blade is enabled.
PRJ-13075, PRJ-13076, PMTR-54306	Security Gateway	When HTTPS Inspection is enabled, bridge routing may fail and traffic may be dropped.
PRJ-5540, PRJ-5541, PMTR-39046	Security Gateway	Added ability for fw monitor to support monitoring traffic on Acceleration Card.
PRJ-13089, PRJ-13090, PRHF-11016	Security Gateway	CPView Utility may not display speed and driver. SNMP does not use custom OID, dplane OID mapping to mplane. Some connections through mplane on Standby member may be dropped.
PRJ-9047, PRHF-8153	Threat Prevention	The number of overrides in Threat Prevention policy -> Profile -> Overrides may also show inactivated overrides, with mismatched information between "override" and "User Modified".
PRJ-12831, PRJ-12432, PRHF-11043	Threat Prevention	In a rare scenario, when Threat Prevention Forensics feature is enabled, memory usage may rise on the Security gateway due to failures in memory release flow.
PRJ-12394, PRJ-12383, PMTR-45311	Threat Prevention	In some scenarios, policy installation fails with "Error code 0-2000111".
PRJ-12766, PRJ-12790, TEX-1762	Threat Extraction	In rare scenarios, the watermark_cp_file_convertd daemon used by Threat Extraction may restart frequently, causing high CPU usage.
PRJ-12339, PRJ-12340, PMTR-53146	URL Filtering	In a rare scenario, policy installation may fail with "Error code: 0-2000112" if the URL Filtering blade is active while no other feature or blade is enabled.
PRJ-13116,PRJ-13117, PMTR-52580	DLP	Improved DLP functionality when working with IDA MUH1 and MUH2 agents.
PRJ-13109, PRJ-13238, PRHF-11112	HTTPS Inspection	In some scenarios, HTTPS websites may show garbled text when HTTPS Inspection and Anti-Virus are enabled.
PRJ-11059, PRHF-9354	Application Control	In some scenarios, Application Control update task may get stuck indefinitely when it is executed as part of Global Policy assignment.
PRJ-12165, PMTR-52106	Application Control	In some scenarios, Application Control updates in Multi-Domain High Availability environments may get stuck when multiple updates from different Domains/Multi-Domains take place simultaneously.
PRJ-10157, PRHF-8586	Logging	"UserCheck Reference ID” field is missing from logs when the message of the UserCheck customized page is modified and does not contain the text "reference:". Refer to sk165355.
PRJ-11888, PRHF-10057	Logging	In some scenarios, searching for logs using "client_name" in the logging tab returns no values.
PRJ-4738, PRJ-4737	Logging	In environments that use certain mail servers, sending a report using SmartView may not work properly.
PRJ-4610, PRHF-5209	Logging	When trying to open a Forensic report in SmartLog, the "Error getting report." message may appear if there is a network object configured with the same IP address as that of the Endpoint Security Management Server
PRJ-12285, CLUS-1752	ClusterXL	ClusterXL in Load Sharing mode may drop traffic after a cluster member is rebooted, due to inconsistency of MAC addresses saved in the Firewall kernel and in SecureXL kernel.
PRJ-12709, PRHF-10849	ClusterXL	In some scenarios, a Cluster member forwards ICMP replies via its Sync interface after being rebooted.
PRJ-12550, PRJ-12549, PRHF-10647	SecureXL	NEW: Added tunable kernel parameter "adp_mc_rt_hold_queue_len" to adpkern.conf to eliminate multicast packet drops at the start of a connection (when large bursts of multicast traffic are expected).
PRJ-12174, PRJ-12641, PRHF-10228	SecureXL	In some scenarios, TCP traffic containing the TCP Fast Open option may be dropped by the Security Gateway when SecureXL is enabled.
PRJ-11365	Routing	NEW: Performance improvement for multicast packets in SecureXL (fast path) when there are no multicast listeners. Fix is relevant for Gaia 3.10 only.
PRJ-12802, PRJ-12803, ROUT-541	Routing	In some scenarios, when processing BGP ECMP routes, routed may stop working, resulting in loss of BGP adjacency.
PRJ-12798, PRJ-12799, ROUT-530	Routing	In some scenarios, there may be a loss of BGP adjacency when displaying BGP routes with very long AS paths or large numbers of BGP communities.
PRJ-12072, PRJ-6149	Gaia OS	NEW: Added support for Jumbo Hotfix installation on Check Point 3800, 6400, 6700, 7000, 16200, 16600HS and 28000 appliances. Refer to sk110052, sk139932 and sk152733. Requires R80.30 SmartConsole Build 86 (or higher).
PRJ-12436, PRJ-12437, PRJ-1619, PRHF-2637	Gaia OS	In some scenarios, the xmlUpgradeExec process may stop working during Jumbo Hotfix installation. As a result, the configuration file may not be created correctly. Upon login, the following error message may appear: "`/etc/appliance_config.xml:1: parser error : Document is empty` `/etc/appliance_config.xml:1: parser error: Start tag expected, ^^^ not found`".
PRJ-12812, GAIA-7625	Gaia OS	The activate_sw_raid utility may fail due to incorrect disk names. Fix is relevant for Gaia 3.10 only.
PRJ-12248, PMTR-52663	Gaia OS	UPDATE: on Smart-1 410: Line card 1 model PE2G2SFPi35-CP is changed to CPAC-2-1F-SM-C Line card 2 model PE210G2SPI9A-XR-CP is changed to CPAC-2-10F-SM-C
PRJ-3026, PRJ-13311, PRHF-4557	Gaia OS	Backup on Gaia machine may fail with "Cannot complete the backup process: not enough space". Refer to sk98609.
PRJ-11620, PRHF-10009	Gaia OS	When a bond exceeds 60GB/s, ethtool may report an incorrect speed of the bond interface.
PRJ-8949, GAIA-7018	Gaia OS	In some scenarios, interface names may not correspond to the correct ports on 4-ports 10GbE SFP+ Rev 1.1 on 12200/4200/4400/4600/4800/TE250 appliances.
PRJ-12791, PRJ-12518, PRHF-10672	Gaia OS	In some scenarios, a backup on a Gaia device with Threat Emulation Blade enabled may fail with "Cannot complete the backup process: not enough space". Refer to sk166833.
PRJ-8621, PRJ-11119, PRHF-7485	VPN	Improved the VPN connectivity with DAIP peers when Tunnel Monitoring is enabled. Refer to sk164933.
PRJ-11723, PRHF-2844	VPN	Added L2TP Remote Access client connectivity improvements. Refer to Scenario 2 in sk145895. Fix is relevant for Gaia 3.10 only.
PRJ-12178, PRJ-12309, VPNRA-364	VPN	Connectivity improvements for Remote Access VPN using Traditional mode.
PRJ-12194, PRHF-9885	VPN	A connectivity issue may occur when a non-encrypted VPN tunnel is used with IKEv2.
PRJ-11244, PRJ-12418, PRHF-9628	VoIP	SIP calls with NAT (SIP packet with no SDP but content-type=sdp) may fail to open correctly.
PRJ-9104, PRJ-9929, PRHF-7758	VoIP	In a rare scenario, Security gateway crashes when passing SIP traffic. Refer to sk166474.
PRJ-12623, VSX-2219	VSX	In a rare scenario, creating new VSX and pushing configuration may cause the cluster members to crash. Fix is relevant to Gaia 3.10 only.
PRJ-13077, PRHF-10978	VSX	When performing a provisioning operation in VSX, process may hang on "Pushing configuration to ...". Refer to sk167175.
PRJ-10416, MAGB-781	Mobile Access	Some Web applications published by Mobile Access Blade may not work in Host Translation mode.
PRJ-12601, PRJ-12602, PMTR-53442	Mobile Access	Mobile Access ActiveSync session timeout may not update properly, generating repeated error messages in the cvpnd.elg debug output.
PRJ-11836, PRHF-10015	Endpoint Security	An error in FDE preboot users calculation might cause Endpoint to be left in a disconnected state. Refer to sk142313.
PRJ-11690, PRHF-9169	Endpoint Security	The following may occur in installations with Media Encryption (refer to sk166074): Unable to log in with SmartEndpoint External devices do not appear in the "Discovered Devices" report Errors in the server_messages.log related to PSQLException on MeSimilarDiscoveredDevicesSelect
PRJ-11822, PRHF-5833	Endpoint Security	In some scenarios, SmartEndpoint doe not update info in reports about devices when the user is logged out. Refer to sk164035.
PRJ-11143, PRHF-9706	Endpoint Security	Local users might not be displayed under the selected machine in the "Users and Computers tab" in SmartEndpoint. Refer to sk166316.
PRJ-11832, PRHF-8234	Endpoint Security	The Endpoint directory scanner may fail to reconnect to the AD if the connection was lost during the scan.
PRJ-11840, PRHF-9304	Endpoint Security	Cannot delete the client MSI package from SmartEndpoint because of previously deleted FDE offline group.
PRJ-11815, PRHF-9151	Endpoint Security	When a user name is updated in SmartEndpoint, the change may result in an unexpected expiration date. Refer to sk165872.
PRJ-11828, RHF-7087	Endpoint Security	SmartEndpoint might export a report to Excel in which incorrect distinguished names appear for deleted users/devices. Refer to sk163943.
PRJ-11824, PRHF-6365	Endpoint Security	Users/devices may not change their locations in the tree according to Active Directory changes when certain special characters appear in the names.
PRJ-11819, PRHF-9157	Endpoint Security	The default paths for offline folders in SmartEndpoint -> Offline group creation wizard may be incorrect.
PRJ-12691, MB-731	Compliance	Compliance blade may show incorrect Best Practice status if one or more relevant network objects for that Best Practice is in status "N/A".
R80.30 Jumbo HotFix - Ongoing Take 214 (30 June 2020)
PRJ-13803	Security Management	Upgrade to R80.30 Jumbo HotFix Ongoing Takes 210 and 213 from R80.20 Jumbo HotFix Take 161 fails.
R80.30 Jumbo HotFix - Ongoing Take 213 (23 June 2020)
PRJ-13688, PRJ-13686	Security Management	In some scenarios, when using many management API calls in parallel, the output is not consistent. Refer to sk167509.
PRJ-8256, PMTR-36367	Security Management	FWM and\or INDEXER processes may repeatedly stop when there are more than ~500K network objects declared. Refer to sk164452.
R80.30 Jumbo HotFix - Ongoing Take 210 (26 May 2020)
PRJ-11386, PMTR-52087	Security Management	NEW: Significant performance improvement for policy installation time when many groups are defined on the Management Server.
PRJ-10900, PMTR-49801	Security Management	NEW: Set values for environment variables on the Management Server that will remain there after a Management Server upgrade, as well as Backup/Restore and Export/Import of the Management Server. Refer to sk165938.
PRJ-11009, PMTR-46009	Security Management	NEW: Added ability for R80.30 Security Management or Multi-Domain Server to manage 7000 and 28000 Check Point appliances. Requires R80.30 SmartConsole Build 86 (or higher).
PRJ-10994, PMTR-51743, PRJ-11117, PMTR-51778	Security Management	NEW: Added ICA Management security enhancements.
PRJ-9070, PMTR-38703	Security Management	"Policy installation had failed due to an internal error. If the problem persists please contact Check Point support" message may be displayed on policy installation failure. Refer to sk149093.
PRJ-8793, PRJ-8831 VPNRA-316	Security Management	Improved the Access Control Policy installation time for environments with high amount of objects and enabled IPSEC VPN blade. Refer to sk166321.
PRJ-8416, PRHF-7865	Security Management	When the user runs the 'add-domain' Web API command on an existing Domain, the original Domain is deleted.
PRJ-9214, PRHF-8370	Security Management	Logging into SmartConsole to the Standby Management Server with a Radius or TACACS user may fail after changing the shared secret on the Radius or TACACS object.
PRJ-10472, PMTR-49832	Security Management	In a rare scenario, export from the previous version does not complete because the Postgres dump_all process gets stuck.
PRJ-11523, PRHF-9981	Multi-Domain Management	In rare scenarios, upgrading the Multi-Domain Server fails to upgrade some Domain Servers with "IllegalArgumentException" in the upgrade log.
PRJ-12065, PRHF-10327	Multi-Domain Management	The FWM process of domains may not stop after the user runs mdsstop or mdsstop_customer.
PRJ-11073, PMTR-51815	SmartConsole	NEW: Added ability to reset the following network object fields to be empty through the Management API: ipv4-address, ipv6-address, subnet4, subnet6, mask-length4, and mask-length6.
PRJ-11905, PRHF-10275	SmartConsole	In rare scenarios, certain domain level objects may not be visible in SmartConsole at the MDS level.
PRJ-5103, PMTR-40942	SmartConsole	"An internal error has occurred" message may pop up when the user tries to modify a Revision's description.
PRJ-11458, PRHF-9941	SmartConsole	Unable to delete Snort protections in Multi-Domain environment - they still exist after deletion.
PRJ-12955, PRHF-10916	SmartConsole	Global Policy reassign in MDS may fail with 'An internal error has occurred' message after adding overrides to Snort protections.
PRJ-11391, PRJ-9293	SmartConsole	When running Management API commands, the default values for 'dereference-group-members' and 'show-membership' flags may change from "True" to "False".
PRJ-7746	Smart Provisioning	The security profile may not be visible on the new 1500 LSM Gateway wizard.
PRJ-9741, PRJ-10976, PMTR-51721	QoS	Packets to the broadcast IP address (255.255.255.255) may cause dmesg to fill with “fg_classify_and_offload_all_ifdirs: fglogRulename Failed.” messages.
PRJ-11928, PRJ-11960 PRJ-11897	QoS	In some scenarios, SmartView Monitor shows "No Match" rule on QoS traffic.
PRJ-9381, PRJ-9388	Security Gateway	NEW: Added DNS Passive Learning feature for enhanced non-FQDN domain objects & updatable objects matching. Refer to sk161612.
PRJ-9017, PRJ-9512 PRHF-4623	Security Gateway	NEW: Added support for the bridge configuration when packet is passing via the Security gateway twice.
PRJ-8883, PRJ-9380, PRHF-7048	Security Gateway	In a rare scenario, Security gateway may crash when activating a web parsing debug.
PRJ-1214, PRJ-10896, PRHF-3652	Security Gateway	In a rare scenario, the Security Gateway may crash due to a NULL pointer reference.
PRJ-11530, MUX-319	Security Gateway	In a rare scenario, Security gateway may crash while connection is closed while being held.
PRJ-4092, PMTR-35130	Security Gateway	Using spaces in the $FWDIR/boot/modules/fwkern.conf file may cause long reboot time.
PRJ-2411, PRJ-10978 PRHF-4282	Security Gateway	DCE-RPC traffic may be dropped because of a drop template that is incorrectly created for the ALL_DCE_RPC service.
PRJ-5730, PRJ-10926, PRHF-6035	Security Gateway	In some scenarios, SIP traffic may be dropped by Anti-Spoofing with "fw_early_sip_nat Reason: spoofed packet on SIP traffic" error in dmseg although it is set to"detect".
PRJ-9838, PMTR-48719	Security Gateway	When ISP Redundancy is configured on a cluster, the backup ISP link status may show as down even though the link is up. Fix is relevant for Gaia 3.10 only.
PRJ-9122, PRJ-8907	Security Gateway	Connections may be dropped when "keep all connections" is configured during policy installation.
PRJ-7334, PMTR-45346	Security Gateway	When SecureXL is enabled, a standby cluster member may crash when it starts handling the IPv6 traffic. Refer to sk166655. Fix is relevant for Gaia 3.10 only.
PRJ-8616, PRJ-9511, PMTR-46465	Security Gateway	In some scenarios, the uc_log_suppression_data table may reach its limit and "uc_log_suppression_set_entry: Failed storing log data in log suppression table" error appears in /var/log/messages file.
PRJ-8296, PRJ-8297, PRHF-5333	Security Gateway	In some scenarios, there may be connectivity problems with DHCP traffic.
PRJ-8687, PRJ-8628, PMTR-39579	Security Gateway	When bridge rerouting is enabled, Management/local traffic may be allowed over a Gateway bridge.
PRJ-11954, PRJ-11955, PMTR-52583	Security Gateway	In a rare scenario, Security Gateway may crash due to NULL pointer reference.
PRJ-10845, PRJ-10836 PRHF-1898	Application Control	NEW: Gateway status will reflect Application Control and URL Filtering updates.
PRJ-8238, PMTR-47855	IPS	In some scenarios, Threat Prevention policy installation may fail when the Threat Prevention profile performance impact is configured to "Very Low".
PRJ-6151, PMTR-32830	IPS	In rare scenario, a memory leak may occur if there is HTTP 206 partial content.
PRJ-9488, PMTR-46123	IPS	After an upgrade, policy installation may not update the IPS version on the gateway if the "IPS scheduled update" option was changed before the upgrade.
PRJ-10938, PRJ-10939, PMTR-51681	IPS	In a rare scenario, the fw_full process may stop working.
PRJ-9449, PRJ-9546, PRHF-8530	IPS, VSX	In some scenarios, SmartConsole shows "No license" and "Contract is expired" for IPS blade in VSX. Refer to sk164917.
PRJ-10096, PRJ-10266, PMTR-40198	Identity Awareness	NEW: Added support for LDAP automatic group update feature in Identity Collector.
PRJ-11853, PRJ-11851	Identity Awareness	NEW: Added Terminal Server agent v2 (aka MUH2) support for R80.30 Security Gateway. For more information, see sk134312.
PRJ-5231, PRJ-10933, PRHF-4808	Identity Awareness	Failure in LDAP groups membership query for specific user that was reported by MUH agent, may cause all users under the same MUH agent to be removed from the PDP database.
PRJ-10224, PRJ-10257, PMTR-39175	Identity Awareness	In a rare scenario, there is a memory leak in the IDA daemon pepd.
PRJ-9393, PRJ-9394, PMTR-49565	Identity Awareness	NEW: Performance improvement in the automatic LDAP group update feature.
PRJ-10386, PRJ-10894 IDA-2719	Identity Awareness	In a rare scenario, identity session groups and access roles may disappear following a policy installation.
PRJ-11614, PRJ-11616, IDA-1828	Identity Awareness	In a rare scenario, a memory leak, related to the Identity Awareness flow, may occur in the kernel.
PRJ-10329, PRJ-12342, ACCL-547	Anti-Virus	In some scenarios, dmesg shows many "cmik_loader_fw_context_match_cb: match_cb for CMI APP 11 failed on context 249" messages.
PRJ-10129, PRJ-10367, TEX-1670	Threat Extraction	"An error has occurred while adding watermark to file" error may appear while adding watermark to a file. Refer to sk165594.
PRJ-9934, PRJ-10739,PMTR-49938	HTTPS Inspection	In some scenarios, when the minimum version of HTTPS Inspection is set to TLS 1.1, some websites may stop working. Refer to sk165555.
PRJ-6957, PRJ-11154, PMTR-31108	Anti-Malware	In some scenarios, dmesg may show the following errors: "cmik_loader_fw_context_match_cb: m atch_cb for CMI APP 3 failed on context 56, executing context 366 and adding the app to apps in exception".
PRJ-10969, PRJ-10990, SWG-2484	DLP	NEW: Reading and sending files from the registry by DLP was optimized.
PRJ-9328, PRJ-10860, PRHF-8152	DLP	Improved the scanning time of files for some scenarios in SMTP and HTTP/S.
PRJ-9693, PRJ-10861, PRHF-8503	DLP	In some scenarios, DLP prints wrong error message in the log.
PRJ-5022, PRJ-10466, PRHF-5528	DLP	The DLP engine may incorrectly process the file if the file name is missing in the connection header.
PRJ-9774, PRJ-10863, PRHF-8847	DLP	In some scenarios for SMTP, when an internal user sends an email, the DLP logs may show the topology as "external to external" instead of as "internal to internal".
PRJ-10423,PRJ-10811, PMTR-39431	DLP	In a rare scenario, when Security Gateway is configured as proxy, the HTTP traffic may be not scanned by DLP.
PRJ-10855, PRJ-10854	DLP	DLP stability for some scenarios was improved.
PRJ-9190	Logging	NEW: Added support for viewing MITRE ATT&CK fields.
PRJ-9316, PRHF-8166	Logging	Logging view may show results from the wrong day if the server Time Zone is configured to use half/quarter hour deviations from standard time.
PRJ-8922, PRHF-8148	Logging	When the user searches logs in the "Logs and Monitor" tab in SmartConsole and applies a filter using the "?" wildcard, incorrect logs may be returned.
PRJ-4136, PRHF-2711	Logging	In some scenarios, it may not be possible to filter logs by the field "IKE IDs:" when searching the log files directly.
PRJ-10358, PMTR-46596	Logging	Log_indexer may stop working on a SmartEvent server with a large number of CPUs (32 and up), and\or when the total number of log servers declared in correlation units is above 30.
PRJ-8213, PRHF-7592	Logging	"Problem has occurred during search < External Log server > Disconnected" error may appear in "Logs & Monitor" tab after creating dummy object for NAT.
PRJ-11006, PRHF-9292	Logging	In some scenarios, changes made to Network Objects on the Security Management Server are not reflected in the logs view. Refer to sk166493.
PRJ-9193, PMTR-42449, SL-3104	Logging	After synchronization, MLM / Secondary MDM may have different log policy configuration. Refer to sk165692.
PRJ-1525, SL-2379	Logging	In some scenarios, Autosuggestion does not complete in SmartConsole's "Logs & Monitor" tab for users who do not have super user privileges. Refer to sk155252.
PRJ-11362, PMTR-51655	Logging	In a rare scenario, the CPD process on a Security Management Server that manages R77.30 Security Gateway may stop working.
PRJ-9706, PRHF-7716	Logging	The FWD process may stop working if one of the following changes were made using GuiDBEdit: Change to log forwarding timing Change to log switch timing
PRJ-9127, PRJ-9128, PMTR-46873	SecureXL	NEW: Added acceleration support for Ethernet Over IP Tunneling (EOIP). EOIP is RFC 3378 protocol # 97 used between Wireless AP and Wireless Cisco controller.
PRJ-9826, PRJ-9827, PMTR-50294	SecureXL	In some scenarios, SYN Defender cookie validation may fail.
PRJ-10234, PRJ-10274, PMTR-51942	SecureXL	Policy installation may fail with "Error code 0-2000240" when Drop templates option is enabled. Refer to sk165716.
PRJ-10816, PRJ-10946, PMTR-25593	SecureXL	Rule that contains dhcpv6 services, does not disable SecureXL Accept Templates. Refer to sk32578.
PRJ-8489, PRJ-8490, PMTR-48255	SecureXL	In some scenarios, held packets are incorrectly reported to the penalty box.
PRJ-4176, PRJ-11057, PRHF-5051	SecureXL	In some scenarios, there may be a length verification error with SCTP traffic.
PRJ-7418, PRJ-9669, PRHF-5522	SecureXL	In some scenarios, when SecureXL is enabled, it drops the TCP traffic for the particular connection for invalid state reasons. This fix enables the new property per specific gateway. Refer to sk147093.
PRJ-5905, PRJ-5906, PMTR-43772	SecureXL	In some scenarios, the penalty box violation rate is calculated incorrectly.
PRJ-6124, PRJ-8690, PRHF-5797	SecureXL	In some scenarios, DOS/Rate Limiting drops too few (or too many) packets for "concurrent-conns" fw samp rules. Refer to sk112454.
PRJ-11679, PRJ-11680 PRJ-11551	SecureXL	MCAST packets may be handled incorrectly when promiscuous (tcpdump) mode is enabled for the interface.
PRJ-10001, PRJ-10002, PRHF-5120	SecureXL	Improved TCP state inspection for "Smart Connection Reuse" feature when SecureXL is enabled.
PRJ-12020, PRJ-12021, PRHF-10097	SecureXL	In some scenarios, ACK, FIN, and RST TCP packets are dropped, causing outages when SecureXL is enabled.
PRJ-12498, PRJ-12660, PMTR-52267	SecureXL	SCTP Stateful inspection and payload NAT (INIT Chunks) may not work correctly when SecureXL is enabled.
PRJ-11021, PRJ-11024, PRHF-3767	Routing	Active VRRP cluster member may not show full accounting information in logs. Refer to sk159432.
PRJ-5866, PMTR-43718	ClusterXL	SNMP Response for OID .1.3.6.1.4.1.2620.1.5.6 ("haState") is "Active" on all members of ClusterXL High Availability mode. Refer to sk106291.
PRJ-1502, PRJ-10922, PRHF-3839	ClusterXL	The output of the 'cphaprob routedifcs' command may be missing interfaces.
PRJ-7614, PRJ-7615, PRHF-7166	ConnectControl	Logical servers will have global table for lookups to prevent the race condition where two instances has different decisions because local sync is flushed every 0.1 sec. Added 'fw balance' command for visibility.
PRJ-5333, PRJ-5334, PMTR-41386	VPN	NEW: Added functionality enhancements for the authentication realms that is used with Remote Access VPN.
PRJ-5702, PRJ-10024, PMTR-42483	VPN	NEW: Improved policy installation performance when the MAB blade is enabled with Legacy Policy and Native Application rules
PRJ-10271, PRJ-10272, PMTR-50151	VPN	NEW: 3DES is disabled by default for HTTPS Inspection, Mobile Access Portal, Identity Awareness Portal, ICA Portal, SmartManagement Portal, SecurePlatform WebUI abd Mobile Access curl. Note: Disabling 3DES will fail 3rd party OPSEC SDK 6.0 clients connectivity. To enable it, refer to sk113114.
PRJ-11643, PRJ-11750, VPNRA-353	VPN	Added Stability improvement for Remote Access VPN.
PRJ-12746, PRJ-12747, PRJ-12738	VPN	Some Remote Access clients that do not support Multi-Factor Authentication (MFA) are able to connect to a Security Gateway even though the "Allow older clients" option is disabled. Refer to sk166912.
PRJ-12992, VPNRA-384	VPN	In some scenarios, a connectivity issue appears when working with Capsule Connect. Fix is relevant for Gaia 3.10 only.
PRJ-11920, PRJ-10869	VPN	Memory leak in VPN daemon may appear during the IP address assignment.
PRJ-8263, PRJ-9749, PRHF-7769	VPN	Server-to-Server VPN may fail when using Wire Mode when SecureXL is enabled.
PRJ-11282, PRHF-7681	VPN	In a rare scenario, vpnd process stops working due to Segmentation fault. Fix is relevant for Gaia 3.10 only.
PRJ-12523, PMTR-36437	VPN	In some scenarios, VPN traffic distribution change may cause high CPU consumption on one CPU core. Refer to sk165853. Fix is relevant for Gaia 3.10 only.
PRJ-6139, PRJ-11183, PRHF-4292	VPN	In a rare scenario, the vpnd process stops working due to memory access problem.
PRJ-4452, PRJ-11189, PMTR-40912	VPN	Improved IKEv2 negotiation flow.
PRJ-7693, PRHF-7359	VPN	Improved usability of VPN tunnel monitoring "vpn tu" command.
PRJ-10390, PRHF-1053	VPN	In a rare scenario, vpnd process stops working due to issue in IKEv2 flow.
PRJ-8115, PMTR-49502	VPN	“vpn_trap_multik: - wrong header length 36 != 72” message may appear in the vpnd.elg when working with multiple users with the same credentials.
PRJ-8177, PRJ-11099, PRHF-7426	VPN	In a rare scenario, a memory leak in VPND may occur during the TLS key exchange in HTTPS portals.
PRJ-11483, PRJ-11485, PRJ-8726	VPN	In some scenarios, vpnd cores may be generated sporadically during boot time/cluster failovers on the Cluster Standby Member.
PRJ-11238, PRJ-11239, PMTR-42727	VPN	Added connectivity improvement for VPN over NAT traversal (UDP 4500).
PRJ-6677, PRJ-6676 PRHF-6634	VPN	In some scenarios, NAT-T packets are going out with the wrong interface, when encrypted. Refer to sk165697.
PRJ-6719, PRHF-6672	VPN	In some scenarios, the vpnd process stops working on cluster members.
PRJ-8889, PMTR-43850	VPN	Improved stability of VPN traffic on VSX Gateway when SecureXL is enabled. Refer to sk166655. Fix is relevant for Gaia 3.10 only.
PRJ-9231, PRJ-9232, PMTR-39379	Routing	Although only OSPFv2 with Graceful Restart Helper is configured, the Critical Device OSPF3 Graceful Restart may show the "OSPF3 Graceful Restart PROBLEM Master -> Standby. Waiting for GR" message during the cluster failover.
PRJ-3618, PRJ-3615, PRHF-4829	Routing	In some scenarios, routed stops working when receiving an LSA with a checksum value of zero.
PRJ-11543, PRJ-11544 ROUT-554	Routing	In some scenarios, routed stops working and traffic is lost after a failover in ClusterXL when BGP and ECMP are enabled. Refer to sk166175.
PRJ-12224, PRJ-12225, ROUT-856	Routing	In some scenarios, routed process stops working when adding an interface to OSPFv3 with a prefix length above 63 and having two or more areas.
PRJ-4236, PRJ-10925, PRHF-4250	VoIP	In some scenarios, H323 connections are dropped after "Virtual session timeout" is configured. Refer to sk156372.
PRJ-9956, PRHF-897	VoIP	In some scenarios, UA traffic is dropped when packet contains more then 9 UA's. Refer to sk135114.
PRJ-2462, PRJ-10927, PRHF-4097	VoIP	In some scenarios, MGCP traffic may be dropped by the Security Gateway with the following message in fw ctl zdebug drop: `fw_mgcp_undo_earlynat: the needed early_nat request entry (with natted src) not found, dropping;` `fw_conn_post_inspect Reason: Handler 'mgcp_manager' drop;`
PRJ-11687, PRHF-9774	VSX	The following error may appear in /var/log/messages: "Destroying alive neighbour *".
PRJ-10935, PRJ-11283, PMTR-12883	VSX	In a rare scenario, portals are not reachable after the fwk process stops working.
PRJ-10902, PRJ-10911, PMTR-22709	VSX	In VSX cluster with VMAC mode, traffic may not pass through VSX Cluster members if SecureXL is enabled. Refer to sk138894.
PRJ-3801, PMTR-40396	Gaia OS	NEW: Added the ability to configure an IPv6 address for a LOM interface on Smart 1-525/5050/5150 appliances.
PRJ-9351, PRHF-8098	Gaia OS	Added optimization for 40GbE and 25/100GbE cards configured in multiqueue allowing better transmit performance when Hyper-Threading (SMT) is enabled.
PRJ-8007, PRJ-8008, PMTR-46037	Gaia OS	Apache API was updated.
PRJ-9221, PRJ-9222, PMTR-43418	Gaia OS	All VRRP cluster members are in Master state when using i40e driver.
PRJ-10166, PMTR-51849	Gaia OS	Smart-1 625 appliances may show RAID syncing on both RAID disks.
PRJ-11159, GAIA-6136	Gaia OS	Incorrect status may be displayed in clish for pulled PSU.
PRJ-11322, PRHF-6250	Gaia OS	Commands left in the Clish prompt, may be executed upon the SSH session termination. Fix is relevant for Gaia 3.10 only.
PRJ-8054, PRJ-11373, PRJ-11370, PRHF-7532	Gaia OS	In some scenarios, latency issues may occur in Clish and in the WebUI when using web scanning tools (Qualys). Refer to sk164153.
PRJ-9013, PRJ-12031, PMTR-45907	Gaia OS	In a rare scenario, machine hangs for ~10 minutes during boot. Refer to sk164268.
PRJ-7913, PRJ-7579, PRJ-7580, PMTR-42309	Gaia OS	'#', '=' and '+' characters cannot be used in "Banner" and "Message of the day" features.
PRJ-5175, PRJ-5271, PMTR-40400	Gaia OS	Any of the following may occur in vSphere on a Management appliance: vSphere client/WebUI does not show the instance IP in the instance summary window. vSphere client/WebUI reports that VMware tools are "not running" in the instance summary window. Machine time/date is not synchronized with the ESX host.
PRJ-11368, PRJ-11749, PRHF-9804	Gaia OS	SNMP Trap may not be sent even though a failover occurred. Refer to sk166100.
PRJ-11535, PRHF-9858	Gaia OS	In some scenarios the snmpd process floods /var/log/messages with errors regarding parsing voltage sensor value.
PRJ-10398, PRJ-10396	Gaia OS	In some scenarios, transmit queues may stop, causing packet loss.
PRJ-11321, PRJ-11322, PRHF-6250	Gaia OS	In some scenarios, commands that were typed into Clish can be executed later on if the SSH session was uninterruptedly terminated.
PRJ-11692, PRHF-10028	Endpoint Security	In SmartEndpoint, Anti-Malware's "Top Infections" report has an empty infection name. Refer to sk166232.
PRJ-2924ת PMTR-39317	Endpoint Security	Very frequently repeated "update register" requests may cause performance issues.
PRJ-5622, PMTR-43207	Endpoint Security	Endpoint Management may incorrectly show that no local Anti-Malware signatures updater is installed on the DHS-complaint engine.
PRJ-5805, PRJ-10932, VSECNSX-1211	CloudGuard IaaS	NEW: Added support for Identity Sharing with CloudGuard for NSX-V.
PRJ-7891, VSECC-1001	CloudGuard IaaS	NEW: Added support for Google Cloud Platform projects with Shared VPC. Refer to sk164139.
PRJ-10913, VSECC-1222	CloudGuard IaaS	When an Azure subnet is missing its prefix attribute, the Microsoft Azure Data Center may fail to poll data, resulting in a loss of updates to the Security Gateway.
PRJ-11025, VSECC-1231	CloudGuard IaaS	When an Azure Virtual Network Interface is missing its properties' primary attribute, the Microsoft Azure Data Center may fail to poll data, resulting in a loss of updates to the Security Gateway.
PRJ-10867, VSECC-1119	CloudGuard IaaS	In a rare scenario, the OpenStack Data Center becomes unresponsive, which results in a loss of updates to the Security Gateway.
R80.30 Jumbo HotFix - General Availability Take 196 (21 May 2020, GA from 26 May 2020)
PRJ-12850	Installation	In some scenarios, installation of a software update hotfixes on top of Jumbo Hotfix Accumulator Take 195 may fail with “Conflict found, version R80_30_JUMBO_HF_MAIN with hotfix :XXX - details: “cr:PRJ-11542 files: libfw_kern_64_us.so, libfw_kern_64_us_v6.so” message.
R80.30 Jumbo HotFix - Ongoing Take 195 (26 April 2020)
PRJ-8953, MCFG-246	Upgrade Tools	Upgrade from R80.20 to R80.30 may fail with messages related to cmsobfuscationkey.
PRJ-10629	Installation	Firmware upgrade for Small Office appliance using SmartProvisioning in Multi-Domain Management environment may fail.
PRJ-8644, CPM-2623	Security Management	NEW: Performance enhancements while the Management Server is under high load.
PRJ-8606, PRJ-8605	Security Management	NEW: Added ability to search in the Management Server by adding asterisk before any sequence of characters. For more information, refer to sk164873. Requires R80.30 SmartConsole Build 76 (or higher).
PRJ-9591, PMTR-38555	Security Management	Security hardening: The Management Server will block connection requests with a TLS version below 1.2 on port 19009.
PRJ-8896, PMTR-48673	Security Management	When an administrator fails to publish another administrator’s session, the session of the other administrator disappears from the Sessions view in SmartConsole.
PRJ-7887, PMTR-46703	Security Management	In some scenarios, when the user modifies a policy rule and creates a section above it in the same session, the log tracker shows that the rule was created instead of modified.
PRJ-5794, PMTR-40790	Security Management	In some scenarios, after the user manually performs "Full Sync", a newly created secondary Domain Server or Domain Log Server is not shown in SmartConsole's Domains view.
PRJ-678, PMTR-36302	Security Management	In some scenarios, Check Point services fail to start and the CPM log shows that there are duplicate session aggregators.
PRJ-9265, PMTR-49516	Security Management	Policy verification may fail after the user does the following steps: Configures specific install targets for a policy, publishes them, changes the install targets back to "All Gateways", and tries to install them on a Gateway which is not in the original list of targets.
PRJ-6704, PMTR-44004	Security Management	In a rare scenario, when viewing the Layer History, some revisions not relevant to the selected Layer may be shown.
PRJ-8394, PMTR-45121	Security Management	In a rare scenario, tasks do not appear in the Tasks notifications bar even though they are running.
PRJ-9261, PMTR-49143	Security Management	Upgrade of Multi-Domain Server may fail when the source version is R80.10 and there is no license configured on the target machine.
PRJ-9668, PRJ-4734, PRHF-5341	Security Management	In a rare scenario, the FWD process on the Security Management may stop working during peak hours.
PRJ-10088, PMTR-50276	Security Management	The cpm_solr process may stop working and cause one of the following: The upgrade of a Management machine may stuck on 58% The Management HA synchronization may fail with "NGM failed to import data" error Users may not be able to log in.
PRJ-9089, PRHF-8266	Security Management	In a rare scenario, when an environment has many Gateways (dozens), the FWM daemon may stop working when 4 GB of memory is reached. Refer to sk165015.
PRJ-7819, PRHF-4644	Security Management	In some scenarios, SmartView Monitor unexpectedly terminates when the user selects the Specific QoS Rules option in Top QoS Rules.
PRJ-7768, PRHF-7425	Security Management	In rare scenarios, publishing a session fails with the following "Action Failed due to an Internal Error" error. Discarding the session in SmartConsole completes as "discarded", but the changes are still there. The same behavior occurs in the Management API: mgmt_cli -r true discard uid <UID> number-of-discarded-changes: 4 message: "OK"
PRJ-5447, PMTR-40663	Security Management	In some scenarios, an unclear error appears when the user imports a global policy on a Multi-Domain Management Server. The error is caused by a mismatch between the leading interface defined on the machine and the one defined in the database.
PRJ-9299, PRHF-8336	Security Management	In a rare scenario, the "SmartDashboard component failed to connect to server <IP address>. Please contact technical support" error is displayed in SmartConsole when opening the Management object for editing.
PRJ-8230, PRHF-7728	Security Management	The "Unused Objects" filter in Object Explorer may display a failure message if there are more than 20000 unused objects. A limit was added so that only the first 5000 objects will be displayed.
PRJ-9322, PRHF-8494	Security Management	In some scenarios, a disconnected SmartView Monitor session appears in SmartConsole with a grayed out 'Disconnect' option, which cannot be discarded. Refer to sk165037.
PRJ-9171, PMTR-48463	Multi-Domain Management	NEW: Performance improvement for Multi-Domain environments in which many administrators are connected.
PRJ-9236, PMTR-45644	Multi-Domain Management	NEW: Performance enhancements for the delete Domain operation.
PRJ-10746, PMTR-50936	Multi-Domain Management	In some scenarios, policy installation from the Domain Management Server fails after mds_backup procedure that was interrupted. Refer to sk165559.
PRJ-10530, PRHF-8581	Multi-Domain Management	The mds_import.sh script may fail if the IPS version for a Domain/CMA does not exist on the R80.x Multi-Domain Management Server.
PRJ-11176, PMTR-51890	Multi-Domain Management	In some scenarios, Full synchronization fails in the Global Domain with "Full sync with peer '[Peer Name]' NGM failed to import data" error. Refer to sk145972.
PRJ-10363, PMTR-51017	Multi-Domain Management	After performing Full synchronization or failover of the Global Domain, the following operations may fail (refer to sk145972): Global Domain reassignment IPS or Application Control updates in the Global Domain
PRJ-11166, PMTR-51180	Multi-Domain Management	In a rare scenario, synchronization between Multi-Domain Management Servers breaks after revisions purge operation.
PRJ-2630	Multi-Domain Management	In a Multi-Domain Management environment with more than 50 Domains, some Domains are not displayed in the SmartEvent GUI.
PRJ-9240, PRJ-9743, PRHF-8077	Multi-Domain Management	In some scenarios, secondary MDS or MLM fail to renew a management certificate. Refer to sk164732.
PRJ-6985, PMTR-44593	Multi-Domain Management	In some scenarios, there may be high Solr CPU on Multi-Domain Management Servers with dozens of Domains.
PRJ-9698. PRHF-8593	Multi-Domain Management	MLM may open a connection to the reversed IP address of the Multi-Domain Server.
PRJ-10526, PRHF-8686	Multi-Domain Management	Upgrade of Multi-Domain Server may fail if Sync With User Center is running.
PRJ-9281, PMTR-49566	SmartConsole	NEW: Enhancement: Two new flags were added for the performance improvement of Threat Protection API commands: 'show-profiles' and 'show-ips-additional-properties'. The default value for both flags is false.
PRJ-3771, PRHF-2388	SmartConsole	In "Top services" view of SmartView Monitor, "cp_tcp_A936..." service is displayed instead of "https" service. Refer to sk146052.
PRJ-9465, PMTR-49817	SmartConsole	In some scenarios, when the user attempts to delete a Gateway / Cluster member, an error message may appear and the operation may not complete successfully.
PRJ-4063, PRJ-71	SmartConsole	Objects of Unused Access Roles are not visible in the Object Explorer. Refer to sk151896.
PRJ-9079, API-864	SmartConsole	In some scenarios, the Management Server may stop working following authenticated API commands to create or update objects with extremely long comments.
PRJ-9549, PRJ-9544	SmartConsole	When the user invokes the 'show-access-layer' API command, the parent layer may be missing from the output result.
PRJ-1449, PRHF-3822	SmartConsole	In some scenarios, the api.elg log is flooded with the the "Returning default standard reply class" message.
PRJ-10287, PRHF-3128	SmartConsole	"An internal error has occurred. (Code: 0x8003001D, Could not access file for write operation)" error is displayed when editing IKE PSK on “External User Profile” objects using Legacy SmartDashboard. Refer to Scenario 2 in sk119973.
PRJ-7054, PMTR-43349	SmartConsole	When performing Backup and Restore, user may get a misleading message that these operations are supported only for Gaia.
PRJ-10634, PRJ-10705, PRJ-10710, PMTR-45783	SmartProvisioning	In some scenarios, after creating a Small Office gateway using LSMCli, some fields in the gateway object on the SmartProvsioning are not populated.
PRJ-10139, PMTR-43309	SmartProvisioning	Deletion of LSM Robo cluster may cause the FWM process to stop working.
PRJ-8017, PMTR-46682	SmartView	SmartView may show wrong time in tables and graphs for clients located in Brazil.
PRJ-8134, PMTR-45751	SmartView	"The process <process-name> which is monitored by watchdog restarted more than once in the last half an hour" error may appear in the SmartEvent GUI status window even though the process has been up for more than 30 minutes.
PRJ-7922, PMTR-46737	SmartView	In the Logs page of the SmartView web application, the "File Name" filter may appear twice in the quick filters pane.
PRJ-7724, PRHF-7326	SmartView	In SmartView, when filtering a view using special characters in the search bar and exporting to Excel, the file may be generated empty.
PRJ-10373, PRHF-8973	SmartView	In some scenarios, after user imports view/report in SmartView, the imported view/report is not shown in the Catalog.
PRJ-4329, SE-331	SmartEvent	In some scenarios, automatic reactions in SmartEvent are sent with the "Destination address" field containing the resolved country name instead of the raw IP value. Refer to sk146992.
PRJ-7497, PRHF-7101	SmartEvent	When using SmartEvent automatic reactions, .MHT files in $RTDIR/tmp* directory are not cleaned up in case of email sending failure.
PRJ-10467, PMTR-49504	Security Gateway	In a rare scenario, after upgrading a Security Gateway to R80.30, the log_indexer process running on the Log server may consume 100% CPU and cause the indexing backlog.
PRJ-9443, PRJ-9444, PRJ-9416	Security Gateway	Added logs for packets that include invalid TCP options. This feature is disabled by default.
PRJ-9558, PRJ-9559, PMTR-48022	Security Gateway	In a rare scenario, fast accel configuration may be deleted after an upgrade from R80.20
PRJ-10028, PMTR-50431	Security Gateway	In a rare scenario, when the web server is defined, policy installation fails with "Error code 0-20000111".
PRJ-9688, PRJ-9689, PMTR-46451	Security Gateway	Traffic may be dropped on DAIP gateway after the gateway IP address is changed or the gateway is rebooted. Refer to sk165176.
PRJ-8751, PRJ-8752, PMTR-46471	Security Gateway	In some scenarios, incorrect number of outbound interfaces may be received when SecureXL is disabled.
PRJ-10202, PRJ-10203, PRHF-9508	Security Gateway	ICAP Client may not working properly when Threat Extraction blade is enabled. To enable the fix, set the enable_icap_with_strict_hold parameter to 1
PRJ-10279, PRJ-10308, PMTR-50683	Anti-Malware	NEW: Added support to allow Threat Extraction to scan a file download in additional scenarios.
PRJ-10960, PRJ-10737, PRHF-9265	SSL Inspection	In a rare scenario, a memory leak may appear when SSL inspection is enabled.
PRJ-7996, PRJ-7997, PMTR-46960	HTTPS Inspection	WSDNSD memory leak may appear when updatable objects are configured in the policy. Refer to sk165616.
PRJ-9405, PRJ-10362, PMTR-51402	HTTPS Inspection	In some scenarios, wrong certificate is shown by HTTPS Inspection for some websites, including certificates issued by "CloudFlare Inc ECC CA-2". Refer to sk118392.
PRJ-11092, PRJ-4418	IPS	In some scenarios, a '+' (plus sign) in an HTTP URL may be replaced with ' ' (space) when the "Forensics" feature is turned on in Threat Prevention. Fix is relevant for Gaia 3.10 only.
PRJ-9539, PRJ-9540, PRHF-4033	Identity Awareness	Policy installation process has been improved.
PRJ-10759, PRJ-10760, IDA-2866	Identity Awareness	In some scenarios, multiple "idapi_load_data_impl: session id <Session ID> not found in client_db, although ip <Session IP> was assigned to it" errors appear in /var/log/messages file. Refer to sk167174.
PRJ-7673, PMTR-45649	Threat Prevention	Improvements in HTTP chunked encoding inspection.
PRJ-7640, PMTR-45565	Threat Prevention	Improved enforcement of Threat Prevention blades in partial HTTP responses.
PRJ-5790, PRJ-10192, PMTR-43536	Threat Extraction	Link to the original file in Threat Extraction may not function properly (in cleaned files only).
PRJ-2281, PMTR-38493	Logging	NEW: Added CloudGuard SaaS Security Checkup that presents a summary of security activity and findings in your SaaS applications. This report allows reviewing phishing emails, malicious files and URLs, data loss incidents, Shadow IT detections and potentially compromised accounts.
PRJ-7925, PMTR-42913	Logging	Following changes in correlation unit settings, new logs may not be read by SmartEvent until the log_indexer process is restarted.
PRJ-5574, PRHF-6592	Logging	When a Log Server is configured to parse Syslog messages, the field "User" may be truncated in the parsed log in the Log Details view if the field contains underscore.
PRJ-6023, PRHF-4951	Logging	When restarting the FWD process on the Log server, the syslogd process (syslog daemon), may stop working.
PRJ-4448, PMTR-39444	Logging	In SmartView, drilling down from the timeline widget to logs, may show less logs than expected.
PRJ-5650, PRHF-6080	Logging	In some scenarios, when the user creates a table widget in SmartView, there is no option to add the “hostname” field. Refer to sk162752.
PRJ-8682, PRHF-7856	Logging	In some scenarios, Threat Emulation Logs cannot be viewed in the logging or reporting views because of a certain format of the "file size" field sent from the Security Gateway.
PRJ-8496, PRHF-7875	Logging	In SmartView, when the user exports logs to CSV using the "visible columns" option, the following fields may be missing from the CSV file: Resource, Application Risk, Application Name, and Application Category.
PRJ-5900, PRHF-6120	Logging	It is not possible to query the "file_name" field on a Log server that does not have the SmartEvent activated.
PRJ-434, PRHF-2797	Logging	In SmartEvent, when the user customizes an event to accumulate logs by the field UUID, logs with UUID equal to 0 may not be correlated.
PRJ-4982, SL-2893	Logging	In SmartView, the percentage values in pie charts may add up to 99% or 101%.
PRJ-9971, SL-3551	Logging	In a Multi-Domain environment, one or more CMA's SMARTLOG_SERVER processes may fail to start after upgrade. Refer to sk165262.
PRJ-8761, PRJ-8762, PMTR-40390	SecureXL	NEW: Improved performance for multicast traffic after all listeners have been removed for an existing connection.
PRJ-10399, PRJ-4542, 02390699	SecureXL	In some scenarios, asymmetric traffic is dropped on Security gateway with enabled SecureXL and several Bridge interfaces. Refer to sk114976. This fix adds a feature to support certain types of asymmetric bridged configurations.
PRJ-8915, PRJ-8890	SecureXL	In some scenarios, multicast packets arrive to the Security gateway in order, but leave out-of-order.
PRJ-8979, PRJ-8980, PRJ-8977	SecureXL	When PIM-SM multicast routing transitions from RPT to SPT, packets may be dropped or become out-of-order.
PRJ-8982, PMTR-44150	SecureXL	When NAT-T packets pass through a standalone gateway, this traffic may be dropped if SecureXL is enabled.
PRJ-10186, ACCHA-127	SecureXL	When SecureXL is enabled on the Security Gateway general traffic latency is observed. Refer to sk165652.
PRJ-9326, PRJ-10646, PRJ-2546	SecureXL	In some scenarios, SNMP queries for SecureXL OIDs return incorrect values.
PRJ-5029, PRJ-10179, PMTR-39590	SecureXL	In a rare scenario, Security gateway may crash under heavy load when SecureXL is enabled.
PRJ-2485	Routing	PBR may not work for port or protocol used separately in a PBR rule. Fix is relevant for Gaia 3.10 only.
PRJ-9074, PRJ-9850, PRHF-8337	Routing	In some scenarios, a corrupted BGP AS4_PATH attribute value may result in an invalid, long BGP update that is rejected by the BGP peer. Refer to sk167157.
PRJ-7490, PRJ-8224, PMTR-39273	Routing	In some scenarios, the CLISH command for PBR results in an error.
PRJ-5002, PRHF-5471	VSX	Resource Monitor Control may cause segmentation fault when there are more than 64 CPUs. Refer to sk125112.
PRJ-9994, PMTR-47050	VSX	In some scenarios, traffic may be forwarded on bridge interface when member is down. Fix is relevant for Gaia 3.10 only.
PRJ-10541, PMTR-51263	VSX	In the menu of 'vsx_util vsls' #1 (Display current VS Load sharing configuration), the table shows cut names of VSs (original names are longer).
PRJ-10556, PRJ-10557, VPNS2S-938	VPN	Improved the VPN Site-to-Site tunnel establishment scenario with IKEv2.
PRJ-7014, PRHF-2844	VPN	Added L2TP Remote Access client connectivity improvements. Refer to Scenario 2 in sk145895. Fix is relevant for Gaia 2.6.18 only.
PRJ-6118, PMTR-44901	VPN	In some scenarios, NAT-D traffic goes out from the first external interface.
PRJ-11035, PMTR-36437	VPN	In some scenarios, VPN traffic distribution change may cause high CPU consumption on one CPU core. Refer to sk165853. Fix is relevant for Gaia 2.6.18 only.
PRJ-5763, PRJ-6093, PMTR-43541	VPN	In some scenarios, accelerated VPN tunnels routed over PPPoE interface may cause drop of encrypted traffic of some connections. Refer to sk148872.
PRJ-2216, PRJ-9931, PMTR-30347	VoIP	In some scenarios, VoIP calls are dropped with "SIP Re-Invites exceeded the limit" reject reason. Refer to sk145412.
PRJ-7822, PMTR-44869	Gaia OS	NEW: Added the /proc/sys/net/bridge/bpdu_forwarding flag to block BPDU packets per bridge setup on Gaia 3.10.
PRJ-10803, PRJ-10804, PRJ-10810, PMTR-50836	Gaia OS	CVE-2020-8597: pppd is vulnerable to buffer overflow. Refer to sk165875.
PRJ-5186, PRHF-5617	Endpoint Security	The log description of the "Media Encryption & Port Protection" blade may state that the "Media Storage" is encrypted even though it is not. The details in the log show the correct value. Refer to sk162812.
PRJ-10119, PRJ-9633	Compliance	In some scenarios, database import on a single Domain machines where the Compliance blade is activated fails, and as a result, the FWM process stops working after the import.
R80.30 Jumbo HotFix - General Availability Take 191 (22 April 2020, GA from 30 April 2020)
PRJ-11782	Multi-Domain Management	Web API may be down after uninstalling Takes 163-180 of R80.30 Jumbo Hotfix. Refer to sk166393.
R80.30 Jumbo HotFix - Ongoing Take 180 (08 April 2020)
PRJ-11542, PRJ-11546	Gaia OS	In a rare scenario on a cluster environment, Security gateway may corrupt data or crash during an upgrade.
R80.30 Jumbo HotFix - Ongoing Take 168 (17 March 2020)
PRJ-10897, PRJ-10918	Gaia OS	In a rare scenario, Security gateway may crash on cluster fail-over when ISP redundancy is configured.
R80.30 Jumbo HotFix - Ongoing Take 166 (11 March 2020)
PRJ-9461	Security Management	NEW: Added ability for R80.30 Security Management or Multi-Domain Server to manage R80.40 Security gateway. Refer to sk164652. Requires R80.30 SmartConsole Build 62 (or higher).
PRJ-9813	Gaia OS	NEW: Added support for Jumbo Hotfix installation on Check Point 3600, 6200, 6600 and 6900 appliances. Refer to sk110052 and sk139932. Requires R80.30 SmartConsole Build 62 (or higher).
PRJ-9318	Gaia OS	On 3600 and 3600T appliances, alarm led turns on if one of the PSU is disconnected. Refer to sk166000. Fix is relevant for Gaia 3.10 only.
R80.30 Jumbo HotFix - Ongoing Take 163 (05 March 2020)
PRJ-9397, PMTR-44668	Security Management	In a rare scenario, the FWM process will utilize 100% CPU, and connections to SmartConsole may fail.
PRJ-8492, PMTR-48267	Security Management	When reverting a security layer to a previous revision, if there are rules which are currently disabled, but were enabled in the selected previous revision (or vice versa), their status may not be reverted.
PRJ-5450, PMTR-42420	Security Management	In some scenarios, an upgrade from R7x secondary Multi-Domain Server with active Domains may fail.
PRJ-8376, PRHF-7874	Security Management	In some scenarios, the exported database may be very large and include redundant data.
PRJ-7468, CPM-1745	Security Management	Global policy reassignment may fail after a rulebase is deleted in the Global Domain.
PRJ-7918, PRHF-7614	Security Management	When installing policy to a Cisco router, an automatic ACL number change may cause networking issues.
PRJ-7413, CPM-2541	Security Management	In a rare scenario, all users connected to the Management Server get disconnected and new logins fail until the Management Server is restarted.
PRJ-3039, PMTR-39305	Security Management	In some scenarios, the Management Server takes a long time to start or even fails to start.
PRJ-8095, PRHF-7729	Security Management	In some scenarios, policy installation fails when the installation target is Check Point Host.
PRJ-8876, PMTR-23492	Security Management	Added support for Internal CA certificate replacement.
PRJ-7784, PMTR-46434	Security Management	In some scenarios, HA synchronization in the Global Domain fails with the "Failed to sync peer - Global Domain is incompatible with the Domains." error.
PRJ-8859, PMTR-48652	Security Management	If the database contains an internal user object with the same account name as an administrator object, then after the user publishes any change to the administrator object, the login in a VPN client with the internal user account may fail.
PRJ-8799, PMTR-48610	Security Management	If the database contains an internal user object with the same account name as an administrator object, then after the user publishes any change to the internal user object, the login in SmartConsole with the administrator account may fail.
PRJ-7457, PRHF-7167	Security Management	In some scenarios, upgrade fails with the "Satellite object of type GatewayAggregator not found for core object" message in cpm.elg file.
PRJ-8189, PMTR-47772	Multi-Domain Management	The Administrator and Trusted Clients pop-up editors at the Multi-Domain Server level show all domain names linked to these objects. Domain Managers with partial permissions, may see the names of domains that they are not permitted to see.
PRJ-7831, PMTR-43461	Multi-Domain Management	In some scenarios, upgrade of R7x secondary Multi-Domain Management Server or Multi-Domain Log Server fails.
PRJ-5100, PMTR-41234	SmartConsole	When editing the description of a revision, the "Changes" field is reset to 0.
PRJ-8650, PRJ-8753	SmartConsole	In some scenarios, on a Global domain, when the user sets a logging option of an IPS protection whose activation is Detect or Prevent, the activation of the protection is set to "Inactive" on the local domain after an Assign Global Policy operation.
PRJ-7943, PMTR-46715	SmartConsole	In some scenarios, when running the "show-mdss" command with the "details-level full" option, not all Domains are retrieved.
PRJ-6143, PMTR-41587	SmartConsole	After an upgrade of R80.10 Management, cloned Multi-Domain super user permission profiles (Read/Write permission profiles) may be missing the "Global VPN Management" permission.
PRJ-8701, PRHF-7991	SmartConsole	The shared secret's edit button may be grayed out.
PRJ-7771	SmartConsole	The API command 'show-api-versions' may return version 1.6 instead of 1.5. Refer to sk163942.
PRJ-9081, PMTR-47530	SmartConsole	In some scenarios, IPS update fails in the Global Domain after an upgrade from R80.10.
PRJ-6786, PRJ-5742	SmartConsole	NEW: LDAP advanced query now supports ANR filtering.
PRJ-8351, PRJ-8352	Security Gateway	Improved the ICAP client connectivity when using Trickling mode 3 in settings.
PRJ-7333, PRJ-7244	Security Gateway	Connectivity issues may appear when ISP Redundancy is configured.
PRJ-7801, PRJ-7802, PMTR-45962	Security Gateway	In a rare scenario, routed process stops working under high load.
PRJ-7374, PRJ-7375, PMTR-45566	Security Gateway	Improved multicast routing under high load and/or during system initialization.
PRJ-9051, PRJ-9593, PRHF-8288	Security Gateway	Global connections may not be freed correctly when the Gateway acts as a Proxy.
PRJ-8906, PRJ-8919	Security Gateway	"fwk_build_cparams_hashes: failed to create str cparams hash" dmesg error may appear during policy installation.
PRJ-8723, PRJ-8724, PMTR-26082	Security Gateway	Improved scalability of DOS/Rate limiting rules.
PRJ-3477, PRJ-8442, PRHF-4624	Security Gateway	In a topology in which Client and Server are connected to the Security Gateway using two different interfaces each, for example: Client -- eth1 <Gateway> eth2 -- Server Client -- eth3 <Gateway> eth4 -- Server The response packets from Server to Client may be incorrectly routed back to the Server because of an incorrect route cache in the Security Gateway.
PRJ-7088, PRJ-7096, PMTR-42966	Security Gateway	In some scenarios, connectivity problems may appear due to proxy arp table that is not updated after policy installation.
PRJ-8646, PRJ-8647, PMTR-41512	Security Gateway	In a rare scenario, ICAP client requires manual steps to activate RESP mode after running cpstop ; cpstart.
PRJ-8152, PRHF-7736	Security Gateway	Policy installation on Cluster may fail if the Cluster member name is longer than 64 characters.
PRJ-7879, PRJ-7880	Security Gateway	In a rare scenario, there is no HTTPS Inspection when ICAP client is enabled.
PRJ-8877, PRHF-7389	Security Gateway	In some scenarios, there is no SIC after applying the ICA certificate replacement procedure.
PRJ-7870, PRJ-7867, SWG-2361	Security Gateway	Improved DNS caching and negative DNS response handling.
PRJ-7752, PRHF-7389	Security Gateway	In some scenarios, there is no SIC after applying the ICA certificate replacement procedure.
PRJ-2795, IPS-682	IPS	In some scenarios, the interface name is not displayed correctly in the IPS log.
PRJ-8880	IPS	In a rare scenario, Security gateway may crash due to NULL pointer reference. Fix is relevant for Gaia 2.6.18 only
PRJ-9195, PMTR-36246	Anti-Malware	In a rare scenario, policy installation fails when the Security Management Server is handling a large number of Security Gateways.
PRJ-6114	Threat Extraction	In rare scenarios, files fail to download when the Threat Extraction blade is active.
PRJ-6075, PRJ-6076, PMTR-41138	Identity Awareness	Machine identity for Terminal Server agent is not identified unless Identity Agent is also enabled on the Security Gateway.
PRJ-8424, IDA-2022	Identity Awareness	Identity Awareness performance improvements in large scale environments.
PRJ-8279, PRJ-8280, MBS-9133	SSL Inspection	In some scenarios, some HTTPS sites are not categorized when both "Categorize HTTPS Sites" and "HTTPS Inspection" are enabled.
PRJ-8340, PRJ-8341, PMTR-47846	SSL Inspection	In a rare scenario, memory leak may appear in ICAP client when HTTPS Inspection is enabled.
PRJ-7653, PMTR-45863	SSL Inspection	HTTPS Inspection's default CA certificate was upgraded to use a signing algorithm based on SHA256 instead of SHA1. Refer to sk163932.
PRJ-7166, PMTR-23406	SSL Inspection	NEW: Added support for proxy configuration when downloading CRL from a VSX device. Refer to sk151115.
PRJ-6190, PRHF-6325	Logging	Widgets inside SmartView's "Views and Reports" may result in "Query Failed" messages when filtered by the "Log Server Origin" field.
PRJ-8551, PRJ-8548	Logging	NEW: Log Exporter feature exports log attachment identifiers and adds the ability to fetch them through the Management API command.
PRJ-3654, PRHF-4654	Logging	SmartEvent may not correlate certain Anti-Virus logs.
PRJ-6698, PMTR-44388	Logging	In some scenarios, exporting a large number of logs to Excel may fail and cause SmartView to restart.
PRJ-7709, PMTR-39944	Application Control	In some scenarios, HTTP traffic is blocked with "HTTP parsing error occurred (2)" and "parameters are undecodable in request" errors. Refer to sk160092.
PRJ-7553, PRJ-7554, PRHF-7071	ClusterXL	In a rare scenario in a ClusterXL environment, SYN Defender may incorrectly drop a valid traffic.
PRJ-7638, PRJ-7639, PMTR-46064	ClusterXL	The "set router-options auto-restore-iface-routes" command is now deprecated.
PRJ-7705, PRJ-7706, PRHF-6356	SecureXL	Some traffic may not pass when Policy Based Routing (PBR) and SecureXL are enabled. Refer to sk163252.
PRJ-7502, PRJ-7707, PMTR-34845	SecureXL	In some scenarios, new connection may fail to open if it is reopened with the same source port. Refer to sk164839.
PRJ-7561, PRJ-7562, PRHF-7247	SecureXL	In some scenarios, when SecureXL is enabled, it drops the TCP traffic for the particular connection for invalid state reasons. Refer to sk147093.
PRJ-4341, PMTR-40757	SecureXL	In some scenarios, IP-VLAN traffic traversing a bridge of two physical interfaces has the VLAN tag stripped. Fix is relevant for Gaia 3.10 only.
PRJ-8976, PMTR-44150	SecureXL	When NAT-T packets pass through a standalone gateway, this traffic may be dropped if SecureXL is enabled. Fix is relevant for Gaia 3.10 only.
PRJ-600, PRJ-7319, PMTR-35261	SecureXL	SYN Defender status in CPView sometimes appears as invalid.
PRJ-6157, PRJ-6161, PRHF-6490	SecureXL	In some scenarios, SecureXL causes an issue in the routing of multicast traffic.
PRJ-8780, PRJ-8781, PRHF-6971	SecureXL	In a rare scenario, DOS/Rate Limiting Logs are not searchable.
PRJ-4383, PRJ-603, PMTR-36548	SecureXL	In some scenarios, DOS/Rate Limiting configuration is not applied after reboot if no fw samp policy is configured.
PRJ-7719, GAIA-6588	Gaia OS	16000 and 26000 Appliances with CPAC-4-1/10F-C NICs (using i40e driver) connected to some specific Cisco switches are flopping. Refer to sk163267.
PRJ-5983, GAIA-5634	Gaia OS	In a rare scenario, there is network interface flapping with Intel (igb) interfaces connected to Cisco switches. Refer to sk163852.
PRJ-7192	Gaia OS	NEW: Added support of Jumbo Hotfix Accumulator on Smart-1 625 appliances.
PRJ-7372, PMTR-44835	Gaia OS	In some scenarios, the iDRAC (LOM) interface is not pingable.
PRJ-8770, PRJ-7825, PMTR-46170,	Routing	PIM may be unable to resolve outbound interface of multicast route when unicast route lookup fails.
PRJ-7407, PRJ-7408, PMTR-45530	Routing	When MaaS tunnels are added, the routed process may stop working.
PRJ-7303, PRHF-4371	Mobile Access	In a rare scenario, when Mobile Access blade is enabled, the Security Gateway may crash with vmcore.
PRJ-7066, PMTR-45006	CloudGuard	In some scenarios, subnet objects may not contain all the relevant IP addresses for VMSS VMs.
PRJ-5943, PRHF-5936	Endpoint Security	Some messages in the self-help portal are not properly localized in Japanese.
PRJ-5941, PRHF-5289	Endpoint Security	NEW: Added the feature to use epmCommands with object nids.
PRJ-7113, PRHF-6221	Endpoint Security	In a rare scenario, Endpoint Management Server on AWS crashes when the user sets the property "Gateways management" to "Over the internet" in the AWS template.
PRJ-7114, PRHF-6011	Endpoint Security	In some scenarios, Endpoint Management does not start after an upgrade to R80.30 in the environment that manages both Endpoints and Gateways. Refer to sk163537.
PRJ-5136, PRJ-8337, PMTR-34812	VSX	Performance optimization for the time object matching on VSX environment.
PRJ-8456, PMTR-42292	VSX	Adding a VD after deleting a VD fails, and then the 'netns add' command returns "RTNETLINK answers: No space left on device" error message. Fix is relevant for Gaia 3.10 only.
R80.30 Jumbo HotFix - General Availability Take 155 (20 February 2020, GA from 01 March 2020)
PRJ-9968, PRJ-9973	Security Gateway	In a rare scenario, a non-HTTP traffic on port TCP/80 is dropped.
PRJ-10115, PRJ-10116, PMTR-43665	Application Control HTTPS Inspection	In some scenarios, when Application Control and HTTPS Inspection are enabled and detailed or extended log is used, applications may not be matched correctly.
R80.30 Jumbo HotFix - General Availability Take 140 (03 February 2020, GA from 10 February 2020) Note: This Take updates Take 136 released on 22 January 2020
PRJ-9410, PMTR-46906	Security Gateway	In some scenarios, Security gateway crashes when the Priority Queue feature is enabled.
PRJ-5530, PMTR-42941	CloudGuard	In some scenarios, centrally distributed license disappears from CloudGuard Gateways. Refer to sk151794.
R80.30 Jumbo HotFix - Ongoing Take 136 (22 January 2020) Note: This Take updates Take 135 released on 13 January 2020
PRJ-8217, PMTR-47601	Security Management	Management HA synchronization fails with error "Failed to export data" on Multi-Domain Management or Security Management server environment with at least 3 machines. Refer to sk164792.
R80.30 Jumbo HotFix - Ongoing Take 135 (13 January 2020) Note: This Take updates Take 132 released on 2 January 2020
PRJ-6822, PMTR-37053	Upgrade Tools	In some scenarios, cannot export a database using the migration tools of the current version while there are open sessions in the database.
PRJ-4930, PMTR-41602	Upgrade Tools	In some scenarios, the FWM process fails to start after a successful upgrade with the "Found an indication that the current domain was migrated, and the migration had failed. Cannot start after a migration failure" message in the fwm.elg file.
PRJ-7423, PRJ-7424, PMTR-44671	Infrastructure	In some scenarios, Anti-Bot\Anti-Virus\IPS\Threat Emulation blade update fails with "Curl error code 56".
PRJ-5918, PMTR-39797	Security Management	In a rare scenario, the $CPDIR/tmp/ directory is filled with "CKP_mutex::_opt_CPsuite-RXX_fw1_log__..." files. Refer to sk36754. Fix is relevant for Gaia 3.10 only.
PRJ-2341, PMTR-38095	Security Management	In a rare scenario, the Security Management server does not start due to a missing object, or a duplication of objects.
PRJ-5717, PMTR-42089	Security Management	In some scenarios, upgrade from R7x is not aborted when there is not enough disk space to complete the import operation.
PRJ-5665, PRHF-6087	Security Management	In some scenarios, purge revisions fails and blank lines that cannot be deleted, appear in SmartConsole Revisions view. Refer to sk163116.
PRJ-5757, PMTR-43497	Security Management	High Availability synchronization between Management Servers may fail when there is no enough disk space in the root partition.
PRJ-5661, PRHF-5965	Security Management	Blank lines may appear in SmartConsole Purge Revisions view after purging a large database.
PRJ-4971, PRHF-5435	Security Management	In some scenarios, disconnected sessions with no changes or locks appear in SmartConsole session view.
PRJ-4835, PRHF-5419	Security Management	The FWM process may stop working The FWM process may stop working when an incorrect license SKU with a specific format is applied.
PRJ-5656, PRHF-5776	Security Management	In some scenarios, cpm_status.sh reports incorrect CPM status. Refer to sk162633.
PRJ-5097, PMTR-41712	Security Management	When an administrator edits the description of a revision, he becomes the publisher of the revision.
PRJ-7040, PRHF-6722	Security Management	The 'fwm sic_reset' command does not print which object still has an IKE certificate.
PRJ-5245, PRJ-5250	Multi-Domain Management	NEW: Added the Domain Management Migration, Backup and Upgrade feature: Backup and restore an individual Domain Management Server on a Multi-Domain Server. Migrate a Multi-Domain Security Management from one Multi-Domain Server to a different Multi-Domain Server. Migrate a Security Management Server to become a Domain Management Server on a Multi-Domain Server. Migrate a Domain Management Server to become a Security Management Server. For more information see sk156072 .
PRJ-3688, PMTR-7744	Multi-Domain Management	"dleserver.utils.UidManager" errors on cma_migrate failure on Multi-Domain Server upgraded from R80.
PRJ-6670, PMTR-44148	Multi-Domain Management	In some scenarios, traffic outage may happen after policy installation from Multi-Domain SmartConsole. Refer to sk163712.
PRJ-7106, PRHF-6605	Multi-Domain Management	The cma_migrate may fail if the IPS version does not exist on the R80.x Multi-Domain Management Server.
PRJ-6869, PRJ-6870, PMTR-44390	Multi-Domain Management	Improved Domain/CMA logs visibility.
PRJ-6126, PRHF-6532	SmartConsole	In some scenarios, the "Installed IPS Version" information is empty in the "Gateways and Servers" view.
PRJ-3549, PRJ-7071	SmartConsole	In a rare scenario, when editing a Star VPN community, SmartConsole terminates.
PRJ-5067, PRJ-5030	SmartConsole	NEW: Added integration of Management API with Ansible 2.9. For more info, see: https://galaxy.ansible.com/check_point/mgmt
PRJ-6934, PRHF-6842	SmartConsole	Threat prevention policy installation may include wrong topology warning on VSX cluster interfaces.
PRJ-5525, PRHF-5527	SmartConsole	In some scenarios, applying "Where used" from the local Domain on an object that is used in global policies, may return results from the global policies that are not assigned to the local Domain. Refer to sk162753.
PRJ-6642, PRHF-6606	SmartConsole	In some scenarios, administrator cannot open the 'RemoteAccess' - VPN community object for editing.
PRJ-5374, PMTR-43427	SmartConsole	In Multi-Domain environment, IPS protections become staging on each domain after global policy assignment while the protection does have override/staging status in the global domain.
PRJ-2438, PRHF-4184	SmartConsole	When disabling NAT for a network object and searching for the NAT IP address, the network object is still shown as part of the search results even though it should not be.
PRJ-1678, SL-1890	SmartView	In some scenarios, Hit Count on specific rules does not increment after they were recently created or re-ordered.
PRJ-5630, PRHF-5810	SmartView	In SmartView, when exporting logs to Excel after drill-down, the amount of logs is less than expected. Refer to sk162621.
PRJ-6047, PRJ-6048, PMTR-43654	Security Gateway	Improved misleading log for connections that terminate before detection.
PRJ-3350, PRJ-6729, SWG-2013	Security Gateway	In some scenarios, a designated interface may drop packets.
PRJ-8197, PRJ-8198, PMTR-47784	Security Gateway	Since R80.20, in some scenarios, predictable TCP sequences are generated by the Security Gateway. Refer to sk164775.
PRJ-7498, PRJ-7499, PMTR-45710	Security Gateway	In a rare scenario, running the "cpstop -fwflag -driver" command may cause a memory leak in IPv6 environment.
PRJ-8009, PRJ-8096, PMTR-46330	Security Gateway	Improved a Proxy connectivity while Anti-Virus blade works in Hold mode.
PRJ-1702, PRJ-6728, PRJ-4482	Security Gateway	In some scenarios, the /var/log/messages file is flooded with ICAP related errors.
PRJ-5890, PRHF-6029	Security Gateway	In some scenarios, enabling the Multi-Queue on a line card enables the Multi-Queue also on the on-board interfaces. Refer to sk162622.
PRJ-6640, SL-2819	Logging	In some scenarios, user cannot see his Check Point logs in LogRhythm platform using Log Exporter.
PRJ-5937, PRHF-5344	Logging	In some scenarios, when retrieving the UserCheck logs, FWD process on the Security gateway may stop working.
PRJ-6855, PMTR-42177	Logging	In a rare scenario, the "Logs & Monitor" view in SmartConsole freezes while scrolling down the results.
PRJ-7815, PMTR-42519	Logging	In a rare scenario involving multiple disconnections and reconnections between Security gateway and Log Server, connection is not automatically restored and logs may not be written locally. Refer to sk164852.
PRJ-7055, PRJ-5881, QOS-67	QoS	QoS Time Objects are not enforced in R80.20. Refer to sk163074.
PRJ-3714, PRJ-6949, PRHF-2795	DLP	DLP activation was optimized to reduce the CPU consumption.
PRJ-7507, PRHF-5184	Identity Awareness	When the Identity Awareness blade is enabled, a memory leak may appear in LDAP sessions.
PRJ-8193, PRJ-8194, MBS-8939	URL Filtering	In some scenarios, HTTPS traffic is not categorized as expected.
PRJ-6863, PMTR-41488	Anti-Malware	Improved behavior of Intelligence Feed failure.
PRJ-7464, PRJ-7465, PMTR-45826	IPS	Cannot update the Geo Policy IPToCountry database on Security Gateways. Refer to sk163672.
PRJ-4418	IPS	In some scenarios, a '+' (plus sign) in an HTTP URL may be replaced with ' ' (space) when the "Forensics" feature is turned on in Threat Prevention.
PRJ-1825, PRHF-3890	SSL Inspection	Added support of RDP over SSL inspection as part of HTTPS Inspection blade. (Relevant for Remote Desktop Protocol Vulnerability CVE-2019-0708.)
PRJ-6748, PRJ-6749, PMTR-42788	SecureXL	In a rare scenario, FTP Data connections do not pass while SYN Defender is active and enforcing.
PRJ-635, PMTR-22503	SecureXL	In some scenarios, virtio_net is not able to run multiqueue.
PRJ-7712, PRJ-8244, PMTR-18338	SecureXL	"sume_from_fw_forward: dropping packet of for vsid=0 due to loop prevention" dmesg errors during policy installation failure.
PRJ-634, PMTR-15461	SecureXL	NEW: Added support for i40evf driver.
PRJ-5620, PRJ-8021, PRHF-5809	ClusterXL	In some scenarios, a connectivity issue takes place in ClusterXL environment after a fast "fail over"-"fail back" or a "fail over" on bridge configuration.
PRJ-6160, PRJ-6787, PRJ-6788, PRHF-6143	Gaia OS	"Gaia Web-UI recognized a non-valid input data" error when creating a scheduled backup in WebUI via SCP or FTP with special characters used.
PRJ-5132, PRJ-1545, GAIA-4880	Gaia OS	In some scenarios, the VSX Management fails to be properly restored from backup.
PRJ-6038, PRJ-6129, GAIA-6587	Gaia OS	In some scenarios, the Smart-1 3150 appliance becomes unresponsive after enabling the optical interface. To upgrade to R80.30 using the Jumbo Hotfix, make sure all the interfaces are in state OFF. Refer to sk146512.
PRJ-3727, PRHF-5205	Gaia OS	In a rare scenario, many "skb_warn_bad_offload" warnings appear in the /var/log/messages file. Fix is relevant for Gaia 3.10 only.
PRJ-6588, GAIA-6588	Gaia OS	16000 and 26000 Appliances with CPAC-4-1/10F-C NICs (using i40e driver) connected to some specific Cisco switches are flopping. Refer to sk163267. Fix is relevant for Gaia 3.10 only.
PRJ-1758, PRJ-6054, PRJ-6057, PRHF-3943	Gaia OS	A network interface may restart when changing its properties from WebUI if the interfaces configuration was performed via CLISH.
PRJ-1261, PRHF-3675	Gaia OS&	CPD process may stop working when attempting to query sensor values on Smart-1 525, Smart-1 5050 and Smart-1 5150 appliances.
PRJ-6000, PRJ-7128, ROUT-445	Routing	In a rare scenario, last two (or more) nexthops of a BGP ECMP route disappear simultaneously and are not removed from the forwarding database. Refer to sk153552.
PRJ-6110, PRJ-6111, PRHF-6139	Routing	In a rare scenario, the routed process may stop working during ClusterXL failover when BGP is configured. Refer to sk165682.
PRJ-6578, PRJ-7405, PRHF-6603	Routing	For compliance and interoperability with BGP peers implementing older RFC, no BGP capability is advertised if peer does not advertise it first.
PRJ-5884, VSX-2190	VSX	The "vsx_util vsls" command does not display in full the long names of the VSX server name. Refer to sk163073.
PRJ-6174, PRHF-6145	Endpoint Security	Exported from SmartEndpoint .xlsx files may produce a warning when opened in Excel.
PRJ-5752, EPS-2262	Endpoint Security	Endpoint Management may fail on FileVault recovery for MacOS clients, when a computer re-joins domain.
PRJ-3404, PRJ-5954, VPNS2S-417	VPN	SmartView Monitor VPN tunnel status may show incorrect or missing tunnels status for a cluster object.
PRJ-7172, PRJ-7122, VPNRA-300	VPN	Packets from SSL Network Extender are dropped: "Reason: decrypted and user methods are not identical (VPN Error code 01)". Refer to sk163636.
PRJ-7181, PMTR-44859	CloudGuard	Public IP addresses for Virtual Machines and Virtual Machines Scale Sets may be missing.
PRJ-7382, PRHF-7119	CloudGuard	During a license pool creation, when a blade service is shared between different licenses, the vsec_lic_cli tool may create multiple pools instead of one.
R80.30 Jumbo HotFix - General Availability Take 111 (25 November 2019, GA from 03 December 2019) Note: This Take updates Take 107 released on 20 November 2019. It is recommended to install Take 111.
PRJ-7380	CPUSE	The "The previous take wasn't fully restored. Please uninstall and install it." error is displayed when attempting to uninstall R80.30 Jumbo HotFix Take 76 or Take 107. Refer to sk163674.
R80.30 Jumbo HotFix - Ongoing Take 107 (20 November 2019)
PRJ-1336, PRHF-3455	Security Management	Inline layers are not verified when there are no selected targets in the 'install on' column.
PRJ-4875, PRHF-5274	Security Management	In some scenarios, when setting or modifying the Email/Phone fields of an administrator, the old values still appear at the bottom pane under "View Sessions" instead of the updated values.
PRJ-5557, PMTR-43278	Security Management	In some scenarios, policy installation fails with "Policy installation failed on gateway. If the problem persists contact Check Point support (Error code: 0-2000117)". Refer to sk162554.
PRJ-5413, PRHF-5815	Security Management	In some scenarios, policy Installation fails with "Operation failed, install/uninstall has been improperly terminated" error. Refer to sk162855.
PRJ-2984, API-744	Security Management	In some scenarios, show generic-objects API command fails with "Management Server failed to execute command". Refer to sk157693.
PRJ-3379, PMTR-39797	Security Management	In a rare scenario, the $CPDIR/tmp/ directory is filled with "CKP_mutex::_opt_CPsuite-RXX_fw1_log__..." files. Refer to sk36754.
PRJ-5495, PRHF-5881	Security Management	NEW: Added the policy verifier memory enhancement and additional debugging options. Refer to sk162453.
PRJ-1248, PRHF-2012	Security Management	High CPU utilization by FWM process when SmartEvent is enabled on the Security Management Server. Refer to sk147563.
PRJ-5023, PRHF-4877	Security Management	In some scenarios, policy verification process fails for extremely large policies. Refer to sk161412.
PRJ-5424, PMTR-41518	Security Management	In some scenarios, policy fetch fails if name of the Security gateway that tries to fetch this policy is not defined in DNS. Refer to sk150472.
PRJ-6942, PRHF-6754	Security Management	In a rare scenario, policy installation fails with "Policy installation had failed due to an internal error". Refer to sk163482.
PRJ-4666, PMTR-41210	Multi-Domain Management	The FWM process may stop working when there is no valid license on the Multi-Domain Server.
PRJ-7007, PRJ-6992	Multi-Domain Management	The Gaia restore of Multi-Domain Server fails when using Take 76 of R80.30 Jumbo Hotfix Accumulator. Refer to sk163473.
PRJ-3138, PRJ-1343	SmartConsole	In some scenarios, DNS Maximum Reply Length IPS protection is not enforced. To fully resolve the issue, R80.30 SmartConsole Build 20 (or higher) should be installed.
PRJ-1511, PMTR-35845	SmartConsole	In some scenarios, Installation Targets do not show the correct gateways when cloning and editing the installation targets in the same session.
PRJ-1882, PRJ-783	SmartConsole	In some scenarios, user cannot delete a VS object since it is referenced by an automatically generated exception rule. Refer to sk167272.
PRJ-4202, PMTR-40076	SmartView	NEW: Added support for "SmartView for QRadar" extension.
PRJ-5784, PRHF-611	Compliance	In some scenarios, the Compliance blade checks the 'Parent rule for Domain's policy' placeholder as if it was a real rule and shows the rule index in the Firewall Best Practices relevant objects.
PRJ-5480, PRJ-5482, NAT-110	Security Gateway	NEW: Enhancement: NAT port exhaustion logs mechanism was updated. Refer to sk156852.
PRJ-4805, PMTR-41392	Security Gateway	NEW: Added ability to enable NAT over specific IP address avoiding a source port allocation.
PRJ-6036, PRJ-4165, PMTR-39641	Security Gateway	In some scenarios, when the ICAP server on the Security gateway is enabled, some web pages do not load.
PRJ-4749, PRHF-5313	Security Gateway	In a rare scenario, the FWK process stops working during debug.
PRJ-946, GAIA-4638	Security Gateway	Connectivity issues on some HTTPS sites (as login pages) when Security gateway is configured as proxy. Refer to sk147878.
PRJ-2919, UP-293	Security Gateway	In a rare scenario, Security gateway may crash due to NULL pointer reference.
PRJ-5326, PRJ-5433, PMTR-42553	Security Gateway	Non-FQDN domain objects may not be enforced correctly when used in the Access policy along with updatable objects.
PRJ-5820, PRJ-5821, PMTR-37949	Security Gateway	In some scenarios, traffic is dropped with 'up_transaction_notify_clob failed' error in dmesg when Application Control is enabled.
PRJ-5312, PRJ-5314, NAT-137	Security Gateway	In a rare scenario, Security gateway freezes when IP pool NAT and VPN are used.
PRJ-4356, PRJ-4405, SWG-2208	Security Gateway	In a rare scenario, Security gateway crashes when proxy is enabled.
PRJ-1872, PRJ-5114, PRHF-3940	Security Gateway	In some scenarios, when using Hide NAT with GRE tunnel, packets going through this GRE tunnel may get dropped. Refer to sk154492.
PRJ-4398, PRJ-4400, PMTR-34813	Security Gateway	In some scenarios, traffic is dropped with "[ERROR]: network_classifier_handle_dag: failed to get uuid of DAG bogus_ip" error in dmesg.
PRJ-3426, PMTR-35854	Security Gateway	In a rare scenario, changing the xmit-hash-policy of the bonding group while machine handling traffic, causes it to crash. Refer to sk154573.
PRJ-4180, PRJ-4362, SWG-2174	Security Gateway	Some Web sites cannot be opened when Content Awareness or Anti-Virus/Anti-Bot is enabled, and Security gateway is configured as proxy.
PRJ-4403, PRJ-4650, PMTR-40858	Security Gateway	In a rare scenario, when X-Forwarded-For (XFF) settings are enabled on one of the policy layers and on the Security Gateway object, traffic may be accepted although it should be dropped according to Access policy.
PRJ-771, PRJ-6035, SWG-1922	Security Gateway	In a rare scenario, memory usage may rise on Security gateway, when using service with resource with "Optimize URL logging" feature enabled. Refer to sk153052.
PRJ-4351, PRJ-4352, PMTR-41407	Security Gateway	Access rulebase may not be enforced properly when wildcard objects are used in source and destination columns. Refer to sk162692.
PRJ-5141, PMTR-38249	Security Gateway	In some scenarios, traffic is dropped with "network_classifier_get_dynobjs_for_ip: failed to get UUIDs for IP 0.0.0.0" and "kfunc_ip_ranges_to_dynobj: network_classifier_get_dynobjs_for_ip failed" errors in dmesg when dynamic object is used in access policy. Fix is relevant for Gaia 3.10 only.
PRJ-4114, PRHF-2796	Security Gateway	In some scenarios, logs cannot be seen because the log_indexer process stopped working.
PRJ-3276, PRJ-2310	Logging	Log Exporter filtering feature allows to decide which logs will be exported based on values from the various fields on the raw log.
PRJ-3210, PRHF-4497	Logging	In some Full HA environment scenarios, the "Logserver <Cluster virtual IP> is disconnected" error pops up in SmartConsole log view.
PRJ-1325, PRHF-3690	Logging	In some scenarios, when running mdsstart, the following error message is shown: "/opt/CPSmartLog-R80.20/bin/smartlogstop: line 65: /opt/CPmds-R80.20/customers//CPSmartLog-R80.20/log/smartlogRun.log: No such file or directory".
PRJ-1311, PRHF-3681	Logging	In the Logs & Monitor view, the "File size" field is missing from the logs generated by Media Encryption & Port Protection blade. Refer to sk157952.
PRJ-2019, PRHF-2607	Logging	In some scenarios, when SAM activity is defined and a Log server receives a high amount of packets, the FWD process on the Log server stops working.
PRJ-5338, PRJ-5295	Logging	NEW: Added new Log Exporter feature to export links to the relevant log and log attachments (such as Forensics\TE report).
PRJ-4759, PMTR-40677	IPS	In some scenarios, IPS update fails as a result of error in management server installation.
PRJ-6658, PRJ-6659, PRJ-6655	Web Intelligence	NEW: HTTP traffic performance enhancement on VSX environment when Gzip enforcement is used.
PRJ-6078, PRJ-6086	ClusterXL	After installing Jumbo HotFix Take 76 only on a standby member, it's outgoing traffic does not pass.
PRJ-4591, PRJ-4592, PMTR-41002	ClusterXL	In some scenarios, arp table is not synchronized with master MAC address after fail-over.
PRJ-5080, PRJ-2152	ClusterXL	The message "fwlddist_debug_update_op: resetting to avoid overflow" should be printed only in debug mode since it's not an error.
PRJ-4584, PRJ-5258, PMTR-37812	ClusterXL	In some scenarios, installing policy in order to update the cluster topology during high load, causes the members to fail-over. Refer to sk154575.
PRJ-4409, PRJ-4583, PMTR-38208	ClusterXL	In some scenarios, when changing cluster topology and installing the policy, the cluster fails over. Refer to sk156335.
PRJ-5859, PRJ-1848	SecureXL	In a rare scenario, Host destination entries are memory leaking when neighbor entry is in incomplete state. Refer to sk157252. Fix is relevant for Gaia 3.10 only.
PRJ-5153, PMTR-37736	SecureXL	In some scenarios, IGMP packets are not forwarded across bridge interfaces. Fix is relevant for Gaia 3.10 only.
PRJ-5154, PMTR-37727	SecureXL	In some scenarios, packets with IP options are not forwarded across bridge interfaces. Refer to Issue #3 in sk154892. Fix is relevant for Gaia 3.10 only.
PRJ-2815, PRHF-3608	SecureXL	On cluster, Drop templates are disabled on reboot. Refer to sk153412. Fix is relevant for Gaia 3.10 only.
PRJ-5152, 02541089	SecureXL	In a rare scenario, Security gateway freezes / crashes when SecureXL is enabled and multicast routing is configured. Refer to sk119299. Fix is relevant for Gaia 3.10 only.
PRJ-4783, PRJ-4784, PMTR-40553	SecureXL	NEW: "sim if" and "sim nonaccel" commands will be deprecated. Instead, "fwaccel if" and "fwaccel nonaccel" commands will be used to accommodate multiple SecureXL instances.
PRJ-6850, PRJ-6851, PMTR-25095	SecureXL	In some scenarios, when SecureXL is enabled, the Security Gateway accepts the traffic, but no ARP request is sent. Refer to sk152093.
PRJ-6100, PRJ-6101, PRHF-5450	SecureXL	In some scenarios, SecureXL drops TCP packets with "Out of state" reason.
PRJ-5155, PRJ-5156, PMTR-23471	SecureXL	The "fwaccel conns" command has incorrect Help text. The "fwaccel conns -n" command returns "invalid mask given" message.
PRJ-6779, PRJ-6108, PRHF-5706	SecureXL	In some scenarios, connection does not to expire correctly when NAT and some Software Blades are enabled.
PRJ-4360, PRJ-4361, PMTR-40826	SecureXL	In a rare scenario, Security gateway may crash if cpinfo reads from the /proc/ppk/cpls directory before SecureXL is initialized.
PRJ-6150, PRJ-4564	SecureXL	NEW: Added new SecureXL Fast Accelerator for Non-Scalable Platforms. Refer to sk156672.
PRJ-834, PMTR-36031	CoreXL	In a rare scenario, Security gateway may freeze when "Drop Templates" or "DOS rate" feature is enabled.
PRJ-5469, PRJ-5684, PMTR-38358	SSL Inspection	In some scenarios, several applications are not matched correctly when HTTPS Inspection enabled and URL Filtering is in HOLD mode.
PRJ-5288, PRJ-4758	URL Filtering	NEW: Improved scalability and resiliency of URL Filtering service.
PRJ-6857, PRJ-6828, SWG-2314	URL Filtering	In a rare scenario, RAD process fails to process new kernel requests.
PRJ-3614, PRJ-4854, ROUT-679	Routing	In some scenarios, OSPFv3 LS updates of the default route are not accepted by the Security gateway for Stub/TSA areas. Refer to sk161472.
PRJ-6063, PRJ-6062, PRHF-2798	Routing	In a rare scenario, the routed process may stop working when a route with a local address as a nexthop is received.
PRJ-5551, PRJ-5596, PRHF-1739	Gaia OS	In some scenarios, Smart-1 405 and 410 appliances may show high voltage due to incorrect VBat thresholds.
PRJ-1030, GAIA-5047	Gaia OS	Changing the xmit-hash-policy of the bond may cause all static arp entries to disappear from the arp -a output. Refer to sk152892.
PRJ-2191, PRHF-5189	Gaia OS	Many "fwldbcast_new: too many hosts : 0" kernel messages appear in /var/log/messages file. Refer to sk153253.
PRJ-962, PRJ-2789, PRHF-2474	Gaia OS	In some scenarios, user cannot access terminal from WebUI in monitor role mode.
PRJ-6686, PRJ-6687, PRJ-6991, PMTR-44076	Gaia OS	In some scenarios, Gaia restore on Multi-Domain Server fails with error "failed to edit update registry". Refer to sk163312.
PRJ-2819, PMTR-39191	Gaia OS	While unplugging one of the Power supply cables on Smart-1 5150/5050/525 appliances a false 'No Read' message appears for ~5 seconds in both PSUs statuses (instead of Present/Input Lost/Absence).
PRJ-4156, PRHF-3929	Gaia OS	NEW: The ARP cache size limit on Clish was increased to 131072 hosts.
PRJ-4523, PRJ-4524, GAIA-5047	Gaia OS	Changing the xmit-hash-policy of the bond may cause all static arp entries to disappear from the arp -a output. Refer to sk152892.
PRJ-3122, PMTR-38890	Endpoint Security	In some scenarios, Endpoint Security Clients are in "Disconnected" state after Endpoint Security Server upgrade. Refer to sk161113.
PRJ-2321, EPS-21609	Endpoint Security	If there is a large amount of devices which are going to be removed from the Deleted Container, the server may fail to process the epmCommands, returning "FATAL: remaining connection slots are reserved for non-replication superuser connections" error.
PRJ-2014, EPS-20841	Endpoint Security	In some scenarios, SmartEndpoint shows "Unknown Error" when trying to open the "User and Computers" Tab "Top Bots" and software deployment by policy reports. Refer to sk151932.
PRJ-5352, PMTR-39950	Endpoint Security	In some scenarios, migrate_import fails with the "ERROR: Command completed with error code #2 and output: psql.bin: could not connect to server: No such file or directory" message in $UEPMDIR/logs/exportedFileManip.log*.
PRJ-2913, EPS-21658	Endpoint Security	In some scenarios, when searching for a machine in SmartEndpoint and selecting it, a "Server Error" message appears. Refer to sk158432.
PRJ-1810, PMTR-27831	VPN	NEW: Connectivity enhancements for Remote Access clients using internal Office mode allocation with a long timeout.
PRJ-4648, PRJ-6593, PRHF-4819	VPN	In some scenarios, traffic is not working over Site-to-Site VPN after an upgrade when SecureXL is enabled.
PRJ-2873, PRJ-4726, PMTR-38894	VPN	Connectivity improvement for Remote Access clients in environments with 3rd party VPN tunnels.
PRJ-3557, VSX-1866	VSX	NEW: Added the option to configure reject routes via vsx_provisioning_tool on Scalable Platforms Appliances. Refer to sk151473.
PRJ-5922, PRHF-6345	VSX	In some scenarios, IGMP traffic is dropped by "local interface address spoofing" in VSX HA. Refer to sk162953.
PRJ-4674, PMTR-41221	VSX	VSX configuration cannot not be applied after upgrade from R77.x to R80.x, due to duplicated VSX routes.
R80.30 Jumbo HotFix - Ongoing Take 76 (11 October 2019) Note: This Take updates Take 71 released on 03 October 2019. It is recommended to install Take 76
-	General	Added GUI support for Check Point 26000 and 16000 appliances. Refer to sk162832.
-	General	Added support for Check Point 26000T and 16000 model appliances and CloudGuard IaaS products AWS, Azure, GCP.
PRJ-2726, PMTR-38948	Upgrade	Added a pre-upgrade verification that Global network objects with NAT configuration are not supported.
PRJ-718, PMTR-36761	Security Management	Enhancement: added feature for tracking random CPM process crashes on Security Management server. Refer to sk150913.
PRJ-3604, PMTR-39644	Security Management	Added ability to automatically determine the API process memory allocation to avoid "Out of memory" errors. Refer to sk119553.
PRJ-4241, PMTR-38720	Security Management	When many users are connected to and actively working in the same domain in SmartConsole, they may experience: Slowness in SmartConsole responses Long duration of operations High load on the Management Server
PRJ-4729, PMTR-41157	Security Management	After deleting a network object that is part of a network group, the audit log of the group modification does not show who is the removed member. Refer to sk164057.
PRHF-3242, PRJ-659	Security Management	In a rare scenario, the policy verifier ignores rules with object named "Internet" used with negate operator.
PRJ-4306, PMTR-40468	Security Management	Added a mechanism to prevent the Management Server from starting if an import process was interrupted.
PRJ-2339, PRHF-4046	Security Management	In some scenarios, user cannot discard or publish a work session, receiving the general message "Internal error".
PRJ-1762, PMTR-37924	Security Management	Due to a failed full sync, FWM was restarted unexpectedly and obsolete domain sessions were used in the global policy assignment.
PMTR-23492, PRJ-2847	Security Management	Added support for Internal CA certificate replacement.
PRJ-3874, PRHF-3463	Security Management	In some scenarios, size of the shadow_object.C file increases after each policy installation, eventually causing a failure in installing a policy.
PRJ-2341, PMTR-38095	Security Management	In a rare scenario, the Security Management server does not start due to a missing object, or a duplication of objects.
PRJ-1493, PMTR-38249	Security Management	In some scenarios, traffic is dropped with "network_classifier_get_dynobjs_for_ip: failed to get UUIDs for IP 0.0.0.0" and "kfunc_ip_ranges_to_dynobj: network_classifier_get_dynobjs_for_ip failed" errors in dmesg when dynamic object is used in access policy.
PRJ-1380, PRHF-3514	Security Management	In some scenarios, upgrade from R7x fails with core file of cpdb process due to an empty field in 'autoupdate_and_install_settings' object.
PRJ-1974, CPM-2300	Security Management	In some rare scenarios CPM server does not start after a failure in delete domain.
PRJ-1518, CPM-2264	Security Management	Performance and stability improvements in large High Availability setups.
PRJ-3879, PMTR-39361, PMTR-40489	Security Management	Cannot export a .pdf file from the License inventory view after Jumbo HotFix installation on the Management server.
PRJ-1375, CPM-2242	Security Management	In some scenarios, High Availability synchronization between Management Servers fails and HA menu is disabled.
PRJ-3689, PMTR-36555	Security Management	New policy creation may fail when there are no installation targets defined in this policy.
PRJ-1903, PRJ-1899	Security Management	After opening and searching in pickers for a few times, the "error retrieving results" message appears when opening a picker.
PRJ-2488, PMTR-38103	Security Management	In some scenarios, a validation incident about Invalid Email Address is presented in SmartConsole after upgrade from R77.
PRJ-2441, PMTR-38293	Security Management	In some scenarios, QoS policy installation fails when installing the blade without installing Access or Threat blades of the same policy first.
PRJ-2788, PMTR-37630	Multi-Domain Management	In some scenarios, Multi-Domain Server upgrade from R80 fails due to an internal error related to deprecated application objects. Refer to sk157752.
PRJ-5639	CPInfo	In some scenarios, the CPInfo tool does not show/collect the correct information after Jumbo Hotfix installation. Refer to sk162775.
PRJ-4415, PRHF-5177	Compliance	In some scenarios, some of the Best Practices show "N\A" status in the Compliance blade dashboard.
PRJ-1273, SL-1052	Logging	In a rare scenario, when an environment has many gateways (dozens), FWM on the log server may crash when reaching to 4 GB memory.
PRJ-4965 SL-2456	Logging	In a rare scenario, a specific log fails to be written and an alert informing on this is displayed in SmartConsole.
PRJ-2678, PRHF-3831	Logging	In a rare scenario, the accounting of bytes in a report is not accurate.
PRJ-871, PRHF-2806	Logging	In a rare scenario, SmartConsole does not show indexed logs because the log_indexer process stopped working. Refer to sk152934.
PRJ-1158, PRHF-3561	Logging	In SmartView, if a view contains 2 map widgets, one displaying source countries and the other displaying destination countries, drilling down on one of them may display incorrect data.
PRHF-4975, PRJ-4062	Logging	In some scenarios, when exporting logs with "Visible columns" option selected from SmartView, some columns return empty record. Refer to sk161712.
PRJ-2645, SL-2509	Logging	Running views and reports with a filter fails if the filter contains a "NOT" operator combined with parentheses.
PRJ-3529, PMTR-34580	Multi-Domain Management	In some scenarios, Administrator does not see that a revision was created in its Domain (on Domain level) after a Global policy was assigned to it.
PRJ-3048, PMTR-39455	Multi-Domain Management	If user deletes a CLM from a Domain (it's forbidden, the validation was added), the CLM remains as partially deleted and user cannot create a new one.
PRJ-3527, PMTR-40003	Multi-Domain Management	Objects on Domain level that should be shown on the Multi-Domain Server level, sometimes are not shown correctly.
PRJ-2385, PMTR-38670	Multi-Domain Management	In a rare scenario, CPM server fails to start after successful Domain deletion.
PMTR-38211, PRJ-2172	Multi-Domain Management	In some scenarios, logs are not saved under $MDS_FWDIR/log/failed_tasks directory.
PRJ-799, PMTR-36765	Multi-Domain Management	In some scenarios, the "Unable to connect to server. Please make sure the server is up and running." error appears when trying to log into single Domain from SmartConsole. Refer to sk153293.
PRJ-1567, SMCUPG-719	Multi-Domain Management	Deletion of Domain failed with "Could not send message" error when having large amount of gateways in the Domain. The Domain remain without Domain Servers.
PRJ-1303, PRJ-1305	Multi-Domain Management	When running the 'add-domain' Web API command on an existing Domain, the original Domain may be deleted.
PRJ-1444, PRHF-3783	Multi-Domain Management	In some scenarios, gateways are missing in the 'Gateways and Servers' view in SmartConsole on the MDS level.
PRJ-2245, PMTR-36614	Multi-Domain Management	The mds_backup command will generate an output file of format .tar instead of .tgz to improve the duration time of backup (mds_backup) and restore (mds_restore) of Multi-Domain Server. Refer to sk163300.
PRJ-1532	Multi-Domain Management	In a specific scenario, Global policy rules may change order after Multi-Domain Server upgrade. Refer to sk155432.
PRJ-374, PRHF-3285	Multi-Domain Management	In a rare scenario, FWM process stops working on the Domain level during login.
PRJ-1970, PRJ-4545, PRHF-3268	SmartConsole	In setups with a large quantity of network object, users may experience slowness when editing the HTTPS Inspection policy. Refer to sk147134. To fully resolve the issue, R80.30 SmartConsole Build 20 (or higher) should be installed.
PRJ-3870, PRHF-4655	SmartConsole	In a rare scenario, when user clicks on Mail Transfer Agent (MTA) options in the Security gateway settings or on 'Next hop' column inside MTA settings, SmartConsole shows "Not Responding" and freezes. Refer to sk161232. To fully resolve the issue, R80.30 SmartConsole Build 20 (or higher) should be installed.
PRJ-619, PRHF-3415	SmartConsole	In some scenarios, upgrade fails with "com.checkpoint.management.classes.dle.triggers.internal.VersionInfo.VersionInfo" exception in cpm.elg file.
PRJ-1879, PRJ-1864	SmartConsole	In some scenarios, SmartConsole stops working while adding or removing many objects via Web API.
PRJ-1210, PRHF-3465	SmartConsole	Pre-shared keys are missing after upgrade.
PRJ-832, PMTR-36527	SmartConsole	Redundant layers appear in the output of the 'show-package' command when Global policy holding more than one layer, is assigned to Domain.
PRJ-1144, API-549	SmartConsole	Management API command "put file" can be used for command execution with certain permissions.
PRJ-1434, PMTR-31155	SmartConsole	In some scenarios, SmartConsole terminates when installing policy on many targets at once.
PRHF-2194, PRJ-4434	SmartConsole	In some scenarios, Client certificate is removed when deleting Domain that is included in certificate's permissions.
PRJ-2142, PMTR-38301	SmartConsole	Added the protectionExternalInfo property in the overrides object that displays the CVEs in the output of 'show threat-profile' command.
PRJ-2419, PRJ-1407, PMTR-38710	SmartProvisioning	In VPN Community managed by SmartProvisioining: When adding SMB gateway to the VPN community, VPN tunnel may not been established. When changing security profile in VPN community, the VPN settings are not changed. Policy installation fails for cluster member of CO Gateway.
PROV-2068, PRJ-4672	SmartProvisioning	In some scenarios in SmartProvisioning: When executing Run Script on SmartProvisioning profile, the application disconnects from the server and is closed. When executing Push Settings and Actions the "The action was not performed due to maintenance mode" error appears.
MCFG-199, PRJ-2384	SmartProvisioning	SmartUpdate generates audit log even when no action was taken.
PRHF-3392, PRJ-869	SmartProvisioning	In VPN star community managed by SmartProvisioning, VPN tunnels may not be established after installing policy to CO gateway (center). Refer to sk152612.
PRJ-4311, PRJ-4314, GAIA-6260, STRM-149	Security Gateway	In some scenarios, a remote client disconnects after one hour although the session is not idle. Refer to sk160213.
PRJ-3589, STRM-109, PRJ-3564	Security Gateway	Disabling connections timestamp does not work on active streaming connections. Refer to sk62700.
PRJ-4416, QOS-22, PRJ-698	Security Gateway	In a rare scenario, Security gateway crashes during QoS policy installation.
PRJ-4804, PMTR-41392	Security Gateway	Enabled avoiding source port allocation for specific predefined connections.
PRJ-4147, UP-293	Security Gateway	In a rare scenario, Security gateway may crash due to NULL pointer reference. Fix is relevant for Gaia 3.10 only.
PRJ-4615, PMTR-40937, PRJ-4554	Security Gateway	In some scenarios, VoIP traffic is dropped with "allocate_port_impl: could not find a free port;" error in dmesg.
PRJ-4758	URL Filtering	Improved scalability and resiliency of URL Filtering service. Fix is relevant for Gaia 3.10 only.
PRJ-4845, PRJ-4844, PMTR-4178	SSL Inspection	In a rare scenario, when SSL Inspection is enabled and there is big latency, Microsoft websites (for example Azure) may not respond. Refer to sk150175.
PRJ-1161	IPS	CMA migration may take a long time when there are many IPS protections local overrides.
PRJ-5173, PRJ-2168, PRJ-2108	IPS	In some scenarios, categorization of HTTPS sites over IPv6 does not work as expected.
PRJ-1666	Threat Emulation	Management Server upgrade may fail in these scenarios: There are Threat Emulation settings, which remained from Security Gateway objects that were already removed. There are Threat Emulation settings, which are configured in the cluster member objects and not in the cluster object. Refer to sk150793.
PRJ-3370, PMTR-13884	Threat Prevention	Deleting a Threat Prevention profile may fail if the IPS profile has many overrides. Refer to sk136552.
PRJ-4148, PMTR-40174	Threat Prevention	Upgrade fails due to invalid Threat Emulation settings connected to gateways that no longer exist or to cluster members. Fix will affect only Advanced upgrade
PRJ-5077, PMTR-41915	Threat Prevention	In a rare scenario, R80.30 Security gateway managed by R80.30 Management crashes when running a Threat Prevention Software Blade with the Forensics feature enabled. Refer to sk161812. Fix is relevant for Gaia 3.10 only.
PRJ-1919, PRJ-2416, PRJ-2417, PRJ-3510	Identity Awareness	Security hardening for Identity Awareness Agent (IDA) enforcement according to XFF IP.
PRJ-3478, PRJ-1952	Identity Awareness	Performance improvement of Identity Awareness kernel tables for Cluster and multi-fw1 instances gateways.
PRJ-3478, IDA-1966	Identity Awareness	In a rare scenario, identities are missing from all connected Identity Gateways (PEPs).
IDA-1987, PRJ-1956	Identity Awareness	In a rare scenario, sessions longer than 24 hours disappear from the Identity Gateway (PEP) but exist on the Identity server (PDP)
IDA-1981	Identity Awareness	Users are not propagated from the PDP to the PEP on a specific network due to a rare race condition between register and unregister requests triggered by different instances or cluster members.
PRJ-1926	Identity Awareness	The output of pep show pdp all command on the Identity Gateway (PEP) contains "inx invalid type (0)" instead of an Identity server (PDP) IP address. Refer to Scenario #3 in sk156953.
PMTR-32539, PRHF-3443	Identity Awareness	Users are not authenticated when an identity source provides the login name in an 'User Principal Name' format "user@domain". Refer to sk147417.
PRJ-3137, PRJ-5259, PMTR-38645	ClusterXL	Added support for Cluster Load Sharing without IPSec VPN. To enable the support, refer to sk162637.
PRJ-1657, PRJ-5035, PMTR-30582	ClusterXL	In some scenarios, unable to connect to the Standby Cluster member from a non-local subnet via SSH or WebUI. Refer to sk147493.
PRJ-2147, PRJ-3439, PRHF-4105	ClusterXL	In a rare scenario, the fw_workers process consumes high CPU on the Standby member of a ClusterXL. Refer to sk156333.
PRJ-3295, PRHF-4301	CoreXL	In a rare scenario, Custom affinity configuration is overwritten when HT is enabled. Refer to sk158112.
PRJ-998, PMTR-35350	CoreXL	In some scenarios, VPN connection's records remain in the Global connections table even after the connection expires. Refer to sk155332.
PRJ-2397	CoreXL	"fwmutlik_do_sequence_accounting_on_entry: bad dir" errors are mistakenly printed in dmesg output. Refer to sk158312.
PRJ-1299	SecureXL	In a rare scenario, multicast routing lookup may lead to SIM crash.
PRJ-631, PRHF-5533	SecureXL	In some scenarios, latency is observed on the Security gateway when SecureXL is enabled. Refer to sk162914.
PRJ-1177, PRJ-1176	SecureXL	Added sim module parameter "sim_anti_spoofing_enabled" to allow disable of anti-spoofing in Performance Pack without installing new Firewall policy.
PRJ-1642, PRJ-3660, PRHF-4350	SecureXL	In some scenarios, when SecureXL is enabled, it drops the TCP traffic for the particular connection for invalid state reasons. Refer to sk147093.
PRJ-5154, PMTR-37727, PRJ-1641, PMTR-37736, PRJ-1638	SecureXL	In some scenarios, packets with IP options are not forwarded across bridge interfaces. Refer to Issue #3 in sk154892
PRJ-4622, PMTR-40703, PRJ-4621	SecureXL	In some scenarios, sending IP fragmented traffic through a Virtual Switch or Virtual Router fails with "Virtual defragmentation error".
PRJ-4735, PRHF-3487, PRJ-1223, PRJ-1841	SecureXL	In some scenarios, Policy Based Routing (PBR) does not work properly when acceleration is enabled.
PRJ-2119, PRJ-1848	SecureXL	In a rare scenario, Host destination entries are memory leaking when neighbor entry is incomplete state. Refer to sk157252.
PRJ-1218, PMTR-37165	SecureXL	In some scenarios, multicast traffic is not forwarded across bridge interfaces.
PRJ-1252, PRHF-3608	SecureXL	On cluster, Drop templates are disabled on reboot. Refer to sk153412.
PRJ-3658, PMTR-39660, PRJ-3596	SecureXL	In a rare scenario, when SecureXL is enabled, a VSX gateway may crash. Refer to sk160912.
PRJ-806, PRHF-3498	SecureXL	In a rare scenario, when SecureXL is enabled, Policy Based Routing (PBR) does not work although configured.
PRJ-2323, PRJ-5078, PMTR-38429	Gaia OS	The restore backup operation fails if the machine was installed via ISO during the backup, and via CPUSE during the restore.
PRJ-1477, PRJ-5115, PMTR-37425	Gaia OS	Backup task may fail if SmartConsole is open during backup.
PRJ-3136, GAIA-2861	Gaia OS	In some scenarios, the IGB driver interfaces are occasionally down after reboot of a Management machine. Refer to sk135532.
PRJ-3365, PRJ-3361, PRJ-3364	Gaia OS	'\|' and '-' characters cannot be used in the message banner.
PRJ-3113, PMTR-39534	Gaia OS	Added support for LOM (iDRAC) interfaces.
PRJ-1677	Gaia OS	Clish command "show system init-services" and Expert command "service --status-all" run "mdsstart" on the server.
GAIA-4695, PRJ-615, PRJ-4527	Gaia OS	When running "service vmtoolsd restart" command on Gaia installation with VMware, the "Installing memory driver: FATAL: Module vmmemctl not found. [FAILED]" error is displayed although the vmw_balloon.ko driver is loaded. Note: this issue is only cosmetic.
PRJ-1771, GAIA-4793	Routing	The default OSPF instance binding is missing.
ROUT-484, PRJ-4849, PRJ-4850	Routing	In some scenarios, legitimate subnets of 0.0.0.0 (for example 0.0.0.0/1) cannot be configured for certain routing features, like static routes, PBR, routemaps, etc.
PRJ-4279, PRJ-4266, PRHF-5105	VSX	In a rare scenario, machine crashes when using VSX with Virtual Switch (VSW).
PRJ-4921, PMTR-32931	VSX	In some scenarios, the fwk process may crash when VSX gateway is upgraded to R80.30.
PRJ-4956, GAIA-6397, PRJ-4950	VSX	In some scenarios, traffic does not pass in VSX setup with VS-VSW-VS topology and some Threat Prevention blades enabled on VSs.
PRJ-1420, PRJ-4740, GAIA-5136	VPN	Improved the VPN connectivity for VSX and User-Space Firewall gateways.
PRJ-4740, PRJ-1420	VPN	In some scenarios, VPN Encryption Domain Routes are not added to kernel via RIM in VSX environment. Refer to sk154692.
PRJ-1385, GAIA-5338	VPN	In some scenarios with acceleration enabled, traffic through VR for a VPN setup does not pass.
PRJ-2348, PMTR-38631	VPN	Remote Access client randomly disconnect / unable to connect when DHCP multi-homed server is configured.
PMTR-38041, PRJ-4153, PRJ-4488	VPN	In some scenarios, the Phase-2 negotiation fails with "Reason: Wrong value for: Encapsulation Mode" after upgrade. Refer to sk157092.
R80.30 Jumbo HotFix - General Availability Take 50 (03 September 2019, GA from 24 September 2019) Note: This Take updates Take 48 released on 1 September 2019. It is recommended to install Take 50
-	General	Added support for Gaia kernel 3.10.
-	General	Added support for Check Point 26000 and 16000T model appliances and CloudGuard IaaS products AWS, Azure, GCP.
PRJ-2300	Security Management	Added Management support for 16000 and 26000 appliances. GUI support was added in R80.30 Jumbo HotFix Take 71.
PRJ-5065, PRJ-3101	Multi-Domain Management	Import of Multi-Domain Management Server fails when Jumbo HotFix is installed on the target machine and the source machine is R77.x. Refer to sk162032.
PRHF-3248, PRJ-823, PRJ-2737	Security Gateway	In a rare scenario, Security gateway freezes when Priority Queue is enabled. Refer to sk149413.
PRJ-3736, PRJ-3737, PMTR-40259	Security Gateway	In some scenarios, when a connection is accelerated and ICMP packet is sent from a server to a client, it is being dropped by Security gateway.
PMTR-25703, PRJ-2694	Security Gateway	In a rare scenario, when configured as a proxy/ICAP client, a Security gateway may crash when using HTTPS Policy Categorization. Fix is relevant for Gaia 3.10 only.
PRJ-5028	Threat Prevention	In a rare scenario, R80.30 Security gateway managed by R80.30 Management crashes when running a Threat Prevention Software Blade with the Forensics feature enabled. Refer to sk161812.
PRJ-2891, PMTR-31316	Logging	In some scenarios with low disk space and customized retention configuration, logs and indexes may be deleted contrary to the configuration. In some cases, logs are not forwarded when log forwarding in enabled on a Log server machine.
PRJ-2896, PRJ-748	Logging	In a rare scenario, cannot open new tab in SmartView after exporting data using a relative time filter.
PRJ-1825, PRHF-3890	SSL Inspection	Added support of RDP over SSL inspection as part of HTTPS Inspection blade. (Relevant for Remote Desktop Protocol Vulnerability CVE-2019-0708.) Supported only on Gaia 3.10.
PRHF-4193, PRJ-2733	CoreXL	"fwmutlik_do_sequence_accounting_on_entry: bad dir" errors are mistakenly printed in dmesg output. Refer to sk158312. Fix is relevant for Gaia 3.10 only.
PMTR-35350, PRJ-2735	CoreXL	In some scenarios, VPN connection's records remain in the Global connections table even after the connection expires. Refer to sk155332. Fix is relevant for Gaia 3.10 only.
PRJ-2734, PMTR-36031	CoreXL	In a rare scenario, Security gateway may freeze when "Drop Templates" or "DOS rate" feature is enabled. Fix is relevant for Gaia 3.10 only.
PRJ-2668, PRJ-2358	Gaia OS	CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479: TCP SACK PANIC - Linux Kernel vulnerabilities. Refer to sk156192.
PRJ-1981, GAIA-5576	Gaia OS	IPv6 address configured on VLAN interfaces is missing after reboot. Fix is relevant for Gaia 3.10 only.
PRJ-2579, GAIA-5563	Gaia OS	Status of newly created VLAN interface is "off". Fix is relevant for Gaia 3.10 only.
PRJ-2561, GAIA-5815	Gaia OS	When adding more than 256 bridge interfaces, CPD process stops working, bringing down SIC. Fix is relevant for Gaia 3.10 only.
PRJ-2782, GAIA-5512	CPView	The SMT Status is "Unknown" instead of "Enabled" in CPView. Fix is relevant for Gaia 3.10 only. The SMT Status is removed from CPView on Gaia 3.10 kernel as there is no soft-disable of Hyper-Threading on this kernel version anymore.
PRJ-4055, GAIA-6172	VSX	In some scenarios, a new hotfix installation via CPUSE fails on VSX. Refer to sk159713. Fix is relevant for Gaia 3.10 only.
PMTR-39868, PRJ-3528, PRJ-3671	VSX	In some scenarios, traffic is dropped on VSX when SecureXL is enabled. Refer to sk160352.
R80.30 Jumbo HotFix - General Availability Take 19 (02 July 2019, GA from 04 Aug 2019)
PRJ-634, PMTR-15461	SecureXL	Added support for i40evf driver.
PRJ-451, PRHF-3283	Security Management	In a rare scenario, a failure in policy installation causes a false "Policy installation is currently in progress" error message.
PRJ-1647, PMTR-36840	Multi-Domain Management	Improved duration of Multi-Domain Server upgrade from R80.10.
PRJ-593, PRHF-3300	Multi-Domain Management	Multi-Domain Server processes must be down when running cma_migrate.
PRJ-1787, PMTR-37945	SmartConsole	In a rare scenario, when using "add-threat-exception" API command to empty rulebase, it fails with the "Runtime error: Index: -1, Size: 0" error.
PRJ-1552, PMTR-31316	Logging	In some scenarios with low disk space and customized retention configuration, logs and indexes may be deleted contrary to the configuration. In some cases, logs are not forwarded when log forwarding in enabled on a Log server machine.
PRJ-748	Logging	In a rare scenario, cannot open new tab in SmartView after exporting data using a relative time filter.
PRJ-633, PRJ-2897	SecureXL	Debug messages are not printed when running "fwaccel dbg -m adp all" and sending multicast packets through the Security gateway.
PRJ-898, GAIA-4855	VSX	When SecureXL and IPS are enabled on VS connected to VR, HTTP traffic does not pass the internal Host.
PRJ-2371, PRJ-2358	Gaia OS	CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479: TCP SACK PANIC - Linux Kernel vulnerabilities. Refer to sk156192.

Installation instructions

Procedure:

Show / Hide instructions for installation in Gaia Portal - using CPUSE (Check Point Update Service Engine)
- Offline installation
  
  Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").
  1. Install the latest build of CPUSE Agent from sk92449.
  2. Connect to the Gaia Portal on your Check Point machine and navigate to Upgrades (CPUSE) section - click on Status and Actions.
  3. In the upper right corner, click on the Import Package button.
  4. In the Import Package window, click on Browse... - select the CPUSE package (either offline TGZ file, or exported TAR file) - click on Import.
  5. Above the list of all software packages, click on the Showing Recommended packages button - select All.
  6. Select the imported package Check Point R80.30 Jumbo hotfix T<number> for sk153152 - click on More button on the toolbar - click on Verifier (or right-click on the package and click on Verifier).
  7. Select this package and click on Install Update button on the toolbar.
Show / Hide instructions for installation in Gaia Clish - using CPUSE (Check Point Update Service Engine)
For detailed installation instructions, refer to CPUSE - Gaia Software Updates (including Gaia Software Updates Agent) - section "(4) How to work with CPUSE".
- Offline installation
  
  Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").
  1. Install the latest build of CPUSE Agent from sk92449.
  2. Connect to command line on target Gaia OS.
  3. Log in to Clish.
  4. Acquire the lock over Gaia configuration database:
    HostName:0> lock database override
  5. Import the package from the hard disk:
    HostName:0> installer import local <Full_Path>/<Package_File_Name>.TGZ_or_TAR
  6. Show the imported packages:
    Note: Refer to the top section "Hotfixes" - refer to "Check Point R80.30 Jumbo hotfix T<number> for sk153152"
    HostName:0> show installer packages imported
  7. Verify that this R80 Jumbo Hotfix Accumulator package can be installed without conflicts:
    HostName:0> installer verify <Package_Number>
  8. Install the imported package:
    HostName:0> installer install <Package_Number>

Uninstall instructions

Important Note: This Jumbo Hotfix Accumulator removes all its packages during uninstall.

Procedure:

Show / Hide instructions for uninstall in Gaia Portal - using CPUSE (Check Point Update Service Engine)
1. CPUSE Software Updates Policy should be configured to allow self-update of CPUSE Agent.
  Otherwise (and if this machine is offline), users should manually install the latest build of CPUSE Agent from sk92449.
2. Connect to the Gaia Portal on your Gaia machine and navigate to the 'Upgrades (CPUSE)' section - click on 'Status and Actions'.
3. Above the list of all software packages, click on the 'Showing Recommended packages' button - select 'All'.
4. Right-click on the Jumbo Hotfix Accumulator package - click on 'Uninstall'.
5. A warning will be displayed that after this uninstall, the machine will be automatically rebooted.
  Click on 'OK' to start the uninstall.
Show / Hide instructions for uninstall in Gaia Clish - using CPUSE (Check Point Update Service Engine)
1. CPUSE Software Updates Policy should be configured to allow self-update of CPUSE Agent.
  Otherwise (and if this machine is offline), users should manually install the latest build of CPUSE Agent from sk92449.
2. Connect to command line on Gaia OS.
3. Log in to Clish.
4. Acquire the lock over Gaia configuration database:
  HostName:0> lock database override
5. Uninstall the package:
  HostName:0> installer uninstall <Package_Number>
  Note: The progress (in per cent) will be displayed in Clish.
6. Machine will be rebooted automatically.

Revision History

Show / Hide revision history

Date	Description
06 Jul 2020	Released Take 215 of R80.30 Jumbo Hotfix Accumulator SmartConsole package has been updated to Build 90
30 Jun 2020	Released Take 214 of R80.30 Jumbo Hotfix Accumulator
23 Jun 2020	Released Take 213 of R80.30 Jumbo Hotfix Accumulator
31 May 2020	Released Blink images for R80.30 GA + Jumbo HF Take 196
26 May 2020	Released Take 210 of R80.30 Jumbo Hotfix Accumulator SmartConsole package has been updated to Build 86 Take 196 of R80.30 Jumbo Hotfix Accumulator is now in General Availability
21 May 2020	Released Take 196 of R80.30 Jumbo Hotfix Accumulator
10 May 2020	Released Blink images for R80.30 GA + Jumbo HF Take 191
07 May 2020	Updated the Important Notes section
30 Apr 2020	Take 191 of R80.30 Jumbo Hotfix Accumulator is now in General Availability
26 Apr 2020	Released Take 195 of R80.30 Jumbo Hotfix Accumulator SmartConsole package has been updated to Build 76
22 Apr 2020	Released Take 191 of R80.30 Jumbo Hotfix Accumulator
19 Apr 2020	Updated the Important Notes section
17 Mar 2020	Released Take 168 of R80.30 Jumbo Hotfix Accumulator
11 Mar 2020	Released Take 166 of R80.30 Jumbo Hotfix Accumulator
08 Mar 2020	Released Blink images for R80.30 GA + Jumbo HF Take 155
05 Mar 2020	Released Take 163 of R80.30 Jumbo Hotfix Accumulator
03 Mar 2020	Added PRJ-5530 to Take 140
01 Mar 2020	Take 155 of R80.30 Jumbo Hotfix Accumulator is now in General Availability
24 Feb 2020	Added PRJ-6047 to Take 135
20 Feb 2020	Released Take 155 of R80.30 Jumbo Hotfix Accumulator
12 Feb 2020	Released the List of upcoming resolved issues
10 Feb 2020	Take 140 of R80.30 Jumbo Hotfix Accumulator is now in General Availability
09 Feb 2020	Added PRJ-5245 to Take 135
03 Feb 2020	Released Take 140 of R80.30 Jumbo Hotfix Accumulator
02 Feb 2020	Added PRJ-8197 to Take 135
22 Jan 2020	Released Take 136 of R80.30 Jumbo Hotfix Accumulator
13 Jan 2020	Released Take 135 of R80.30 Jumbo Hotfix Accumulator
09 Jan 2020	Take 132 was removed
05 Jan 2020	SmartConsole package has been updated to Build 42
02 Jan 2020	Released Take 132 of R80.30 Jumbo Hotfix Accumulator
16 Dec 2019	Updated the List of upcoming resolved issues
11 Dec 2019	Released Blink images for R80.30 GA + Jumbo HF Take 111
05 Dec 2019	Released the List of upcoming resolved issues
03 Dec 2019	Take 111 of R80.30 Jumbo Hotfix Accumulator is now in General Availability
25 Nov 2019	Released Take 111 of R80.30 Jumbo Hotfix Accumulator
20 Nov 2019	Released Take 107 of R80.30 Jumbo Hotfix Accumulator SmartConsole package has been updated to Build 36
11 Oct 2019	Released Take 76 of R80.30 Jumbo Hotfix Accumulator
06 Oct 2019	SmartConsole package has been updated to Build 20
03 Oct 2019	Released Take 71 of R80.30 Jumbo Hotfix Accumulator
02 Oct 2019	Added a note for Take 50
24 Sep 2019	Take 50 of R80.30 Jumbo Hotfix Accumulator is now in General Availability
03 Sep 2019	Released Take 50 of R80.30 Jumbo Hotfix Accumulator
01 Sep 2019	Released Take 48 of R80.30 Jumbo Hotfix Accumulator
14 Aug 2019	SmartConsole package has been updated to Build 08
04 Aug 2019	Take 19 of R80.30 Jumbo Hotfix Accumulator is now in General Availability
02 July 2019	First release of R80.30 Jumbo Hotfix Accumulator (Take 19)

Give us Feedback

Please rate this document

[1=Worst,5=Best]

Comment
	Submitting rating