Support Center > Search Results > SecureKnowledge Details
Check Point R80.40 Resolved Issues Technical Level
Solution

This article lists all of the issues that have been resolved in Check Point R80.40.

 

Table of Contents

  • Installation and Upgrade
  • Gaia OS
  • Security Management
  • Multi-Domain Management
  • IPS
  • Content Awareness
  • Threat Prevention
  • SmartConsole / Management Console
  • SmartProvisioning
  • SmartEvent
  • SmartUpdate
  • Logging / SmartLog
  • ClusterXL
  • VSX
  • VPN
  • Smart-1
  • SNMP
  • Hardware
  • Dynamic Routing / Advanced Routing
  • CloudGuard
  • Mobile Access


Enter the string to filter the below table:

ID Symptoms
Installation and Upgrade
01868136,
PMTR-47259
After upgrading, the Gateway Properties -> HTTP inspection page may show "Failed to load Plug-in Page: SSLInpectionPage".
02411778,
02421533,
02421989,
PMTR-47570
After upgrading a Full HA deployment, policy installation fails due to SIC problem with the secondary member.
Gaia OS
- Connеctivity upgrade is not supported.
- Stand-Alone deployment is not supported on Gaia 3.10.
02730903 In some scenarios, unable to create snapshots. Refer to sk123612.
02559795,
02560843
Snapshot creation reaches 93% and stops, although there is enough space. Refer to sk119675.
02483806,
02490757,
PMTR-47124
External NIC is not detected after upgrade to R80.x / Clean install of R80.x. Refer to sk116587.
02167050,
02184450,
02491287,
02359422
Setting state of interface to "off" on Gaia OS does not turn off the link on that interface. Refer to sk112598.
GAIA-4937 Installing R80.20, R80.20.M2 and R80.30 Security Management Server with CPUSE or Blink on a machine previously installed as a R80.30 Security Gateway that uses the Linux Kernel version 3.10 is not supported.
GAIA-6992 CPUSE Clean install is not supported for 23000 appliances.
GAIA-2648 On CloudGuard for Azure, the 'ethtool -G' command is not supported. 
GAIA-2649 On CloudGuard for AWS, the 'ethtool -G' command is not supported.
GAIA-6184 "Error while stopping check point processes" error when installing packages on a VSX environment. 
PRJ-2583,
GAIA-5732
The fw ctl multik utilize command is not supported in the User Mode Firewall (USFW). 
GAIA-5914 Drop templates are not disabled for USFW (User space Firewall mode).
GAIA-3944,
GAIA-3957
When running the Hardware Diagnostic options of the RMA tool, "ipsctl_get_family_id:received error" messages may appear. 
GAIA-4849 OSPF is not supported with unnumbered VTIs.
GAIA-4573 Upgrade is only supported between kernel 3.10 versions (R80.20 3.10 and R80.30 3.10).
PMTR-46091,
CPDIAG-1615
CPview may show partial information, if there are more than 256 interfaces configured on the system.
Security Management
PMTR-32627 Added support for UTM-1 Edge X series devices. 
PMTR-44738 Error: "Management HA synchronization failed due to insufficient disk space in the root partition." may appear in SmartConsole.
PMTR-44844,
PRHF-6754
In a rare scenario, policy installation fails with "Policy installation had failed due to an internal error". Refer to sk163482.
Multi-Domain Management
01965750 If you create or delete Domain servers of the same Domain from many Multi-Domain Servers, the Domain can become corrupted, with recovery from Check Point Support required.
PRJ-5065 Import of Multi-Domain Management Server fails when R80.30 Jumbo HotFix Take 19 is installed on the target machine and the source machine is R77.x. Refer to sk162032.
01995628,
01993689,
PMTR-47544
After a Global policy has been assigned to a Domain, the revert option in the Domain "Network Layer -> History" window no longer functions.
IPS
PMTR-47530 In some specific scenarios, IPS update operation failed after an upgrade from R80.10.
02219579,
02252490
Thresholds for 'IPS Bypass under load' are not tunable in Full HA environment. Refer to sk112659.
Content Awarenes
02455334 Content Awareness can inspect different types of files, of any size. A Web browser or FTP client may use several connections to upload or downloaded a file. For web browser this typically happens when downloading large PDF files from the Internet. In those cases, the Security Gateway inspects each connection separately. This may affect its ability to inspect text inside the file.
02436860,
PMTR-47668
Content Awareness supports HTML forms using URL encoding (also known as Percent-encoding). HTML traffic, encoded (binary to text encoding) as Base64 and NCR, is not properly inspected for content. 
Threat Prevention
PMTR-33033,
AVIR-602
Threat Extraction for Web-downloaded files is not supported on IPv6 traffic.
SmartConsole / Management Console
PMTR-35845 In some scenarios, Installation Targets do not show the correct gateways when cloning and editing the installation targets in the same session.
PMTR-34087 Access roles are not shown in the Object explorer -> "Unused objects" filter.
PMTR-43325 In Dynamic IP configuration, when entering SMS Provider details and email not in order (mail: first then sms, policy installation fails with "internal error". Refer to sk120358.
02458203,
PMTR-47660
Policy installation includes an implicit database install operation. As a result, the policy installation task in SmartConsole only completes after the end of the database installation task. This does not delay policy enforcement on the gateway.
PMTR-45443 When creating SecuRemote DNS object with more than 6 characters as Domain suffix, it fails with the "Domain suffix contains illegal characters" error.
PMTR-15093 Domain Management Server and Domain Management Log Server must be removed form a policy package before deleting their representing objects.
PMTR-46635,
PMTR-46701
For SmartConsole installed on Windows 10, legacy gateway editors and the Global Properties editor to not display correctly when Windows 10 display scaling is set to more than 125 percent. Refer to sk155892.
SmartProvisioning
PMTR-34425,
00904551
VPN tunnel with ROBO Gateway managed via SmartProvisioning can not be established after upgrading the Security Management Server. Refer to sk106628.
PMTR-38799 In some scenarios, SmartLSM (Smart Provisioning) unexpectedly crashes when editing topology of Security gateway or Cluster. 
SmartEvent
02499980 For Global SmartEvent connected to a Multi-Domain Management Server: Search suggestions from SmartConsole appear for Super Users only (Multi-Domain Super User and Domain Super User).
SL-1767 In SmartEvent policy, adding an exclusion for sensor alert event by event id (e.g. id=20300) causes policy install failure. Refer to sk139854.
SmartUpdate
PMTR-38669,
MCFG-199
SmartUpdate generates Audit log even when no action was taken.
Logging / SmartLog
- Added support for Log Exporter 'Filter' feature. For details and updates, refer to sk122323
ClusterXL
CLUS-1752 ClusterXL in Load Sharing mode may drop traffic after a cluster member is rebooted, due to inconsistency of MAC addresses saved in the Firewall kernel and in SecureXL kernel.
VSX
01465442,
01436496
An upgraded cluster member goes into Ready state after the reboot, even before the rest of the cluster members are upgraded.
01562612,
PMTR-47565
If a Virtual System is the Hub of a Star VPN Community, it cannot support SmartLSM gateways as satellites.
02532554,
02532716,
PMTR-47564
"CLINFR0699 Invalid command" error when a user with read-only Gaia OS role runs the "set virtual-system" command on VSX Gateway. Refer to sk118693.
01548786,
PMTR-47490
The "vsx_util change_mgmt_subnet" command does not support IPv6.
VPN
PMTR-8855 If a Remote Access VPN client roams from a NATT tunnel (which the Security Gateway accelerates) to a TCPT tunnel (which the Security Gateway does not accelerate), all the existing accelerated connections from the Remote Access VPN client are terminated on the Security Gateway. New connections from the Remote Access VPN client are established as expected.
02702969, 02706012,
PMTR-40748
Security Gateway accepts an other Diffie-Helman group then is configred. Refer to sk122438
02514005,
02534915,
PMTR-47505,
PMTR-42268
  • DAIP devices deployed as VPN Satellite gateways, do not support VPN link fail-over between a static link (using permanent IP address) to the DAIP link, and vice-versa.
  • Trusted interfaces are not supported for DAIP devices.
Smart-1
PMTR-43686,
PMTR-40161,
GAIA-6587
Smart-1 3050 / 3150 appliance fails to install or upgrade to R80.20/R80.30 if Intel 82598ES 10G network card is active. Refer to sk146512.
SNMP
01852762,
01858277
Output of the "snmptranslate" command returns different OIDs for objects in "chkpntTrap" branch. Refer to sk108697.
Hardware
PMTR-26873 In an extremely rare scenario, after an appliance boots, names of some interfaces might contain "_rename" after their usual names. For example: "eth5_rename", "Sync_rename".
Dynamic Routing / Advanced Routing
01910711,
01921543,
PMTR-47780
In VSX, BGP Multi-hop does not work correctly when configured on a Virtual Router. Do not configure it.
01920724,
PMTR-47739
RouteD with BGP Multi-hop consumes 100% CPU. If RouteD gets a route to the BGP peer from the peer itself and that route has a lower rank than the route used to establish the BGP connection then this route becomes active and routed starts using it to connect to the peer. This causes the BGP peer route to be deleted and return back to the original route since in BGP Multi-hop routed cannot use BGP routes to connect to peers. This scenario repeats endlessly and causes the high CPU utilization.
01490849,
PMTR-47732
In VRRP mode, the OSPF state is not synchronized and a new master cannot take the helper responsibility from the previous master.
01474954,
PMTR-47727
Fast failback with OSPF GR is not supported. A restart or failover during GR results in traffic outage.
01685327,
PMTR-47729
BGP routes cannot be used to establish connections to Multi-hop peers. 
01499120,
PMTR-47734
A change in topology can cause an unsuccessful exit of OSPF GR.
CloudGuard
00525805 User cannot configure a VLAN using the VM Guest Operating system in an ESX environment.
Mobile Access
02361011,
PMTR-47742
When using Mobile Access file shares with VSX, the DNS resolving of the hostname might not work correctly with file shares.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment