Support Center > Search Results > SecureKnowledge Details
Jumbo Hotfix Accumulator for R80.40 (R80_40_jumbo_hf) Technical Level
Solution
Click Here to Show the Entire Article

Availability | Important Notes| List of resolved issues | Installation instructions | Uninstall instructions | Revision History

 

Introduction

R80.40 Jumbo Hotfix Accumulator is an accumulation of stability and quality fixes resolving multiple issues in different products.

This Incremental Hotfix and this article are periodically updated with new fixes.

The list below describes each resolved issue and provides the Take number which includes the fix. A resolved issue is included in the Incremental Hotfix starting from the Take number listed in this table (inclusive). In addition, the table includes the date the take was published. List of files replaced by this Jumbo Hotfix Accumulator can be provided upon request by Check Point Support.

The Jumbo Hotfix Accumulator supports these products and configurations: Security Gateway, Security Management Server, Multi-Domain Management Server, Log Server, Multi-Domain Log Server, SmartEvent Server, Endpoint Security Server, VSX and Cluster.

  • Install this Jumbo Hotfix Accumulator only after you successfully complete the Gaia First Time Configuration Wizard and reboot.
  • For CPUSE installation, use CPUSE Agent build 1848 and higher (refer to sk92449).
  • We recommended to install Jumbo Hotfix Accumulator on all R80.40 devices. Refer to R80.40 Release Notes for the list of supported environments.

Also refer to sk98028 - Jumbo Hotfix Accumulator FAQ.

Support for Security Gateways Running on Open Servers

R80.40 Jumbo Hotfix Accumulator provides support for Security Gateways configurations running on Open Servers.
For an Existing Security Gateway running on Open Servers, a Blink image consisting of R80.40 GA image (Take 294) and R80.40 Jumbo Hotfix is available in the Download section below. For VSX and Standalone configurations, see sk168114.

For Freshly installed Open Servers, first use the R80.40 ISO image from the R80.40 Home page and then, before placing the machine into the production environment, install the R80.40 Jumbo Hotfix package from the below table (not the Blink image).

The R80.40 ISO image (Take 294) and the R80.40 image included in the Blink image are identical.


Availability

  • General Availability Take

    Take_78 is the latest R80.40 Jumbo Hotfix Accumulator General Availability release that can be directly downloaded from Check Point Cloud using CPUSE and from this article:

    Product Take Date CPUSE Offline package SmartConsole package
    Security Management and Security Gateway
    Jumbo HF Take_78 26 Aug 2020 (TGZ) (EXE)
    Build 411
    Blink Image for Security Gateway and Open Server 
    Clean Install / Upgrade
    R80.40 GA Take 294 + Jumbo HF Take_78
    09 Sep 2020 (TGZ)
    Blink Image for Security Management - Clean Install  (TGZ)

    • For Gaia Fast Deployment mechanism "Blink", refer to sk120193.
    • Effective October 4th 2020, the SmartConsole package has been updated to Build 411.

 

  • Ongoing Take

    Product Take Date CPUSE Offline package SmartConsole package
    Security Management and Security Gateway Jumbo HF Take_83 04 Oct 2020 (TGZ) (EXE)
    Build 411

    • For CPUSE Online Identifier, use Check_Point_R80_40_JUMBO_HF_Bundle_T<Take number>_sk165456_FULL.tgz
    • Effective October 4th 2020, the SmartConsole package has been updated to Build 411.



Take 83 | Take 78 | Take 77 | Take 74 | Take 69 | List of upcoming resolved issues



Important Notes

  • Before you perform an upgrade, refer to sk164258 to check the compatibility of Jumbo Hotfix Takes between different releases.
  • For information about Jumbo Hotfix support on different appliances, refer to sk166536.
  • VSX customers with Mobile Access Blade running Take 67-78 may fail to install in the VSX environment due to a missing configuration file. For more information, refer to sk169877. A fix was released as part of Jumbo Take 83.   

 

List of resolved issues per HotFix Take


ID Product Description
R80.40 Jumbo HotFix - Ongoing Take 83 (04 October 2020)
PRJ-8954,
MCFG-246
Upgrade Tools Upgrade from R80.10 to R80.40 may fail with messages related to cmsobfuscationkey. Refer to sk168933.
PRJ-15610,
PMTR-57447
Security Management NEW: Added ability to run Management REST API on a Multi-Domain Log Server.
PRJ-16147,
PMTR-58152
Security Management NEW:
  1. The "cma_migrate" command will continue working if the SSH connection with the Multi-Domain Server was lost.
  2. If the user presses "Ctrl+C" while cma_migrate is running, the user will be asked whether to stop cma_migrate or to continue.
PRJ-15501,
PMTR-56638
Security Management NEW: The $MDS_FWDIR/scripts/cpm_status.sh script will show if the CPM process fails to start.
PRJ-15497,
PMTR-57275
Security Management $MDS_FWDIR/scripts/solr_start.sh script may fail to start Solr Cure if sk123417 is applied.
PRJ-16876,
PRHF-12879
Security Management In some scenarios, sessions that were opened for the third parties or automatic scripts that use Management API, remain open. Refer to sk169072.
PRJ-11704,
PRHF-9017
Security Management The Purge Revisions operation may not clean deleted objects of previous revisions
PRJ-14297,
PRHF-11704
Security Management In rare scenarios, High Availability sync fails with "NGM failed to import data" error after the user deletes a Permission Role. 
PRJ-13463,
PMTR-54975
Security Management In rare scenarios, Install Policy Presets are not triggered.
PRJ-14492,
SMCUPG-1384
Security Management In some scenarios, migrating two different Security Management Servers to domains in the same Multi-Domain Management Server fails. 
PRJ-13919,
MCFG-242
Security Management In some scenarios, exporting the Security Management Server in order to migrate it to Domain in Multi-Domain Environment fails.
PRJ-13613,
PRHF-11300
Security Management In rare scenarios, the "where-used" API command fails with "Management server failed to execute command" error. 
PRJ-13727,
PMTR-55574
Multi-Domain Management NEW:
  • Global object deletion will be blocked if used in Domains on the Multi Domain Server. 
  • The "Unused Objects" filter in the Global Domain will show objects only if not used by all of the Domains on the Multi-Domain Server. 
PRJ-14455,
PRHF-11940
Multi-Domain Management Policies may disappear from the Global Domain Assignments view after running the Solr Cure utility. Refer to sk168060.
PRJ-15720,
PRHF-12271
Multi-Domain Management When the user attempts to add/change the Leading Interface through mdsconfig, it may fail with the "no external interfaces found on this machine" error. Refer to sk168319
PRJ-16427,
PMTR-58559
Multi-Domain Management Management HA incremental synchronization may break on the MDS level with "failed to import data" error message due to an operation related to the Compliance Blade.
PRJ-16438,
PRHF-12236
Multi-Domain Management After upgrading a Multi-Domain Management Server, the object version of the Domain Management Servers or Domain Log Servers in the MDS SmartConsole may not have changed.
PRJ-17307,
PMTR-59799
Multi-Domain Management In rare scenarios, the fwm process may stop working and fail the Multi-Domain Management server upgrade.
PRJ-15972,
PRHF-10916
SmartConsole Global Policy reassign in MDS may fail with "An internal error has occurred" message after adding overrides to Snort protections.
PRJ-15372,
PMTR-57065
SmartConsole The user may not be able to delete objects that are referenced by a previously deleted policy. Refer to sk122954.
PRJ-16091,
PMTR-55032
SmartConsole The "Get Interfaces" operation fails when admin creates a new cluster and decides to remove one of the members before he selects "Get Interfaces".
PRJ-13906,
PMTR-54935
SmartConsole In some scenarios, when working with older applications like SmartView or SmartProvisioning, the admin count in SmartConsole presents an incorrect number of connected admins.
PRJ-16342,
PMTR-58390
SmartConsole Setting or creating HTTPS layer (add-https-layer) with the "shared" parameter using the API may fail with the "Unrecognized parameter [shared]" error.
PRJ-12855,
PRHF-10453
SmartConsole Hit count data may not be deleted automatically.
PRJ-13456,
PRHF-10952
SmartConsole In some scenarios, Management API commands with 'details-level'=full return a truncated output. 
PRJ-15482,
PMTR-39061
SmartProvisioning In some scenarios, when the user installs policy on R77.30 Central Office Security Gateway from Management version R80 and higher, VPN tunnels may be dropped for LSM Gateways. 
PRJ-13171,
PRHF-9994
Compliance Compliance Partial Scans in Multi-Domain environments using Global Policies may lead to SmartConsole freeze or long publish times.
PRJ-13562,
PMTR-53242
Logging In rare scenarios, the evstop script does not stop all logging processes. As a result, upgrade procedures may hang and show no progress. 
PRJ-14357,
SL-4323
SmartView In SmartView, when the user sends a generated report via email in a language with non-standard English letters (Accented, Cyrillic, Chinese, Japanese, etc), some of the text may appear as question marks (?). 
PRJ-14362,
PMTR-54723
SmartView In SmartView, the icon is missing from the cover page of Compliance and Content Awareness PDF reports.
PRJ-12208,
PMTR-52793
Security Gateway UPDATE: Added the latest fixes and security improvements to OpenSSL.
PRJ-16624,
PMTR-58538
Security Gateway Updated Dynamic Balancing Clish commands. Refer to sk164155.
PRJ-16995,
PMTR-59154
Security Gateway In some scenarios, Dynamic Balancing is unable to configure MQ setting for some interfaces.
PRJ-16401,
PRHF-12631
Security Gateway When using Management Data Plane Separation (MDPS), schedule backup may fail.
PRJ-16912,
PMTR-59141
Security Gateway In some scenarios, a timeout occurs when the user enables resource separation via Clish.
PRJ-14126,
PMTR-56181
Security Gateway In some scenarios, compilation errors during policy installation are ignored instead of immediately failing the policy. This may cause drops on the Security Gateway.
PRJ-14634,
PRHF-12058
Security Gateway In rare scenarios, Security Gateway memory consumption may increase.
PRJ-15633,
PMTR-57462
Security Gateway In a rare scenario, Security gateway may crash due to NULL pointer reference.
PRJ-13346,
PRHF-8408
Security Gateway In a rare scenario, the FWD process opens connections to port 111. 
PRJ-13888,
PRHF-9759
Security Gateway An interface name with more than 15 characters may cause the policy installation to fail. Refer to sk167955.
PRJ-15841,
PRHF-12221
Security Gateway ICAP block page displays virus name as "Unknown" instead of the virus name as it appears in the logs.
PRJ-16406,
PRHF-12305
Security Gateway In some scenarios, when VPN blade or ISP Redundancy are used, traffic may be routed to the wrong interface. Refer to sk168881.
PRJ-16159,
PMTR-58124
Security Gateway In a rare scenario, Security Gateway may crash after policy installation.
PRJ-12947,
PRHF-10972
Security Gateway After policy installation, the output of the "cphaprob stat" command may show "HA module not started" when a large number of non-monitored Cluster interfaces are configured in SmartConsole.
  • This fix adds support for multiple non-monitored interfaces in SmartConsole.
PRJ-15771,
PMTR-57606
Security Gateway In some scenarios, DNS protections configured on inspection settings may not be enforced.
PRJ-14449,
PMTR-10041
Security Gateway In some scenarios, large number of interfaces defined on Security gateway may cause high CPU utilization by CPD process. Refer to sk168674.
PRJ-9849,
PRHF-7150
Security Gateway In some scenarios, SCCP traffic may be dropped by the Security Gateway. Refer to sk108124.
PRJ-17223,
PMTR-59359
Security Gateway Enabling both Dynamic Balancing and MDPS causes Dynamic Balancing to stop.
PRJ-17097,
PMTR-59478
Security Gateway In rare scenarios, Dynamic Balancing fails to start after boot due to state verification failure.
PRJ-15849,
PMTR-57739
Security Gateway SXL drop due to routing configuration when using security zone on bridge (layer2).
PRJ-17421,
PMTR-54539
Threat Emulation,
Security Gateway
In a rare scenario, Threat Emulation and 2 core appliances may freeze. Refer to sk169575.
PRJ-16107,
PRHF-12463
URL Filtering In some scenarios, there may be sporadic connectivity issues in the Anti-Malware/URLF service (RAD). 
PRJ-15689,
PRHF-12067
HTTPS Inspection In some scenarios, web traffic may be blocked with "Content Awareness - Error: Internal system error (1000)" error log.
PRJ-14543,
PMTR-56472
HTTPS Inspection In some scenarios, а CRL timeout may occur, which may cause slowness in HTTPS Inspection. Refer to sk169876.
PRJ-15800,
PMTR-57645
IPS In some scenarios, invalid characters are sent to gw-stat report.
PRJ-15581,
PRHF-9645
Application Control In some scenarios, deprecated applications are not removed/replaced during an upgrade from R77.30 to R80.x. Refer to sk131372.
PRJ-11730,
PMTR-52415
Anti-Malware In some scenarios, custom intelligence feeds with URL encoding characters may not be parsed correctly. Refer to sk168077.
PRJ-14067,
AVIR-1090
Anti-Malware In rare scenarios, Security Gateway may crash due to memory allocation failure.
PRJ-16500,
PMTR-58709
Anti-Malware In rare scenarios, Security Gateway crashes during CIFS traffic when the Anti-Virus blade is in Hold mode and the CIFS feature is enabled for Anti-Virus or Threat Extraction (see sk101606). 
PRJ-15540,
PMTR-54954
Mobile Access Mobile Access Secure Workspace feature does not work with SAML/IDP-based authentication when running Secure Workspace is optional.
PRJ-14652,
PMTR-56622
Mobile Access The Mobile Access Blade's portal dialog for editing web application SSO credentials may not work correctly.
PRJ-16998,
PRJ-16965
Mobile Access Mobile Access portal may become unresponsive after Jumbo Hotfix uninstallation. Refer to sk169152.
PRJ-17446 Mobile Access Mobile Access Blade may fail to install on VSX environments due to a missing configuration file. 
PRJ-16681,
PRHF-12714
SecureXL In a rare scenario, Security gateway may crash when receiving packets from an MDPS management interface.
PRJ-14463,
PRHF-4457
SecureXL In a rare scenario, the Security Gateway may crash when deleting certain non-TCP connections.
PRJ-10498,
PMTR-50926
SecureXL In some scenarios, SecureXL makes an offload decision to not accelerate multicast traffic for route-based VPN.
PRJ-15902,
PRHF-12374
SecureXL An asymmetric routing issue may occur between a Virtual System and a Virtual Switch/Router.
PRJ-15485,
PMTR-54930
Routing BGP fails to establish with high MTU setting on Gaia 3.10.
PRJ-15393,
PRHF-11950
Routing A TCP connection between cluster master and slave may flap on OSPF attempt to delete a non-Max-Aage LSA.
PRJ-16575,
SPC-3089
Routing In some scenarios, the routed daemon may stop working with BGP.
PRJ-14407,
PMTR-54728
VPN Connectivity improvements for Remote Access VPN with L2TP.
PRJ-15534,
PMTR-56073
VPN The "vpn tu tlist" command shows the wrong number of clients connected in Visitor mode.
PRJ-10953,
PRHF-8923
VPN In some scenarios, VPN tunnel connection is dropped with "no MSA for MSPI" error. Refer to sk167393.
PRJ-15331,
VPNRA-379
VPN In some scenarios, Remote Access VPN traffic may be dropped when XFF is enabled.
PRJ-15322,
PMTR-48973
VPN In some scenarios, using LS/HA mode on a VPN tunnel may cause packets to be dropped. Refer to sk160612.
PRJ-14576,
PMTR-54771
VPN IP compression may not work in some scenarios when IKEv2 is configured.
PRJ-15622,
PMTR-57459
VPN Access Roles with MAB SNX as the client type may not work.
PRJ-11052,
PRHF-7972
VPN Improved NAT Detection with 3rd party peers in IKEv1 and IKEv2. Refer to sk165003.
PRJ-16211,
VPNRA-469
VPN Stability improvement for Remote Access VPN.
PRJ-15467,
PMTR-46467
VPN When IKEv2 is configured, traffic that originated from the DAIP external interface may fail to pass. 
PRJ-15838,
PMTR-40895
VPN When a Gateway does not recognize the SPI, it sometimes sends the "Invalid SPI" notification in clear. As a result, the peer may ignore it, resulting in an outage.
PRJ-16015,
PMTR-55514
VPN In rare scenarios, Remote Access clients may not be able to re-connect after a failover. 
PRJ-15996,
PRHF-11856
Gaia OS NEW: Added Multi-Queue (MQ) support for Sync interface.
PRJ-14591,
PRHF-12060
Gaia OS Reduced the logging of vague messages when the user adds a known host in Clish.
PRJ-12864,
PMTR-51379
Gaia OS Creating LOM users for Smart-1 525/625/5050/5150 appliances may fail if the username length is shorter then 4 characters. 
PRJ-11861,
PRHF-9702
Gaia OS It is not allowed to create usernames with reserved words, such as 'eval', 'apply' etc., in the middle of the username in WebUI.
PRJ-11994,
PRHF-10312
Gaia OS In rare scenarios, a snapshot creation may fail. 
PRJ-12741,
PMTR-51157
Gaia OS Restore backup may fail due to unmatched upgrade tools. 
PRJ-16922,
PRHF-12593
Gaia OS In a rare scenario, the "Allowed-clients" feature does not work as expected for SSH.
PRJ-13942,
PRHF-11368
Gaia OS In some scenarios, when the RADIUS user enables bash logging (as per sk99134) and moves to expert mode, the username in the log files appears as admin instead of RADIUS.  
PRJ-16080,
PMTR-57581
Gaia OS In some scenarios, when the user tries to return to the factory default, the machine reverts to a different snapshot. 
PRJ-16567,
PRHF-12526
Gaia OS In the Management Data Plane Separation (MDPS) environment, the output for the "show asset network" command may not report some line cards if they have mixed management/data plane interfaces.
PRJ-10079,
PMTR-50675
Gaia OS When enlarging the partition via lvm_manager from a small partition to a larger partition, the user may reach an internal filesystem settings limit. As a result, some filesystem monitoring commands stop working. 
PRJ-15861,
PMTR-57779
Gaia OS "... Error I40E_AQ_RC_EINVAL adding RX filters on PF..." error may appear during i40e driver operation and RSS key may be reset during certain driver operations.
PRJ-11130,
PMTR-51775
Gaia OS Setting LACP rate does not survive a reboot on Gaia 3.10.
PRJ-15600,
PRHF-11404
Endpoint Security Gaia backup with Endpoint Management may miss some information from the Endpoint database. Refer to sk168062.
PRJ-16474,
PRHF-11087
Endpoint Security "An unexpected error occurred" message may appear when the user clicks on 'View Current Status' in SmartEndpoint's 'Overview' tab. Refer to sk167176.  
PRJ-15423,
PMTR-57126
CloudGuard IaaS NEW: Added support for VMware vCenter version 7 to CloudGuard Controller.
PRJ-12838,
PMTR-53868
CloudGuard IaaS NEW: Added new AWS regions af-south-1, ap-northeast-3, and eu-south-1. 
PRJ-16019,
PRHF-12425
CloudGuard IaaS In some scenarios, CloudGuard Controller may lose connection to GCP projects. Refer to sk168499.
PRJ-16254,
PRHF-12538
CloudGuard IaaS Scanning of GCP Data Center may fail when instance does not have disks.
PRJ-12185,
VSECC-1293
CloudGuard IaaS CloudGuard Controller may sometimes update the Standby cluster member in VSLS mode.
PRJ-16223,
PRHF-12510
CloudGuard IaaS Azure Data Center scan may fail and no updated are sent to the Security gateway.
PRJ-15355,
STRM-152
QoS In some scenarios, QoS Policy installation fails with the following message: "Error - QoS Policy does not apply to any network interface. Please edit your Network Object and check the interfaces you wish to install on" when policy is defined properly on the interface.
R80.40 Jumbo HotFix - General Availability Take 78 (26 August 2020, GA from 9 September 2020)
PRJ-13962,
PMTR-55974
Security Management NEW: Added the ability to purge revisions automatically based on user configuration. Refer to Automatic Purge Documentation.
PRJ-12308,
PMTR-48736
Security Management NEW: Added enhancements for CPM Monitor Tool:
  • Compatibility of file names between Linux and Windows.
  • Better and more readable resources consumption report.
  • All data is wrapped into a single tgz file, for better handling.
PRJ-14645,
PRHF-11983
Security Management NEW: Solr server process is restarted automatically if it is not responsive for a long time.
PRJ-13809,
PMTR-55860
Security Management Publish operation of hundreds of changes may take a long time to complete.
PRJ-16195,
PRHF-9260
Security Management When running the 'show-access-rulebase' API command with filter, and the selected layer is an inline layer, rules of the inline layer are not returned even though they match the search criteria.
PRJ-11491 Security Management Access Policy installation may remain on Multi-Domain Server with Global Policy assigned when there is Inline layer usage and APPI/DA/Mobile Access blade is enabled. Refer to sk166676.
PRJ-13319 Security Management Upgrade from R80.10 may take many hours when there are hundreds or more Administrators and dozens or more Permission Profiles defined.
PRJ-13920 Security Management In Multi-Domain environments with High Availability, if the Management Server is stopped while there is a Purge Revisions operation in progress, the server may fail to start again. Refer to sk168175.
PRJ-13167,
PMTR-53758
Security Management When an administrator enters a very long text into an object field (more than 32767 characters), the Security Management Server terminates and fails to start. 
PRJ-13049,
PRHF-11033
Security Management After the user adds new Threat Indicators, Management HA may fail with "NGM failed to import data" error. Refer to sk167156
PRJ-15459,
PRHF-6093
Multi-Domain Management Policy Installation may fail due to an internal error in an MDS environment where there is a Global Dynamic object usage inside Networks Groups with a depth that is higher than 2-level (group inside a group).
PRJ-14096,
PMTR-56164
SmartConsole NEW: Added new API version (1.6.1). The new version includes useful new commands. For more information, refer to the Management API Reference
PRJ-13008,
PRHF-10998
SmartConsole In the Management API, the "show objects" command with details-level full may return the "ip-address" field even if it is empty.
PRJ-14290,
PMTR-53220
SmartConsole If there are thousands (or more) of unused objects, the "show unused-objects" API command and the Unused Objects view may load and work very slowly. Also, the load on the Management server will increase, causing general slowness when working with SmartConsole.
PRJ-14532,
PMTR-55130
SmartView In some scenarios, when the user attempts to download a DLP attachment from the log card in SmartView, the download does not start.
PRJ-12705,
PRHF-10295
SmartView The SmartView Timeline may be distorted when logs contain an empty value for the field specified in the “Series” settings and when the Legend is enabled. Refer to sk167095.
PRJ-12099,
PMTR-52324
Logging NEW:
  • Added Management API command "show logs" to query logs.
  • Added Management API command "get attachment" to fetch attachments from logs by log ID and attachment ID.
PRJ-14049,
PRHF-11502
Logging In some scenarios, the command "cp_log_export status" prints "last log read at: N/A" rather than a timestamp.
PRJ-14372,
PRHF-10818
Security Gateway UPDATE: Reduced CPU usage in some configurations by parsing TLS traffic only when required by the policy. See sk166700 for more information.
PRJ-14007,
PRHF-11326
Security Gateway In some scenarios, ESP traffic may be dropped with "fwconn_key_init_links (INBOUND) failed" message. Refer to sk167973.
PRJ-13678,
PMTR-53479
Security Gateway In some scenarios, dmesg shows "up_manager_perform_action: up_manager_resume_chain failed" error messages when span port is configured.
PRJ-8049 Security Gateway When running 'fw6 ctl affinity -l' command, the IPv6 instances are not displayed.
PRJ-13267,
PMTR-54226
Security Gateway Occasional slowness while browsing to HTTP/2 sites when Security Gateway is enabled as an explicit Proxy.
PRJ-13696,
PMTR-55510
Security Gateway Proxy arp change is applied only after the second policy installation.
PRJ-14217,
PMTR-56300
Security Gateway In a rare scenario, the Security gateway may crash if the rulebase contains a logical server object.
PRJ-11752,
PMTR-52426
Security Gateway Citrix file download may fail when the Mobile Access blade is enabled.
PRJ-11417,
PRHF-9776
Security Gateway In some scenarios, NAT log shows source port 0 even though a port was allocated.
PRJ-13382,
PMTR-54897
Security Gateway In some scenarios, Security gateway generates an ICMP error with wrong IP address. Refer to sk167953.
PRJ-13631,
IDA-2683
Identity Awareness NEW: Added the ability to filter sessions by session's owner and immediate publisher in Identity Broker.
PRJ-9494,
PMTR-49855
Identity Awareness UPDATE: SAML configuration optimizations of policy installation flow.
PRJ-12565,
IDA-2983
Identity Awareness PDP may consume high CPU during policy installation because of a large amount of Access Roles.
PRJ-10818,
PMTR-51543
Identity Awareness In a rare scenario, a memory leak may appear in case of LDAP query failure on Identity Collector automatic group update.
PRJ-8713,
PRHF-7978
Identity Awareness In some scenarios, Dynamic ID authentication fails when SMS server returns HTTP status code 2xx but not 200 or 202.
PRJ-13516,
PMTR-55246
Identity Awareness In some scenarios, a XFF allowed proxy list is enforced only for instance 0 in VSLS environment after VS has transitioned from Backup to Active.
PRJ-13702,
PRHF-561
Identity Awareness In some scenarios, when the user changes the TACACS+ server to a different one, the configuration is applied only after an MDS reboot. 
PRJ-12503,
PRHF-10481
Identity Awareness In some scenarios, Identity Awareness counters in cluster environments show zero. 
PRJ-11484,
PMTR-40495
SSL Inspection DynamicID authentication may fail due to server certificate validation failure. Refer to sk167177
PRJ-10663,
PRHF-9289
Anti-Malware In some scenarios, a "Feed Error" message appears when the user fetches a Custom Intelligence Feed. Refer to sk165932.
PRJ-12809,
PMTR-51013
Threat Emulation In a rare scenario, files are not uploaded for Threat Emulation or Threat Extraction inspection.
PRJ-14224 ClusterXL In some scenarios, SmartConsole shows ClusterXL status as "is not responding". Refer to sk168187
PRJ-14612,
PRHF-7700
SecureXL UPDATE: Added a global variable that enables log for packets that include unapproved IP option. This variable is off by default.
PRJ-14514,
PRHF-10860
SecureXL In a rare scenario, a VSX gateway with Virtual Switch may crash.
PRJ-13414,
ACCHA-301
SecureXL DECnet DIGITAL Network Architecture (Phase IV) traffic may be dropped. Refer to sk167202.
PRJ-13763,
PMTR-55537
SecureXL Security Gateway may crash when concurrent connection rules exist in the DOS/Rate limiting policy and the Application Control blade is enabled.
PRJ-14079,
PMTR-56026
SecureXL For some topologies, RIPV2 neighbors may be missing. Refer to sk167934
PRJ-12254,
PMTR-23165
Mobile Access In some scenarios, Mobile Access end-users become disconnected from their Citrix sessions after policy installation.
PRJ-13730,
PMTR-54159
Mobile Access In some scenarios, Web application SSO credentials are not displayed correctly in the 'Credentials' dialog when the application's destination hostname is configured as an IP address.
PRJ-14435,
PMTR-53221
Gaia OS NEW: Added support for CPAC-4-10-AB cards.
PRJ-14596,
PMTR-55036
Gaia OS NEW: Added Multi-Queue (MQ) support for Management interface.
Note: Enabling both Dynamic Balancing and MDPS causes Dynamic Balancing to stop.
PRJ-13642,
PMTR-54518
Gaia OS NEW: The i40e driver version was upgraded to improve performance.
PRJ-13011,
PMTR-54188
Gaia OS RX/TX ring size may reset when changing queue settings.
PRJ-15424,
PMTR-57108
Gaia OS Gaia API Service is offline after upgrade to R80.40.
PRJ-13480,
PMTR-55154
Gaia OS Intake and outlet temperature sensors display incorrect values on 15400 appliance. 
PRJ-12513 Gaia OS In some scenarios, due to backup compression errors, restoring a backup does not restore all files.
PRJ-13719 Gaia OS In some scenarios, a snapshot creation may fail.
PRJ-10352,
PRHF-8760
Gaia OS In rare scenarios, clish consumes 100% CPU when the user runs a Tenable scan. Refer to sk166195.
PRJ-14402,
PRHF-11683
Gaia OS In some scenarios, the snapshot creation fails because of compression errors.
PRJ-13926,
PMTR-54829
Routing UPDATE: Increased the configuration limits of the BFD timers for detect multiplier, minimum RX interval, and minimum TX interval to 255, 255000, and 255000, respectively.
PRJ-13979,
PRHF-11680
Routing UPDATE: The logging of "aspath-regex" and "community-regex" routemap fields is now disabled by default and can be enabled through the trace log.
PRJ-11805,
VPNRA-357
VPN In some scenarios, an incorrect IPSec counter may be displayed with cpstats / SmartView Monitor / SNMP in a ClusterXL environment. Refer to sk167297.
PRJ-14074,
VPNRA-404
VPN When Security gateway is behind NAT and its main IP address is configured to NAT IP, Client may disconnect when using Visitor Mode.
PRJ-14244,
PRHF-7995
VPN VPN traffic may be dropped when working with peer behind NAT - Hide NAT with Port Translation. 
PRJ-13408,
PMTR-54443
VPN In rare scenarios, the Global Domain Assignment view shows that a Global Domain Assignment is in the 'up to date' state even though it is not. 
PRJ-14075,
VPNRA-417
VPN When using Visitor Mode, Endpoint Client behind NAT disconnects after 20 seconds when his private network overlaps with some network in the Encryption Domain.
PRJ-15437,
PRHF-12039
VSX VSs load up in parallel from boot/after cpstart from VS0.
PRJ-14151,
PRHF-11651
Endpoint Security In some scenarios, no audit logs are shown regarding object changes in SmartEndpoint virtual groups and FDE pre-boot users. Refer to sk167907.
PRJ-14133,
PRHF-7699
Endpoint Security In some scenarios, the user cannot get an FDE Offline Management File (cpomf) for an offline group in SmartEndpoint if this group or a directory in its path has special characters \ _ %. 
R80.40 Jumbo HotFix - General Availability Take 77 (18 August 2020, GA from 25 August 2020)
PRJ-16351,
PRJ-14399
Security Gateway Updated dependencies of internal OS packages during Security Gateway installation.
R80.40 Jumbo HotFix - Ongoing Take 74 (05 August 2020)
PRJ-10159,
PRHF-8586
Logging "UserCheck Reference ID” field is missing from logs when the message of the UserCheck customized page is modified and does not contain the text "reference:". Refer to sk165355.
PRJ-13589,
PRHF-11311
Security Gateway In a rare scenario, Security Gateway may crash during policy installation.
PRJ-15983 VPN Starting from R80.40 Jumbo Hotfix Take 48, clients that do not support MFA (such as Mac OS and iOS) cannot connect as Remote Access clients if MFA is enabled. Refer to sk168493.
R80.40 Jumbo HotFix - Ongoing Take 69 (27 July 2020)
PRJ-12005,
PMTR-49928
Security Management NEW: Added a new SmartTask trigger for "Before Login".
PRJ-12026,
PMTR-51885
Security Management NEW: Tasks that fail to complete within 18 hours will be stopped automatically and appear as failed. Refer to sk166455.
PRJ-12376,
PRHF-10550
Security Management Policy Presets may disappear from view after running the Solr Cure utility. Refer to sk167455.
PRJ-12142,
CPM-2624
Security Management Management HA synchronization between the active Domain server to a standby Domain server may fail with "Failed to import data" error.
PRJ-12671,
PMTR-52789
Security Management If an administrator searches for a certain text in SmartConsole, it may cause the Management Server to become inaccessible until a restart.
PRJ-14086,
PRJ-14088,
PMTR-55188
Security Management A policy that uses Access Role objects may incorrectly show the rule conflict when verifying it using "Verify Access Control Policy". The same policy will pass successfully when performing 'install policy', as expected. Refer to sk168066.
PRJ-14089,
PRHF-11750
Security Management Access Role in source \ destination column with "Redirect to Captive Portal" as an action on the Accept column may cause the policy verification to fail, but policy installation finishes successfully. Refer to sk167732.
PRJ-10059,
PRHF-8924
Security Management In some scenarios, Security policy deletion or installation may fail when there are many Application Control objects used in this policy.
PRJ-13157,
CPM-2811
Security Management In rare scenarios, a session becomes unusable, and one or more of the following may occur:
  • The user is not able to log in and make changes with this session.
  • Publishing this session fails.
  • Discarding this session fails.
Refer to sk167735.
PRJ-13034,
PRHF-10917
Multi-Domain Management Global Policy reassignment may fail after performing the IPS update in the Global domain.
PRJ-12901,
PMTR-53694
SmartConsole NEW: Added more information on each Management API call to api.csv.
PRJ-12906,
PMTR-53855
SmartConsole When using the Management API "show-objects" command to show OPSEC application objects, it may fail with "Requested object [OBJECT ID] not found".
PRJ-12975,
PMTR-51691
SmartConsole When a VSX Cluster object is edited, no changes are made and the  "Topology has changed. Please reinstall Security Policy" message is always displayed after clicking OK, even if no changes are made.
PRJ-13900,
PRHF-11537
SmartConsole Audit log is not shown in SmartConsole Logs & Monitor View for the login action through API when the "-r" flag is set to true (login as root).
PRJ-10201,
PRHF-9019
SmartView SmartView may show "query failed" error message when creating table widget with filter by source/destination host name. Refer to sk119056.
PRJ-12692,
MB-731
Compliance Compliance blade may show incorrect Best Practice status if one or more relevant network objects for that Best Practice is in status "N/A".
PRJ-11889,
PRHF-10057
Logging In some scenarios, searching for logs using "client_name" in the logging tab returns no values.
PRJ-11312,
PMTR-51802
Logging In Multi-Domain Management environments, some of the log_indexer processes may fail to start due to an occupied port.
PRJ-13914,
PMTR-55977
Security Gateway NEW: Added Spike Detector - a new daemon under the cpwd_admin monitor. Refer to sk166454.
PRJ-11503,
PMTR-52209
Security Gateway NEW: Added "Hold" override for unsupported protocols (i.e. GRE). Refer to sk148432.
PRJ-13568,
PMTR-50532
Security Gateway Connectivity issues may appear when ISP Redundancy is configured.
PRJ-14483,
PMTR-54946
Security Gateway When moving context in MDPS with mplane or dplane and bash logging is enabled, the 'grep' command is executed.
PRJ-11743,
SWG-2533
Security Gateway Improved connectivity in a specific flow when ICAP Client is enabled with Trickling 3.
PRJ-10298,
PRHF-8781
Security Gateway In some scenarios, the license status of the Security gateway is not updated properly in SmartConsole.
PRJ-11696,
PRHF-9799
Security Gateway In a rare scenario, access rules with service type of "other" may not be matched correctly. Refer to sk166365
PRJ-13766,
PRJ-13204
Security Gateway In rare scenario, a traffic outage may occur when time objects are used in the access policy.
PRJ-10767,
PRHF-8926
Internal CA In some scenarios, no SIC between R80.x Security Management and R77 Security gateway after ICA certificate replacement procedure described in sk158096.
PRJ-12341,
PMTR-53146
URL Filtering In a rare scenario, policy installation may fail with "Error code: 0-2000112" if the URL Filtering blade is active while no other feature or blade is enabled.  
PRJ-12621,
PMTR-45782
Identity Awareness After disabling and re-enabling the Identity Collector in SmartConsole, the Identity Collector may fail to connect to the PDP Gateway again.
PRJ-13150 Anti-Virus In a rare scenario, Security gateway may crash while processing SMB3 multi-channel while Anti-Virus blade is enabled.
PRJ-13599,
PMTR-55344
HTTPS Inspection In some scenarios, web traffic is blocked with "HTTP parsing error occurred" and "parameters are undecodable in request" errors.
PRJ-13110,
PRHF-11112
HTTPS Inspection In some scenarios, HTTPS websites may show corrupted text when HTTPS Inspection and Anti-Virus are enabled.
PRJ-12767,
TEX-1762
Threat Extraction In rare scenarios, the watermark_cp_file_convertd daemon used by Threat Extraction may restart frequently, causing high CPU usage. Refer to sk168318.
PRJ-13118,
PMTR-52580
DLP Improved DLP functionality when working with IDA MUH1 and MUH2 agents.
PRJ-11552 SecureXL In some scenarios, MCAST packets may not be accelerated on a PIM-SM RP Gateway.
PRJ-12710,
PRHF-10849
ClusterXL In some scenarios, a Cluster member forwards ICMP replies via its Sync interface after being rebooted.
PRJ-12999,
PMTR-51108
CoreXL On appliances with Dynamic Balancing enabled, allocation of CoreXL SND cores is limited by the interface with the minimal number of Rx queues.
PRJ-13773,
PMTR-53346
CoreXL On 23900, 26000(T) and 28000 appliances with Dynamic Balancing enabled, CPView shows several CPU cores as “Other”. Dynamic Balancing does not work on these CPU cores.
PRJ-11452,
PMTR-51868
Gaia OS NEW: Added support for Smart-1 3150/3050 SAN and 'show asset' line cards for SAN.
PRJ-12932,
PMTR-53897
Gaia OS NEW: Added line card model information to "show asset network" output for the following appliance series: 5000, 6000, 15000, 23000, 7000, 16000, 26000 and 28000.
PRJ-11047,
ACCL-417
Gaia OS UPDATE: CPView Network -> Top-Protocols and Network -> Top-Connections tabs were added back. Refer to sk167903.
PRJ-12249,
PMTR-52663
Gaia OS

UPDATE: on Smart-1 5050:

  • Line card 1 model PE2G2SFPi35*-CP* is changed to CPAC-2-1F-SM*-C*
  • Line card 2 model PE210G2SPI9A-XR*-CP* is changed to CPAC-2-10F-SM*-C*
PRJ-12762,
PMTR-52834
Gaia OS In some scenarios, WebUI shows unknown HDDs that are not part of RAID.
PRJ-13627,
PRJ-13627
Gaia OS The show configuration clish command shows 'Exported by admin' label even if it is another user.
PRJ-14451,
PRHF-11802
Gaia OS In some scenarios, the snmpd process stops accepting connections in MDPS/VSX environment.
PRJ-12956,
PRHF-10941
Gaia OS User fails to add ecsda hot keys via clish to the hosts file. This prevents from setting up the scheduled backups before the system goes into production.
PRJ-13272,
GAIA-7496
Gaia OS In some scenarios, the value for Voltage/Fan/Temperature sensor may appear as "NotValid".
PRJ-8950,
GAIA-7018
Gaia OS In some scenarios, interface names may not correspond to the correct ports on 4-ports 10GbE SFP+ Rev 1.1 on 12200/4200/4400/4600/4800/TE250 appliances. 
PRJ-11499,
PMTR-51462
Gaia OS In some scenarios, the PSU status is reflected even if there is no PSU on the appliance
PRJ-10763,
PRHF-9221
Gaia OS Only 1024 characters of a cron jobs output are displayed when using show cron jobs from clish.
PRJ-12519,
PRHF-10672
Gaia OS In some scenarios, a backup on a Gaia device with Threat Emulation Blade enabled may fail with "Cannot complete the backup process: not enough space". Refer to sk166833
PRJ-12465,
PRHF-388
VPN In a rare scenario, Security gateway may crash when using Remote Access VPN with L2TP clients.
PRJ-12892,
PRHF-10685
VPN IKEv2 rekey may fail when the resolved peer IP address is not the main IP address. Refer to sk166897.
PRJ-13342,
PRHF-1164
VPN In some scenarios, L2TP client fails to connect with "failed to write L2TP session params to kernel" error in vpnd.elg file. Refer to sk167636.
PRJ-12195,
PRHF-9885
VPN A connectivity issue may occur when a non-encrypted VPN tunnel is used with IKEv2. 
PRJ-14461,
VPNS2S-1322
VPN In some scenarios, VPN tunnels may get disconnected.
PRJ-12814,
PMTR-53248
VSX When SNMP is in VS mode, the SNMPD process of VSs may re-launch every few minutes. Refer to sk167112.
PRJ-14045,
PRHF-11742
VSX "Internal Error - Failed to commit changes to OS" error when user creates a Wrp interface with MTU greater than 1500. Refer to sk167715.
R80.40 Jumbo HotFix - General Availability Take 67 (23 July 2020, GA from 27 July 2020)
PRJ-15513,
PMTR-57274
Logging In some scenarios, logs are not available with "Query Failed" message in the logging view, and "An error occurred instantiating job to be executed. job= 'maintenance.routineMaintenance'" message appears in the $RTDIR/log/RFL.log file. Refer to sk168616.
PRJ-14354,
PMTR-55604
Gaia OS In some scenarios, user cannot start IPMI service and loses the IPMI functionalities like lominfo and lomipset.
PRJ-12745,
PMTR-48781
Gaia OS In some scenarios, user cannot start IPMI service on 21400 appliance with "service ipmi start" command.
R80.40 Jumbo HotFix - Ongoing Take 65 (19 July 2020)
PRJ-14581,
PMTR-52149
ClusterXL Connectivity issue may appear on a Standby cluster member after installing R80.40 Jumbo HotFix Takes 53-55. Refer to sk167874.
R80.40 Jumbo HotFix - Ongoing Take 55 (30 June 2020)
PRJ-13958,
PRJ-13803
Security Management Upgrade to R80.40 Jumbo HotFix Ongoing Takes 53 and 54 fails when upgrading from one of the following:
  • R80.30 Jumbo HotFix Ongoing Takes 210 and 213
  • R80.20 Jumbo HotFix Ongoing Takes 160 and 161
R80.40 Jumbo HotFix - Ongoing Take 54 (24 June 2020)
PRJ-13686 Security Management In some scenarios, when using many management API calls in parallel, the output is not consistent. Refer to sk167509.
R80.40 Jumbo HotFix - Ongoing Take 53 (15 June 2020)
PRJ-11387,
PMTR-52087
Security Management NEW: Significant performance improvement for policy installation time when many groups are defined on the Management Server.
PRJ-10901,
PMTR-49801
Security Management NEW: Set values for environment variables on the Management Server that will remain there after a Management Server upgrade, as well as Backup/Restore and Export/Import of the Management Server. Refer to sk165938.
PRJ-12914,
PMTR-48623
Security Management In some scenarios, pressing "Where Used” does not show a script that is used in SmartTasks. 
PRJ-12275,
PMTR-53007
Security Management In Management HA configuration, a hotfix installation may incorrectly fail during the verification phase.
PRJ-11586,
PRHF-9260
Security Management In some scenarios, when using Rulebase Search, the 'number of rules' section is incorrect. Refer to sk166003.
PRJ-12506,
PRHF-10058
Security Management When using packet mode in Rulebase Search, results from inline layer may be matched even though their parent layer is not.
PRJ-12359,
PMTR-33408
Multi-Domain Management NEW: Added ability to log in to the Management Server with SmartConsole while MDS Backup is running.
PRJ-12966,
PRHF-10944
Multi-Domain Management In some scenarios, certain deleted domain level objects are visible in the SmartConsole at the MDS level.
PRJ-9666,
PRHF-8502
Multi-Domain Management In environments with more than five Multi Domain servers, changes to objects may not be reflected in the logs. 
PRJ-12484,
PRHF-10330
Multi-Domain Management Multi-Domain Administrator configuration for RADIUS authentication may show local Domain Radius servers and groups.
PRJ-12326,
PMTR-48272
Multi-Domain Management The "Recent Tasks" and "Install Policy Preset" views in MDS Domain may include Domain names, policy packages, and Gateways names. This information is not filtered according to the administrator's permission profile. 
PRJ-12206,
PRHF-10405
Multi-Domain Management In some scenarios, changes to a .def file in $FWDIR/lib may be reverted when creating a secondary CMA.
PRJ-11507,
PRJ-11508
Multi-Domain Management A migration from Security Management server to a Domain on a Multi-Domain Management Server may fail with: “didn't find ObjectStoreSessionEntity for session <uuid> return null" error in cpm.elg file. 
PRJ-12556,
PRHF-10523
Multi-Domain Management In some scenarios, updating firewall_properties in GuiDBedit in the MDS context fails. Refer to sk42184
PRJ-13187,
PMTR-54274
Multi-Domain Management In a rare scenario, Advanced upgrade from R80.10 may fail.
PRJ-12066,
PRHF-10327
Multi-Domain Management The FWM process of domains may not stop after the user runs mdsstop or mdsstop_customer.
PRJ-12778,
PMTR-52320
SmartConsole NEW: Added API commands for user, user-template, user-group and identity-tag.
PRJ-11074,
PMTR-51815
SmartConsole NEW: Added ability to reset the following network object fields to be empty through the Management API: ipv4-address, ipv6-address, subnet4, subnet6, mask-length4, and mask-length6.
PRJ-11906, 
PRHF-10275
SmartConsole In rare scenarios, certain domain level objects may not be visible in SmartConsole at the MDS level. 
PRJ-12457,
PRHF-8968
SmartConsole In some scenarios, IPS update may be locked with the message "IPS management update is locked by Scheduled update" .
PRJ-12539,
PRHF-9941
SmartConsole Unable to delete Snort protections in Multi-Domain environment - they still exist after deletion.
PRJ-12444,
PRHF-8488
SmartConsole In some scenarios, IPS update tasks may stuck when multiple machines are attempting an update within the same time frame.
PRJ-12961,
PRHF-10916
SmartConsole Global Policy reassign in MDS may fail with 'An internal error has occurred' message after adding overrides to Snort protections.
PRJ-12211,
PMTR-52897
SmartConsole When running the "show-domain" API command, the "active" field may be missing from the reply.
PRJ-11259,
PRHF-9106
SmartConsole In some scenarios, Inspection Settings view under the General tab is blank.
PRJ-11433.
PRHF-8506
SmartProvisioning The SmartProvisioning application may hang when the user adds/edits Dynamic Objects in the LSM Gateway object editor. 
PRJ-11917,
PMTR-51950
Security Gateway NEW: Added support for key renegotiation in SSH Deep Packet Inspection (DPI).
PRJ-9121,
PRJ-8907
Security Gateway Connections may be dropped when "keep all connections" is configured during policy installation. Refer to sk166212.
PRJ-11781,
NAT-215
Security Gateway In a rare scenario, the Security Gateway may crash when using a non- FQDN domain object in the policy.
PRJ-13078,
PMTR-54306
Security Gateway When HTTPS Inspection is enabled using layer-2/bridge, traffic may be dropped when deciding the outgoing interfaces.
PRJ-12733,
PMTR-53779
Security Gateway In a rare scenario, memory is not freed correctly in the routing mechanism.
PRJ-12237,
PRHF-10039
Security Gateway In a rare scenario, Security Gateway memory consumption may increase when the Anti-Virus blade is enabled.
PRJ-13091,
PRHF-11016
Security Gateway
  • CPView Utility may not display speed and driver.
  • SNMP does not use custom OID, dplane OID mapping to mplane.
  • Some connections through mplane on Standby member may be dropped.
PRJ-13148,
PMTR-54459
Security Gateway In some scenarios, IPS & APPI updates fail when Anti-Virus and Content Awareness blades are active.
PRJ-9700 Logging NEW: Added support for viewing MITRE ATT&CK fields in logs. 
PRJ-9317,
PRHF-8166
Logging Logging view may show results from the wrong day if the server Time Zone is configured to use half/quarter hour deviations from standard time.
PRJ-8923,
PRHF-8148
Logging When the user searches logs in the "Logs and Monitor" tab in SmartConsole and applies a filter using the "?" wildcard, incorrect logs may be returned. 
PRJ-8481,
PRHF-7592
Logging "Problem has occurred during search < External Log server > Disconnected" error may appear in "Logs & Monitor" tab after creating dummy object for NAT.
PRJ-9738,
PMTR-37265
SmartView In SmartView, deleting widgets and clicking on "Discard" may not revert all changes.
PRJ-10671,
PMTR-49128
SmartView In SmartView, when using a language other than English, an error may occur when drilling down on a widget.
PRJ-11058,
PRHF-9354
Application Control In some scenarios, Application Control update task may get stuck indefinitely when it is executed as part of Global Policy assignment.
PRJ-12167,
PMTR-52106
Application Control In some scenarios, Application Control updates in Multi-Domain High Availability environments may get stuck when multiple updates from different Domains/Multi-Domains take place simultaneously.
PRJ-9565,
PRHF-8153
Threat Prevention The number of overrides in Threat Prevention policy -> Profile -> Overrides may also show inactivated overrides, with mismatched information between "override" and "User Modified". 
PRJ-12433,
PRHF-11043
Threat Prevention In a rare scenario, when Threat Prevention Forensics feature is enabled, memory usage may rise on the Security gateway due to failures in memory release flow.
PRJ-10672,
PMTR-51385
SSL Inspection NEW: Added support for FutureX HSM when working with outbound HTTPS Inspection.
PRJ-11435,
PMTR-52216
Anti-Malware In some scenarios, "Feed Error" message appears when fetching a IOC feed.
PRJ-10849,
PMTR-50978
UserCheck In a rare scenario, the UserCheck daemon may fail with core dump file created.
PRJ-12603,
PMTR-53442
Mobile Access Mobile Access ActiveSync session timeout may not update properly, generating repeated error messages in the 'cvpnd.elg' debug output. 
PRJ-10417,
MAGB-781
Mobile Access Some Web applications published by Mobile Access Blade may not work in Host Translation mode.
PRJ-9780 ClusterXL Resetting SIC on a Cluster member may result in CCP Encryption turned OFF while it should remain ON.
PRJ-10979,
PMTR-43718
ClusterXL SNMP Response for OID .1.3.6.1.4.1.2620.1.5.6 ("haState") is "Active" on all members of ClusterXL High Availability mode. Refer to sk106291.
PRJ-11611,
PMTR-52275
ClusterXL In some scenarios, the fwk process stops working on cluster member.
PRJ-11402,
PRHF-9845
SecureXL NEW: Performance improvement for DOS/Rate Limiting rules under a high connection rate.
PRJ-12548,
PRHF-10647
SecureXL NEW: Added tunable kernel parameter "adp_mc_rt_hold_queue_len" to adpkern.conf to eliminate multicast packet drops at the start of a connection (when large bursts of multicast traffic are expected).
PRJ-12019,
PRHF-10097
SecureXL In some scenarios, ACK, FIN, and RST TCP packets may be dropped, causing outages. 
PRJ-11551 SecureXL MCAST packets may be handled incorrectly when promiscuous (tcpdump) mode is enabled for the interface.
PRJ-12175,
PRHF-10228
SecureXL In some scenarios, TCP traffic containing the TCP Fast Open option may be dropped by the Security Gateway.
PRJ-11684,
PRJ-11365
Routing NEW: Performance improvement for multicast packets in SecureXL (fast path) when there are no multicast listeners.
PRJ-12222,
ROUT-856
Routing In some scenarios, routed process stops working when adding an interface to OSPFv3 with a prefix length above 63 and having two or more areas.
PRJ-10734,
PMTR-51475
VSX NEW: Adding bridge interfaces to a regular VS in VSX is allowed via vsx_provisioning_tool by using the below command:
attach bridge vd <vs_name> ifs1 <first_interface_name> ifs2 <second_interface_name>
PRJ-12622,
VSX-2219
VSX In a rare scenario, creating new VSX and pushing configuration may cause the cluster members to crash.
PRJ-13060,
PRHF-10978
VSX When performing a provisioning operation in VSX, process may hang on "Pushing configuration to ...".  Refer to sk167175.
PRJ-12813,
GAIA-7625
Gaia OS The activate_sw_raid utility may fail due to incorrect disk names. 
PRJ-11755,
PMTR-52432
Gaia OS The snmptrap command fails and shows an error related to EngineID.
PRJ-11854,
PMTR-48873
Gaia OS On 15600 appliances, the "service ipmi start" command may fail to start the IPMI Service.
PRJ-10309,
GAIA-6136
Gaia OS Incorrect status may be displayed in Clish for pulled PSU.
PRJ-10273,
PMTR-50151
VPN NEW: 3DES is disabled by default for HTTPS Inspection, Mobile Access Portal, Identity Awareness Portal, ICA Portal, SmartManagement Portal, SecurePlatform WebUI, and Mobile Access curl.
Note: Disabling 3DES will fail 3rd party OPSEC SDK 6.0 clients connectivity. To enable it, refer to sk113114.
PRJ-12102,
VPN-72
VPN NEW: Added Large-scale support for Visitor Mode.
PRJ-12179,
VPNRA-364
VPN Connectivity improvements for Remote Access VPN using Traditional mode.
PRJ-11644,
VPNRA-353
VPN Added Stability improvement for Remote Access VPN.
PRJ-11711,
PRHF-10028
Endpoint Security In SmartEndpoint, Anti-Malware's "Top Infections" report has an empty infection name. Refer to sk166232
PRJ-11825,
PRHF-6365
Endpoint Security Users/devices may not change their locations in the tree according to Active Directory changes when certain special characters appear in the names.
PRJ-11841,
PRHF-9304
Endpoint Security Cannot delete the client MSI package from SmartEndpoint because of previously deleted FDE offline group.
PRJ-11833,
PRHF-8234
Endpoint Security The Endpoint directory scanner may fail to reconnect to the AD if the connection was lost during the scan. 
PRJ-11820,
PRHF-9157
Endpoint Security The default paths for offline folders in SmartEndpoint -> Offline group creation wizard may be incorrect. 
PRJ-11837,
PRHF-10015
Endpoint Security An error in FDE pre-boot users calculation may cause Endpoint to be left in a disconnected state. Refer to sk142313.
PRJ-11145,
PRHF-9706
Endpoint Security Local users may not be displayed under the selected machine in the "Users and Computers tab" in SmartEndpoint. Refer to sk166316.
PRJ-11816,
PRHF-9151
Endpoint Security When a user name is updated in SmartEndpoint, the change may result in an unexpected expiration date. Refer to sk165872.
PRJ-11245,
PRHF-9628
VoIP SIP calls with NAT (SIP packet with no SDP but content-type=sdp) may fail to open correctly.
PRJ-9105,
PRHF-7758
VoIP In a rare scenario, Security gateway crashes when passing SIP traffic. Refer to sk166474.
R80.40 Jumbo HotFix - General Availability Take 48 (published on 21 May 2020, GA from 25 May 2020)
PRJ-12414,
PMTR-52051
Security Gateway In a rare scenario, Security gateway may crash while processing the SMTP traffic due to a memory corruption.
PRJ-12499,
PMTR-52267
SecureXL SCTP Stateful inspection and payload NAT (INIT Chunks) may not work correctly in some scenarios.
PRJ-12738 VPN Some Remote Access clients that do not support Multi-Factor Authentication (MFA) are able to connect to a Security Gateway even though the "Allow older clients" option is disabled. Refer to sk166912.
PRJ-12629,
PRHF-7485
VPN Improved the VPN connectivity with DAIP peers when Tunnel Monitoring is enabled. Refer to sk164933.
PRJ-11369,
PRHF-9804
Gaia OS SNMP Trap may not be sent even though a failover occurred. Refer to sk166100.
PRJ-11829,
PRHF-7087
Endpoint Security SmartEndpoint may export a report to Excel in which incorrect distinguished names appear for deleted users/computers. Refer to sk163943.
R80.40 Jumbo HotFix - Ongoing Take 45 (10 May 2020)
PRJ-8281,
PMTR-36367
Security Management FWM and\or INDEXER processes may repeatedly stop when there are more than ~500K network objects declared. Refer to sk164452.
PRJ-11956,
PMTR-52583
Security Gateway In a rare scenario, Security Gateway may crash due to NULL pointer reference
PRJ-9707,
PRHF-7716
Logging The FWD process may stop working if one of the following changes were made using GuiDBEdit:
  1. Change to log forwarding timing
  2. Change to log switch timing
PRJ-11007,
PRHF-9292
Logging In some scenarios, changes made to Network Objects on the Security Management Server are not reflected in the logs view. Refer to sk166493.
PRJ-10885,
PMTR-51539
Anti-Malware In some scenarios, Microsoft update and other download connections may fail when Strict Hold mode is enabled.
PRJ-11237,
PMTR-42727
VPN Connectivity improvement for VPN over NAT traversal (UDP 4500).
PRJ-11012,
PMTR-46009
Gaia OS NEW: Added support for Jumbo Hotfix installation on Check Point 3800, 6400, 6700, 7000, 16200, 16600HS, 28000 and 28600HS appliances. Refer to sk110052, sk139932 and sk152733.
  • Requires R80.40 SmartConsole Build 396 (or higher).
R80.40 Jumbo HotFix - Ongoing Take 38 (26 April 2020)
PRJ-10631,
PRJ-10629
Installation Firmware upgrade for Small Office appliance using SmartProvisioning in Multi-Domain Management environment may fail.
PRJ-8645,
CPM-2623
Security Management NEW: Performance enhancements while the Management Server is under high load.
PRJ-11118,
PMTR-51778,
PRJ-10995,
PMTR-51743
Security Management NEW: Added ICA Management security enhancements.
PRJ-10473,
PMTR-49832
Security Management In a rare scenario, export from the previous version does not complete because the Postgres dump_all process gets stuck.
PRJ-11722,
PRHF-10059
Security Management Scheduled IPS update operation on the Security Management server may not be triggered after server reboot/restart. Refer to sk166216.
PRJ-10221,
PRHF-7865
Security Management When the user runs the 'add-domain' Web API command on an existing Domain, the original Domain is deleted. 
PRJ-10089,
PMTR-50276
Security Management The cpm_solr process may stop working and cause one of the following:
  • The upgrade of a Management machine may stuck on 58%
  • The Management HA synchronization may fail with "NGM failed to import data" error
  • Users may not be able to log in.
PRJ-10515,
PMTR-36302
Security Management In some scenarios, Check Point services fail to start and the CPM log shows that there are duplicate session aggregators.
PRJ-9323,
PRHF-8494
Security Management In some scenarios, a disconnected SmartView Monitor session appears in SmartConsole with a grayed out 'Disconnect' option, which cannot be discarded. Refer to sk165037
PRJ-9300,
PRHF-8336
Security Management In a rare scenario, the "SmartDashboard component failed to connect to server <IP address>. Please contact technical support" error is displayed in SmartConsole when opening the Management object for editing.
PRJ-11167,
PMTR-51180
Multi-Domain Management In a rare scenario, synchronization between Multi-Domain Management Servers breaks after revisions purge operation. 
PRJ-9699,
PRHF-8593
Multi-Domain Management MLM may open a connection to the reversed IP address of the Multi-Domain Server.
PRJ-10527,
PRHF-8686
Multi-Domain Management Upgrade of Multi-Domain Server may fail if Sync With User Center is running.
PRJ-9241,
PRHF-8077
Multi-Domain Management In some scenarios, secondary MDS or MLM fail to renew a management certificate. Refer to sk164732.
PRJ-11177,
PMTR-51890
Multi-Domain Management In some scenarios, Full synchronization fails in the Global Domain with "Full sync with peer '[Peer Name]' NGM failed to import data" error. Refer to sk145972.
PRJ-11517,
PRHF-9981
Multi-Domain Management In rare scenarios, upgrading the Multi-Domain Server fails to upgrade some Domain Servers with "IllegalArgumentException" in the upgrade log. 
PRJ-10366,
PMTR-51017
Multi-Domain Management After performing Full synchronization or failover of the Global Domain, the following operations may fail (refer to sk145972):
  • Global Domain reassignment
  • IPS or Application Control updates in the Global Domain.
PRJ-9262,
PMTR-49143
Multi-Domain Management Upgrade of Multi-Domain Server may fail when the source version is R80.10 and there is no license configured on the target machine.
PRJ-10531,
PRHF-8581
Multi-Domain Management The mds_import.sh script may fail if the IPS version for a Domain/CMA does not exist on the R80.x Multi-Domain Management Server.
PRJ-10510,
PMTR-50620
Multi-Domain Management In some scenarios, if a Domain is deleted while the user performs a multi-site upgrade from R77.x (before all machines complete the upgrade), some Domains may not be assigned to Admins and Trusted Clients, as before the upgrade. Updating those Admins and Trusted Clients may also fail.
PRJ-10747,
PMTR-50936
Multi-Domain Management In some scenarios, policy installation from the Domain Management Server fails after an mds_backup procedure that was interrupted. Refer to sk165559.
PRJ-11284 Multi-Domain Management Access policy installation may get stuck in a specific scenario in MDS environments. Refer to sk166106.
PRJ-10504,
PMTR-50891
Multi-Domain Management The import-smart-task Management API may fail in the second Domain on the Multi-Domain machine when it is executed with same exported file.
PRJ-9290,
PMTR-49566
SmartConsole NEW Enhancement: Two new flags were added for the performance improvement of Threat Protection API commands: 'show-profiles' and 'show-ips-additional-properties'. The default value for both flags is false.
PRJ-10374,
PRHF-8973
SmartView In some scenarios, after user imports view/report in SmartView, the imported view/report is not shown in the Catalog.
PRJ-10707,
PMTR-45783
SmartProvisioning In some scenarios, after creating a Small Office gateway using LSMCli, some fields in the gateway object on the SmartProvisioning are not populated.
PRJ-9644,
PRHF-4623
Security Gateway NEW: Added support for the bridge configuration when packet is passing via the Security gateway twice.
PRJ-10795,
PMTR-51301
Security Gateway In some scenarios, when a Custom Intelligence Feed is enabled, the Security Gateway may crash.
PRJ-10173 Security Gateway After installing R80.40 Jumbo Hotfix, Dynamic Split is disabled.
PRJ-10207,
PRHF-9508
Security Gateway ICAP Client may not work properly when Threat Extraction blade is enabled.
  • To enable the fix, set the enable_icap_with_strict_hold parameter to 1. 
PRJ-11538 Security Gateway In a rare scenario, Security gateway may crash with vmcore.
PRJ-11531,
MUX-319
Security Gateway In a rare scenario, Security gateway may crash while connection is closed while being held.
PRJ-10887,
PMTR-51247
Security Gateway In a rare scenario, a memory leak may appear in Anti-Virus inspection on SMB protocol.
PRJ-9690,
PMTR-46451
Security Gateway Traffic may be dropped on DAIP gateway after the gateway IP address is changed or the gateway is rebooted. Refer to sk165176.
PRJ-8657 Security Gateway In a rare scenario, creating a Virtual Switch can lead to crash.
PRJ-9835,
PMTR-48719
Security Gateway When ISP Redundancy is configured on a cluster, the backup ISP link status may show as down even though the link is up.
PRJ-10283,
PMTR-50683
Anti-Malware NEW: Added support to allow Threat Extraction to scan a file download in additional scenarios.
PRJ-10758,
IDA-2866
Identity Awareness In some scenarios, multiple "idapi_load_data_impl: session id <Session ID> not found in client_db, although ip <Session IP> was assigned to it" errors appear in /var/log/messages file. Refer to sk167174.
PRJ-10387,
IDA-2719
Identity Awareness In a rare scenario, identity session groups and access roles may disappear following a policy installation. 
PRJ-10085,
PMTR-50594
Content Awareness Added ability not to drop the connections if the files are downloaded with HTTP 206 out of range.
PRJ-10856,
PRHF-1898
Application Control NEW: Gateway status will reflect Application Control and URL Filtering updates.
PRJ-9935,
PMTR-49938
HTTPS Inspection In some scenarios, when the minimum version of HTTPS Inspection is set to TLS 1.1, some websites may stop working. Refer to sk165555
PRJ-10738,
PRHF-9265
SSL Inspection In a rare scenario, a memory leak may appear when SSL inspection is enabled.
PRJ-10940,
PMTR-51681
IPS In a rare scenario, the fw_full process may stop working. 
PRJ-10970,
SWG-2484
DLP NEW: Reading and sending files from the registry by DLP was optimized.
PRJ-9694,
PRHF-8503
DLP In some scenarios, DLP prints wrong error message in the log.
PRJ-9329,
PRHF-8152
DLP Improved the scanning time of files for some scenarios in SMTP and HTTP/S.
PRJ-9436 DLP In a rare scenario, the dlpu process, a component in Anti-Virus and Threat Emulation, may stop working. 
PRJ-9775,
PRHF-8847
DLP In some scenarios for SMTP, when an internal user sends an email, the DLP logs may show the topology as "external to external" instead of "internal to internal".
PRJ-11023,
PRHF-3767
ClusterXL Active VRRP cluster member may not show full accounting information in logs. Refer to sk159432.
PRJ-10235,
PMTR-51942
SecureXL Policy installation may fail with "Error code 0-2000240" when Drop templates option is enabled. Refer to sk165716.
PRJ-10000,
PRHF-5120
SecureXL UPDATE: Improved TCP state inspection for "Smart Connection Reuse" feature.
PRJ-9828,
PMTR-50294
SecureXL In some scenarios, SYN Defender cookie validation may fail.
PRJ-8977 SecureXL When PIM-SM multicast routing transitions from RPT to SPT, packets may be dropped or become out-of-order.
PRJ-8774,
PMTR-48255
SecureXL In some scenarios, held packets are incorrectly reported to the penalty box.
PRJ-8916,
PRJ-8890
SecureXL In some scenarios, multicast packets arrive to the Security gateway in order, but leave out-of-order.
PRJ-9972,
SL-3551
Logging In a Multi-Domain environment, one or more CMA's SMARTLOG_SERVER processes may fail to start after upgrade. Refer to sk165262.
PRJ-11364,
PMTR-51655
Logging In a rare scenario, the CPD process on a Security Management Server that manages R77.30 Security Gateway may stop working.
PRJ-11846,
SL-3728
Logging Log exporter process may stop working after enabling export of log attachment IDs.
PRJ-9957,
PRHF-897
VoIP In some scenarios, UA traffic is dropped when packet contains more than 9 UA's. Refer to sk135114.
PRJ-11036,
PMTR-36437
VPN In some scenarios, VPN traffic distribution change may cause high CPU consumption on one CPU core. Refer to sk165853.
PRJ-9587,
PRHF-7681
VPN In a rare scenario, vpnd process stops working due to Segmentation fault. 
PRJ-10558,
VPNS2S-938
VPN Improved the VPN Site-to-Site tunnel establishment scenario with IKEv2.
PRJ-8726 VPN In some scenarios, vpnd cores may be generated sporadically during boot time/cluster failovers on the Cluster Standby Member. 
PRJ-10391,
PRHF-1053
VPN In a rare scenario, vpnd process stops working due to issue in IKEv2 flow.
PRJ-9586
PRHF-7485
VPN Improved the VPN Connectivity with DAIP peers. Refer to sk164933
PRJ-9911,
PMTR-43850
VPN Improved stability of VPN traffic on VSX Gateway.
PRJ-11017,
PMTR-51126
Gaia OS In a rare scenario, Security gateway may crash when SSH Deep Packet Inspection (SSH DPI) is enabled.
PRJ-10075,
PRJ-10452
Gaia OS The "show asset all" command displays the total number of cores  instead of the online number of cores, even if the Hyper-Threading is disabled.
PRJ-11536,
PRHF-9858
Gaia OS In some scenarios the snmpd process floods /var/log/messages with errors regarding parsing voltage sensor value. 
PRJ-9131,
PMTR-49209
Endpoint Security Endpoint Standalone Remote Help Server may not start syncing automatically on the first connect.
PRJ-10120,
PRJ-9633
Compliance In some scenarios, database import on single Domain machines where the Compliance blade is activated fails, and as a result, the FWM process stops working after the import.
PRJ-10868,
VSECC-1119
CloudGuard IaaS In a rare scenario, the OpenStack Data Center becomes unresponsive, resulting in a loss of updates to the Security Gateway. 
PRJ-10914,
VSECC-1222
CloudGuard IaaS When an Azure subnet is missing its prefix attribute, the Microsoft Azure Data Center may fail to poll data, resulting in a loss of updates to the Security gateway.
PRJ-11026,
VSECC-1231
CloudGuard IaaS When an Azure Virtual Network Interface is missing its properties' primary attribute, the Microsoft Azure Data Center may fail to poll data, resulting in a loss of updates to the Security gateway.
PRJ-10903,
PMTR-22709
VSX In VSX cluster with VMAC mode, traffic may not pass through VSX Cluster members. Refer to sk138894.
R80.40 Jumbo HotFix - Ongoing Take 25 (16 March 2020)
- General NEW: Added support for Security Gateway running on Open Servers.
PRJ-9090,
PRHF-8266
Security Management In a rare scenario, when an environment has many Gateways (dozens), the FWM daemon may stop working when 4 GB of memory is reached. Refer to sk165015.
PRJ-8409,
PMTR-46703
Security Management In some scenarios, when the user modifies a policy rule and creates a section above it in the same session, the log tracker shows that the rule was created instead of modified.
PRJ-8406,
PRHF-7874
Security Management In some scenarios, the exported database may be very large and include redundant data.
PRJ-9312,
PRHF-7728
Security Management The "Unused Objects" filter in Object Explorer may display a failure message if there are more than 20000 unused objects.
  • A limit was added so that only the first 5000 objects will be displayed.
PRJ-9215,
PRHF-8370
Security Management Logging into SmartConsole to the Standby Management Server with a Radius or TACACS user may fail after changing the shared secret on the Radius or TACACS object. 
PRJ-9266,
PMTR-49516
Security Management Policy verification may fail after the user does the following steps: Configures specific install targets for a policy, publishes them, changes the install targets back to "All Gateways", and tries to install them on a Gateway which is not in the original list of targets.
PRJ-9398,
PMTR-44668
Security Management In a rare scenario, the FWM process will utilize 100% CPU, and connections to SmartConsole may fail.
PRJ-8794,
VPNRA-316
Security Management Improved the Access Control Policy installation time for environments with high amount of objects and enabled IPSEC VPN blade. Refer to sk166321.
PRJ-6936 SmartConsole NEW: Added R80.30SP to the list of versions for supported hardware.
PRJ-9080,
API-864
SmartConsole In some scenarios, the Management Server may stop working following authenticated API commands to create or update objects with extremely long comments.
PRJ-9466,
PMTR-49817
SmartConsole In some scenarios, when the user attempts to delete a Gateway / Cluster member, an error message may appear and the operation may not complete successfully.
PRJ-8753 SmartConsole In some scenarios, on a Global domain, when the user sets a logging option of an IPS protection whose activation is Detect or Prevent, the activation of the protection is set to "Inactive" on the local domain after an Assign Global Policy operation. 
PRJ-9544 SmartConsole When the user invokes the 'show-access-layer' API command, the parent layer may be missing from the output result.
PRJ-9977,
PRJ-9968
Security Gateway In a rare scenario, a non-HTTP traffic on port TCP/80 is dropped.
PRJ-9052,
PRHF-8288
Security Gateway Global connections may not be freed correctly when the Gateway acts as a Proxy.
PRJ-8275 Security Gateway In some scenarios, a Security policy installation fails during high CPU utilization.
PRJ-10345,
PMTR-49504
Security Gateway In a rare scenario, after upgrading a Security Gateway to R80.40, the log_indexer process running on the Log server may consume 100% CPU and cause the indexing backlog.
PRJ-9446,
PRJ-9416
Security Gateway Added logs for packets that include invalid TCP options. This feature is off by default.
PRJ-9898,
PMTR-50302
Security Gateway In a rare scenario, the Citrix server communication may fail.
PRJ-10480,
PRHF-9188
Security Gateway In some scenarios, Accounting log shows a wrong total packets value.
PRJ-8884,
PRHF-7048
Security Gateway In a rare scenario, Security gateway may crash when activating a web parsing debug.
PRJ-9900,
PMTR-50431
Security Gateway In a rare scenario, when the web server is defined, policy installation fails with "Error code 0-20000111".
PRJ-8861,
PRJ-8880
IPS In a rare scenario, Security gateway may crash due to NULL pointer reference.
PRJ-9450,
PRHF-8530
IPS,
VSX
In some scenarios, SmartConsole shows "No license" and "Contract is expired" for IPS blade in VSX. Refer to sk164917.
PRJ-9395,
PMTR-49565
Identity Awareness Performance improvement in the automatic LDAP group update feature.
PRJ-7201,
PMTR-23406
SSL Inspection NEW: Added support for proxy configuration when downloading CRL from a VSX device. Refer to sk151115
PRJ-8498,
PRHF-7875
Logging Added "Resource", "Application Risk", "Application Name" and "Application Category" fields to the exported CSV file. 
PRJ-8548 Logging NEW: Log Exporter feature exports log attachment identifiers and adds the ability to fetch them through the Management API command.
PRJ-8683,
PRHF-7856
Logging In some scenarios, Threat Emulation Logs cannot be viewed in the logging or reporting views because of a certain format of the "file size" field sent from the Security gateway. Refer to sk166997.
PRJ-9075,
PRHF-8337
Routing In some scenarios, a corrupted BGP AS4_PATH attribute value may result in an invalid, long BGP update that is rejected by the BGP peer.
PRJ-9129,
PMTR-46873
SecureXL NEW: Added acceleration support for Ethernet Over IP Tunneling (EOIP). EOIP is RFC 3378 protocol # 97 used between Wireless AP and Wireless Cisco controller. 
PRJ-10197,
PMTR-50836
Gaia OS CVE-2020-8597: pppd is vulnerable to buffer overflow. Refer to sk165875.
PRJ-8583,
PMTR-48127
Gaia OS Multi-Queue configuration cannot be assigned to interfaces that use the "mlx5_core" driver (to check, run the "ethtool -i <name of interface>" command).
PRJ-9357,
PRJ-9318
Gaia OS On 3600 and 3600T appliances, alarm led turns on if one of the PSU is disconnected. Refer to sk166000.
PRJ-8142 CloudGuard IaaS NEW: Added support for Data Center objects with ClusterXL configured in Active/Active mode.
PRJ-8570,
PMTR-49970
CloudGuard IaaS The Management API add-data-center-server for vCenter Data Center uses the "unsafe-auto-accept" parameter with default value set to false. In some scenarios, this setting causes the opposite behavior.

 

Installation instructions

Procedure:

  • Show / Hide instructions for installation in Gaia Portal - using CPUSE (Check Point Update Service Engine)

    • Offline installation

      Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").

      1. Install the latest build of CPUSE Agent from sk92449.
      2. Connect to the Gaia Portal on your Check Point machine and navigate to Upgrades (CPUSE) section - click on Status and Actions.
      3. In the upper right corner, click on the Import Package button.
      4. In the Import Package window, click on Browse... - select the CPUSE package (either offline TGZ file, or exported TAR file) - click on Import.
      5. Above the list of all software packages, click on the Showing Recommended packages button - select All.
      6. Select the imported package Check Point R80.40 Jumbo hotfix T<number> for sk165456 - click on More button on the toolbar - click on Verifier (or right-click on the package and click on Verifier).
      7. Select this package and click on Install Update button on the toolbar.


  • Show / Hide instructions for installation in Gaia Clish - using CPUSE (Check Point Update Service Engine)

    For detailed installation instructions, refer to CPUSE - Gaia Software Updates (including Gaia Software Updates Agent) - section "(4) How to work with CPUSE".

    • Offline installation

      Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").

      1. Install the latest build of CPUSE Agent from sk92449.
      2. Connect to command line on target Gaia OS.
      3. Log in to Clish.
      4. Acquire the lock over Gaia configuration database:
        HostName:0> lock database override
      5. Import the package from the hard disk:
        HostName:0> installer import local <Full_Path>/<Package_File_Name>.TGZ_or_TAR
      6. Show the imported packages:
        Note: Refer to the top section "Hotfixes" - refer to "Check Point R80.40 Jumbo hotfix T<number> for sk165456"
        HostName:0> show installer packages imported
      7. Verify that this R80 Jumbo Hotfix Accumulator package can be installed without conflicts:
        HostName:0> installer verify <Package_Number>
      8. Install the imported package:
        HostName:0> installer install <Package_Number>

 

Uninstall instructions

Important Note: This Jumbo Hotfix Accumulator removes all its packages during uninstall.

    Procedure:

     

     

    List of upcoming resolved issues

    The below issues are planned to be addressed in our future Jumbo Hotfix Takes. The list is not final and may be changed.

    ID Product Description
    PRJ-15565,
    PRHF-12170
    Security Management NEW: In some scenarios, modifying or deleting objects in bulk may cause slowness in SmartConsole responses and long duration of operations. Ability to improve performance in such cases was added.
    PRJ-14597,
    PMTR-48628
    Security Management In some scenarios, Read-Only sessions appear twice in the Sessions view.
    PRJ-13851 Security Management In some scenarios, the Security Management Server's startup takes a very long time after editing or deleting many Administrators.
    PRJ-16643,
    PMTR-58309
    Multi-Domain Management In some scenarios, Domain Management Server is shown in System Domain under Domains View even though it was deleted.
    PRJ-17023,
    PMTR-58167
    Multi-Domain Management On MDS environment with Global VPN Community usage, policy installation mail fail with "Internal error" message after upgrade.
    PRJ-13796,
    PMTR-43231
    Multi-Domain Management In a Multi-Domain Server, domain-related processes may not start when the user runs "evstop" and then "evstart". 
    PRJ-17070,
    PMTR-59232
    Multi-Domain Management In some scenarios, Domain appears in the System Domain without any Domain Servers.
    PRJ-12246,
    PRHF-10477
    Multi-Domain Management In some scenarios, a Global Administrator connected to the Logging and Monitoring view in MDS cannot see auto-complete suggestions when typing in the logs search box.
    PRJ-17003,
    PMTR-48331
    SmartConsole When using SmartConsole CLI, the application may unexpectedly terminate if the input has quotation marks that are not closed. 
    PRJ-9661,
    PRHF-8304
    SmartConsole In rare scenarios, Access policy installation may be incorrectly blocked. A verification incorrectly states that HTTPS Inspection rules do not contain 'Any' or 'Application/Site' objects in the Site Category column, even though they do.
    PRJ-16062,
    PRHF-12395
    SmartConsole In some scenarios, certain Gateways do not appear in the IPS Core protections list.
    PRJ-16468,
    PRHF-11438
    SmartConsole Update corporate Gateway procedure takes a long time and may cause login issues and general slowness in the Provisioning GUI.
    PRJ-16891,
    PMTR-59093
    SmartView In SmartView, after adding a new page to a report, the preview page appears to have no data although it has (this data appears in the Edit Mode).
    PRJ-16433,
    PMTR-53663
    SmartView In SmartView's GDPR Report, some of the text appears in German although the selected language is not German.
    PRJ-16999,
    PMTR-59317
    Logging UPDATE: Added ability to filter Threat Prevention and Endpoint logs by file size on a Log server machine via Logs & Monitor view in SmartConsole.
    PRJ-13350,
    PMTR-54708
    Logging In some scenarios, when the user configures the log exporter filter with the “cp_log_export” command (action, origin, product), the filter is not configured properly according to the used format.
    PRJ-13623,
    PRHF-11057
    Logging Leef format is not certified with IBM causing the following issues:
    • Wrong header and wrong value in "cat" field.
    • Duplicate product values in "cat" field.
    • Exported logs contain fields with the same name.
    PRJ-17313,
    PMTR-59182
    Security Gateway In rare scenarios, Security Gateway memory consumption may increase.
    PRJ-17088,
    PRHF-13025
    Security Gateway When using a routing separation, syslogd does not move to the management plane.
    PRJ-11293,
    PRHF-8491
    Security Gateway Unused OIDs may appear in SNMP MIB file.
    PRJ-17008,
    PMTR-55179
    Security Gateway In some scenarios, user cannot view logs in the Log Server.
    PRJ-16090,
    PRJ-13567
    Security Gateway In some scenarios, policy installation fails with "Error code 0-2000121".
    PRJ-16666,
    PRHF-12727
    Security Gateway Security Gateway running in USFW mode (User-Mode Firewall) may crash with fwk core dump. 
    PRJ-17200,
    PMTR-59565
    HTTPS Inspection In a rare scenario, a connection remains open after it is closed by the server, and the web browser may load a page for a long time.
    PRJ-15977,
    PMTR-57915
    UserCheck In some scenarios, the UserCheck daemon usrchkd may stop working. 
    PRJ-17451,
    PRHF-13029
    SecureXL In some scenarios, CPView may show incorrect statistics for VPN encrypted/decrypted packets.
    PRJ-9564,
    PRHF-9919
    SecureXL In a rare scenario, Security gateway may crash when the Drop Template feature is enabled.
    PRJ-15820,
    PRHF-12144
    VPN NEW: Performance improvement of VPN tunnel when using SHA-384.
    PRJ-16866,
    PMTR-55844
    VPN Software Blade name inconsistency between login and logout logs of an SNX client.
    PRJ-17330,
    PRHF-12973
    VPN Added VPN IKEv2 improvements.
    PRJ-16722,
    PMTR-57565
    VPN Remote Access potential connectivity issue when there are more than 1 external interfaces.
    PRJ-12771,
    PRHF-10314
    VPN In some scenarios, RADIUS authentication may take more than five minutes to be fulfilled with Endpoint Clients, reaching connection timeout on the Gateway side.
    PRJ-15466,
    PMTR-56502
    Gaia OS "show asset" command shows the Network card model CPAC-4-1C instead of CPAC-4-1C-L.
    PRJ-16259,
    PRHF-5016
    Gaia OS A Timestamp in Unix/Epoch time may not be updated when the user changes a password using hash.
    PRJ-14315,
    PRHF-11752
    Gaia OS In rare scenarios, gateway uptime in SmartConsole may show an abnormally high number.
    PRJ-16600,
    PRHF-12083
    Endpoint Security In some scenarios, Policy server stops syncing with the Endpoint Security Server.

     

      

    Revision History

    Show / Hide revision history

    Date Description
    20 Oct 2020 Added PRJ-8142 to Take 25
    14 Oct 2020 Published List of upcoming resolved issues
    04 Oct 2020
    • Released Take 83 of R80.40 Jumbo Hotfix Accumulator
    • SmartConsole package has been updated to Build 411
    09 Sep 2020 Take 78 of R80.40 Jumbo Hotfix Accumulator moved to General Availability
    26 Aug 2020
    • Released Take 78 of R80.40 Jumbo Hotfix Accumulator
    • SmartConsole package has been updated to Build 410
    25 Aug 2020 Take 77 of R80.40 Jumbo Hotfix Accumulator moved to General Availability
    18 Aug 2020 Released Take 77 of R80.40 Jumbo Hotfix Accumulator
    05 Aug 2020 Released Take 74 of R80.40 Jumbo Hotfix Accumulator
    03 Aug 2020 Updated the Important Notes section
    27 Jul 2020
    • Released Take 69 of R80.40 Jumbo Hotfix Accumulator
    • Take 67 of R80.40 Jumbo Hotfix Accumulator moved to General Availability
    • SmartConsole package has been updated to Build 407
    19 Jul 2020 Released Take 65 of R80.40 Jumbo Hotfix Accumulator
    02 Jul 2020 Published List of upcoming resolved issues
    30 Jun 2020 Released Take 55 of R80.40 Jumbo Hotfix Accumulator
    24 Jun 2020 Released Take 54 of R80.40 Jumbo Hotfix Accumulator
    15 Jun 2020
    • Released Take 53 of R80.40 Jumbo Hotfix Accumulator
    • SmartConsole package has been updated to Build 398
    26 May 2020 Published List of upcoming resolved issues
    25 May 2020 Take 48 of R80.40 Jumbo Hotfix Accumulator moved to General Availability
    21 May 2020 Released Take 48 of R80.40 Jumbo Hotfix Accumulator
    10 May 2020
    • Released Take 45 of R80.40 Jumbo Hotfix Accumulator
    • SmartConsole package has been updated to Build 396
    26 Apr 2020
    • Released Take 38 of R80.40 Jumbo Hotfix Accumulator
    • SmartConsole package has been updated to Build 40
    16 Mar 2020 First release of R80.40 Jumbo Hotfix Accumulator - Take 25

    Give us Feedback
    Please rate this document
    [1=Worst,5=Best]
    Comment