Support Center > Search Results > SecureKnowledge Details
Jumbo Hotfix Accumulator for R80.40 (R80_40_jumbo_hf) Technical Level
Solution
Click Here to Show the Entire Article

Availability | Important Notes| List of resolved issues | Installation instructions | Uninstall instructions | Revision History

 

Introduction

R80.40 Jumbo Hotfix Accumulator is an accumulation of stability and quality fixes resolving multiple issues in different products.

This Incremental Hotfix and this article are periodically updated with new fixes.

The list below describes each resolved issue and provides the Take number which includes the fix. A resolved issue is included in the Incremental Hotfix starting from the Take number listed in this table (inclusive). In addition, the table includes the date the take was published. List of files replaced by this Jumbo Hotfix Accumulator can be provided upon request by Check Point Support.

The Jumbo Hotfix Accumulator supports these products and configurations: Security Gateway, Security Management Server, Multi-Domain Management Server, Log Server, Multi-Domain Log Server, SmartEvent Server, Endpoint Security Server, VSX and Cluster.

  • Install this Jumbo Hotfix Accumulator only after you successfully complete the Gaia First Time Configuration Wizard and reboot.
  • For CPUSE installation, use the latest Deployment Agent build (refer to sk92449).
  • We recommend to install Jumbo Hotfix Accumulator on all R80.40 devices. Refer to R80.40 Release Notes for the list of supported environments.

Also refer to sk98028 - Jumbo Hotfix Accumulator FAQ.

Support for Security Gateways Running on Open Servers

R80.40 Jumbo Hotfix Accumulator provides support for Security Gateways configurations running on Open Servers.
For an Existing Security Gateway running on Open Servers, a Blink image consisting of R80.40 GA image (Take 294) and R80.40 Jumbo Hotfix is available in the Download section below. For VSX and Standalone configurations, see sk168114.

For Freshly installed Open Servers, first use the R80.40 ISO image from the R80.40 Home page and then, before placing the machine into the production environment, install the R80.40 Jumbo Hotfix package from the below table (not the Blink image).

The R80.40 ISO image (Take 294) and the R80.40 image included in the Blink image are identical.


Availability

  • General Availability Take

    Take_118 is the latest R80.40 Jumbo Hotfix Accumulator General Availability release that can be directly downloaded from Check Point Cloud using CPUSE and from this article:

    Product Take Date CPUSE Offline package SmartConsole package
    Security Management and Security Gateway
    Jumbo HF Take_118 10 May 2021 (TGZ) (EXE)
    Build 423
    Blink Image for Security Gateway and Open Server 
    Clean Install / Upgrade
    R80.40 GA Take 294 + Jumbo HF Take_118
    25 May 2021 (TGZ)
    Blink Image for Security Management - Clean Install / Upgrade  (TGZ)
    Blink Image for Multi-Domain Management
    Clean Install 
    (TGZ)

    • On April 25, 2021, the SmartConsole package has been updated to Build 423.
    • For Gaia Fast Deployment mechanism "Blink", refer to sk120193.
    • Blink image for the secondary Multi-Domain Management  and Multi-Domain Log Module (MLM) is available starting from R80.40 Jumbo Hotfix Take 118.
    • List of appliance models with the dedicated Blink image

 



Take 118 | Take 114 | Take 102 | Take 100 | Take 94 | List of upcoming resolved issues



Important Notes

  • Before you perform an upgrade, refer to sk164258 to check the compatibility of Jumbo Hotfix Takes between different releases.
  • For information about Jumbo Hotfix support on different appliances, refer to sk166536.
  • For Azure customers, we recommend to install Jumbo Hotfix Take 89 or higher due to Microsoft certificate change. 
  • Starting from Take 91, update to Domain server may fail with the “<IP> is already used by“ message. For more information, refer to sk171916. The fix is included in Take 100.
  • Starting from R80.40 Jumbo Hotfix Take 83, any manual change of $FWDIR/conf/rad_conf.C file may be overridden by the next Jumbo Hotfix installation. If you edited this file manually, refer to sk163793 and follow the instructions on how to keep your manual changes.
  • If you install Jumbo Hotfix on a cluster with enabled Identity Awareness, refer to sk170516 to see the procedure Check Point recommends following the installation. 
  • If you already use Mobile Access with SAML, starting from Take 114 of R80.40 Jumbo Hotfix, you must add a new prefix to all SAML groups in SmartConsole. For more information, refer to sk173223.
  • Starting from Take 100, many "dst_release: dst:ffff88052d4c68c0 refcnt:-480" messages may appear in dmesg and possibly impact system performance. This issue is limited to CPAS Connections, as SSL Inspection/Proxy/TE or TEX are activated/Anti-Virus deep scan is enabled. The fix is included in Take 118.
  • Starting from Take 114, user may fail to run any dynamic routing or install any static routes, including the default route. The fix is included in Take 118.

 

List of Resolved issues and New Features per HotFix Take


ID Product Description
R80.40 Jumbo HotFix - General Availability Take 118 (10 May 2021, GA from 25 May 2021)
PRJ-25688,
PRJ-25524
Security Gateway In some scenarios, "dst_release: dst:ffff88052d4c68c0 refcnt:-480" messages may be printed in dmesg regarding HTTPS traffic when SSL Inspection blade is enabled.
PRJ-25944,
CLUS-1804
ClusterXL In some scenarios, the user cannot run any dynamic routing or install any static routes, including the default route.
PRJ-25396 Gaia OS When using routing separation and configuring interface in Clish the "Can't read "NSID": no such variable" error may be displayed. Refer to sk173364.
R80.40 Jumbo HotFix - Ongoing Take 114 (25 April 2021)
PRJ-22315,
PRJ-22314
Security Management NEW: Performance improvement of Management High Availability Full Sync.
PRJ-21248,
PMTR-62918
Security Management In some scenarios, the log file of PostgreSQL (postgres.elg) may become very large.
PRJ-22441,
PRHF-15754
Security Management Upgrade or migration from R80.10 and lower to R80.20 and higher may fail with "Scheme adjustment had failed" error in logs. Refer to sk172003.
PRJ-23543,
PMTR-66182
Security Management In some scenarios, HA sync in a Multi-Domain environment may fail with the "Failed to import data" error message after the user creates new Permission Roles.
PRJ-17233,
PRHF-12911
Security Management In some scenarios, Apache does not start and shows a "No space left on device" message if the user runs "cprestart" frequently.
PRJ-21179,
PMTR-63358
Security Management In rare scenarios, logout of a Session fails with error: "An internal error has occurred".
PRJ-22211,
PMTR-61168
Security Management In rare scenarios, concurrent update operations performed by several administrators on the Management Server may fail.
PRJ-13071,
PRHF-11089
Security Management In rare scenarios, during a Global Policy Reassignment, the Management Server may stop working and fail to start again.
PRJ-14246,
SMCUPG-1375
Security Management In some scenarios, a Domain migration may fail during the Access Policy import with the "Object not found" error in cpm.elg file.
PRJ-22130,
PMTR-61861
Security Management In a rare scenario, Management HA synchronization fails after the Purge Revisions operation.
PRJ-22123,
PMTR-61785
Security Management Running override_server_setting.sh may not update settings correctly when updating a setting multiple times.
PRJ-21179,
PMTR-63358
Security Management In rare scenarios, logout from a session fails with "An internal error has occurred" message.
PRJ-23159,
PMTR-64136
Multi-Domain Management UPDATE: Added stabilization improvement for Assign and Reassign Global Policy operations.
PRJ-22632,
PMTR-62650
Multi-Domain Management UPDATE: Improved the Domain Management Server and Domain Log Server creation and deletion operations.
PRJ-22138,
PMTR-64481
Multi-Domain Management A Multi-Domain Server with dozens of Domains may take a long time to start. 
PRJ-22578,
SMCUPG-1625
Multi-Domain Management In some scenarios, HA Full Sync on the System Domain fails after upgrade on a Multi-Site environment with multiple Multi-Domain Servers. Refer to sk171059.
PRJ-21912,
PMTR-64572
Multi-Domain Management In some scenarios, installation of Jumbo Hotfix on Multi-Domain Server may fail after running restore from backup.
PRJ-19499,
PMTR-61526
SmartConsole "The object specified in 'Always send alerts to' field, has no active 'Logging & Status' blade" error may be displayed after running the "add-simple-gateway" command in Management HA environments where one of the Security Management servers has the "Logging & Status" blade disabled. Refer to sk172226.
PRJ-17276,
PMTR-59746
SmartConsole The "Recent Tasks" view allows only Super Users to view other administrators' tasks.
PRJ-21623,
PRHF-15156
SmartConsole In some scenarios, FWM process logs show Provisioning/LSM activity even though LSM is not in use. Refer to sk171905.
PRJ-22221,
PMTR-32568
SmartConsole In some scenarios, a validation warning may appear on an updatable object with the following message: "Object is no longer supported. Enforcing security for this object is not possible." However, the object is still available in the updatable objects picker.
PRJ-18886 CPView CPView shows "N/A" for speed values of some network cards.
PRJ-16052,
PRHF-11884
Compliance Deactivated Compliance Best Practices appear in the Compliance report.
PRJ-14102,
PRHF-11595
Compliance Compliance Blade may not scan inline layers for Application Control and URL Filtering best practices.
PRJ-20775,
PRHF-13197
Compliance In some scenarios, an incorrect Compliance status for Gaia OS Best Practices is displayed.
PRJ-21181,
PMTR-61750
Logging NEW: Resource pools for log queries and report generation have been separated to ensure query responsiveness while multiple reports are generated. 
PRJ-22185,
PMTR-58496
Logging In SmartView, when the user exports multiple PDF/CSV/Templates of the same view/report at the exact same time, the second export to complete may overwrite the first one.
PRJ-20620,
PRHF-14608
Logging In SmartView, when filtering with specific time filters, the result may include more logs than was requested.
PRJ-23415,
PMTR-60082
Logging In SmartView's "Cyber Attack View - Endpoint", the widgets Active/Dormant Attacks and Cleaned/Blocked Attacks show clean hosts as infected (false positive results).
PRJ-21375,
PMTR-63927
Logging In some scenarios, in Multi-Domain servers with many domains, the Solr process for logs may unexpectedly stop working.
PRJ-18559,
PRHF-13614
Logging In the "Logs" view in SmartConsole, when the query filter contains "time:yesterday" as a literal, the query fails with a "Query resolution failed" error. The pre-defined time filter "Yesterday" shows results from today. Refer to sk170999
PRJ-22249,
PMTR-65133
Logging In some scenarios, in the "Views and Reports" of SmartView, it is not possible to use the field "Roles".
PRJ-21145,
PMTR-51637
Logging In SmartView, when opening a log card popup in lower resolutions, the text in the header may be cut off. 
PRJ-15368,
PMTR-57068
Logging When limiting access to SmartView using the "GUI clients" configuration file with netmask 0.0.0.0/0.0.0.0 or if "Any" is defined twice, opening a new SmartView tab in SmartConsole may indefinitely show "Loading SmartView...". Refer to sk167653.
PRJ-23156,
PMTR-62454
Logging When viewing an Access log card that was matched on both a Network layer (firewall) rule and an Application layer rule, and both actions are "Accept", the application layer rule will be presented in the card instead of the network layer rule.
PRJ-15784,
PRHF-11889
Logging In SmartView, when the user exports a container widget with charts to PDF, some data may be missing, and the charts may be shown in a distorted manner.
PRJ-17119,
PMTR-59484
Logging In SmartView, chart and timeline widgets may show a "Query Failed" error.
PRJ-21902,
PMTR-64675
Security Gateway NEW: Added new troubleshooting tool to cplic command for Entitlement manager.
PRJ-20960,
PMTR-61684
Security Gateway NEW: In a Management Data Plane Separation (MDPS) environment, each plane has its own configuration. Run these commands in each plane:
  • save configuration <Name of Script>
  • load configuration <Name of Script>
PRJ-23394,
PRHF-15802
Security Gateway Added support for “Other” services configured with IP protocol, but without advanced “Match” expression.
PRJ-22933,
PRHF-13912
Security Gateway When using "User Alert 3" in the code alert, cosmetic error "FW-1: fwdrv_get_string_id_from_code: illegal parameters for code 8" appears in the /var/log/messages file.
PRJ-19358,
PRHF-14127
Security Gateway In a rare scenario, FWK process may stop working while passing TLS traffic, resulting in a cluster fail-over.
PRJ-21612,
PRHF-14715
Security Gateway Security Gateway may crash when "Categorize HTTPS Websites" feature is enabled and categorization mode is set to "Hold".
PRJ-22373,
PRHF-15705
Security Gateway In some scenarios, the Security Gateway attempts to access the Management Server via the Management's NAT IP address (defined in the "NAT" section in SmartConsole), while it is reachable only via the main IP address (defined in the "General Properties" section).
PRJ-19800,
PMTR-60336
Security Gateway Improved the policy enforcement of the ZIP archive inner files.
PRJ-23101,
PRHF-13417
Security Gateway The connection may not exist in SecureXL connection table when configuring Smart Connection Reuse kernel parameters and allow out of state TCP packets.
PRJ-19412,
PMTR-60877
Security Gateway The "new-conn-rate" DOS/Rate limiting rules may not be enforced in usermode when enforcement for internal interfaces is disabled.
PRJ-22455,
PMTR-64448
Security Gateway In a rare scenario, Security gateway may crash with fwk and fwk_wd core dump files.
PRJ-21055,
PRHF-15024
Security Gateway In a rare scenario, Fast Accel logs are sent although they are disabled on the matched rule. Refer to sk171336.
PRJ-21836,
PMTR-63900
Security Gateway "up_fw_module_load_commit: failed to load" error may be displayed in dmesg during cpstart or policy installation.
PRJ-21011,
PRHF-15031
Security Gateway In a rare scenario, Security gateway may crash when using non-FQDN domains in Access policy.
PRJ-22081,
PMTR-64650
Internal CA In a rare scenario, "This operation is not supported on STANDBY members" message is displayed and the cpca_client process stops working when trying to renew a certificate on a standby Domain.
PRJ-21296,
PMTR-63495
URL Filtering UPDATE: Improved RAD event output to provide additional information on events, such as detailed timing. This update also activates the retry mechanism by default.
PRJ-23295,
PRJ-23297
IPS UPDATE: Added support for PM statistics when IPS is disabled.
PRJ-14542,
PMTR-52079
IPS UPDATE: Exceptions are now enforced for these IPS protections:
  • ASCII Request Response
  • ASCII Response Response
  • HTTP Header Patterns
  • HTTP URL Patterns
  • CIFS File Patterns
Refer to sk166222
PRJ-20376,
PRHF-15059
IPS In some scenarios, the "[ERROR]: kfunc_cmik_loader_execute_dyn_ctx: cmi_match_env is NULL" error may appear in /var/log/messages file.
PRJ-22515,
PMTR-65461
IPS Proxy source IP address is not printed in the IPS logs.
PRJ-23189,
PRHF-15832
IPS In rare scenarios, Security gateway may crash. 
PRJ-21278,
PMTR-60297
Threat Prevention Removed the "beta" label from SSH DPI's SSH server identification string.
PRJ-22021,
PMTR-63963
Threat Prevention In rare scenarios, the Threat Prevention Blade Exception used for performance optimization does not work as expected.
PRJ-21304 Identity Awareness NEW: Added support for SAML authentication method for Remote Access VPN. Refer to sk172909 for configuration instructions.
  • Requires R80.40 SmartConsole Build 423 (or higher).
PRJ-23517,
PMTR-20344
Application Control The fw_full (fwd daemon) stops working producing a core dump fila and causing a cluster failover.
PRJ-17388,
PMTR-56183
Application Control Improved browsing speed for certain HTTP/2 sites.
PRJ-21710,
PMTR-64263
SSL Inspection In rare scenarios, a memory leak may occur in a crypto module.
PRJ-19587,
PMTR-57233
SSL Inspection In some scenarios, the wstlsd process may stop working when browsing to certain websites.
PRJ-19782,
PMTR-58480
SSL Inspection A memory leak may occur during policy installation. 
PRJ-21990,
PMTR-64780
SSL Inspection In rare scenarios, a memory leak may occur in a crypto module.
PRJ-21726,
PMTR-64420
Content Awareness In a rare scenario, Security Gateway may crash when CPcode is running within Content Awareness or parser flow.
PRJ-20269,
PRHF-14501
Anti-Malware Packet capture may not be generated for certain IPS protections.
PRJ-23036,
PMTR-65728
Anti-Malware In rare scenarios, Security Gateway may crash if event app debug is enabled.
PRJ-20586,
VPNRA-642
Mobile Access Removed potential XSS vulnerability in the MAB Login page.
PRJ-14603,
PMTR-56744
Mobile Access In some scenarios, pinger (MAB process that handles the ActiveSync traffic) may stop working.
PRJ-21643,
PMTR-60226
Mobile Access Mobile Access may overwrite the /etc/hosts file on Security Gateway.
PRJ-22150,
PMTR-63571
ClusterXL During active-active-bridge mode, the "show routed cluster-state" command may display some members as slave instead of master.
PRJ-19517,
PRHF-14206
ClusterXL In some scenarios, the required interface value is higher than it should be when adding a VLAN interface.
PRJ-21349,
CLUS-1804
ClusterXL In some scenarios, a large quantity of logs is generated on cluster VIP API.
PRJ-22289,
PMTR-62849
SecureXL TCP reset packets may be dropped with an invalid sequence.
PRJ-18062,
PMTR-60766
SecureXL UPDATE: Changed the "accept out of state" global parameter usage and added support to change it for specific VS. Refer to sk147093.
PRJ-22916,
PRHF-15478
SecureXL Improved the Smart Connection Reuse feature to be consistent with the user configuration.
PRJ-22436,
PRHF-15755
SecureXL In some scenarios, the concurrent-conns rate limiting count may be inaccurate for FTP data connections. 
PRJ-20546,
PRHF-14680
SecureXL Security Gateway may crash when there are interfaces that do not need the ARP resolution (VTI).
PRJ-19372,
PRHF-14133
SecureXL Security Gateway may crash when the user runs "fwaccel tab -t" to view certain rate limiting tables that have a large number of entries.
PRJ-20433,
PMTR-58524
SecureXL In some scenarios, DOS/Rate Limiting rules that do not work as expected, may be created.
PRJ-22168,
PRHF-15607
SecureXL Rate limiting rules using concurrent-connection counters may cause connections to be blocked. 
PRJ-23145,
PRHF-16038
Routing UPDATE: Added "$" to the list of allowed characters for BGP MD5 authentication passwords in in WebUI and CLI.
PRJ-23499,
PMTR-66838
Routing UPDATE: Added support for PBR with VTI/VPN interfaces.
PRJ-22900,
PMTR-48384
Routing In some scenarios, OSPF configured with unnumbered VTI on cluster frequently moves between "Full" and "EXSTART" status.
PRJ-21260,
VSX-2520
VSX Allow the addition of routes with specific group of type "Group with Exclusion" when using VSX Provisioning tool.
PRJ-20818,
PMTR-63247
VPN NEW: Added 3 new views to SmartView for Remote Access, providing visibility for Remote Access users, users login summary, failed login attempts, used clients, top login options, number of users, operating systems, authentication methods and login activity.
PRJ-22413,
PMTR-60014
VPN In some scenarios, L2TP tunnel is not deleted completely upon disconnection. 
PRJ-19904,
PRHF-14090
VPN Mobile Access SNX may fail to connect to the Security gateway when the realm used by the client is different for the SSL VPN realm.
PRJ-21543,
PMTR-64128
VPN Added VPN Remote Access stability improvement.
PRJ-23303,
PMTR-66146
VPN In rare scenarios, the vpnd process may stop working in an L2TP-related flow. 
PRJ-14485,
PRHF-11938
VPN Tunnel Test packets may be dropped by Secure Configuration Verification (SCV) check when implied rules are disabled. Refer to sk168033.
PRJ-21648,
PRHF-15006
VPN When static NAT is configured on a destination, the SCV may fail to access the internal resources and "No scv status from client..." drops appear in SmartConsole. Refer to sk171550.
PRJ-22922,
PMTR-62465
Gaia OS "kernel: [SIM4];resume_from_error: failed to get ci_or_corr" error message may be printed numerous times in /var/log/messages file while running UDP Traffic Load. Refer to sk172543.
PRJ-23734 Gaia OS NEW: Added support for Smart-1 6000-L/XL and 600-S/M appliances. Refer to sk171903.
PRJ-21665,
PRHF-15328
Gaia OS In some scenarios, policy installation on a Check Point Gateway in Azure causes the Gateway to crash and load a default policy. Refer to sk171553.
PRJ-15438,
PMTR-56379
Gaia OS In rare scenarios, SNMP user details may be visible in /var/log/messages file.
PRJ-24043,
DP-7201
Gaia OS Captive Portal / SAML portal may not work after installation with Blink image.
PRJ-19976,
PMTR-62104
Gaia OS In some scenarios, bond interface bandwidth monitored via SNMP is missing.
PRJ-14087,
PMTR-49877
Gaia OS In some scenarios, the force-password-change option does not work.
PRJ-22215,
PRHF-15159
Gaia OS "show configuration on" may not expose bond' members.
PRJ-18940,
PRHF-13812
Gaia OS In some scenarios, the "... fwldbcast_handle_retrans_request: Updated bchosts_mask to 1" message may be printed in /var/log/messages file.
PRJ-17685,
PMTR-60173
Gaia OS When upgrading with enabled Management Data Plane Separation (MDPS), an additional reboot may be required.
PRJ-21922,
PRJ-17304
Gaia OS Unable to set MTU on Igb cards.
PRJ-18851,
PRHF-13802
Gaia OS In some scenarios, the "show arp dynamic all" command displays values of VS0 instead of VS.
PRJ-16961,
PRHF-12751
Gaia OS In some scenarios, the "rhost" value may be missing from logs when the user tries to access the WebUI.
PRJ-21720 Gaia OS The "show configuration" command cannot print Gaia user with spaces in name.
PRJ-23585,
MBS-9917
Gaia OS In some scenarios, Bond interface's slaves stop sending LACP Traffic after reboot. Refer to sk169977.
PRJ-23252,
PMTR-67034
Gaia OS Added timestamp, hostname and syslog version control to syslog messages. Refer to sk100727.
PRJ-22793,
PRHF-15900
Gaia OS In rare scenarios, "show asset network" command may lead to memory leak.
PRJ-17795 CloudGuard IaaS In some scenarios, a fail-over to the standby APIC server fails.
PRJ-20921,
PRHF-14900
QoS Security gateway may crash in QoS flow when interface goes down and up during packet processing.
R80.40 Jumbo HotFix - General Availability Take 102 (14 April 2021, GA from 21 April 2021)
PRJ-24912,
PMTR-67937
Security Management "Unauthorized client" error on login failure from an IP address that is not explicitly defined in the Trusted Clients list. Refer to sk173026.
PRJ-24582,
PMTR-56794
Identity Awareness In some scenarios, a Security gateway may crash after Take 100 installation due to Identity Awareness specific flow.
PRJ-23357,
PMTR-65962,
PRJ-24396,
PMTR-67460
Gaia OS UPDATE:  Upgraded OpenSSL to 1.1.1k to fix CVE-2021-3449 and add the latest security improvements. Refer to sk172983.
R80.40 Jumbo HotFix - Ongoing Take 100 (17 March 2021)
PRJ-21006,
PRHF-14969
Security Management NEW: Improved FWM process performance during Security policy or database installation. 
PRJ-20072,
MCFG-229
Security Management NEW: Optimized the Solr build time to improve performance in the following operations:
  • Restore of the entire MDS/MLM from backup
  • Upgrade from R80.10
  • Solr Cure
PRJ-20031,
PMTR-61770
Security Management UPDATE: When purging revisions, task notifications will also be purged if created before the last revision to purge was published.
PRJ-20450,
SMCUPG-1563
Security Management UPDATE: Added validation to block migration of a Domain to a Security Management if the Domain is assigned to the Global Domain.
PRJ-21872,
ODU-82
Security Management UPDATE: Added Update 8 of Infinity Threat Prevention Management (ITPM). Refer to sk167109.
PRJ-20855,
SMCUPG-1316
Security Management Management Server upgrade from R80.20 to R80.40 may fail if a Network Interface object refers to a Gateway object that does not exist.
PRJ-20842,
SMCUPG-1454
Security Management When migrating a Domain Management Server to a Security Management Server:
  • SmartEvent blade cannot be activated on the migrated domain.
  • If the Domain had standby Domain Servers, it may cause inconsistencies in the database, that may result in different failures. For example, policy installation may fail.
PRJ-20304,
PRHF-14634
Security Management In some scenarios, deleting a Domain Server may fail with "Got at least one duplicate UID in requested list" error.
PRJ-21586,
PRHF-15222
Security Management In rare cases, the CPM Solr process may not be stopped when running cpstop or mdsstop.
PRJ-16926,
PMTR-58592
Security Management Migrate of Security Management to a Domain on a Multi-Domain Server may fail if a previous migration attempt of the same Security Management already failed and a different Domain name was used for the second attempt.
PRJ-20765,
PRHF-14399
Security Management High load may occur on the Management Server when searching for a prefix of IP address that has more than 10 thousand matches.
PRJ-20995 Security Management In rare scenarios, the initiation of the Management server may take a long time.
PRJ-21359,
PRHF-14606
Security Management In some scenarios, the Purge Revisions task may stop and show 0% for hours or fail with the "An error has occurred while performing revision purge operation" message in SmartConsole.
PRJ-21591,
PRHF-15244
Security Management Although the Access Settings of the Management API is set to "All IP addresses", the API server does not accept requests from any IP address unless the IP is defined explicitly as a Trusted Client.
PRJ-17789,
PRHF-13382
Security Management In some scenarios, policy verification for static NAT rules succeeds even though the source subnet NAT is bigger than the destination subnet NAT.
PRJ-20887,
PRHF-14946
Security Management In some scenarios, when connecting to an existing session in SmartConsole from a different IP address, a wrong "Client IP" is shown in Audit Logs view.
PRJ-20804,
PRHF-14691
Security Management In some scenarios, delete partial domain with createDomainRecovery.sh script fails when there are several RadiusGroup objects with the same name in different domains.
PRJ-15744 Multi-Domain Management UPDATE: When running Reassign Global Domain for a Domain that is active on another Multi-Domain Server, the task is immediately relayed to the remote Multi-Domain Server without waiting in queue of the local server due to other tasks that are running.
PRJ-21275,
SMCUPG-1625
Multi-Domain Management In some scenarios, HA Full Sync on the System Domain fails after upgrade on a Multi-Site environment with multiple Multi-Domain Servers. Refer to sk171059.
PRJ-19995,
PRHF-14349
Multi-Domain Management After importing two (or more) Security Management servers into a Multi-Domain Server, the Gateway objects may not be functional:
  • The editor may not show configuration correctly
  • Security Gateway update may fail.
PRJ-16910,
PRJ-21342
Multi-Domain Management When running many Reassign Global Domain operations for Domains that are not active on the current Multi-Domain Server, the load on the Server may increase and result in slowness of user and automation work.
PRJ-21213,
PMTR-60619
Multi-Domain Management Migration of a Domain assigned to a Global Domain may fail with the "Dynamic object: not found" error.
PRJ-22276,
PMTR-65110
Multi-Domain Management In some scenarios, updating a Domain Server may fail with the "<IP> already in use" message. Refer to sk171916.
PRJ-19721,
PMTR-62272
Multi-Domain Management The Multi-Domain session APIs "view sessions" and "show last-published-session" results may include sessions that were not filtered according to the administrator's permissions profile.
  • A Domain manager running the API will be notified when the results will be filtered and will be asked to run the command again with the "ignore-warnings" flag.
PRJ-20786,
PRHF-13556
SmartConsole When the user creates an Access Role, the AD organization tree may show duplicate branches, and some branches may be missing.
PRJ-20951,
PMTR-62383
SmartConsole After a network interface is removed by cluster API, a network group assigned to that interface remains as used by cluster members and cannot be deleted.
PRJ-20910,
PMTR-63302
SmartConsole In some scenarios, deleting a policy fails.
PRJ-21389,
PMTR-63149
SmartConsole Slowness may be observed in some SmartProvisioning operations (like open SmartProvisioning GUI, create a new LSM object, open an LSM object editor, etc.).
PRJ-20240,
PRHF-14533
SmartConsole When there are no search results, search in Access Control Policy displays "An error occurred while searching" instead of "No Items Found".
PRJ-20315,
PRHF-14637
SmartConsole In some scenarios, the "show gateways-and-servers" Management API command fails when running it with details-level full and when connected to the Global Domain. Refer to sk170895.
PRJ-19141,
PRHF-14010
SmartConsole In some scenarios, the "add-user" API command with authentication method TACACS+ or Radius server fails with "object not found" message. Refer to sk170325.
PRJ-19931,
PRHF-14278
SmartConsole In rare scenarios, the "Show Policy Package" tool and some Management  API commands with details-level "full" may fail when UTM cluster is part of the policy targets.
PRJ-21525 SmartConsole In a rare scenario, Automatic NAT rules are not visible in SmartConsole.
PRJ-18922,
PRHF-13879
SmartConsole In some scenarios, the "show-access-rulebase" Management API command fails when running it with details-level "full" and there is a network group with more than 50000 objects on one of the rules. Refer to sk170435.
PRJ-21159,
PMTR-63555
SmartConsole If there is an HTTPS Inspection layer that is not used in the policy, policy installation may fail with the "Internal error" message. 
PRJ-20874,
PMTR-62957
SmartView UPDATE: To improve performance, SmartView now exports data in CSV format instead of Excel.
PRJ-18860,
SL-4613
Logging NEW: Added support for Endpoint Forensics reports to get-attachment API.
PRJ-12202,
PRHF-10306
Logging In some scenarios, the "Failed to fetch the file" error is displayed when trying to open Threat Emulation summary reports generated by VSX Gateways.
PRJ-20563,
PMTR-58714
Logging In rare scenarios, the Log Exporter fails to connect to external destination when using the TLS protocol.
PRJ-17356,
PMTR-59205
Logging FWM and\or log_indexer processes may repeatedly stop when there are more than ~500K network objects declared. Refer to sk164452.
PRJ-21155,
PRJ-21078
Logging In rare scenarios, the FWD process on the Security gateway may be blocked for several seconds due to processing of log attachments.
PRJ-10292,
PRHF-7415
Logging In rare scenarios, a log may display incorrect values in the Action and Rule field. Refer to sk170676.
PRJ-19010,
PRHF-13936
Logging In a rare scenario, CPD process may use a random port for AMON communication instead of port 18196.
PRJ-20091,
PRHF-13973
Security Gateway UPDATE: Service with source port in the Access rulebase will no longer disable accept templates for all connections.
PRJ-18487,
PMTR-61165
Security Gateway In some scenarios, repeating "fwx_alloc_global_find_free_port_atomic: rtsp pending port doesn't match the same pool" errors are displayed in dmesg when using Hide NAT with VoIP.
PRJ-19585,
PMTR-61102
Security Gateway In some scenarios, "email_unified_cmi_get_attribs: not valid caller: up_log_get_user_hash" error appears in dmesg for SMTP traffic.
PRJ-19704,
PMTR-62215
Security Gateway In rare scenarios, a memory leak may occur in TOPOD process.
PRJ-19851,
PRHF-14268
Security Gateway In some scenarios, a memory leak may appear after sending a packet from the kernel.
PRJ-20900,
PRHF-14824
Security Gateway In some scenarios, the DNS requests from the Security gateway may fail.
PRJ-20632,
PRHF-14378
Security Gateway In rare scenarios, high memory consumption in CPD may occur due to a memory leak in authentication flow with an LDAP server.
PRJ-20655,
PMTR-63092
Security Gateway Accept logs with reason "Connection terminated before detection: Insufficient data passed. To learn more see sk113479." may be wrongly generated when the matched action is user authentication and wrong username/password provided by user.
PRJ-20955,
PRJ-20953
Security Gateway In some scenarios, logs with incorrect action are generated by ICAP server.
PRJ-20385,
PRHF-13431
Security Gateway In a rare scenario, Access Control policy installation may fail after upgrade of Security Gateway from R80.10 or below to R80.20 or higher.
PRJ-21111,
PRHF-14953
Security Gateway Authentication may fail when LDAP branch name contains "\".
PRJ-11205,
PRHF-9029
Security Gateway In some scenarios, traffic that is matched on implied rule is dropped while it should not.
PRJ-21021,
PRHF-12746
Security Gateway In rare scenarios, proxy ARP entries may be deleted when installing a policy.
PRJ-21361,
PMTR-52835
Security Gateway Traffic may be dropped when the Hide NAT is configured on IPv6 host.
PRJ-20340,
PRHF-14616
Security Gateway In rare scenarios, passive FTP packets may be dropped.
PRJ-19307,
TEX-1906
Threat Extraction UPDATE: Threat Extraction ( Sanitization) will be automatically disabled when Infinity Threat Prevention mode is installed while the machine does not have enough resources (RAM).
PRJ-17874,
PRHF-10279
HTTPS Inspection UPDATE: "Categorize HTTPS websites" feature enhancements when "Categorize HTTPS Sites" feature is enabled:
  • Improved enforcement of first connection when URL Filtering setting is 'Hold' mode
  • Added SNI information to connection logs when connection is matched on rule with "Extended Log"
  • Hold mode granularity
PRJ-20407,
PMTR-52421
Identity Awareness NEW: Added the Identity Awareness performance and memory consumption improvements. Refer to sk170516.
PRJ-20862,
IDA-3642
Identity Awareness In some scenarios, there may be enforcement issues for MUHv2 users due to table mismatch.
PRJ-23655,
PRHF-10292
Identity Awareness In Identity Awareness Captive portal, the default Check Point logo is displayed even if the user-defined logo is configured. Refer to sk133492.
PRJ-20847,
PRHF-14347
Identity Awareness In some scenarios, рunning pdpd commands results in "daemon did not respond or not running!" error. Refer to sk171136.
PRJ-20348,
PRHF-14266
IPS In a rare scenario, the SmartConsole shows the "IPS is not responding" message even though IPS is functioning normally.
PRJ-20096,
PMTR-59101
DLP UPDATE: Added support for multi-part data to DLP.
PRJ-20838,
PRHF-14744
DLP Improved DLP scanning for POST request to some Web sites.
PRJ-18842,
PRHF-13322
SSL Inspection In rare scenarios, a memory leak may occur during policy installation.
PRJ-20936,
PRHF-14978
SSL Inspection The AES-NI (Intel® Advanced Encryption Standard New Instructions) status is not displayed and "dmesg | grep AES-NI" returns no output. Refer to sk170779.
PRJ-18596,
PRHF-13478
Anti-Malware In a rare scenario, Security gateway may crash when the Threat Prevention Forensics feature is enabled.
PRJ-20976,
PRHF-14820
Anti-Malware In rare scenarios, the Threat Prevention policy installation fails due to IOC parsing errors. Refer to sk171316.
PRJ-19041,
PRHF-13886
UserCheck In some scenarios, users cannot restore original attachment via UserCheck portal and receive the "An unexpected error has occurred" error message.
PRJ-19204,
PRHF-13935
ClusterXL UPDATE: Added the option to display only monitored interfaces to "show cluster members <option>" command:
  • In Gaia Clish, run "show cluster members monitored"
  • In Expert mode, run "cphaprob -m tablestat"
PRJ-20535,
PRHF-14728
ClusterXL In some scenarios, data connections are dropped with "First packet isn't SYN" message on ClusterXL Load Sharing.
PRJ-19392,
PRHF-14115
ClusterXL "set router active-active-mode" settings do not survive а reboot.
PRJ-19925,
PMTR-58748
ClusterXL In rare scenarios, running cphastop;cphastart may cause a cluster member to stay in "Down" state.
PRJ-16516,
MBS-11708
SecureXL NEW: Added the ability to enable monitor-only mode for penalty box independently of other DOS/Rate limiting features.
PRJ-18323,
PRHF-13474
SecureXL UPDATE: Drop templates can be generated for connections with matched action Reject. For additional information and configuration, refer to sk171146.
PRJ-19664,
PRHF-13929
SecureXL In some scenarios, connections are dropped when SYN Defender and ISN Defender are both enabled on the same interface.
PRJ-17404,
PRHF-13153
SecureXL In some scenarios, PPTP or GRE traffic may be dropped. Refer to sk170293.
PRJ-19406,
PMTR-60870
SecureXL In some scenarios, Rate Limiting rules for DoS do not work after reboot. Refer to sk170148.
PRJ-15662,
PMTR-57216
Routing UPDATE: Display of routing CPview results is limited to 30 lines.
PRJ-19629,
PRHF-14280
Routing ip-reachability-detection ping marks a target IP address as "unreachable" if the path goes via a VPN tunnel, although pinging this IP address directly works.
PRJ-20964,
VSX-2519
VSX After running "vsx_util vsls" and selecting option #6, the operation may fail with the "Internal Error: got empty reply set" error. Refer to sk171352.
PRJ-20149,
PRHF-14537
VSX In rare scenarios, some interfaces remain in "Down" state after reboot. Refer to sk171753.
PRJ-15447,
PMTR-55887
VSX In some scenarios, there may be high CPU utilization in a VSX environment with several instances.
PRJ-15550,
PRHF-11629
VPN UPDATE: Added the TTM-per-group feature improvement that allows it to work with more client types (for example Nemo client).
PRJ-17494,
PRHF-13007
VPN In IKEv2 renegotiation scenario, IPSec SAs may be deleted on a standby cluster member during post sync causing a VPN traffic outage. Refer to sk172926.
PRJ-19424,
PRHF-13784
VPN In some scenarios, the vpnd process stops working with Segmentation fault.
PRJ-18271,
PRHF-13543
VPN The VPND process on a standby cluster member may stop working when VPN peer has a probing link selection configured. Refer to sk170136.
PRJ-20414,
PRHF-14429
VPN In some scenarios, the IKE QM negotiating issue with Windows Server 2008 R2 peer may occur.
PRJ-20522,
PRHF-14766
VPN In a rare scenario, the FWM process stops working when enrolling a certificate using the SCEP protocol.
PRJ-13821,
PRHF-10420
VPN Access roles do not recognize Remote Access SNX CLI clients.
PRJ-20868,
PMTR-56565
VPN In some scenarios, the VPND process keeps re-downloading the same CRL, which can cause performance issues.
PRJ-12242,
PRHF-10370
VPN When clicking "View..." in Trusted CA object's OPSEC PKI tab, this may show the "Failed to get a certificate of <object name> from keyset" error. Refer to sk166496.
PRJ-20948,
PMTR-63287
VPN In some scenarios, L2TP clients disconnect from the Security gateway after 10 minutes of the connection.
PRJ-20644,
PMTR-63280
VPN In some scenarios, the VPND process may stop working.
PRJ-19216,
PRHF-13685
VPN Site to Site VPN fails to establish with IKEv2 on GCP when NAT-t is enabled.
PRJ-20542,
PMTR-62883
Gaia OS UPDATE: OpenSSL was updated to version 1.1.1i to include the latest code fixes and security improvements.
PRJ-19146,
PMTR-55383
Gaia OS UPDATE: Added the option to bind IP addresses to sockets using the udp_connect API. Refer to sk171019
PRJ-20958,
GAIA-6704
Gaia OS UPDATE: Added support for multiple commands definition in Dynamic CLI feature.
PRJ-11114,
PMTR-50378
Gaia OS UPDATE: Updated the arp table limit to 131072 in:
  • "set arp table" maximum entries through WebUI
  • Help description of "set arp table cache-size" in CLI
PRJ-18091,
PRHF-13475
Gaia OS Messages log level in /var/log/messages file for ERR level was changed to INFO level when fetching proxy configuration from Clish/WebUI/Gaia API.
Example: [DATE TIME] <daemon.err> ... xpand[25958]: proxy_live_get_proc: Started...
PRJ-20045,
PMTR-55456
Gaia OS Potential command injection in Clish when using the "show file" command. 
PRJ-17319,
PRA-1520
Gaia OS The syslog messages may be spammed when the "show asset all" command is running.
PRJ-19624,
PMTR-58288
Gaia OS Extended commands are missing after adding Dynamic CLI. 
PRJ-20741,
PMTR-63201
Gaia OS CVE-2020_25705: ICMP reply rate.
PRJ-16259,
PRHF-5016
Gaia OS A Timestamp in Unix/Epoch time may not be updated when the user changes a password using hash.
PRJ-20916,
PMTR-58250
Gaia OS In some scenarios, like defected LOM card, or when LOM port exists, but no LOM is connected, the confd process may stop working.
PRJ-19236,
PRHF-14046
Mobile Access There may be a delay when connecting to HTTPS based SMS portal over a non-standard proxy port. Refer to sk170497.
PRJ-20090,
PRJ-19772
Endpoint Security Database size may increase exponentially because dynamic packages are packed into exported .tgz using migrate_export
PRJ-21749,
PMTR-60418
Endpoint Security On the SmartEndpoint Reporting page, the "Endpoint Connectivity" report that is filtered by a virtual group returns an empty list. 
PRJ-21914,
PMTR-50113
Endpoint Security In some scenarios, the "Endpoint Security Client Version" report shows "N/A" in DAT Date column for all devices on the SmartEndpoint Reporting page.
PRJ-19312,
PRHF-13909
CloudGuard IaaS When creating a GCP Data Center, Test Connection may fail on large GCP accounts.
R80.40 Jumbo HotFix - General Availability Take 94 (07 March 2021, GA from 14 March 2021)
PRJ-23502 Security Gateway Security Gateway may freeze on boot when enable IPv6 and IPv4 with 40 instances in Kernel mode. Refer to sk172364.
R80.40 Jumbo HotFix - Ongoing Take 93 (21 February 2021)
This Take contains all fixes from Take 92 except PRJ-19544 and PRJ-20164. If you already have Take 92 installed, do not install Take 93.
R80.40 Jumbo HotFix - Ongoing Take 92 (31 January 2021)
PRJ-19892,
PMTR-62429
Security Management NEW: Added new Management HA utility to schedule automatic full syncs to peers that failed to be synchronized incrementally.
PRJ-19544,
ODU-73
Security Management NEW: Added Update 6 of Infinity Threat Prevention Management (ITPM). Refer to sk167109.
PRJ-20164,
ODU-76
Security Management NEW: Added Update 7 of Infinity Threat Prevention Management (ITPM). Refer to sk167109.
PRJ-20000,
PRHF-14293
Security Management UPDATE: Added improvements in policy load process, to reduce the policy installation time when having large amount of objects.
PRJ-13465 Security Management UPDATE:  if a Management HA synchronization stalls (displaying "Peer is busy"), it will be released within 2 hours instead of 24 hours.
PRJ-17728,
PRHF-13278
Security Management Upgrade may fail if a Data Center object was last modified by an Administrator with a single quote in the name.
PRJ-19273,
PRHF-14074
Security Management Policy installation duration may increase due to large $FWDIR/conf/invalid_object_names.C file on the Management server. Refer to sk170427.
PRJ-18475,
PRHF-13644
Security Management In some scenarios, the first environment variable configured using sk165938 is not loaded and not used by the CPM process.
PRJ-19951,
PRHF-14394
Security Management The Management HA window in SmartConsole may mistakenly show the "Peer is busy" warning message for a few seconds.
PRJ-18898,
PRHF-13860
Security Management Policy installation may fail after migration from Domain Management to Security Management Server.
PRJ-20112,
PMTR-60541
Security Management In a rare scenario, the FWM process stops working.
PRJ-17213,
PRHF-12851
Multi-Domain Management UPDATE: With this fix, mds_backup will backup the Upgrade Tools package(s) and mds_restore will restore them on a Multi-Domain Server.
PRJ-19277,
PRHF-13977
Multi-Domain Management In rare scenarios, Management server becomes inaccessible after Global Policy reassign operation.
PRJ-17562,
PRHF-12885
Multi-Domain Management In some scenarios, reassigning a Global Policy may fail if the Global and local domains are not active on the same Multi-Domain Server.
PRJ-20247,
PMTR-62490
SmartConsole UPDATE: A pop-up warning will be displayed every time a "Custom Application" object with a performance impacting URL is edited (instead of being displayed only once).
PRJ-20147,
PRJ-20145
SmartConsole SmartConsole may disconnect when searching in the Object Explorer for the text with an odd number of double quotes.
PRJ-19534,
PMTR-62078
SmartConsole In some scenarios, when adding a new user certificate of type .p12 via API command, the returned certificate may be incorrect.
PRJ-18884,
PRHF-13818
SmartConsole Setting values for the environment variables of the Management API as per sk165938 does not work: the values are neither loaded nor used by the API process. 
PRJ-13808,
PRJ-13810
SmartConsole In some scenarios, the Administrators view shows all administrators in all domains regardless to specific permission profile of the connected administrator.
PRJ-15854,
PMTR-56428
SmartConsole In rare scenarios, Web Components in SmartConsole such as "Revert to Revision" or "Packages Repository" fail to load.
PRJ-13123,
PRHF-11105
SmartConsole In some scenarios, the "Update operation failed" error is displayed when attempting to delete a Gateway from the VPN community. Refer to sk167212.
PRJ-13813,
PMTR-19017
SmartConsole In some scenarios, when the user attempts to delete a VSX Gateway / VSX Cluster, an error message may appear and the operation may not be completed successfully. Refer to sk167492.
  • Requires R80.40 SmartConsole Build 416 (or higher).
PRJ-20380,
PMTR-62935
SmartConsole Adding Global dynamic objects to source or destination columns of access rules on the Global Domain via Management API may fail when using the Global dynamic object names.
PRJ-19833,
PMTR-50205
SmartConsole The "show objects" command returns all objects in Global domain with any filter when "ip-only" flag is set to "true".
PRJ-17994,
SL-2106
Logging NEW:
  1. Log Exporter can now schedule a recurring reconnection to the target 3rd party server periodically. This allows usage of a Load Balancer component for target servers.
  2. The target 3rd party server can be declared as a DNS name also when using UDP protocol.
PRJ-14289,
SL-1901
Logging UPDATE: Added ability to SOLR process running on the Log server to prevent TLS1.1 and below in port 8211. Refer to sk168472.
PRJ-19716,
PMTR-53967
Logging When installing a newer Jumbo Hotfix, the Log Exporter filtering configuration may not persist and set to default.
PRJ-16176,
PMTR-55550
Logging In some scenarios, the cpsemd process on the Log server may close unexpectedly during a restart, shutdown or upgrade. 
PRJ-19845,
PMTR-62010
SmartView UPDATE: Improved the time resolutions usability (formally known as samples) of the Timeline widgets.
PRJ-19858,
PMTR-57101
Security Gateway NEW: Added Performance improvement when IP Pool NAT is used.
PRJ-11790,
AVIR-479
Security Gateway False "alert" logs may be displayed in some Anti-Spam events.
PRJ-20515,
PRHF-14630
Security Gateway In some scenarios, when using routing separation, connection to Management Plane via Data Plane is dropped.
PRJ-18630,
PRHF-11912
Security Gateway Wrong memory (hmem) values may be reported by specific SNMP OID. Refer to sk168992.
PRJ-19941,
PMTR-61708
Security Gateway In some scenarios, policy installation fails with "Error code 1-2000245".
PRJ-20057,
PMTR-62886,
PRJ-20058,
PMTR-62887,
PRJ-20058
Security Gateway In rare scenarios, a Security Gateway memory consumption may increase.
PRJ-19161,
TEX-1482
Threat Extraction UPDATE: Threat Extraction will no longer attempt to perform "Convert to PDF" if the file is corrupted, because the resulting files in these cases are usually unreadable.
To reactivate this behavior, set the "enable_alternative_scrub_method" variable in $FWDIR/conf/scrub_debug.conf file to 1 and install the Security policy.
PRJ-13175,
PMTR-53443
Identity Awareness UPDATE: Optimized memory usage in the PDP process’s LDAP operations. 
PRJ-19749,
PRHF-14338
Identity Awareness In some scenarios, the Security Gateway may not recognize an IP address as a local address, resulting in wrong drops. 
PRJ-19639,
PMTR-61982
Identity Awareness In some scenarios, when a standby cluster member receives RADIUS accounting updates, there may be high CPU on the PDP process.
PRJ-18180,
MBS-12220
URL Filtering In some scenarios, the wstlsd process may stop working and produce a core dump.
PRJ-13499,
PRHF-10943
IPS In some scenarios, a non-compliant IMAP traffic is dropped. 
PRJ-19300,
PRHF-13560
IPS In some scenarios, log output shows the Origin/Source as "0.0.0.0" in VSX 3rd party IPS logs.
PRJ-19922,
PRHF-14156
DLP UPDATE: Expanded DLP postfix authentication to include NTLM to allow the Security gateway to connect to a mail servers that use the NTLM authentication protocol.
PRJ-19598,
PRHF-14259
DLP UPDATE: Improved the DLP scans queue for a better scan rate.
PRJ-18987,
PMTR-59795
DLP In a rare scenario, "SEC Filings - Draft or Recent" Data Type in DLP is not properly enforced.
PRJ-19744,
PRHF-13998
Anti-Bot Dynamic Global Network Object usage inside a Network Group object may cause an Access Policy installation failure.
PRJ-17375,
PMTR-56403
Anti-Malware NEW: Enable the option to inspect files running through SSH protocol with Threat Emulation blade.
PRJ-16623,
PRHF-12737
Anti-Malware Exported with "ioc_feeds export" command indicator feeds may contain user credentials. Refer to sk169035.
PRJ-17599,
PMTR-60017
Anti-Malware Files transferred with SMBv3 multi-channel may be improperly handled.
PRJ-15223,
PMTR-54248
Anti-Malware In a rare scenario, HTTP connections are timed-out.
PRJ-17843,
PMTR-58416
Anti-Malware In some scenarios, Threat Prevention logs appear half-full (not unified).
PRJ-9945,
PRHF-8315
Anti-Malware In some scenarios, multiple files called "ckp_mutex" are created on the Security Gateway.
PRJ-18123,
PMTR-60801
Anti-Malware In some scenarios, a Threat Prevention policy installation fails after upgrade if the Custom Intelligence Feeds feature is enabled with Hash IOCs.
PRJ-17320,
PMTR-59463
Anti-Malware In some scenarios, files bigger than 4GB cannot be downloaded with HTTP-206 flow.
PRJ-17326,
PRHF-13031
Mobile Access Remote access connectivity failure when the user belongs to number of groups that exceeds the limited available space (200~ groups).
PRJ-14941,
PMTR-56844
SecureXL UPDATE: "fwaccel dos blacklist" and "fwaccel dos whitelist" commands are deprecated and replaced by "fwaccel dos deny" and "fwaccel dos allow". Refer to sk112454.
PRJ-20027,
PRHF-14228
SecureXL Server may not reuse the TCP connection when the user allows out of state TCP packets.
PRJ-20050,
PRHF-14165
SecureXL Memory leak may appear in VPN or Active Streaming configuration.
PRJ-18085,
PRHF-13507
SecureXL SNMP may show wrong values for the number of bytes and packets accepted by Security gateway. Refer to sk170132.
PRJ-20055,
PRHF-14417
SecureXL In rare scenarios, SecureXL may crash due to NULL handling.
PRJ-18279,
PMTR-56203
Routing UPDATE: Updated PBR and ABR functionality for the "Software Blades and related components" feature. Refer to sk167135.
PRJ-18280,
PMTR-58528
Routing Certain types of multicast traffic may not be handled correctly in Bridge mode.
PRJ-19463,
PMTR-60878
Routing Routed logs may incorrectly state that routemaps that export to OSPF cannot set the OSPF manual tag, even though the functionality works.
PRJ-20048,
PRHF-14304
Routing In some scenarios, large number of unnecessary log messages may be sent to /var/log/messages file which makes it difficult to run debug. Refer to sk170796.
PRJ-18664,
PMTR-61601
Routing PBR does not work with VTI/VPN.
PRJ-20444,
ROUT-1325
Routing The old route may be not removed when an BGP ECMP route was changed.
PRJ-20439,
PMTR-45014
Routing ECMP route nexthops learned from BGP peers may be not properly updated in the kernel, resulting in network connectivity loss.
PRJ-20242,
PRHF-14562
Routing In rare scenarios, confd or routed process may restart.
PRJ-20598,
PRHF-14400
VoIP VoIP’s RTP can cause overload on global instance (CoreXL instance 0).
PRJ-18772,
PMTR-61381
VPN NEW: Added Remote Access VPN performance improvement.
PRJ-18788,
PMTR-60976,
PRJ-19674,
PMTR-62275
VPN NEW: Added VPN command line mechanism stability enhancement and VPN improvements in IKEv2.
PRJ-17487,
PMTR-40127
VPN NEW: Added Anti-Spoofing functionality for Remote Access Office Mode IPs in SecureXL.
PRJ-16341,
PRHF-12447
VPN The user may be unable to connect with Remote Access when the username or user field in the certificate is too long. 
PRJ-21086,
PMTR-60933
VPN "Decryption failed" drop logs may appear under heavy VPN load for accelerated tunnels using SHA 384 or SHA 512 Ciphers.
PRJ-20333,
PMTR-62776
VPN Security gateway may crash when you install policy on a MAB gateway and a policy file is corrupted.
PRJ-20275,
PRHF-14308
VPN In a rare scenario, a memory leak may appear when RASession_util is active.
PRJ-19671,
PMTR-61913
VPN In some scenarios, Remote Access Endpoint client disconnects after roaming from Visitor Mode to NAT-T.
PRJ-21682,
PRHF-15321
VPN When IKEv2 and pre-shared-key is configured, VPN may fail on the second IKE SA re-key. Refer to sk171756.
PRJ-19531,
PRJ-19562
Gaia OS NEW: Gaia API (version 1.5) will now be deployed via Jumbo Hotfix.
PRJ-20471,
PRHF-14653
Gaia OS UPDATE: On Scalable Platforms, added ability to force a Security Gateway to access Management/Log-Server via the NATed IP address for fetching policy or sending logs, by running this command on the Security Gateway: ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 FORCE_NATTED_IP -n 1
PRJ-17719,
PRHF-13075
Gaia OS In some scenarios, one session disconnection of RADIUS users can cause another session to loose permission when one of the session terminates.
PRJ-20943,
PMTR-63343
Gaia OS Upgrade process may fail due to corrupted sic_local_cert.p12 certificate. Refer to sk171253.
PRJ-18610,
PMTR-60804
Gaia OS Bond interface in XOR mode or 802.3AD (LACP) mode may experience suboptimal performance, if on the Bond interface the Transmit Hash Policy is configured to "Layer 3+4" and Multi-Queue is enabled.
PRJ-18503,
PMTR-60820
VSX UPDATE: Added support for VSX SecureXL tabs on CPView. Refer to sk167903.
PRJ-17831,
PMTR-53549
VSX VSX VSLS Cluster with 3 Members may fail to connect to Identity Collector. Refer to sk170836
PRJ-16457,
PRHF-12691
VoIP SIP parser may cause the wrong RTP dynamic connection to be opened. Refer to sk169373
PRJ-19133,
PRHF-13981
Endpoint Security NEW: Integrated support for Endpoint Anti-Malware E2 signatures updater.
PRJ-19726,
PRHF-14269
Endpoint Security After changing the Full Disk Encryption to Bitlocker in SmartEndpoint FDE policy, the login to Windows machine with the Endpoint client says "This account is disabled". Refer to sk170655.
R80.40 Jumbo HotFix - General Availability Take 91 (16 December 2020, GA from 26 January 2021)
PRJ-19279,
PMTR-60665
Security Management NEW: The upgrade process is being monitored dynamically and will be stopped if it cannot be completed, not basing on a timeout.
PRJ-13934 Security Management Login with SmartConsole may be blocked while purge revisions action is running.
PRJ-19084,
PRHF-13972
Security Management In some scenarios, HA synchronization may fill up the disk space of a standby Management Server. Refer to sk168492.
PRJ-18379,
PMTR-53043
Security Management In some scenarios, SecurID configuration files on the Security Gateway are overridden upon policy installation.
PRJ-18817,
PRHF-13819
Security Management Management HA synchronization between Multi-Domain Management Servers may fail with "Failed to import data" error due to manual or automatic updates of contracts.
PRJ-18030,
PMTR-58678
Security Management In some scenarios, export of EndPoint package may fail due to FWM process that utilize 100% CPU.
PRJ-19021,
PMTR-61616
Security Management In rare scenarios, FWM process may stop working after a login attempt to the Management server.
PRJ-18492,
PRHF-13681
Security Management In rare scenarios, a policy installation task may never complete.
PRJ-13476,
PRHF-11299
Security Management Domain Servers may disappear from Multi-Domain view after running the Solr Cure utility.
PRJ-15906,
PRHF-12367
Security Management Security policy compilation fails if the Domain network object name (FDQN name) contains space.
PRJ-17692,
PRHF-13332
Security Management In some scenarios, HA temporary sub-directories under $FWDIR/tmp are not deleted if sync fails. Refer to sk170972.
PRJ-19131,
PRHF-13996
Security Management Advanced Upgrade from R80.10 to R80.40 with Jumbo Hotfix Take 83 may fail. Refer to sk170313.
PRJ-18288,
PMTR-61010
Security Management In rare scenarios, the CPU and memory usage of CPM process may be abnormally high. Refer to sk170672.
PRJ-18954,
PRHF-13948
Security Management Policy verification may fail with error "For security gateways R80.40 and higher, rules that use Access Roles can only have ‘Any Traffic’ or ‘RemoteAccess’ in the VPN column".
PRJ-16724,
PMTR-58803
Security Management
  • Exports of views and reports may fail when they are initiated while connected to SmartEvent with a new administrator.
  • Assign and Install Global Policy feature may fail with the "Timeout during task progress: Could not get information regarding task completion" error message.
For more information, refer to sk170632.
PRJ-18265,
PRHF-13607
Security Management 'Revert to Revision' tasks cannot be cleared from tasks pane in SmartConsole.
PRJ-16369,
PRHF-12594
Security Management When logging into SmartConsole directly to a Domain using Radius or TACACS, the Authentication method in the audit log may show as "Internal Password". Refer to sk168716.
PRJ-17763,
PMTR-58785
Security Management When migrating a Security Management Server that was created as a standby and then set to active, into a Domain Management Server, the new Domain is created without an active Domain Server.
PRJ-18690,
PRHF-13744
Security Management Database installation to the newly created Domain Log Server may fail.
PRJ-18907,
PMTR-61579
Multi-Domain Management In some scenarios, size of MDS backup file increases after each policy installation.
PRJ-18251,
PRHF-12413
Multi-Domain Management Migration of Domain Server between different Multi-Domain Servers may fail due to incorrect internal values of default objects.
PRJ-18970,
PRHF-13874
Multi-Domain Management The "cplic db_print -all -x" command fails when running on the MDS level.
PRJ-19647,
PMTR-62201
Multi-Domain Management In rare scenarios, a Domain is shown in the Domains view without any Domain Server or a Domain is shown with Domain Server that was deleted and does not exist anymore. Refer to sk170556.
PRJ-12845,
PMTR-53224
Multi-Domain Management Global Domain Assignment may fail with the "An internal error has occurred" message after deleting a Global VPN Community object.
PRJ-19320,
PMTR-61346
SmartConsole NEW: Added support for Python 3 in Management API scripts.
PRJ-18317,
PRJ-18314
SmartConsole NEW: Added 1600, 1800 and 1570R appliances to SmartConsole Hardware list.
PRJ-19202,
PRHF-13955
SmartConsole In some scenarios, when using the "set simple-gateway" API command with "logs-settings.forward-logs-to-log-server", it fails with "Generic server error". Refer to sk170352.
PRJ-19322,
PMTR-60220
SmartConsole In some scenarios, the api.csv file may show extra empty columns.
PRJ-19376 SmartConsole In a rare scenario, when user clicks on Mail Transfer Agent (MTA) options in the Security gateway settings or on 'Next hop' column inside MTA settings, SmartConsole shows "Not Responding" and freezes. Refer to sk161232.
  • Requires R80.40 SmartConsole Build 415 (or higher).
PRJ-20163,
PMTR-60372
SmartConsole Duplicate central licenses may be added to the management database. In some rare scenarios, this may lead to heavy load on the FWM process and prevent login.
PRJ-18382,
PRHF-13609
SmartConsole In some scenarios, running an action on a ROBO Gateway behind NAT does not work during sync on SMB appliances.
PRJ-17414,
PRHF-13223
SmartConsole When removing an object from a group using the “groups” field of the object’s module in the Ansible collection, the group will not be changed and Ansible will show that no changes are needed.
PRJ-18041,
PMTR-60761
SmartConsole In some scenarios, after a successful IPS update, the new IPS version does not appear under 'switch version' window.
PRJ-17643,
PRHF-13379
SmartConsole When creating a user with Check Point password authentication through the Management API, log in to Mobile Access portal may fail. Refer to sk170412.
PRJ-18592,
PMTR-60476
SmartConsole After enabling the Endpoint Policy Management blade on the Security Management Server, some views on SmartConsole may not load properly and SmartClient may disconnect.
PRJ-15743,
PRHF-12226
SmartConsole When using the "set simple-cluster" Management API command to update a user defined security zone, the "Specify security zone" checkbox in SmartConsole is not selected.
PRJ-18465,
PRHF-13551
SmartConsole In some scenarios, Staging mode IPS protections activation in the Local domain does not match the activation in the Global domain after a Global Threat Prevention policy assignment. Refer to sk170322.
PRJ-19057,
PMTR-34323
SmartConsole Upgrade may fail due to IPS protections comment that is exceeding the comment length limit.
PRJ-16706,
PRHF-12819
SmartConsole Enabling Threat Prevention policy may fail with validation errors when the policy's targets include cluster members running a version lower than R80.10.
PRJ-16979,
PRHF-12928
SmartConsole In some scenarios, some Web APIs fail with "Script stopped running due to severe error!" message when SMB gateway is defined as a policy target. Refer to sk169557.
PRJ-14107,
PRHF-11590
SmartConsole Search in Threat Prevention Exceptions in Protection/Site/File/Blade column may not return all expected results.
PRJ-15818,
PRHF-12352
SmartConsole In some scenarios, Management API does not start automatically after restart, although automatic start is enabled. Refer to sk168332.
PRJ-18327,
PMTR-58703
SmartConsole Exception group may be incorrectly deleted in the following scenarios:
  1. "Apply On" in exception group is changed from "Automatically attached to each rule with profile" to "Automatically attached to all rules".
  2. A profile that was attached to the exception group, is deleted.
  3. The group is removed from the exception groups list, however it remains in the Threat Prevention rulebase.
PRJ-18307 SmartProvisioning NEW: Added support for Threat Emulation blade on LSM profile of R80.20 SMB gateways and clusters.
  • Requires R80.40 SmartConsole Build 415 (or higher).
PRJ-17482,
PRHF-12997
SmartProvisioning In some scenarios, when recreating a ROBO object with the same name, the new object receives the previous status.
PRJ-14511,
PRHF-11981
CPView In some scenarios, CPView may stop working after upgrade from R80.20 GA.
PRJ-17209,
PMTR-59637
Compliance UPDATE: Added ability to select 'Any' in the Service column when creating a custom firewall Best practice.
  • Requires R80.40 SmartConsole Build 415 (or higher).
PRJ-17805 IoT NEW: Added IoT support to Multi-Domain Security Management.
  • Requires R80.40 SmartConsole Build 415 (or higher).
PRJ-18781,
PMTR-56281
SmartView In rare scenarios, "Critical attacks allowed by policy widgets" in "General Overview" view may show no results while actual data exists. Refer to sk171001.
PRJ-18339,
PMTR-60937
SmartView In some scenarios, SmartView fails to load with a "permission denied" error.
PRJ-19815,
SL-4358
Logging In rare scenarios, the log_indexer process may stop working when reading a specific log format. Refer to sk116117.
PRJ-11343,
PRHF-9582
Security Gateway NEW: Added support for authentication with a RADIUS server that expects to receive an empty password on the first message. VPN client will receive 2 dialogs instead of 3.
PRJ-17730,
PMTR-60363
Security Gateway UPDATE: Added a message informing that to enable Dynamic Balancing on models with less than 8 cores, GNAT must be enabled.
PRJ-16668,
PMTR-57277
Security Gateway UPDATE: You cannot manually configure Multi-Queue while Dynamic Balancing is active.
PRJ-17300,
PMTR-59775
Security Gateway Connections distribution may get unbalanced on VSX environment. Refer to sk169352.
PRJ-18833,
PMTR-61589,
PRJ-18831,
PRJ-19063
Security Gateway In rare scenarios, Security Gateway memory consumption may increase.
PRJ-19957,
PMTR-62477
Security Gateway Half-closed accelerated TCP connections may take too long time to expire.
PRJ-19195,
PRHF-13892
Security Gateway In some scenarios, when using routing separation, connection from data plane to management plane is dropped.
PRJ-10573,
PMTR-50743
Security Gateway In rare scenarios, SSH Deep Packet Inspection (SSH DPI) configuration may be lost after upgrade.
PRJ-17704,
PMTR-60122
Security Gateway After enabling USFW mode (User-Space Firewall) and rebooting, system boots in KFW (Kernel mode Firewall) instead. Refer to sk169956.
PRJ-17960,
PMTR-60574
Security Gateway In some scenarios, policy installation fails with "Error code 0-2000077".
PRJ-19179,
PMTR-61822
Security Gateway Connections may be wrongly matched on Domain or Updatable objects used in Security policy.
PRJ-13377,
PMTR-54887
Security Gateway The TCP State Logging feature may not work as expected.
PRJ-16089,
PRHF-12224
Security Gateway In rare scenarios, a memory leak may appear on Security Gateway in gconn table.
PRJ-16172,
IDA-754
Security Gateway After changing 'pdp nested_groups __set_state 2', flat groups are fetched correctly, but nested groups are not fetched. Refer to sk166199.
PRJ-18981,
PMTR-61179
Security Gateway In rare scenarios, Security Gateway may crash with USFW fwk core file.
PRJ-18247,
PRJ-18124
Identity Awareness NEW: Added Identity Sharing's performance and functionality improvements. Refer to sk170516.
PRJ-19106,
IDA-3240
Identity Awareness NEW: Performance optimization for Identity broker.
PRJ-18345,
PRHF-11733
IPS NEW: Added ability to send connection log per application match for ATM transactions identification. The functionality is disabled by default and can be enabled by using the "up_duplicate_connection_log_on_packet_matched_app_enabled" kernel parameter.
PRJ-13970,
PRHF-11634
IPS UPDATE: The "ips stat" command now shows all active Threat Prevention profiles with IPS enabled on the Security gateway.
PRJ-16446,
PRHF-12684
IPS The get_ips_statistics.sh script on VSX may fail with "/bin/cat: /proc/self/vrf: No such file or directory" error.
PRJ-18825,
PRHF-13605
HTTPS Inspection The user may not be able to browse with Chrome when using mixed chain with ECDSA subordinate CA in HTTPS Inspection. Refer to sk170332.
PRJ-17594,
PMTR-58055
HTTPS Inspection Connectivity issue may appear for inbound HTTPS Inspection when HTTP/2 is proposed by the client. Refer to sk169375.
PRJ-19465,
PMTR-58086
HTTPS Inspection In some scenarios, the HTTPS Inspection CA bundle is not created on the Security Gateway.
PRJ-17168,
PMTR-59212
Anti-Malware In a rare scenario, Security gateway may crash while processing SMB3 multi-channel when Anti-Virus blade is enabled.
PRJ-16563,
PMTR-58568
Anti-Malware Security Gateway may crash when certain traffic is handled during policy installation and the Anti-Virus Deep Scanning is enabled.
PRJ-19579,
PRJ-16924
Anti-Virus In rare scenarios, after downloading files, Anti-Virus prevent logs appear with "Strict hold is not possible failure - Write to other side occurred" error message.
PRJ-15944,
PRHF-12119
Anti-Bot In a rare scenario, Security gateway may crash after a match of the Anti-Bot blade.
PRJ-17640,
PRHF-12934
UserCheck In some scenarios, UserCheck agent notifications may be blocked.
PRJ-18699,
PRHF-12299
UserCheck When using the UserCheck agent, the original URL attribute variable $orig_url$ may appear on URL field of log details.
PRJ-19434,
PRHF-13987
SSL Inspection In rare scenarios, the DynamicID Certificate validation may fail.
PRJ-18957,
PRHF-13881
ClusterXL When MDPS is configured, the output of "cphaprob syncstat" may show unreadable characters for the speed of the sync interface.
PRJ-12589,
CLUS-1742
SecureXL NEW: Added support for Cluster AA/LS.
PRJ-16583,
PRHF-12716
SecureXL In some scenarios, traffic with the destination IP address as the broadcast address configured according to sk98810 is dropped.
- Gaia OS NEW: Added support for 1570R and 1600 / 1800 SMB appliances.
PRJ-16672,
PMTR-53960
Gaia OS UPDATE: CPView Network -> Top-Protocols and Network -> Top-Protocols tabs was added back. Refer to sk167903.
PRJ-17921,
PRHF-13451
Gaia OS "cphaprob -h" shows wrong explanation for "cphaprob show_bond [<bond_name>]" command.
PRJ-19330,
PRHF-14073
Gaia OS In some scenarios, login from data plane context fails (no connectivity to server).
PRJ-17714,
ROUT-954
Routing Security Gateway may stop forwarding the Multicast stream when PIM is configured on it. Refer to sk169774
PRJ-17856,
PRHF-13388
Routing In rare scenarios involving large AS paths, there may be a loss of BGP adjacency. Refer to sk170876.
PRJ-18026,
PRHF-13480
Routing SNMP queries for bgpPeerFsmEstablishedTime return an incorrect constant value. Refer to sk170074.
PRJ-18069,
PMTR-59437
VPN NEW: Added Remote Access VPN performance improvements.
PRJ-18667,
PMTR-60847
VPN NEW: Added Remote Access VPN performance improvement for USFW mode (User-Space Firewall).
PRJ-16432 VPN UPDATE: Added ability to fetch CRL with proxy in Site-to-Site VPN.
PRJ-17369,
PRHF-858
VPN DynamicID via SMTP does no work when an HTTP proxy server is defined.
PRJ-15742,
PRHF-12010
VPN In some scenarios, findSAByPeer does not validate the peer IP address for DAIP peer behind NAT.
PRJ-18764,
PMTR-61360
VPN In some scenarios, userspace cores may appear on Security gateways with enabled AES-GCM-256 and AES-256 VPN encryption. Refer to sk169417.
PRJ-20283,
PRHF-14543
VSX In some scenarios, SNMP v3 users are not recognized on VSX when SNMP is in VS mode. The 'Unknown user name' error message is displayed. Refer to sk170993.
PRJ-15859,
PRHF-7446
Endpoint Security An exception may be displayed in SmartEndpoint when uploading an offline group software deployment package. Refer to sk165852.
PRJ-16465,
PRHF-10929
Endpoint Security In some scenarios, content of the "User Name" tab in SmartEndpoint is displayed in wrong format.
PRJ-16317,
PMTR-58351
Endpoint Security Client may not be added automatically to a Virtual Group that was configured in the SmartEndpoint export package policy when deployment is done using dynamic package.
R80.40 Jumbo HotFix - General Availability Take 89 (01 December 2020, GA from 09 December 2020)
PRJ-18199,
PMTR-60885
CloudGuard IaaS UPDATE: Added new certificates for Microsoft Azure. For details, refer to this Microsoft article.
R80.40 Jumbo HotFix - General Availability Take 87 (5 November 2020, GA from 22 November 2020)
PRJ-15565,
PRHF-12170
Security Management NEW: In some scenarios, modifying or deleting objects in bulk may cause slowness in SmartConsole responses and long duration of operations. Ability to improve performance in such cases was added. Refer to sk135972.
PRJ-18769,
PRHF-13728
Security Management NEW: Improved FWM process performance during policy or database installation. 
PRJ-14597,
PMTR-48628
Security Management In some scenarios, Read-Only sessions appear twice in the Sessions view.
PRJ-16263,
PRHF-12488
Security Management Upgrade from R80.20 or R80.30 may fail if one of the objects does not have a creator.
PRJ-17043,
PMTR-59394
Security Management In rare scenarios, some objects may be locked and not available for editing. Refer to sk169772.
PRJ-16877 Security Management In rare scenarios, upgrade from R80.10 may fail with the "Consider using an AFTER trigger instead of a BEFORE trigger to propagate changes to other rows" message in the $MDS_FWDIR/log/postgres.elg file.
PRJ-16288,
PMTR-58215
Security Management On rare scenarios IPS or Application Control updates might get stuck on 70% and cannot be launched again until full restart of the Multi-Domain Management Server.
PRJ-18047,
PRHF-13462
Security Management In rare scenarios, a Management server may become inaccessible and requires a reboot. Refer to sk170634.
PRJ-13851,
PRJ-17073
Security Management In some scenarios, the Security Management Server's startup takes a very long time after editing or deleting many Administrators. 
PRJ-16288,
PMTR-58215
Security Management In rare scenarios, IPS or Application Control updates may stop at 70% and cannot be launched again until full restart of the Management server.
PRJ-16643,
PMTR-58309
Multi-Domain Management In some scenarios, Domain Management Server is shown in System Domain under Domains View even though it was deleted.
PRJ-17023,
PMTR-58167
Multi-Domain Management On Multi-Domain Management environment with Global VPN Community usage, policy installation mail fail with "Internal error" message after upgrade. Refer to sk169157.
PRJ-13796,
PMTR-43231
Multi-Domain Management In a Multi-Domain Server, domain-related processes may not start when the user runs "evstop" and then "evstart". 
PRJ-17070,
PMTR-59232
Multi-Domain Management In some scenarios, Domain appears in the System Domain without any Domain Servers.
PRJ-12246,
PRHF-10477
Multi-Domain Management In some scenarios, a Global Administrator connected to the Logging and Monitoring view in MDS cannot see auto-complete suggestions when typing in the logs search box. Refer to sk166752
PRJ-16313,
PMTR-57777
Multi-Domain Management After upgrade, a Global VPN Community object defined in the Global Domain is shown as "Unavailable" and a policy installation fails with "Internal error" message.
PRJ-17238,
PMTR-59666
Multi-Domain Management On Multi-Domain environments with multiple Multi-Domain servers connected in HA, operations such as "Log in" and "Reassign Global Domain" may fail due to high load on FWM process.
PRJ-13715,
PRHF-10802
Multi-Domain Management In some scenarios, when installing a policy from a local domain, while a policy installation initiated by the system domain is still in progress, policy installation invoked by the system domain fails. Refer to sk167692.
PRJ-16283,
PRJ-17123
SmartConsole NEW: Added ability for administrators to view, add, and delete licenses directly from SmartConsole.
  • Requires R80.40 SmartConsole Build 414 (or higher).
PRJ-18775,
PMTR-59827
SmartConsole In some scenarios, FWM and CPD processes may consume high CPU due to large number of Security Management/Security gateway objects in the policy. Refer to sk170256.
PRJ-16861,
PMTR-58850
SmartConsole New cluster member's IP address may disappear from the "Network Management" view when changing cluster interface type to "Private".
PRJ-17880,
PMTR-60559
SmartConsole In Global Properties under Stateful Inspection tab, the "TCP end timeout (R80.20 and higher gateways)" option does not support values higher than 60 seconds.
  • Requires R80.40 SmartConsole Build 414 (or higher).
PRJ-17003,
PMTR-48331
SmartConsole When using SmartConsole CLI, the application may unexpectedly terminate if the input has quotation marks that are not closed. 
PRJ-9661,
PRHF-8304
SmartConsole In rare scenarios, Access policy installation may be incorrectly blocked. A verification incorrectly states that HTTPS Inspection rules do not contain 'Any' or 'Application/Site' objects in the Site Category column, even though they do.
PRJ-16062,
PRHF-12395
SmartConsole In some scenarios, certain Gateways do not appear in the IPS Core protections list. Refer to sk168474
PRJ-15999,
PRHF-11455
SmartConsole When fetching the LDAP server SSL fingerprint on Global Domain, the operation is nоt finished.
PRJ-17822,
PRHF-11377
SmartConsole In some scenarios, Network Objects are missing in Implied Rule for Mail Transfer Agent. 
  • Requires R80.40 SmartConsole Build 414 (or higher).
PRJ-16468,
PRHF-11438
SmartConsole Update corporate Gateway procedure takes a long time and may cause login issues and general slowness in the Provisioning GUI. 
PRJ-17273,
PRHF-13080
SmartConsole On Multi-Domain environments, some hardware types may be missing from the hardware selection in the gateway editor. Refer to sk169354.
PRJ-16891,
PMTR-59093
SmartView In SmartView, after adding a new page to a report, the preview page appears to have no data although it has (this data appears in the Edit Mode).
PRJ-16433,
PMTR-53663
SmartView In SmartView's GDPR Report, some of the text appears in German although the selected language is not German.
PRJ-16999,
PMTR-59317
Logging UPDATE: Added ability to filter Threat Prevention and Endpoint logs by file size on a Log server machine via Logs & Monitor view in SmartConsole.
PRJ-13350,
PMTR-54708
Logging In some scenarios, when the user configures the log exporter filter with the “cp_log_export” command (action, origin, product), the filter is not configured properly according to the used format.
PRJ-13623,
PRHF-11057
Logging Leef format is not certified with IBM causing the following issues:
  • Wrong header and wrong value in "cat" field.
  • Duplicate product values in "cat" field.
  • Exported logs contain fields with the same name.
Refer to sk170199.
PRJ-17008,
PMTR-55179
Logging In some scenarios, the "CGsoapSessions::AuthenticateSession failed, session is not authenticated" message may appear in mds.elg or fwm.elg file. Refer to sk152933.
PRJ-17195,
PMTR-58600
Security Gateway NEW: Added additional statistics to HTTP/2 in CPView.
PRJ-15830,
PMTR-57650
Security Gateway In rare scenarios, the "ERROR: dns_reverse_prepare_response_uuids: hash create failed" error is printed to dmesg.
PRJ-19003,
PRHF-13892
Security Gateway In some scenarios, when using routing separation, connection from data plane to management plane is dropped.
PRJ-17313,
PMTR-59182
Security Gateway In rare scenarios, Security Gateway memory consumption may increase.
PRJ-16912,
PMTR-59141
Security Gateway In some scenarios, a timeout occurs when the user enables resource separation via Clish. Refer to sk170372.
PRJ-17088,
PRHF-13025
Security Gateway When using a routing separation, syslogd does not move to the management plane.
PRJ-11293,
PRHF-8491
Security Gateway Unused OIDs may appear in SNMP MIB file.
PRJ-14262,
PRHF-11784
Security Gateway In some scenarios, wrong (too big) SNMP values are displayed when running SNMP query.
PRJ-17128,
PMTR-58427
Security Gateway In rare scenarios, Security Gateway memory consumption may increase.
PRJ-16923,
PMTR-59080
Security Gateway In some scenarios, "misp_rulematch_outgoing: fw_update_routing_opq_out_ifn failed" error appears in dmesg.
PRJ-17703,
PMTR-55080
Security Gateway In rare scenarios, policy installation fails with "gen_rpc_service_inspect_func: service mismatch in service_arr" error message.
PRJ-16090,
PRJ-13567
Security Gateway In some scenarios, policy installation fails with "Error code 0-2000121".
PRJ-17133,
PRHF-12530
Security Gateway In a rare scenario, the proxy arp table is not generated.
PRJ-13261,
PRHF-9930
Security Gateway In a rare scenario, traffic is dropped with the "[ERROR]: up_handle_get_matched_service_clob: no clob list on handle for type SERVICE;" error in dmesg.
PRJ-16666,
PRHF-12727
Security Gateway Security Gateway running in USFW mode (User-Mode Firewall) may crash with fwk core dump. Refer to sk169119.
PRJ-17606,
PRHF-1162
Internal CA In some scenarios, manual edit of user's certificate expiration period does not take effect. Refer to sk143292.
PRJ-16289,
PMTR-58322
VoIP NEW: Added support for HopCount field in H323 protocol. Refer to sk169513.
PRJ-16185,
IDA-3176
Identity Awareness In some scenarios, the Identity Broker Subscriber may crash.
PRJ-12546 Identity Awareness In some scenarios, there may be enforcement issues due to database corruption in PDP kernel tables.
PRJ-14484,
PMTR-55920
Identity Awareness SAML (Security Assertion Markup Language) groups mode configuration (pdp idp group status) is not saved after an upgrade.
PRJ-17200,
PMTR-59565
HTTPS Inspection In a rare scenario, a connection remains open after it is closed by the server, and the web browser may load a page for a long time.
PRJ-12561,
PRHF-8940
Anti-Malware In some scenarios, users may fail to access a web site with many malicious URLs.
PRJ-13200,
IPS-898
Anti-Malware Security Gateway may crash when trying to access a site encoded with Base64.
PRJ-15977,
PMTR-57915
UserCheck In some scenarios, the UserCheck daemon usrchkd may stop working. 
PRJ-17345,
PMTR-59871
ClusterXL When 40000/60000 device is located on the same network segment (same VLAN, same switch) with ClusterXL environment, the cluster states can flap non-stop between the READY and ACTIVE on all cluster members causing outage.
PRJ-18534,
PMTR-61276
SecureXL In rare scenarios, when a Wire-Mode is configured on a community, it may cause a Security gateway from another community not to accelerate connections in SecureXL.
PRJ-17451,
PRHF-13029
SecureXL In some scenarios, CPView may show incorrect statistics for VPN encrypted/decrypted packets.
PRJ-9564,
PRHF-9919
SecureXL In a rare scenario, Security gateway may crash when the Drop Template feature is enabled.
PRJ-16534,
PMTR-54703
Routing UPDATE: User does not have to enable logging/accounting in SmartConsole to generate the Netflow records. New ‘NetFlow Firewall rule’ option was added to configure NetFlow to report per Firewall rule by turning it on and enabling Log/Accounting per rule. 
PRJ-15820,
PRHF-12144
VPN NEW: Performance improvement of VPN tunnel when using SHA-384. Refer to sk168336.
PRJ-16866,
PMTR-55844
VPN Software Blade name inconsistency between login and logout logs of an SNX client.
PRJ-15554,
PMTR-55281
VPN In some scenarios, the VPN IKEv2 tunnel establishment with LSV peer fails.
PRJ-10035,
CRYPTOIS-661
VPN In some scenarios, Security Gateway Portals and Remote Access VPN clients show wrong certificate after certificate renewal. Refer to sk131212.
PRJ-17330,
PRHF-12973
VPN Added VPN IKEv2 improvements.
PRJ-17002,
PRHF-12828
VPN Connectivity issue may appear between Check Point Gateway and 3rd party device in MEP DPD configuration when 3rd party device is defined as Central Gateway in MEP. Relevant error message: "Failed to resolve VPN MEP gateway".
PRJ-16442,
PMTR-56799
VPN In some scenarios, the VPN tunnel status is displayed as "Up - Phase1" in SmartView Monitor although both phase1 and phase2 are up. Refer to sk169121.
PRJ-16722,
PMTR-57565
VPN Remote Access potential connectivity issue when there are more than 1 external interfaces.
PRJ-13095,
PRHF-11004
VPN RADIUS packet sent by Security gateway, may show the Framed-IP-Address field in the reverse order. Refer to sk167361.
PRJ-12771,
PRHF-10314
VPN In some scenarios, RADIUS authentication may take more than five minutes to be fulfilled with Endpoint Clients, reaching connection timeout on the Gateway side.
PRJ-16661,
PMTR-52654
VPN Connectivity issue may appear between Check Point Gateway and 3rd party device when using Encryption Domain per Community.
PRJ-15466,
PMTR-56502
Gaia OS "show asset" command shows the Network card model CPAC-4-1C instead of CPAC-4-1C-L.
PRJ-19050,
PRHF-13949
Gaia OS In some scenarios, when using routing separation, modifying interface IP address fails.
PRJ-14315,
PRHF-11752
Gaia OS In rare scenarios, gateway uptime in SmartConsole may show an abnormally high number. Refer to sk167937.
PRJ-17612,
PMTR-49489
Gaia OS Several features are duplicated (both in WebUI and Clish) in RBA roles configuration/settings.
  • This is a cosmetic issue.
PRJ-16265,
PMTR-55837
Gaia OS Multi-Queue IRQ affinity is set incorrectly for i40e and MLX interfaces.
PRJ-13459,
EPS-28607
Endpoint Security NEW: Added ability to enable developer protection feature.
  • Requires R80.40 SmartConsole Build 414 (or higher).
PRJ-16600,
PRHF-12083
Endpoint Security In some scenarios, Policy server stops syncing with the Endpoint Security Server. Refer to sk168912.
PRJ-14225,
PMTR-56231
Endpoint Security Push operation may not go through to client due to continuous sync requests.
PRJ-16569,
PRHF-10695
Endpoint Security Incorrect time interval for checking RSA key generation may cause message flooding the logs.
PRJ-16892,
PRHF-12888
CloudGuard IaaS CloudGuard Controller imports only the first 50 NSX-T groups. Refer to sk169133.
PRJ-17750,
PMTR-60322
CloudGuard IaaS In some scenarios, userspace cores may appear on CloudGuard for Azure Gateways with VPN enabled and using AES-GCM-256 and AES-256. Refer to sk169417.
R80.40 Jumbo HotFix - General Availability Take 83 (04 October 2020, GA from 25 October 2020)
PRJ-8954,
MCFG-246
Upgrade Tools Upgrade from R80.10 to R80.40 may fail with messages related to cmsobfuscationkey. Refer to sk168933.
PRJ-15610,
PMTR-57447
Security Management NEW: Added ability to run Management REST API on a Multi-Domain Log Server.
PRJ-16147,
PMTR-58152
Security Management NEW:
  1. The "cma_migrate" command will continue working if the SSH connection with the Multi-Domain Server was lost.
  2. If the user presses "Ctrl+C" while cma_migrate is running, the user will be asked whether to stop cma_migrate or to continue.
PRJ-15501,
PMTR-56638
Security Management NEW: The $MDS_FWDIR/scripts/cpm_status.sh script will show if the CPM process fails to start.
PRJ-15497,
PMTR-57275
Security Management $MDS_FWDIR/scripts/solr_start.sh script may fail to start Solr Cure if sk123417 is applied.
PRJ-16876,
PRHF-12879
Security Management In some scenarios, sessions that were opened for the third parties or automatic scripts that use Management API, remain open. Refer to sk169072.
PRJ-11704,
PRHF-9017
Security Management The Purge Revisions operation may not clean deleted objects of previous revisions
PRJ-14297,
PRHF-11704
Security Management In rare scenarios, High Availability sync fails with "NGM failed to import data" error after the user deletes a Permission Role. 
PRJ-13463,
PMTR-54975
Security Management In rare scenarios, Install Policy Presets are not triggered.
PRJ-14492,
SMCUPG-1384
Security Management In some scenarios, migrating two different Security Management Servers to domains in the same Multi-Domain Management Server fails. 
PRJ-13919,
MCFG-242
Security Management In some scenarios, exporting the Security Management Server in order to migrate it to Domain in Multi-Domain Environment fails.
PRJ-13613,
PRHF-11300
Security Management In rare scenarios, the "where-used" API command fails with "Management server failed to execute command" error.
PRJ-13727,
PMTR-55574
Multi-Domain Management NEW:
  • Global object deletion will be blocked if used in Domains on the Multi Domain Server. 
  • The "Unused Objects" filter in the Global Domain will show objects only if not used by all of the Domains on the Multi-Domain Server. 
PRJ-14455,
PRHF-11940
Multi-Domain Management Policies may disappear from the Global Domain Assignments view after running the Solr Cure utility. Refer to sk168060.
PRJ-15720,
PRHF-12271
Multi-Domain Management When the user attempts to add/change the Leading Interface through mdsconfig, it may fail with the "no external interfaces found on this machine" error. Refer to sk168319
PRJ-16427,
PMTR-58559
Multi-Domain Management Management HA incremental synchronization may break on the MDS level with "failed to import data" error message due to an operation related to the Compliance Blade.
PRJ-16438,
PRHF-12236
Multi-Domain Management After upgrading a Multi-Domain Management Server, the object version of the Domain Management Servers or Domain Log Servers in the MDS SmartConsole may not have changed.
PRJ-17307,
PMTR-59799
Multi-Domain Management In rare scenarios, the fwm process may stop working and fail the Multi-Domain Management server upgrade.
PRJ-15972,
PRHF-10916
SmartConsole Global Policy reassign in MDS may fail with "An internal error has occurred" message after adding overrides to Snort protections.
PRJ-15372,
PMTR-57065
SmartConsole The user may not be able to delete objects that are referenced by a previously deleted policy. Refer to sk122954.
PRJ-16091,
PMTR-55032
SmartConsole The "Get Interfaces" operation fails when admin creates a new cluster and decides to remove one of the members before he selects "Get Interfaces".
PRJ-13906,
PMTR-54935
SmartConsole In some scenarios, when working with older applications like SmartView or SmartProvisioning, the admin count in SmartConsole presents an incorrect number of connected admins.
PRJ-16342,
PMTR-58390
SmartConsole Setting or creating HTTPS layer (add-https-layer) with the "shared" parameter using the API may fail with the "Unrecognized parameter [shared]" error.
PRJ-12855,
PRHF-10453
SmartConsole Hit count data may not be deleted automatically.
PRJ-13456,
PRHF-10952
SmartConsole In some scenarios, Management API commands with "details-level":"full" Payload return a truncated output and fail to complete. Refer to sk170414.
PRJ-15482,
PMTR-39061
SmartProvisioning In some scenarios, when the user installs policy on R77.30 Central Office Security Gateway from Management version R80 and higher, VPN tunnels may be dropped for LSM Gateways. 
PRJ-13171,
PRHF-9994
Compliance Compliance Partial Scans in Multi-Domain environments using Global Policies may lead to SmartConsole freeze or long publish times. Refer to sk170562.
PRJ-13562,
PMTR-53242
Logging In rare scenarios, the evstop script does not stop all logging processes. As a result, upgrade procedures may hang and show no progress.
PRJ-14357,
SL-4323
SmartView In SmartView, when the user sends a generated report via email in a language with non-standard English letters (Accented, Cyrillic, Chinese, Japanese, etc), some of the text may appear as question marks (?). 
PRJ-14362,
PMTR-54723
SmartView In SmartView, the icon is missing from the cover page of Compliance and Content Awareness PDF reports.
PRJ-12208,
PMTR-52793
Security Gateway UPDATE: Added the latest fixes and security improvements to OpenSSL.
PRJ-16624,
PMTR-58538
Security Gateway Updated Dynamic Balancing Clish commands. Refer to sk164155.
PRJ-16995,
PMTR-59154
Security Gateway In some scenarios, Dynamic Balancing is unable to configure MQ setting for some interfaces.
PRJ-16401,
PRHF-12631
Security Gateway When using Management Data Plane Separation (MDPS), schedule backup may fail.
PRJ-14126,
PMTR-56181
Security Gateway In some scenarios, compilation errors during policy installation are ignored instead of immediately failing the policy. This may cause drops on the Security Gateway.
PRJ-14634,
PRHF-12058
Security Gateway In rare scenarios, Security Gateway memory consumption may increase.
PRJ-15633,
PMTR-57462
Security Gateway In a rare scenario, Security gateway may crash due to NULL pointer reference.
PRJ-13346,
PRHF-8408
Security Gateway In a rare scenario, the FWD process opens connections to port 111. 
PRJ-13888,
PRHF-9759
Security Gateway An interface name with more than 15 characters may cause the policy installation to fail. Refer to sk167955.
PRJ-15841,
PRHF-12221
Security Gateway ICAP block page displays virus name as "Unknown" instead of the virus name as it appears in the logs.
PRJ-16406,
PRHF-12305
Security Gateway In some scenarios, when VPN blade or ISP Redundancy are used, traffic may be routed to the wrong interface. Refer to sk168881.
PRJ-16159,
PMTR-58124
Security Gateway In a rare scenario, Security Gateway may crash after policy installation.
PRJ-12947,
PRHF-10972
Security Gateway After policy installation, the output of the "cphaprob stat" command may show "HA module not started" when a large number of non-monitored Cluster interfaces are configured in SmartConsole.
  • This fix adds support for multiple non-monitored interfaces in SmartConsole.
PRJ-15771,
PMTR-57606
Security Gateway In some scenarios, DNS protections configured on inspection settings may not be enforced.
PRJ-14449,
PMTR-10041
Security Gateway In some scenarios, large number of interfaces defined on Security gateway may cause high CPU utilization by CPD process. Refer to sk168674.
PRJ-9849,
PRHF-7150
Security Gateway In some scenarios, SCCP traffic may be dropped by the Security Gateway. Refer to sk108124.
PRJ-17223,
PMTR-59359
Security Gateway Enabling both Dynamic Balancing and MDPS causes Dynamic Balancing to stop.
PRJ-17097,
PMTR-59478
Security Gateway In rare scenarios, Dynamic Balancing fails to start after boot due to state verification failure.
PRJ-15849,
PMTR-57739
Security Gateway SXL drop due to routing configuration when using security zone on bridge (layer2).
PRJ-17421,
PMTR-54539
Threat Emulation,
Security Gateway
In a rare scenario, Threat Emulation and 2 core appliances may freeze. Refer to sk169575.
PRJ-16107,
PRHF-12463
URL Filtering In some scenarios, there may be sporadic connectivity issues in the Anti-Malware/URLF service (RAD). 
PRJ-15689,
PRHF-12067
HTTPS Inspection In some scenarios, web traffic may be blocked with "Content Awareness - Error: Internal system error (1000)" error log.
PRJ-14543,
PMTR-56472
HTTPS Inspection In some scenarios, а CRL timeout may occur, which may cause slowness in HTTPS Inspection. Refer to sk169876.
PRJ-15800,
PMTR-57645
IPS In some scenarios, invalid characters are sent to gw-stat report.
PRJ-15581,
PRHF-9645
Application Control In some scenarios, deprecated applications are not removed/replaced during an upgrade from R77.30 to R80.x. Refer to sk131372.
PRJ-11730,
PMTR-52415
Anti-Malware In some scenarios, custom intelligence feeds with URL encoding characters may not be parsed correctly. Refer to sk168077.
PRJ-14067,
AVIR-1090
Anti-Malware In rare scenarios, Security Gateway may crash due to memory allocation failure.
PRJ-16500,
PMTR-58709
Anti-Malware In rare scenarios, Security Gateway crashes during CIFS traffic when the Anti-Virus blade is in Hold mode and the CIFS feature is enabled for Anti-Virus or Threat Extraction (see sk101606). 
PRJ-15540,
PMTR-54954
Mobile Access Mobile Access Secure Workspace feature does not work with SAML/IDP-based authentication when running Secure Workspace is optional.
PRJ-14652,
PMTR-56622
Mobile Access The Mobile Access Blade's portal dialog for editing web application SSO credentials may not work correctly.
PRJ-16998,
PRJ-16965
Mobile Access Mobile Access portal may become unresponsive after Jumbo Hotfix uninstallation. Refer to sk169152.
PRJ-17446 Mobile Access Mobile Access Blade may fail to install on VSX environments due to a missing configuration file. 
PRJ-16681,
PRHF-12714
SecureXL In a rare scenario, Security gateway may crash when receiving packets from an MDPS management interface.
PRJ-14463,
PRHF-4457
SecureXL In a rare scenario, the Security Gateway may crash when deleting certain non-TCP connections.
PRJ-10498,
PMTR-50926
SecureXL In some scenarios, SecureXL makes an offload decision to not accelerate multicast traffic for route-based VPN.
PRJ-15902,
PRHF-12374
SecureXL An asymmetric routing issue may occur between a Virtual System and a Virtual Switch/Router.
PRJ-15485,
PMTR-54930
Routing BGP fails to establish with high MTU setting on Gaia 3.10.
PRJ-15393,
PRHF-11950
Routing A TCP connection between cluster master and slave may flap on OSPF attempt to delete a non-Max-Aage LSA.
PRJ-16575,
SPC-3089
Routing In some scenarios, the routed daemon may stop working with BGP.
PRJ-14407,
PMTR-54728
VPN Connectivity improvements for Remote Access VPN with L2TP.
PRJ-15534,
PMTR-56073
VPN The "vpn tu tlist" command shows the wrong number of clients connected in Visitor mode.
PRJ-10953,
PRHF-8923
VPN In some scenarios, VPN tunnel connection is dropped with "no MSA for MSPI" error. Refer to sk167393.
PRJ-15331,
VPNRA-379
VPN In some scenarios, Remote Access VPN traffic may be dropped when XFF is enabled.
PRJ-15322,
PMTR-48973
VPN In some scenarios, using LS/HA mode on a VPN tunnel may cause packets to be dropped. Refer to sk160612.
PRJ-14576,
PMTR-54771
VPN IP compression may not work in some scenarios when IKEv2 is configured.
PRJ-15622,
PMTR-57459
VPN Access Roles with MAB SNX as the client type may not work.
PRJ-11052,
PRHF-7972
VPN Improved NAT Detection with 3rd party peers in IKEv1 and IKEv2. Refer to sk165003.
PRJ-16211,
VPNRA-469
VPN Stability improvement for Remote Access VPN.
PRJ-15467,
PMTR-46467
VPN When IKEv2 is configured, traffic that originated from the DAIP external interface may fail to pass. 
PRJ-15838,
PMTR-40895
VPN When a Gateway does not recognize the SPI, it sometimes sends the "Invalid SPI" notification in clear. As a result, the peer may ignore it, resulting in an outage.
PRJ-16015,
PMTR-55514
VPN In rare scenarios, Remote Access clients may not be able to re-connect after a failover. 
PRJ-15996,
PRHF-11856
Gaia OS NEW: Added Multi-Queue (MQ) support for Sync interface.
PRJ-14591,
PRHF-12060
Gaia OS Reduced the logging of vague messages when the user adds a known host in Clish.
PRJ-12864,
PMTR-51379
Gaia OS Creating LOM users for Smart-1 525/625/5050/5150 appliances may fail if the username length is shorter then 4 characters. 
PRJ-11861,
PRHF-9702
Gaia OS It is not allowed to create usernames with reserved words, such as 'eval', 'apply' etc., in the middle of the username in WebUI. Refer to sk170681.
PRJ-11994,
PRHF-10312
Gaia OS In rare scenarios, a snapshot creation may fail. 
PRJ-12741,
PMTR-51157
Gaia OS Restore backup may fail due to unmatched upgrade tools. 
PRJ-17321,
PMTR-58887
Gaia OS Certain Clish commands, like "show interfaces all", may cause confd to crash. Refer to sk170324.
PRJ-16922,
PRHF-12593
Gaia OS In a rare scenario, the "Allowed-clients" feature does not work as expected for SSH.
PRJ-13942,
PRHF-11368
Gaia OS In some scenarios, when the RADIUS user enables bash logging (as per sk99134) and moves to expert mode, the username in the log files appears as admin instead of RADIUS.  
PRJ-16080,
PMTR-57581
Gaia OS In some scenarios, when the user tries to return to the factory default, the machine reverts to a different snapshot. 
PRJ-16567,
PRHF-12526
Gaia OS In the Management Data Plane Separation (MDPS) environment, the output for the "show asset network" command may not report some line cards if they have mixed management/data plane interfaces.
PRJ-10079,
PMTR-50675
Gaia OS When enlarging the partition via lvm_manager from a small partition to a larger partition, the user may reach an internal filesystem settings limit. As a result, some filesystem monitoring commands stop working. 
PRJ-15861,
PMTR-57779
Gaia OS "... Error I40E_AQ_RC_EINVAL adding RX filters on PF..." error may appear during i40e driver operation and RSS key may be reset during certain driver operations.
PRJ-11130,
PMTR-51775
Gaia OS Setting LACP rate does not survive a reboot on Gaia 3.10.
PRJ-15600,
PRHF-11404
Endpoint Security Gaia backup with Endpoint Management may miss some information from the Endpoint database. Refer to sk168062.
PRJ-16474,
PRHF-11087
Endpoint Security "An unexpected error occurred" message may appear when the user clicks on 'View Current Status' in SmartEndpoint's 'Overview' tab. Refer to sk167176.
PRJ-15423,
PMTR-57126
CloudGuard IaaS NEW: Added support for VMware vCenter version 7 to CloudGuard Controller.
PRJ-12838,
PMTR-53868
CloudGuard IaaS NEW: Added new AWS regions af-south-1, ap-northeast-3, and eu-south-1. 
PRJ-16019,
PRHF-12425
CloudGuard IaaS In some scenarios, CloudGuard Controller may lose connection to GCP projects. Refer to sk168499.
PRJ-16254,
PRHF-12538
CloudGuard IaaS Scanning of GCP Data Center may fail when instance does not have disks.
PRJ-12185,
VSECC-1293
CloudGuard IaaS CloudGuard Controller may sometimes update the Standby cluster member in VSLS mode.
PRJ-16223,
PRHF-12510
CloudGuard IaaS Azure Data Center scan may fail and no updated are sent to the Security gateway.
PRJ-15355,
STRM-152
QoS In some scenarios, QoS Policy installation fails with the following message: "Error - QoS Policy does not apply to any network interface. Please edit your Network Object and check the interfaces you wish to install on" when policy is defined properly on the interface.
R80.40 Jumbo HotFix - General Availability Take 78 (26 August 2020, GA from 9 September 2020)
PRJ-13962,
PMTR-55974
Security Management NEW: Added the ability to purge revisions automatically based on user configuration. Refer to Automatic Purge Documentation.
PRJ-12308,
PMTR-48736
Security Management NEW: Added enhancements for CPM Monitor Tool:
  • Compatibility of file names between Linux and Windows.
  • Better and more readable resources consumption report.
  • All data is wrapped into a single tgz file, for better handling.
PRJ-14645,
PRHF-11983
Security Management NEW: Solr server process is restarted automatically if it is not responsive for a long time.
PRJ-13809,
PMTR-55860
Security Management Publish operation of hundreds of changes may take a long time to complete.
PRJ-16195,
PRHF-9260
Security Management When running the 'show-access-rulebase' API command with filter, and the selected layer is an inline layer, rules of the inline layer are not returned even though they match the search criteria.
PRJ-11491 Security Management Access Policy installation may remain on Multi-Domain Server with Global Policy assigned when there is Inline layer usage and APPI/DA/Mobile Access blade is enabled. Refer to sk166676.
PRJ-13319 Security Management Upgrade from R80.10 may take many hours when there are hundreds or more Administrators and dozens or more Permission Profiles defined.
PRJ-13920 Security Management In Multi-Domain environments with High Availability, if the Management Server is stopped while there is a Purge Revisions operation in progress, the server may fail to start again. Refer to sk168175.
PRJ-13167,
PMTR-53758
Security Management When an administrator enters a very long text into an object field (more than 32767 characters), the Security Management Server terminates and fails to start. 
PRJ-13049,
PRHF-11033
Security Management After the user adds new Threat Indicators, Management HA may fail with "NGM failed to import data" error. Refer to sk167156
PRJ-15459,
PRHF-6093
Multi-Domain Management Policy Installation may fail due to an internal error in an MDS environment where there is a Global Dynamic object usage inside Networks Groups with a depth that is higher than 2-level (group inside a group).
PRJ-14096,
PMTR-56164
SmartConsole NEW: Added new API version (1.6.1). The new version includes useful new commands. For more information, refer to the Management API Reference.
PRJ-13008,
PRHF-10998
SmartConsole In the Management API, the "show objects" command with details-level full may return the "ip-address" field even if it is empty.
PRJ-14290,
PMTR-53220
SmartConsole If there are thousands (or more) of unused objects, the "show unused-objects" API command and the Unused Objects view may load and work very slowly. Also, the load on the Management server will increase, causing general slowness when working with SmartConsole.
PRJ-14532,
PMTR-55130
SmartView In some scenarios, when the user attempts to download a DLP attachment from the log card in SmartView, the download does not start.
PRJ-12705,
PRHF-10295
SmartView The SmartView Timeline may be distorted when logs contain an empty value for the field specified in the “Series” settings and when the Legend is enabled. Refer to sk167095.
PRJ-12099,
PMTR-52324
Logging NEW:
  • Added Management API command "show logs" to query logs.
  • Added Management API command "get attachment" to fetch attachments from logs by log ID and attachment ID.
PRJ-14049,
PRHF-11502
Logging In some scenarios, the command "cp_log_export status" prints "last log read at: N/A" rather than a timestamp.
PRJ-14372,
PRHF-10818
Security Gateway UPDATE: Reduced CPU usage in some configurations by parsing TLS traffic only when required by the policy. See sk166700 for more information.
PRJ-14007,
PRHF-11326
Security Gateway In some scenarios, ESP traffic may be dropped with "fwconn_key_init_links (INBOUND) failed" message. Refer to sk167973.
PRJ-13678,
PMTR-53479
Security Gateway In some scenarios, dmesg shows "up_manager_perform_action: up_manager_resume_chain failed" error messages when span port is configured.
PRJ-8049 Security Gateway When running 'fw6 ctl affinity -l' command, the IPv6 instances are not displayed.
PRJ-13267,
PMTR-54226
Security Gateway Occasional slowness while browsing to HTTP/2 sites when Security Gateway is enabled as an explicit Proxy.
PRJ-13696,
PMTR-55510
Security Gateway Proxy arp change is applied only after the second policy installation.
PRJ-14217,
PMTR-56300
Security Gateway In a rare scenario, the Security gateway may crash if the rulebase contains a logical server object.
PRJ-11752,
PMTR-52426
Security Gateway Citrix file download may fail when the Mobile Access blade is enabled.
PRJ-11417,
PRHF-9776
Security Gateway In some scenarios, NAT log shows source port 0 even though a port was allocated.
PRJ-13382,
PMTR-54897
Security Gateway In some scenarios, Security gateway generates an ICMP error with wrong IP address. Refer to sk167953.
PRJ-13631,
IDA-2683
Identity Awareness NEW: Added the ability to filter sessions by session's owner and immediate publisher in Identity Broker.
PRJ-9494,
PMTR-49855
Identity Awareness UPDATE: SAML configuration optimizations of policy installation flow.
PRJ-12565,
IDA-2983
Identity Awareness PDP may consume high CPU during policy installation because of a large amount of Access Roles.
PRJ-10818,
PMTR-51543
Identity Awareness In a rare scenario, a memory leak may appear in case of LDAP query failure on Identity Collector automatic group update.
PRJ-8713,
PRHF-7978
Identity Awareness In some scenarios, Dynamic ID authentication fails when SMS server returns HTTP status code 2xx but not 200 or 202.
PRJ-13516,
PMTR-55246
Identity Awareness In some scenarios, a XFF allowed proxy list is enforced only for instance 0 in VSLS environment after VS has transitioned from Backup to Active.
PRJ-13702,
PRHF-561
Identity Awareness In some scenarios, when the user changes the TACACS+ server to a different one, the configuration is applied only after an MDS reboot. 
PRJ-12503,
PRHF-10481
Identity Awareness In some scenarios, Identity Awareness counters in cluster environments show zero. 
PRJ-11484,
PMTR-40495
SSL Inspection DynamicID authentication may fail due to server certificate validation failure. Refer to sk167177.
PRJ-11511,
SMB-12153
SSL Inspection In some scenarios, there may be SSL Inspection issues in cluster environments on 1500 Series Security Gateways. Refer to sk170218.
PRJ-10663,
PRHF-9289
Anti-Malware In some scenarios, a "Feed Error" message appears when the user fetches a Custom Intelligence Feed. Refer to sk165932.
PRJ-12809,
PMTR-51013
Threat Emulation In a rare scenario, files are not uploaded for Threat Emulation or Threat Extraction inspection.
PRJ-14224 ClusterXL In some scenarios, SmartConsole shows ClusterXL status as "is not responding". Refer to sk168187
PRJ-14612,
PRHF-7700
SecureXL UPDATE: Added a global variable that enables log for packets that include unapproved IP option. This variable is off by default.
PRJ-14514,
PRHF-10860
SecureXL In a rare scenario, a VSX gateway with Virtual Switch may crash.
PRJ-13414,
ACCHA-301
SecureXL DECnet DIGITAL Network Architecture (Phase IV) traffic may be dropped. Refer to sk167202.
PRJ-13763,
PMTR-55537
SecureXL Security Gateway may crash when concurrent connection rules exist in the DOS/Rate limiting policy and the Application Control blade is enabled.
PRJ-14079,
PMTR-56026
SecureXL For some topologies, RIPV2 neighbors may be missing. Refer to sk167934
PRJ-12254,
PMTR-23165
Mobile Access In some scenarios, Mobile Access end-users become disconnected from their Citrix sessions after policy installation.
PRJ-13730,
PMTR-54159
Mobile Access In some scenarios, Web application SSO credentials are not displayed correctly in the 'Credentials' dialog when the application's destination hostname is configured as an IP address.
PRJ-14435,
PMTR-53221
Gaia OS NEW: Added support for CPAC-4-10-AB cards.
PRJ-14596,
PMTR-55036
Gaia OS NEW: Added Multi-Queue (MQ) support for Management interface.
Note: Enabling both Dynamic Balancing and MDPS causes Dynamic Balancing to stop.
PRJ-13642,
PMTR-54518
Gaia OS NEW: The i40e driver version was upgraded to improve performance.
PRJ-13011,
PMTR-54188
Gaia OS RX/TX ring size may reset when changing queue settings.
PRJ-15424,
PMTR-57108
Gaia OS Gaia API Service is offline after upgrade to R80.40.
PRJ-13480,
PMTR-55154
Gaia OS Intake and outlet temperature sensors display incorrect values on 15400 appliance. 
PRJ-12513 Gaia OS In some scenarios, due to backup compression errors, restoring a backup does not restore all files.
PRJ-13719 Gaia OS In some scenarios, a snapshot creation may fail.
PRJ-10352,
PRHF-8760
Gaia OS In rare scenarios, clish consumes 100% CPU when the user runs a Tenable scan. Refer to sk166195.
PRJ-14402,
PRHF-11683
Gaia OS In some scenarios, the snapshot creation fails because of compression errors.
PRJ-13926,
PMTR-54829
Routing UPDATE: Increased the configuration limits of the BFD timers for detect multiplier, minimum RX interval, and minimum TX interval to 255, 255000, and 255000, respectively.
PRJ-13979,
PRHF-11680
Routing UPDATE: The logging of "aspath-regex" and "community-regex" routemap fields is now disabled by default and can be enabled through the trace log.
PRJ-11805,
VPNRA-357
VPN In some scenarios, an incorrect IPSec counter may be displayed with cpstats / SmartView Monitor / SNMP in a ClusterXL environment. Refer to sk167297.
PRJ-14074,
VPNRA-404
VPN When Security gateway is behind NAT and its main IP address is configured to NAT IP, Client may disconnect when using Visitor Mode.
PRJ-14244,
PRHF-7995
VPN VPN traffic may be dropped when working with peer behind NAT - Hide NAT with Port Translation. 
PRJ-13408,
PMTR-54443
VPN In rare scenarios, the Global Domain Assignment view shows that a Global Domain Assignment is in the 'up to date' state even though it is not. 
PRJ-14075,
VPNRA-417
VPN When using Visitor Mode, Endpoint Client behind NAT disconnects after 20 seconds when his private network overlaps with some network in the Encryption Domain.
PRJ-15437,
PRHF-12039
VSX VSs load up in parallel from boot/after cpstart from VS0.
PRJ-14151,
PRHF-11651
Endpoint Security In some scenarios, no audit logs are shown regarding object changes in SmartEndpoint virtual groups and FDE pre-boot users. Refer to sk167907.
PRJ-14133,
PRHF-7699
Endpoint Security In some scenarios, the user cannot get an FDE Offline Management File (cpomf) for an offline group in SmartEndpoint if this group or a directory in its path has special characters \ _ %. 
R80.40 Jumbo HotFix - General Availability Take 77 (18 August 2020, GA from 25 August 2020)
PRJ-16351,
PRJ-14399
Security Gateway Updated dependencies of internal OS packages during Security Gateway installation.
PRJ-16314,
PMTR-55189
Gaia OS In some scenarios, Cluster does not recognize bond slaves.
R80.40 Jumbo HotFix - Ongoing Take 74 (05 August 2020)
PRJ-10159,
PRHF-8586
Logging "UserCheck Reference ID” field is missing from logs when the message of the UserCheck customized page is modified and does not contain the text "reference:". Refer to sk165355.
PRJ-13589,
PRHF-11311
Security Gateway In a rare scenario, Security Gateway may crash during policy installation.
PRJ-15983 VPN Starting from R80.40 Jumbo Hotfix Take 48, clients that do not support MFA (such as Mac OS and iOS) cannot connect as Remote Access clients if MFA is enabled. Refer to sk168493.
R80.40 Jumbo HotFix - Ongoing Take 69 (27 July 2020)
PRJ-12005,
PMTR-49928
Security Management NEW: Added a new SmartTask trigger for "Before Login".
PRJ-12026,
PMTR-51885
Security Management NEW: Tasks that fail to complete within 18 hours will be stopped automatically and appear as failed. Refer to sk166455.
PRJ-12376,
PRHF-10550
Security Management Policy Presets may disappear from view after running the Solr Cure utility. Refer to sk167455.
PRJ-12142,
CPM-2624
Security Management Management HA synchronization between the active Domain server to a standby Domain server may fail with "Failed to import data" error.
PRJ-12671,
PMTR-52789
Security Management If an administrator searches for a certain text in SmartConsole, it may cause the Management Server to become inaccessible until a restart.
PRJ-14086,
PRJ-14088,
PMTR-55188
Security Management A policy that uses Access Role objects may incorrectly show the rule conflict when verifying it using "Verify Access Control Policy". The same policy will pass successfully when performing 'install policy', as expected. Refer to sk168066.
PRJ-14089,
PRHF-11750
Security Management Access Role in source \ destination column with "Redirect to Captive Portal" as an action on the Accept column may cause the policy verification to fail, but policy installation finishes successfully. Refer to sk167732.
PRJ-10059,
PRHF-8924
Security Management In some scenarios, Security policy deletion or installation may fail when there are many Application Control objects used in this policy.
PRJ-13157,
CPM-2811
Security Management In rare scenarios, a session becomes unusable, and one or more of the following may occur:
  • The user is not able to log in and make changes with this session.
  • Publishing this session fails.
  • Discarding this session fails.
Refer to sk167735.
PRJ-13034,
PRHF-10917
Multi-Domain Management Global Policy reassignment may fail after performing the IPS update in the Global domain.
PRJ-12901,
PMTR-53694
SmartConsole NEW: Added more information on each Management API call to api.csv.
PRJ-12906,
PMTR-53855
SmartConsole When using the Management API "show-objects" command to show OPSEC application objects, it may fail with "Requested object [OBJECT ID] not found".
PRJ-12975,
PMTR-51691
SmartConsole When a VSX Cluster object is edited, no changes are made and the  "Topology has changed. Please reinstall Security Policy" message is always displayed after clicking OK, even if no changes are made.
PRJ-13900,
PRHF-11537
SmartConsole Audit log is not shown in SmartConsole Logs & Monitor View for the login action through API when the "-r" flag is set to true (login as root).
PRJ-10201,
PRHF-9019
SmartView SmartView may show "query failed" error message when creating table widget with filter by source/destination host name. Refer to sk119056.
PRJ-12692,
MB-731
Compliance Compliance blade may show incorrect Best Practice status if one or more relevant network objects for that Best Practice is in status "N/A".
PRJ-11889,
PRHF-10057
Logging In some scenarios, searching for logs using "client_name" in the logging tab returns no values.
PRJ-11312,
PMTR-51802
Logging In Multi-Domain Management environments, some of the log_indexer processes may fail to start due to an occupied port.
PRJ-13914,
PMTR-55977
Security Gateway NEW: Added Spike Detector - a new daemon to automatically detect CPU spikes. Refer to sk166454.
PRJ-11503,
PMTR-52209
Security Gateway NEW: Added "Hold" override for unsupported protocols (i.e. GRE). Refer to sk148432.
PRJ-13568,
PMTR-50532
Security Gateway Connectivity issues may appear when ISP Redundancy is configured.
PRJ-14483,
PMTR-54946
Security Gateway When moving context in MDPS with mplane or dplane and bash logging is enabled, the 'grep' command is executed.
PRJ-11743,
SWG-2533
Security Gateway Improved connectivity in a specific flow when ICAP Client is enabled with Trickling 3.
PRJ-10298,
PRHF-8781
Security Gateway In some scenarios, the license status of the Security gateway is not updated properly in SmartConsole.
PRJ-11696,
PRHF-9799
Security Gateway In a rare scenario, access rules with service type of "other" may not be matched correctly. Refer to sk166365
PRJ-13766,
PRJ-13204
Security Gateway In a rare scenario, a traffic outage may occur when time objects are used in the access policy.
PRJ-10767,
PRHF-8926
Internal CA In some scenarios, no SIC between R80.x Security Management and R77 Security gateway after ICA certificate replacement procedure described in sk158096.
PRJ-12341,
PMTR-53146
URL Filtering In a rare scenario, policy installation may fail with "Error code: 0-2000112" if the URL Filtering blade is active while no other feature or blade is enabled.  
PRJ-12621,
PMTR-45782
Identity Awareness After disabling and re-enabling the Identity Collector in SmartConsole, the Identity Collector may fail to connect to the PDP Gateway again.
PRJ-13150 Anti-Virus In a rare scenario, Security gateway may crash while processing SMB3 multi-channel while Anti-Virus blade is enabled.
PRJ-13599,
PMTR-55344
HTTPS Inspection In some scenarios, web traffic is blocked with "HTTP parsing error occurred" and "parameters are undecodable in request" errors.
PRJ-13110,
PRHF-11112
HTTPS Inspection In some scenarios, HTTPS websites may show corrupted text when HTTPS Inspection and Anti-Virus are enabled.
PRJ-12767,
TEX-1762
Threat Extraction In rare scenarios, the watermark_cp_file_convertd daemon used by Threat Extraction may restart frequently, causing high CPU usage. Refer to sk168318.
PRJ-13118,
PMTR-52580
DLP Improved DLP functionality when working with IDA MUH1 and MUH2 agents.
PRJ-11552 SecureXL In some scenarios, MCAST packets may not be accelerated on a PIM-SM RP Gateway.
PRJ-12710,
PRHF-10849
ClusterXL In some scenarios, a Cluster member forwards ICMP replies via its Sync interface after being rebooted.
PRJ-12999,
PMTR-51108
CoreXL On appliances with Dynamic Balancing enabled, allocation of CoreXL SND cores is limited by the interface with the minimal number of Rx queues.
PRJ-13773,
PMTR-53346
CoreXL On 23900, 26000(T) and 28000 appliances with Dynamic Balancing enabled, CPView shows several CPU cores as “Other”. Dynamic Balancing does not work on these CPU cores.
PRJ-11452,
PMTR-51868
Gaia OS NEW: Added support for Smart-1 3150/3050 SAN and 'show asset' line cards for SAN.
PRJ-12932,
PMTR-53897
Gaia OS NEW: Added line card model information to "show asset network" output for the following appliance series: 5000, 6000, 15000, 23000, 7000, 16000, 26000 and 28000.
PRJ-11047,
ACCL-417
Gaia OS UPDATE: CPView Network -> Top-Protocols and Network -> Top-Connections tabs were added back. Refer to sk167903.
PRJ-12249,
PMTR-52663
Gaia OS UPDATE: on Smart-1 5050:
  • Line card 1 model PE2G2SFPi35*-CP* is changed to CPAC-2-1F-SM*-C*
  • Line card 2 model PE210G2SPI9A-XR*-CP* is changed to CPAC-2-10F-SM*-C*
PRJ-12762,
PMTR-52834
Gaia OS In some scenarios, WebUI shows unknown HDDs that are not part of RAID.
PRJ-13627,
PRJ-13627
Gaia OS The show configuration clish command shows 'Exported by admin' label even if it is another user.
PRJ-14451,
PRHF-11802
Gaia OS In some scenarios, the snmpd process stops accepting connections in MDPS/VSX environment.
PRJ-12956,
PRHF-10941
Gaia OS User fails to add ecsda hot keys via clish to the hosts file. This prevents from setting up the scheduled backups before the system goes into production.
PRJ-13272,
GAIA-7496
Gaia OS In some scenarios, the value for Voltage/Fan/Temperature sensor may appear as "NotValid".
PRJ-8950,
GAIA-7018
Gaia OS In some scenarios, interface names may not correspond to the correct ports on 4-ports 10GbE SFP+ Rev 1.1 on 12200/4200/4400/4600/4800/TE250 appliances.
PRJ-11499,
PMTR-51462
Gaia OS In some scenarios, the PSU status is reflected even if there is no PSU on the appliance
PRJ-10763,
PRHF-9221
Gaia OS Only 1024 characters of a cron jobs output are displayed when using show cron jobs from clish.
PRJ-12519,
PRHF-10672
Gaia OS In some scenarios, a backup on a Gaia device with Threat Emulation Blade enabled may fail with "Cannot complete the backup process: not enough space". Refer to sk166833
PRJ-12465,
PRHF-388
VPN In a rare scenario, Security gateway may crash when using Remote Access VPN with L2TP clients.
PRJ-12892,
PRHF-10685
VPN IKEv2 rekey may fail when the resolved peer IP address is not the main IP address. Refer to sk166897.
PRJ-13342,
PRHF-1164
VPN In some scenarios, L2TP client fails to connect with "failed to write L2TP session params to kernel" error in vpnd.elg file. Refer to sk167636.
PRJ-12195,
PRHF-9885
VPN A connectivity issue may occur when a non-encrypted VPN tunnel is used with IKEv2. Refer to sk167902.
PRJ-14461,
VPNS2S-1322
VPN In some scenarios, VPN tunnels may get disconnected.
PRJ-12814,
PMTR-53248
VSX When SNMP is in VS mode, the SNMPD process of VSs may re-launch every few minutes. Refer to sk167112.
PRJ-14045,
PRHF-11742
VSX "Internal Error - Failed to commit changes to OS" error when user creates a Wrp interface with MTU greater than 1500. Refer to sk167715.
R80.40 Jumbo HotFix - General Availability Take 67 (23 July 2020, GA from 27 July 2020)
PRJ-15513,
PMTR-57274
Logging In some scenarios, logs are not available with "Query Failed" message in the logging view, and "An error occurred instantiating job to be executed. job= 'maintenance.routineMaintenance'" message appears in the $RTDIR/log/RFL.log file. Refer to sk168616.
PRJ-14354,
PMTR-55604
Gaia OS In some scenarios, user cannot start IPMI service and loses the IPMI functionalities like lominfo and lomipset.
PRJ-12745,
PMTR-48781
Gaia OS In some scenarios, user cannot start IPMI service on 21400 appliance with "service ipmi start" command.
R80.40 Jumbo HotFix - Ongoing Take 65 (19 July 2020)
PRJ-14581,
PMTR-52149
ClusterXL Connectivity issue may appear on a Standby cluster member after installing R80.40 Jumbo HotFix Takes 53-55. Refer to sk167874.
R80.40 Jumbo HotFix - Ongoing Take 55 (30 June 2020)
PRJ-13958,
PRJ-13803
Security Management Upgrade to R80.40 Jumbo HotFix Ongoing Takes 53 and 54 fails when upgrading from one of the following:
  • R80.30 Jumbo HotFix Ongoing Takes 210 and 213
  • R80.20 Jumbo HotFix Ongoing Takes 160 and 161
R80.40 Jumbo HotFix - Ongoing Take 54 (24 June 2020)
PRJ-13686 Security Management In some scenarios, when using many management API calls in parallel, the output is not consistent. Refer to sk167509.
R80.40 Jumbo HotFix - Ongoing Take 53 (15 June 2020)
PRJ-11387,
PMTR-52087
Security Management NEW: Significant performance improvement for policy installation time when many groups are defined on the Management Server.
PRJ-10901,
PMTR-49801
Security Management NEW: Set values for environment variables on the Management Server that will remain there after a Management Server upgrade, as well as Backup/Restore and Export/Import of the Management Server. Refer to sk165938.
PRJ-12914,
PMTR-48623
Security Management In some scenarios, pressing "Where Used” does not show a script that is used in SmartTasks. 
PRJ-12275,
PMTR-53007
Security Management In Management HA configuration, a hotfix installation may incorrectly fail during the verification phase.
PRJ-11586,
PRHF-9260
Security Management In some scenarios, when using Rulebase Search, the 'number of rules' section is incorrect. Refer to sk166003.
PRJ-12506,
PRHF-10058
Security Management When using packet mode in Rulebase Search, results from inline layer may be matched even though their parent layer is not.
PRJ-12359,
PMTR-33408
Multi-Domain Management NEW: Added ability to log in to the Management Server with SmartConsole while MDS Backup is running.
PRJ-12966,
PRHF-10944
Multi-Domain Management In some scenarios, certain deleted domain level objects are visible in the SmartConsole at the MDS level.
PRJ-9666,
PRHF-8502
Multi-Domain Management In environments with more than five Multi Domain servers, changes to objects may not be reflected in the logs. 
PRJ-12484,
PRHF-10330
Multi-Domain Management Multi-Domain Administrator configuration for RADIUS authentication may show local Domain Radius servers and groups.
PRJ-12326,
PMTR-48272
Multi-Domain Management The "Recent Tasks" and "Install Policy Preset" views in MDS Domain may include Domain names, policy packages, and Gateways names. This information is not filtered according to the administrator's permission profile. 
PRJ-12206,
PRHF-10405
Multi-Domain Management In some scenarios, changes to a .def file in $FWDIR/lib may be reverted when creating a secondary CMA.
PRJ-11507,
PRJ-11508
Multi-Domain Management A migration from Security Management server to a Domain on a Multi-Domain Management Server may fail with: “didn't find ObjectStoreSessionEntity for session <uuid> return null" error in cpm.elg file. 
PRJ-12556,
PRHF-10523
Multi-Domain Management In some scenarios, updating firewall_properties in GuiDBedit in the MDS context fails. Refer to sk42184
PRJ-13187,
PMTR-54274
Multi-Domain Management In a rare scenario, Advanced upgrade from R80.10 may fail.
PRJ-12066,
PRHF-10327
Multi-Domain Management The FWM process of domains may not stop after the user runs mdsstop or mdsstop_customer.
PRJ-12778,
PMTR-52320
SmartConsole NEW: Added API commands for user, user-template, user-group and identity-tag.
PRJ-11074,
PMTR-51815
SmartConsole NEW: Added ability to reset the following network object fields to be empty through the Management API: ipv4-address, ipv6-address, subnet4, subnet6, mask-length4, and mask-length6.
PRJ-11906, 
PRHF-10275
SmartConsole In rare scenarios, certain domain level objects may not be visible in SmartConsole at the MDS level. 
PRJ-12457,
PRHF-8968
SmartConsole In some scenarios, IPS update may be locked with the message "IPS management update is locked by Scheduled update" .
PRJ-12539,
PRHF-9941
SmartConsole Unable to delete Snort protections in Multi-Domain environment - they still exist after deletion.
PRJ-12444,
PRHF-8488
SmartConsole In some scenarios, IPS update tasks may stuck when multiple machines are attempting an update within the same time frame.
PRJ-12961,
PRHF-10916
SmartConsole Global Policy reassign in MDS may fail with 'An internal error has occurred' message after adding overrides to Snort protections.
PRJ-12211,
PMTR-52897
SmartConsole When running the "show-domain" API command, the "active" field may be missing from the reply.
PRJ-11259,
PRHF-9106
SmartConsole In some scenarios, Inspection Settings view under the General tab is blank.
PRJ-11433.
PRHF-8506
SmartProvisioning The SmartProvisioning application may hang when the user adds/edits Dynamic Objects in the LSM Gateway object editor. 
PRJ-11917,
PMTR-51950
Security Gateway NEW: Added support for key renegotiation in SSH Deep Packet Inspection (DPI).
PRJ-9121,
PRJ-8907
Security Gateway Connections may be dropped when "keep all connections" is configured during policy installation. Refer to sk166212.
PRJ-11781,
NAT-215
Security Gateway In a rare scenario, the Security Gateway may crash when using a non- FQDN domain object in the policy.
PRJ-13078,
PMTR-54306
Security Gateway When HTTPS Inspection is enabled using layer-2/bridge, traffic may be dropped when deciding the outgoing interfaces.
PRJ-12733,
PMTR-53779
Security Gateway In a rare scenario, memory is not freed correctly in the routing mechanism.
PRJ-12237,
PRHF-10039
Security Gateway In a rare scenario, Security Gateway memory consumption may increase when the Anti-Virus blade is enabled.
PRJ-13091,
PRHF-11016
Security Gateway
  • CPView Utility may not display speed and driver.
  • SNMP does not use custom OID, dplane OID mapping to Management Plane.
  • Some connections through Management Plane on Standby member may be dropped.
PRJ-13148,
PMTR-54459
Security Gateway In some scenarios, IPS & APPI updates fail when Anti-Virus and Content Awareness blades are active.
PRJ-9700 Logging NEW: Added support for viewing MITRE ATT&CK fields in logs. 
PRJ-9317,
PRHF-8166
Logging Logging view may show results from the wrong day if the server Time Zone is configured to use half/quarter hour deviations from standard time.
PRJ-8923,
PRHF-8148
Logging When the user searches logs in the "Logs and Monitor" tab in SmartConsole and applies a filter using the "?" wildcard, incorrect logs may be returned. 
PRJ-8481,
PRHF-7592
Logging "Problem has occurred during search < External Log server > Disconnected" error may appear in "Logs & Monitor" tab after creating dummy object for NAT.
PRJ-9738,
PMTR-37265
SmartView In SmartView, deleting widgets and clicking on "Discard" may not revert all changes.
PRJ-10671,
PMTR-49128
SmartView In SmartView, when using a language other than English, an error may occur when drilling down on a widget.
PRJ-11058,
PRHF-9354
Application Control In some scenarios, Application Control update task may get stuck indefinitely when it is executed as part of Global Policy assignment.
PRJ-12167,
PMTR-52106
Application Control In some scenarios, Application Control updates in Multi-Domain High Availability environments may get stuck when multiple updates from different Domains/Multi-Domains take place simultaneously.
PRJ-9565,
PRHF-8153
Threat Prevention The number of overrides in Threat Prevention policy -> Profile -> Overrides may also show inactivated overrides, with mismatched information between "override" and "User Modified". 
PRJ-12433,
PRHF-11043
Threat Prevention In a rare scenario, when Threat Prevention Forensics feature is enabled, memory usage may rise on the Security gateway due to failures in memory release flow.
PRJ-10672,
PMTR-51385
SSL Inspection NEW: Added support for FutureX HSM when working with outbound HTTPS Inspection.
PRJ-11435,
PMTR-52216
Anti-Malware In some scenarios, "Feed Error" message appears when fetching a IOC feed.
PRJ-10849,
PMTR-50978
UserCheck In a rare scenario, the UserCheck daemon may fail with core dump file created.
PRJ-12603,
PMTR-53442
Mobile Access Mobile Access ActiveSync session timeout may not update properly, generating repeated error messages in the 'cvpnd.elg' debug output. 
PRJ-10417,
MAGB-781
Mobile Access Some Web applications published by Mobile Access Blade may not work in Host Translation mode.
PRJ-9780 ClusterXL Resetting SIC on a Cluster member may result in CCP Encryption turned OFF while it should remain ON.
PRJ-10979,
PMTR-43718
ClusterXL SNMP Response for OID .1.3.6.1.4.1.2620.1.5.6 ("haState") is "Active" on all members of ClusterXL High Availability mode. Refer to sk106291.
PRJ-11611,
PMTR-52275
ClusterXL In some scenarios, the fwk process stops working on cluster member.
PRJ-11402,
PRHF-9845
SecureXL NEW: Performance improvement for DOS/Rate Limiting rules under a high connection rate.
PRJ-12548,
PRHF-10647
SecureXL NEW: Added tunable kernel parameter "adp_mc_rt_hold_queue_len" to adpkern.conf to eliminate multicast packet drops at the start of a connection (when large bursts of multicast traffic are expected).
PRJ-12019,
PRHF-10097
SecureXL In some scenarios, ACK, FIN, and RST TCP packets may be dropped, causing outages. 
PRJ-11551 SecureXL MCAST packets may be handled incorrectly when promiscuous (tcpdump) mode is enabled for the interface.
PRJ-12175,
PRHF-10228
SecureXL In some scenarios, TCP traffic containing the TCP Fast Open option may be dropped by the Security Gateway.
PRJ-11684,
PRJ-11365
Routing NEW: Performance improvement for multicast packets in SecureXL (fast path) when there are no multicast listeners.
PRJ-12222,
ROUT-856
Routing In some scenarios, routed process stops working when adding an interface to OSPFv3 with a prefix length above 63 and having two or more areas.
PRJ-10734,
PMTR-51475
VSX NEW: Adding bridge interfaces to a regular VS in VSX is allowed via vsx_provisioning_tool by using the below command:
attach bridge vd <vs_name> ifs1 <first_interface_name> ifs2 <second_interface_name>
PRJ-12622,
VSX-2219
VSX In a rare scenario, creating new VSX and pushing configuration may cause the cluster members to crash.
PRJ-13060,
PRHF-10978
VSX When performing a provisioning operation in VSX, process may hang on "Pushing configuration to ...".  Refer to sk167175.
PRJ-12813,
GAIA-7625
Gaia OS The activate_sw_raid utility may fail due to incorrect disk names. 
PRJ-11755,
PMTR-52432
Gaia OS The snmptrap command fails and shows an error related to EngineID.
PRJ-11854,
PMTR-48873
Gaia OS On 15600 appliances, the "service ipmi start" command may fail to start the IPMI Service.
PRJ-10309,
GAIA-6136
Gaia OS Incorrect status may be displayed in Clish for pulled PSU.
PRJ-10273,
PMTR-50151
VPN NEW: 3DES is disabled by default for HTTPS Inspection, Mobile Access Portal, Identity Awareness Portal, ICA Portal, SmartManagement Portal, SecurePlatform WebUI, and Mobile Access curl.
Note: Disabling 3DES will fail 3rd party OPSEC SDK 6.0 clients connectivity. To enable it, refer to sk113114.
PRJ-12102,
VPN-72
VPN NEW: Added Large-scale support for Visitor Mode.
PRJ-12179,
VPNRA-364
VPN Connectivity improvements for Remote Access VPN using Traditional mode.
PRJ-11644,
VPNRA-353
VPN Added Stability improvement for Remote Access VPN.
PRJ-11711,
PRHF-10028
Endpoint Security In SmartEndpoint, Anti-Malware's "Top Infections" report has an empty infection name. Refer to sk166232
PRJ-11825,
PRHF-6365
Endpoint Security Users/devices may not change their locations in the tree according to Active Directory changes when certain special characters appear in the names.
PRJ-11841,
PRHF-9304
Endpoint Security Cannot delete the client MSI package from SmartEndpoint because of previously deleted FDE offline group.
PRJ-11833,
PRHF-8234
Endpoint Security The Endpoint directory scanner may fail to reconnect to the AD if the connection was lost during the scan. 
PRJ-11820,
PRHF-9157
Endpoint Security The default paths for offline folders in SmartEndpoint -> Offline group creation wizard may be incorrect. 
PRJ-11837,
PRHF-10015
Endpoint Security An error in FDE pre-boot users calculation may cause Endpoint to be left in a disconnected state. Refer to sk142313.
PRJ-11145,
PRHF-9706
Endpoint Security Local users may not be displayed under the selected machine in the "Users and Computers tab" in SmartEndpoint. Refer to sk166316.
PRJ-11816,
PRHF-9151
Endpoint Security When a user name is updated in SmartEndpoint, the change may result in an unexpected expiration date. Refer to sk165872.
PRJ-11245,
PRHF-9628
VoIP SIP calls with NAT (SIP packet with no SDP but content-type=sdp) may fail to open correctly.
PRJ-9105,
PRHF-7758
VoIP In a rare scenario, Security gateway crashes when passing SIP traffic. Refer to sk166474.
R80.40 Jumbo HotFix - General Availability Take 48 (published on 21 May 2020, GA from 25 May 2020)
PRJ-12414,
PMTR-52051
Security Gateway In a rare scenario, Security gateway may crash while processing the SMTP traffic due to a memory corruption.
PRJ-12499,
PMTR-52267
SecureXL SCTP Stateful inspection and payload NAT (INIT Chunks) may not work correctly in some scenarios.
PRJ-12738 VPN Some Remote Access clients that do not support Multi-Factor Authentication (MFA) are able to connect to a Security Gateway even though the "Allow older clients" option is disabled. Refer to sk166912.
PRJ-12629,
PRHF-7485
VPN Improved the VPN connectivity with DAIP peers when Tunnel Monitoring is enabled. Refer to sk164933.
PRJ-11369,
PRHF-9804
Gaia OS SNMP Trap may not be sent even though a failover occurred. Refer to sk166100.
PRJ-11829,
PRHF-7087
Endpoint Security SmartEndpoint may export a report to Excel in which incorrect distinguished names appear for deleted users/computers. Refer to sk163943.
R80.40 Jumbo HotFix - Ongoing Take 45 (10 May 2020)
PRJ-8281,
PMTR-36367
Security Management FWM and\or INDEXER processes may repeatedly stop when there are more than ~500K network objects declared. Refer to sk164452.
PRJ-11956,
PMTR-52583
Security Gateway In a rare scenario, Security Gateway may crash due to NULL pointer reference
PRJ-9707,
PRHF-7716
Logging The FWD process may stop working if one of the following changes were made using GuiDBEdit:
  1. Change to log forwarding timing
  2. Change to log switch timing
PRJ-11007,
PRHF-9292
Logging In some scenarios, changes made to Network Objects on the Security Management Server are not reflected in the logs view. Refer to sk166493.
PRJ-10885,
PMTR-51539
Anti-Malware In some scenarios, Microsoft update and other download connections may fail when Strict Hold mode is enabled.
PRJ-11237,
PMTR-42727
VPN Connectivity improvement for VPN over NAT traversal (UDP 4500). Refer to sk155953.
PRJ-11012,
PMTR-46009
Gaia OS NEW: Added support for Jumbo Hotfix installation on Check Point 3800, 6400, 6700, 7000, 16200, 16600HS, 28000 and 28600HS appliances. Refer to sk110052, sk139932 and sk152733.
  • Requires R80.40 SmartConsole Build 396 (or higher).
R80.40 Jumbo HotFix - Ongoing Take 38 (26 April 2020)
PRJ-10631,
PRJ-10629
Installation Firmware upgrade for Small Office appliance using SmartProvisioning in Multi-Domain Management environment may fail.
PRJ-8645,
CPM-2623
Security Management NEW: Performance enhancements while the Management Server is under high load.
PRJ-11118,
PMTR-51778,
PRJ-10995,
PMTR-51743
Security Management NEW: Added ICA Management security enhancements.
PRJ-10473,
PMTR-49832
Security Management In a rare scenario, export from the previous version does not complete because the Postgres dump_all process gets stuck.
PRJ-11722,
PRHF-10059
Security Management Scheduled IPS update operation on the Security Management server may not be triggered after server reboot/restart. Refer to sk166216.
PRJ-10221,
PRHF-7865
Security Management When the user runs the 'add-domain' Web API command on an existing Domain, the original Domain is deleted. 
PRJ-10089,
PMTR-50276
Security Management The cpm_solr process may stop working and cause one of the following:
  • The upgrade of a Management machine may stuck on 58%
  • The Management HA synchronization may fail with "NGM failed to import data" error
  • Users may not be able to log in.
PRJ-10515,
PMTR-36302
Security Management In some scenarios, Check Point services fail to start and the CPM log shows that there are duplicate session aggregators.
PRJ-9323,
PRHF-8494
Security Management In some scenarios, a disconnected SmartView Monitor session appears in SmartConsole with a grayed out 'Disconnect' option, which cannot be discarded. Refer to sk165037
PRJ-9300,
PRHF-8336
Security Management In a rare scenario, the "SmartDashboard component failed to connect to server <IP address>. Please contact technical support" error is displayed in SmartConsole when opening the Management object for editing.
PRJ-11167,
PMTR-51180
Multi-Domain Management In a rare scenario, synchronization between Multi-Domain Management Servers breaks after revisions purge operation. 
PRJ-9699,
PRHF-8593
Multi-Domain Management MLM may open a connection to the reversed IP address of the Multi-Domain Server.
PRJ-10527,
PRHF-8686
Multi-Domain Management Upgrade of Multi-Domain Server may fail if Sync With User Center is running.
PRJ-9241,
PRHF-8077
Multi-Domain Management In some scenarios, secondary MDS or MLM fail to renew a management certificate. Refer to sk164732.
PRJ-11177,
PMTR-51890
Multi-Domain Management In some scenarios, Full synchronization fails in the Global Domain with "Full sync with peer '[Peer Name]' NGM failed to import data" error. Refer to sk145972.
PRJ-11517,
PRHF-9981
Multi-Domain Management In rare scenarios, upgrading the Multi-Domain Server fails to upgrade some Domain Servers with "IllegalArgumentException" in the upgrade log. 
PRJ-10366,
PMTR-51017
Multi-Domain Management After performing Full synchronization or failover of the Global Domain, the following operations may fail (refer to sk145972):
  • Global Domain reassignment
  • IPS or Application Control updates in the Global Domain.
PRJ-9262,
PMTR-49143
Multi-Domain Management Upgrade of Multi-Domain Server may fail when the source version is R80.10 and there is no license configured on the target machine.
PRJ-10531,
PRHF-8581
Multi-Domain Management The mds_import.sh script may fail if the IPS version for a Domain/CMA does not exist on the R80.x Multi-Domain Management Server.
PRJ-10510,
PMTR-50620
Multi-Domain Management In some scenarios, if a Domain is deleted while the user performs a multi-site upgrade from R77.x (before all machines complete the upgrade), some Domains may not be assigned to Admins and Trusted Clients, as before the upgrade. Updating those Admins and Trusted Clients may also fail.
PRJ-10747,
PMTR-50936
Multi-Domain Management In some scenarios, policy installation from the Domain Management Server fails after an mds_backup procedure that was interrupted. Refer to sk165559.
PRJ-11284 Multi-Domain Management Access policy installation may get stuck in a specific scenario in MDS environments. Refer to sk166106.
PRJ-10504,
PMTR-50891
Multi-Domain Management The import-smart-task Management API may fail in the second Domain on the Multi-Domain machine when it is executed with same exported file.
PRJ-9290,
PMTR-49566
SmartConsole NEW Enhancement: Two new flags were added for the performance improvement of Threat Protection API commands: 'show-profiles' and 'show-ips-additional-properties'. The default value for both flags is false.
PRJ-10374,
PRHF-8973
SmartView In some scenarios, after user imports view/report in SmartView, the imported view/report is not shown in the Catalog.
PRJ-10707,
PMTR-45783
SmartProvisioning In some scenarios, after creating a Small Office gateway using LSMCli, some fields in the gateway object on the SmartProvisioning are not populated.
PRJ-9644,
PRHF-4623
Security Gateway NEW: Added support for the bridge configuration when packet is passing via the Security gateway twice.
PRJ-10795,
PMTR-51301
Security Gateway In some scenarios, when a Custom Intelligence Feed is enabled, the Security Gateway may crash.
PRJ-10173 Security Gateway After installing R80.40 Jumbo Hotfix, Dynamic Split is disabled.
PRJ-10207,
PRHF-9508
Security Gateway ICAP Client may not work properly when Threat Extraction blade is enabled.
  • To enable the fix, set the enable_icap_with_strict_hold parameter to 1. 
PRJ-11538 Security Gateway In a rare scenario, Security gateway may crash with vmcore.
PRJ-11531,
MUX-319
Security Gateway In a rare scenario, Security gateway may crash while connection is closed while being held.
PRJ-10887,
PMTR-51247
Security Gateway In a rare scenario, a memory leak may appear in Anti-Virus inspection on SMB protocol.
PRJ-9690,
PMTR-46451
Security Gateway Traffic may be dropped on DAIP gateway after the gateway IP address is changed or the gateway is rebooted. Refer to sk165176.
PRJ-8657 Security Gateway In a rare scenario, creating a Virtual Switch can lead to crash.
PRJ-9835,
PMTR-48719
Security Gateway When ISP Redundancy is configured on a cluster, the backup ISP link status may show as down even though the link is up.
PRJ-10283,
PMTR-50683
Anti-Malware NEW: Added support to allow Threat Extraction to scan a file download in additional scenarios.
PRJ-10758,
IDA-2866
Identity Awareness In some scenarios, multiple "idapi_load_data_impl: session id <Session ID> not found in client_db, although ip <Session IP> was assigned to it" errors appear in /var/log/messages file. Refer to sk167174.
PRJ-10387,
IDA-2719
Identity Awareness In a rare scenario, identity session groups and access roles may disappear following a policy installation. 
PRJ-10085,
PMTR-50594
Content Awareness Added ability not to drop the connections if the files are downloaded with HTTP 206 out of range.
PRJ-10856,
PRHF-1898
Application Control NEW: Gateway status will reflect Application Control and URL Filtering updates.
PRJ-9935,
PMTR-49938
HTTPS Inspection In some scenarios, when the minimum version of HTTPS Inspection is set to TLS 1.1, some websites may stop working. Refer to sk165555
PRJ-10738,
PRHF-9265
SSL Inspection In a rare scenario, a memory leak may appear when SSL inspection is enabled.
PRJ-10940,
PMTR-51681
IPS In a rare scenario, the fw_full process may stop working. 
PRJ-10970,
SWG-2484
DLP NEW: Reading and sending files from the registry by DLP was optimized.
PRJ-9694,
PRHF-8503
DLP In some scenarios, DLP prints wrong error message in the log.
PRJ-9329,
PRHF-8152
DLP Improved the scanning time of files for some scenarios in SMTP and HTTP/S.
PRJ-9436 DLP In a rare scenario, the dlpu process, a component in Anti-Virus and Threat Emulation, may stop working. 
PRJ-9775,
PRHF-8847
DLP In some scenarios for SMTP, when an internal user sends an email, the DLP logs may show the topology as "external to external" instead of "internal to internal".
PRJ-11023,
PRHF-3767
ClusterXL Active VRRP cluster member may not show full accounting information in logs. Refer to sk159432.
PRJ-10235,
PMTR-51942
SecureXL Policy installation may fail with "Error code 0-2000240" when Drop templates option is enabled. Refer to sk165716.
PRJ-10000,
PRHF-5120
SecureXL UPDATE: Improved TCP state inspection for "Smart Connection Reuse" feature.
PRJ-9828,
PMTR-50294
SecureXL In some scenarios, SYN Defender cookie validation may fail.
PRJ-8977 SecureXL When PIM-SM multicast routing transitions from RPT to SPT, packets may be dropped or become out-of-order.
PRJ-8774,
PMTR-48255
SecureXL In some scenarios, held packets are incorrectly reported to the penalty box.
PRJ-8916,
PRJ-8890
SecureXL In some scenarios, multicast packets arrive to the Security gateway in order, but leave out-of-order.
PRJ-9972,
SL-3551
Logging In a Multi-Domain environment, one or more CMA's SMARTLOG_SERVER processes may fail to start after upgrade. Refer to sk165262.
PRJ-11364,
PMTR-51655
Logging In a rare scenario, the CPD process on a Security Management Server that manages R77.30 Security Gateway may stop working.
PRJ-11846,
SL-3728
Logging Log exporter process may stop working after enabling export of log attachment IDs.
PRJ-9957,
PRHF-897
VoIP In some scenarios, UA traffic is dropped when packet contains more than 9 UA's. Refer to sk135114.
PRJ-11036,
PMTR-36437
VPN In some scenarios, VPN traffic distribution change may cause high CPU consumption on one CPU core. Refer to sk165853.
PRJ-9587,
PRHF-7681
VPN In a rare scenario, vpnd process stops working due to Segmentation fault. 
PRJ-10558,
VPNS2S-938
VPN Improved the VPN Site-to-Site tunnel establishment scenario with IKEv2.
PRJ-8726 VPN In some scenarios, vpnd cores may be generated sporadically during boot time/cluster failovers on the Cluster Standby Member. 
PRJ-10391,
PRHF-1053
VPN In a rare scenario, vpnd process stops working due to issue in IKEv2 flow.
PRJ-9586
PRHF-7485
VPN Improved the VPN Connectivity with DAIP peers. Refer to sk164933
PRJ-9911,
PMTR-43850
VPN Improved stability of VPN traffic on VSX Gateway.
PRJ-11017,
PMTR-51126
Gaia OS In a rare scenario, Security gateway may crash when SSH Deep Packet Inspection (SSH DPI) is enabled.
PRJ-10075,
PRJ-10452
Gaia OS The "show asset all" command displays the total number of cores  instead of the online number of cores, even if the Hyper-Threading is disabled.
PRJ-11536,
PRHF-9858
Gaia OS In some scenarios the snmpd process floods /var/log/messages with errors regarding parsing voltage sensor value. 
PRJ-9131,
PMTR-49209
Endpoint Security Endpoint Standalone Remote Help Server may not start syncing automatically on the first connect.
PRJ-10120,
PRJ-9633
Compliance In some scenarios, database import on single Domain machines where the Compliance blade is activated fails, and as a result, the FWM process stops working after the import.
PRJ-10868,
VSECC-1119
CloudGuard IaaS In a rare scenario, the OpenStack Data Center becomes unresponsive, resulting in a loss of updates to the Security Gateway. 
PRJ-10914,
VSECC-1222
CloudGuard IaaS When an Azure subnet is missing its prefix attribute, the Microsoft Azure Data Center may fail to poll data, resulting in a loss of updates to the Security gateway.
PRJ-11026,
VSECC-1231
CloudGuard IaaS When an Azure Virtual Network Interface is missing its properties' primary attribute, the Microsoft Azure Data Center may fail to poll data, resulting in a loss of updates to the Security gateway.
PRJ-10903,
PMTR-22709
VSX In VSX cluster with VMAC mode, traffic may not pass through VSX Cluster members. Refer to sk138894.
R80.40 Jumbo HotFix - Ongoing Take 25 (16 March 2020)
- General NEW: Added support for Security Gateway running on Open Servers.
PRJ-9090,
PRHF-8266
Security Management In a rare scenario, when an environment has many Gateways (dozens), the FWM daemon may stop working when 4 GB of memory is reached. Refer to sk165015.
PRJ-8409,
PMTR-46703
Security Management In some scenarios, when the user modifies a policy rule and creates a section above it in the same session, the log tracker shows that the rule was created instead of modified.
PRJ-8406,
PRHF-7874
Security Management In some scenarios, the exported database may be very large and include redundant data.
PRJ-9312,
PRHF-7728
Security Management The "Unused Objects" filter in Object Explorer may display a failure message if there are more than 20000 unused objects.
  • A limit was added so that only the first 5000 objects will be displayed.
PRJ-9215,
PRHF-8370
Security Management Logging into SmartConsole to the Standby Management Server with a Radius or TACACS user may fail after changing the shared secret on the Radius or TACACS object. 
PRJ-9266,
PMTR-49516
Security Management Policy verification may fail after the user does the following steps: Configures specific install targets for a policy, publishes them, changes the install targets back to "All Gateways", and tries to install them on a Gateway which is not in the original list of targets.
PRJ-9398,
PMTR-44668
Security Management In a rare scenario, the FWM process will utilize 100% CPU, and connections to SmartConsole may fail.
PRJ-8794,
VPNRA-316
Security Management Improved the Access Control Policy installation time for environments with high amount of objects and enabled IPSEC VPN blade. Refer to sk166321.
PRJ-6936 SmartConsole NEW: Added R80.30SP to the list of versions for supported hardware.
PRJ-9080,
API-864
SmartConsole In some scenarios, the Management Server may stop working following authenticated API commands to create or update objects with extremely long comments.
PRJ-9466,
PMTR-49817
SmartConsole In some scenarios, when the user attempts to delete a Gateway / Cluster member, an error message may appear and the operation may not complete successfully.
PRJ-8753 SmartConsole In some scenarios, on a Global domain, when the user sets a logging option of an IPS protection whose activation is Detect or Prevent, the activation of the protection is set to "Inactive" on the local domain after an Assign Global Policy operation. 
PRJ-9544 SmartConsole When the user invokes the 'show-access-layer' API command, the parent layer may be missing from the output result.
PRJ-9977,
PRJ-9968
Security Gateway In a rare scenario, a non-HTTP traffic on port TCP/80 is dropped.
PRJ-9052,
PRHF-8288
Security Gateway Global connections may not be freed correctly when the Gateway acts as a Proxy.
PRJ-8275 Security Gateway In some scenarios, a Security policy installation fails during high CPU utilization.
PRJ-10345,
PMTR-49504
Security Gateway In a rare scenario, after upgrading a Security Gateway to R80.40, the log_indexer process running on the Log server may consume 100% CPU and cause the indexing backlog.
PRJ-9446,
PRJ-9416
Security Gateway Added logs for packets that include invalid TCP options. This feature is off by default.
PRJ-9898,
PMTR-50302
Security Gateway In a rare scenario, the Citrix server communication may fail.
PRJ-10480,
PRHF-9188
Security Gateway In some scenarios, Accounting log shows a wrong total packets value.
PRJ-8884,
PRHF-7048
Security Gateway In a rare scenario, Security gateway may crash when activating a web parsing debug.
PRJ-9900,
PMTR-50431
Security Gateway In a rare scenario, when the web server is defined, policy installation fails with "Error code 0-20000111".
PRJ-8861,
PRJ-8880
IPS In a rare scenario, Security gateway may crash due to NULL pointer reference.
PRJ-9450,
PRHF-8530
IPS,
VSX
In some scenarios, SmartConsole shows "No license" and "Contract is expired" for IPS blade in VSX. Refer to sk164917.
PRJ-9395,
PMTR-49565
Identity Awareness Performance improvement in the automatic LDAP group update feature.
PRJ-7201,
PMTR-23406
SSL Inspection NEW: Added support for proxy configuration when downloading CRL from a VSX device. Refer to sk151115
PRJ-8498,
PRHF-7875
Logging Added "Resource", "Application Risk", "Application Name" and "Application Category" fields to the exported CSV file. 
PRJ-8548 Logging NEW: Log Exporter feature exports log attachment identifiers and adds the ability to fetch them through the Management API command.
PRJ-8683,
PRHF-7856
Logging In some scenarios, Threat Emulation Logs cannot be viewed in the logging or reporting views because of a certain format of the "file size" field sent from the Security gateway. Refer to sk166997.
PRJ-9075,
PRHF-8337
Routing In some scenarios, a corrupted BGP AS4_PATH attribute value may result in an invalid, long BGP update that is rejected by the BGP peer.
PRJ-9129,
PMTR-46873
SecureXL NEW: Added acceleration support for Ethernet Over IP Tunneling (EOIP). EOIP is RFC 3378 protocol # 97 used between Wireless AP and Wireless Cisco controller. 
PRJ-10197,
PMTR-50836
Gaia OS CVE-2020-8597: pppd is vulnerable to buffer overflow. Refer to sk165875.
PRJ-8583,
PMTR-48127
Gaia OS Multi-Queue configuration cannot be assigned to interfaces that use the "mlx5_core" driver (to check, run the "ethtool -i <name of interface>" command).
PRJ-9357,
PRJ-9318
Gaia OS On 3600 and 3600T appliances, alarm led turns on if one of the PSU is disconnected. Refer to sk166000.
PRJ-8142 CloudGuard IaaS NEW: Added support for Data Center objects with ClusterXL configured in Active/Active mode.
PRJ-8570,
PMTR-49970
CloudGuard IaaS The Management API add-data-center-server for vCenter Data Center uses the "unsafe-auto-accept" parameter with default value set to false. In some scenarios, this setting causes the opposite behavior.

 

Installation instructions

Procedure:

  • Show / Hide instructions for installation in Gaia Portal - using CPUSE (Check Point Update Service Engine)

    • Offline installation

      Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").

      1. Install the latest build of CPUSE Agent from sk92449.
      2. Connect to the Gaia Portal on your Check Point machine and navigate to Upgrades (CPUSE) section - click on Status and Actions.
      3. In the upper right corner, click on the Import Package button.
      4. In the Import Package window, click on Browse... - select the CPUSE package (either offline TGZ file, or exported TAR file) - click on Import.
      5. Above the list of all software packages, click on the Showing Recommended packages button - select All.
      6. Select the imported package Check Point R80.40 Jumbo hotfix T<number> for sk165456 - click on More button on the toolbar - click on Verifier (or right-click on the package and click on Verifier).
      7. Select this package and click on Install Update button on the toolbar.


  • Show / Hide instructions for installation in Gaia Clish - using CPUSE (Check Point Update Service Engine)

    For detailed installation instructions, refer to CPUSE - Gaia Software Updates (including Gaia Software Updates Agent) - section "(4) How to work with CPUSE".

    • Offline installation

      Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").

      1. Install the latest build of CPUSE Agent from sk92449.
      2. Connect to command line on target Gaia OS.
      3. Log in to Clish.
      4. Acquire the lock over Gaia configuration database:
        HostName:0> lock database override
      5. Import the package from the hard disk:
        HostName:0> installer import local <Full_Path>/<Package_File_Name>.TGZ_or_TAR
      6. Show the imported packages:
        Note: Refer to the top section "Hotfixes" - refer to "Check Point R80.40 Jumbo hotfix T<number> for sk165456"
        HostName:0> show installer packages imported
      7. Verify that this R80 Jumbo Hotfix Accumulator package can be installed without conflicts:
        HostName:0> installer verify <Package_Number>
      8. Install the imported package:
        HostName:0> installer install <Package_Number>

 

Uninstall instructions

Important Note: This Jumbo Hotfix Accumulator removes all its packages during uninstall.

    Procedure:

     

     

     

    List of upcoming resolved issues

    The below issues are planned to be addressed in our future Jumbo Hotfix Takes. The list is not final and may be changed.

    ID Product Description
    PRJ-23773,
    PMTR-66072
    Security Management "Query failed" error is displayed in Security Gateway Device & License Information view in SmartConsole when canceling the "Export to PDF/CSV" operation.  
    PRJ-23922,
    PMTR-64482
    Security Management SmartConsole Extensions fail to load with "Error: unable to retrieve read-only session" if login with SmartConsole is performed with an IP address that is not defined as the primary IP of the Management Server.
    PRJ-22522,
    PMTR-65290
    Multi-Domain Management In some scenarios, Reassign Global Domain for a Domain that is active on another Multi-Domain Server may fail with "An internal error has occurred" message.
    PRJ-24020,
    PMTR-66953
    Multi-Domain Management In some scenarios, after upgrade of Multi-Domain environment that has active Domains on multiple Multi-Domain servers, some objects may not be visible in the System Domain.
    PRJ-10357,
    PMTR-46596
    Logging Log_indexer may stop working on a SmartEvent server with a large number of CPUs (32 and up), and\or when the total number of log servers declared in correlation units is above 30.
    PRJ-23204,
    PMTR-65244
    Logging In rare scenarios, when creating a Log server object and establishing SIC, log queries from the newly created Log server object may fail.
    PRJ-23009,
    PRHF-15886
    Logging In rare scenarios, when the user exports logs to Excel using SmartView web, the action fails when the exported logs contain special characters, like emojis.
    PRJ-23112,
    PMTR-52927
    Logging In some scenarios in SmartView, exporting a report or view to PDF duplicates the item and displays it twice in the Catalog until the export is done.
    PRJ-25272,
    PMTR-68358
    Internal CA UPDATE: The IKE certificates validity period is set to 1 year by default.
    PRJ-10989,
    PRHF-8504
    Security Gateway UPDATE: Added L3 routing support for bridge interface assigned with IP address. To enable it, set fw_bridge_with_ip_routing=1 in the $FWDIR/fwkern.conf file.
    PRJ-21312,
    PMTR-63867
    Security Gateway Allow automatic configuration of Identity Awareness nested group state 4 for Security Gateways with a previously installed fix for IDA-754.
    PRJ-22873,
    PRHF-15786
    Security Gateway In some scenarios, policy installation fails with "Error code 0-2000077" message.
    PRJ-21472,
    PRHF-14963
    Security Gateway When the Security Gateway is configured as a proxy, some network objects may not be matched correctly.
    PRJ-24299,
    PMTR-67184
    Security Gateway In a rare scenario, the FWK process stops working on the Security Gateway.
    PRJ-20810,
    PMTR-62949
    Security Gateway On Security Management with connected Endpoint Security Server, the SICTUNNEL process may stop working and start again every few minutes with core file ~4gb in size.
    PRJ-22359,
    IDA-3759
    Identity Awareness In some scenarios, output of "pdp conn pep" command may show incorrect PEP names.
    PRJ-16186,
    IDA-3194
    Identity Awareness Added optimization for PDP when handling Terminal servers Multi-User Host Agent (MUH).
    PRJ-25379,
    PRHF-10292
    Identity Awareness In Identity Awareness Captive portal, the default Check Point logo is displayed even if the user-defined logo is configured
    PRJ-21457,
    PRHF-14980
    Identity Awareness In some scenarios, the VPN Remote Access client fails to connect if a certificate contains a DN with an asterisk (*). 
    PRJ-23249,
    PRJ-24404
    Routing VRRP member freezes when deleting a VLAN interface.
    PRJ-23938,
    PRHF-14819
    VPN When the Remote Access is configured to use DHCP for the Office Mode allocation, disconnection of SNX/L2TP clients may cause the IP address not be removed from the table.
    PRJ-22543,
    PRHF-14102
    VPN Added stability fix in validation checks for ECDSA certificates.
    PRJ-25489,
    PMTR-68687
    VPN In VSX environments, Anti-Spoofing in SecureXL may cause Remote Access VPN drops.
    PRJ-21954,
    PMTR-64257
    VPN The "Session timeout" field is not visible when opening a single log in Logs & Monitor tab in SmartConsole.
    PRJ-23828,
    PRHF-16241
    VSX In rare scenarios, the Wrp interface may not come up.

     

     

    Revision History

    Show / Hide revision history

    Date Description
    25 May 2021 Take 118 of R80.40 Jumbo Hotfix Accumulator moved to General Availability
    10 May 2021
    • Released Take 118 of R80.40 Jumbo Hotfix Accumulator
    • Published List of upcoming resolved issues
    09 May 2021 Updated the Important Notes section
    04 May 2021 Updated the Important Notes section
    02 May 2021 Added PRJ-20960 to Take 114
    25 Apr 2021
    • Released Take 114 of R80.40 Jumbo Hotfix Accumulator
    • SmartConsole package has been updated to Build 423
    21 Apr 2021 Take 102 of R80.40 Jumbo Hotfix Accumulator moved to General Availability
    18 Apr 2021 Updated the Important Notes section
    14 Apr 2021 Released Take 101 of R80.40 Jumbo Hotfix Accumulator
    08 Apr 2021 Added PRJ-15447 to Take 100
    05 Apr 2021 Published List of upcoming resolved issues
    17 Mar 2021
    • Released Take 100 of R80.40 Jumbo Hotfix Accumulator
    • SmartConsole package has been updated to Build 422
    14 Mar 2021
    • Take 94 of R80.40 Jumbo Hotfix Accumulator moved to General Availability
    • Released Blink image for primary Multi-Domain Management
    24 Feb 2021 Published List of upcoming resolved issues
    21 Feb 2021 Released Take 93 of R80.40 Jumbo Hotfix Accumulator
    16 Feb 2021 Take 92 has been removed
    31 Jan 2021
    • Released Take 92 of R80.40 Jumbo Hotfix Accumulator
    • SmartConsole package has been updated to Build 416
    26 Jan 2021 Take 91 of R80.40 Jumbo Hotfix Accumulator moved to General Availability
    04 Jan 2021 Published List of upcoming resolved issues
    16 Dec 2020
    • Released Take 91 of R80.40 Jumbo Hotfix Accumulator
    • SmartConsole package has been updated to Build 415
    09 Dec 2020 Take 89 of R80.40 Jumbo Hotfix Accumulator moved to General Availability
    01 Dec 2020 Released Take 89 of R80.40 Jumbo Hotfix Accumulator
    29 Nov 2020 Published List of upcoming resolved issues
    22 Nov 2020 Take 87 of R80.40 Jumbo Hotfix Accumulator moved to General Availability
    11 Nov 2020 SmartConsole package has been updated to Build 414
    05 Nov 2020
    • Released Take 87 of R80.40 Jumbo Hotfix Accumulator
    • SmartConsole package has been updated to Build 412
    25 Oct 2020 Take 83 of R80.40 Jumbo Hotfix Accumulator moved to General Availability
    21 Oct 2020 Added PRJ-16314 to Take 77
    20 Oct 2020 Added PRJ-8142 to Take 25
    14 Oct 2020 Published List of upcoming resolved issues
    04 Oct 2020
    • Released Take 83 of R80.40 Jumbo Hotfix Accumulator
    • SmartConsole package has been updated to Build 411
    09 Sep 2020 Take 78 of R80.40 Jumbo Hotfix Accumulator moved to General Availability
    26 Aug 2020
    • Released Take 78 of R80.40 Jumbo Hotfix Accumulator
    • SmartConsole package has been updated to Build 410
    25 Aug 2020 Take 77 of R80.40 Jumbo Hotfix Accumulator moved to General Availability
    18 Aug 2020 Released Take 77 of R80.40 Jumbo Hotfix Accumulator
    05 Aug 2020 Released Take 74 of R80.40 Jumbo Hotfix Accumulator
    03 Aug 2020 Updated the Important Notes section
    27 Jul 2020
    • Released Take 69 of R80.40 Jumbo Hotfix Accumulator
    • Take 67 of R80.40 Jumbo Hotfix Accumulator moved to General Availability
    • SmartConsole package has been updated to Build 407
    19 Jul 2020 Released Take 65 of R80.40 Jumbo Hotfix Accumulator
    02 Jul 2020 Published List of upcoming resolved issues
    30 Jun 2020 Released Take 55 of R80.40 Jumbo Hotfix Accumulator
    24 Jun 2020 Released Take 54 of R80.40 Jumbo Hotfix Accumulator
    15 Jun 2020
    • Released Take 53 of R80.40 Jumbo Hotfix Accumulator
    • SmartConsole package has been updated to Build 398
    26 May 2020 Published List of upcoming resolved issues
    25 May 2020 Take 48 of R80.40 Jumbo Hotfix Accumulator moved to General Availability
    21 May 2020 Released Take 48 of R80.40 Jumbo Hotfix Accumulator
    10 May 2020
    • Released Take 45 of R80.40 Jumbo Hotfix Accumulator
    • SmartConsole package has been updated to Build 396
    26 Apr 2020
    • Released Take 38 of R80.40 Jumbo Hotfix Accumulator
    • SmartConsole package has been updated to Build 40
    16 Mar 2020 First release of R80.40 Jumbo Hotfix Accumulator - Take 25

    Give us Feedback
    Please rate this document
    [1=Worst,5=Best]
    Comment