Support Center > My Favorites > SecureKnowledge Details
Jumbo Hotfix Accumulator for R80.40 (R80_40_jumbo_hf) Technical Level
Solution

Click Here to Show the Entire Article

Availability | Important Notes| List of resolved issues | Installation instructions | Uninstall instructions | Revision History

 

Introduction

R80.40 Jumbo Hotfix Accumulator is an accumulation of stability and quality fixes resolving multiple issues in different products.

   Supported products and configurations

The Jumbo Hotfix Accumulator supports these products and configurations: Security Gateway, Security Management Server, Multi-Domain Management Server, Log Server, Multi-Domain Log Server, SmartEvent Server, Endpoint Security Server, VSX and Cluster.

  • Install this Jumbo Hotfix Accumulator only after you successfully complete the Gaia First Time Configuration Wizard and reboot.
  • Check Point recommends installing Jumbo Hotfix Accumulator on all R80.40 devices.
  • For CPUSE installation, use the latest Deployment Agent build (refer to sk92449). 


   Support for Security Gateways Running on Open Servers

R80.40 Jumbo Hotfix Accumulator provides support for Security Gateways configurations running on Open Servers.
For an Existing Security Gateway running on Open Servers, a Blink image consisting of R80.40 GA image (Take 294) and R80.40 Jumbo Hotfix is available in the Download section below. For VSX and Standalone configurations, see sk168114.

For Freshly installed Open Servers, first use the R80.40 ISO image from the R80.40 Home page and then, before placing the machine into the production environment, install the R80.40 Jumbo Hotfix package from the below table (not the Blink image).

The R80.40 ISO image (Take 294) and the R80.40 image included in the Blink image are identical.


   For Quantum Appliances

  • For information about Jumbo Hotfix support on Quantum Appliances, refer to sk166536.


Jumbo Hotfix Accumulator FAQ | Releases Terminology | Jumbo Hotfix Takes Compatibility



Availability

  • General Availability Take


    Take_125 is the latest R80.40 Jumbo Hotfix Accumulator General Availability release that can be directly downloaded from Check Point Cloud using CPUSE and from this article:

    Product Take Release Date CPUSE Offline package SmartConsole package
    Security Management and Security Gateway
    Jumbo HF Take_125 23 Sep 2021 (TGZ) (EXE)
    Build 425
    Blink Image for Security Gateway and Open Server 
    Clean Install / Upgrade
    R80.40 GA Take 294 + Jumbo HF Take_125
    04 Oct 2021 (TGZ)
    Blink Image for Security Management - Clean Install / Upgrade (TGZ)
    Blink Image for Multi-Domain Management
    Clean Install
    (TGZ)

 

  • Ongoing Take

    Product Take Release Date CPUSE Offline package SmartConsole package
    Security Management and Security Gateway Jumbo HF Take_138 30 Nov 2021 (TGZ) (EXE)
    Build 425



  • Use Check_Point_R80_40_JUMBO_HF_Bundle_T<Take number>_sk165456_FULL.tgz for:
    • CPUSE Online Identifier
    • Starting from R81 Management servers, for Central Deployment with SmartConsole Online Identifier





Take 138 | Take 131 | Take 126| Take 125 | Take 121 |


Important Notes

  • Starting from Take 83, any manual change of $FWDIR/conf/rad_conf.C file may be overridden by the next Jumbo Hotfix installation. If you edited this file manually, refer to sk163793 and follow the instructions on how to keep your manual changes.
  • Starting from Take 114, if you already use Mobile Access with SAML, you must add a new prefix to all SAML groups in SmartConsole. Refer to sk173223.
  • Take 119: Hardened the ability to use narrowed IKEv2 tunnels. Refer to sk166417.
  • Starting from Take 91, CloudGuard Controller is not supported on Active/Active Cluster (Geo Cluster) in Amazon Web Services (AWS). Refer to sk175904.
  • If you are using a Jumbo Take below the latest GA Take, click here for more important notes
    • Takes 100-114: Many "dst_release: dst:ffff88052d4c68c0 refcnt:-480" messages may appear in dmesg and possibly impact system performance. This issue is limited to CPAS Connections, as SSL Inspection/Proxy/TE or TEX are activated/Anti-Virus deep scan is enabled. The fix is included in Take 118.
    • Take 114: User may fail to run any dynamic routing or install any static routes, including the default route. The fix is included in Take 118.
    • If you use a cluster with enabled Identity Awareness, refer to to sk170516  after the first installation of Jumbo Hotfix to avoid unexpected behavior with Identity Awareness.

 

List of Resolved issues and New Features per HotFix Take

 
ID Product Description
R80.40 Jumbo HotFix - Ongoing Take 138 (30 November 2021)
PRJ-33629, PRJ-33258 Security Management When connected to the standby Management Server, after High Availability full synchronization, some objects may appear twice in SmartConsole.
PRJ-32156,
PMTR-74372
Security Gateway UPDATE: Apache HTTPD version was updated from 2.4.41 to 2.4.51.
PRJ-29540, PRHF-19048  Security Gateway After reboot and policy installation, the "No interface configured in SmartCenter server with name mdps_tun. Matching by IP address to interface Mgmt" error may be printed in fwk.elg file.
PRJ-33561 Threat Prevention In a rare scenario, the Security Gateway may crash when working with Anti-Virus or Threat Emulation.
PRJ-33543,
PMTR-74799
Threat Prevention When IPS Automatic update is enabled, a memory leak may occur in the FWD process. 
PRJ-32546 Gaia OS In a rare scenario, the Security Gateway fails to boot when working in USFW (User-Space Firewall) mode.
R80.40 Jumbo HotFix - Ongoing Take 131 (1 November 2021) 
PRJ-29442,
PMTR-72448
Security Gateway UPDATE: The default value for kiss_kthread_allow_resched kernel parameter is changed to 1. Refer to sk170560.
PRJ-28872,
PRHF-18560
Security Gateway In a rare scenario, when using ICAP client, Security Gateway may crash. 
PRJ-30214,
MPTT-4834
Security Gateway In some scenarios, policy installation may take longer or fail when GEO Updatable Objects are used in the policy.
PRJ-29622 Security Gateway Improved User-Space Firewall (USFW) mode memory allocation. 
PRJ-29742,
PMTR-72615
Security Gateway In a rare scenario, due to TCP connection reuse, a TCP connection may not be initiated. Refer to sk11088.
PRJ-31369,
PRHF-19693
Security Gateway Improved the handling of a large number of sessions per single HTTP/S connection.
PRJ-26392,
PRHF-17436
Security Gateway In some scenarios, the WSDNSD process unexpectedly exits and creates a core dump file. Refer to sk173627.
PRJ-25868,
PMTR-68801
Threat Prevention In a rare scenario, the FWD process may unexpectedly exit after an upgrade.
PRJ-26496 Threat Prevention In rare scenarios, IOC feed loading fails due to hash parsing errors.
PRJ-32353,
PMTR-74629
Identity Awareness UPDATE: The default threshold value for Identity Collector Service Accounts exclusion was changed from 10 to 100. Refer to sk174266.
PRJ-31693,
PMTR-73790
IPS Improved the handling of decoded HTTP/S traffic.
PRJ-23570,
PRHF-15500
Anti-Virus Security Gateway may crash when transferring the HTTP multipart traffic if the Anti-Virus Deep Scanning, Threat Extraction, or Threat Emulation is enabled.
PRJ-30868,
PRHF-19755
VPN A memory leak may occur in the VPND process.
PRJ-29282,
PRHF-18818
VPN In rare scenarios, re-configuring a trusted CA bundle may cause a memory leak in the VPND process.
R80.40 Jumbo HotFix - Ongoing Take 126 (13 October 2021)
PRJ-26247,
PRJ-26233
Diagnostics NEW: Added the Check Point Performance Sizing Utility (CPSizeMe) v5.2.
PRJ-26025,
PMTR-69307
Security Management NEW: Added the "Get Interfaces" Management API for Security Gateway and Cluster objects.
  • The functionality is parallel to the "Get Interfaces" button in the SmartConsole Network Management page in the Security Gateway / Cluster editor.
  • The API is available starting from version 1.7.
PRJ-27201,
PRJ-27200
Security Management NEW: Added the Hitcount column to the "Export to CSV" functionality in Access Policy.
  • Requires R80.40 SmartConsole Build 425 (or higher).
PRJ-23051,
PMTR-61440
Security Management NEW: Added support for CloudGuard Edge appliances in LSM and SmartConsole.
PRJ-27110,
PMTR-70138
Security Management UPDATE: Performance improvement in an upgrade of Security Management and Multi-Domain Servers with large rulebases.
PRJ-27121,
PMTR-70628
Security Management UPDATE: The "Purge revisions" operation has been improved to reduce the database's size.
PRJ-28422,
PMTR-10273
Security Management Virtual session timeout for a TCP service cannot exceed 86400 seconds. Refer to sk168872.
PRJ-30631 Security Management In the Management HA environment, when changing a standby Server to active, the "Failed to set the connected server to active" error may be shown, although the operation was finished successfully.
PRJ-13164,
PRHF-11027
Security Management The "show-global-assignment" command returns the default limit when the limit request is greater than the default limit.
PRJ-28087,
PMTR-70942
Security Management In some scenarios, the Administrators view may not filter domain names according to the permission profile of the connected administrator.
PRJ-28648,
PRHF-18202
Security Management In some scenarios, when using a VPN community, the status of the Global Domain Assignment may change to "not up to date" , although no changes were made in the Global domain.
PRJ-29758 Security Management In rare scenarios, after the Security Management Server starts up, when connecting to SmartConsole, some objects appear more than once.
PRJ-25565,
PRHF-17182
Security Management In rare scenarios, upgrade may fail when there is an OPSEC Server object configured.
PRJ-28569,
PRHF-18422
Security Management In some scenarios, the Purge Revisions operation fails with the "An error has occurred while performing revisions purge operation, Incident ID - xxxxx-xxxxxxx-xxxxx-xxxxx" error message. Refer to sk174645.
PRJ-24330,
PRHF-16613
Security Management In some scenarios, the "Recent Tasks" view shows the initiator as a System administrator when the Global Manager user initiates reassign and install policy.
PRJ-25038,
PRHF-16802
Security Management In rare scenarios, a task in progress may get stuck until the Management Server is restarted.
PRJ-26193,
PMTR-69529
Security Management In a rare scenario, the FWM process may unexpectedly exit.
PRJ-26872,
PRHF-17640
Security Management In some scenarios, changing the Gateway hardware in SmartConsole fails with a "Changing the hardware to <New_Selected_Check_Point_Appliance> Appliances is blocked." warning.
PRJ-21967,
PRHF-15471
Security Management Packet Mode search in rule base ignores matching of inline layer parent rules. In some scenarios, this may retrieve inline layer rules that should not be matched.
PRJ-24051,
PMTR-66980
Security Management If the Management Server is up for many days, the CPM process memory consumption and CPU usage may increase consistently. 
PRJ-26417,
PRHF-16971
Security Management In rare scenarios, after migration of a Domain to a Security Management Server, publish may fail with a "Publish failed due to session validation errors" message although there are no errors in the validation pane.
PRJ-26298,
PRHF-17531
Security Management In rare scenarios, tasks may run indefinitely until the Security Management Server is restarted.
PRJ-26905,
PRHF-17725
Security Management In some scenarios, loading the Access Control policy causes SmartConsole to close unexpectedly. Refer to sk175405.
  • Requires R80.40 SmartConsole Build 425 (or higher)
PRJ-26910,
PRHF-16657
Security Management Policy installation to multiple Gateways from Install Policy Presets may fail if each policy has its own HTTPS Inspection policy.
PRJ-22134,
PMTR-63108
Security Management In some scenarios, a high load on the Management Server may cause SmartConsole slowness.
PRJ-15878,
PRHF-11539
Security Management OS information for Domain Servers may not be shown correctly at the MDS level.
PRJ-26506,
PMTR-69683
Security Management Policy verification may fail with a NAT verification error "The range size of Original and Translated columns must be the same".
PRJ-25267,
SMCUPG-1675
Security Management After migrating a Domain to Security Management Server, the FWM process may be shown as "down" in watchdog, although it is up and running. Refer to sk163814.
PRJ-25253,
PMTR-68425
Security Management Login with Management API fails when using the api-key and setting enter-last-published-session to "true".
PRJ-22384,
PRHF-15325
Security Management User may fail to connect to SmartConsole after the administrator changed the RADIUS Server host IP address. Refer to sk172065.
PRJ-25799,
PRHF-17324
Security Management In rare scenarios, if the CPM process is up for many days, CPU and memory consumption mаy continue to grow until a reboot is performed.
PRJ-25837,
PRHF-17362
Security Management In some scenarios, deleting a Security Gateway object fails with the "Object <name> is used by a policy or by other objects" error even though the Security Gateway is not in use. Refer to sk173467.
PRJ-26629,
PRHF-17230
Security Management In rare scenarios, during a system startup, a cleanup operation may cause high CPU on multiple Postgres processes and prevent login to SmartConsole. Refer to sk175189.
PRJ-26298,
PRHF-17531
Security Management In rare scenarios, tasks may run indefinitely until the Security Management Server is restarted.
PRJ-26123,
PRHF-17476
Security Management In some scenarios, HA synchronization fails in the Global Domain after the IPS update.
PRJ-26676,
PRHF-17744
Security Management Management API command "show gateways and servers" does not show policy information for cluster members.
PRJ-26653,
PRHF-16346
Security Management In some scenarios, an older version of a Jumbo Hotfix is recommended for installation on Security Gateway, although a newer version is already installed.
PRJ-23453,
PRHF-16065
Security Management After upgrade from R77.x, "Cannot assign a Domain more than once" errors may appear in the validations pane.
PRJ-28292,
PRHF-18210
Security Management In rare scenarios, High Availability incremental synchronization may fail with a wrong status message.
PRJ-26521,
PRHF-17679
Security Management In a rare scenario, policy installation may fail with a "Policy installation had failed due to an internal error" message.
PRJ-28000,
PRHF-18245
Security Management If Brute Force Password Guessing Protection is set to the value of more than 25 seconds, login to SmartConsole fails.
  • Requires R80.40 SmartConsole Build 425 (or higher).
PRJ-25628,
PRHF-17284
Security Management In rare scenarios, a Management Server upgrade may fail with the "Object not found - [UID]" error message in the cpm.elg log file.
PRJ-24949,
PRHF-16976
Security Management If there is an Administrator named "Endpoint", an upgrade of Endpoint Security Server from R77.30 version fails.
PRJ-30417,
PRHF-18883
Security Management Scheduled IPS updates data may not be shown in the IPS update report.
PRJ-25891,
PMTR-69154
Multi-Domain Management NEW: Added ability to create Domain Management Servers with a netmask different than the one of the Multi-Domain Server. Refer to sk173934.
PRJ-25517,
PRJ-25516
Multi-Domain Management In rare scenarios, in a Multi-Domain environment with active Domains on multiple Multi-Domain Servers, when performing manual HA sync in one Domain, objects from another Domain are not shown in SmartConsole. Refer to sk173268.
PRJ-25001,
PRHF-17007
Multi-Domain Management After migrating a Domain to a Multi-Domain Management and assigning a Global Policy, if there are objects with the same name in the Domain and Global Domain, the assignment succeeds, although it must fail due to name duplication.
PRJ-26301,
PRHF-17558
Multi-Domain Management In rare scenarios, Global Domain Assignment and Domain Creation tasks may continue to run indefinitely.
PRJ-26689,
PMTR-69747
Multi-Domain Management After migrating the Global Domain and making global changes, when assigning/reassigning the Global Domain, the assignment may be shown as "Up to date" even though the latest global changes are not applied on the Domain.
PRJ-24234,
PMTR-64142
Licensing UPDATE: If there is no license installed, an error message will be printed when running the "cpstart" command.
PRJ-21777,
PMTR-63316
Licensing In some scenarios, the total number of "sr" licenses may be counted incorrectly.
PRJ-27071,
PMTR-70430
Compliance In some scenarios on Multi-Domain environments, Compliance data is not synchronized between primary and secondary Domains.
PRJ-24350,
PMTR-67284
CPView In some scenarios, a memory leak may occur in a cpview_services module. Refer to sk173952.
PRJ-25930,
PMTR-69007
SmartView NEW:
  • It is now possible to set the default timeframe for all the SmartView web application functionalities.
  • The default value is "Last 24 hours".
Note: The default time frames on the SmartView web application and SmartConsole are not synchronized.

  • Requires R80.40 SmartConsole Build 425 (or higher).
PRJ-23489,
SL-5368
Logging NEW:
  • In SmartEvent GUI, added new products: "Behavioral Guard", "Anti-Exploit", "Anti-Bot" and "Anti-Ransomware"
  • For Endpoint logs correlation, added a new pre-defined event: "Harmony Endpoint" under Legacy -> Endpoint Security.
PRJ-26808,
PMTR-70072
Logging NEW: In SmartEvent GUI, added the "referrer" field for filtering correlation unit events.
PRJ-24978,
PRHF-16943
Logging When AES authentication is configured, the "thresold_config" command does not send traps for SNMP v.3. Refer to sk173045.
PRJ-26725,
PRHF-17205
Logging In some scenarios, the FWD process on Security Gateway may cause high memory consumption when Log Forwarding is configured or when running the "fw fetchlogs" command.
PRJ-23867,
PRHF-16183
Logging In SmartView reports, the "Show only icon" option for table widgets does not work as expected.
PRJ-27300,
PMTR-70643
Logging After upgrade, SmartView scheduled export to Excel of Reports and Views stop running and users are unable to edit the scheduled tasks. Refer to sk174047.
PRJ-14239,
PRHF-11770
Logging In SmartView, grouping or filtering by the field "Total Bytes" causes the query to fail.
PRJ-21318,
PRHF-15198
Logging In the Method field, logs with the following values are not shown in the SmartConsole's Logs tab. They are only shown when opening a single log record.
The values are: MOVE, TEXT, XGET, UNDEFINED, VTTEST, ABCD, SEARCH, RPC_CONNECT, PRONECT, TRACK, CFYZ, BADMETHOD, DEBUG, MGET, GET, MKCOL, QUALYS, RNDMMTD, PRI, NESSUS, BDMT, BADMTHD.
PRJ-27049,
PRHF-17285
Logging In rare scenarios, the Logs view may not reflect the Management Server object changes. When the issue occurs, the CPM process may also consume a high CPU.
PRJ-30722 Logging In some scenarios, export logs to CSV from SmartView Web view fails. Refer to sk175545.
PRJ-25645,
PMTR-68886
Logging In SmartView (Reports and Web Logs view), the value of the file size is displayed differently from the Logs view in SmartConsole (GB instead of GiB).
PRJ-24482,
SL-5577
Logging When a Management Server manages more than 1024 Gateways, the connectivity status may show "N/A" for several Gateways.
PRJ-23680,
PMTR-62763
Logging In rare scenarios, in environments with many network objects, when typing a query in the Logs tab Search bar, SmartConsole may close unexpectedly.
PRJ-22649,
PRHF-15710
Logging Threat Emulation log description for HTTP emulation is incorrect.
PRJ-26115,
PMTR-69276
Logging In a Multi-Domain Management environment, Log queries may fail to retrieve results from a CMA or CLM, if there is another CMA or CLM with the same sic_name.
PRJ-26694,
PMTR-70010
Logging When adding the "UC Block" action, log queries may not show UserCheck logs. Refer to sk174543.
PRJ-24283,
PMTR-66677
Logging In rare scenarios, when exporting logs to Check Point Infinity Portal, the Log Exporter may unexpectedly exit.
PRJ-21307,
PMTR-62117
Logging
  • In environments with more than 500K network objects, the log_indexer process may lead to a memory leak.
  • In some scenarios, when there are offline logs to index, queries are slower than expected.
PRJ-28852,
PRHF-18624
Security Gateway UPDATE: Added DNS Passive Learning support for DNS responses containing a Domain name in uppercase letters.
PRJ-19770,
PRHF-14017
Security Gateway Security Gateway may crash after policy installation. 
PRJ-27559,
PRHF-17949
Security Gateway In some scenarios, configuring an un-numbered virtual interface may cause ARP requests to stay not answered by the interface. Refer to sk174188.
PRJ-25293,
PRHF-16907
Security Gateway In rare scenarios, a re-matched connection may have 2 logs in SmartConsole.
PRJ-30903,
PMTR-73702
Security Gateway In some scenarios, the Security Gateway may crash when encountered an error on connection processing.
PRJ-24691,
PRHF-16403
Security Gateway In rare scenarios, creating a new SAM rule on a Management machine may fail.
PRJ-26501,
PRHF-17221
Security Gateway In a rare scenario, the Security Gateway may sporadically crash.
PRJ-18867,
PRHF-13722
Security Gateway In rare scenarios, DynamicID authentication fails with a "Server_code 403 log_msg General HTTP error" message in vpnd.elg. Refer to sk170303.
PRJ-25843,
PMTR-68979
Security Gateway Added the Access Control rulebase matching visibility enhancement.
PRJ-30206,
PMTR-72814
Security Gateway In some scenarios, NATed VPN traffic may be routed out through the wrong interface.
PRJ-26618,
PRHF-17663
Security Gateway In some scenarios, "[INFO] encode resource in base64 failed" messages generated by the RAD process are shown in /var/log/messages file.
PRJ-27037,
PMTR-67834
Security Gateway VSX provisioning may fail to commit changes to the VSX database. Refer to sk173683.
PRJ-25482,
PRHF-17175
Security Gateway In a rare scenario, the PDPD or VPND process on the Security Gateway consumes a high CPU. Refer to sk173706.
PRJ-27126,
PRHF-17942
Security Gateway In some scenarios, the routed process may unexpectedly exit.
PRJ-28103,
PRHF-18024
Security Gateway In a rare scenario, a memory leak may occur on the Security Gateway.
PRJ-14625,
PRHF-11760
Security Gateway After policy installation, Security Gateway may stop responding due to memory leaks.
PRJ-24837,
PRHF-15080
Security Gateway In some scenarios, when moving Mobile Access from Legacy to Unified Policy, previously configured native application may unexpectedly exit. Refer to sk172935.
PRJ-26930,
PRHF-17758
Security Gateway SNMP lowDiskSpace trap with MDPS does not work with SNMP versions v1/v2 . Refer to sk173811.
PRJ-26595,
PMTR-70023
Security Gateway Configuring the "Virtual Activation Timeout" option above 65535 may lead to an incorrect timeout definition. Refer to sk172464.
PRJ-27076,
PMTR-70300
Security Gateway In rare scenarios, using IP Pool NAT with only IPv4/IPv6 addresses configured may cause the Security Gateway to crash. 
PRJ-25552,
PMTR-67991
Security Gateway In some scenarios, connections are dropped with a "Virtual defragmentation error: fragment table is full" message.
PRJ-25156,
PMTR-67534
Security Gateway When running the "fwaccel stats -r" command to reset the SXL statistics, the statistics may become corrupted.
PRJ-23065,
PMTR-63142
Security Gateway Improved displayed drop log messages on the Security Gateway:
  • To see drops since the last reboot, use the "fw ctl drop" command.
  • To see drops in real time, use the CPView tool.
Refer to sk172232.
PRJ-26478,
PMTR-66746
Security Gateway In rare scenarios, when IPv6 is configured and Office Mode Anti-Spoofing is enabled, running "cpstop;cpstart" may cause a Security Gateway to crash.
PRJ-26035,
PMTR-67536
Security Gateway A "fw_xlate_rule_count_dec: refcount is negative" message may be displayed in dmesg when IP pool NAT is used on a cluster environment.
PRJ-21270,
PMTR-56012
Security Gateway In some scenarios, emails may be stuck in the MTA queue.
PRJ-28809,
PRHF-18657
Security Gateway Added cosmetic fixes of the cpwd_admin list command output.
PRJ-29087,
PRHF-13493
Security Gateway In some scenarios, the CPD process may consume high CPU because of the memory leak in FDT (File Download Tool).
PRJ-28829,
PRHF-18098
Security Gateway Improved the ICAP Server internal memory allocation logic.
PRJ-28553,
PMTR-71632
Security Gateway Capsule Workspace end users may fail to authenticate to their Exchange mail Server via Mobile Access SSO when authenticated with Kerberos, and the end users belong to many user groups or user groups with very long names.
PRJ-29138,
PRHF-18403
Security Gateway The cpsicdemux process may unexpectedly exit, causing Secure Internal Communication (SIC) connection to fail.
PRJ-26670,
PRHF-17760
Security Gateway In a rare scenario, traffic outage may occur. It is caused by a memory leak related to delayed logs.
PRJ-26648,
PMTR-70065
Internal CA This fix will clean up expired certificates from the Internal CA database every three weeks and after reboot.
PRJ-28140,
PMTR-59113
Anti-Virus UPDATE: Improved Anti-Virus buffer allocation to reduce stack size. 
PRJ-26525,
ODU-78
Threat Extraction Added Update 4 of Threat Extraction Engine. Refer to sk165832.
PRJ-26199,
PRJ-25544
Threat Prevention In a rare scenario, the Security Gateway may crash when working with Anti-Virus.
PRJ-26542,
PMTR-69186
Threat Prevention In some scenarios, the IPS update status in SmartConsole is incorrect after the automatic update fails with the "Update failed. Failed to load database" error. 
PRJ-26550,
PMTR-59790
Threat Prevention In a rare scenario, Security Gateway may crash due to the Threat Prevention Data Collector feature.
PRJ-26006,
PMTR-68402
Threat Prevention SSH Deep Packet Inspection (SSH DPI) may fail after upgrade to R80.40 Jumbo HotFix Take 91 or higher or after upgrade to R81.
PRJ-28519,
TPP-1291
Threat Prevention In rare scenarios, the Security Gateway may crash when the TCP connection is unexpectedly closed.
PRJ-21882,
PRHF-15174
Threat Prevention Policy installation fails if it contains objects with "://" text.
PRJ-28606,
PMTR-68865
Threat Prevention Large file transfer in connections inspected by SSH Deep Packet Inspection (SSH DPI) may fail if SSH renegotiation is performed during the transfer.
PRJ-24509,
PMTR-67604
Identity Awareness NEW: Added Identity Collector Service Accounts exclusion. The default threshold value is 10. Refer to sk174266.
PRJ-26803,
MBS-13669
Identity Awareness In a rare scenario, the Security Gateway may crash.
PRJ-25925,
PMTR-68088
Identity Awareness Optimized the PDP expired timers mechanism performance.
PRJ-26228,
IDA-4019
Identity Awareness When the PDP Gateway is connected to multiple pre-R81 PEP Gateways, the CPU consumption may be high. Refer to sk173709.
PRJ-23673,
PRHF-14886
IPS A redundant debug message may be displayed in dmesg logs.
PRJ-27958,
PRHF-18158
IPS In some scenarios for HTTP, the Security Gateway closes a connection from the Server side, but the user side may remain open.
PRJ-26106,
PRHF-17301
IPS Security Gateway may crash when the IPS profile name is very long. Refer to sk174025.
PRJ-26165,
PMTR-69256
IPS In rare scenarios, the FWK process may unexpectedly exit when installing the policy.
PRJ-28490,
PRHF-16635
IPS An HTTP download of a large file may unexpectedly stop with an error message.
PRJ-27259,
PMTR-65461
IPS Proxy source IP address is not printed in the IPS logs.
PRJ-27192,
PRHF-17768
Application Control UPDATE: Improved matching of URLs for custom applications.
PRJ-26741,
PRHF-4657
SSL Inspection Added an option to bypass Name Constraints extension on certificates using a registry flag. Refer to sk159692.
PRJ-25221,
PRHF-17088
Mobile Access Improved the Portal Rendering performance in Unified Policy mode.
PRJ-21699,
PMTR-64360
ClusterXL UPDATE: Added the fwha_disable_ccp_on_monitor global kernel parameter. The parameter turns on/off the sending of CCP packets on link monitor interfaces.
PRJ-26980,
PMTR-64228
ClusterXL In some scenarios, in Load Sharing mode, the cphaprob show_bond command on the Security Management Server shows the back-up slave status as "Not Available". Refer to sk175469.
PRJ-27225,
PRHF-17734
SecureXL Invalid VLAN traffic may cause repeated "deliver_list is empty!!!" error messages in the _/var/log/messages_ file.
PRJ-24541,
PMTR-67556
SecureXL In a VSX environment, the SYN Defender configuration may not be applied correctly.
PRJ-28054,
PMTR-71494
SecureXL In a rare scenario, DoS/Rate Limiting when using rules with country codes (CC) or autonomous system numbers (ASN) may not update Geo IP files correctly.
PRJ-26753,
PRJ-26750
Routing In some scenarios, the NetFlow Packet may report a wrong source IP Address.
PRJ-25318,
PMTR-68232
Routing In some scenarios, CPView displays incorrect values of RIP statistics.
PRJ-27059,
PRHF-17925
Routing In some scenarios, the routed process may unexpectedly exit when there is a static route and a kernel route to the same destination.
PRJ-28839,
PMTR-51501
Routing In some scenarios, an outage may occur because of premature graceful-restart exit.
PRJ-23780,
PMTR-63250
Routing During the boot process "pbrroute-conf" messages may appear. Refer to sk173514.
PRJ-27819,
PMTR-63965
Routing If the interface cable is unplugged, after a failover, Border Gateway Protocol (BGP) stops receiving routes from Primary member to Secondary and back to Primary.
PRJ-27044,
PMTR-57379
Routing The routed process with Ping enabled always gets reset during Clish reconfiguration.
PRJ-26961,
PMTR-65589
Routing The routed process may unexpectedly exit when candidate RP is enabled, and a rapid failover occurs or when the candidate RP interface is disconnected.
PRJ-26969,
PMTR-66574
Routing In some scenarios, the routed process may produce a core dump when it receives IGMPv3 Membership Reports over a long period of time.
PRJ-28552 Routing The checksum of PIM "register" packets may be calculated incorrectly, causing the RP router to discard a "register" packet.
PRJ-21393,
ROUT-1502
Routing Netflow packets are sent from the individual VS IP address instead of VS0.
PRJ-25985,
PMTR-65599
VPN In rare scenarios, IKE negotiation fails when using IPv6 addresses. 
PRJ-27855,
PMTR-71136
VPN When deleting an entry from m_ht hash table, a memory leak may occur.
PRJ-27682,
PMTR-71025
VPN When saving the login info of the client, a memory leak may occur.
PRJ-27678,
PMTR-71013
VPN Reauthentication of the client may lead to a memory leak.
PRJ-31029,
PRHF-19776
VPN Many "remote access client IP address and port were changed" logs are generated after an upgrade.
PRJ-27674,
PMTR-70855
VPN In some scenarios, the user may not be able to connect because the CVPND process unexpectedly exits.
PRJ-27686,
PMTR-70957
VPN In a rare scenario, a memory leak may occur.
PRJ-28264,
PRHF-18295
VPN A memory leak may occur when clearing the CRL cache file. 
PRJ-28752,
VPNS2S-2506
VPN Added IKEv2 improvement for DAIP peer.
PRJ-26623,
PRHF-17733
VPN Added VPN stability improvement in IKEv2. Refer to sk174245.
PRJ-26436,
PRHF-2715
VPN In a rare scenario, a memory leak may occur when RASession_util is active.
PRJ-26433,
PMTR-69479
VPN In a rare scenario, the IKED process stops with core dump, when using Office Mode IP allocation for clients, and users cannot connect.
PRJ-26442,
PMTR-69836
VPN In rare scenarios, a memory leak related to Gateway authentication may occur.
PRJ-27313,
PRHF-14851
VPN IPSec VPN uses the wrong source IP address when initiating NAT-T encrypted traffic. Refer to sk172805.
PRJ-22415,
PRHF-12576
VPN Remote Access users may randomly disconnect because the Tunnel test packets are mapped to the incorrect interface. Refer to sk172328.
PRJ-21638,
PRHF-15318
VPN VPN Logs show IP address octets in an unexpected (reversed) order. Refer to sk172807.
PRJ-27813,
PMTR-71098
VPN In some scenarios, the VPN tunnel between GCP cluster and GCP peer fails to establish.
PRJ-24807,
PRHF-16698
VPN Site to Site VPN connectivity issue when NAT is enabled.
PRJ-25142,
PRHF-16647
VPN In some scenarios, outbound traffic with NAT-T outgoing packets is sent from an incorrect link.
PRJ-26399,
PRHF-17622
VPN Policy installation may fail when VPN community is not configured on the Security Gateway. Refer to sk174235.
PRJ-22118,
PMTR-31204
VPN In rare scenarios, after policy installation, the VPND process may unexpectedly exit with core dump.
PRJ-25312,
PRHF-17101
VPN In rare scenarios, all traffic is dropped with "Rulebase Internal Error" in SmartLog.
PRJ-28074,
PRHF-18369
VPN A Remote Access client fails to login when a DN record length is bigger than 256. Refer to sk174249.
PRJ-28377,
PMTR-71772
VPN Improved VPN Site to Site tunnel establishment scenario with IKEv2. Refer to sk175092.
PRJ-25883,
PRHF-16370
VPN In some scenarios, when DAIP peer initiates IKEv2 negotiation with certificate authentication, the VPND process may unexpectedly exit. Refer to sk174665.
PRJ-26530,
PRHF-17627
VPN In some scenarios, the NAT-T traffic outages may occur after a cluster failover. Refer to sk175552.
PRJ-28505,
PRHF-18400
VPN A memory leak may occur in the VPND process.
PRJ-28512,
PRHF-18408
VPN In some scenarios, a memory leak may occur on the Security Gateway.
PRJ-28771,
PMTR-71850
VPN In some scenarios, in High Availability clusters with enabled CoreXL, SSL clients cannot connect to the Security Gateway because of incorrect license calculation.
PRJ-31147,
PMTR-73511
VPN In some scenarios, a memory leak may occur when using the SSL Network Extender (SNX) client to create a site.
PRJ-31107,
PRJ-31114,
PRJ-31131,
PMTR-73487,
PMTR-73488,
PMTR-73498
VPN In some scenarios, a memory leak may occur in the VPND process.
PRJ-30700,
PMTR-72756
HTTPS Inspection,
VPN
A memory leak in HTTPS Inspection and HTTPS portals may occur when using ECDHE ciphers.
PRJ-19969,
PRJ-19971
VSX UPDATE: Removed the .1.3.6.1.4.1.2620.1.16.22.2 (vsxStatusCPUUsageTable) and .1.3.6.1.4.1.2620.1.16.22.4 (vsxStatusCPUUsagePerCPUTable) OIDs as not supported on Gaia 3.10.
PRJ-22690,
PMTR-65535
VSX This fix allows create/change a VSX cluster/Gateway to have up to 32 CoreXL instances with VSX Provisioning Tool. Currently, it is possible to do this only in SmartConsole.
PRJ-19977,
PRHF-14371
VSX In some scenarios, the "cpstat vsx" command does not show the correct output. Refer to sk170793.
PRJ-26039,
PMTR-53985
VSX After upgradе, the VS names may be displayed incorrectly in the output of the "vsx stat -v" command.
PRJ-27443,
PRHF-17665
VSX Multi-Queue configuration does not survive reboot on VSX. Refer to sk173950.
PRJ-26926,
PMTR-69753
Gaia OS NEW: Added support for new card 4 ports 1/10GbE SFP+ Rev 4.1.
PRJ-27709,
PRHF-18191
Gaia OS UPDATE: The command "show multi-queue affinity" deprecation message was changed.
The new message is "This command is deprecated. Please use: show interface VALUE Multi-queue."
PRJ-27695,
PRHF-17721
Gaia OS When a non-TACACS user logs out from WebUI, "Cannot get pid" is printed as an error to the /var/log/messages file.
PRJ-27000,
PRHF-17900
Gaia OS Setting hashed SHA256/SHA512 expert password may fail with an error message: "set password-controls password-hash-type <password_hased> GAIA9999 Invalid Salted Hash".
PRJ-27612,
PRJ-27613
Gaia OS If NTPD service is configured in MDPS settings, NTPD error logs appear in var/log/messages after a reboot.
PRJ-25765,
PRHF-17216
Gaia OS After 248 days of up time, VMSS gateway sends a Cold restart alert reboot, but the VMSS does not reboot. Refer to sk173413
PRJ-26333,
PMTR-44510
Gaia OS In some scenarios on VSX, a "Loading kernel module for a network device with CAP_SYS_MODULE (deprecated). Use CAP_NET_ADMIN and alias netdev-eth instead" message appears in /var/log file.
PRJ-28051,
PMTR-71262
Gaia OS In some scenarios, bond interface slave fails to properly initialize and shows a partner system MAC address of 00:00:00:00:00:00.
PRJ-28796,
PRHF-18683
Gaia OS In a rare scenario,  a memory leak may occur in the monitord process.
PRJ-26640,
PMTR-56496
Gaia OS When running the "set security-gateway maas on" Clish command, the "maas" shell script is executed 4 times.
PRJ-17182,
PRHF-13013
Gaia OS Last trailing zero may appear in the output of "show configuration backup-scheduled". Refer to sk169255.
PRJ-27741,
PRHF-18108
Harmony Endpoint Endpoint Firewall may start dropping all network traffic after a Management Server upgrade from R80.10 or older versions.
PRJ-24723,
PRHF-16269
VoIP In a rare scenario, the Security Gateway crashes when handling SIP traffic.
PRJ-22500,
PRHF-15623
VoIP Holding last source port table lock while searching for next free port may cause performance issues.
PRJ-26794,
PRHF-17668
CloudGuard IaaS In some scenarios, CloudGuard Controller fails to fetch data from the standby ACI Server when the main ACI Server is unreachable.
PRJ-21215,
PMTR-63308
CloudGuard IaaS The mq_mng tool does not show RX/TX packets counter statistics for the virtio_net driver.
PRJ-26797,
PMTR-69072
CloudGuard IaaS In some scenarios, CloudGuard IaaS Standby member cannot access the Internet. Refer to sk175108.
PRJ-26815 CloudGuard Edge NEW: Quantum Edge Hardware type added to the drop down hardware list in SmartConsole.
PRJ-27239,
ODU-123
HCP Added Update 3 of HealthCheck Point (HCP) Release. Refer to sk171436.
PRJ-24088,
ODU-91
HCP Added Update 2 of HealthCheck Point (HCP) Release. Refer to sk171436.
PRJ-22799,
ODU-81
HCP Added Update 1 of HealthCheck Point (HCP) Release. Refer to sk171436.
PRJ-22322,
PRHF-15689
Infrastructure In some scenarios, the cpmiquerybin and dbedit processes may unexpectedly exit causing buffer overflow.
R80.40 Jumbo HotFix - Ongoing Take 125 (23 September 2021, GA from 04 October 2021)
PRJ-30574,
PMTR-63927
Logging In some scenarios, on Multi-Domain servers, after installing Jumbo hotfix Take 118, heavy API requests may fail.
PRJ-30284 ClusterXL In VSX Load Sharing (VSLS) environment, a disconnected bond LS interface impacts all VS's at the member regardless that the interface is connected to a specific VS.
PRJ-27977,
PMTR-69876
Gaia OS A memory leak may occur on a Security Gateway while configuring Secure Internal Communication (SIC).
R80.40 Jumbo HotFix - Ongoing Take 121 (17 September 2021)
PRJ-29752,
PRHF-19043
Security Gateway In rare scenarios, the Security Gateway may failover while handling the HTTP/2 stream.
R80.40 Jumbo HotFix - General Availability Take 120 (5 August 2021)
PRJ-29385,
PRJ-29381
Endpoint Security Endpoint Policy installation may fail after installing R80.40 Jumbo Hotfix Take 119. Refer to sk174846.
R80.40 Jumbo HotFix - Ongoing Take 119 (4 July 2021)
PRJ-24202,
PMTR-67200
Security Management NEW: Trusted CAs updates for HTTPS Inspection can be configured to be installed automatically upon update. Refer to sk173629.
PRJ-25033,
SMCUPG-1653
Security Management UPDATE: If there is no license on the Security Management Server, a new verification blocks an attempt to migrate a domain.
PRJ-23773,
PMTR-66072
Security Management "Query failed" error is displayed in Security Gateway Device & License Information view in SmartConsole when canceling the "Export to PDF/CSV" operation.
PRJ-24611,
PMTR-63454
Security Management Incorrect Mobile Access license status upon a license change.
PRJ-26183,
PRHF-17487
Security Management When running the "fwm logexport" command multiple times, the FWM process may unexpectedly exit, producing a core file.
PRJ-23884,
PMTR-66708
Security Management In some scenarios, when updating Check Point Host object to be a Network Policy Management and in addition configuring it as a Secondary Server, "Publish" fails with "Action Failed due to an internal error".
PRJ-23922,
PMTR-64482
Security Management SmartConsole Extensions fail to load with "Error: unable to retrieve read-only session" if login with SmartConsole is performed with an IP address that is not defined as the primary IP of the Management Server.
PRJ-21918,
PRHF-15491
Security Management In some scenarios, Desktop policy fails with "Policy installation had failed due to an internal error. If the problem persists please contact Check Point support". Refer to sk171970
PRJ-22075,
PRHF-15725
Security Management In rare scenarios, the Management Server may fail to start because Solr fails to initialize.
PRJ-24486,
PRHF-16631
Security Management In very large Management environments, Policy verification and installation may fail with FWM process core dump. Refer to sk173722.
PRJ-21399,
PRHF-15001
Security Management In rare scenarios, deleting an object fails with "Can't reach source object, maybe it already deleted" error. Refer to sk172828.
PRJ-23936,
CPM-3316
Multi-Domain Management NEW: Once a day, Multi-Domain Management servers will check for peers that are not synchronized. If such are identified, HA full sync will be automatically initiated at the MDS level.
PRJ-23697,
PRHF-16119
Multi-Domain Management Global Policy Reassignment may take a long time to complete after an IPS Update in the Global Domain.
PRJ-22638,
PRHF-15727
Multi-Domain Management In rare scenarios, the Multi-Domain Management Server may fail to start if Domains were previously deleted.
PRJ-24759,
PRHF-16660
Multi-Domain Management Global Policy Assignments may be missing in Multi-Domain environment after upgrade from R77.x.
PRJ-22522,
PMTR-65290
Multi-Domain Management In some scenarios, Reassign Global Domain for a Domain that is active on another Multi-Domain Server may fail with "An internal error has occurred" message. Refer to sk172704.
PRJ-24020,
PMTR-66953
Multi-Domain Management In some scenarios, after upgrade of Multi-Domain environment that has active Domains on multiple Multi-Domain servers, some objects may not be visible in the System Domain.
PRJ-23434,
PMTR-66135
Multi-Domain Management In some scenarios, when trying to migrate or restore a Domain and this Domain already exists, an error is shown and the existing Domain is deleted.
PRJ-25409,
CPM-2542
Multi-Domain Management In some scenarios, HA synchronization may fail on the MDS level with the "Failed to synchronize this peer due to purged revisions in the database." message.
PRJ-22783,
SL-5370
SmartConsole UPDATE:
  1. When using Updatable Objects, Source and Destination fields in logs will display the icon from the matched Updatable Object.
  2. Improved the accuracy of flag icons when using Updatable Objects for Geo-IP restrictions.
  • Requires R80.40 SmartConsole Build 424 (or higher).
PRJ-23604,
PMTR-66244
SmartConsole In some scenarios, a SmartTask may fail to execute its action when it is triggered for a policy installation.
PRJ-22126,
PMTR-62338
SmartConsole SmartConsole configures a default value for the IPv4 mask length of VIP interface each time a user opens the interface editor for cluster object configured in the Active-Active mode. As a result, the value configured by a user is overwritten with the default value each time the user opens the cluster object and clicks OK.
  • Requires R80.40 SmartConsole Build 424 (or higher).
PRJ-20257,
PMTR-57895
Logging NEW: Log exporter allows the re-export of logs based on starting and end positions provided by the user, to close possible gaps. Refer to sk122323.
PRJ-21418,
PMTR-61503
Logging NEW: The Log exporter now supports formatting for RSA SIEM application.
PRJ-25595,
SL-5164
Logging UPDATE: The Log server now supports up to 2700 Gateways (previously was 1024). Refer to sk163413.
PRJ-23580,
PMTR-65203
Logging In some scenarios following a Multi-Domain Management Server upgrade, logs queries may not retrieve results from some CMAs\CLMs.
PRJ-25453,
PMTR-68670
Logging In rare scenarios, logs generated in the same second, with the same ID, may not show up in SmartConsole's Logs tab.
PRJ-10357,
PMTR-46596
Logging Log_indexer may unexpectedly exit on a SmartEvent server with a large number of CPUs (32 and up), and\or when the total number of log servers declared in correlation units is above 30.
PRJ-24215,
PMTR-65200
Logging In Multi-Domain environment, the same Domain may appear twice in the Domains view of the SmartEvent application.
PRJ-12427,
PRHF-10612
Logging In some scenarios, exported FireWall logs from a Security Gateway to an external syslog server (sk87560) contain a redundant new line character. 
PRJ-23204,
PMTR-65244
Logging In rare scenarios, when creating a Log server object and establishing SIC, log queries from the newly created Log server object may fail.
PRJ-22966,
PMTR-64536
Logging In some scenarios, when exporting logs using the Log exporter tool and filtering on all Threat Prevention blades, logs of "Anti Spam" blade are not exported.
PRJ-23009,
PRHF-15886
Logging In rare scenarios, when the user exports logs to Excel using SmartView web, the action fails when the exported logs contain special characters, like emojis.
PRJ-23112,
PMTR-52927
Logging In some scenarios in SmartView, exporting a report or view to PDF duplicates the item and displays it twice in the Catalog until the export is done.
PRJ-15232,
PRHF-12075
Logging In SmartView, when creating a statistical table and grouping by Time, the query may fail.
PRJ-23820,
PRHF-12659
Logging In rare scenarios, when querying logs with a timeframe larger than 1 day, only 50 logs from each day will be shown.
PRJ-16647,
PMTR-58979
Logging In the SmartConsole Logs tab, the "IKE IDs" field cannot be added to column profiles.
PRJ-23284,
PMTR-65335
Security Gateway NEW: Added the "Top Connections" tool. For more information, refer to sk172229.
PRJ-23383,
PMTR-66195
Security Gateway NEW: Implemented new Fast-Accel producer.

The following Fast-Accel statistics are added to CPView:

  • Status: current status of Fast-Accel feature (enabled/disabled).
  • Configured rules: number of rules were added by the user. These rules determines whether a connection should be accelerated or not.
  • Accelerated connections amount: number of accelerated connections.
  • Total connections amount: total connections opened in PPAK.
  • Accelerated connections percentage: percentage of accelerated connections as part of the overall traffic.
  • Services distribution: number of times each service was used by the accelerated connections.
PRJ-10989,
PRHF-8504
Security Gateway UPDATE: Added L3 routing support for bridge interface assigned with IP address. To enable it, set fw_bridge_with_ip_routing=1 in the $FWDIR/fwkern.conf file. Refer to sk165560.
PRJ-24536,
PMTR-66616
Security Gateway UPDATE: Added new Dynamic Balancing Clish command to enable default number of instances. To use it, run "set dynamic-balancing state enable ++set_default_fw_instances". Refer to sk164155.
PRJ-22260,
PMTR-64681
Security Gateway UPDATE: Added $CPDIR/log/sic_info.elg log file to show detailed SIC errors.
PRJ-26330,
PMTR-68117
Security Gateway UPDATE: The prompt indication will show on which plane (management or data) the context is.
For example,
[Expert@Host:0] will be displayed as [Expert@Host:dplane] for data plane
[Expert@Host:1] will be displayed as [Expert@Host:mplane] for management plane
PRJ-23078,
PMTR-65799
Security Gateway Enhancement: Early drop optimization will work even if the UserCheck is not relevant for this connection.
PRJ-18126,
PMTR-60844
Security Gateway In some scenarios, an incorrect interface name is displayed in CPView.
PRJ-26577,
PMTR-69967
Security Gateway In rare scenarios, a Security Gateway may crash.
PRJ-24009,
PRHF-16196
Security Gateway In rare scenarios, when the "sd_global_monitor_only" property is set to "true", there is no HTTP inspection.
PRJ-21450,
PRHF-14785
Security Gateway RSA integration using SAML (Security Assertion Markup Language) protocol may not work as expected. Refer to sk171501.
PRJ-23538,
PMTR-66212
Security Gateway In some scenarios, values set in fwkern.conf may not be applied correctly.
PRJ-20982,
PRHF-14104
Security Gateway In rare scenarios, the CPD process unexpectedly exits when the VPN is enabled, and statuses are not sent to the Management Server.
PRJ-23427,
PMTR-65909
Security Gateway The VPND process may consume high CPU because of ECDHE use, which affects multi-portal functionality. Refer to sk173145
PRJ-24377,
SMB-10515
Security Gateway A memory leak may occur in a DNS resolving infrastructure.
PRJ-24882,
PMTR-66910
Security Gateway In rare scenarios, the name of the application that drops a packet was not shown in the drop debug. Instead, the “PSL Drop: internal - drop enabled” message was displayed.
With this fix, the reason for the drop will be displayed.
PRJ-21312,
PMTR-63867
Security Gateway Allow automatic configuration of Identity Awareness nested group state 4 for Security Gateways with a previously installed fix for IDA-754.
PRJ-22873,
PRHF-15786
Security Gateway In some scenarios, policy installation fails with "Error code 0-2000077" message.
PRJ-21472,
PRHF-14963
Security Gateway When the Security Gateway is configured as a proxy, some network objects may not be matched correctly.
PRJ-24299,
PMTR-67184,
PRJ-24529,
PRHF-16667
Security Gateway In a rare scenario, the FWK process unexpectedly exits on the Security Gateway.
PRJ-22879,
PMTR-54501
Security Gateway In some scenarios, FWD sub-processes start with wrong CPU affinity.
PRJ-25598,
PRHF-12228
Security Gateway In some scenarios, packets are dropped due to incorrect SACK translation when SACK and sequence translation are being used together.
PRJ-24465,
PRHF-15688
Security Gateway In a rare scenario, Security Gateway may crash when handling some DNS packets.
PRJ-22739,
PRHF-15578
Security Gateway When Strict Hold is enabled in the fail-open configuration, some HTTPS connections may stuck.
PRJ-24413,
PRHF-16452
Security Gateway In a rare scenario, Security Gateway may crash under heavy load during cluster failover.
PRJ-24730,
PRHF-16851
Security Gateway On rare scenarios, running "fw1 + misp" debug on cluster may cause Security Gateway to crash.
PRJ-22944,
PMTR-65733
Security Gateway In rare scenarios, policy installation fails with "gen_other_service_inspect_func: failed to find corresponding service object for <service name>"  error message.
PRJ-23948,
PMTR-66474
Security Gateway In a rare scenario, Security Gateway may crash when running in USFW (User-Space Firewall) mode.
PRJ-23041,
PMTR-65729
Security Gateway In a rare scenario, Security Gateway may crash during the Application Control / IPS / Anti-Bot package update.
PRJ-23341,
PRHF-16111
Security Gateway Boot may take a long time on machines with many VLANs or secondary IP addresses.
PRJ-20810,
PMTR-62949
Security Gateway On Security Management with connected Endpoint Security Server, the SICTUNNEL process may unexpectedly exit and start again every few minutes with core file ~4gb in size. Refer to sk173704.
PRJ-22749,
PRHF-15894
Security Gateway In a rare scenario, Security Gateway may crash due to log buffer corruption.
PRJ-22624,
PRHF-15835
Security Gateway In some scenarios, the VSX Cluster switch may cause a core dump.
PRJ-26879,
PRHF-15894
Security Gateway In a rare scenario, Security Gateway may crash due to log buffer corruption.
PRJ-25906,
PMTR-69241
Security Gateway In a rare scenario, machine hangs and user is unable to run any command. Refer to sk173405.
PRJ-26015,
PMTR-68942
Security Gateway In a rare scenario, a memory leak may occur in in.emaild.mta process.
PRJ-25737,
PRHF-16886
Security Gateway In some scenarios, Security Gateway may crash when ICAP client is enabled.
PRJ-26344,
PMTR-69467
Security Gateway When using Routing separation and ClusterXL, the "cphaprob -a if" command displays "mdps_tun" as "DOWN".
PRJ-26257,
PRJ-26269
Security Gateway In a rare scenario, incorrect error messages regarding the ICAP client flow appear in dmesg. Refer to sk173546.
PRJ-25816,
PRHF-16364
Security Gateway Added Dynamic Anti-Spoofing stability enhancements.
PRJ-25392,
PRHF-17173
Security Gateway In some scenarios, there is no match on URL Filtering rules.
PRJ-16921,
PRHF-12897
Security Gateway In rare scenarios, SmartView Monitor shows the "Error code: 2147483647" message when viewing data from a VSX Gateway. Refer to sk174206.
PRJ-26151,
PMTR-69312
Security Gateway In a rare scenario, a memory leak may occur when IPS / Anti-Bot / Anti-Virus blade is enabled.
PRJ-25272,
PMTR-68358
Internal CA UPDATE: The IKE certificates validity period is set to 1 year by default.
PRJ-26139,
PMTR-69466
Internal CA UPDATE: Added automatic extension for Internal CA database to support more than 100,000 certificates.
PRJ-20813,
PMTR-61640
Threat Prevention Large file download with SFTP may fail when the connection is inspected.
PRJ-17296,
PMTR-59258
Threat Prevention In some conditions, the Security Gateway may crash when SSH Deep Packet Inspection (SSH DPI) and Anti-Virus are enabled.
PRJ-23267,
PMTR-49906
Threat Prevention In rare scenarios, the "fw load_sigs" command fails to exit appropriately after completing.
PRJ-22271,
PRHF-14664
Threat Prevention Improved the Threat Prevention policy installation time when installing on more than two Security gateways.
PRJ-19557,
PMTR-61333
Threat Prevention In some scenarios, "cpssh_trans_endpoint_handle_session_travers_timeout: INTERNAL ERROR" errors are displayed in the fwk.elg file when inspecting SSH traffic.
PRJ-20484,
PMTR-61702
Threat Prevention In rare scenarios, Security Gateway may crash when working with SSH.
PRJ-25058,
PMTR-67597
Identity Awareness NEW: Added new Auto-Tune feature for Nested Groups to select the optimal nested state for maximum performance.
The feature is disabled by default. To enable it, refer to sk128212.
PRJ-25382,
PMTR-68590
Identity Awareness UPDATE: Changed the Web-API conciliation score from 10 to 15.
PRJ-26973,
IDA-3973
Identity Awareness UPDATE: It is now possible to configure SAML (Security Assertion Markup Language) authentication with the same Microsoft Azure AD directory for multiple blades on the same Security Gateway.
Note: Each Blade on each Security Gateway requires its own Identity Provider object in SmartConsole.
PRJ-25581,
IDA-3937
Identity Awareness In some scenarios, Identity Awareness with enabled Remote Access identity source constantly prints "A secondary session request was received from the same IP" message in the log and overrides the existing session.
PRJ-22359,
IDA-3759
Identity Awareness In some scenarios, output of "pdp conn pep" command may show incorrect PEP names.
PRJ-16186,
IDA-3194
Identity Awareness Added optimization for PDP when handling Terminal servers Multi-User Host Agent (MUH).
PRJ-25379,
PRHF-10292
Identity Awareness In Identity Awareness Captive portal, the default Check Point logo is displayed even if the user-defined logo is configured. Refer to sk133492.
PRJ-21457,
PRHF-14980
Identity Awareness In some scenarios, the VPN Remote Access client fails to connect if a certificate contains a DN with an asterisk (*). 
PRJ-21771,
PMTR-58795
Application Control A failure log may be generated when inspecting connections to servers with certificates without a common name (CN) field.
PRJ-19859,
PMTR-58379
SSL Inspection UPDATE: Avoid sending the TLS probe during inbound inspection when it is nоt necessary for the SNI-based categorization.
PRJ-21686,
PMTR-63310
SSL Inspection UPDATE: Avoid sending the TLS probe during the inbound inspection when a rule is matched according to the IP address.
PRJ-22427,
PMTR-64992
SSL Inspection In some scenarios, the "Parallel TLS Sessions" and "Cache entries" CPView statistics for SSL Inspection are incorrect.
PRJ-19856,
PMTR-61029
SSL Inspection TLS probing failures generate logs with a general description in SmartLog: "Internal system error in HTTPS Inspection (Error Code: 2)". With this fix, more descriptive logs will be generated.
PRJ-24462,
PMTR-65718
SSL Inspection In some scenarios, memory leaks may occur after policy installation.
PRJ-24468,
PMTR-66181
SSL Inspection In rare scenarios, the wstlsd daemon may unexpectedly exit during TLS probing.
PRJ-25173,
PRHF-14178
SSL Inspection In some scenarios, when HTTPS Inspection is enabled, overall memory consumption may gradually increase. Refer to sk171280.
PRJ-20680,
PRHF-14540
SSL Inspection A table hash size may be too small for some environments and cause an increased CPU usage.
PRJ-24781,
PRHF-16849
Anti-Malware In a rare scenario, the Security gateway may crash with the "Problem with the Commit Function" error during policy installation. Refer to sk173248.
PRJ-24120,
PRHF-15586
IPS Added IPS Core Protections scan improvements for HTTP traffic.
PRJ-22188,
IPS-352
IPS In some scenarios, the DNS response message with record type 0 may be dropped by "Non compliant DNS" protection.
PRJ-23928,
PMTR-66261
Anti-Bot UPDATE: Anti-Bot URL cache was enhanced to support further requests.
PRJ-23980,
PRHF-16392
UserCheck Sensitive file push.js may be visible on the Security gateway.
PRJ-24628,
TEX-2201
UserCheck In rare scenarios, when clicking the "Send Original Mail to me" button (sk140214) in the UserCheck portal for Threat Extraction, action fails with "An unexpected error has occured ..." error message.
PRJ-22332,
PMTR-21454
Mobile Access In some scenarios, the VPND process unexpectedly exits in SNX Application Mode.
PRJ-23092,
PRHF-12121
Mobile Access In some scenarios, FWK process unexpectedly exits due to SNX authorization timeout in MAB's Unified Policy mode. Refer to sk173125.
PRJ-23653,
PMTR-60065
Mobile Access Remote Access session may not be synced on the standby member VS.
PRJ-24687,
PRHF-16135
Mobile Access In some scenarios, the HTTPD process consumes a high CPU causing slowness in access to web applications.
PRJ-23731,
PRHF-16302
Mobile Access In some scenarios, when configuring the "X-Forwarded-For" header to MAB reverse proxy, the header is passed in reverse order.
PRJ-25104,
PRHF-17025
ClusterXL Data connections from the Standby member of an Active-Standby cluster may be dropped on the stealth rule when "fwha_cluster_hide_active_only" is set to 1.
PRJ-27788,
PMTR-64102
ClusterXL Log shows that CCP encryption fails on each policy installation.
PRJ-24145,
PMTR-67140
SecureXL UPDATE: Firewall debug drop template message now indicates the rule ID the template was created from.
PRJ-24015,
PRHF-16174
SecureXL Configuring the "Virtual Activation Timeout" option above 65535 may lead to an incorrect timeout definition.
PRJ-23460,
PRHF-16084
SecureXL A race condition in the DOS/Rate limiting policy's install logic may cause incorrect counter values for "concurrent-conns".
PRJ-17461,
PRHF-13183
SecureXL SecureXL keeps forwarding packets in VSX bridge mode when the member is down. Refer to sk169495.
PRJ-24652,
PMTR-67738
SecureXL In some scenarios, the "reached the limit of maximum enqueued packets!" log is printed in the /var/log/messages file. 
PRJ-23848,
PRHF-15781
SecureXL In some non-VPN scenarios, MSS Adjustment (Clamping) does not work.
PRJ-25510,
PRHF-16656
SecureXL In a rare scenario, Security Gateway may crash when generating CPInfo in VSX mode.
PRJ-22785,
PMTR-65162
SecureXL In a rare scenario, Security Gateway may crash after running the "fwaccel tab -t connections" command.
PRJ-23272,
PRHF-15932
CoreXL In some scenarios, the "fw ctl affinity" command on MPDS Dplane does not show the Mplane Multi-Queue interfaces.
PRJ-24477,
PRHF-16658
Routing UPDATE: Allow "set bgp internal peer <value> send-route-refresh" commands.
PRJ-23249,
PRJ-24404
Routing VRRP member freezes when deleting a VLAN interface. Refer to sk106226.
PRJ-24970,
PMTR-48361
Routing Graceful restart has been enhanced to tolerate a non-standard behavior by peers of closing BGP connection before getting established.
PRJ-24716,
PRHF-16801
Routing In OSPF environment, the routed process may unexpectedly exit when a VPN tunnel is flapped leading to a temporary connectivity loss.
PRJ-25041,
PRHF-16981
Routing In a rare scenario, the routed process unexpectedly exits when creating an MFC (S,G) entry.
PRJ-23741,
PMTR-62549
Routing After restarting OSPF with the "restart ospf instance default" command, OSPF may not redistribute routes until making a configuration change.
PRJ-25995,
PMTR-69290
Routing In some scenarios, the monitored IP option "force-if-symmetry" does not detect the asymmetric ping properly.
PRJ-24388,
MBS-12759
Routing In rare scenarios, a Load Sharing cluster can experience DHCP relay drops with a "dropped by fw_post_vm_chain_handler Reason: Handler 'dhcp_reply_code' drop" message.
- VPN Hardened the ability to use narrowed IKEv2 tunnels. For more information, refer to sk166417.
PRJ-25493 VPN UPDATE: Added support for Security Assertion Markup Language (SAML) authentication on more than one VS in VSX. Refer to sk172909.
PRJ-23763,
PMTR-66754
VPN UPDATE: Option 3 of the "vpn tu" command shows now the realm name and if the authentication was performed with the server certificate.
PRJ-24816,
VPNS2S-2313
VPN UPDATE: Added VPN improvements in IKEv2:
  • Added support for IKEv2 authentication when using multiple certificates.
  • Added support for “Matching info” authentication.
VPNS2S-2313 VPN Invalid ID information” message may be displayed when peer is 3rd party and Link selection is overridden.
VPNS2S-2313 VPN IKEv2 may cause the VPND process to unexpectedly exit when IKEv2 rekey uses certificates.
VPNS2S-2313 VPN
  • Stability improvement of IKEv2 rekey when using Pre-shared-key
  • Stability improvement of cluster synchronization mechanism
PRJ-22543,
PRHF-14102
VPN Added stability fix in validation checks for ECDSA certificates.
PRJ-24252,
PRHF-15984
VPN In some scenarios, the TTM (Transform Template) file is not loaded when there are no TTM groups for the user.
PRJ-26349,
PMTR-69744
VPN If SSL Inspection or other blades that use the CPAS infrastructure is enabled, a call trace warning is displayed in dmesg when the cpstop command is issued.
PRJ-23938,
PRHF-14819
VPN When the Remote Access is configured to use DHCP for the Office Mode allocation, disconnection of SNX/L2TP clients may cause the IP address not be removed from the table.
PRJ-15569 VPN In some scenarios, NAT-T traffic is sent to the wrong next-hop MAC address.
PRJ-26341,
PMTR-69135
VPN In some scenarios, Phase 2 NULL encryption in IKEv2 fails with "Received notification from peer: No proposal chosen" message in the log.
PRJ-25235,
PMTR-68326
VPN Added improvements for DAIP gateway behind Hide NAT and ROBO peer gateways.
PRJ-26267,
PMTR-68840
VPN In some scenarios in MEP configuration, failover to available MEP members may fail.
PRJ-26929,
PMTR-70367
VPN In some scenarios, the VPND process unexpectedly exits after installing the policy.
PRJ-23985,
PMTR-66902
VPN In some scenarios, the he VPND process may unexpectedly exit producing a core dump.
PRJ-23974,
PMTR-65986
VPN In some scenarios, the IKED process unexpectedly exits producing a core dump.
PRJ-24860,
PRHF-16883
VPN The VPND process may unexpectedly exit when cipher priority configuration is invalid. Refer to sk173083.
PRJ-25489,
PMTR-68687
VPN In VSX environments, Anti-Spoofing in SecureXL may cause Remote Access VPN drops. Refer to sk173266.
PRJ-24890,
PMTR-63753
VPN In some scenarios, the "Global param: operation failed: Unknown parameter (param name vpn_cluster_on_aws)" cosmetic error may appear in dmesg.
PRJ-21942,
PRHF-15509
VPN In some scenarios, VPN Remote Access users are disconnected after policy installation. Refer to sk171966.
PRJ-14272,
PRHF-9691
VPN Added IKE improvement for DAIP peer with ID_DER_ASN1_DN ID type.
PRJ-22528,
PMTR-64500
VPN When Multiple Factor Authentication is configured with DynamicID , VPN clients may receive four password prompts. Refer to sk144932.
PRJ-24402,
PRHF-16421
VPN In some scenarios, DAIP gateways may be identified as Remote Access, causing the connection to fail. Refer to sk173417.
PRJ-25053,
PRHF-16121
VPN In some scenarios, a user may not be able to connect because the VPND process unexpectedly exits.
PRJ-25133,
PMTR-68208
VPN In some scenarios, the VPN Remote Access client cannot reconnect after changing the authentication method.
PRJ-26204,
PMTR-68557
VPN MEP failover with 3rd party vendors may not work correctly.
PRJ-25333,
VPNS2S-2335
VPN In some scenarios, the "Illegal sequence number" error may be printed in Dead Peer Detection (DPD) debug.
PRJ-21431,
PRJ-21424
Gaia OS NEW: Added support for hardware (sensors/NICs) data auto-update.
PRJ-25718,
PMTR-56308
Gaia OS UPDATE: The Multi-Queue (MQ) enhancement by IPSEC SPI is now supported out of the box on CPAC-4-10F-C appliance NICs (i40e driver, X710 controller).
PRJ-26747,
PMTR-70210
Gaia OS The raid_diagnostic command fails on Smart-1 3050/3150/5050/5150 appliances. Refer to sk173788.
PRJ-23329,
PRHF-16081
Gaia OS The "snmptable" command may fail to fetch data via SNMP producing core dump. Refer to sk172824.
PRJ-23421,
PMTR-65206
Gaia OS The administrator cannot force a password change to users with UID 0.
PRJ-26756,
PMTR-69435
Gaia OS In some scenarios, the first packet of any protocol is dropped if there is no ARP cache entry in the ARP table for that destination. Refer to sk173933.
PRJ-24173,
PRHF-16489
Gaia OS In rare scenarios, the Security Gateway may crash during tcpdump. Refer to sk141412.
PRJ-23614,
PRHF-16252
Gaia OS In rare scenarios, there is a difference between the value of "Packets" in the output of "ifconfig <interface name>" and "show interface <interface name> statistics" commands.
PRJ-24493,
PRHF-16665
Gaia OS In a rare scenario, the Security Gateway may become unresponsive. Refer to sk172827.
PRJ-24596,
PRHF-16780
Gaia OS When the RADIUS server uses a multi-pool "Access Challenge", the system sends many authentication requests without waiting.
PRJ-25669,
PRHF-16999
Gaia OS In some scenarios, the driver's (i40e) response time for MQ settings takes a too long time.
PRJ-26328,
PMTR-69006
Gaia OS When using routing separation, Clish configuration for the management plane may be missing.
PRJ-23967,
PRHF-16338
VSX UPDATE: Added ability to change the Management and Sync interfaces via vsx_util change_interfaces.
PRJ-23828,
PRHF-16241
VSX In rare scenarios, the Wrp interface may not come up. Refer to sk171753.
PRJ-24382,
PRHF-16604
VSX In rare scenarios, when the VSX cluster experiences an outage, the FWK process generates a core dump file.
PRJ-23483,
PMTR-65524
VoIP In some scenarios, the "sip_increase_opq_rnum: Error - number of reinvites exceeded the limit" message that indicates the malfunction SIP flow is printed in SIP debug.
PRJ-24293,
ODU-84
Smart-1 Cloud Added Update 1 of Quantum Smart-1 Cloud Release. Refer to sk166056.
PRJ-23379,
PRHF-13883
CloudGuard IaaS The SNMP response may show incomplete values.
PRJ-25378,
PRHF-17170
CloudGuard IaaS CloudGuard Controller with Cisco ACI Data Center sends updates without IP addresses to Security Gateways.
PRJ-21718,
PMTR-64430
CloudGuard Azure Improved performance consistency (with Multi-Queue) after the Microsoft Azure Maintenance event.
PRJ-23132,
PRJ-23133
IoT NEW: Added new features:
  1. Custom tags support - Any custom tag can be now used within a policy.
    • Add it to the $VSECDIR/conf/IotTags.conf configuration file
    • Run vsec off; vsec on
  2. Zone tag - The ‘Zone’ tag is now considered as a built-in tag. 
- IoT UPDATE: If the recommended-policy includes some illegal rules, an IoT layer will be created with the legal rules only and the user will be notified with a warning about the illegal ones.
PRJ-24280,
PMTR-66083
Endpoint Security In some scenarios, the "Included Blades" tab in the SmartEndpoint Package repository for Dynamic Package is empty. 
PRJ-25728,
PMTR-68887
QoS A memory leak may occur when using domain names in QoS policy rules.
R80.40 Jumbo HotFix - General Availability Take 118 (10 May 2021, GA from 25 May 2021)
PRJ-25688,
PRJ-25524
Security Gateway In some scenarios, "dst_release: dst:ffff88052d4c68c0 refcnt:-480" messages may be printed in dmesg regarding HTTPS traffic when SSL Inspection blade is enabled.
PRJ-25944,
CLUS-1804
ClusterXL In some scenarios, the user cannot run any dynamic routing or install any static routes, including the default route.
PRJ-25396 Gaia OS When using routing separation and configuring interface in Clish the "Can't read "NSID": no such variable" error may be displayed. Refer to sk173364.
R80.40 Jumbo HotFix - Ongoing Take 114 (25 April 2021)
PRJ-22315,
PRJ-22314
Security Management NEW: Performance improvement of Management High Availability Full Sync.
PRJ-21248,
PMTR-62918
Security Management In some scenarios, the log file of PostgreSQL (postgres.elg) may become very large.
PRJ-22441,
PRHF-15754
Security Management Upgrade or migration from R80.10 and lower to R80.20 and higher may fail with "Scheme adjustment had failed" error in logs. Refer to sk172003.
PRJ-23543,
PMTR-66182
Security Management In some scenarios, HA sync in a Multi-Domain environment may fail with the "Failed to import data" error message after the user creates new Permission Roles.
PRJ-17233,
PRHF-12911
Security Management In some scenarios, Apache does not start and shows a "No space left on device" message if the user runs "cprestart" frequently.
PRJ-21179,
PMTR-63358
Security Management In rare scenarios, logout of a Session fails with error: "An internal error has occurred".
PRJ-22211,
PMTR-61168
Security Management In rare scenarios, concurrent update operations performed by several administrators on the Management Server may fail.
PRJ-13071,
PRHF-11089
Security Management In rare scenarios, during a Global Policy Reassignment, the Management Server may unexpectedly exit and fail to start again.
PRJ-14246,
SMCUPG-1375
Security Management In some scenarios, a Domain migration may fail during the Access Policy import with the "Object not found" error in cpm.elg file.
PRJ-22130,
PMTR-61861
Security Management In a rare scenario, Management HA synchronization fails after the Purge Revisions operation.
PRJ-22123,
PMTR-61785
Security Management Running override_server_setting.sh may not update settings correctly when updating a setting multiple times.
PRJ-21179,
PMTR-63358
Security Management In rare scenarios, logout from a session fails with "An internal error has occurred" message.
PRJ-23159,
PMTR-64136
Multi-Domain Management UPDATE: Added stabilization improvement for Assign and Reassign Global Policy operations.
PRJ-22632,
PMTR-62650
Multi-Domain Management UPDATE: Improved the Domain Management Server and Domain Log Server creation and deletion operations.
PRJ-22138,
PMTR-64481
Multi-Domain Management A Multi-Domain Server with dozens of Domains may take a long time to start. 
PRJ-22578,
SMCUPG-1625
Multi-Domain Management In some scenarios, HA Full Sync on the System Domain fails after upgrade on a Multi-Site environment with multiple Multi-Domain Servers. Refer to sk171059.
PRJ-21912,
PMTR-64572
Multi-Domain Management In some scenarios, installation of Jumbo Hotfix on Multi-Domain Server may fail after running restore from backup.
PRJ-19499,
PMTR-61526
SmartConsole "The object specified in 'Always send alerts to' field, has no active 'Logging & Status' blade" error may be displayed after running the "add-simple-gateway" command in Management HA environments where one of the Security Management servers has the "Logging & Status" blade disabled. Refer to sk172226.
PRJ-17276,
PMTR-59746
SmartConsole The "Recent Tasks" view allows only Super Users to view other administrators' tasks.
PRJ-21623,
PRHF-15156
SmartConsole In some scenarios, FWM process logs show Provisioning/LSM activity even though LSM is not in use. Refer to sk171905.
PRJ-22221,
PMTR-32568
SmartConsole In some scenarios, a validation warning may appear on an updatable object with the following message: "Object is no longer supported. Enforcing security for this object is not possible." However, the object is still available in the updatable objects picker.
PRJ-18886 CPView CPView shows "N/A" for speed values of some network cards.
PRJ-16052,
PRHF-11884
Compliance Deactivated Compliance Best Practices appear in the Compliance report.
PRJ-14102,
PRHF-11595
Compliance Compliance Blade may not scan inline layers for Application Control and URL Filtering best practices.
PRJ-20775,
PRHF-13197
Compliance In some scenarios, an incorrect Compliance status for Gaia OS Best Practices is displayed.
PRJ-21181,
PMTR-61750
Logging NEW: Resource pools for log queries and report generation have been separated to ensure query responsiveness while multiple reports are generated. 
PRJ-22185,
PMTR-58496
Logging In SmartView, when the user exports multiple PDF/CSV/Templates of the same view/report at the exact same time, the second export to complete may overwrite the first one.
PRJ-20620,
PRHF-14608
Logging In SmartView, when filtering with specific time filters, the result may include more logs than was requested.
PRJ-23415,
PMTR-60082
Logging In SmartView's "Cyber Attack View - Endpoint", the widgets Active/Dormant Attacks and Cleaned/Blocked Attacks show clean hosts as infected (false positive results).
PRJ-21375,
PMTR-63927
Logging In some scenarios, in Multi-Domain servers with many domains, the Solr process for logs may unexpectedly unexpectedly exit.
PRJ-18559,
PRHF-13614
Logging In the "Logs" view in SmartConsole, when the query filter contains "time:yesterday" as a literal, the query fails with a "Query resolution failed" error. The pre-defined time filter "Yesterday" shows results from today. Refer to sk170999
PRJ-22249,
PMTR-65133
Logging In some scenarios, in the "Views and Reports" of SmartView, it is not possible to use the field "Roles".
PRJ-21145,
PMTR-51637
Logging In SmartView, when opening a log card popup in lower resolutions, the text in the header may be cut off. 
PRJ-15368,
PMTR-57068
Logging When limiting access to SmartView using the "GUI clients" configuration file with netmask 0.0.0.0/0.0.0.0 or if "Any" is defined twice, opening a new SmartView tab in SmartConsole may indefinitely show "Loading SmartView...". Refer to sk167653.
PRJ-23156,
PMTR-62454
Logging When viewing an Access log card that was matched on both a Network layer (firewall) rule and an Application layer rule, and both actions are "Accept", the application layer rule will be presented in the card instead of the network layer rule. Refer to sk172763.
PRJ-15784,
PRHF-11889
Logging In SmartView, when the user exports a container widget with charts to PDF, some data may be missing, and the charts may be shown in a distorted manner.
PRJ-17119,
PMTR-59484
Logging In SmartView, chart and timeline widgets may show a "Query Failed" error.
PRJ-21902,
PMTR-64675
Security Gateway NEW: Added new troubleshooting tool to cplic command for Entitlement manager.
PRJ-20960,
PMTR-61684
Security Gateway NEW: In a Management Data Plane Separation (MDPS) environment, each plane has its own configuration. Run these commands in each plane:
  • save configuration <Name of Script>
  • load configuration <Name of Script>
PRJ-21316,
PRHF-14534
Security Gateway UPDATE: Security Gateway performance optimizations for specific scenarios. Refer to sk174607.
PRJ-23394,
PRHF-15802
Security Gateway Added support for “Other” services configured with IP protocol, but without advanced “Match” expression.
PRJ-22933,
PRHF-13912
Security Gateway When using "User Alert 3" in the code alert, cosmetic error "FW-1: fwdrv_get_string_id_from_code: illegal parameters for code 8" appears in the /var/log/messages file.
PRJ-20756,
MBS-12769
Security Gateway In some scenarios, the "fwauthd_init: got known service port XXX ... choosing another one" message appears repeatedly in the $FWDIR/log/fwd.elg file.
PRJ-19358,
PRHF-14127
Security Gateway In a rare scenario, FWK process may unexpectedly exit while passing TLS traffic, resulting in a cluster fail-over.
PRJ-21612,
PRHF-14715
Security Gateway Security Gateway may crash when "Categorize HTTPS Websites" feature is enabled and categorization mode is set to "Hold".
PRJ-22373,
PRHF-15705
Security Gateway In some scenarios, the Security Gateway attempts to access the Management Server through the server's NAT IP address (defined in the "NAT" section of the server object), while the server is reachable only through the main IP address (defined in the "General Properties" section of the server object).

Refer to sk171665 to configure the required parameter SKIP_NATTED_IP.
PRJ-19800,
PMTR-60336
Security Gateway Improved the policy enforcement of the ZIP archive inner files.
PRJ-23101,
PRHF-13417
Security Gateway The connection may not exist in SecureXL connection table when configuring Smart Connection Reuse kernel parameters and allow out of state TCP packets.
PRJ-19412,
PMTR-60877
Security Gateway The "new-conn-rate" DOS/Rate limiting rules may not be enforced in usermode when enforcement for internal interfaces is disabled.
PRJ-22455,
PMTR-64448
Security Gateway In a rare scenario, Security gateway may crash with fwk and fwk_wd core dump files.
PRJ-21055,
PRHF-15024
Security Gateway In a rare scenario, Fast Accel logs are sent although they are disabled on the matched rule. Refer to sk171336.
PRJ-21836,
PMTR-63900
Security Gateway "up_fw_module_load_commit: failed to load" error may be displayed in dmesg during cpstart or policy installation.
PRJ-21011,
PRHF-15031
Security Gateway In a rare scenario, Security gateway may crash when using non-FQDN domains in Access policy.
PRJ-22081,
PMTR-64650
Internal CA In a rare scenario, "This operation is not supported on STANDBY members" message is displayed and the cpca_client process unexpectedly exits when trying to renew a certificate on a standby Domain.
PRJ-21296,
PMTR-63495
URL Filtering UPDATE: Improved RAD event output to provide additional information on events, such as detailed timing. This update also activates the retry mechanism by default.
PRJ-23295,
PRJ-23297
IPS UPDATE: Added support for PM statistics when IPS is disabled.
PRJ-14542,
PMTR-52079
IPS UPDATE: Exceptions are now enforced for these IPS protections:
  • ASCII Request Response
  • ASCII Response Response
  • HTTP Header Patterns
  • HTTP URL Patterns
  • CIFS File Patterns
Refer to sk166222
PRJ-20376,
PRHF-15059
IPS In some scenarios, the "[ERROR]: kfunc_cmik_loader_execute_dyn_ctx: cmi_match_env is NULL" error may appear in /var/log/messages file.
PRJ-22515,
PMTR-65461
IPS Proxy source IP address is not printed in the IPS logs.
PRJ-23189,
PRHF-15832
IPS In rare scenarios, Security gateway may crash. 
PRJ-21278,
PMTR-60297
Threat Prevention Removed the "beta" label from SSH Deep Packet Inspection (SSH DPI) SSH server identification string.
PRJ-22021,
PMTR-63963
Threat Prevention In rare scenarios, the Threat Prevention Blade Exception used for performance optimization does not work as expected.
PRJ-21304 Identity Awareness NEW: Added support for SAML authentication method for Remote Access VPN. Refer to sk172909 for configuration instructions.
  • Requires R80.40 SmartConsole Build 423 (or higher).
PRJ-23517,
PMTR-20344
Application Control The fw_full (fwd daemon) unexpectedly exits producing a core dump fila and causing a cluster failover.
PRJ-17388,
PMTR-56183
Application Control Improved browsing speed for certain HTTP/2 sites.
PRJ-21710,
PMTR-64263
SSL Inspection In rare scenarios, a memory leak may occur in a crypto module.
PRJ-19587,
PMTR-57233
SSL Inspection In some scenarios, the wstlsd process may unexpectedly exit when browsing to certain websites.
PRJ-19782,
PMTR-58480
SSL Inspection A memory leak may occur during policy installation. 
PRJ-21990,
PMTR-64780
SSL Inspection In rare scenarios, a memory leak may occur in a crypto module.
PRJ-21726,
PMTR-64420
Content Awareness In a rare scenario, Security Gateway may crash when CPcode is running within Content Awareness or parser flow.
PRJ-20269,
PRHF-14501
Anti-Malware Packet capture may not be generated for certain IPS protections.
PRJ-23036,
PMTR-65728
Anti-Malware In rare scenarios, Security Gateway may crash if event app debug is enabled.
PRJ-20586,
VPNRA-642
Mobile Access Removed potential XSS vulnerability in the MAB Login page.
PRJ-14603,
PMTR-56744
Mobile Access In some scenarios, pinger (MAB process that handles the ActiveSync traffic) may unexpectedly exit.
PRJ-21643,
PMTR-60226
Mobile Access Mobile Access may overwrite the /etc/hosts file on Security Gateway.
PRJ-22150,
PMTR-63571
ClusterXL During active-active-bridge mode, the "show routed cluster-state" command may display some members as slave instead of master.
PRJ-19517,
PRHF-14206
ClusterXL In some scenarios, the required interface value is higher than it should be when adding a VLAN interface.
PRJ-24204 ClusterXL The Gaia Clish command "set snmp traps trap clusterXLFailover enable" fails with "Bad Command Unknown Trap name." Refer to sk173810.
PRJ-21349,
CLUS-1804
ClusterXL In some scenarios, a large quantity of logs is generated on cluster VIP API.
PRJ-22289,
PMTR-62849
SecureXL TCP reset packets may be dropped with an invalid sequence.
PRJ-18062,
PMTR-60766
SecureXL UPDATE: Changed the "accept out of state" global parameter usage and added support to change it for specific VS. Refer to sk147093.
PRJ-22916,
PRHF-15478
SecureXL Improved the Smart Connection Reuse feature to be consistent with the user configuration. Refer to sk24960.
PRJ-22436,
PRHF-15755
SecureXL In some scenarios, the concurrent-conns rate limiting count may be inaccurate for FTP data connections. 
PRJ-20546,
PRHF-14680
SecureXL Security Gateway may crash when there are interfaces that do not need the ARP resolution (VTI).
PRJ-19372,
PRHF-14133
SecureXL Security Gateway may crash when the user runs "fwaccel tab -t" to view certain rate limiting tables that have a large number of entries.
PRJ-20433,
PMTR-58524
SecureXL In some scenarios, DOS/Rate Limiting rules that do not work as expected, may be created.
PRJ-22168,
PRHF-15607
SecureXL Rate limiting rules using concurrent-connection counters may cause connections to be blocked. 
PRJ-23145,
PRHF-16038
Routing UPDATE: Added "$" to the list of allowed characters for BGP MD5 authentication passwords in WebUI and CLI.
PRJ-23499,
PMTR-66838
Routing UPDATE: Added support for PBR with VTI/VPN interfaces.
PRJ-22900,
PMTR-48384
Routing In some scenarios, OSPF configured with unnumbered VTI on cluster frequently moves between "Full" and "EXSTART" status.
PRJ-21260,
VSX-2520
VSX Allow the addition of routes with specific group of type "Group with Exclusion" when using VSX Provisioning tool.
PRJ-20818,
PMTR-63247
VPN NEW: Added 3 new views to SmartView for Remote Access, providing visibility for Remote Access users, users login summary, failed login attempts, used clients, top login options, number of users, operating systems, authentication methods and login activity.
PRJ-22413,
PMTR-60014
VPN In some scenarios, L2TP tunnel is not deleted completely upon disconnection. 
PRJ-19904,
PRHF-14090
VPN Mobile Access SNX may fail to connect to the Security gateway when the realm used by the client is different for the SSL VPN realm.
PRJ-21543,
PMTR-64128
VPN Added VPN Remote Access stability improvement.
PRJ-23303,
PMTR-66146
VPN In rare scenarios, the vpnd process may unexpectedly exit in an L2TP-related flow. 
PRJ-14485,
PRHF-11938
VPN Tunnel Test packets may be dropped by Secure Configuration Verification (SCV) check when implied rules are disabled. Refer to sk168033.
PRJ-21648,
PRHF-15006
VPN When static NAT is configured on a destination, the SCV may fail to access the internal resources and "No scv status from client..." drops appear in SmartConsole. Refer to sk171550.
PRJ-22922,
PMTR-62465
Gaia OS "kernel: [SIM4];resume_from_error: failed to get ci_or_corr" error message may be printed numerous times in /var/log/messages file while running UDP Traffic Load. Refer to sk172543.
PRJ-23734 Gaia OS NEW: Added support for Smart-1 6000-L/XL and 600-S/M appliances. Refer to sk171903.
PRJ-21665,
PRHF-15328
Gaia OS In some scenarios, policy installation on a Check Point Gateway in Azure causes the Gateway to crash and load a default policy. Refer to sk171553.
PRJ-15438,
PMTR-56379
Gaia OS In rare scenarios, SNMP user details may be visible in /var/log/messages file.
PRJ-24043,
DP-7201
Gaia OS Captive Portal / SAML portal may not work after installation with Blink image.
PRJ-19976,
PMTR-62104
Gaia OS In some scenarios, bond interface bandwidth monitored via SNMP is missing.
PRJ-14087,
PMTR-49877
Gaia OS In some scenarios, the force-password-change option does not work.
PRJ-22215,
PRHF-15159
Gaia OS "show configuration on" may not expose bond' members.
PRJ-18940,
PRHF-13812
Gaia OS In some scenarios, the "... fwldbcast_handle_retrans_request: Updated bchosts_mask to 1" message may be printed in /var/log/messages file.
PRJ-17685,
PMTR-60173
Gaia OS When upgrading with enabled Management Data Plane Separation (MDPS), an additional reboot may be required.
PRJ-21922,
PRJ-17304
Gaia OS Unable to set MTU on Igb cards.
PRJ-18851,
PRHF-13802
Gaia OS In some scenarios, the "show arp dynamic all" command displays values of VS0 instead of VS.
PRJ-16961,
PRHF-12751
Gaia OS In some scenarios, the "rhost" value may be missing from logs when the user tries to access the WebUI.
PRJ-21720 Gaia OS The "show configuration" command cannot print Gaia user with spaces in name.
PRJ-23585,
MBS-9917
Gaia OS In some scenarios, Bond interface's slaves stop sending LACP Traffic after reboot. Refer to sk169977.
PRJ-23252,
PMTR-67034
Gaia OS Added timestamp, hostname and syslog version control to syslog messages. Refer to sk100727.
PRJ-22793,
PRHF-15900
Gaia OS In rare scenarios, "show asset network" command may lead to memory leak. Refer to sk174823.
PRJ-17795 CloudGuard IaaS In some scenarios, a fail-over to the standby APIC server fails.
PRJ-20921,
PRHF-14900
QoS Security gateway may crash in QoS flow when interface goes down and up during packet processing.
R80.40 Jumbo HotFix - General Availability Take 102 (14 April 2021, GA from 21 April 2021)
PRJ-24912,
PMTR-67937
Security Management "Unauthorized client" error on login failure from an IP address that is not explicitly defined in the Trusted Clients list. Refer to sk173026.
PRJ-24582,
PMTR-56794
Identity Awareness In some scenarios, a Security gateway may crash after Take 100 installation due to Identity Awareness specific flow.
PRJ-23357,
PMTR-65962,
PRJ-24396,
PMTR-67460
Gaia OS UPDATE: Upgraded OpenSSL to 1.1.1k to fix CVE-2021-3449 and add the latest security improvements. Refer to sk172983.
R80.40 Jumbo HotFix - Ongoing Take 100 (17 March 2021)
PRJ-21006,
PRHF-14969
Security Management NEW: Improved FWM process performance during Security policy or database installation. 
PRJ-20072,
MCFG-229
Security Management NEW: Optimized the Solr build time to improve performance in the following operations:
  • Restore of the entire MDS/MLM from backup
  • Upgrade from R80.10
  • Solr Cure
PRJ-20031,
PMTR-61770
Security Management UPDATE: When purging revisions, task notifications will also be purged if created before the last revision to purge was published.
PRJ-20450,
SMCUPG-1563
Security Management UPDATE: Added validation to block migration of a Domain to a Security Management if the Domain is assigned to the Global Domain.
PRJ-21872,
ODU-82
Security Management UPDATE: Added Update 8 of Autonomous Threat Prevention Management (ATPM). Refer to sk167109.
PRJ-20855,
SMCUPG-1316
Security Management Management Server upgrade from R80.20 to R80.40 may fail if a Network Interface object refers to a Gateway object that does not exist.
PRJ-20842,
SMCUPG-1454
Security Management When migrating a Domain Management Server to a Security Management Server:
  • SmartEvent blade cannot be activated on the migrated domain.
  • If the Domain had standby Domain Servers, it may cause inconsistencies in the database, that may result in different failures. For example, policy installation may fail.
PRJ-20304,
PRHF-14634
Security Management In some scenarios, deleting a Domain Server may fail with "Got at least one duplicate UID in requested list" error.
PRJ-21586,
PRHF-15222
Security Management In rare cases, the CPM Solr process may not be stopped when running cpstop or mdsstop.
PRJ-16926,
PMTR-58592
Security Management Migrate of Security Management to a Domain on a Multi-Domain Server may fail if a previous migration attempt of the same Security Management already failed and a different Domain name was used for the second attempt.
PRJ-20765,
PRHF-14399
Security Management High load may occur on the Management Server when searching for a prefix of IP address that has more than 10 thousand matches.
PRJ-20995 Security Management In rare scenarios, the initiation of the Management server may take a long time.
PRJ-21359,
PRHF-14606
Security Management In some scenarios, the Purge Revisions task may stop and show 0% for hours or fail with the "An error has occurred while performing revision purge operation" message in SmartConsole.
PRJ-21591,
PRHF-15244
Security Management Although the Access Settings of the Management API is set to "All IP addresses", the API server does not accept requests from any IP address unless the IP is defined explicitly as a Trusted Client.
PRJ-17789,
PRHF-13382
Security Management In some scenarios, policy verification for static NAT rules succeeds even though the source subnet NAT is bigger than the destination subnet NAT.
PRJ-20887,
PRHF-14946
Security Management In some scenarios, when connecting to an existing session in SmartConsole from a different IP address, a wrong "Client IP" is shown in Audit Logs view.
PRJ-20804,
PRHF-14691
Security Management In some scenarios, delete partial domain with createDomainRecovery.sh script fails when there are several RadiusGroup objects with the same name in different domains.
PRJ-15744 Multi-Domain Management UPDATE: When running Reassign Global Domain for a Domain that is active on another Multi-Domain Server, the task is immediately relayed to the remote Multi-Domain Server without waiting in queue of the local server due to other tasks that are running.
PRJ-21275,
SMCUPG-1625
Multi-Domain Management In some scenarios, HA Full Sync on the System Domain fails after upgrade on a Multi-Site environment with multiple Multi-Domain Servers. Refer to sk171059.
PRJ-19995,
PRHF-14349
Multi-Domain Management After importing two (or more) Security Management servers into a Multi-Domain Server, the Gateway objects may not be functional:
  • The editor may not show configuration correctly
  • Security Gateway update may fail.
PRJ-16910,
PRJ-21342
Multi-Domain Management When running many Reassign Global Domain operations for Domains that are not active on the current Multi-Domain Server, the load on the Server may increase and result in slowness of user and automation work.
PRJ-21213,
PMTR-60619
Multi-Domain Management Migration of a Domain assigned to a Global Domain may fail with the "Dynamic object: not found" error.
PRJ-22276,
PMTR-65110
Multi-Domain Management In some scenarios, updating a Domain Server may fail with the "<IP> already in use" message. Refer to sk171916.
PRJ-19721,
PMTR-62272
Multi-Domain Management The Multi-Domain session APIs "view sessions" and "show last-published-session" results may include sessions that were not filtered according to the administrator's permissions profile.
  • A Domain manager running the API will be notified when the results will be filtered and will be asked to run the command again with the "ignore-warnings" flag.
PRJ-20786,
PRHF-13556
SmartConsole When the user creates an Access Role, the AD organization tree may show duplicate branches, and some branches may be missing.
PRJ-20951,
PMTR-62383
SmartConsole After a network interface is removed by cluster API, a network group assigned to that interface remains as used by cluster members and cannot be deleted.
PRJ-20910,
PMTR-63302
SmartConsole In some scenarios, deleting a policy fails.
PRJ-21389,
PMTR-63149
SmartConsole Slowness may be observed in some SmartProvisioning operations (like open SmartProvisioning GUI, create a new LSM object, open an LSM object editor, etc.).
PRJ-20240,
PRHF-14533
SmartConsole When there are no search results, search in Access Control Policy displays "An error occurred while searching" instead of "No Items Found".
PRJ-20315,
PRHF-14637
SmartConsole In some scenarios, the "show gateways-and-servers" Management API command fails when running it with details-level full and when connected to the Global Domain. Refer to sk170895.
PRJ-19141,
PRHF-14010
SmartConsole In some scenarios, the "add-user" API command with authentication method TACACS+ or Radius server fails with "object not found" message. Refer to sk170325.
PRJ-19931,
PRHF-14278
SmartConsole In rare scenarios, the "Show Policy Package" tool and some Management  API commands with details-level "full" may fail when UTM cluster is part of the policy targets.
PRJ-21525 SmartConsole In a rare scenario, Automatic NAT rules are not visible in SmartConsole.
PRJ-18922,
PRHF-13879
SmartConsole In some scenarios, the "show-access-rulebase" Management API command fails when running it with details-level "full" and there is a network group with more than 50000 objects on one of the rules. Refer to sk170435.
PRJ-21159,
PMTR-63555
SmartConsole If there is an HTTPS Inspection layer that is not used in the policy, policy installation may fail with the "Internal error" message. 
PRJ-20874,
PMTR-62957
SmartView UPDATE: To improve performance, SmartView now exports data in CSV format instead of Excel.
PRJ-18860,
SL-4613
Logging NEW: Added support for Endpoint Forensics reports to get-attachment API.
PRJ-12202,
PRHF-10306
Logging In some scenarios, the "Failed to fetch the file" error is displayed when trying to open Threat Emulation summary reports generated by VSX Gateways.
PRJ-20563,
PMTR-58714
Logging In rare scenarios, the Log Exporter fails to connect to external destination when using the TLS protocol.
PRJ-17356,
PMTR-59205
Logging FWM and\or log_indexer processes may repeatedly stop when there are more than ~500K network objects declared. Refer to sk164452.
PRJ-21155,
PRJ-21078
Logging In rare scenarios, the FWD process on the Security gateway may be blocked for several seconds due to processing of log attachments.
PRJ-10292,
PRHF-7415
Logging In rare scenarios, a log may display incorrect values in the Action and Rule field. Refer to sk170676.
PRJ-19010,
PRHF-13936
Logging In a rare scenario, CPD process may use a random port for AMON communication instead of port 18196.
PRJ-20091,
PRHF-13973
Security Gateway UPDATE: Service with source port in the Access rulebase will no longer disable accept templates for all connections.
PRJ-18487,
PMTR-61165
Security Gateway In some scenarios, repeating "fwx_alloc_global_find_free_port_atomic: rtsp pending port doesn't match the same pool" errors are displayed in dmesg when using Hide NAT with VoIP.
PRJ-19585,
PMTR-61102
Security Gateway In some scenarios, "email_unified_cmi_get_attribs: not valid caller: up_log_get_user_hash" error appears in dmesg for SMTP traffic.
PRJ-19704,
PMTR-62215
Security Gateway In rare scenarios, a memory leak may occur in TOPOD process.
PRJ-19851,
PRHF-14268
Security Gateway In some scenarios, a memory leak may appear after sending a packet from the kernel.
PRJ-20900,
PRHF-14824
Security Gateway In some scenarios, the DNS requests from the Security gateway may fail.
PRJ-20632,
PRHF-14378
Security Gateway In rare scenarios, high memory consumption in CPD may occur due to a memory leak in authentication flow with an LDAP server.
PRJ-20655,
PMTR-63092
Security Gateway Accept logs with reason "Connection terminated before detection: Insufficient data passed. To learn more see sk113479." may be wrongly generated when the matched action is user authentication and wrong username/password provided by user.
PRJ-20955,
PRJ-20953
Security Gateway In some scenarios, logs with incorrect action are generated by ICAP server.
PRJ-20385,
PRHF-13431
Security Gateway In a rare scenario, Access Control policy installation may fail after upgrade of Security Gateway from R80.10 or below to R80.20 or higher.
PRJ-21111,
PRHF-14953
Security Gateway Authentication may fail when LDAP branch name contains "\".
PRJ-11205,
PRHF-9029
Security Gateway In some scenarios, traffic that is matched on implied rule is dropped while it should not.
PRJ-21021,
PRHF-12746
Security Gateway In rare scenarios, proxy ARP entries may be deleted when installing a policy.
PRJ-21361,
PMTR-52835
Security Gateway Traffic may be dropped when the Hide NAT is configured on IPv6 host.
PRJ-20340,
PRHF-14616
Security Gateway In rare scenarios, passive FTP packets may be dropped.
PRJ-19307,
TEX-1906
Threat Extraction UPDATE: Threat Extraction ( Sanitization) will be automatically disabled when Infinity Threat Prevention mode is installed while the machine does not have enough resources (RAM).
PRJ-17874,
PRHF-10279
HTTPS Inspection UPDATE: "Categorize HTTPS websites" feature enhancements when "Categorize HTTPS Sites" feature is enabled:
  • Improved enforcement of first connection when URL Filtering setting is 'Hold' mode
  • Added SNI information to connection logs when connection is matched on rule with "Extended Log"
  • Hold mode granularity
For configuration, refer to sk173633.
PRJ-20407,
PMTR-52421
Identity Awareness NEW: Added the Identity Awareness performance and memory consumption improvements. Refer to sk170516.
PRJ-20862,
IDA-3642
Identity Awareness In some scenarios, there may be enforcement issues for MUHv2 users due to table mismatch.
PRJ-23655,
PRHF-10292
Identity Awareness In Identity Awareness Captive portal, the default Check Point logo is displayed even if the user-defined logo is configured. Refer to sk133492.
PRJ-20847,
PRHF-14347
Identity Awareness In some scenarios, рunning pdpd commands results in "daemon did not respond or not running!" error. Refer to sk171136.
PRJ-20348,
PRHF-14266
IPS In a rare scenario, the SmartConsole shows the "IPS is not responding" message even though IPS is functioning normally.
PRJ-20096,
PMTR-59101
DLP UPDATE: Added support for multi-part data to DLP.
PRJ-20838,
PRHF-14744
DLP Improved DLP scanning for POST request to some Web sites.
PRJ-18842,
PRHF-13322
SSL Inspection In rare scenarios, a memory leak may occur during policy installation.
PRJ-20936,
PRHF-14978
SSL Inspection The AES-NI (Intel® Advanced Encryption Standard New Instructions) status is not displayed and "dmesg | grep AES-NI" returns no output. Refer to sk170779.
PRJ-18596,
PRHF-13478
Anti-Malware In a rare scenario, Security gateway may crash when the Threat Prevention Forensics feature is enabled.
PRJ-20976,
PRHF-14820
Anti-Malware In rare scenarios, the Threat Prevention policy installation fails due to IOC parsing errors. Refer to sk171316.
PRJ-19041,
PRHF-13886
UserCheck In some scenarios, users cannot restore original attachment via UserCheck portal and receive the "An unexpected error has occurred" error message.
PRJ-19204,
PRHF-13935
ClusterXL UPDATE: Added the option to display only monitored interfaces to "show cluster members <option>" command>:
  • In Gaia Clish, run "show cluster members monitored"
  • In Expert mode, run "cphaprob -m tablestat"
PRJ-20535,
PRHF-14728
ClusterXL In some scenarios, data connections are dropped with "First packet isn't SYN" message on ClusterXL Load Sharing.
PRJ-19392,
PRHF-14115
ClusterXL "set router active-active-mode" settings do not survive а reboot.
PRJ-19925,
PMTR-58748
ClusterXL In rare scenarios, running cphastop;cphastart may cause a cluster member to stay in "Down" state.
PRJ-16516,
MBS-11708
SecureXL NEW: Added the ability to enable monitor-only mode for penalty box independently of other DOS/Rate limiting features.
PRJ-18323,
PRHF-13474
SecureXL UPDATE: Drop templates can be generated for connections with matched action Reject. For additional information and configuration, refer to sk171146.
PRJ-19664,
PRHF-13929
SecureXL In some scenarios, connections are dropped when SYN Defender and ISN Defender are both enabled on the same interface.
PRJ-17404,
PRHF-13153
SecureXL In some scenarios, PPTP or GRE traffic may be dropped. Refer to sk170293.
PRJ-19406,
PMTR-60870
SecureXL In some scenarios, Rate Limiting rules for DoS do not work after reboot. Refer to sk170148.
PRJ-15662,
PMTR-57216
Routing UPDATE: Display of routing CPview results is limited to 30 lines.
PRJ-19629,
PRHF-14280
Routing ip-reachability-detection ping marks a target IP address as "unreachable" if the path goes via a VPN tunnel, although pinging this IP address directly works.
PRJ-20964,
VSX-2519
VSX After running "vsx_util vsls" and selecting option #6, the operation may fail with the "Internal Error: got empty reply set" error. Refer to sk171352.
PRJ-20149,
PRHF-14537
VSX In rare scenarios, some interfaces remain in "Down" state after reboot.
PRJ-15447,
PMTR-55887
VSX In some scenarios, there may be high CPU utilization in a VSX environment with several instances.
PRJ-15550,
PRHF-11629
VPN UPDATE: Added the TTM-per-group feature improvement that allows it to work with more client types (for example Nemo client).
PRJ-17494,
PRHF-13007
VPN In IKEv2 renegotiation scenario, IPSec SAs may be deleted on a standby cluster member during post sync causing a VPN traffic outage. Refer to sk172926.
PRJ-19424,
PRHF-13784
VPN In some scenarios, the vpnd process unexpectedly exits with Segmentation fault.
PRJ-18271,
PRHF-13543
VPN The VPND process on a standby cluster member may unexpectedly exit when VPN peer has a probing link selection configured. Refer to sk170136.
PRJ-20414,
PRHF-14429
VPN In some scenarios, the IKE QM negotiating issue with Windows Server 2008 R2 peer may occur.
PRJ-20522,
PRHF-14766
VPN In a rare scenario, the FWM process unexpectedly exits when enrolling a certificate using the SCEP protocol.
PRJ-13821,
PRHF-10420
VPN Access roles do not recognize Remote Access SNX CLI clients.
PRJ-20868,
PMTR-56565
VPN In some scenarios, the VPND process keeps re-downloading the same CRL, which can cause performance issues.
PRJ-12242,
PRHF-10370
VPN When clicking "View..." in Trusted CA object's OPSEC PKI tab, this may show the "Failed to get a certificate of <object name> from keyset" error. Refer to sk166496.
PRJ-20948,
PMTR-63287
VPN In some scenarios, L2TP clients disconnect from the Security gateway after 10 minutes of the connection.
PRJ-20644,
PMTR-63280
VPN In some scenarios, the VPND process may unexpectedly exit.
PRJ-19216,
PRHF-13685
VPN Site to Site VPN fails to establish with IKEv2 on GCP when NAT-t is enabled.
PRJ-20542,
PMTR-62883
Gaia OS UPDATE: OpenSSL was updated to version 1.1.1i to include the latest code fixes and security improvements.
PRJ-19146,
PMTR-55383
Gaia OS UPDATE: Added the option to bind IP addresses to sockets using the udp_connect API. Refer to sk171019
PRJ-20958,
GAIA-6704
Gaia OS UPDATE: Added support for multiple commands definition in Dynamic CLI feature.
PRJ-11114,
PMTR-50378
Gaia OS UPDATE: Updated the arp table limit to 131072 in:
  • "set arp table" maximum entries through WebUI
  • Help description of "set arp table cache-size" in CLI
PRJ-18091,
PRHF-13475
Gaia OS Messages log level in /var/log/messages file for ERR level was changed to INFO level when fetching proxy configuration from Clish/WebUI/Gaia API.
Example: [DATE TIME] <daemon.err> ... xpand[25958]: proxy_live_get_proc: Started...
PRJ-20045,
PMTR-55456
Gaia OS Potential command injection in Clish when using the "show file" command. 
PRJ-17319,
PRA-1520
Gaia OS The syslog messages may be spammed when the "show asset all" command is running.
PRJ-19624,
PMTR-58288
Gaia OS Extended commands are missing after adding Dynamic CLI. 
PRJ-20741,
PMTR-63201
Gaia OS CVE-2020_25705: ICMP reply rate.
PRJ-16259,
PRHF-5016
Gaia OS A Timestamp in Unix/Epoch time may not be updated when the user changes a password using hash.
PRJ-20916,
PMTR-58250
Gaia OS In some scenarios, like defected LOM card, or when LOM port exists, but no LOM is connected, the confd process may unexpectedly exit.
PRJ-19236,
PRHF-14046
Mobile Access There may be a delay when connecting to HTTPS based SMS portal over a non-standard proxy port. Refer to sk170497.
PRJ-20090,
PRJ-19772
Endpoint Security Database size may increase exponentially because dynamic packages are packed into exported .tgz using migrate_export
PRJ-21749,
PMTR-60418
Endpoint Security On the SmartEndpoint Reporting page, the "Endpoint Connectivity" report that is filtered by a virtual group returns an empty list. 
PRJ-21914,
PMTR-50113
Endpoint Security In some scenarios, the "Endpoint Security Client Version" report shows "N/A" in DAT Date column for all devices on the SmartEndpoint Reporting page.
PRJ-19312,
PRHF-13909
CloudGuard IaaS When creating a GCP Data Center, Test Connection may fail on large GCP accounts.
R80.40 Jumbo HotFix - General Availability Take 94 (07 March 2021, GA from 14 March 2021)
PRJ-23502 Security Gateway Security Gateway may freeze on boot when enable IPv6 and IPv4 with 40 instances in Kernel mode. Refer to sk172364.
R80.40 Jumbo HotFix - Ongoing Take 93 (21 February 2021)
This Take contains all fixes from Take 92 except PRJ-19544 and PRJ-20164. If you already have Take 92 installed, do not install Take 93.
R80.40 Jumbo HotFix - Ongoing Take 92 (31 January 2021)
PRJ-19892,
PMTR-62429
Security Management NEW: Added new Management HA utility to schedule automatic full syncs to peers that failed to be synchronized incrementally.
PRJ-19544,
ODU-73
Security Management NEW: Added Update 6 of Autonomous Threat Prevention Management (ATPM). Refer to sk167109.
PRJ-20164,
ODU-76
Security Management NEW: Added Update 7 of Autonomous Threat Prevention Management (ATPM). Refer to sk167109.
PRJ-20000,
PRHF-14293
Security Management UPDATE: Added improvements in policy load process, to reduce the policy installation time when having large amount of objects.
PRJ-13465 Security Management UPDATE:  if a Management HA synchronization stalls (displaying "Peer is busy"), it will be released within 2 hours instead of 24 hours.
PRJ-17728,
PRHF-13278
Security Management Upgrade may fail if a Data Center object was last modified by an Administrator with a single quote in the name.
PRJ-19273,
PRHF-14074
Security Management Policy installation duration may increase due to large $FWDIR/conf/invalid_object_names.C file on the Management server. Refer to sk170427.
PRJ-18475,
PRHF-13644
Security Management In some scenarios, the first environment variable configured using sk165938 is not loaded and not used by the CPM process.
PRJ-19951,
PRHF-14394
Security Management The Management HA window in SmartConsole may mistakenly show the "Peer is busy" warning message for a few seconds.
PRJ-18898,
PRHF-13860
Security Management Policy installation may fail after migration from Domain Management to Security Management Server.
PRJ-20112,
PMTR-60541
Security Management In a rare scenario, the FWM process unexpectedly exits.
PRJ-17213,
PRHF-12851
Multi-Domain Management UPDATE: With this fix, mds_backup will backup the Upgrade Tools package(s) and mds_restore will restore them on a Multi-Domain Server.
PRJ-19277,
PRHF-13977
Multi-Domain Management In rare scenarios, Management server becomes inaccessible after Global Policy reassign operation.
PRJ-17562,
PRHF-12885
Multi-Domain Management In some scenarios, reassigning a Global Policy may fail if the Global and local domains are not active on the same Multi-Domain Server.
PRJ-20247,
PMTR-62490
SmartConsole UPDATE: A pop-up warning will be displayed every time a "Custom Application" object with a performance impacting URL is edited (instead of being displayed only once).
PRJ-20147,
PRJ-20145
SmartConsole SmartConsole may disconnect when searching in the Object Explorer for the text with an odd number of double quotes.
PRJ-19534,
PMTR-62078
SmartConsole In some scenarios, when adding a new user certificate of type .p12 via API command, the returned certificate may be incorrect.
PRJ-18884,
PRHF-13818
SmartConsole Setting values for the environment variables of the Management API as per sk165938 does not work: the values are neither loaded nor used by the API process. 
PRJ-13808,
PRJ-13810
SmartConsole In some scenarios, the Administrators view shows all administrators in all domains regardless to specific permission profile of the connected administrator.
PRJ-15854,
PMTR-56428
SmartConsole In rare scenarios, Web Components in SmartConsole such as "Revert to Revision" or "Packages Repository" fail to load.
PRJ-13123,
PRHF-11105
SmartConsole In some scenarios, the "Update operation failed" error is displayed when attempting to delete a Gateway from the VPN community. Refer to sk167212.
PRJ-13813,
PMTR-19017
SmartConsole In some scenarios, when the user attempts to delete a VSX Gateway / VSX Cluster, an error message may appear and the operation may not be completed successfully. Refer to sk167492.
  • Requires R80.40 SmartConsole Build 416 (or higher).
PRJ-20380,
PMTR-62935
SmartConsole Adding Global dynamic objects to source or destination columns of access rules on the Global Domain via Management API may fail when using the Global dynamic object names.
PRJ-19833,
PMTR-50205
SmartConsole The "show objects" command returns all objects in Global domain with any filter when "ip-only" flag is set to "true".
PRJ-17994,
SL-2106
Logging NEW:
  1. Log Exporter can now schedule a recurring reconnection to the target 3rd party server periodically. This allows usage of a Load Balancer component for target servers.
  2. The target 3rd party server can be declared as a DNS name also when using UDP protocol.
PRJ-14289,
SL-1901
Logging UPDATE: Added ability to SOLR process running on the Log server to prevent TLS1.1 and below in port 8211. Refer to sk168472.
PRJ-19716,
PMTR-53967
Logging When installing a newer Jumbo Hotfix, the Log Exporter filtering configuration may not persist and set to default.
PRJ-16176,
PMTR-55550
Logging In some scenarios, the cpsemd process on the Log server may close unexpectedly during a restart, shutdown or upgrade. 
PRJ-19845,
PMTR-62010
SmartView UPDATE: Improved the time resolutions usability (formally known as samples) of the Timeline widgets.
PRJ-19858,
PMTR-57101
Security Gateway NEW: Added Performance improvement when IP Pool NAT is used.
PRJ-11790,
AVIR-479
Security Gateway False "alert" logs may be displayed in some Anti-Spam events.
PRJ-20515,
PRHF-14630
Security Gateway In some scenarios, when using routing separation, connection to Management Plane via Data Plane is dropped.
PRJ-18630,
PRHF-11912
Security Gateway Wrong memory (hmem) values may be reported by specific SNMP OID. Refer to sk168992.
PRJ-19941,
PMTR-61708
Security Gateway In some scenarios, policy installation fails with "Error code 1-2000245".
PRJ-20057,
PMTR-62886,
PRJ-20058,
PMTR-62887,
PRJ-20058
Security Gateway In rare scenarios, a Security Gateway memory consumption may increase.
PRJ-19161,
TEX-1482
Threat Extraction UPDATE: Threat Extraction will no longer attempt to perform "Convert to PDF" if the file is corrupted, because the resulting files in these cases are usually unreadable.
To reactivate this behavior, set the "enable_alternative_scrub_method" variable in $FWDIR/conf/scrub_debug.conf file to 1 and install the Security policy.
PRJ-13175,
PMTR-53443
Identity Awareness UPDATE: Optimized memory usage in the PDP process’s LDAP operations. 
PRJ-19749,
PRHF-14338
Identity Awareness In some scenarios, the Security Gateway may not recognize an IP address as a local address, resulting in wrong drops. 
PRJ-19639,
PMTR-61982
Identity Awareness In some scenarios, when a standby cluster member receives RADIUS accounting updates, there may be high CPU on the PDP process.
PRJ-18180,
MBS-12220
URL Filtering In some scenarios, the wstlsd process may unexpectedly exit and produce a core dump.
PRJ-13499,
PRHF-10943
IPS In some scenarios, a non-compliant IMAP traffic is dropped. 
PRJ-19300,
PRHF-13560
IPS In some scenarios, log output shows the Origin/Source as "0.0.0.0" in VSX 3rd party IPS logs.
PRJ-19922,
PRHF-14156
DLP UPDATE: Expanded DLP postfix authentication to include NTLM to allow the Security gateway to connect to a mail servers that use the NTLM authentication protocol.
PRJ-19598,
PRHF-14259
DLP UPDATE: Improved the DLP scans queue for a better scan rate.
PRJ-18987,
PMTR-59795
DLP In a rare scenario, "SEC Filings - Draft or Recent" Data Type in DLP is not properly enforced.
PRJ-19744,
PRHF-13998
Anti-Bot Dynamic Global Network Object usage inside a Network Group object may cause an Access Policy installation failure.
PRJ-17375,
PMTR-56403
Anti-Malware NEW: Enable the option to inspect files running through SSH protocol with Threat Emulation blade.
PRJ-16623,
PRHF-12737
Anti-Malware Exported with "ioc_feeds export" command indicator feeds may contain user credentials. Refer to sk169035.
PRJ-17599,
PMTR-60017
Anti-Malware Files transferred with SMBv3 multi-channel may be improperly handled.
PRJ-15223,
PMTR-54248
Anti-Malware In a rare scenario, HTTP connections are timed-out.
PRJ-17843,
PMTR-58416
Anti-Malware In some scenarios, Threat Prevention logs appear half-full (not unified).
PRJ-9945,
PRHF-8315
Anti-Malware In some scenarios, multiple files called "ckp_mutex" are created on the Security Gateway.
PRJ-18123,
PMTR-60801
Anti-Malware In some scenarios, a Threat Prevention policy installation fails after upgrade if the Custom Intelligence Feeds feature is enabled with Hash IOCs.
PRJ-17320,
PMTR-59463
Anti-Malware In some scenarios, files bigger than 4GB cannot be downloaded with HTTP-206 flow.
PRJ-17326,
PRHF-13031
Mobile Access Remote access connectivity failure when the user belongs to number of groups that exceeds the limited available space (200~ groups).
PRJ-14941,
PMTR-56844
SecureXL UPDATE: "fwaccel dos blacklist" and "fwaccel dos whitelist" commands are deprecated and replaced by "fwaccel dos deny" and "fwaccel dos allow". Refer to sk112454.
PRJ-20027,
PRHF-14228
SecureXL Server may not reuse the TCP connection when the user allows out of state TCP packets.
PRJ-20050,
PRHF-14165
SecureXL Memory leak may appear in VPN or Active Streaming configuration.
PRJ-18085,
PRHF-13507
SecureXL SNMP may show wrong values for the number of bytes and packets accepted by Security gateway. Refer to sk170132.
PRJ-20055,
PRHF-14417
SecureXL In rare scenarios, SecureXL may crash due to NULL handling.
PRJ-18279,
PMTR-56203
Routing UPDATE: Updated PBR and ABR functionality for the "Software Blades and related components" feature. Refer to sk167135.
PRJ-18280,
PMTR-58528
Routing Certain types of multicast traffic may not be handled correctly in Bridge mode.
PRJ-19463,
PMTR-60878
Routing Routed logs may incorrectly state that routemaps that export to OSPF cannot set the OSPF manual tag, even though the functionality works.
PRJ-20048,
PRHF-14304
Routing In some scenarios, large number of unnecessary log messages may be sent to /var/log/messages file which makes it difficult to run debug. Refer to sk170796.
PRJ-18664,
PMTR-61601
Routing PBR does not work with VTI/VPN.
PRJ-20444,
ROUT-1325
Routing The old route may be not removed when an BGP ECMP route was changed.
PRJ-20439,
PMTR-45014
Routing ECMP route nexthops learned from BGP peers may be not properly updated in the kernel, resulting in network connectivity loss.
PRJ-20242,
PRHF-14562
Routing In rare scenarios, confd or routed process may restart.
PRJ-20598,
PRHF-14400
VoIP VoIP’s RTP can cause overload on global instance (CoreXL instance 0).
PRJ-18772,
PMTR-61381
VPN NEW: Added Remote Access VPN performance improvement.
PRJ-18788,
PMTR-60976,
PRJ-19674,
PMTR-62275
VPN NEW: Added VPN command line mechanism stability enhancement and VPN improvements in IKEv2.
PRJ-17487,
PMTR-40127
VPN NEW: Added Anti-Spoofing functionality for Remote Access Office Mode IPs in SecureXL.
PRJ-16341,
PRHF-12447
VPN The user may be unable to connect with Remote Access when the username or user field in the certificate is too long. 
PRJ-21086,
PMTR-60933
VPN "Decryption failed" drop logs may appear under heavy VPN load for accelerated tunnels using SHA 384 or SHA 512 Ciphers.
PRJ-20333,
PMTR-62776
VPN Security gateway may crash when you install policy on a MAB gateway and a policy file is corrupted.
PRJ-20275,
PRHF-14308
VPN In a rare scenario, a memory leak may appear when RASession_util is active.
PRJ-19671,
PMTR-61913
VPN In some scenarios, Remote Access Endpoint client disconnects after roaming from Visitor Mode to NAT-T.
PRJ-21682,
PRHF-15321
VPN When IKEv2 and pre-shared-key is configured, VPN may fail on the second IKE SA re-key. Refer to sk171756.
PRJ-19531,
PRJ-19562
Gaia OS NEW: Gaia API (version 1.5) will now be deployed via Jumbo Hotfix.
PRJ-20471,
PRHF-14653
Gaia OS In some scenarios, the Security Gateway attempts to fetch the policy from / send logs to the real IP address of the Management Server (defined in the "General Properties" section of the server object) instead of the server's NAT IP address (defined in the "NAT" section of the server object).

Refer to sk171055 to configure the required parameter FORCE_NATTED_IP.
PRJ-17719,
PRHF-13075
Gaia OS In some scenarios, one session disconnection of RADIUS users can cause another session to loose permission when one of the session terminates.
PRJ-20943,
PMTR-63343
Gaia OS Upgrade process may fail due to corrupted sic_local_cert.p12 certificate. Refer to sk171253.
PRJ-18610,
PMTR-60804
Gaia OS Bond interface in XOR mode or 802.3AD (LACP) mode may experience suboptimal performance, if on the Bond interface the Transmit Hash Policy is configured to "Layer 3+4" and Multi-Queue is enabled.
PRJ-18503,
PMTR-60820
VSX UPDATE: Added support for VSX SecureXL tabs on CPView. Refer to sk167903.
PRJ-17831,
PMTR-53549
VSX VSX VSLS Cluster with 3 Members may fail to connect to Identity Collector. Refer to sk170836
PRJ-16457,
PRHF-12691
VoIP SIP parser may cause the wrong RTP dynamic connection to be opened. Refer to sk169373
PRJ-19133,
PRHF-13981
Endpoint Security NEW: Integrated support for Endpoint Anti-Malware E2 signatures updater.
PRJ-19726,
PRHF-14269
Endpoint Security After changing the Full Disk Encryption to Bitlocker in SmartEndpoint FDE policy, the login to Windows machine with the Endpoint client says "This account is disabled". Refer to sk170655.
R80.40 Jumbo HotFix - General Availability Take 91 (16 December 2020, GA from 26 January 2021)
PRJ-19279,
PMTR-60665
Security Management NEW: The upgrade process is being monitored dynamically and will be stopped if it cannot be completed, not basing on a timeout.
PRJ-13934 Security Management Login with SmartConsole may be blocked while purge revisions action is running.
PRJ-19084,
PRHF-13972
Security Management In some scenarios, HA synchronization may fill up the disk space of a standby Management Server. Refer to sk168492.
PRJ-18379,
PMTR-53043
Security Management In some scenarios, SecurID configuration files on the Security Gateway are overridden upon policy installation.
PRJ-18817,
PRHF-13819
Security Management Management HA synchronization between Multi-Domain Management Servers may fail with "Failed to import data" error due to manual or automatic updates of contracts.
PRJ-18030,
PMTR-58678
Security Management In some scenarios, export of EndPoint package may fail due to FWM process that utilize 100% CPU.
PRJ-19021,
PMTR-61616
Security Management In rare scenarios, FWM process may unexpectedly exit after a login attempt to the Management server.
PRJ-18492,
PRHF-13681
Security Management In rare scenarios, a policy installation task may never complete.
PRJ-13476,
PRHF-11299
Security Management Domain Servers may disappear from Multi-Domain view after running the Solr Cure utility.
PRJ-15906,
PRHF-12367
Security Management Security policy compilation fails if the Domain network object name (FDQN name) contains space.
PRJ-17692,
PRHF-13332
Security Management In some scenarios, HA temporary sub-directories under $FWDIR/tmp are not deleted if sync fails. Refer to sk170972.
PRJ-19131,
PRHF-13996
Security Management Advanced Upgrade from R80.10 to R80.40 with Jumbo Hotfix Take 83 may fail. Refer to sk170313.
PRJ-18288,
PMTR-61010
Security Management In rare scenarios, the CPU and memory usage of CPM process may be abnormally high. Refer to sk170672.
PRJ-18954,
PRHF-13948
Security Management Policy verification may fail with error "For security gateways R80.40 and higher, rules that use Access Roles can only have ‘Any Traffic’ or ‘RemoteAccess’ in the VPN column".
PRJ-16724,
PMTR-58803
Security Management
  • Exports of views and reports may fail when they are initiated while connected to SmartEvent with a new administrator.
  • Assign and Install Global Policy feature may fail with the "Timeout during task progress: Could not get information regarding task completion" error message.
For more information, refer to sk170632.
PRJ-18265,
PRHF-13607
Security Management 'Revert to Revision' tasks cannot be cleared from tasks pane in SmartConsole.
PRJ-16369,
PRHF-12594
Security Management When logging into SmartConsole directly to a Domain using Radius or TACACS, the Authentication method in the audit log may show as "Internal Password". Refer to sk168716.
PRJ-17763,
PMTR-58785
Security Management When migrating a Security Management Server that was created as a standby and then set to active, into a Domain Management Server, the new Domain is created without an active Domain Server.
PRJ-18690,
PRHF-13744
Security Management Database installation to the newly created Domain Log Server may fail.
PRJ-18907,
PMTR-61579
Multi-Domain Management In some scenarios, size of MDS backup file increases after each policy installation.
PRJ-18251,
PRHF-12413
Multi-Domain Management Migration of Domain Server between different Multi-Domain Servers may fail due to incorrect internal values of default objects.
PRJ-18970,
PRHF-13874
Multi-Domain Management The "cplic db_print -all -x" command fails when running on the MDS level.
PRJ-19647,
PMTR-62201
Multi-Domain Management In rare scenarios, a Domain is shown in the Domains view without any Domain Server or a Domain is shown with Domain Server that was deleted and does not exist anymore. Refer to sk170556.
PRJ-12845,
PMTR-53224
Multi-Domain Management Global Domain Assignment may fail with the "An internal error has occurred" message after deleting a Global VPN Community object.
PRJ-19320,
PMTR-61346
SmartConsole NEW: Added support for Python 3 in Management API scripts.
PRJ-18317,
PRJ-18314
SmartConsole NEW: Added 1600, 1800 and 1570R appliances to SmartConsole Hardware list.
PRJ-19202,
PRHF-13955
SmartConsole In some scenarios, when using the "set simple-gateway" API command with "logs-settings.forward-logs-to-log-server", it fails with "Generic server error". Refer to sk170352.
PRJ-19322,
PMTR-60220
SmartConsole In some scenarios, the api.csv file may show extra empty columns.
PRJ-19376 SmartConsole In a rare scenario, when user clicks on Mail Transfer Agent (MTA) options in the Security gateway settings or on 'Next hop' column inside MTA settings, SmartConsole shows "Not Responding" and freezes. Refer to sk161232.
  • Requires R80.40 SmartConsole Build 415 (or higher).
PRJ-20163,
PMTR-60372
SmartConsole Duplicate central licenses may be added to the management database. In some rare scenarios, this may lead to heavy load on the FWM process and prevent login.
PRJ-18382,
PRHF-13609
SmartConsole In some scenarios, running an action on a ROBO Gateway behind NAT does not work during sync on SMB appliances.
PRJ-17414,
PRHF-13223
SmartConsole When removing an object from a group using the “groups” field of the object’s module in the Ansible collection, the group will not be changed and Ansible will show that no changes are needed.
PRJ-18041,
PMTR-60761
SmartConsole In some scenarios, after a successful IPS update, the new IPS version does not appear under 'switch version' window.
PRJ-17643,
PRHF-13379
SmartConsole When creating a user with Check Point password authentication through the Management API, log in to Mobile Access portal may fail. Refer to sk170412.
PRJ-18592,
PMTR-60476
SmartConsole After enabling the Endpoint Policy Management blade on the Security Management Server, some views on SmartConsole may not load properly and SmartClient may disconnect.
PRJ-15743,
PRHF-12226
SmartConsole When using the "set simple-cluster" Management API command to update a user defined security zone, the "Specify security zone" checkbox in SmartConsole is not selected.
PRJ-18465,
PRHF-13551
SmartConsole In some scenarios, Staging mode IPS protections activation in the Local domain does not match the activation in the Global domain after a Global Threat Prevention policy assignment. Refer to sk170322.
PRJ-19057,
PMTR-34323
SmartConsole Upgrade may fail due to IPS protections comment that is exceeding the comment length limit.
PRJ-16706,
PRHF-12819
SmartConsole Enabling Threat Prevention policy may fail with validation errors when the policy's targets include cluster members running a version lower than R80.10.
PRJ-16979,
PRHF-12928
SmartConsole In some scenarios, some Web APIs fail with "Script stopped running due to severe error!" message when SMB gateway is defined as a policy target. Refer to sk169557.
PRJ-14107,
PRHF-11590
SmartConsole Search in Threat Prevention Exceptions in Protection/Site/File/Blade column may not return all expected results.
PRJ-15818,
PRHF-12352
SmartConsole In some scenarios, Management API does not start automatically after restart, although automatic start is enabled. Refer to sk168332.
PRJ-18327,
PMTR-58703
SmartConsole Exception group may be incorrectly deleted in the following scenarios:
  1. "Apply On" in exception group is changed from "Automatically attached to each rule with profile" to "Automatically attached to all rules".
  2. A profile that was attached to the exception group, is deleted.
  3. The group is removed from the exception groups list, however it remains in the Threat Prevention rulebase.
PRJ-18307 SmartProvisioning NEW: Added support for Threat Emulation blade on LSM profile of R80.20 SMB gateways and clusters.
  • Requires R80.40 SmartConsole Build 415 (or higher).
PRJ-17482,
PRHF-12997
SmartProvisioning In some scenarios, when recreating a ROBO object with the same name, the new object receives the previous status.
PRJ-14511,
PRHF-11981
CPView In some scenarios, CPView may unexpectedly exit after upgrade from R80.20 GA.
PRJ-17209,
PMTR-59637
Compliance UPDATE: Added ability to select 'Any' in the Service column when creating a custom firewall Best practice.
  • Requires R80.40 SmartConsole Build 415 (or higher).
PRJ-17805 IoT NEW: Added IoT support to Multi-Domain Security Management.
  • Requires R80.40 SmartConsole Build 415 (or higher).
PRJ-18781,
PMTR-56281
SmartView In rare scenarios, "Critical attacks allowed by policy widgets" in "General Overview" view may show no results while actual data exists. Refer to sk171001.
PRJ-18339,
PMTR-60937
SmartView In some scenarios, SmartView fails to load with a "permission denied" error.
PRJ-19815,
SL-4358
Logging In rare scenarios, the log_indexer process may unexpectedly exit when reading a specific log format. Refer to sk116117.
PRJ-11343,
PRHF-9582
Security Gateway NEW: Added support for authentication with a RADIUS server that expects to receive an empty password on the first message. VPN client will receive 2 dialogs instead of 3.
PRJ-17730,
PMTR-60363
Security Gateway UPDATE: Added a message informing that to enable Dynamic Balancing on models with less than 8 cores, GNAT must be enabled.
PRJ-16668,
PMTR-57277
Security Gateway UPDATE: You cannot manually configure Multi-Queue while Dynamic Balancing is active.
PRJ-17300,
PMTR-59775
Security Gateway Connections distribution may get unbalanced on VSX environment. Refer to sk169352.
PRJ-18833,
PMTR-61589,
PRJ-18831,
PRJ-19063
Security Gateway In rare scenarios, Security Gateway memory consumption may increase.
PRJ-19957,
PMTR-62477
Security Gateway Half-closed accelerated TCP connections may take too long time to expire.
PRJ-19195,
PRHF-13892
Security Gateway In some scenarios, when using routing separation, connection from data plane to management plane is dropped.
PRJ-10573,
PMTR-50743
Security Gateway The SSH Deep Packet Inspection (SSH DPI) configuration may be lost after upgrade.
PRJ-17704,
PMTR-60122
Security Gateway After enabling USFW mode (User-Space Firewall) and rebooting, system boots in KFW (Kernel mode Firewall) instead. Refer to sk169956.
PRJ-17960,
PMTR-60574
Security Gateway In some scenarios, policy installation fails with "Error code 0-2000077".
PRJ-19179,
PMTR-61822
Security Gateway Connections may be wrongly matched on Domain or Updatable objects used in Security policy.
PRJ-13377,
PMTR-54887
Security Gateway The TCP State Logging feature may not work as expected. Refer to sk101221.
PRJ-16089,
PRHF-12224
Security Gateway In rare scenarios, a memory leak may appear on Security Gateway in gconn table.
PRJ-16172,
IDA-754
Security Gateway After changing 'pdp nested_groups __set_state 2', flat groups are fetched correctly, but nested groups are not fetched. Refer to sk166199.
PRJ-18981,
PMTR-61179
Security Gateway In rare scenarios, Security Gateway may crash with USFW fwk core file.
PRJ-18247,
PRJ-18124
Identity Awareness NEW: Added Identity Sharing's performance and functionality improvements. Refer to sk170516.
PRJ-19106,
IDA-3240
Identity Awareness NEW: Performance optimization for Identity broker.
PRJ-18345,
PRHF-11733
IPS NEW: Added ability to send connection log per application match for ATM transactions identification. The functionality is disabled by default and can be enabled by using the "up_duplicate_connection_log_on_packet_matched_app_enabled" kernel parameter.
PRJ-13970,
PRHF-11634
IPS UPDATE: The "ips stat" command now shows all active Threat Prevention profiles with IPS enabled on the Security gateway.
PRJ-16446,
PRHF-12684
IPS The get_ips_statistics.sh script on VSX may fail with "/bin/cat: /proc/self/vrf: No such file or directory" error.
PRJ-18825,
PRHF-13605
HTTPS Inspection The user may not be able to browse with Chrome when using mixed chain with ECDSA subordinate CA in HTTPS Inspection. Refer to sk170332.
PRJ-17594,
PMTR-58055
HTTPS Inspection Connectivity issue may appear for inbound HTTPS Inspection when HTTP/2 is proposed by the client. Refer to sk169375.
PRJ-19465,
PMTR-58086
HTTPS Inspection In some scenarios, the HTTPS Inspection CA bundle is not created on the Security Gateway.
PRJ-17168,
PMTR-59212
Anti-Malware In a rare scenario, Security gateway may crash while processing SMB3 multi-channel when Anti-Virus blade is enabled.
PRJ-16563,
PMTR-58568
Anti-Malware Security Gateway may crash when certain traffic is handled during policy installation and the Anti-Virus Deep Scanning is enabled.
PRJ-19579,
PRJ-16924
Anti-Virus In rare scenarios, after downloading files, Anti-Virus prevent logs appear with "Strict hold is not possible failure - Write to other side occurred" error message.
PRJ-15944,
PRHF-12119
Anti-Bot In a rare scenario, Security gateway may crash after a match of the Anti-Bot blade.
PRJ-17640,
PRHF-12934
UserCheck In some scenarios, UserCheck agent notifications may be blocked.
PRJ-18699,
PRHF-12299
UserCheck When using the UserCheck agent, the original URL attribute variable $orig_url$ may appear on URL field of log details.
PRJ-19434,
PRHF-13987
SSL Inspection In rare scenarios, the DynamicID Certificate validation may fail.
PRJ-18957,
PRHF-13881
ClusterXL When MDPS is configured, the output of "cphaprob syncstat" may show unreadable characters for the speed of the sync interface.
PRJ-12589,
CLUS-1742
SecureXL NEW: Added support for Cluster AA/LS.
PRJ-16583,
PRHF-12716
SecureXL In some scenarios, traffic with the destination IP address as the broadcast address configured according to sk98810 is dropped.
- Gaia OS NEW: Added support for 1570R and 1600 / 1800 SMB appliances.
PRJ-16672,
PMTR-53960
Gaia OS UPDATE: CPView Network -> Top-Protocols and Network -> Top-Protocols tabs was added back. Refer to sk167903.
PRJ-17921,
PRHF-13451
Gaia OS "cphaprob -h" shows wrong explanation for "cphaprob show_bond [<bond_name>]" command.
PRJ-19330,
PRHF-14073
Gaia OS In some scenarios, login from data plane context fails (no connectivity to server).
PRJ-17714,
ROUT-954
Routing Security Gateway may stop forwarding the Multicast stream when PIM is configured on it. Refer to sk169774
PRJ-17856,
PRHF-13388
Routing In rare scenarios involving large AS paths, there may be a loss of BGP adjacency. Refer to sk170876.
PRJ-18026,
PRHF-13480
Routing SNMP queries for bgpPeerFsmEstablishedTime return an incorrect constant value. Refer to sk170074.
PRJ-18069,
PMTR-59437
VPN NEW: Added Remote Access VPN performance improvements.
PRJ-18667,
PMTR-60847
VPN NEW: Added Remote Access VPN performance improvement for USFW mode (User-Space Firewall).
PRJ-16432 VPN UPDATE: Added ability to fetch CRL with proxy in Site-to-Site VPN.
PRJ-17369,
PRHF-858
VPN DynamicID via SMTP does no work when an HTTP proxy server is defined.
PRJ-15742,
PRHF-12010
VPN In some scenarios, findSAByPeer does not validate the peer IP address for DAIP peer behind NAT.
PRJ-18764,
PMTR-61360
VPN In some scenarios, userspace cores may appear on Security gateways with enabled AES-GCM-256 and AES-256 VPN encryption. Refer to sk169417.
PRJ-20283,
PRHF-14543
VSX In some scenarios, SNMP v3 users are not recognized on VSX when SNMP is in VS mode. The 'Unknown user name' error message is displayed. Refer to sk170993.
PRJ-15859,
PRHF-7446
Endpoint Security An exception may be displayed in SmartEndpoint when uploading an offline group software deployment package. Refer to sk165852.
PRJ-16465,
PRHF-10929
Endpoint Security In some scenarios, content of the "User Name" tab in SmartEndpoint is displayed in wrong format.
PRJ-16317,
PMTR-58351
Endpoint Security Client may not be added automatically to a Virtual Group that was configured in the SmartEndpoint export package policy when deployment is done using dynamic package.
R80.40 Jumbo HotFix - General Availability Take 89 (01 December 2020, GA from 09 December 2020)
PRJ-18199,
PMTR-60885
CloudGuard IaaS UPDATE: Added new certificates for Microsoft Azure. For details, refer to this Microsoft article.
R80.40 Jumbo HotFix - General Availability Take 87 (5 November 2020, GA from 22 November 2020)
PRJ-15565,
PRHF-12170
Security Management NEW: In some scenarios, modifying or deleting objects in bulk may cause slowness in SmartConsole responses and long duration of operations. Ability to improve performance in such cases was added. Refer to sk135972.
PRJ-18769,
PRHF-13728
Security Management NEW: Improved FWM process performance during policy or database installation. 
PRJ-14597,
PMTR-48628
Security Management In some scenarios, Read-Only sessions appear twice in the Sessions view.
PRJ-16263,
PRHF-12488
Security Management Upgrade from R80.20 or R80.30 may fail if one of the objects does not have a creator.
PRJ-17043,
PMTR-59394
Security Management In rare scenarios, some objects may be locked and not available for editing. Refer to sk169772.
PRJ-16877 Security Management In rare scenarios, upgrade from R80.10 may fail with the "Consider using an AFTER trigger instead of a BEFORE trigger to propagate changes to other rows" message in the $MDS_FWDIR/log/postgres.elg file.
PRJ-16288,
PMTR-58215
Security Management On rare scenarios IPS or Application Control updates might get stuck on 70% and cannot be launched again until full restart of the Multi-Domain Management Server.
PRJ-18047,
PRHF-13462
Security Management In rare scenarios, a Management server may become inaccessible and requires a reboot. Refer to sk170634.
PRJ-13851,
PRJ-17073
Security Management In some scenarios, the Security Management Server's startup takes a very long time after editing or deleting many Administrators. 
PRJ-16288,
PMTR-58215
Security Management In rare scenarios, IPS or Application Control updates may stop at 70% and cannot be launched again until full restart of the Management server.
PRJ-16643,
PMTR-58309
Multi-Domain Management In some scenarios, Domain Management Server is shown in System Domain under Domains View even though it was deleted.
PRJ-17023,
PMTR-58167
Multi-Domain Management On Multi-Domain Management environment with Global VPN Community usage, policy installation mail fail with "Internal error" message after upgrade. Refer to sk169157.
PRJ-13796,
PMTR-43231
Multi-Domain Management In a Multi-Domain Server, domain-related processes may not start when the user runs "evstop" and then "evstart". 
PRJ-17070,
PMTR-59232
Multi-Domain Management In some scenarios, Domain appears in the System Domain without any Domain Servers.
PRJ-12246,
PRHF-10477
Multi-Domain Management In some scenarios, a Global Administrator connected to the Logging and Monitoring view in MDS cannot see auto-complete suggestions when typing in the logs search box. Refer to sk166752
PRJ-16313,
PMTR-57777
Multi-Domain Management After upgrade, a Global VPN Community object defined in the Global Domain is shown as "Unavailable" and a policy installation fails with "Internal error" message.
PRJ-17238,
PMTR-59666
Multi-Domain Management On Multi-Domain environments with multiple Multi-Domain servers connected in HA, operations such as "Log in" and "Reassign Global Domain" may fail due to high load on FWM process.
PRJ-13715,
PRHF-10802
Multi-Domain Management In some scenarios, when installing a policy from a local domain, while a policy installation initiated by the system domain is still in progress, policy installation invoked by the system domain fails. Refer to sk167692.
PRJ-16283,
PRJ-17123
SmartConsole NEW: Added ability for administrators to view, add, and delete licenses directly from SmartConsole.
  • Requires R80.40 SmartConsole Build 414 (or higher).
PRJ-18775,
PMTR-59827
SmartConsole In some scenarios, FWM and CPD processes may consume high CPU due to large number of Security Management/Security gateway objects in the policy. Refer to sk170256.
PRJ-16861,
PMTR-58850
SmartConsole New cluster member's IP address may disappear from the "Network Management" view when changing cluster interface type to "Private".
PRJ-17880,
PMTR-60559
SmartConsole In Global Properties under Stateful Inspection tab, the "TCP end timeout (R80.20 and higher gateways)" option does not support values higher than 60 seconds.
  • Requires R80.40 SmartConsole Build 414 (or higher).
PRJ-17003,
PMTR-48331
SmartConsole When using SmartConsole CLI, the application may unexpectedly terminate if the input has quotation marks that are not closed. 
PRJ-9661,
PRHF-8304
SmartConsole In rare scenarios, Access policy installation may be incorrectly blocked. A verification incorrectly states that HTTPS Inspection rules do not contain 'Any' or 'Application/Site' objects in the Site Category column, even though they do.
PRJ-16062,
PRHF-12395
SmartConsole In some scenarios, certain Gateways do not appear in the IPS Core protections list. Refer to sk168474
PRJ-15999,
PRHF-11455
SmartConsole When fetching the LDAP server SSL fingerprint on Global Domain, the operation is nоt finished.
PRJ-17822,
PRHF-11377
SmartConsole In some scenarios, Network Objects are missing in Implied Rule for Mail Transfer Agent. 
  • Requires R80.40 SmartConsole Build 414 (or higher).
PRJ-16468,
PRHF-11438
SmartConsole Update corporate Gateway procedure takes a long time and may cause login issues and general slowness in the Provisioning GUI. 
PRJ-17273,
PRHF-13080
SmartConsole On Multi-Domain environments, some hardware types may be missing from the hardware selection in the gateway editor. Refer to sk169354.
PRJ-16891,
PMTR-59093
SmartView In SmartView, after adding a new page to a report, the preview page appears to have no data although it has (this data appears in the Edit Mode).
PRJ-16433,
PMTR-53663
SmartView In SmartView's GDPR Report, some of the text appears in German although the selected language is not German.
PRJ-16999,
PMTR-59317
Logging UPDATE: Added ability to filter Threat Prevention and Endpoint logs by file size on a Log server machine via Logs & Monitor view in SmartConsole.
PRJ-13350,
PMTR-54708
Logging In some scenarios, when the user configures the log exporter filter with the “cp_log_export” command (action, origin, product), the filter is not configured properly according to the used format.
PRJ-13623,
PRHF-11057
Logging Leef format is not certified with IBM causing the following issues:
  • Wrong header and wrong value in "cat" field.
  • Duplicate product values in "cat" field.
  • Exported logs contain fields with the same name.
Refer to sk170199.
PRJ-17008,
PMTR-55179
Logging In some scenarios, the "CGsoapSessions::AuthenticateSession failed, session is not authenticated" message may appear in mds.elg or fwm.elg file. Refer to sk152933.
PRJ-17195,
PMTR-58600
Security Gateway NEW: Added additional statistics to HTTP/2 in CPView.
PRJ-15830,
PMTR-57650
Security Gateway In rare scenarios, the "ERROR: dns_reverse_prepare_response_uuids: hash create failed" error is printed to dmesg.
PRJ-19003,
PRHF-13892
Security Gateway In some scenarios, when using routing separation, connection from data plane to management plane is dropped.
PRJ-17313,
PMTR-59182
Security Gateway In rare scenarios, Security Gateway memory consumption may increase.
PRJ-16912,
PMTR-59141
Security Gateway In some scenarios, a timeout occurs when the user enables resource separation via Clish. Refer to sk170372.
PRJ-17088,
PRHF-13025
Security Gateway When using a routing separation, syslogd does not move to the management plane.
PRJ-11293,
PRHF-8491
Security Gateway Unused OIDs may appear in SNMP MIB file.
PRJ-14262,
PRHF-11784
Security Gateway In some scenarios, wrong (too big) SNMP values are displayed when running SNMP query.
PRJ-17128,
PMTR-58427
Security Gateway In rare scenarios, Security Gateway memory consumption may increase.
PRJ-16923,
PMTR-59080
Security Gateway In some scenarios, "misp_rulematch_outgoing: fw_update_routing_opq_out_ifn failed" error appears in dmesg.
PRJ-17703,
PMTR-55080
Security Gateway In rare scenarios, policy installation fails with an "gen_rpc_service_inspect_func: service mismatch in service_arr" error message. Refer to sk174165.
PRJ-16090,
PRJ-13567
Security Gateway In some scenarios, policy installation fails with "Error code 0-2000121".
PRJ-17133,
PRHF-12530
Security Gateway In a rare scenario, the proxy arp table is not generated.
PRJ-13261,
PRHF-9930
Security Gateway In a rare scenario, traffic is dropped with the "[ERROR]: up_handle_get_matched_service_clob: no clob list on handle for type SERVICE;" error in dmesg.
PRJ-16666,
PRHF-12727
Security Gateway Security Gateway running in USFW mode (User-Mode Firewall) may crash with fwk core dump. Refer to sk169119.
PRJ-17606,
PRHF-1162
Internal CA In some scenarios, manual edit of user's certificate expiration period does not take effect. Refer to sk143292.
PRJ-16289,
PMTR-58322
VoIP NEW: Added support for HopCount field in H323 protocol. Refer to sk169513.
PRJ-16185,
IDA-3176
Identity Awareness In some scenarios, the Identity Broker Subscriber may crash.
PRJ-12546 Identity Awareness In some scenarios, there may be enforcement issues due to database corruption in PDP kernel tables.
PRJ-14484,
PMTR-55920
Identity Awareness SAML (Security Assertion Markup Language) groups mode configuration (pdp idp group status) is not saved after an upgrade.
PRJ-17200,
PMTR-59565
HTTPS Inspection In a rare scenario, a connection remains open after it is closed by the server, and the web browser may load a page for a long time.
PRJ-12561,
PRHF-8940
Anti-Malware In some scenarios, users may fail to access a web site with many malicious URLs.
PRJ-13200,
IPS-898
Anti-Malware Security Gateway may crash when trying to access a site encoded with Base64.
PRJ-15977,
PMTR-57915
UserCheck In some scenarios, the UserCheck daemon usrchkd may unexpectedly exit. 
PRJ-17345,
PMTR-59871
ClusterXL When 40000/60000 device is located on the same network segment (same VLAN, same switch) with ClusterXL environment, the cluster states can flap non-stop between the READY and ACTIVE on all cluster members causing outage.
PRJ-18534,
PMTR-61276
SecureXL In rare scenarios, when a Wire-Mode is configured on a community, it may cause a Security gateway from another community not to accelerate connections in SecureXL.
PRJ-17451,
PRHF-13029
SecureXL In some scenarios, CPView may show incorrect statistics for VPN encrypted/decrypted packets.
PRJ-9564,
PRHF-9919
SecureXL In a rare scenario, Security gateway may crash when the Drop Template feature is enabled.
PRJ-16534,
PMTR-54703
Routing UPDATE: User does not have to enable logging/accounting in SmartConsole to generate the Netflow records. New ‘NetFlow Firewall rule’ option was added to configure NetFlow to report per Firewall rule by turning it on and enabling Log/Accounting per rule. 
PRJ-15820,
PRHF-12144
VPN NEW: Performance improvement of VPN tunnel when using SHA-384. Refer to sk168336.
PRJ-16100,
PMTR-62229
VPN Remote Access VPN policy installation optimization. Refer to sk173947.
PRJ-16866,
PMTR-55844
VPN Software Blade name inconsistency between login and logout logs of an SNX client.
PRJ-15554,
PMTR-55281
VPN In some scenarios, the VPN IKEv2 tunnel establishment with LSV peer fails.
PRJ-10035,
CRYPTOIS-661
VPN In some scenarios, Security Gateway Portals and Remote Access VPN clients show wrong certificate after certificate renewal. Refer to sk131212.
PRJ-17330,
PRHF-12973
VPN Added VPN IKEv2 improvements.
PRJ-17002,
PRHF-12828
VPN Connectivity issue may appear between Check Point Gateway and 3rd party device in MEP DPD configuration when 3rd party device is defined as Central Gateway in MEP. Relevant error message: "Failed to resolve VPN MEP gateway".
PRJ-16442,
PMTR-56799
VPN In some scenarios, the VPN tunnel status is displayed as "Up - Phase1" in SmartView Monitor although both phase1 and phase2 are up. Refer to sk169121.
PRJ-16722,
PMTR-57565
VPN Remote Access potential connectivity issue when there are more than 1 external interfaces.
PRJ-13095,
PRHF-11004
VPN RADIUS packet sent by Security gateway, may show the Framed-IP-Address field in the reverse order. Refer to sk167361.
PRJ-12771,
PRHF-10314
VPN In some scenarios, RADIUS authentication may take more than five minutes to be fulfilled with Endpoint Clients, reaching connection timeout on the Gateway side.
PRJ-16661,
PMTR-52654
VPN Connectivity issue may appear between Check Point Gateway and 3rd party device when using Encryption Domain per Community.
PRJ-15466,
PMTR-56502
Gaia OS "show asset" command shows the Network card model CPAC-4-1C instead of CPAC-4-1C-L.
PRJ-19050,
PRHF-13949
Gaia OS In some scenarios, when using routing separation, modifying interface IP address fails.
PRJ-14315,
PRHF-11752
Gaia OS In rare scenarios, gateway uptime in SmartConsole may show an abnormally high number. Refer to sk167937.
PRJ-17612,
PMTR-49489
Gaia OS Several features are duplicated (both in WebUI and Clish) in RBA roles configuration/settings.
  • This is a cosmetic issue.
PRJ-16265,
PMTR-55837
Gaia OS Multi-Queue IRQ affinity is set incorrectly for i40e and MLX interfaces.
PRJ-13459,
EPS-28607
Endpoint Security NEW: Added ability to enable developer protection feature.
  • Requires R80.40 SmartConsole Build 414 (or higher).
PRJ-16600,
PRHF-12083
Endpoint Security In some scenarios, Policy server stops syncing with the Endpoint Security Server. Refer to sk168912.
PRJ-14225,
PMTR-56231
Endpoint Security Push operation may not go through to client due to continuous sync requests.
PRJ-16569,
PRHF-10695
Endpoint Security Incorrect time interval for checking RSA key generation may cause message flooding the logs.
PRJ-16892,
PRHF-12888
CloudGuard IaaS CloudGuard Controller imports only the first 50 NSX-T groups. Refer to sk169133.
PRJ-17750,
PMTR-60322
CloudGuard IaaS In some scenarios, userspace cores may appear on CloudGuard for Azure Gateways with VPN enabled and using AES-GCM-256 and AES-256. Refer to sk169417.
R80.40 Jumbo HotFix - General Availability Take 83 (04 October 2020, GA from 25 October 2020)
PRJ-8954,
MCFG-246
Upgrade Tools Upgrade from R80.10 to R80.40 may fail with messages related to cmsobfuscationkey. Refer to sk168933.
PRJ-15610,
PMTR-57447
Security Management NEW: Added ability to run Management REST API on a Multi-Domain Log Server.
PRJ-16147,
PMTR-58152
Security Management NEW:
  1. The "cma_migrate" command will continue working if the SSH connection with the Multi-Domain Server was lost.
  2. If the user presses "Ctrl+C" while cma_migrate is running, the user will be asked whether to stop cma_migrate or to continue.
PRJ-15501,
PMTR-56638
Security Management NEW: The $MDS_FWDIR/scripts/cpm_status.sh script will show if the CPM process fails to start.
PRJ-15497,
PMTR-57275
Security Management $MDS_FWDIR/scripts/solr_start.sh script may fail to start Solr Cure if sk123417 is applied.
PRJ-16876,
PRHF-12879
Security Management In some scenarios, sessions that were opened for the third parties or automatic scripts that use Management API, remain open. Refer to sk169072.
PRJ-11704,
PRHF-9017
Security Management The Purge Revisions operation may not clean deleted objects of previous revisions
PRJ-14297,
PRHF-11704
Security Management In rare scenarios, High Availability sync fails with "NGM failed to import data" error after the user deletes a Permission Role. 
PRJ-13463,
PMTR-54975
Security Management In rare scenarios, Install Policy Presets are not triggered.
PRJ-14492,
SMCUPG-1384
Security Management In some scenarios, migrating two different Security Management Servers to domains in the same Multi-Domain Management Server fails. 
PRJ-13919,
MCFG-242
Security Management In some scenarios, exporting the Security Management Server in order to migrate it to Domain in Multi-Domain Environment fails.
PRJ-13613,
PRHF-11300
Security Management In rare scenarios, the "where-used" API command fails with "Management server failed to execute command" error.
PRJ-13727,
PMTR-55574
Multi-Domain Management NEW:
  • Global object deletion will be blocked if used in Domains on the Multi Domain Server. 
  • The "Unused Objects" filter in the Global Domain will show objects only if not used by all of the Domains on the Multi-Domain Server. 
PRJ-14455,
PRHF-11940
Multi-Domain Management Policies may disappear from the Global Domain Assignments view after running the Solr Cure utility. Refer to sk168060.
PRJ-15720,
PRHF-12271
Multi-Domain Management When the user attempts to add/change the Leading Interface through mdsconfig, it may fail with the "no external interfaces found on this machine" error. Refer to sk168319
PRJ-16427,
PMTR-58559
Multi-Domain Management Management HA incremental synchronization may break on the MDS level with "failed to import data" error message due to an operation related to the Compliance Blade.
PRJ-16438,
PRHF-12236
Multi-Domain Management After upgrading a Multi-Domain Management Server, the object version of the Domain Management Servers or Domain Log Servers in the MDS SmartConsole may not have changed.
PRJ-17307,
PMTR-59799
Multi-Domain Management In rare scenarios, the fwm process may unexpectedly exit and fail the Multi-Domain Management server upgrade.
PRJ-15972,
PRHF-10916
SmartConsole Global Policy reassign in MDS may fail with "An internal error has occurred" message after adding overrides to Snort protections.
PRJ-15372,
PMTR-57065
SmartConsole The user may not be able to delete objects that are referenced by a previously deleted policy. Refer to sk122954.
PRJ-16091,
PMTR-55032
SmartConsole The "Get Interfaces" operation fails when admin creates a new cluster and decides to remove one of the members before he selects "Get Interfaces".
PRJ-13906,
PMTR-54935
SmartConsole In some scenarios, when working with older applications like SmartView or SmartProvisioning, the admin count in SmartConsole presents an incorrect number of connected admins.
PRJ-16342,
PMTR-58390
SmartConsole Setting or creating HTTPS layer (add-https-layer) with the "shared" parameter using the API may fail with the "Unrecognized parameter [shared]" error.
PRJ-12855,
PRHF-10453
SmartConsole Hit count data may not be deleted automatically.
PRJ-13456,
PRHF-10952
SmartConsole In some scenarios, Management API commands with "details-level":"full" Payload return a truncated output and fail to complete. Refer to sk170414.
PRJ-15482,
PMTR-39061
SmartProvisioning In some scenarios, when the user installs policy on R77.30 Central Office Security Gateway from Management version R80 and higher, VPN tunnels may be dropped for LSM Gateways. 
PRJ-13171,
PRHF-9994
Compliance Compliance Partial Scans in Multi-Domain environments using Global Policies may lead to SmartConsole freeze or long publish times. Refer to sk170562.
PRJ-13562,
PMTR-53242
Logging In rare scenarios, the evstop script does not stop all logging processes. As a result, upgrade procedures may hang and show no progress.
PRJ-14357,
SL-4323
SmartView In SmartView, when the user sends a generated report via email in a language with non-standard English letters (Accented, Cyrillic, Chinese, Japanese, etc), some of the text may appear as question marks (?). 
PRJ-14362,
PMTR-54723
SmartView In SmartView, the icon is missing from the cover page of Compliance and Content Awareness PDF reports.
PRJ-12208,
PMTR-52793
Security Gateway UPDATE: Added the latest fixes and security improvements to OpenSSL.
PRJ-16624,
PMTR-58538
Security Gateway Updated Dynamic Balancing Clish commands. Refer to sk164155.
PRJ-16995,
PMTR-59154
Security Gateway In some scenarios, Dynamic Balancing is unable to configure MQ setting for some interfaces.
PRJ-16401,
PRHF-12631
Security Gateway When using Management Data Plane Separation (MDPS), schedule backup may fail.
PRJ-14126,
PMTR-56181
Security Gateway In some scenarios, compilation errors during policy installation are ignored instead of immediately failing the policy. This may cause drops on the Security Gateway.
PRJ-14634,
PRHF-12058
Security Gateway In rare scenarios, Security Gateway memory consumption may increase.
PRJ-15633,
PMTR-57462
Security Gateway In a rare scenario, Security gateway may crash due to NULL pointer reference.
PRJ-13346,
PRHF-8408
Security Gateway In a rare scenario, the FWD process opens connections to port 111. 
PRJ-13888,
PRHF-9759
Security Gateway An interface name with more than 15 characters may cause the policy installation to fail. Refer to sk167955.
PRJ-15841,
PRHF-12221
Security Gateway ICAP block page displays virus name as "Unknown" instead of the virus name as it appears in the logs.
PRJ-16406,
PRHF-12305
Security Gateway In some scenarios, when VPN blade or ISP Redundancy are used, traffic may be routed to the wrong interface. Refer to sk168881.
PRJ-16159,
PMTR-58124
Security Gateway In a rare scenario, Security Gateway may crash after policy installation.
PRJ-12947,
PRHF-10972
Security Gateway After policy installation, the output of the "cphaprob stat" command may show "HA module not started" when a large number of non-monitored Cluster interfaces are configured in SmartConsole.
  • This fix adds support for multiple non-monitored interfaces in SmartConsole.
PRJ-15771,
PMTR-57606
Security Gateway In some scenarios, DNS protections configured on inspection settings may not be enforced.
PRJ-14449,
PMTR-10041
Security Gateway In some scenarios, large number of interfaces defined on Security gateway may cause high CPU utilization by CPD process. Refer to sk168674.
PRJ-9849,
PRHF-7150
Security Gateway In some scenarios, SCCP traffic may be dropped by the Security Gateway. Refer to sk108124.
PRJ-17223,
PMTR-59359
Security Gateway Enabling both Dynamic Balancing and MDPS causes Dynamic Balancing to stop.
PRJ-17097,
PMTR-59478
Security Gateway In rare scenarios, Dynamic Balancing fails to start after boot due to state verification failure.
PRJ-15849,
PMTR-57739
Security Gateway SXL drop due to routing configuration when using security zone on bridge (layer2).
PRJ-17421,
PMTR-54539
Threat Emulation,
Security Gateway
In a rare scenario, Threat Emulation and 2 core appliances may freeze. Refer to sk169575.
PRJ-16107,
PRHF-12463
URL Filtering In some scenarios, there may be sporadic connectivity issues in the Anti-Malware/URLF service (RAD). 
PRJ-15689,
PRHF-12067
HTTPS Inspection In some scenarios, web traffic may be blocked with "Content Awareness - Error: Internal system error (1000)" error log.
PRJ-14543,
PMTR-56472
HTTPS Inspection In some scenarios, а CRL timeout may occur, which may cause slowness in HTTPS Inspection. Refer to sk169876.
PRJ-15800,
PMTR-57645
IPS In some scenarios, invalid characters are sent to gw-stat report.
PRJ-15581,
PRHF-9645
Application Control In some scenarios, deprecated applications are not removed/replaced during an upgrade from R77.30 to R80.x. Refer to sk131372.
PRJ-11730,
PMTR-52415
Anti-Malware In some scenarios, custom intelligence feeds with URL encoding characters may not be parsed correctly. Refer to sk168077.
PRJ-14067,
AVIR-1090
Anti-Malware In rare scenarios, Security Gateway may crash due to memory allocation failure.
PRJ-16500,
PMTR-58709
Anti-Malware In rare scenarios, Security Gateway crashes during CIFS traffic when the Anti-Virus blade is in Hold mode and the CIFS feature is enabled for Anti-Virus or Threat Extraction (see sk101606). 
PRJ-15540,
PMTR-54954
Mobile Access Mobile Access Secure Workspace feature does not work with SAML/IDP-based authentication when running Secure Workspace is optional.
PRJ-14652,
PMTR-56622
Mobile Access The Mobile Access Blade's portal dialog for editing web application SSO credentials may not work correctly.
PRJ-16998,
PRJ-16965
Mobile Access Mobile Access portal may become unresponsive after Jumbo Hotfix uninstallation. Refer to sk169152.
PRJ-17446 Mobile Access Mobile Access Blade may fail to install on VSX environments due to a missing configuration file. 
PRJ-16681,
PRHF-12714
SecureXL In a rare scenario, Security gateway may crash when receiving packets from an MDPS management interface.
PRJ-14463,
PRHF-4457
SecureXL In a rare scenario, the Security Gateway may crash when deleting certain non-TCP connections.
PRJ-10498,
PMTR-50926
SecureXL In some scenarios, SecureXL makes an offload decision to not accelerate multicast traffic for route-based VPN.
PRJ-15902,
PRHF-12374
SecureXL An asymmetric routing issue may occur between a Virtual System and a Virtual Switch/Router.
PRJ-15485,
PMTR-54930
Routing BGP fails to establish with high MTU setting on Gaia 3.10.
PRJ-15393,
PRHF-11950
Routing A TCP connection between cluster master and slave may flap on OSPF attempt to delete a non-Max-Aage LSA.
PRJ-16575,
SPC-3089
Routing In some scenarios, the routed daemon may unexpectedly exit with BGP.
PRJ-14407,
PMTR-54728
VPN Connectivity improvements for Remote Access VPN with L2TP.
PRJ-15534,
PMTR-56073
VPN The "vpn tu tlist" command shows the wrong number of clients connected in Visitor mode.
PRJ-10953,
PRHF-8923
VPN In some scenarios, VPN tunnel connection is dropped with "no MSA for MSPI" error. Refer to sk167393.
PRJ-15331,
VPNRA-379
VPN In some scenarios, Remote Access VPN traffic may be dropped when XFF is enabled.
PRJ-15322,
PMTR-48973
VPN In some scenarios, using LS/HA mode on a VPN tunnel may cause packets to be dropped. Refer to sk160612.
PRJ-14576,
PMTR-54771
VPN IP compression may not work in some scenarios when IKEv2 is configured.
PRJ-15622,
PMTR-57459
VPN Access Roles with MAB SNX as the client type may not work.
PRJ-11052,
PRHF-7972
VPN Improved NAT Detection with 3rd party peers in IKEv1 and IKEv2. Refer to sk165003.
PRJ-16211,
VPNRA-469
VPN Stability improvement for Remote Access VPN.
PRJ-15467,
PMTR-46467
VPN When IKEv2 is configured, traffic that originated from the DAIP external interface may fail to pass. 
PRJ-15838,
PMTR-40895
VPN When a Gateway does not recognize the SPI, it sometimes sends the "Invalid SPI" notification in clear. As a result, the peer may ignore it, resulting in an outage.
PRJ-16015,
PMTR-55514
VPN In rare scenarios, Remote Access clients may not be able to re-connect after a failover. 
PRJ-15996,
PRHF-11856
Gaia OS NEW: Added Multi-Queue (MQ) support for Sync interface.
PRJ-14591,
PRHF-12060
Gaia OS Reduced the logging of vague messages when the user adds a known host in Clish.
PRJ-12864,
PMTR-51379
Gaia OS Creating LOM users for Smart-1 525/625/5050/5150 appliances may fail if the username length is shorter then 4 characters. 
PRJ-11861,
PRHF-9702
Gaia OS It is not allowed to create usernames with reserved words, such as 'eval', 'apply' etc., in the middle of the username in WebUI. Refer to sk170681.
PRJ-11994,
PRHF-10312
Gaia OS In rare scenarios, a snapshot creation may fail. 
PRJ-12741,
PMTR-51157
Gaia OS Restore backup may fail due to unmatched upgrade tools. 
PRJ-17321,
PMTR-58887
Gaia OS Certain Clish commands, like "show interfaces all", may cause confd to crash. Refer to sk170324.
PRJ-16922,
PRHF-12593
Gaia OS In a rare scenario, the "Allowed-clients" feature does not work as expected for SSH.
PRJ-13942,
PRHF-11368
Gaia OS In some scenarios, when the RADIUS user enables bash logging (as per sk99134) and moves to expert mode, the username in the log files appears as admin instead of RADIUS.  
PRJ-16080,
PMTR-57581
Gaia OS In some scenarios, when the user tries to return to the factory default, the machine reverts to a different snapshot. 
PRJ-16567,
PRHF-12526
Gaia OS In the Management Data Plane Separation (MDPS) environment, the output for the "show asset network" command may not report some line cards if they have mixed management/data plane interfaces.
PRJ-10079,
PMTR-50675
Gaia OS When enlarging the partition via lvm_manager from a small partition to a larger partition, the user may reach an internal filesystem settings limit. As a result, some filesystem monitoring commands unexpectedly exit. 
PRJ-15861,
PMTR-57779
Gaia OS "... Error I40E_AQ_RC_EINVAL adding RX filters on PF..." error may appear during i40e driver operation and RSS key may be reset during certain driver operations.
PRJ-11130,
PMTR-51775
Gaia OS Setting LACP rate does not survive a reboot on Gaia 3.10.
PRJ-15600,
PRHF-11404
Endpoint Security Gaia backup with Endpoint Management may miss some information from the Endpoint database. Refer to sk168062.
PRJ-16474,
PRHF-11087
Endpoint Security "An unexpected error occurred" message may appear when the user clicks on 'View Current Status' in SmartEndpoint's 'Overview' tab. Refer to sk167176.
PRJ-15423,
PMTR-57126
CloudGuard IaaS NEW: Added support for VMware vCenter version 7 to CloudGuard Controller.
PRJ-12838,
PMTR-53868
CloudGuard IaaS NEW: Added new AWS regions af-south-1, ap-northeast-3, and eu-south-1. 
PRJ-16019,
PRHF-12425
CloudGuard IaaS In some scenarios, CloudGuard Controller may lose connection to GCP projects. Refer to sk168499.
PRJ-16254,
PRHF-12538
CloudGuard IaaS Scanning of GCP Data Center may fail when instance does not have disks.
PRJ-12185,
VSECC-1293
CloudGuard IaaS CloudGuard Controller may sometimes update the Standby cluster member in VSLS mode.
PRJ-16223,
PRHF-12510
CloudGuard IaaS Azure Data Center scan may fail and no updated are sent to the Security gateway.
PRJ-15355,
STRM-152
QoS In some scenarios, QoS Policy installation fails with the following message: "Error - QoS Policy does not apply to any network interface. Please edit your Network Object and check the interfaces you wish to install on" when policy is defined properly on the interface.
R80.40 Jumbo HotFix - General Availability Take 78 (26 August 2020, GA from 9 September 2020)
PRJ-13962,
PMTR-55974
Security Management NEW: Added the ability to purge revisions automatically based on user configuration. Refer to Automatic Purge Documentation.
PRJ-12308,
PMTR-48736
Security Management NEW: Added enhancements for CPM Monitor Tool:
  • Compatibility of file names between Linux and Windows.
  • Better and more readable resources consumption report.
  • All data is wrapped into a single tgz file, for better handling.
PRJ-14645,
PRHF-11983
Security Management NEW: Solr server process is restarted automatically if it is not responsive for a long time.
PRJ-13809,
PMTR-55860
Security Management Publish operation of hundreds of changes may take a long time to complete.
PRJ-16195,
PRHF-9260
Security Management When running the 'show-access-rulebase' API command with filter, and the selected layer is an inline layer, rules of the inline layer are not returned even though they match the search criteria.
PRJ-11491 Security Management Access Policy installation may remain on Multi-Domain Server with Global Policy assigned when there is Inline layer usage and APPI/DA/Mobile Access blade is enabled. Refer to sk166676.
PRJ-13319 Security Management Upgrade from R80.10 may take many hours when there are hundreds or more Administrators and dozens or more Permission Profiles defined.
PRJ-13920 Security Management In Multi-Domain environments with High Availability, if the Management Server is stopped while there is a Purge Revisions operation in progress, the server may fail to start again. Refer to sk168175.
PRJ-13167,
PMTR-53758
Security Management When an administrator enters a very long text into an object field (more than 32767 characters), the Security Management Server terminates and fails to start. 
PRJ-13049,
PRHF-11033
Security Management After the user adds new Threat Indicators, Management HA may fail with "NGM failed to import data" error. Refer to sk167156
PRJ-15459,
PRHF-6093
Multi-Domain Management Policy Installation may fail due to an internal error in an MDS environment where there is a Global Dynamic object usage inside Networks Groups with a depth that is higher than 2-level (group inside a group).
PRJ-14096,
PMTR-56164
SmartConsole NEW: Added new API version (1.6.1). The new version includes useful new commands. For more information, refer to the Management API Reference.
PRJ-13008,
PRHF-10998
SmartConsole In the Management API, the "show objects" command with details-level full may return the "ip-address" field even if it is empty.
PRJ-14290,
PMTR-53220
SmartConsole If there are thousands (or more) of unused objects, the "show unused-objects" API command and the Unused Objects view may load and work very slowly. Also, the load on the Management server will increase, causing general slowness when working with SmartConsole.
PRJ-14532,
PMTR-55130
SmartView In some scenarios, when the user attempts to download a DLP attachment from the log card in SmartView, the download does not start.
PRJ-12705,
PRHF-10295
SmartView The SmartView Timeline may be distorted when logs contain an empty value for the field specified in the “Series” settings and when the Legend is enabled. Refer to sk167095.
PRJ-12099,
PMTR-52324
Logging NEW:
  • Added Management API command "show logs" to query logs.
  • Added Management API command "get attachment" to fetch attachments from logs by log ID and attachment ID.
PRJ-14049,
PRHF-11502
Logging In some scenarios, the command "cp_log_export status" prints "last log read at: N/A" rather than a timestamp.
PRJ-14372,
PRHF-10818
Security Gateway UPDATE: Reduced CPU usage in some configurations by parsing TLS traffic only when required by the policy. See sk166700 for more information.
PRJ-14007,
PRHF-11326
Security Gateway In some scenarios, ESP traffic may be dropped with "fwconn_key_init_links (INBOUND) failed" message. Refer to sk167973.
PRJ-13678,
PMTR-53479
Security Gateway In some scenarios, dmesg shows "up_manager_perform_action: up_manager_resume_chain failed" error messages when span port is configured.
PRJ-8049 Security Gateway When running 'fw6 ctl affinity -l' command, the IPv6 instances are not displayed.
PRJ-13267,
PMTR-54226
Security Gateway Occasional slowness while browsing to HTTP/2 sites when Security Gateway is enabled as an explicit Proxy.
PRJ-13696,
PMTR-55510
Security Gateway Proxy arp change is applied only after the second policy installation.
PRJ-14217,
PMTR-56300
Security Gateway In a rare scenario, the Security gateway may crash if the rulebase contains a logical server object.
PRJ-11752,
PMTR-52426
Security Gateway Citrix file download may fail when the Mobile Access blade is enabled.
PRJ-11417,
PRHF-9776
Security Gateway In some scenarios, NAT log shows source port 0 even though a port was allocated.
PRJ-13382,
PMTR-54897
Security Gateway In some scenarios, Security gateway generates an ICMP error with wrong IP address. Refer to sk167953.
PRJ-13631,
IDA-2683
Identity Awareness NEW: Added the ability to filter sessions by session's owner and immediate publisher in Identity Broker.
PRJ-9494,
PMTR-49855
Identity Awareness UPDATE: SAML configuration optimizations of policy installation flow.
PRJ-12565,
IDA-2983
Identity Awareness PDP may consume high CPU during policy installation because of a large amount of Access Roles.
PRJ-10818,
PMTR-51543
Identity Awareness In a rare scenario, a memory leak may appear in case of LDAP query failure on Identity Collector automatic group update.
PRJ-8713,
PRHF-7978
Identity Awareness In some scenarios, Dynamic ID authentication fails when SMS server returns HTTP status code 2xx but not 200 or 202.
PRJ-13516,
PMTR-55246
Identity Awareness In some scenarios, a XFF allowed proxy list is enforced only for instance 0 in VSLS environment after VS has transitioned from Backup to Active.
PRJ-13702,
PRHF-561
Identity Awareness In some scenarios, when the user changes the TACACS+ server to a different one, the configuration is applied only after an MDS reboot. 
PRJ-12503,
PRHF-10481
Identity Awareness In some scenarios, Identity Awareness counters in cluster environments show zero. 
PRJ-11484,
PMTR-40495
SSL Inspection DynamicID authentication may fail due to server certificate validation failure. Refer to sk167177.
PRJ-11511,
SMB-12153
SSL Inspection In some scenarios, there may be SSL Inspection issues in cluster environments on 1500 Series Security Gateways. Refer to sk170218.
PRJ-10663,
PRHF-9289
Anti-Malware In some scenarios, a "Feed Error" message appears when the user fetches a Custom Intelligence Feed. Refer to sk165932.
PRJ-12809,
PMTR-51013
Threat Emulation In a rare scenario, files are not uploaded for Threat Emulation or Threat Extraction inspection.
PRJ-14224 ClusterXL In some scenarios, SmartConsole shows ClusterXL status as "is not responding". Refer to sk168187
PRJ-14612,
PRHF-7700
SecureXL UPDATE: Added a global variable that enables log for packets that include unapproved IP option. This variable is off by default.
PRJ-14514,
PRHF-10860
SecureXL In a rare scenario, a VSX gateway with Virtual Switch may crash.
PRJ-13414,
ACCHA-301
SecureXL DECnet DIGITAL Network Architecture (Phase IV) traffic may be dropped. Refer to sk167202.
PRJ-13763,
PMTR-55537
SecureXL Security Gateway may crash when concurrent connection rules exist in the DOS/Rate limiting policy and the Application Control blade is enabled.
PRJ-14079,
PMTR-56026
SecureXL For some topologies, RIPV2 neighbors may be missing. Refer to sk167934
PRJ-12254,
PMTR-23165
Mobile Access In some scenarios, Mobile Access end-users become disconnected from their Citrix sessions after policy installation.
PRJ-13730,
PMTR-54159
Mobile Access In some scenarios, Web application SSO credentials are not displayed correctly in the 'Credentials' dialog when the application's destination hostname is configured as an IP address.
PRJ-14435,
PMTR-53221
Gaia OS NEW: Added support for CPAC-4-10-AB cards.
PRJ-14596,
PMTR-55036
Gaia OS NEW: Added Multi-Queue (MQ) support for Management interface.
Note: Enabling both Dynamic Balancing and MDPS causes Dynamic Balancing to stop.
PRJ-13642,
PMTR-54518
Gaia OS NEW: The i40e driver version was upgraded to improve performance.
PRJ-13011,
PMTR-54188
Gaia OS RX/TX ring size may reset when changing queue settings.
PRJ-15424,
PMTR-57108
Gaia OS Gaia API Service is offline after upgrade to R80.40.
PRJ-13480,
PMTR-55154
Gaia OS Intake and outlet temperature sensors display incorrect values on 15400 appliance. 
PRJ-12513 Gaia OS In some scenarios, due to backup compression errors, restoring a backup does not restore all files.
PRJ-13719 Gaia OS In some scenarios, a snapshot creation may fail.
PRJ-10352,
PRHF-8760
Gaia OS In rare scenarios, clish consumes 100% CPU when the user runs a Tenable scan. Refer to sk166195.
PRJ-14402,
PRHF-11683
Gaia OS In some scenarios, the snapshot creation fails because of compression errors.
PRJ-13926,
PMTR-54829
Routing UPDATE: Increased the configuration limits of the BFD timers for detect multiplier, minimum RX interval, and minimum TX interval to 255, 255000, and 255000, respectively.
PRJ-13979,
PRHF-11680
Routing UPDATE: The logging of "aspath-regex" and "community-regex" routemap fields is now disabled by default and can be enabled through the trace log.
PRJ-11805,
VPNRA-357
VPN In some scenarios, an incorrect IPSec counter may be displayed with cpstats / SmartView Monitor / SNMP in a ClusterXL environment. Refer to sk167297.
PRJ-14074,
VPNRA-404
VPN When Security gateway is behind NAT and its main IP address is configured to NAT IP, Client may disconnect when using Visitor Mode.
PRJ-14244,
PRHF-7995
VPN VPN traffic may be dropped when working with peer behind NAT - Hide NAT with Port Translation. 
PRJ-13408,
PMTR-54443
VPN In rare scenarios, the Global Domain Assignment view shows that a Global Domain Assignment is in the 'up to date' state even though it is not. 
PRJ-14075,
VPNRA-417
VPN When using Visitor Mode, Endpoint Client behind NAT disconnects after 20 seconds when his private network overlaps with some network in the Encryption Domain.
PRJ-15437,
PRHF-12039
VSX VSs load up in parallel from boot/after cpstart from VS0.
PRJ-14151,
PRHF-11651
Endpoint Security In some scenarios, no audit logs are shown regarding object changes in SmartEndpoint virtual groups and FDE pre-boot users. Refer to sk167907.
PRJ-14133,
PRHF-7699
Endpoint Security In some scenarios, the user cannot get an FDE Offline Management File (cpomf) for an offline group in SmartEndpoint if this group or a directory in its path has special characters \ _ %. 
R80.40 Jumbo HotFix - General Availability Take 77 (18 August 2020, GA from 25 August 2020)
PRJ-16351,
PRJ-14399
Security Gateway Updated dependencies of internal OS packages during Security Gateway installation.
PRJ-16314,
PMTR-55189
Gaia OS In some scenarios, Cluster does not recognize bond slaves.
R80.40 Jumbo HotFix - Ongoing Take 74 (05 August 2020)
PRJ-10159,
PRHF-8586
Logging "UserCheck Reference ID” field is missing from logs when the message of the UserCheck customized page is modified and does not contain the text "reference:". Refer to sk165355.
PRJ-13589,
PRHF-11311
Security Gateway In a rare scenario, Security Gateway may crash during policy installation.
PRJ-15983 VPN Starting from R80.40 Jumbo Hotfix Take 48, clients that do not support MFA (such as Mac OS and iOS) cannot connect as Remote Access clients if MFA is enabled. Refer to sk168493.
R80.40 Jumbo HotFix - Ongoing Take 69 (27 July 2020)
PRJ-12005,
PMTR-49928
Security Management NEW: Added a new SmartTask trigger for "Before Login".
PRJ-12026,
PMTR-51885
Security Management NEW: Tasks that fail to complete within 18 hours will be stopped automatically and appear as failed. Refer to sk166455.
PRJ-12376,
PRHF-10550
Security Management Policy Presets may disappear from view after running the Solr Cure utility. Refer to sk167455.
PRJ-12142,
CPM-2624
Security Management Management HA synchronization between the active Domain server to a standby Domain server may fail with "Failed to import data" error.
PRJ-12671,
PMTR-52789
Security Management If an administrator searches for a certain text in SmartConsole, it may cause the Management Server to become inaccessible until a restart.
PRJ-14086,
PRJ-14088,
PMTR-55188
Security Management A policy that uses Access Role objects may incorrectly show the rule conflict when verifying it using "Verify Access Control Policy". The same policy will pass successfully when performing 'install policy', as expected. Refer to sk168066.
PRJ-14089,
PRHF-11750
Security Management Access Role in source \ destination column with "Redirect to Captive Portal" as an action on the Accept column may cause the policy verification to fail, but policy installation finishes successfully. Refer to sk167732.
PRJ-10059,
PRHF-8924
Security Management In some scenarios, Security policy deletion or installation may fail when there are many Application Control objects used in this policy. Refer to sk175588.
PRJ-13157,
CPM-2811
Security Management In rare scenarios, a session becomes unusable, and one or more of the following may occur:
  • The user is not able to log in and make changes with this session.
  • Publishing this session fails.
  • Discarding this session fails.
Refer to sk167735.
PRJ-13034,
PRHF-10917
Multi-Domain Management Global Policy reassignment may fail after performing the IPS update in the Global domain.
PRJ-12901,
PMTR-53694
SmartConsole NEW: Added more information on each Management API call to api.csv.
PRJ-12906,
PMTR-53855
SmartConsole When using the Management API "show-objects" command to show OPSEC application objects, it may fail with "Requested object [OBJECT ID] not found".
PRJ-12975,
PMTR-51691
SmartConsole When a VSX Cluster object is edited, no changes are made and the  "Topology has changed. Please reinstall Security Policy" message is always displayed after clicking OK, even if no changes are made.
PRJ-13900,
PRHF-11537
SmartConsole Audit log is not shown in SmartConsole Logs & Monitor View for the login action through API when the "-r" flag is set to true (login as root).
PRJ-10201,
PRHF-9019
SmartView SmartView may show "query failed" error message when creating table widget with filter by source/destination host name. Refer to sk119056.
PRJ-12692,
MB-731
Compliance Compliance blade may show incorrect Best Practice status if one or more relevant network objects for that Best Practice is in status "N/A".
PRJ-11889,
PRHF-10057
Logging In some scenarios, searching for logs using "client_name" in the logging tab returns no values.
PRJ-11312,
PMTR-51802
Logging In Multi-Domain Management environments, some of the log_indexer processes may fail to start due to an occupied port.
PRJ-13914,
PMTR-55977
Security Gateway NEW: Added Spike Detector - a new daemon to automatically detect CPU spikes. Refer to sk166454.
PRJ-11503,
PMTR-52209
Security Gateway NEW: Added "Hold" override for unsupported protocols (i.e. GRE). Refer to sk148432.
PRJ-13568,
PMTR-50532
Security Gateway Connectivity issues may appear when ISP Redundancy is configured.
PRJ-14483,
PMTR-54946
Security Gateway When moving context in MDPS with mplane or dplane and bash logging is enabled, the 'grep' command is executed.
PRJ-11743,
SWG-2533
Security Gateway Improved connectivity in a specific flow when ICAP Client is enabled with Trickling 3.
PRJ-10298,
PRHF-8781
Security Gateway In some scenarios, the license status of the Security gateway is not updated properly in SmartConsole.
PRJ-11696,
PRHF-9799
Security Gateway In a rare scenario, access rules with service type of "other" may not be matched correctly. Refer to sk166365
PRJ-13766,
PRJ-13204
Security Gateway In a rare scenario, a traffic outage may occur when time objects are used in the access policy.
PRJ-10767,
PRHF-8926
Internal CA In some scenarios, no SIC between R80.x Security Management and R77 Security gateway after ICA certificate replacement procedure described in sk158096.
PRJ-12341,
PMTR-53146
URL Filtering In a rare scenario, policy installation may fail with "Error code: 0-2000112" if the URL Filtering blade is active while no other feature or blade is enabled.  
PRJ-12621,
PMTR-45782
Identity Awareness After disabling and re-enabling the Identity Collector in SmartConsole, the Identity Collector may fail to connect to the PDP Gateway again.
PRJ-13150 Anti-Virus In a rare scenario, Security gateway may crash while processing SMB3 multi-channel while Anti-Virus blade is enabled.
PRJ-13599,
PMTR-55344
HTTPS Inspection In some scenarios, web traffic is blocked with "HTTP parsing error occurred" and "parameters are undecodable in request" errors.
PRJ-13110,
PRHF-11112
HTTPS Inspection In some scenarios, HTTPS websites may show corrupted text when HTTPS Inspection and Anti-Virus are enabled.
PRJ-12767,
TEX-1762
Threat Extraction In rare scenarios, the watermark_cp_file_convertd daemon used by Threat Extraction may restart frequently, causing high CPU usage. Refer to sk168318.
PRJ-13118,
PMTR-52580
DLP Improved DLP functionality when working with IDA MUH1 and MUH2 agents.
PRJ-11552 SecureXL In some scenarios, MCAST packets may not be accelerated on a PIM-SM RP Gateway.
PRJ-12710,
PRHF-10849
ClusterXL In some scenarios, a Cluster member forwards ICMP replies via its Sync interface after being rebooted.
PRJ-12999,
PMTR-51108
CoreXL On appliances with Dynamic Balancing enabled, allocation of CoreXL SND cores is limited by the interface with the minimal number of Rx queues.
PRJ-13773,
PMTR-53346
CoreXL On 23900, 26000(T) and 28000 appliances with Dynamic Balancing enabled, CPView shows several CPU cores as “Other”. Dynamic Balancing does not work on these CPU cores.
PRJ-11452,
PMTR-51868
Gaia OS NEW: Added support for Smart-1 3150/3050 SAN and 'show asset' line cards for SAN.
PRJ-12932,
PMTR-53897
Gaia OS NEW: Added line card model information to "show asset network" output for the following appliance series: 5000, 6000, 15000, 23000, 7000, 16000, 26000 and 28000.
PRJ-11047,
ACCL-417
Gaia OS UPDATE: CPView Network -> Top-Protocols and Network -> Top-Connections tabs were added back. Refer to sk167903.
PRJ-12249,
PMTR-52663
Gaia OS UPDATE: on Smart-1 5050:
  • Line card 1 model PE2G2SFPi35*-CP* is changed to CPAC-2-1F-SM*-C*
  • Line card 2 model PE210G2SPI9A-XR*-CP* is changed to CPAC-2-10F-SM*-C*
PRJ-12762,
PMTR-52834
Gaia OS In some scenarios, WebUI shows unknown HDDs that are not part of RAID.
PRJ-13627,
PRJ-13627
Gaia OS The show configuration clish command shows 'Exported by admin' label even if it is another user.
PRJ-14451,
PRHF-11802
Gaia OS In some scenarios, the snmpd process stops accepting connections in MDPS/VSX environment.
PRJ-12956,
PRHF-10941
Gaia OS User fails to add ecsda hot keys via clish to the hosts file. This prevents from setting up the scheduled backups before the system goes into production.
PRJ-13272,
GAIA-7496
Gaia OS In some scenarios, the value for Voltage/Fan/Temperature sensor may appear as "NotValid".
PRJ-8950,
GAIA-7018
Gaia OS In some scenarios, interface names may not correspond to the correct ports on 4-ports 10GbE SFP+ Rev 1.1 on 12200/4200/4400/4600/4800/TE250 appliances.
PRJ-11499,
PMTR-51462
Gaia OS In some scenarios, the PSU status is reflected even if there is no PSU on the appliance
PRJ-10763,
PRHF-9221
Gaia OS Only 1024 characters of a cron jobs output are displayed when using show cron jobs from clish.
PRJ-12519,
PRHF-10672
Gaia OS In some scenarios, a backup on a Gaia device with Threat Emulation Blade enabled may fail with "Cannot complete the backup process: not enough space". Refer to sk166833
PRJ-12465,
PRHF-388
VPN In a rare scenario, Security gateway may crash when using Remote Access VPN with L2TP clients.
PRJ-12892,
PRHF-10685
VPN IKEv2 rekey may fail when the resolved peer IP address is not the main IP address. Refer to sk166897.
PRJ-13342,
PRHF-1164
VPN In some scenarios, L2TP client fails to connect with "failed to write L2TP session params to kernel" error in vpnd.elg file. Refer to sk167636.
PRJ-12195,
PRHF-9885
VPN A connectivity issue may occur when a non-encrypted VPN tunnel is used with IKEv2. Refer to sk167902.
PRJ-14461,
VPNS2S-1322
VPN In some scenarios, VPN tunnels may get disconnected.
PRJ-12814,
PMTR-53248
VSX When SNMP is in VS mode, the SNMPD process of VSs may re-launch every few minutes. Refer to sk167112.
PRJ-14045,
PRHF-11742
VSX "Internal Error - Failed to commit changes to OS" error when user creates a Wrp interface with MTU greater than 1500. Refer to sk167715.
R80.40 Jumbo HotFix - General Availability Take 67 (23 July 2020, GA from 27 July 2020)
PRJ-15513,
PMTR-57274
Logging In some scenarios, logs are not available with "Query Failed" message in the logging view, and "An error occurred instantiating job to be executed. job= 'maintenance.routineMaintenance'" message appears in the $RTDIR/log/RFL.log file. Refer to sk168616.
PRJ-14354,
PMTR-55604
Gaia OS In some scenarios, user cannot start IPMI service and loses the IPMI functionalities like lominfo and lomipset.
PRJ-12745,
PMTR-48781
Gaia OS In some scenarios, user cannot start IPMI service on 21400 appliance with "service ipmi start" command.
R80.40 Jumbo HotFix - Ongoing Take 65 (19 July 2020)
PRJ-14581,
PMTR-52149
ClusterXL Connectivity issue may appear on a Standby cluster member after installing R80.40 Jumbo HotFix Takes 53-55. Refer to sk167874.
R80.40 Jumbo HotFix - Ongoing Take 55 (30 June 2020)
PRJ-13958,
PRJ-13803
Security Management Upgrade to R80.40 Jumbo HotFix Ongoing Takes 53 and 54 fails when upgrading from one of the following:
  • R80.30 Jumbo HotFix Ongoing Takes 210 and 213
  • R80.20 Jumbo HotFix Ongoing Takes 160 and 161
R80.40 Jumbo HotFix - Ongoing Take 54 (24 June 2020)
PRJ-13686 Security Management In some scenarios, when using many management API calls in parallel, the output is not consistent. Refer to sk167509.
R80.40 Jumbo HotFix - Ongoing Take 53 (15 June 2020)
PRJ-11387,
PMTR-52087
Security Management NEW: Significant performance improvement for policy installation time when many groups are defined on the Management Server.
PRJ-10901,
PMTR-49801
Security Management NEW: Set values for environment variables on the Management Server that will remain there after a Management Server upgrade, as well as Backup/Restore and Export/Import of the Management Server. Refer to sk165938.
PRJ-12914,
PMTR-48623
Security Management In some scenarios, pressing "Where Used” does not show a script that is used in SmartTasks. 
PRJ-12275,
PMTR-53007
Security Management In Management HA configuration, a hotfix installation may incorrectly fail during the verification phase.
PRJ-11586,
PRHF-9260
Security Management In some scenarios, when using Rulebase Search, the 'number of rules' section is incorrect. Refer to sk166003.
PRJ-12506,
PRHF-10058
Security Management When using packet mode in Rulebase Search, results from inline layer may be matched even though their parent layer is not.
PRJ-12359,
PMTR-33408
Multi-Domain Management NEW: Added ability to log in to the Management Server with SmartConsole while MDS Backup is running.
PRJ-12966,
PRHF-10944
Multi-Domain Management In some scenarios, certain deleted domain level objects are visible in the SmartConsole at the MDS level.
PRJ-9666,
PRHF-8502
Multi-Domain Management In environments with more than five Multi Domain servers, changes to objects may not be reflected in the logs. 
PRJ-12484,
PRHF-10330
Multi-Domain Management Multi-Domain Administrator configuration for RADIUS authentication may show local Domain Radius servers and groups.
PRJ-12326,
PMTR-48272
Multi-Domain Management The "Recent Tasks" and "Install Policy Preset" views in MDS Domain may include Domain names, policy packages, and Gateways names. This information is not filtered according to the administrator's permission profile. 
PRJ-12206,
PRHF-10405
Multi-Domain Management In some scenarios, changes to a .def file in $FWDIR/lib may be reverted when creating a secondary CMA.
PRJ-11507,
PRJ-11508
Multi-Domain Management A migration from Security Management server to a Domain on a Multi-Domain Management Server may fail with: “didn't find ObjectStoreSessionEntity for session <uuid> return null" error in cpm.elg file. 
PRJ-12556,
PRHF-10523
Multi-Domain Management In some scenarios, updating firewall_properties in GuiDBedit in the MDS context fails. Refer to sk42184
PRJ-13187,
PMTR-54274
Multi-Domain Management In a rare scenario, Advanced upgrade from R80.10 may fail.
PRJ-12066,
PRHF-10327
Multi-Domain Management The FWM process of domains may not stop after the user runs mdsstop or mdsstop_customer.
PRJ-12778,
PMTR-52320
SmartConsole NEW: Added API commands for user, user-template, user-group and identity-tag.
PRJ-11074,
PMTR-51815
SmartConsole NEW: Added ability to reset the following network object fields to be empty through the Management API: ipv4-address, ipv6-address, subnet4, subnet6, mask-length4, and mask-length6.
PRJ-11906, 
PRHF-10275
SmartConsole In rare scenarios, certain domain level objects may not be visible in SmartConsole at the MDS level. 
PRJ-12457,
PRHF-8968
SmartConsole In some scenarios, IPS update may be locked with the message "IPS management update is locked by Scheduled update" .
PRJ-12539,
PRHF-9941
SmartConsole Unable to delete Snort protections in Multi-Domain environment - they still exist after deletion.
PRJ-12444,
PRHF-8488
SmartConsole In some scenarios, IPS update tasks may stuck when multiple machines are attempting an update within the same time frame.
PRJ-12961,
PRHF-10916
SmartConsole Global Policy reassign in MDS may fail with 'An internal error has occurred' message after adding overrides to Snort protections.
PRJ-12211,
PMTR-52897
SmartConsole When running the "show-domain" API command, the "active" field may be missing from the reply.
PRJ-11259,
PRHF-9106
SmartConsole In some scenarios, Inspection Settings view under the General tab is blank.
PRJ-11433.
PRHF-8506
SmartProvisioning The SmartProvisioning application may hang when the user adds/edits Dynamic Objects in the LSM Gateway object editor. 
PRJ-11917,
PMTR-51950
Security Gateway NEW: Added support for key renegotiation in SSH Deep Packet Inspection (DPI).
PRJ-9121,
PRJ-8907
Security Gateway Connections may be dropped when "keep all connections" is configured during policy installation. Refer to sk166212.
PRJ-11781,
NAT-215
Security Gateway In a rare scenario, the Security Gateway may crash when using a non- FQDN domain object in the policy.
PRJ-13078,
PMTR-54306
Security Gateway When HTTPS Inspection is enabled using layer-2/bridge, traffic may be dropped when deciding the outgoing interfaces.
PRJ-12733,
PMTR-53779
Security Gateway In a rare scenario, memory is not freed correctly in the routing mechanism.
PRJ-12237,
PRHF-10039
Security Gateway In a rare scenario, Security Gateway memory consumption may increase when the Anti-Virus blade is enabled.
PRJ-13091,
PRHF-11016
Security Gateway
  • CPView Utility may not display speed and driver.
  • SNMP does not use custom OID, dplane OID mapping to Management Plane.
  • Some connections through Management Plane on Standby member may be dropped.
PRJ-13148,
PMTR-54459
Security Gateway In some scenarios, IPS & APPI updates fail when Anti-Virus and Content Awareness blades are active.
PRJ-9700 Logging NEW: Added support for viewing MITRE ATT&CK fields in logs. 
PRJ-9317,
PRHF-8166
Logging Logging view may show results from the wrong day if the server Time Zone is configured to use half/quarter hour deviations from standard time.
PRJ-8923,
PRHF-8148
Logging When the user searches logs in the "Logs and Monitor" tab in SmartConsole and applies a filter using the "?" wildcard, incorrect logs may be returned. 
PRJ-8481,
PRHF-7592
Logging "Problem has occurred during search < External Log server > Disconnected" error may appear in "Logs & Monitor" tab after creating dummy object for NAT.
PRJ-9738,
PMTR-37265
SmartView In SmartView, deleting widgets and clicking on "Discard" may not revert all changes.
PRJ-10671,
PMTR-49128
SmartView In SmartView, when using a language other than English, an error may occur when drilling down on a widget.
PRJ-11058,
PRHF-9354
Application Control In some scenarios, Application Control update task may get stuck indefinitely when it is executed as part of Global Policy assignment.
PRJ-12167,
PMTR-52106
Application Control In some scenarios, Application Control updates in Multi-Domain High Availability environments may get stuck when multiple updates from different Domains/Multi-Domains take place simultaneously.
PRJ-9565,
PRHF-8153
Threat Prevention The number of overrides in Threat Prevention policy -> Profile -> Overrides may also show inactivated overrides, with mismatched information between "override" and "User Modified". 
PRJ-12433,
PRHF-11043
Threat Prevention In a rare scenario, when Threat Prevention Forensics feature is enabled, memory usage may rise on the Security gateway due to failures in memory release flow.
PRJ-10672,
PMTR-51385
SSL Inspection NEW: Added support for FutureX HSM when working with outbound HTTPS Inspection.
PRJ-11435,
PMTR-52216
Anti-Malware In some scenarios, "Feed Error" message appears when fetching a IOC feed.
PRJ-10849,
PMTR-50978
UserCheck In a rare scenario, the UserCheck daemon may fail with core dump file created.
PRJ-12603,
PMTR-53442
Mobile Access Mobile Access ActiveSync session timeout may not update properly, generating repeated error messages in the 'cvpnd.elg' debug output. 
PRJ-10417,
MAGB-781
Mobile Access Some Web applications published by Mobile Access Blade may not work in Host Translation mode.
PRJ-9780 ClusterXL Resetting SIC on a Cluster member may result in CCP Encryption turned OFF while it should remain ON.
PRJ-10979,
PMTR-43718
ClusterXL SNMP Response for OID .1.3.6.1.4.1.2620.1.5.6 ("haState") is "Active" on all members of ClusterXL High Availability mode. Refer to sk106291.
PRJ-11611,
PMTR-52275
ClusterXL In some scenarios, the fwk process unexpectedly exits on cluster member.
PRJ-11402,
PRHF-9845
SecureXL NEW: Performance improvement for DOS/Rate Limiting rules under a high connection rate.
PRJ-12548,
PRHF-10647
SecureXL NEW: Added tunable kernel parameter "adp_mc_rt_hold_queue_len" to adpkern.conf to eliminate multicast packet drops at the start of a connection (when large bursts of multicast traffic are expected).
PRJ-12019,
PRHF-10097
SecureXL In some scenarios, ACK, FIN, and RST TCP packets may be dropped, causing outages. 
PRJ-11551 SecureXL MCAST packets may be handled incorrectly when promiscuous (tcpdump) mode is enabled for the interface.
PRJ-12175,
PRHF-10228
SecureXL In some scenarios, TCP traffic containing the TCP Fast Open option may be dropped by the Security Gateway.
PRJ-11684,
PRJ-11365
Routing NEW: Performance improvement for multicast packets in SecureXL (fast path) when there are no multicast listeners.
PRJ-12222,
ROUT-856
Routing In some scenarios, routed process unexpectedly exits when adding an interface to OSPFv3 with a prefix length above 63 and having two or more areas.
PRJ-10734,
PMTR-51475
VSX NEW: Adding bridge interfaces to a regular VS in VSX is allowed via vsx_provisioning_tool by using the below command:
attach bridge vd <vs_name> ifs1 <first_interface_name> ifs2 <second_interface_name>
PRJ-12622,
VSX-2219
VSX In a rare scenario, creating new VSX and pushing configuration may cause the cluster members to crash.
PRJ-13060,
PRHF-10978
VSX When performing a provisioning operation in VSX, process may hang on "Pushing configuration to ...".  Refer to sk167175.
PRJ-12813,
GAIA-7625
Gaia OS The activate_sw_raid utility may fail due to incorrect disk names. 
PRJ-11755,
PMTR-52432
Gaia OS The snmptrap command fails and shows an error related to EngineID.
PRJ-11854,
PMTR-48873
Gaia OS On 15600 appliances, the "service ipmi start" command may fail to start the IPMI Service.
PRJ-10309,
GAIA-6136
Gaia OS Incorrect status may be displayed in Clish for pulled PSU.
PRJ-10273,
PMTR-50151
VPN NEW: 3DES is disabled by default for HTTPS Inspection, Mobile Access Portal, Identity Awareness Portal, ICA Portal, SmartManagement Portal, SecurePlatform WebUI, and Mobile Access curl.
Note: Disabling 3DES will fail 3rd party OPSEC SDK 6.0 clients connectivity. To enable it, refer to sk113114.
PRJ-12102,
VPN-72
VPN NEW: Added Large-scale support for Visitor Mode. Refer to sk168297.
PRJ-12179,
VPNRA-364
VPN Connectivity improvements for Remote Access VPN using Traditional mode.
PRJ-11644,
VPNRA-353
VPN Added Stability improvement for Remote Access VPN.
PRJ-11711,
PRHF-10028
Endpoint Security In SmartEndpoint, Anti-Malware's "Top Infections" report has an empty infection name. Refer to sk166232
PRJ-11825,
PRHF-6365
Endpoint Security Users/devices may not change their locations in the tree according to Active Directory changes when certain special characters appear in the names.
PRJ-11841,
PRHF-9304
Endpoint Security Cannot delete the client MSI package from SmartEndpoint because of previously deleted FDE offline group.
PRJ-11833,
PRHF-8234
Endpoint Security The Endpoint directory scanner may fail to reconnect to the AD if the connection was lost during the scan. 
PRJ-11820,
PRHF-9157
Endpoint Security The default paths for offline folders in SmartEndpoint -> Offline group creation wizard may be incorrect. 
PRJ-11837,
PRHF-10015
Endpoint Security An error in FDE pre-boot users calculation may cause Endpoint to be left in a disconnected state. Refer to sk142313.
PRJ-11145,
PRHF-9706
Endpoint Security Local users may not be displayed under the selected machine in the "Users and Computers tab" in SmartEndpoint. Refer to sk166316.
PRJ-11816,
PRHF-9151
Endpoint Security When a user name is updated in SmartEndpoint, the change may result in an unexpected expiration date. Refer to sk165872.
PRJ-11245,
PRHF-9628
VoIP SIP calls with NAT (SIP packet with no SDP but content-type=sdp) may fail to open correctly.
PRJ-9105,
PRHF-7758
VoIP In a rare scenario, Security gateway crashes when passing SIP traffic. Refer to sk166474.
R80.40 Jumbo HotFix - General Availability Take 48 (published on 21 May 2020, GA from 25 May 2020)
PRJ-12414,
PMTR-52051
Security Gateway In a rare scenario, Security gateway may crash while processing the SMTP traffic due to a memory corruption.
PRJ-12499,
PMTR-52267
SecureXL SCTP Stateful inspection and payload NAT (INIT Chunks) may not work correctly in some scenarios.
PRJ-12738 VPN Some Remote Access clients that do not support Multi-Factor Authentication (MFA) are able to connect to a Security Gateway even though the "Allow older clients" option is disabled. Refer to sk166912.
PRJ-12629,
PRHF-7485
VPN Improved the VPN connectivity with DAIP peers when Tunnel Monitoring is enabled. Refer to sk164933.
PRJ-11369,
PRHF-9804
Gaia OS SNMP Trap may not be sent even though a failover occurred. Refer to sk166100.
PRJ-11829,
PRHF-7087
Endpoint Security SmartEndpoint may export a report to Excel in which incorrect distinguished names appear for deleted users/computers. Refer to sk163943.
R80.40 Jumbo HotFix - Ongoing Take 45 (10 May 2020)
PRJ-8281,
PMTR-36367
Security Management FWM and\or INDEXER processes may repeatedly stop when there are more than ~500K network objects declared. Refer to sk164452.
PRJ-11956,
PMTR-52583
Security Gateway In a rare scenario, Security Gateway may crash due to NULL pointer reference
PRJ-9707,
PRHF-7716
Logging The FWD process may unexpectedly exit if one of the following changes were made using GuiDBEdit:
  1. Change to log forwarding timing
  2. Change to log switch timing
PRJ-11007,
PRHF-9292
Logging In some scenarios, changes made to Network Objects on the Security Management Server are not reflected in the logs view. Refer to sk166493.
PRJ-10885,
PMTR-51539
Anti-Malware In some scenarios, Microsoft update and other download connections may fail when Strict Hold mode is enabled.
PRJ-11237,
PMTR-42727
VPN Connectivity improvement for VPN over NAT traversal (UDP 4500). Refer to sk155953.
PRJ-11012,
PMTR-46009
Gaia OS NEW: Added support for Jumbo Hotfix installation on Check Point 3800, 6400, 6700, 7000, 16200, 16600HS, 28000 and 28600HS appliances. Refer to sk110052, sk139932 and sk152733.
  • Requires R80.40 SmartConsole Build 396 (or higher).
R80.40 Jumbo HotFix - Ongoing Take 38 (26 April 2020)
PRJ-10631,
PRJ-10629
Installation Firmware upgrade for Small Office appliance using SmartProvisioning in Multi-Domain Management environment may fail.
PRJ-8645,
CPM-2623
Security Management NEW: Performance enhancements while the Management Server is under high load.
PRJ-11118,
PMTR-51778,
PRJ-10995,
PMTR-51743
Security Management NEW: Added ICA Management security enhancements.
PRJ-10473,
PMTR-49832
Security Management In a rare scenario, export from the previous version does not complete because the Postgres dump_all process gets stuck.
PRJ-11722,
PRHF-10059
Security Management Scheduled IPS update operation on the Security Management server may not be triggered after server reboot/restart. Refer to sk166216.
PRJ-10221,
PRHF-7865
Security Management When the user runs the 'add-domain' Web API command on an existing Domain, the original Domain is deleted. 
PRJ-10089,
PMTR-50276
Security Management The cpm_solr process may unexpectedly exit and cause one of the following:
  • The upgrade of a Management machine may stuck on 58%
  • The Management HA synchronization may fail with "NGM failed to import data" error
  • Users may not be able to log in.
PRJ-10515,
PMTR-36302
Security Management In some scenarios, Check Point services fail to start and the CPM log shows that there are duplicate session aggregators.
PRJ-9323,
PRHF-8494
Security Management In some scenarios, a disconnected SmartView Monitor session appears in SmartConsole with a grayed out 'Disconnect' option, which cannot be discarded. Refer to sk165037
PRJ-9300,
PRHF-8336
Security Management In a rare scenario, the "SmartDashboard component failed to connect to server <IP address>. Please contact technical support" error is displayed in SmartConsole when opening the Management object for editing.
PRJ-11167,
PMTR-51180
Multi-Domain Management In a rare scenario, synchronization between Multi-Domain Management Servers breaks after revisions purge operation. 
PRJ-9699,
PRHF-8593
Multi-Domain Management MLM may open a connection to the reversed IP address of the Multi-Domain Server.
PRJ-10527,
PRHF-8686
Multi-Domain Management Upgrade of Multi-Domain Server may fail if Sync With User Center is running.
PRJ-9241,
PRHF-8077
Multi-Domain Management In some scenarios, secondary MDS or MLM fail to renew a management certificate. Refer to sk164732.
PRJ-11177,
PMTR-51890
Multi-Domain Management In some scenarios, Full synchronization fails in the Global Domain with "Full sync with peer '[Peer Name]' NGM failed to import data" error. Refer to sk145972.
PRJ-11517,
PRHF-9981
Multi-Domain Management In rare scenarios, upgrading the Multi-Domain Server fails to upgrade some Domain Servers with "IllegalArgumentException" in the upgrade log. 
PRJ-10366,
PMTR-51017
Multi-Domain Management After performing Full synchronization or failover of the Global Domain, the following operations may fail (refer to sk145972):
  • Global Domain reassignment
  • IPS or Application Control updates in the Global Domain.
PRJ-9262,
PMTR-49143
Multi-Domain Management Upgrade of Multi-Domain Server may fail when the source version is R80.10 and there is no license configured on the target machine.
PRJ-10531,
PRHF-8581
Multi-Domain Management The mds_import.sh script may fail if the IPS version for a Domain/CMA does not exist on the R80.x Multi-Domain Management Server.
PRJ-10510,
PMTR-50620
Multi-Domain Management In some scenarios, if a Domain is deleted while the user performs a multi-site upgrade from R77.x (before all machines complete the upgrade), some Domains may not be assigned to Admins and Trusted Clients, as before the upgrade. Updating those Admins and Trusted Clients may also fail.
PRJ-10747,
PMTR-50936
Multi-Domain Management In some scenarios, policy installation from the Domain Management Server fails after an mds_backup procedure that was interrupted. Refer to sk165559.
PRJ-11284 Multi-Domain Management Access policy installation may get stuck in a specific scenario in MDS environments. Refer to sk166106.
PRJ-10504,
PMTR-50891
Multi-Domain Management The import-smart-task Management API may fail in the second Domain on the Multi-Domain machine when it is executed with same exported file.
PRJ-9290,
PMTR-49566
SmartConsole NEW Enhancement: Two new flags were added for the performance improvement of Threat Protection API commands: 'show-profiles' and 'show-ips-additional-properties'. The default value for both flags is false.
PRJ-10374,
PRHF-8973
SmartView In some scenarios, after user imports view/report in SmartView, the imported view/report is not shown in the Catalog.
PRJ-10707,
PMTR-45783
SmartProvisioning In some scenarios, after creating a Small Office gateway using LSMCli, some fields in the gateway object on the SmartProvisioning are not populated.
PRJ-9644,
PRHF-4623
Security Gateway NEW: Added support for the bridge configuration when packet is passing via the Security gateway twice.
PRJ-10795,
PMTR-51301
Security Gateway In some scenarios, when a Custom Intelligence Feed is enabled, the Security Gateway may crash.
PRJ-10173 Security Gateway After installing R80.40 Jumbo Hotfix, Dynamic Split is disabled.
PRJ-10207,
PRHF-9508
Security Gateway ICAP Client may not work properly when Threat Extraction blade is enabled.
  • To enable the fix, set the enable_icap_with_strict_hold parameter to 1. 
PRJ-11538 Security Gateway In a rare scenario, Security gateway may crash with vmcore.
PRJ-11531,
MUX-319
Security Gateway In a rare scenario, Security gateway may crash while connection is closed while being held.
PRJ-10887,
PMTR-51247
Security Gateway In a rare scenario, a memory leak may appear in Anti-Virus inspection on SMB protocol.
PRJ-9690,
PMTR-46451
Security Gateway Traffic may be dropped on DAIP gateway after the gateway IP address is changed or the gateway is rebooted. Refer to sk165176.
PRJ-8657 Security Gateway In a rare scenario, creating a Virtual Switch can lead to crash.
PRJ-9835,
PMTR-48719
Security Gateway When ISP Redundancy is configured on a cluster, the backup ISP link status may show as down even though the link is up.
PRJ-10283,
PMTR-50683
Anti-Malware NEW: Added support to allow Threat Extraction to scan a file download in additional scenarios.
PRJ-10758,
IDA-2866
Identity Awareness In some scenarios, multiple "idapi_load_data_impl: session id <Session ID> not found in client_db, although ip <Session IP> was assigned to it" errors appear in /var/log/messages file. Refer to sk167174.
PRJ-10387,
IDA-2719
Identity Awareness In a rare scenario, identity session groups and access roles may disappear following a policy installation. 
PRJ-10085,
PMTR-50594
Content Awareness Added ability not to drop the connections if the files are downloaded with HTTP 206 out of range.
PRJ-10856,
PRHF-1898
Application Control NEW: Gateway status will reflect Application Control and URL Filtering updates.
PRJ-9935,
PMTR-49938
HTTPS Inspection In some scenarios, when the minimum version of HTTPS Inspection is set to TLS 1.1, some websites may unexpectedly exit. Refer to sk165555
PRJ-10738,
PRHF-9265
SSL Inspection In a rare scenario, a memory leak may appear when SSL inspection is enabled.
PRJ-10940,
PMTR-51681
IPS In a rare scenario, the fw_full process may unexpectedly exit. 
PRJ-10970,
SWG-2484
DLP NEW: Reading and sending files from the registry by DLP was optimized.
PRJ-9694,
PRHF-8503
DLP In some scenarios, DLP prints wrong error message in the log.
PRJ-9329,
PRHF-8152
DLP Improved the scanning time of files for some scenarios in SMTP and HTTP/S.
PRJ-9436 DLP In a rare scenario, the dlpu process, a component in Anti-Virus and Threat Emulation, may unexpectedly exit. 
PRJ-9775,
PRHF-8847
DLP In some scenarios for SMTP, when an internal user sends an email, the DLP logs may show the topology as "external to external" instead of "internal to internal".
PRJ-11023,
PRHF-3767
ClusterXL Active VRRP cluster member may not show full accounting information in logs. Refer to sk159432.
PRJ-10235,
PMTR-51942
SecureXL Policy installation may fail with "Error code 0-2000240" when Drop templates option is enabled. Refer to sk165716.
PRJ-10000,
PRHF-5120
SecureXL UPDATE: Improved TCP state inspection for "Smart Connection Reuse" feature.
PRJ-9828,
PMTR-50294
SecureXL In some scenarios, SYN Defender cookie validation may fail.
PRJ-8977 SecureXL When PIM-SM multicast routing transitions from RPT to SPT, packets may be dropped or become out-of-order.
PRJ-8774,
PMTR-48255
SecureXL In some scenarios, held packets are incorrectly reported to the penalty box.
PRJ-8916,
PRJ-8890
SecureXL In some scenarios, multicast packets arrive to the Security gateway in order, but leave out-of-order.
PRJ-9972,
SL-3551
Logging In a Multi-Domain environment, one or more CMA's SMARTLOG_SERVER processes may fail to start after upgrade. Refer to sk165262.
PRJ-11364,
PMTR-51655
Logging In a rare scenario, the CPD process on a Security Management Server that manages R77.30 Security Gateway may unexpectedly exit.
PRJ-11846,
SL-3728
Logging Log exporter process may unexpectedly exit after enabling export of log attachment IDs.
PRJ-9957,
PRHF-897
VoIP In some scenarios, UA traffic is dropped when packet contains more than 9 UA's. Refer to sk135114.
PRJ-11036,
PMTR-36437
VPN In some scenarios, VPN traffic distribution change may cause high CPU consumption on one CPU core. Refer to sk165853.
PRJ-9587,
PRHF-7681
VPN In a rare scenario, vpnd process unexpectedly exits due to Segmentation fault. 
PRJ-10558,
VPNS2S-938
VPN Improved the VPN Site-to-Site tunnel establishment scenario with IKEv2.
PRJ-8726 VPN In some scenarios, vpnd cores may be generated sporadically during boot time/cluster failovers on the Cluster Standby Member. 
PRJ-10391,
PRHF-1053
VPN In a rare scenario, vpnd process unexpectedly exits due to issue in IKEv2 flow.
PRJ-9586
PRHF-7485
VPN Improved the VPN Connectivity with DAIP peers. Refer to sk164933
PRJ-9911,
PMTR-43850
VPN Improved stability of VPN traffic on VSX Gateway.
PRJ-11017,
PMTR-51126
Gaia OS In a rare scenario, Security gateway may crash when SSH Deep Packet Inspection (SSH DPI) is enabled.
PRJ-10075,
PRJ-10452
Gaia OS The "show asset all" command displays the total number of cores  instead of the online number of cores, even if the Hyper-Threading is disabled.
PRJ-11536,
PRHF-9858
Gaia OS In some scenarios the snmpd process floods /var/log/messages with errors regarding parsing voltage sensor value. 
PRJ-9131,
PMTR-49209
Endpoint Security Endpoint Standalone Remote Help Server may not start syncing automatically on the first connect.
PRJ-10120,
PRJ-9633
Compliance In some scenarios, database import on single Domain machines where the Compliance blade is activated fails, and as a result, the FWM process unexpectedly exits after the import.
PRJ-10868,
VSECC-1119
CloudGuard IaaS In a rare scenario, the OpenStack Data Center becomes unresponsive, resulting in a loss of updates to the Security Gateway.
PRJ-10914,
VSECC-1222
CloudGuard IaaS When an Azure subnet is missing its prefix attribute, the Microsoft Azure Data Center may fail to poll data, resulting in a loss of updates to the Security gateway.
PRJ-11026,
VSECC-1231
CloudGuard IaaS When an Azure Virtual Network Interface is missing its properties' primary attribute, the Microsoft Azure Data Center may fail to poll data, resulting in a loss of updates to the Security gateway.
PRJ-10903,
PMTR-22709
VSX In VSX cluster with VMAC mode, traffic may not pass through VSX Cluster members. Refer to sk138894.
R80.40 Jumbo HotFix - Ongoing Take 25 (16 March 2020)
- General NEW: Added support for Security Gateway running on Open Servers.
PRJ-9090,
PRHF-8266
Security Management In a rare scenario, when an environment has many Gateways (dozens), the FWM daemon may unexpectedly exit when 4 GB of memory is reached. Refer to sk165015.
PRJ-8409,
PMTR-46703
Security Management In some scenarios, when the user modifies a policy rule and creates a section above it in the same session, the log tracker shows that the rule was created instead of modified.
PRJ-8406,
PRHF-7874
Security Management In some scenarios, the exported database may be very large and include redundant data.
PRJ-9312,
PRHF-7728
Security Management The "Unused Objects" filter in Object Explorer may display a failure message if there are more than 20000 unused objects.
  • A limit was added so that only the first 5000 objects will be displayed.
PRJ-9215,
PRHF-8370
Security Management Logging into SmartConsole to the Standby Management Server with a Radius or TACACS user may fail after changing the shared secret on the Radius or TACACS object. 
PRJ-9266,
PMTR-49516
Security Management Policy verification may fail after the user does the following steps: Configures specific install targets for a policy, publishes them, changes the install targets back to "All Gateways", and tries to install them on a Gateway which is not in the original list of targets.
PRJ-9398,
PMTR-44668
Security Management In a rare scenario, the FWM process will utilize 100% CPU, and connections to SmartConsole may fail.
PRJ-8794,
VPNRA-316
Security Management Improved the Access Control Policy installation time for environments with high amount of objects and enabled IPSEC VPN blade. Refer to sk166321.
PRJ-6936 SmartConsole NEW: Added R80.30SP to the list of versions for supported hardware.
PRJ-9080,
API-864
SmartConsole In some scenarios, the Management Server may unexpectedly exit following authenticated API commands to create or update objects with extremely long comments.
PRJ-9466,
PMTR-49817
SmartConsole In some scenarios, when the user attempts to delete a Gateway / Cluster member, an error message may appear and the operation may not complete successfully.
PRJ-8753 SmartConsole In some scenarios, on a Global domain, when the user sets a logging option of an IPS protection whose activation is Detect or Prevent, the activation of the protection is set to "Inactive" on the local domain after an Assign Global Policy operation. 
PRJ-9544 SmartConsole When the user invokes the 'show-access-layer' API command, the parent layer may be missing from the output result.
PRJ-9977,
PRJ-9968
Security Gateway In a rare scenario, a non-HTTP traffic on port TCP/80 is dropped.
PRJ-9052,
PRHF-8288
Security Gateway Global connections may not be freed correctly when the Gateway acts as a Proxy.
PRJ-8275 Security Gateway In some scenarios, a Security policy installation fails during high CPU utilization.
PRJ-10345,
PMTR-49504
Security Gateway In a rare scenario, after upgrading a Security Gateway to R80.40, the log_indexer process running on the Log server may consume 100% CPU and cause the indexing backlog.
PRJ-9446,
PRJ-9416
Security Gateway Added logs for packets that include invalid TCP options. This feature is off by default.
PRJ-9898,
PMTR-50302
Security Gateway In a rare scenario, the Citrix server communication may fail.
PRJ-10480,
PRHF-9188
Security Gateway In some scenarios, Accounting log shows a wrong total packets value.
PRJ-8884,
PRHF-7048
Security Gateway In a rare scenario, Security gateway may crash when activating a web parsing debug.
PRJ-9900,
PMTR-50431
Security Gateway In a rare scenario, when the web server is defined, policy installation fails with "Error code 0-20000111".
PRJ-8861,
PRJ-8880
IPS In a rare scenario, Security gateway may crash due to NULL pointer reference.
PRJ-9450,
PRHF-8530
IPS,
VSX
In some scenarios, SmartConsole shows "No license" and "Contract is expired" for IPS blade in VSX. Refer to sk164917.
PRJ-9395,
PMTR-49565
Identity Awareness Performance improvement in the automatic LDAP group update feature.
PRJ-7201,
PMTR-23406
SSL Inspection NEW: Added support for proxy configuration when downloading CRL from a VSX device. Refer to sk151115
PRJ-8498,
PRHF-7875
Logging Added "Resource", "Application Risk", "Application Name" and "Application Category" fields to the exported CSV file. 
PRJ-8548 Logging NEW: Log Exporter feature exports log attachment identifiers and adds the ability to fetch them through the Management API command.
PRJ-8683,
PRHF-7856
Logging In some scenarios, Threat Emulation Logs cannot be viewed in the logging or reporting views because of a certain format of the "file size" field sent from the Security gateway. Refer to sk166997.
PRJ-9075,
PRHF-8337
Routing In some scenarios, a corrupted BGP AS4_PATH attribute value may result in an invalid, long BGP update that is rejected by the BGP peer.
PRJ-9129,
PMTR-46873
SecureXL NEW: Added acceleration support for Ethernet Over IP Tunneling (EOIP). EOIP is RFC 3378 protocol # 97 used between Wireless AP and Wireless Cisco controller. 
PRJ-10197,
PMTR-50836
Gaia OS CVE-2020-8597: pppd is vulnerable to buffer overflow. Refer to sk165875.
PRJ-8583,
PMTR-48127
Gaia OS Multi-Queue configuration cannot be assigned to interfaces that use the "mlx5_core" driver (to check, run the "ethtool -i <name of interface>" command).
PRJ-9357,
PRJ-9318
Gaia OS On 3600 and 3600T appliances, alarm led turns on if one of the PSU is disconnected. Refer to sk166000.
PRJ-8142 CloudGuard IaaS NEW: Added support for Data Center objects with ClusterXL configured in Active/Active mode.
PRJ-8570,
PMTR-49970
CloudGuard IaaS The Management API add-data-center-server for vCenter Data Center uses the "unsafe-auto-accept" parameter with default value set to false. In some scenarios, this setting causes the opposite behavior.

 

Installation Instructions

Procedure:

  • Show / Hide instructions for installation in Gaia Portal - using CPUSE (Check Point Update Service Engine)

    • Offline installation

      Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").

      1. Install the latest build of CPUSE Agent from sk92449.
      2. Connect to the Gaia Portal on your Check Point machine and navigate to Upgrades (CPUSE) section - click on Status and Actions.
      3. In the upper right corner, click on the Import Package button.
      4. In the Import Package window, click on Browse... - select the CPUSE package (either offline TGZ file, or exported TAR file) - click on Import.
      5. Above the list of all software packages, click on the Showing Recommended packages button - select All.
      6. Select the imported package Check Point R80.40 Jumbo hotfix T<number> for sk165456 - click on More button on the toolbar - click on Verifier (or right-click on the package and click on Verifier).
      7. Select this package and click on Install Update button on the toolbar.


  • Show / Hide instructions for installation in Gaia Clish - using CPUSE (Check Point Update Service Engine)

    For detailed installation instructions, refer to CPUSE - Gaia Software Updates (including Gaia Software Updates Agent) - section "(4) How to work with CPUSE".

    • Offline installation

      Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").

      1. Install the latest build of CPUSE Agent from sk92449.
      2. Connect to command line on target Gaia OS.
      3. Log in to Clish.
      4. Acquire the lock over Gaia configuration database:
        HostName:0> lock database override
      5. Import the package from the hard disk:
        HostName:0> installer import local <Full_Path>/<Package_File_Name>.TGZ_or_TAR
      6. Show the imported packages:
        Note: Refer to the top section "Hotfixes" - refer to "Check Point R80.40 Jumbo hotfix T<number> for sk165456"
        HostName:0> show installer packages imported
      7. Verify that this R80 Jumbo Hotfix Accumulator package can be installed without conflicts:
        HostName:0> installer verify <Package_Number>
      8. Install the imported package:
        HostName:0> installer install <Package_Number>

 

Uninstall Instructions

Important Note: This Jumbo Hotfix Accumulator removes all its packages during uninstall.

    Procedure:

     

      

    Revision History

    Show / Hide revision history

    Date Description
    30 Nov 2021 Released Take 138 of R80.40 Jumbo Hotfix Accumulator
    01 Nov 2021 Released Take 131 of R80.40 Jumbo Hotfix Accumulator
    21 Oct 2021 Updated the Important Notes section
    13 Oct 2021
    • Released Take 126 of R80.40 Jumbo Hotfix Accumulator
    • SmartConsole package has been updated to Build 425
    04 Oct 2021 Take 125 of R80.40 Jumbo Hotfix Accumulator moved to General Availability
    23 Sep 2021 Released Take 125 of R80.40 Jumbo Hotfix Accumulator
    31 Aug 2021 Updated the Important Notes section
    16 Aug 2021 Added PRJ-26577 to Take 119
    04 Aug 2021 Released General Availability Take 120 of R80.40 Jumbo Hotfix Accumulator
    28 Jul 2021 Published List of upcoming resolved issues
    26 Jul 2021 Added PRJ-21316 to Take 114
    25 Jul 2021 Added link to General Availability Jumbo Takes Download Archive
    04 Jul 2021
    • Released Take 119 of R80.40 Jumbo Hotfix Accumulator
    • SmartConsole package has been updated to Build 424
    21 Jun 2021 Added PRJ-16100 to Take 87
    25 May 2021 Take 118 of R80.40 Jumbo Hotfix Accumulator moved to General Availability
    10 May 2021
    • Released Take 118 of R80.40 Jumbo Hotfix Accumulator
    • Published List of upcoming resolved issues
    09 May 2021 Updated the Important Notes section
    04 May 2021 Updated the Important Notes section
    02 May 2021 Added PRJ-20960 to Take 114
    25 Apr 2021
    • Released Take 114 of R80.40 Jumbo Hotfix Accumulator
    • SmartConsole package has been updated to Build 423
    21 Apr 2021 Take 102 of R80.40 Jumbo Hotfix Accumulator moved to General Availability
    18 Apr 2021 Updated the Important Notes section
    14 Apr 2021 Released Take 101 of R80.40 Jumbo Hotfix Accumulator
    08 Apr 2021 Added PRJ-15447 to Take 100
    05 Apr 2021 Published List of upcoming resolved issues
    17 Mar 2021
    • Released Take 100 of R80.40 Jumbo Hotfix Accumulator
    • SmartConsole package has been updated to Build 422
    14 Mar 2021
    • Take 94 of R80.40 Jumbo Hotfix Accumulator moved to General Availability
    • Released Blink image for primary Multi-Domain Management
    24 Feb 2021 Published List of upcoming resolved issues
    21 Feb 2021 Released Take 93 of R80.40 Jumbo Hotfix Accumulator
    16 Feb 2021 Take 92 has been removed
    31 Jan 2021
    • Released Take 92 of R80.40 Jumbo Hotfix Accumulator
    • SmartConsole package has been updated to Build 416
    26 Jan 2021 Take 91 of R80.40 Jumbo Hotfix Accumulator moved to General Availability
    04 Jan 2021 Published List of upcoming resolved issues
    16 Dec 2020
    • Released Take 91 of R80.40 Jumbo Hotfix Accumulator
    • SmartConsole package has been updated to Build 415
    09 Dec 2020 Take 89 of R80.40 Jumbo Hotfix Accumulator moved to General Availability
    01 Dec 2020 Released Take 89 of R80.40 Jumbo Hotfix Accumulator
    29 Nov 2020 Published List of upcoming resolved issues
    22 Nov 2020 Take 87 of R80.40 Jumbo Hotfix Accumulator moved to General Availability
    11 Nov 2020 SmartConsole package has been updated to Build 414
    05 Nov 2020
    • Released Take 87 of R80.40 Jumbo Hotfix Accumulator
    • SmartConsole package has been updated to Build 412
    25 Oct 2020 Take 83 of R80.40 Jumbo Hotfix Accumulator moved to General Availability
    21 Oct 2020 Added PRJ-16314 to Take 77
    20 Oct 2020 Added PRJ-8142 to Take 25
    14 Oct 2020 Published List of upcoming resolved issues
    04 Oct 2020
    • Released Take 83 of R80.40 Jumbo Hotfix Accumulator
    • SmartConsole package has been updated to Build 411
    09 Sep 2020 Take 78 of R80.40 Jumbo Hotfix Accumulator moved to General Availability
    26 Aug 2020
    • Released Take 78 of R80.40 Jumbo Hotfix Accumulator
    • SmartConsole package has been updated to Build 410
    25 Aug 2020 Take 77 of R80.40 Jumbo Hotfix Accumulator moved to General Availability
    18 Aug 2020 Released Take 77 of R80.40 Jumbo Hotfix Accumulator
    05 Aug 2020 Released Take 74 of R80.40 Jumbo Hotfix Accumulator
    03 Aug 2020 Updated the Important Notes section
    27 Jul 2020
    • Released Take 69 of R80.40 Jumbo Hotfix Accumulator
    • Take 67 of R80.40 Jumbo Hotfix Accumulator moved to General Availability
    • SmartConsole package has been updated to Build 407
    19 Jul 2020 Released Take 65 of R80.40 Jumbo Hotfix Accumulator
    02 Jul 2020 Published List of upcoming resolved issues
    30 Jun 2020 Released Take 55 of R80.40 Jumbo Hotfix Accumulator
    24 Jun 2020 Released Take 54 of R80.40 Jumbo Hotfix Accumulator
    15 Jun 2020
    • Released Take 53 of R80.40 Jumbo Hotfix Accumulator
    • SmartConsole package has been updated to Build 398
    26 May 2020 Published List of upcoming resolved issues
    25 May 2020 Take 48 of R80.40 Jumbo Hotfix Accumulator moved to General Availability
    21 May 2020 Released Take 48 of R80.40 Jumbo Hotfix Accumulator
    10 May 2020
    • Released Take 45 of R80.40 Jumbo Hotfix Accumulator
    • SmartConsole package has been updated to Build 396
    26 Apr 2020
    • Released Take 38 of R80.40 Jumbo Hotfix Accumulator
    • SmartConsole package has been updated to Build 40
    16 Mar 2020 First release of R80.40 Jumbo Hotfix Accumulator - Take 25

    Give us Feedback
    Please rate this document
    [1=Worst,5=Best]
    Comment