UPDATE: CPView Network -> Top-Protocols and Network -> Top-Connections tabs were added back. Refer to sk167903.
PMTR-57190
UPDATE: Improved Multi-Queue distribution of IPsec SPI traffic. Notes:
This enhancement is supported on the Check Point "CPAC-4-10F-C" expansion line card.
This enhancement is supported only on network interface cards that are based on the Intel controllers X710, XXV710 and XL710 (which use the i40e driver). Applies to Check Point Appliances and Open Servers.
This feature is not supported on network interface cards that are based on the Intel X722 controller (which also uses the i40e driver).
For the non-supported interfaces, the message "Failed to fetch loaded profiles" can appear in the dmesg. You can safely ignore this message. Applies to Open Servers only.
PRJ-8583, PMTR-48127
Multi-Queue configuration cannot be assigned to interfaces that use the "mlx5_core" driver (to check, run the "ethtool -i <name of interface>" command).
PMTR-42485
Multicast PIM traffic register packets are sent with checksum 0xd63f that non-compliant with RFC (should be 0xdeff).
PMTR-46762, PMTR-46961
The "show neighbors dynamic-table" Gaia Clish command does not show any output.
PMTR-47330
Hardware Diagnostic Tool test fails on "Self-test" for 1GbE expansion cards when an SFP transceiver for RJ45 (Copper) is connected to the appliance. Refer to sk112857.
PMTR-50501, PMTR-51666, VSECNSX-1511
Output of the "ethtool --show-channels <name of interface>" command does not show the actual number of queues on an interface.
SMCUPG-1254
When connected to Gaia Portal with Internet Explorer and during an upgrade with CPUSE click the "Upgrade Report" link, the report window opens blank and does not show any information.
Security Management
PMTR-47444
Applications like Provider.exe and Fwpolicy.exe (SmartDashboard) cannot be used to connect directly to the Security Management server or the Multi-Domain Security Management server.
PMTR-16114
An administrator fails to log in with SmartConsole after another user was configured in SmartConsole with a name identical to that administrator's name and the session was published. Refer to sk133273.
Multi-Domain Management
PMTR-31302
You can run the mds_import command on the Multi-Domain Server only after a Clean Install. If the mds_import command fails, you must reinstall the Multi-Domain Server.
PMTR-47188
There is no cross-Domain search for network objects.
PMTR-41626
Creating secondary Domain Management overrides files in $FWDIR/lib/ directory оn the primary Domain Management. Refer to sk122538.
PMTR-47186
A Security Management server cannot be installed as a secondary Management for a Domain server.
PMTR-47552
An administrator with Manage Session permissions on a Multi-Domain Management Server but not on a specific Domain, can manage the session from Sessions view in the MDS level. Session publish may fail.
PMTR-47582
For Multi-Domain Log Servers, Remote Log Servers that are not defined as Domain Log Servers are not supported.
PMTR-45085
The "p1shell" command is obsolete and was removed from the "mdsconfig" menu.
SmartConsole / Management Console
PMTR-49506
UPDATE: LSMcli "Convert ROBO" and "Convert Gateway" commands are now supported.
PMTR-56212
UPDATE: Geo Policy is now supported through Updatable Objects in the Access Control Policy as described in sk126172. R81 Security Gateways and Clusters no longer support Geo Policy configured in SmartConsole > Security Policies > Shared Polices > Geo Policy.
PMTR-47652, PMTR-47095
The Device and License Status of Threat Emulation may be incorrect when there is a trial license on the Security Gateway.
PMTR-47197
The Tasks tab -> Script Results supports up to 10,000 characters only.
PMTR-47195
Before you can publish a session, you must connect to it and set the session name and description.
PMTR-47202
A customized role that has no write permissions, does not appear as read-only in the session view, although it is actually read-only.
PMTR-47556
Disconnecting the SmartConsole session while creating or configuring VSX objects, can cause the management database inconsistency and Administrator will be unable to do any changes with VS. "Internal Error: Cannot get object XXX from table vs_slot_object" message pops-up.
PMTR-47664
Cannot log into SmartConsole after changing the time in the Gaia Portal.
PMTR-47656
When session details enforcement is configured, publishing a remote session is not blocked even if session details are not provided.
PMTR-49269
After opening a number of logs in the Logs and Monitor view, then using the Revert to Revision feature in Manage & Settings, the revert to revision window may show this message: "HTTP ERROR 404".
PMTR-38550, PMTR-32568
In some scenarios, the "<Object_Name> is no longer supported. Enforcing security for this object is not possible." validation warning appears regarding an updatable object. However, the object is still available in the updatable objects picker.
PMTR-10186, PMTR-567
In some scenarios (depending on Windows activity), SmartConsole is not disconnected after time specified in SmartConsole -> Manage & Settings -> Permissions & Administrators -> Administrators -> Idle Timeout.
SmartEvent
PMTR-47079
Importing a large SmartEvent database can take a long time to complete.
PMTR-47711
Correlated "Web Browsing" events are not shown by default.
PMTR-47476
In R80.x, you can only define SmartEvent at the global level and then configure it to read logs from one Domain or a number of domains. SmartEvent cannot be defined in a specified domain.
PMTR-47719
For SmartEvent connected to R77.x Security Management Server or Multi-Domain Management Server: If an object is not listed in the Log Servers table in the Correlation Unit settings, change the object from the SmartConsole (for example, its color). This will cause the re-synchronization of the object.
PMTR-47713
SmartEvent cannot be enabled on a 5400 Security Appliance.
Logging / SmartLog
PMTR-47585
In a Multi-Domain Management environment, you cannot have a dedicated Log server for a specific Domain Management.
PMTR-37258
In a rare scenario on Multi-Domain Server/Multi-Domain Log Server, several Domain Indexer processes may fail with core dump, printing "Failed to start web server (Probably another server listens on the same port)" message into $INDEXERDIR/log/log_indexer.elg file.
PMTR-47210
In some scenarios, Correlation units cannot be added to a remote Log server.
Compliance
PMTR-47763
When there is more than one policy, and a rule changes, Application Control and URL Filtering Best Practices will show incorrect scores until a full scan is run.
Security Gateway
PMTR-48661
When changing the Gaia Management interface, on which Multi-Queue is configured, to a different interface, the Multi-Queue state on the original interface will remain 'off', even when using a global Multi-Queue mode 'auto'. Refer to sk167200.
Threat Prevention
PMTR-55603
Enhancement: Starting from R81, the "exe" file type is selected by default in Threat Prevention profiles.
PMTR-44366
UPDATE: Added these fields to the "Policy" section of Threat Extraction logs:
Threat Prevention Rule id
Threat Prevention Policy
Policy Date
Policy Name
Policy Management
Threat Prevention Rule Name
Threat Profile
PMTR-41415, PMTR-45931
In a ClusteXL Load Sharing mode:
Due to the nature of transferring files over multiple connections, the following protocol features might not be inspected properly:
HTTP 206 Partial Content
SMBv3 Multi-Channel
FTP REST command used over multiple connections
Protection based on threshold count (between connections) might not work properly:
Static protections (DNS tunnel, Sweep Scan protection, VoIP SIP, MGCP protection may not work over NAT)
Protections that contain cross-connection logic
VSX
PMTR-47781, GNG-1373
UPDATE: VTI interfaces are now supported in VSX mode.
01298013, 01347319, PMTR-47561
The "vsx_util reconfigure" command fails with "Failed to fetch configuration information from". Refer to sk98001.
01618097, PMTR-47497
The "vsx_util reconfigure" command on Security Management Server / Domain Management Server fails to resume with "Error: Interface 'Interface_Name' exists in the management database, but not on the gateway". Refer to sk105441.
VPN
PMTR-52904
In some scenarios, Remote VPN client disconnects immediately after a successful connection.
VPNRA-297, VPNRA-298, PMTR-45844
The vpnd daemon may stop working during policy installation when the Mobile Access blade is used.
PRJ-8794, VPNRA-316, PMTR-48740
Improved the Access Control Policy installation time for environments with high amount of objects and enabled IPSec VPN blade. Refer to sk166321.
VPNRA-384, PMTR-55022
Capsule Connect clients may fail to connect to the Security Gateway with the "CCCKMP: Internal error (1008)" error.
PMTR-55254
In some scenarios, Remote Access VPN users are not matched against the Access Control policy, and traffic is dropped.
PMTR-52350, VPNRA-353
Added stability improvement for Remote Access VPN.
LTE
PMTR-21435
Policy verification fails if the policy contains GTP or Diameter services, and you install it on an R8x Security Gateway.
Endpoint Security (SmartEndpoint)
PMTR-49209
A standalone Remote Help Server for Endpoint may not automatically start syncing with the primary Endpoint Management server when it connects for the first time. The result is that users and devices do not show in the SmartEndpoint pre-boot Remote Help and Web Remote Help.
PMTR-7431
When you enable the Endpoint Policy Management blade on a Security Management Server, the connection to these services automatically changes from the default port 443 to port 4434:
Gaia Portal
SmartView Web Application
Management API Web Services
If you disable the Endpoint Policy Management blade, the services connection port automatically changes back to the default 443.
CloudGuard Controller
CloudGuard Controller - General Limitations
PRJ-8142, PMTR-48902
NEW: Added support for Data Center objects with ClusterXL configured in Active/Active mode.
CloudGuard Controller - Security Policy
PMTR-55516, VSECC-1060
NEW: Added support for Data Center Objects on NAT and HTTPS policies.
CloudGuard Controller - Public Cloud: Amazon Web Services, Microsoft Azure and Google Cloud Platform
PMTR-50503
Multi-Queue does not work on StandAlone deployment in CloudGuard IaaS for Azure or AWS, if it is deployed with a Management image
Give us Feedback
Thanks for your feedback!
Are you sure you want to rate this stars?