Support Center > Search Results > SecureKnowledge Details
Check Point R81 Resolved Issues Technical Level
Solution

This article lists all of the issues that have been resolved in Check Point R81 GA.

 

Table of Contents

  • Gaia OS
  • Security Management
  • Multi-Domain Management
  • SmartConsole / Management Console
  • SmartEvent
  • Logging / SmartLog
  • Compliance
  • Security Gateway
  • Threat Prevention
  • VSX
  • VPN
  • LTE
  • Endpoint Security
  • CloudGuard Controller


Enter the string to filter the below table:

ID Symptoms
Gaia OS
ACCL-417 UPDATE: CPView Network -> Top-Protocols and Network -> Top-Connections tabs were added back. Refer to sk167903.
PMTR-57190 UPDATE: Improved Multi-Queue distribution of IPsec SPI traffic.
Notes:
  • This enhancement is supported on the Check Point "CPAC-4-10F-C" expansion line card.
  • This enhancement is supported only on network interface cards that are based on the Intel controllers X710, XXV710 and XL710 (which use the i40e driver). Applies to Check Point Appliances and Open Servers.
  • This feature is not supported on network interface cards that are based on the Intel X722 controller (which also uses the i40e driver).
  • For the non-supported interfaces, the message "Failed to fetch loaded profiles" can appear in the dmesg. You can safely ignore this message.
    Applies to Open Servers only.
PRJ-8583,
PMTR-48127
Multi-Queue configuration cannot be assigned to interfaces that use the "mlx5_core" driver (to check, run the "ethtool -i <name of interface>" command).
PMTR-42485 Multicast PIM traffic register packets are sent with checksum 0xd63f that non-compliant with RFC (should be 0xdeff).
PMTR-46762,
PMTR-46961
The "show neighbors dynamic-table" Gaia Clish command does not show any output.
PMTR-46762,
PMTR-46762
The 'show neighbors dynamic-table' Gaia Clish command does not show any output.
PMTR-47330 Hardware Diagnostic Tool test fails on "Self-test" for 1GbE expansion cards when an SFP transceiver for RJ45 (Copper) is connected to the appliance. Refer to sk112857.
PMTR-50501,
PMTR-51666,
VSECNSX-1511
Output of the "ethtool --show-channels <name of interface>" command does not show the actual number of queues on an interface.
SMCUPG-1254 When connected to Gaia Portal with Internet Explorer and during an upgrade with CPUSE click the "Upgrade Report" link, the report window opens blank and does not show any information.
Security Management
PMTR-47444 Applications like Provider.exe and Fwpolicy.exe (SmartDashboard) cannot be used to connect directly to the Security Management server or the Multi-Domain Security Management server.
PMTR-16114 An administrator fails to log in with SmartConsole after another user was configured in SmartConsole with a name identical to that administrator's name and the session was published. Refer to sk133273.
Multi-Domain Management
PMTR-31302 You can run the mds_import command on the Multi-Domain Server only after a Clean Install. If the mds_import command fails, you must reinstall the Multi-Domain Server.
PMTR-47188 There is no cross-Domain search for network objects. 
PMTR-41626 Creating secondary Domain Management overrides files in $FWDIR/lib/ directory оn the primary Domain Management. Refer to sk122538.
PMTR-47186 A Security Management server cannot be installed as a secondary Management for a Domain server.
PMTR-47552 An administrator with Manage Session permissions on a Multi-Domain Management Server but not on a specific Domain, can manage the session from Sessions view in the MDS level. Session publish may fail.
PMTR-47582 For Multi-Domain Log Servers, Remote Log Servers that are not defined as Domain Log Servers are not supported.
PMTR-45085 The "p1shell" command is obsolete and was removed from the "mdsconfig" menu.
SmartConsole / Management Console
PMTR-49506 UPDATE: LSMcli "Convert ROBO" and "Convert Gateway" commands are now supported.
PMTR-56212 UPDATE: Geo Policy is now supported through Updatable Objects in the Access Control Policy as described in sk126172.
R81 Security Gateways and Clusters no longer support Geo Policy configured in SmartConsole > Security Policies > Shared Polices > Geo Policy.
PMTR-47652,
PMTR-47095
The Device and License Status of Threat Emulation may be incorrect when there is a trial license on the Security Gateway.
PMTR-47197 The Tasks tab -> Script Results supports up to 10,000 characters only.
PMTR-47195 Before you can publish a session, you must connect to it and set the session name and description. 
PMTR-47202 A customized role that has no write permissions, does not appear as read-only in the session view, although it is actually read-only.
PMTR-47556 Disconnecting the SmartConsole session while creating or configuring VSX objects, can cause the management database inconsistency and Administrator will be unable to do any changes with VS. "Internal Error: Cannot get object XXX from table vs_slot_object" message pops-up.
PMTR-47664 Cannot log into SmartConsole after changing the time in the Gaia Portal.
PMTR-47656 When session details enforcement is configured, publishing a remote session is not blocked even if session details are not provided.
PMTR-49269 After opening a number of logs in the Logs and Monitor view, then using the Revert to Revision feature in Manage & Settings, the revert to revision window may show this message: "HTTP ERROR 404".
PMTR-38550,
PMTR-32568
In some scenarios, the "<Object_Name> is no longer supported. Enforcing security for this object is not possible." validation warning appears regarding an updatable object. However, the object is still available in the updatable objects picker.
PMTR-10186,
PMTR-567
In some scenarios (depending on Windows activity), SmartConsole is not disconnected after time specified in SmartConsole -> Manage & Settings -> Permissions & Administrators -> Administrators -> Idle Timeout. 
SmartEvent
PMTR-47079 Importing a large SmartEvent database can take a long time to complete.
PMTR-47711 Correlated "Web Browsing" events are not shown by default. 
PMTR-47476 In R80.x, you can only define SmartEvent at the global level and then configure it to read logs from one Domain or a number of domains. SmartEvent cannot be defined in a specified domain.
PMTR-47719 For SmartEvent connected to R77.x Security Management Server or Multi-Domain Management Server: If an object is not listed in the Log Servers table in the Correlation Unit settings, change the object from the SmartConsole (for example, its color). This will cause the re-synchronization of the object.
PMTR-47713 SmartEvent cannot be enabled on a 5400 Security Appliance.
PMTR-47608 SIC problem with the global SmartEvent object managing a Global SmartEvent object from the Domain/CMA that has the global object assigned to it.
Logging / SmartLog
PMTR-47585 In a Multi-Domain Management environment, you cannot have a dedicated Log server for a specific Domain Management.
PMTR-37258 In a rare scenario on Multi-Domain Server/Multi-Domain Log Server, several Domain Indexer processes may fail with core dump, printing "Failed to start web server (Probably another server listens on the same port)" message into $INDEXERDIR/log/log_indexer.elg file.
PMTR-47210 In some scenarios, Correlation units cannot be added to a remote Log server.
Compliance
PMTR-47763 When there is more than one policy, and a rule changes, Application Control and URL Filtering Best Practices will show incorrect scores until a full scan is run.
Security Gateway
PMTR-48661 When changing the Gaia Management interface, on which Multi-Queue is configured, to a different interface, the Multi-Queue state on the original interface will remain 'off', even when using a global Multi-Queue mode 'auto'. Refer to sk167200.
Threat Prevention
PMTR-55603 Enhancement: Starting from R81, the "exe" file type is selected by default in Threat Prevention profiles.
PMTR-44366 UPDATE: Added these fields to the "Policy" section of Threat Extraction logs:
  • Threat Prevention Rule id
  • Threat Prevention Policy
  • Policy Date
  • Policy Name
  • Policy Management
  • Threat Prevention Rule Name
  • Threat Profile
PMTR-41415,
PMTR-45931
In a ClusteXL Load Sharing mode:
  1. Due to the nature of transferring files over multiple connections, the following protocol features might not be inspected properly:
    • HTTP 206 Partial Content
    • SMBv3 Multi-Channel
    • FTP REST command used over multiple connections
  2. Protection based on threshold count (between connections) might not work properly:
    • Static protections (DNS tunnel, Sweep Scan protection, VoIP SIP, MGCP protection may not work over NAT)
    • Protections that contain cross-connection logic
VSX
PMTR-47781,
GNG-1373
UPDATE: VTI interfaces are now supported in VSX mode.
01298013,
01347319,
PMTR-47561
The "vsx_util reconfigure" command fails with "Failed to fetch configuration information from". Refer to sk98001.
PMTR-59810 Dynamic Balancing is not supported on VSX Gateways and VSX Clusters.
01618097,
PMTR-47497
The "vsx_util reconfigure" command on Security Management Server / Domain Management Server fails to resume with "Error: Interface 'Interface_Name' exists in the management database, but not on the gateway". Refer to sk105441.
VPN
PMTR-52904 In some scenarios, Remote VPN client disconnects immediately after a successful connection.
VPNRA-297,
VPNRA-298,
PMTR-45844
The vpnd daemon may stop working during policy installation when the Mobile Access blade is used.
PRJ-8794,
VPNRA-316,
PMTR-48740
Improved the Access Control Policy installation time for environments with high amount of objects and enabled IPSec VPN blade. Refer to sk166321.
VPNRA-384,
PMTR-55022
Capsule Connect clients may fail to connect to the Security Gateway with the "CCCKMP: Internal error (1008)" error.
PMTR-55254 In some scenarios, Remote Access VPN users are not matched against the Access Control policy, and traffic is dropped.
PMTR-52350,
VPNRA-353
Added stability improvement for Remote Access VPN.
LTE
PMTR-21435 Policy verification fails if the policy contains GTP or Diameter services, and you install it on an R8x Security Gateway.
Endpoint Security (SmartEndpoint)
PMTR-49209 A standalone Remote Help Server for Endpoint may not automatically start syncing with the primary Endpoint Management server when it connects for the first time. The result is that users and devices do not show in the SmartEndpoint pre-boot Remote Help and Web Remote Help.
PMTR-7431 When you enable the Endpoint Policy Management blade on a Security Management Server, the connection to these services automatically changes from the default port 443 to port 4434:
  • Gaia Portal
  • SmartView Web Application
  • Management API Web Services
If you disable the Endpoint Policy Management blade, the services connection port automatically changes back to the default 443.
CloudGuard Controller
CloudGuard Controller - General Limitations
PRJ-8142,
PMTR-48902
NEW: Added support for Data Center objects with ClusterXL configured in Active/Active mode.
CloudGuard Controller - Security Policy
PMTR-55516,
VSECC-1060
NEW: Added support for Data Center Objects on NAT and HTTPS policies.
CloudGuard Controller - Public Cloud: Amazon Web Services, Microsoft Azure and Google Cloud Platform
PMTR-50503 Multi-Queue does not work on StandAlone deployment in CloudGuard IaaS for Azure or AWS, if it is deployed with a Management image

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment