Support Center > Search Results > SecureKnowledge Details
Jumbo Hotfix Accumulator for R81 (R81_jumbo_hf) Technical Level
Solution

Click Here to Show the Entire Article

Availability | Important Notes | List of resolved issues | Installation instructions | Uninstall instructions | Revision History

 

Introduction

R81 Jumbo Hotfix Accumulator is an accumulation of stability and quality fixes resolving multiple issues in different products.

   Supported products and configurations

The Jumbo Hotfix Accumulator supports these products and configurations: Security Gateway, Security Management Server, Multi-Domain Management Server, Log Server, Multi-Domain Log Server, SmartEvent Server, Harmony Endpoint, VSX and Cluster.

  • Install this Jumbo Hotfix Accumulator only after you successfully complete the Gaia First Time Configuration Wizard and reboot.
  • Check Point recommends installing Jumbo Hotfix Accumulator on all R81 devices. 
  • For CPUSE installation, use the latest Deployment Agent build (refer to sk92449).
  • If you install Jumbo Hotfix on a cluster with enabled Identity Awareness, refer to sk170516 to see the procedure Check Point recommends following the installation.


   Support for Scalable Platform and Open Servers

R81 Jumbo Hotfix Accumulator provides support for Security Gateways configurations running on Scalable Platform appliances.

  • For Freshly installed  Scalable Platform appliances, first use the R81 ISO image from the R81 Scalable Platform Home page and then, before placing the machine into the production environment, install the R81 Jumbo Hotfix package from the below table.


Jumbo Hotfix Accumulator FAQ | Releases Terminology | Jumbo Hotfix Takes Compatibility



Availability

    • General Availability Take


      Take_44 is the latest R81 Jumbo Hotfix Accumulator General Availability release that can be directly downloaded from Check Point Cloud using CPUSE and from this article:

      Product Take Release Date CPUSE Offline package SmartConsole package
      Security Management and Security Gateway Jumbo HF Take_44 29 Sep 2021 (TAR) (EXE)
      Build 556
      Blink Image for Security Gateway and Open Server
      Clean Install / Upgrade
      R81 GA Take 392 + Jumbo HF Take_44 12 Oct 2021 (TGZ)
      Blink Image for Security Management - Clean Install / Upgrade (TGZ)
      Blink Image for Multi-Domain Management - Clean Install (TGZ)

     

    • Ongoing Take

      Product Take Release Date CPUSE Offline package SmartConsole package
      Security Management and Security Gateway Jumbo HF Take_56 17 Jan 2022 (TAR) (EXE)
      Build 556

    • Use Check_Point_R81_JUMBO_HF_MAIN_Bundle_T<Take number>_FULL.tgz as the Online Identifier:
      • In CPUSE 
      • In SmartConsole for Central Deployment 


    Important Notes

    • Starting from Take 27, publish and install policy may fail after purging database revisions. For details, refer to sk174703.
    • Take 34: Hardened the ability to use narrowed IKEv2 tunnels. Refer to sk166417.
    • Starting from Take 13, CloudGuard Controller is not supported on Active/Active Cluster (Geo Cluster) in Amazon Web Services (AWS). Refer to sk175904
    • If you use a cluster with enabled Identity Awareness, refer to to sk170516  after the first installation of Jumbo Hotfix to avoid unexpected behavior with Identity Awareness.
    • Starting from Take 42, after performing the Solr Cure procedure, "Check Point defined objects” may not be visible in SmartConsole. The issue is solved in Take 56. For more details, refer to sk177204
    • If you are using a Jumbo Take below the latest GA Take, click here for more important notes
      • Take 23: Web SmartConsole is not available for customers who install Take 23 without having installed a Jumbo Hotfix before. The fix is included in Take 25. For details, refer to sk170314.
      • Takes 23-25: In environments that use Data Type Group objects, the Management server may fail to start after installing Jumbo Hotfix. The fix is included in Take 27. 
      • Starting from Take 34, any manual change of $FWDIR/conf/rad_conf.C file may be overridden by the next Jumbo Hotfix installation. If you edited this file manually, refer to sk163793 and follow the instructions on how to keep your manual changes.
      • When upgrading from Jumbo Takes 17-27 on VSX environment (SP and non-SP), the VSX gateway may experience crash and corrupted file system. The fix is included in Take 34. Refer to sk174191.
      • Take 34 is not compatible with the CloudGuard Network for Public Cloud due to incompatibility with cloud cluster fail-over flow. The fix is included in Take 36.


    List of Resolved issues and New Features per HotFix Take

    Take 56 | Take 51 | Take 44 | Take 42 | Take 36 | Take 34



    Enter the string to filter the below table:

    ID Product Description
    R81 Jumbo HotFix - Ongoing Take 56 (17 January 2022)
    PRJ-34733, PRJ-34961 Security Management, Harmony Endpoint UPDATE: The Apache Log4j Java library is updated in order to harden the system. Check Point products are not vulnerable to Log4j. This change is motivated by cyber hygiene best practices. Refer to sk176865.
    PRJ-34505,
    PRHF-21481
    Security Management The "Accept" button is missing when modifying "Actions" for rules. Refer to sk177204.
    PRJ-32979,
    PMTR-74061
    CPView In Overview, some data about disk space may be missing.
    R81 Jumbo HotFix - Ongoing Take 51 (29 December 2021)
    PRJ-27433,
    PMTR-61440
    Security Management NEW: Added support for CloudGuard Edge appliances in LSM and SmartConsole.
    • Requires R81.00 SmartConsole Build 556 (or higher).
    PRJ-31537,
    MAT-1912
    Security Management UPDATE: The Management API "show-logs" command timeout increased from 2.5 minutes to 5 minutes.  
    PRJ-29237,
    TPM-2843
    Security Management UPDATE: Added a new flag to the Threat Prevention "show-protections" API command ("show-capture-packets-and-track") that allows not to return capture-packets and track information.
    PRJ-30365,
    PMTR-63855
    Security Management UPDATE: Added new flags for Management API commands "add/set simple-gateway" and "add/set simple-cluster":
    • "nat-hide-internal-interfaces" and "nat-settings" for NAT configuration.
    • "fetch-policy" for Fetch Policy configuration.
    • "advanced-settings.sam" for SAM configuration.
    • "advanced-settings.connection-persistence" for Connection Persistence configuration.
    PRJ-27424,
    PRHF-17841
    Security Management UPDATE: The "show application-sites" Management API command now returns additional fields for UIDs of primary category and additional categories.
    PRJ-31057,
    PMTR-64687
    Security Management In rare scenarios, Security Management upgrade or migration may fail due to missing temporary files.
    PRJ-29188,
    PRHF-18470
    Security Management In a rare scenario, High Availability full synchronization may fail due to a large number of records.
    PRJ-29305,
    PMTR-72376
    Security Management In environments with a large number of objects, licenses for cluster members in the Licenses tab may not be displayed.
    PRJ-28901,
    PRHF-18508
    Security Management When searching IP addresses using logical operators (and/or):
    • with SmartConsole in the Object Explorer view
    • with the Management API command "Show objects" and the "filter" field,
    the results may be incorrect. Some matched objects may be missing, while some unmatched objects may be present. 
    PRJ-28649,
    PRHF-18508
    Security Management In some scenarios, when using a VPN community, the status of the Global Domain Assignment may change to "not up to date", although no changes were made in the Global Domain.
    PRJ-28536,
    PRHF-18063
    Security Management In rare scenarios, Global Policy Assignment may fail with the "class name not found for object" error.
    PRJ-27921,
    PMTR-71261
    Security Management In rare scenarios, more than one IP address may be shown in SmartConsole's Sessions view under the "Connected From" column.
    PRJ-28896,
    PRHF-18677
    Security Management If there are no explicit rules in one or more policy layers, policy verification may fail with the "No active rules found in the Security Policy" error.
    PRJ-28001,
    PRHF-18245
    Security Management If Brute Force Password Guessing Protection is set to the value of more than 25 seconds, login to SmartConsole fails.
    • Requires R81.00 SmartConsole Build 556 (or higher).
    PRJ-20287,
    SMCUPG-1533
    Security Management In rare scenarios, the second attempt of a Secondary Management Server upgrade may fail with "Task was interrupted because server restart".
    PRJ-26522,
    PRHF-17679
    Security Management In a rare scenario, policy installation may fail with a "Policy installation had failed due to an internal error" message.
    PRJ-24634,
    PRHF-16582
    Security Management In rare scenarios, policy installation may fail with an internal error due to missing permissions. Refer to sk17384.
    PRJ-26522,
    PRHF-17679
    Security Management In a rare scenario, policy installation may fail with a message: "Policy installation had failed due to an internal error".
    PRJ-25629,
    PRHF-17284
    Security Management In rare scenarios, a Management Server upgrade may fail with an "Object not found - [UID]" error message in the cpm.elg log file.
    PRJ-25566,
    PRHF-17182
    Security Management In rare scenarios, an upgrade may fail when there is an OPSEC Server object configured.
    PRJ-23433,
    PRHF-12488
    Security Management Upgrade to R81 may fail if one of the objects does not have a creator.
    PRJ-28785,
    PRHF-18557
    Security Management In some scenarios, "show-mdss" and "show-domains" Management API commands take a significant amount of time to complete or time out after 5 minutes.
    PRJ-28570,
    PRHF-18422
    Security Management In some scenarios, the Purge Revisions operation fails with the "An error has occurred while performing revisions purge operation, Incident ID - xxxxx-xxxxxxx-xxxxx-xxxxx" error message. Refer to sk174645.
    PRJ-28423,
    PMTR-10273
    Security Management Virtual session timeout for a TCP service cannot exceed 86400 seconds. Refer to sk168872.
    PRJ-28293,
    PRHF-18210
    Security Management In rare scenarios, High Availability incremental synchronization may fail with a wrong status message.
    PRJ-28299,
    PRHF-18362
    Security Management In rare scenarios, High Availability on the Global Domain may fail to synchronize the Multi-Domain Log Server if IPS protection was added or removed in the Threat Prevention rulebase.
    PRJ-28064,
    PRJ-28062
    Security Management In rare scenarios:
    • Login to the Management Server may timeout and fail
    • Publish operation may take a long time.
    PRJ-28088,
    PMTR-70942
    Security Management In some scenarios, the Administrators view may not filter Domain names according to the permission profile of the connected administrator.
    PRJ-13161,
    PRHF-11027
    Security Management The "show-global-assignment" command returns the default limit when the limit request is greater than the default limit.
    PRJ-26736,
    PRHF-17606
    Security Management In a rare scenario, the "show hosts" Management API command with "details-level full" fails with a "Java.util.InputMismatchException: got at least one duplicate UID in requested list, duplicates UIDs:" message.
    PRJ-26677,
    PRHF-17744
    Security Management The "show gateways and servers" Management API command does not show policy information for cluster members.
    PRJ-27486,
    PRHF-18079
    Security Management Global Policy reassignment may fail with "An internal error has occurred" due to duplicated Access Policy Assignment object. Refer to sk174183
    PRJ-27480,
    PRHF-16976
    Security Management If there is an Administrator is named "Endpoint", an upgrade of Endpoint Security Server from R77.30 fails.
    PRJ-21788,
    PRHF-15257
    Security Management In some scenarios, the output of the "cpmistat" command may contain partial information.
    PRJ-29898,
    PRHF-18828
    Security Management In some scenarios, login to a Domain from the System Domain dashboard may fail with "Failed to connect to server".
    Refer to sk174910.
    PRJ-28157,
    PRHF-17926
    Security Management In rare scenarios, if Domain migration fails, the operation may not revert fully and leave some remnants in the database of the Management Server.
    PRJ-29517,
    PMTR-72306
    Security Management In rare scenarios, when installing a policy immediately after publishing a session, the installation is not accelerated.  
    PRJ-29158,
    PRHF-18883
    Security Management Scheduled IPS updates data may not be shown in the IPS update report.
    PRJ-30048,
    PMTR-72849
    Security Management The Management API command "show-sessions" may return sessions that were purged and no longer exist in the Management database.
    PRJ-29968,
    PRHF-19308
    Security Management In some scenarios, simultaneous policy installation on multiple Gateways may fail if there is at least one Gateway on R77.X and one Gateway on R80.X.
    PRJ-25197,
    PMTR-68090
    Security Management The "Packet capture is not supported on this platform" warning appears after policy installation on SMB Gateways, although no packet capture is used.
    PRJ-30622,
    PRJ-30624
    Security Management In rare scenarios, after the Security Management Server starts up, when connecting to SmartConsole, some objects appear more than once.
    PRJ-30054,
    PRHF-18928
    Security Management In rare scenarios, the FWM process unexpectedly exits and fails to start, creating core dumps in the /var/log/dump/usermode directory. Refer to sk175007.
    PRJ-29469,
    PRHF-19006
    Security Management In some scenarios, an API query to VRRP cluster for "show simple-cluster name <name>" returns an incorrect cluster type. Refer to sk174866.
    PRJ-21877,
    PRHF-15460
    Security Management In some scenarios, applying the "Where used" action may show incorrect data when an object exists more than once in an Inline Layer.
    PRJ-21831,
    PRHF-15448
    Multi-Domain Management In rare scenarios, after an upgrade, the CPD process in a Multi-Domain environment may unexpectedly exit, creating a core dump file.
    PRJ-23852,
    PMTR-66674
    Security Management Management Server upgrade may fail, if there is a large amount of customized column profiles in the Logs view. 
    PRJ-30019,
    PMTR-72786
    Security Management In rare scenarios, the "set-group" API command may return the "generic_err_invalid_parameter" error.
    PRJ-27764,
    PRHF-17484
    Security Management The Management API commands "import-smart-task" and "export-smart-task" are enabled at the System Domain level, although Smart Tasks are only supported at the Local Domain level. 
    PRJ-29199,
    PRHF-18782
    Security Management After an upgrade from R77.x. in a multi-site environment, High Availability full synchronization may fail with an "NGM failed to load data" message.
    PRJ-25280,
    PRHF-17037
    Security Management In rare scenarios, login to Multi-Domain Management fails with the "No Valid Domains were found for [username]" error. Refer to sk175005.
    PRJ-28816,
    PRHF-18712
    Security Management In some scenarios, the "show gateways-and-servers" Management API command fails with "generic_error" when running it with "details-level full".
    PRJ-21778,
    PMTR-63316
    Licensing In some scenarios, the total number of "sr" licenses may be counted incorrectly.
    PRJ-27346,
    PMTR-64049
    Licensing In a rare scenario, the licensing status in SmartConsole is displayed incorrectly.
    PRJ-29804 Web SmartConsole NEW: 
    • In the Tasks window, Tasks Filter functionality (all/success/failed)
    • Policy installation: Multiple selection for installation targets Global install policy button
    PRJ-30384,
    PRJ-30370
    CPInfo UPDATE: Added CPInfo build 914000219. Refer to sk92739.
    PRJ-20498,
    PMTR-63033
    CPUSE The "Recommended" Package value is not changed from true to false in SmartConsole while installing Jumbo Hotfix. Refer to sk174508.
    PRJ-22893,
    PMTR-61926
    CPView In some scenarios, SNMP statistics per VS may not be displayed in CPView.
    PRJ-29825,
    PMTR-72671
    SmartView UPDATE: In SmartView, new MITRE ATT&CK techniques were added to the heatmap view.
    PRJ-22159,
    SL-5368
    Logging NEW:
    • In SmartEvent GUI added new products: "Behavioral Guard", "Anti-Exploit", "Anti-Bot" and "Anti-Ransomware"
    • For Endpoint logs correlation, added a new pre-defined event: "Harmony Endpoint" under Legacy -> Endpoint Security.
    PRJ-26809,
    PMTR-70072
    Logging NEW: In SmartEvent GUI, added the "referrer" field for filtering correlation unit events.
    PRJ-25888,
    PMTR-60610
    Logging UPDATE: During Management and Log Servers upgrade from R80.X to R81, indexes, stored in external storage (sk66003), can now be upgraded as part of the flow. 
    PRJ-25897,
    PMTR-69195
    Logging UPDATE: Improved the time of search that require scanning logs for several days.
    PRJ-29117,
    PRHF-11939
    Logging In some scenarios, emails of DLP blade may be sent with obfuscated information, with no option to present the full data. Refer to sk106430.
    PRJ-29221,
    PRHF-12847
    Logging In a rare scenario, Application Control events may not be displayed in SmartEvent.
    PRJ-24979,
    PRHF-16943
    Logging When AES authentication is configured, the "thresold_config" command does not send traps for SNMP v.3. Refer to sk173045.
    PRJ-23868,
    PRHF-16183
    Logging In SmartView reports, the "Show only icon" option for table widgets does not work as expected.
    PRJ-26695,
    PMTR-70010
    Logging When adding the "UC Block" action, log queries may not show UserCheck logs. Refer to sk174543.
    PRJ-25833,
    PMTR-68506
    Logging The INDEXER process on the SmartEvent Server may consume a high CPU when the Mobile Access blade is enabled on the Security Gateway.  
    PRJ-25974,
    PMTR-67094
    Logging In a rare scenario, logs that are created exactly at midnight, are shown  in the SmartConsole Logs view tab but not shown in SmartView web.
    PRJ-24524,
    PMTR-67575
    Logging In a low log rate, there may be a delay in exporting logs using the Log Exporter.
    PRJ-26116,
    PMTR-69276
    Logging In a multi-site MDM environment, Log queries may fail to retrieve results from a CMA or CLM, if there is another CMA or CLM with the same sic_name.
    PRJ-22346,
    PRHF-15696
    Logging In SmartView, the "Duration" field is missing from Reports and Views.
    PRJ-28301,
    PMTR-69800
    Logging When using the LEEF format in the Log Exporter tool, product names miss the last letter.
    PRJ-26726,
    PRHF-17205
    Logging In some scenarios, the FWD process on Security Gateway may cause high memory consumption when Log Forwarding is configured or when running the "fw fetchlogs" command.
    PRJ-27619,
    PRHF-18157
    Logging The CPSEMD process on SmartEvent Server may unexpectedly exit when trying to send two automatic reactions simultaneously for the same event.
    PRJ-27050,
    PRHF-17285
    Logging In rare scenarios, Management object changes may not be reflected in the Logs view. When the issue occurs, the CPM process may also consume a high CPU.
    PRJ-21313,
    PMTR-62117
    Logging
    • In environments with more than 500K network objects, the log_indexer process may lead to a memory leak.
    • In some scenarios, when there are offline logs to index, queries are slower than expected.
    PRJ-28341,
    PMTR-69859
    Logging In some scenarios, Log Exporter configured to export in TLS, cannot authenticate a certificate from an external certificate authority.
    PRJ-25442,
    PRHF-17184
    Logging On a Management Server, with SmartEvent enabled and many Networks configured in the database, login to SmartConsole may fail with an "Error: the operation timeout" message, and the FWM process is running with a high CPU. Refer to sk167239.
    PRJ-29030,
    PRHF-17596
    Logging In rare scenarios, SmartEvent may show no results or partial results in the Audit Log report.
    PRJ-25623,
    PMTR-68809
    Logging In environments with more than 500K network objects, the log_indexer process on SmartEvent and Correlation Unit Server may unexpectedly close with the "Out of memory" error and a dump core file, although limited resolving is enabled (according to sk164452).
    PRJ-23681,
    PMTR-62763
    Logging In rare scenarios, in environments with many network objects, when typing a query in the Logs tab Search bar, SmartConsole may close unexpectedly.
    PRJ-30228 Logging When traffic is dropped due to a Threat Prevention rule, fetching a packet capture from a security blade violation log may not work.
    PRJ-31210,
    PRJ-30722
    Logging In a rare scenario, logs export from SmartView web view to CSV may fail. Refer to sk175545.
    PRJ-29576,
    PRHF-15052
    Security Gateway NEW: Added a new kernel parameter "up_disable_early_drop_optimization_for_reject" to disable "Early Drop Optimization" for reject rules. The parameter is enabled by default.
    PRJ-28853,
    PRHF-18624
    Security Gateway UPDATE: Added DNS Passive Learning support for DNS responses containing the Domain name in uppercase letters.
    PRJ-29443,
    PMTR-72448
    Security Gateway UPDATE: The default value for the kiss_kthread_allow_resched kernel parameter is changed to 1. Refer to sk170560.
    PRJ-32157,
    PMTR-74372
    Security Gateway UPDATE: Apache HTTPD version was updated from 2.4.41 to 2.4.51.
    PRJ-30982,
    PMTR-73404
    Security Gateway UPDATE: Added L3 routing support for bridge interface assigned with IP address. To enable it, set _fw_bridge_with_ip_routing=1_ in the _$FWDIR/fwkern.conf_ file. Refer to sk165560.
    PRJ-29505,
    PRHF-18863
    Security Gateway In some scenarios, using automatic Network Static NAT/Address range objects may cause connectivity issues. 
    PRJ-29088,
    PRHF-13493
    Security Gateway In some scenarios, the CPD process may consume high CPU because of the memory leak in File Download Tool (FDT).
    PRJ-28830,
    PRHF-18098
    Security Gateway Improved the ICAP Server internal memory allocation logic.
    PRJ-26036,
    PMTR-67536
    Security Gateway A "fw_xlate_rule_count_dec: refcount is negative" message may be displayed in dmesg when IP pool NAT is used on a cluster environment.
    PRJ-19771,
    PRHF-14017
    Security Gateway Security Gateway may crash after policy installation. 
    PRJ-24692,
    PRHF-16403
    Security Gateway In rare scenarios, creating a new SAM rule on a Management machine may fail.
    PRJ-25294,
    PRHF-16907
    Security Gateway In rare scenarios, a re-matched connection has 2 logs in SmartConsole.
    PRJ-26077,
    PRHF-11760
    Security Gateway After policy installation, Security Gateway may stop responding due to memory leaks.
    PRJ-26393,
    PRHF-17436
    Security Gateway In some scenarios, the WSDNSD process may unexpectedly exit and create a core file. Refer to sk173627.
    PRJ-28810,
    PRHF-18657
    Security Gateway Added cosmetic fixes of the "cpwd_admin list" command output.
    PRJ-27560,
    PRHF-17949
    Security Gateway In some scenarios, configuring an un-numbered virtual interface may cause ARP requests to stay not answered by the interface. Refer to sk174188.
    PRJ-28104,
    PRHF-18024
    Security Gateway In a rare scenario, a memory leak may occur on the Security Gateway.
    PRJ-27872,
    PRHF-18234
    Security Gateway After a reboot or policy installation, the Cluster Under Load(CUL) messages in the fwk.ekg show CPU usage higher than 100%.
    PRJ-26824,
    PRHF-17872
    Security Gateway In rare scenarios, a duplicate entry may appear in the /etc/cpshell/log_rotation.conf file. This issue is only cosmetic.
    PRJ-27077,
    PMTR-70300
    Security Gateway In rare scenarios, using IP Pool NAT with only IPv4/IPv6 addresses configured may cause Security Gateway to crash. 
    PRJ-27127,
    PRHF-17942
    Security Gateway In some scenarios, the routed process may unexpectedly exit.
    PRJ-28873,
    PRHF-18560
    Security Gateway In a rare scenario, when using ICAP client, Security Gateway may crash. 
    PRJ-26931,
    PRHF-17758
    Security Gateway SNMP lowDiskSpace trap with MDPS does not work with SNMP versions v1/v2 . Refer to sk173811.
    PRJ-26584,
    PMTR-68272
    Security Gateway In a rare scenario, CPView may show incorrect SecureXL statistics per VS.
    PRJ-27651,
    PMTR-70634
    Security Gateway Negative values may appear in the output of the "fw tab -t connections -s" command and under the NAT section.
    PRJ-29130,
    PRHF-18716
    Security Gateway In rare scenarios, policy installation may fail with an "Operation failed, install/uninstall has been improperly terminated" message.
    PRJ-30215,
    MPTT-4834
    Security Gateway In some scenarios, policy installation may take longer or fail when GEO Updatable Objects are used in the policy.
    PRJ-30204,
    PMTR-72814
    Security Gateway In some scenarios, NATed VPN traffic may be routed out through the wrong interface. Refer to sk176785.
    PRJ-29743,
    PMTR-72615
    Security Gateway In a rare scenario, due to TCP connection reuse, a TCP connection may not be initiated Refer to sk11088.
    PRJ-29543,
    PRHF-17386
    Security Gateway  There is no option to enable hyperthreading via cpconfig.
    PRJ-29527,
    PRHF-18984
    Security Gateway In a very rare scenario, the ICAP Server may crash with a core dump file generated.
    PRJ-29420,
    PMTR-71855
    Security Gateway In a rare scenario, policy installation on the Security Gateway may fail with an "Error code: 0-2000108" message. Refer to sk170673.
    PRJ-29139,
    PRHF-18403
    Security Gateway The cpsicdemux process may unexpectedly exit, causing the Secure Internal Communication (SIC) connection to fail.
    PRJ-28554,
    PMTR-71632
    Security Gateway Capsule Workspace end users may fail to authenticate to their Exchange Mail Server via Mobile Access SSO when authenticated with Kerberos, and the end users belong to many user groups or user groups with very long names.
    PRJ-29588,
    PRHF-19049
    Security Gateway In a rare scenario, Security Gateway may crash.
    PRJ-26671,
    PRHF-17760
    Security Gateway In a rare scenario, traffic outage may occur. It is caused by a memory leak related to delayed logs.  
    PRJ-30251,
    PMTR-70219
    Security Gateway Added a translation of the error exit code of cprid_util in $CPDIR/log/cprid_util.elg debug log.
    PRJ-31370,
    PRHF-19693
    Security Gateway Improved the handling of a large number of sessions per single HTTP/S connection.
    PRJ-31031,
    PMTR-69049
    Security Gateway In a rare scenario, the Security Gateway may crash when disabling or enabling Threat Prevention blade.
    PRJ-28680,
    AVIR-1444
    Threat Prevention UPDATE: Added the option to remove proxy usage in ioc_feeds tool.
    PRJ-28520,
    TPP-1291
    Threat Prevention In rare scenarios, the Security Gateway may crash when the TCP connection is unexpectedly closed.
    PRJ-26543,
    PMTR-69186
    Threat Prevention In some scenarios, the IPS update status in SmartConsole is incorrect after the automatic update fails with the "Update failed. Failed to load database" error. 
    PRJ-26007,
    PMTR-68402
    Threat Prevention SSH Deep Packet Inspection (SSH DPI) may fail after upgrade to R81.
    PRJ-25778,
    PMTR-68801
    Threat Prevention In a rare scenario, the FWD process may unexpectedly exit after an upgrade.
    PRJ-28607,
    PMTR-68865
    Threat Prevention Large file transfer in connections inspected by SSH Deep Packet Inspection (SSH DPI) may fail if SSH renegotiation is performed during the transfer.
    PRJ-28764,
    PMTR-71415
    Threat Prevention In some scenarios, when using OpenSSH 8.2 Server, file download fails after starting the transfer.
    PRJ-28939,
    PRJ-28975
    Threat Prevention Improved telemetry for Infinity Vision SOC.
    PRJ-29616,
    PRJ-30706
    Threat Prevention After an upgrade from R80.30, if Custom Intelligence Feeds (IOC) feature is enabled, Threat Prevention policy on VSX cluster may fail with "failed to handle indicators".
    PRJ-29926,
    PRHF-19208
    Threat Prevention Threat Prevention policy installation may fail when loading 2 IOC feeds that contain the same signature name for one of the observables.
    PRJ-28135,
    PRJ-27437
    Threat Extraction In some scenarios, the "fw_send_kmsg: No buffer for tsid 44" error is printed in dmesg.  
    PRJ-29488,
    IDA-4049
    Identity Awareness UPDATE:
    • Increased the default timeout values of entries: connected_pdp_refresh_interval is now set to 240 seconds and connected_pdp_grace_period is now set to 360 seconds.
    • Added the "Identity information / Network information will be deleted" alert to SmartConsole.
    PRJ-32355,
    PRJ-32353
    Identity Awareness UPDATE: The default threshold value for Identity Collector Service Accounts exclusion was changed from 10 to 100. Refer to sk174266.
    PRJ-29397,
    IDA-4087
    Identity Awareness Improved the Identity Server (PDP) performance for publishing new network on Identity Sharing with SmartPull.
    PRJ-27476,
    PRHF-18015
    Identity Awareness When using sk167118, the user may fail to authenticate if the "Ask user for password" checkbox is enabled.
    PRJ-26804,
    MBS-13669
    Identity Awareness In a rare scenario, the Security Gateway may crash.
    PRJ-27943,
    IDA-4112
    Identity Awareness In some scenarios, users may not be able to reach Identity Gateway (PEP). Refer to sk174105.
    PRJ-29614,
    PRHF-18943
    Identity Awareness In a rare scenario, some IPv6 sessions may get deleted due to an incorrect update of Identity Gateway (PEP) kernel tables.
    PRJ-27193,
    PRHF-17768
    Application Control UPDATE: Improved matching of URLs for custom applications.
    PRJ-27260,
    PMTR-65461
    IPS Proxy source IP address is not printed in the IPS logs.
    PRJ-27959,
    PRHF-18158
    IPS In some scenarios for HTTP, Gateway closes a connection from the Server side, but the user side may remain open.
    PRJ-26463,
    PRHF-16635
    IPS An HTTP download of a large file may unexpectedly stop with an error message.
    PRJ-28245,
    PRHF-18338
    IPS In some scenarios, HTTP Parser in the CPView statistics may show incorrect values for connections with more than 50 sessions.
    PRJ-29941,
    PRHF-18992
    IPS In rare scenarios, if IPS Geolocation is enabled, the Security Gateway may crash.
    PRJ-32499,
    PRJ-32415
    IPS In some scenarios, when IPS Automatic update is enabled, a memory leak may occur in the FWD process. 
    PRJ-31694,
    PMTR-73790
    IPS Improved the handling of decoded HTTP/S traffic.
    PRJ-29192,
    TPP-1157
    Anti-Bot UPDATE: Improved performance of Anti-Bot URL Reputation.
    PRJ-29476,
    PMTR-72234
    SSL Inspection In some scenarios, a memory leak may occur when creating ECDHE keys.
    PRJ-30460,
    PRHF-19516
    SSL Inspection In rare scenarios, HTTPS connections may hang indefinitely during the TLS handshake, causing timeout.
    PRJ-30701,
    PMTR-72756
    SSL Inspection,
    VPN
    A memory leak in HTTPS Inspection and HTTPS portals may occur when using ECDHE ciphers.
    PRJ-29269,
    PRJ-29262,
    PRHF-3700,
    PRHF-3742
    Mobile Access In a rare scenario, a memory leak may occur in the CVPND process.
    PRJ-28258,
    PRHF-16057
    Mobile Access In a rare scenario, the VPND process may unexpectedly exit causing user disconnections from Checkpoint Mobile client.
    PRJ-27297,
    VPNRA-761
    Mobile Access In rare scenarios, when SNX client is used with Application mode on the Mobile Access Blade, the VPND process may unexpectedly exit.
    PRJ-27453,
    PRHF-17458
    ClusterXL In a very rare scenario, after adding a member to a cluster, the FWK process may unexpectedly exit, creating core dumps. 
    PRJ-28283,
    PRJ-28054
    SecureXL In a rare scenario, DoS/Rate Limiting when using rules with country codes (CC) or autonomous system numbers (ASN) may not update Geo IP files correctly.
    PRJ-26953,
    PMTR-70242
    SecureXL TCP packets may be dropped as "TCP out of state" although following sk11088.
    PRJ-32940,
    PMTR-75157
    SecureXL In some scenarios, when configuring internal/external enforcement for DOS/Rate limiting, a syslog error message may be displayed.
    PRJ-30030,
    PRHF-19268
    Routing In some scenarios, when BootP is configured, during policy installation, the Security Gateway may become unresponsive and the routed process may crash.
    PRJ-27820,
    PMTR-63965
    Routing If the interface cable is unplugged, after a failover, Border Gateway Protocol (BGP) stops receiving routes from Primary member to Secondary and back to Primary.
    PRJ-23816,
    PMTR-63250
    Routing During the boot process "pbrroute-conf" messages may appear. Refer to sk173514.
    PRJ-26754,
    PRJ-26750
    Routing In some scenarios, the NetFlow Packet may report a wrong source IP Address.
    PRJ-29497,
    ROUT-1745
    Routing BGP sessions may unexpectedly close because of unrecognized AFI/SAFI pairs in multiprotocol capability advertisements from a peer.
    PRJ-28958,
    PRHF-17739
    Routing The routed process may unexpectedly exit when OSPF is configured with the "IsMaxAgeLSAEntry()" assert.
    PRJ-29320,
    ROUT-1721
    Routing AS path loops may occur, although BGP multihop is configured.
    PRJ-28840,
    PMTR-51501
    Routing In some scenarios, an outage may occur because of premature graceful-restart exit.
    PRJ-31127,
    PMTR-73496
    Routing In rare cases, if Graceful Restart is not configured on the BGP peer, BGP routes may be lost near the Graceful Restart ending. 
    PRJ-28172,
    PMTR-71425
    VPN NEW: Added StrongSwan clients counter to the VPN TU Tool.
    PRJ-29533,
    PRHF-18564
    VPN RIM script is not invoked for DAIP peer with Dead Peer Detection (DPD) permanent tunnels in passive mode.
    PRJ-31115,
    PMTR-73488
    VPN In some scenarios, when connecting with both Endpoint and SSL Network Extender (SNX) clients to a single Gateway, a memory leak may occur.
    PRJ-31148,
    PMTR-73511
    VPN In some scenarios, a memory leak may occur when using the SSL Network Extender (SNX) client to create a site.
    PRJ-27856,
    PMTR-71136
    VPN When deleting an entry from m_ht hash table, a memory leak may occur.
    PRJ-27687,
    PMTR-70957
    VPN In a rare scenario, a memory leak may occur.
    PRJ-27683,
    PMTR-71025
    VPN When saving the login info of the client, a memory leak may occur.
    PRJ-27679,
    PMTR-71013
    VPN Reauthentication of the client may lead to a memory leak.
    PRJ-28772,
    PMTR-71850
    VPN In some scenarios, in High Availability clusters with enabled CoreXL, SSL clients cannot connect to the Security Gateway because of incorrect license calculation.
    PRJ-28027,
    PMTR-71319
    VPN When StrongSwan client connecting with a RADIUS user, it may not receive an Office Mode IP address. 
    PRJ-25884,
    PRHF-16370
    VPN In some scenarios, when DAIP peer initiates IKEv2 negotiation with certificate authentication, the VPND process may unexpectedly exit. Refer to sk174665.
    PRJ-28378,
    PMTR-71772
    VPN Improved VPN Site to Site tunnel establishment scenario with IKEv2. Refer to sk175092.
    PRJ-28075,
    PRHF-18369
    VPN A Remote Access client fails to login when a DN record length is bigger than 256. Refer to sk174249.
    PRJ-21639,
    PRHF-15318
    VPN The VPN Logs view show IP address octets in an unexpected (reversed) order. Refer to sk172807.
    PRJ-27814,
    PMTR-71098
    VPN In some scenarios, the VPN tunnel between GCP cluster and GCP peer fails to establish.
    PRJ-27314,
    PRHF-14851
    VPN IPSec VPN uses the wrong source IP address when initiating NAT-T encrypted traffic. Refer to sk172805.
    PRJ-22119,
    PMTR-31204
    VPN In rare scenarios, after policy installation, the VPND process may unexpectedly exit with core dump.
    PRJ-27675,
    PMTR-70855
    VPN In some scenarios, the user may not be able to connect because the CVPND process unexpectedly exits.
    PRJ-25236,
    PMTR-68326
    VPN Added improvements for DAIP Gateway behind Hide NAT and ROBO peer Gateways.
    PRJ-28558,
    PMTR-20176
    VPN In some scenarios, when sending the SCV drop log, a memory leak may occur.
    PRJ-28265,
    PRHF-18295
    VPN A memory leak may occur when clearing the CRL cache file. 
    PRJ-28513,
    PRHF-18408
    VPN In some scenarios, a memory leak may occur on the Security Gateway.
    PRJ-29283,
    PRHF-18818
    VPN In rare scenarios, re-configuring a trusted CA bundle may cause a memory leak in the VPND process.
    PRJ-28506,
    PRHF-18400
    VPN A memory leak may occur in the VPND process.
    PRJ-28575,
    PRHF-17880
    VPN In some scenarios, Server connections to Remote Access L2TP clients may be unstable.
    PRJ-29483,
    PMTR-72463
    VPN A memory leak may occur in the VPND process in IKEv2 Site to Site VPN.
    PRJ-30869,
    PRHF-19755
    VPN A memory leak may occur in the VPND process.
    PRJ-30756,
    PRHF-19484
    VPN In some scenarios, when NAT is enabled, Route Based VPN traffic may be dropped.
    PRJ-17830,
    PRJ-17746
    VSX Recreation of a virtual system may fail due to an internal error.
    PRJ-27970,
    PMTR-35890
    VSX When querying a VS for "sysObjectID" via SNMP, a generic net-SNMP value ("NET-SNMP-MIB::netSnmpAgentOIDs.10") returns instead of a Checkpoint value ("SNMPv2-SMI::enterprises.2620.1.6.123.1.62").
    PRJ-29553,
    PRHF-18753
    VSX After reboot, the VS's clish static arps configurations exist, but the static arps may be missing. 
    PRJ-27543,
    PMTR-70755
    VSX The weight of VSB in "cphaprob stat" is 0. This impacts load balancing between cluster members in a VSX cluster in VSLS mode.
    PRJ-22691,
    PMTR-65535
    VSX This fix allows create/change a VSX cluster/Gateway to have up to 32 CoreXL instances with VSX Provisioning Tool. Currently, it is possible to do this only in SmartConsole.
    PRJ-30276,
    PMTR-72997
    Gaia OS UPDATE: Upgraded OpenSSL to 1.1.1L. Merged the CVE-2021-3711 and CVE-2021-3712 fixes.
    PRJ-25766,
    PRHF-17216
    Gaia OS After 248 days of up time, the VMSS Gateway sends a Cold restart alert reboot, but the VMSS does not reboot. Refer to sk173413.
    PRJ-27001,
    PRHF-17900
    Gaia OS Setting hashed SHA256/SHA512 expert password may fail with an error message: "set password-controls password-hash-type <password_hased> GAIA9999 Invalid Salted Hash". Refer to sk176703.
    PRJ-27613,
    PRJ-27612
    Gaia OS If NTPD service is configured in Management Data Plane Separation (MDPS) settings, NTPD error logs appear in var/log/messages after a reboot.
    PRJ-27696,
    PRHF-17721
    Gaia OS When a non-TACACS user logs out from WebUI, "Cannot get pid" is printed as an error to the /var/log/messages file.
    PRJ-27978,
    PMTR-69876
    Gaia OS A memory leak may occur on a Security Gateway while configuring Secure Internal Communication (SIC).
    PRJ-26024,
    PRHF-12090
    Gaia OS In some scenarios, after an upgrade, Multi-Queue commands may fail without producing any output due to licensing issue. Refer to sk168178.
    PRJ-26430,
    GAIA-8922
    Gaia OS The Link Layer Discovery Protocol (LLDP) sends the hostname with a dot when the Domain name is empty.
    PRJ-28797,
    PRHF-18683
    Gaia OS In a rare scenario, a memory leak may occur in the monitord process.
    PRJ-29858,
    PRHF-17602
    Harmony Endpoint UPDATE: In SmartEndpoint, besides FDE Remote Help, Bitlocker Management Recovery is now available for administrators with limited rights.
    PRJ-29178,
    PRHF-17857
    Harmony Endpoint Remote installation push operation "Deployed new Endpoints" does not work on on-prem Servers because of self-signed certificates.
    PRJ-27751,
    PRHF-18108
    Harmony Endpoint Endpoint Firewall may start dropping all network traffic after a Management Server upgrade from R80.10 or older versions.
    PRJ-31100,
    PRHF-16439
    Harmony Endpoint Restoring a UEPM Server backup via the Web Gaia Portal may not work on a new Server where the UEPM blade is not activated.
    PRJ-30519,
    PMTR-73094
    Harmony Endpoint In the Smart Endpoint tabs, the Server may generate reports where users have long names starting with "ntdomain://".
    PRJ-22501,
    PRHF-15623
    VoIP Holding last source port table lock while searching for next free port may cause performance issues.
    PRJ-29515,
    VSECC-1418
    CloudGuard NEW:
    In Amazon Web Services (AWS):
    • Added Load Balancers tags. The tags can now be viewed in  SmartConsole and added to the rulebase.
    • Added support for IMDSv2
    To enable the feature:
    1. Edit $FWDIR/conf/vsec.conf on the Management Server and add the line: aws.enableLoadBalancersTags=true
    2. From SSH run: vsec stop;vsec start
    Note: This feature requires adding DescribeTags and DescribeLoadBalancers permissions to the AWS Data Centers accounts.

    In Azure:
    • Added Application Security Groups
    • Added Private Endpoints
    To enable the feature:
    1. Edit $FWDIR/conf/vsec.conf on the Management Server and add the line: azure.enableAsgAndPep=true
    2. From SSH run: vsec stop;vsec start
    Note: This feature requires adding permissions to list Application Security Groups and Private Endpoints.  
    PRJ-21216,
    PMTR-63308
    CloudGuard  The mq_mng tool does not show RX/TX packets counter statistics for the virtio_net driver.
    PRJ-29651,
    PRHF-17648
    CloudGuard  Amazon Web Services (AWS) Data Center scan may fail and no updates are sent to the Security Gateway.
    PRJ-22534,
    PRJ-28171
    CloudGuard  In some scenarios, when there are Data Center objects in Access Policy Rule Base, policy verification may fail although policy installation succeeds. 
    PRJ-30042,
    ODU-104
    Smart-1 Cloud If wstunnel loses connectivity, after several attempts it may unexpectedly exit and not restart. Refer to sk166056.
    PRJ-23019,
    PRHF-15000
    QoS Added QoS support for source port matching, allowing DSCP to mark different streams packets correctly.
    PRJ-29526,
    MBS-11085
    Scalable Platforms The "Hits" counter value in the SmartConsole rulebase does not update when traffic reaches a non-SMO Security Group member (for Security Gateway only).
    PRJ-21219,
    MBS-12835
    Scalable Platforms The SSM Allow Management Loss feature (sk145792) sends alerts even if a failure event's duration is short.
    Now the feature sends alerts only if a failure event's duration is long (30 seconds by default).
    PRJ-27511,
    PRHF-17895
    Scalable Platforms In a rare scenario, a memory leak that requires constant reboots may occur.
    PRJ-25358,
    MBS-10733
    Scalable Platforms When restarting the active CMM (for example, with the "ccutil restart_cmm active" command), a chassis may fail over, even if there is a Standby CMM.
    PRJ-25347,
    MBS-10732
    Scalable Platforms In a rare scenario, the Chassis Monitor daemon (cmd) fails to retrieve the CPU temperatures due to an SNMP timeout.
    PRJ-21104,
    SPC-1233
    Scalable Platforms In some scenarios, UIPC feature does not work if a non-VS0 Virtual System is configured with an IP on the same subnet as VS0 management network. 
    PRJ-25340,
    SPC-3100
    Scalable Platforms Allow Management Loss feature (sk145792) may not enter into Management Loss mode when backplane interface total packets amount exceeds 2 Billion.
    PRJ-28286,
    PMTR-71419
    Scalable Platforms Using Static NAT for the destination in asymmetric connections may lead to Out of State traffic drops. Refer to sk174234.
    PRJ-27319,
    PMTR-70850
    Scalable Platforms Added a cosmetic fix in asgPeaksTable.
    PRJ-27264,
    MBS-14076
    Scalable Platforms The "asg perf" command may fail when it calculates the average load of CPU cores when CoreXL uses all CPU cores available in the Security Group.
    PRJ-25368,
    MBS-10506
    Scalable Platforms If a Bond interface that is assigned to a Security Group is configured in the 802.3AD (LACP) mode, packet loss may occur on a Security Appliance when the Security Appliance becomes active after a reboot.
    PRJ-28427,
    PMTR-71406
    Scalable Platforms In some scenarios, running the "asg perf" command with -vv flag fails.
    PRJ-29760,
    PMTR-71418
    Scalable Platforms In a rare scenario, the "asg perf" command may take up to 90 seconds to update the data. The information may differ from CPView results.
    PRJ-30024,
    MBS-13662
    Scalable Platforms When rebooting a member from the standby site, it may send GARP when booting and cause a connectivity issue. Refer to sk176523.
    PRJ-29982,
    MBS-12054
    Scalable Platforms The outage may occur when configuring OSPF over VPN/VTI interface because of a missing cluster IP address for VPN/VTI interface.
    PRJ-25648 Scalable Platforms Collect data and statistics report in a scenario where SSM state has changed to down or entered into management loss mode
    PRJ-25781,
    MBS-13969
    Scalable Platforms In some scenarios, boot on SP VSX setup may fail with an "Unable to open '/vs1/dev/fw0': Connection refused" message.
    PRJ-27828,
    PMTR-71149
    Scalable Platforms In a rare scenario, the "asg diag" command for verifying Interfaces may have an incorrect raw output.
    PRJ-27739,
    PMTR-71092
    Scalable Platforms In rare scenarios, after accelerated policy installation, security members may go to down states.  
    PRJ-28252,
    PMTR-70624
    Scalable Platforms Added support for the command "snapshot-onetime" (import/export, from/to a remote Server) on Scalable Platforms.
    PRJ-29520,
    PMTR-72141
    Scalable Platforms After setting a specific range of blades in gclish, some commands may fail.
    PRJ-29390,
    PMTR-72185
    Scalable Platforms During an upgrade of a Security Group, the "Fetching the policy from the Management Server and installing it" action fails on the upgraded Security Group Members. Refer to sk174844.
    PRJ-25648,
    MBS-11227
    Scalable Platforms Scalable Platform automatically collects statistics and data in the /var/log/ssm_failure_reports/ directory, when:
    • An SSM enters the management loss state. Refer to sk145792.
    • An SSM goes down.
    PRJ-24519,
    MBS-12953
    Scalable Platforms After adding a new user via WebUI, the "asg diag" command may fail on configuration test (config_verify -v) due to inconsistent value in the database. The issue is only cosmetic.
    PRJ-22891,
    MBS-12346
    Scalable Platforms In some scenarios, the "asg diag" and "asg_license_verifier" commands fail with an incorrect message: "ERROR: No license for 'IPS-1' [mandatory feature 'ips']".  
    PRJ-29002,
    PRJ-29001
    Scalable Platforms In some scenarios, after an upgrade of Scalable Platform, reboot of a member may trigger additional reboots.
    PRJ-23306,
    PMTR-60956
    Carrier Security UPDATE: The "FireWall-1 GX" module is renamed to "Carrier Security".
    PRJ-22323,
    PRHF-15689
    Infrastructure In some scenarios, the cpmiquerybin and dbedit processes may unexpectedly exit causing a buffer overflow.
    R81 Jumbo HotFix - General Availability Take 44 (29 September 2021, GA from 12 October 2021)                    
    PRJ-30926,
    PMTR-70151
    VPN In some scenarios, when ipassignment.conf file is used, Remote Access users cannot connect due to Office mode allocation failures. Refer to sk175448.
    R81 Jumbo HotFix - Ongoing Take 42 (1 September 2021)                   
    PRJ-26240,
    PRJ-26233
    Diagnostics NEW: Added the Check Point Performance Sizing Utility (CPSizeMe) v5.2.
    PRJ-24235,
    PMTR-64142
    Licensing UPDATE: If there is no license installed, the error message will be printed when running the "cpstart" command.
    PRJ-24201,
    PMTR-67200
    Security Management NEW: Trusted CAs updates for HTTPS Inspection can be configured to be installed automatically upon update. Refer to sk173629.
    PRJ-27200 Security Management NEW: Added the Hitcount column to the "Export to CSV" functionality in Access Policy.
    • Requires R81 SmartConsole Build 553 (or higher).
    PRJ-24985,
    PRJ-25474
    Security Management NEW: Added ability for R81 Security Management or Multi-Domain Server to manage R81.10 Security Gateway.
    • Requires R81 SmartConsole Build 553 (or higher).
    PRJ-26026,
    PMTR-69307
    Security Management NEW: Added the "get-interfaces" Management API for Security Gateway and Cluster objects.
    • The functionality is parallel to the “Get Interfaces” button in the SmartConsole Network Management page in the Security Gateway / Cluster editor.
    • The API is available starting from version 1.7.
    PRJ-26414,
    PMTR-69791
    Security Management NEW: Added the Management API command "show-layer-structure". 
    PRJ-27122,
    PMTR-70628
    Security Management UPDATE: The "Purge revisions" operation has been improved to further reduce the database's size.
    PRJ-27163,
    PMTR-70138
    Security Management UPDATE: Performance improvement in an upgrade of Security Management and Multi-Domain Servers with large rulebases. 
    PRJ-26194,
    PMTR-69529
    Security Management In a rare scenario, the FWM process may unexpectedly exit.
    PRJ-26184,
    PRHF-17487
    Security Management When running the "fwm logexport" command multiple times, the FWM process may unexpectedly exit, producing a core file.
    PRJ-26124,
    PRHF-17476
    Security Management In some scenarios, HA synchronization fails in the Global Domain after the IPS update.
    PRJ-29004,
    PRHF-18817
    Security Management In some scenarios, Publish operation fails with the  "Object with uid=<RandomCharacters> was updated in the database but its dleConvertedObject wasn't found" error. Refer to sk174703.
    PRJ-25039,
    PRHF-16802
    Security Management In rare scenarios, a task in progress may get stuck until the Management Server is restarted.
    PRJ-24011,
    PMTR-62382
    Security Management In some scenarios, the NAT rule is not enforced when the rule’s name is identical to an object’s name placed on the rule.
    PRJ-25862,
    PMTR-67876
    Security Management When running the "show-tasks" command with Management API and using the "order" parameter, the results are not ordered.
    PRJ-26455,
    PRHF-17433
    Security Management In rare scenarios, the web_api_show_package.sh script fails, and the log shows "Null Pointer Exception".
    PRJ-22135,
    PMTR-63108
    Security Management In some scenarios, a high load on the Management Server may cause SmartConsole slowness.
    PRJ-26630,
    PRHF-17230
    Security Management In rare scenarios during system startup, a cleanup operation may cause high CPU on multiple Postgres processes and prevent login to SmartConsole. Refer to sk175189.
    PRJ-25010,
    PMTR-67525
    Security Management After configuring VPN blade on a Security Gateway with support-visitor-mode using Management API, VPN clients may fail to create sites.
    PRJ-21968,
    PRHF-15471
    Security Management Packet Mode search in rule base ignores matching of inline layer parent rules. In some scenarios, this may retrieve inline layer rules that should not be matched.
    PRJ-22385,
    PRHF-15325
    Security Management User may fail to connect to SmartConsole after the administrator changed the RADIUS Server host IP address. Refer to sk172065.
    PRJ-24331,
    PRHF-16613
    Security Management In some scenarios, the "Recent Tasks" view shows the initiator as a System administrator when the Global Manager user initiates reassign and install policy. 
    PRJ-27621,
    PMTR-69273
    Security Management In a rare scenario, the "Install Database" task may continue to run indefinitely.
    PRJ-26093,
    PMTR-69327
    Security Management In rare scenarios, the Access Control policy installation fails with the "Security Management Server aborted connection" error.
    PRJ-25305,
    PMTR-67893
    Security Management Policy verification may incorrectly fail with the verification error "Rule contains both Access Roles and network objects" when the installation is accelerated.
    PRJ-26343,
    PMTR-59909
    Security Management When installing policy on a gateway for the first time, Threat Prevention policy installation may fail if installed with Access policy.
    PRJ-25687,
    PRHF-17286
    Security Management In some scenarios, a policy installation failure message may show "ReferenceObject" instead of the actual object's name.
    PRJ-24052,
    PMTR-66980
    Security Management If the Management Server is up for many days, the CPM process memory consumption and CPU usage may increase consistently. 
    PRJ-26299,
    PRHF-17531
    Security Management In rare scenarios, tasks may run indefinitely until the Security Management Server is restarted.
    PRJ-26911,
    PRHF-16657
    Security Management Policy installation to multiple gateways from Install Policy Presets may fail if each policy has its own HTTPS Inspection policy.
    PRJ-25838,
    PRHF-17362
    Security Management In some scenarios, deleting a Security Gateway object fails with the "Object <name> is used by a policy or by other objects" error even though the Security Gateway is not in use. Refer to sk173467.
    PRJ-25800,
    PRHF-17324
    Security Management In rare scenarios, if the CPM process is up for many days, CPU and memory consumption mаy continue to grow until a reboot is performed.
    PRJ-25254,
    PMTR-68425
    Security Management Login with Management API fails when using the api-key and setting enter-last-published-session to "true".
    PRJ-26507,
    PMTR-69683
    Security Management Policy verification may incorrectly fail with a NAT verification error "The range size of Original and Translated columns must be the same".
    PRJ-25892,
    PMTR-69154
    Multi-Domain Management NEW: Allow creating Domain Management Servers with a netmask different than the one of the Multi-Domain Server. Refer to sk173934.
    PRJ-26690,
    PMTR-69747
    Multi-Domain Management After migrating the Global Domain and making global changes, when assigning/reassigning the Global Domain, the assignment may be shown as "Up to date" even though the latest global changes are not applied on the Domain.
    PRJ-25518,
    PRJ-25516
    Multi-Domain Management In rare scenarios, in a Multi-Domain environment with active Domains on multiple Multi-Domain Servers, when performing manual HA sync in one Domain, objects from another Domain are not shown in SmartConsole.
    PRJ-25406,
    CPM-2542
    Multi-Domain Management In some scenarios, HA synchronization may fail on the MDS level with the  "Failed to synchronize this peer due to purged revisions in the database." message.
    PRJ-27154,
    PRHF-11539
    Multi-Domain Management OS information for Domain Servers may not be shown correctly at the MDS level.
    PRJ-22639,
    PRHF-15727
    Multi-Domain Management In rare scenarios, the Multi-Domain Management Server may fail to start if Domains were previously deleted.
    PRJ-26302,
    PRHF-17558
    Multi-Domain Management In rare scenarios, Global Domain Assignment and Domain Creation tasks may continue to run indefinitely.
    PRJ-20647,
    PMTR-63143
    SmartConsole NEW: Added the option to print or save (as a file) the Changes Report.
    PRJ-23439,
    PMTR-65297
    SmartConsole UPDATE: Changes report supports up to 50 revisions (instead of 10).
    PRJ-22813,
    PMTR-61013
    SmartConsole Improved adjustment of the scrollbar in the Changes Report window.
    PRJ-26906,
    PRHF-17725
    SmartConsole In some scenarios, loading the Access Control policy causes SmartConsole to close unexpectedly. Refer to sk175405.
    • Requires R81 SmartConsole Build 553 (or higher).
    PRJ-26873,
    PRHF-17640
    SmartConsole In some scenarios, the gateway hardware change in SmartConsole fails with "Changing the hardware to <New_Selected_Check_Point_Appliance> Appliances is blocked." warning.
    PRJ-27576 Web SmartConsole NEW: Web SmartConsole now includes read/write capability for the most common activities. Refer to Take 44 in sk170314
    PRJ-25931,
    PRJ-30691,
    PMTR-69181,
    PMTR-69007
    SmartView NEW:
    • It is now possible to set the default timeframe for all the SmartView web application functionalities.
    • The default value is "Last 24 hours".
    Note: The default time frames on the SmartView web application and SmartConsole are not synchronized.
    • Requires R81.00 SmartConsole Build 553 (or higher).
    PRJ-27301,
    PMTR-70643
    SmartView After upgrade, SmartView scheduled export to Excel of Reports and Views stop running and users are unable to edit the scheduled tasks. Refer to sk174047.
    PRJ-24351,
    PMTR-67284
    CPView In some scenarios, a memory leak may occur in a cpview_services module. Refer to sk173952.
    PRJ-19795,
    SL-4613
    Logging NEW: Added support for Endpoint Forensics reports to get-attachment API.
    PRJ-20258,
    PMTR-57895
    Logging NEW: Log exporter allows the re-export of logs based on starting and end positions provided by the user, to close possible gaps. Refer to sk122323.
    PRJ-21423,
    PMTR-61503
    Logging NEW: The Log exporter now supports formatting for RSA SIEM application.
    PRJ-25596,
    SL-5164
    Logging UPDATE: The Log Server now supports up to 2700 Gateways (previously was 1024). Refer to sk163413.
    PRJ-20136,
    PMTR-62674
    Logging UPDATE: When reverting a Management or Log Server from the R81 version 30 days after the upgrade, logs are no longer fetched or indexed.
    PRJ-25454,
    PMTR-68670
    Logging In rare scenarios, logs generated in the same second, with the same ID, may not show up in SmartConsole's Logs tab.
    PRJ-22650,
    PRHF-15710
    Logging Threat Emulation log description for HTTP emulation is incorrect.
    PRJ-23114,
    PMTR-52927
    Logging In some scenarios in SmartView, exporting a report or view to PDF duplicates the item and displays it twice in the Catalog until the export is done.
    PRJ-23821,
    PRHF-12659
    Logging In rare scenarios, when querying logs with a timeframe larger than 1 day, only 50 logs from each day will be shown.
    PRJ-23581,
    PMTR-65203
    Logging In some scenarios following a Multi-Domain Management Server upgrade, logs queries may not retrieve results from some CMAs\CLMs.
    PRJ-25646,
    PMTR-68886
    Logging In SmartView (Reports and Web Logs view), the value of the file size is displayed differently from the Logs view in SmartConsole (GB instead of GiB).
    PRJ-24488,
    SL-5577
    Logging When a Management Server manages more than 1024 Gateways, the connectivity status may show "N/A" for several Gateways.
    PRJ-24216,
    PMTR-65200
    Logging In а Multi-Domain environment, the same Domain may appear twice in the Domains view of the SmartEvent application.
    PRJ-24706,
    PMTR-67771
    Logging In the SmartConsole Logs&Monitor tab, when the query time-frame is "Last Hour" and auto-refresh is on, if the query time is between 12:00 and 13:00, logs from that time will not be shown.
    PRJ-25657,
    PRHF-7562
    Logging In some scenarios, the log_indexer process consumes 100% CPU and log indexing fails causing log queries to miss the recent logs. The issue occurs when rules have Accounting enabled and there is a lot of traffic matching these rules.
    PRJ-27072,
    PMTR-70430
    Compliance In some scenarios on Multi-Domain environments, Compliance data is not synchronized between primary and secondary Domains. 
    PRJ-24580,
    PMTR-66164
    SNMP NEW: Added CPview network statistics and network profile data to SNMP - throughput, packets rate, concurrent connections, drop reasons, top connections, and more.
    PRJ-24537,
    PMTR-66616
    Security Gateway UPDATE: Added new Dynamic Balancing Clish command to enable default number of instances. To use it, run "set dynamic-balancing state enable ++set_default_fw_instances". Refer to sk164155.
    PRJ-26331,
    PMTR-68117
    Security Gateway UPDATE: The prompt indication will show on which plane (management or data) the context is.
    For example,
    [Expert@Host:0] will be displayed as [Expert@Host:dplane] for data plane
    [Expert@Host:1] will be displayed as [Expert@Host:mplane] for management plane
    PRJ-25102,
    PMTR-62328
    Security Gateway UPDATE: The Connection Tracker (CPView >Advanced > CONN-TRACKER) will be activated by default.
    PRJ-25844,
    PMTR-68979
    Security Gateway Added the Access Control rulebase matching visibility enhancement.
    PRJ-29753,
    PRHF-19043
    Security Gateway In rare scenarios, the Security Gateway may failover while handling the HTTP/2 stream.
    PRJ-27036,
    PMTR-67834
    Security Gateway VSX provisioning may fail to commit changes to the VSX database. Refer to sk173683.
    PRJ-26479,
    PMTR-66746
    Security Gateway In some rare scenarios, when IPv6 is configured and Office Mode Anti-Spoofing is enabled, running "cpstop;cpstart" may cause a Security gateway to crash.
    PRJ-26811,
    PMTR-68115
    Security Gateway In rare scenarios, policy installation may fail with the "Problem with the Commit Function" message.
    PRJ-26409,
    PMTR-69461
    Security Gateway In some scenarios, policy installation on the MDPS Gateway fails with "ERROR: Duplicate keys  in table 'cluster_members_ids_by_ips'" errors in SmartConsole. Refer to sk173485.
    PRJ-24127,
    PRHF-15896
    Security Gateway RADIUS authentication failure messages are written to SmartConsole logs but not presented to a user. Refer to sk173927.
    PRJ-21271,
    PMTR-56012
    Security Gateway In some scenarios, emails may be stuck in the MTA queue.
    PRJ-26016,
    PMTR-68942
    Security Gateway In a rare scenario, a memory leak may occur in in.emaild.mta process.
    PRJ-18127,
    PMTR-60844
    Security Gateway In some scenarios, an incorrect interface name is displayed in CPView.
    PRJ-25393,
    PRHF-17173
    Security Gateway In some scenarios, there is no match on URL Filtering rules.
    PRJ-26269,
    PRJ-26257
    Security Gateway In a rare scenario, incorrect error messages regarding the ICAP client flow appear in dmesg. Refer to sk173546.
    PRJ-26345,
    PMTR-69467
    Security Gateway When using Routing separation and ClusterXL, the "cphaprob -a if" command displays "mdps_tun" as "DOWN".
    PRJ-26152,
    PMTR-69312
    Security Gateway In a rare scenario, a memory leak may occur when IPS / Anti-Bot / Anti-Virus blade is enabled.
    PRJ-25817,
    PRHF-16364
    Security Gateway Added Dynamic Anti-Spoofing stability enhancements.
    PRJ-27624,
    PMTR-71034
    Security Gateway In some rare scenarios, only after a fast policy installation with a Non-FQDN object or an updatable object, wild card domains may not be enforced.
    PRJ-27124,
    PMTR-70644
    Security Gateway Improved Generic Data Center object download to Security Gateway.
    PRJ-25738,
    PRHF-16886
    Security Gateway In some scenarios, Security Gateway may crash when ICAP client is enabled.
    PRJ-26619,
    PRHF-17663
    Security Gateway In some scenarios, "[INFO] encode resource in base64 failed" messages generated by the RAD process are shown in /var/log/messages file.
    PRJ-26596,
    PMTR-70023
    Security Gateway Configuring the "Virtual Activation Timeout" option above 65535 may lead to an incorrect timeout definition.
    PRJ-23066,
    PMTR-63142
    Security Gateway Improved displayed drop log messages on the Security Gateway:
    1. To see drops since the last reboot, use the "fw ctl drop" command.
    2. To see drops in real time, use the CPView tool.
    Refer to sk172232.
    PRJ-22625,
    PRHF-15835
    Security Gateway In some scenarios, the VSX Cluster switch may cause a core dump.
    PRJ-24010,
    PRHF-16196
    Security Gateway In rare scenarios, when the "sd_global_monitor_only" property is set to "true", there is no HTTP inspection.
    PRJ-24903,
    PMTR-66910
    Security Gateway In rare scenarios, the name of the application that drops a packet was not shown in the drop debug. Instead, the “PSL Drop: internal - drop enabled” message was displayed.
    With this fix, the reason for the drop will be displayed.
    PRJ-24838,
    PRHF-15080
    Security Gateway In some scenarios, when moving Mobile Access from Legacy to Unified Policy, previously configured native application may stop working. Refer to sk172935.
    PRJ-23539,
    PMTR-66212
    Security Gateway In some scenarios, values set in fwkern.conf may not be applied correctly.
    PRJ-25553,
    PMTR-67991
    Security Gateway In some scenarios, connections are dropped with the "Virtual defragmentation error: fragment table is full" message.
    PRJ-25483,
    PRHF-17175
    Security Gateway In a rare scenario, the PDPD or VPND process on the Security Gateway consumes a high CPU. Refer to sk173706.
    PRJ-25472,
    PRHF-12897
    Security Gateway In rare scenarios, SmartView Monitor shows the "Error code: 2147483647" message when viewing data from a VSX Gateway.  Refer to sk174206.
    PRJ-25157,
    PMTR-67534
    Security Gateway When running the "fwaccel stats -r" command to reset the SXL statistics, the statistics may become corrupted.
    PRJ-24530,
    PRHF-16667
    Security Gateway In a rare scenario, the FWK process unexpectedly exits on the Security Gateway.
    PRJ-29346,
    PRHF-17221
    Security Gateway In a rare scenario, the Security Gateway may sporadically crash.
    PRJ-18868,
    PRHF-13722
    Security Gateway In rare scenarios, DynamicID authentication fails with a "Server_code 403 log_msg General HTTP error" message in vpnd.elg. Refer to sk170303.
    PRJ-23273,
    PRHF-15932
    Security Gateway In some scenarios, the "fw ctl affinity" command on MPDS Dplane does not show the Mplane Multi-Queue interfaces.
    PRJ-29094,
    PRHF-18786
    Security Gateway In rare scenarios, policy installation fails with "Segmentation fault" and "Error compiling IPv4 flavor" messages.
    PRJ-26140,
    PMTR-69466
    Internal CA UPDATE: Added automatic extension for Internal CA database to support more than 100,000 certificates.
    PRJ-25273,
    PMTR-68358
    Internal CA, VPN, Multi-Portal  UPDATE: The IKE certificate's validity period is set to 1 year by default. Refer to sk176527.
    PRJ-24831,
    PMTR-67854
    Internal CA sk172610 was added to "Failed creating certificate. Certificate with a different letters' case exists" error message.
    PRJ-26649,
    PMTR-70065
    Internal CA This fix will clean up expired certificates from the Internal CA database every three weeks and after reboot.
    PRJ-25544,
    PRJ-26201
    Anti-Virus In a rare scenario, the Security Gateway may crash when working with Anti-Virus.
    PRJ-25245,
    PMTR-68421
    Threat Extraction UPDATE: In Autonomous Threat Prevention (ATP) configured gateway, Threat profile field in sanitization (Threat Extraction) logs will refer to the current ATP profile installed.
    PRJ-26524,
    ODU-78
    Threat Extraction Added Update 4 of Threat Extraction Engine. Refer to sk165832.
    PRJ-22272,
    PRHF-14664
    Threat Prevention Improved the Threat Prevention policy installation time when installing on more than two Security gateways.
    PRJ-25845,
    PMTR-63963
    Threat Prevention In rare scenarios, the Threat Prevention Blade Exception used for performance optimization does not work as expected.
    PRJ-25056,
    PMTR-67604
    Identity Awareness NEW: Added Identity Collector Service Accounts exclusion. The default threshold value is 10. Refer to sk174266.
    PRJ-24690,
    PRJ-25444
    PRJ-21304
    Identity Awareness NEW: Added support for SAML authentication method for Remote Access VPN. Refer to sk172909 for configuration instructions.
    • Requires R81 SmartConsole Build 553 (or higher).
    PRJ-24500,
    PMTR-67597
    Identity Awareness NEW: Added a new Auto-Tune feature for Nested Groups to select the optimal nested state for maximum performance.
    The feature is disabled by default. To enable it, refer to sk128212.
    PRJ-25383,
    PMTR-68590
    Identity Awareness UPDATE: Changed the Web-API conciliation score from 10 to 15.
    PRJ-25926,
    PMTR-68088
    Identity Awareness Optimized the PDP expired timers mechanism performance.
    PRJ-25582,
    IDA-3937
    Identity Awareness In some scenarios, Identity Awareness with enabled Remote Access identity source constantly prints "A secondary session request was received from the same IP" message in the log and overrides the existing session.
    PRJ-17567,
    MBS-11293
    Identity Awareness IDA database may become corrupted on Scalable Platforms configured with multiple Identity Collectors in redundancy mode or Identity Sharing.
    PRJ-26232,
    IDA-4019
    Identity Awareness When the PDP gateway is connected to multiple pre-R81 PEP gateways, the CPU consumption may be high. Refer to sk173709.
    PRJ-29307,
    PMTR-72312
    URL Filtering In some scenarios, HTTPS connections to Servers with untrusted certificates are held and not resumed (page cannot load).
    PRJ-24629,
    TEX-2201
    UserCheck In rare scenarios, when clicking the "Send Original Mail to me" button (sk140214) in the UserCheck portal for Threat Extraction, action fails with "An unexpected error has occured ..." error message.
    PRJ-26166,
    PMTR-69256
    IPS In rare scenarios, the FWK process may unexpectedly exit when installing the policy.
    PRJ-23674,
    PRHF-14886
    IPS A redundant debug message may be displayed in dmesg logs.
    PRJ-22232,
    PRHF-14501
    IPS Packet capture may not be generated for certain IPS protections.
    PRJ-27971,
    PRHF-15586
    IPS Added IPS Core Protections scan improvements for HTTP traffic.
    PRJ-26107,
    PRHF-17301
    IPS Security Gateway may crash when the IPS profile name is very long. Refer to sk174025.
    PRJ-18857,
    PRHF-858
    DLP DynamicID via SMTP does not work when an HTTP proxy Server is defined.
    PRJ-26008,
    PMTR-61844
    SSL Inspection When TLS 1.3 is enabled, a connectivity issue may occur for non-TLS traffic over inspected ports. 
    PRJ-26740,
    PRHF-4657
    SSL Inspection Added an option to bypass Name Constraints extension on certificates using a registry flag. Refer to sk159692.
    PRJ-20681,
    PRHF-14540
    SSL Inspection A table hash size may be too small for some environments and cause an increased CPU usage.
    PRJ-25222,
    PRHF-17088
    Mobile Access Improved the Portal Rendering performance in Unified Policy mode.
    PRJ-21798,
    PMTR-60183
    Mobile Access The "Favorites" button does not work if URL does not start with "https://"
    PRJ-24688,
    PRHF-16135
    Mobile Access In some scenarios, the HTTPD process consumes a high CPU causing slowness in access to web applications.
    PRJ-23732,
    PRHF-16302
    Mobile Access In some scenarios, when configuring the "X-Forwarded-For" header to MAB reverse proxy, the header is passed in reverse order.
    PRJ-25105,
    PRHF-17025
    ClusterXL Data connections from the Standby member of an Active-Standby cluster may be dropped on the stealth rule when "fwha_cluster_hide_active_only" is set to 1.
    PRJ-26575,
    PMTR-69991
    ClusterXL The "set cluster member ccpenc" command description falsely shows that the default setting is off.
    PRJ-26981,
    PMTR-64228
    ClusterXL In some scenarios, in Load Sharing mode, the cphaprob show_bond command on the Security Management Server shows the back-up slave status as "Not Available". Refer to sk175469.
    PRJ-25954,
    PRHF-17427
    ClusterXL Hundreds of VLANs in VSX cluster may cause VLAN to get Internal Communication Network IP (funny IP) address when adding/editing VLAN.
    PRJ-26410,
    PMTR-64102
    ClusterXL Log shows that CCP encryption fails on each policy installation.
    PRJ-23849,
    PRHF-15781
    SecureXL In some non-VPN scenarios, MSS Adjustment (Clamping) does not work.
    PRJ-22786,
    PMTR-65162
    SecureXL In a rare scenario, Security Gateway may crash after running the "fwaccel tab -t connections" command.
    PRJ-27226,
    PRHF-17734
    SecureXL Invalid VLAN traffic may cause repeated "deliver_list is empty!!!" error messages in the /var/log/messages file.
    PRJ-24542,
    PMTR-67556
    SecureXL In a VSX environment, the SYN Defender configuration may not be applied correctly.
    PRJ-25107,
    PRHF-13183
    SecureXL SecureXL keeps forwarding packets in VSX bridge mode when the member is down. Refer to sk169495.
    PRJ-25511,
    PRHF-16656
    SecureXL In a rare scenario, Security Gateway may crash when generating CPInfo in VSX mode.
    PRJ-26925,
    PMTR-69753
    Gaia OS NEW: Added support for new card 4 ports 1/10GbE SFP+ Rev 4.1.
    PRJ-26757,
    PMTR-69435
    Gaia OS In some scenarios, the first packet of any protocol is dropped if there is no ARP cache entry in the ARP table for that destination. Refer to sk173933.
    PRJ-26334,
    PMTR-44510
    Gaia OS In some scenarios on VSX, the "Loading kernel module for a network device with CAP_SYS_MODULE (deprecated). Use CAP_NET_ADMIN and alias netdev-eth instead" message appears in /var/log file.
    PRJ-26329,
    PMTR-69006
    Gaia OS When using routing separation, Clish configuration for the management plane may be missing.
    PRJ-24494,
    PRHF-16665
    Gaia OS In a rare scenario, the Security Gateway may become unresponsive. Refer to sk172827.
    PRJ-24944,
    PRHF-16967
    Gaia OS In some scenarios, Syslog debug messages are incorrectly printed as errors (ERR).
    PRJ-25667,
    PRHF-16999
    Gaia OS In some scenarios, the driver's (i40e) response time for MQ settings takes too long time.
    PRJ-24597,
    PRHF-16780
    Gaia OS When the RADIUS Server uses a multi-pool "Access Challenge", the system sends many authentication requests without waiting.
    PRJ-25375,
    PRHF-15535
    Gaia OS SNMP sysOID 1.3.6.1.2.1.1.2.0 does not return Check Point system information when queried from Maestro Orchestrator.
    PRJ-26576,
    SPC-2237
    Routing In some scenarios, BFM fails to create pseudo interfaces (ethX-XX).
    PRJ-26792,
    MBS-14077
    Routing When working from gclish and Audit Log is enabled, every command is logged twice - once with the real user and once with the admin.
    PRJ-26526,
    MBS-14049
    Routing When using proxy arp on IP address within the same subnet as the cluster IP, no GARP is sent upon failover.
    PRJ-25996,
    PMTR-69290
    Routing In some scenarios, the monitored IP option "force-if-symmetry" does not detect the asymmetric ping properly.
    PRJ-25915,
    ROUT-1502
    Routing Netflow packets are sent from the individual VS IP address instead of VS0.
    PRJ-26970,
    PMTR-66574
    Routing In some scenarios, the routed process may produce a core dump when it receives IGMPv3 Membership Reports over a long period of time.
    PRJ-26962,
    PMTR-65589
    Routing The routed process may unexpectedly exit when candidate RP is enabled, and a rapid failover occurs or when the candidate RP interface is disconnected.
    PRJ-25319,
    PMTR-68232
    Routing In some scenarios, CPView displays incorrect values of RIP statistics.
    PRJ-27060,
    PRHF-17925
    Routing In some scenarios, the routed process may unexpectedly exit when there is a static route and a kernel route to the same destination.
    PRJ-24389,
    MBS-12759
    Routing In rare scenarios, a Load Sharing cluster can experience DHCP relay drops with the "dropped by fw_post_vm_chain_handler Reason: Handler 'dhcp_reply_code' drop" message.
    PRJ-23484,
    PMTR-65524
    VoIP In some scenarios, the "sip_increase_opq_rnum: Error - number of reinvites exceeded the limit" message that indicates the malfunction SIP flow is printed in SIP debug.
    PRJ-23968,
    PRHF-16338
    VSX UPDATE: Added ability to change the Management and Sync interfaces via vsx_util change_interfaces.
    PRJ-19978,
    PRHF-14371
    VSX In some scenarios, the "cpstat vsx" command does not show the correct output. Refer to sk170793.
    PRJ-26355,
    PMTR-69561
    VSX In some scenarios, the priority list cannot be manually set via the "vsx_util vsls" command.
    PRJ-26633,
    PMTR-69220
    VSX A bridge on a regular VS (not VS in bridge mode) is not supported on a VSX cluster in Active/Active mode.
    This fix blocks:
    1. Adding a bridge to a regular VS when the VSX is a cluster in Active/Active mode.
    2. Converting a VSX cluster to Active/Active mode when a regular VS with a bridge exists.
    PRJ-26451,
    PMTR-67687
    VSX In some scenarios, toggling between "Active up" mode and "Primary up" mode of a VSLS cluster with "vsx_util" is not reflected on the Gateway when using the "cphaprob stat" command. 
    This fix ensures that the change will always be reflected on the Gateway.
    PRJ-26443,
    PMTR-69836
    VPN In rare scenarios, a memory leak related to gateway authentication may occur.
    PRJ-26246,
    PMTR-69455
    VPN In some scenarios, the VPND process may unexpectedly exit when connecting with strongSwan client.
    PRJ-26435,
    PRHF-2715
    VPN In a rare scenario, a memory leak may occur when RASession_util is active.
    PRJ-25986,
    PMTR-65599
    VPN In rare scenarios, IKE negotiation fails when using IPv6 addresses. 
    PRJ-26434,
    PMTR-69479
    VPN In a rare scenario, the IKED process unexpectedly exits with core dump when using Office Mode IP allocation for clients and users cannot connect.
    PRJ-26205,
    PMTR-68557
    VPN MEP failover with 3rd party vendors may not work correctly.
    PRJ-26268,
    PMTR-68840
    VPN In some scenarios in MEP configuration, failover to available MEP members may fail.
    PRJ-26400,
    PRHF-17622
    VPN Policy installation may fail when VPN community is not configured on the Security Gateway. Refer to sk174235.
    PRJ-24808,
    PRHF-16698
    VPN Site to Site VPN connectivity issue when NAT is enabled.
    PRJ-26789,
    PMTR-69945
    VPN In some scenarios, an incorrect Host IP address is shown in SmartConsole log when a client is not authorized to log in.
    PRJ-26624,
    PRHF-17733
    VPN Added VPN stability improvement in IKEv2.
    PRJ-22529,
    PMTR-64500
    VPN When Multiple Factor Authentication is configured with DynamicID , VPN clients may receive four password prompts. Refer to sk144932.
    PRJ-28152 VPN In some scenarios, this policy warning is displayed on CMAs: "gen_implied_rule: fail to get rule template ('iked_ports_block_in/out' rule will not be generated)".
    PRJ-25335,
    VPNS2S-2335
    VPN In some scenarios, the "Illegal sequence number" error may be printed in Dead Peer Detection (DPD) debug.
    PRJ-25054,
    PRHF-16121
    VPN In some scenarios, a user may not be able to connect because the VPND process unexpectedly exits.
    PRJ-26342,
    PMTR-69135
    VPN In some scenarios, Phase 2 NULL encryption in IKEv2 fails with "Received notification from peer: No proposal chosen" message in the log.
    PRJ-26928,
    PMTR-70367
    VPN In some scenarios, the VPND process unexpectedly exits after installing the policy.
    PRJ-25134,
    PMTR-68208
    VPN In some scenarios, the VPN Remote Access client cannot reconnect after changing the authentication method.
    PRJ-26176 Harmony Endpoint Harmony Endpoint Web Management Update - Compliance, Application Control, Firewall and export package were added.
    PRJ-26281,
    PMTR-69675
    Harmony Endpoint In some scenarios, the "Pre-boot screen saver" in SmartEndpoint Common Client Settings Policy is not visible.
    PRJ-27583,
    EPS-33262
    Harmony Endpoint In some scenarios, the "Uninstall Client" push operation in SmartEndpoint cannot be initiated and fails with exception.
    PRJ-27321,
    PMTR-70852
    Harmony Endpoint In some scenarios, the EP URL Filtering policy may block websites under category 32 (political/legal) instead of category 31 (phishing). 
    PRJ-28655 Harmony Endpoint In some scenarios, only partial info is shown in Anti-Malware updates dialog window in SmartEndpoint.
    PRJ-25729,
    PMTR-68887
    QoS A memory leak may occur when using Domain names in QoS policy rules. Refer to sk174904.
    PRJ-26795,
    PRHF-17668
    CloudGuard IaaS In some scenarios, CloudGuard Controller fails to fetch data from the standby ACI Server when the main ACI Server is unreachable.
    PRJ-25373,
    PRHF-17170
    CloudGuard IaaS CloudGuard Controller with Cisco ACI Data Center sends updates without IP addresses to Security Gateways.
    PRJ-26798,
    PMTR-69072
    CloudGuard IaaS In some scenarios, CloudGuard IaaS Standby member cannot access the Internet. Refer to sk175108.
    PRJ-21257,
    MBS-10123
    Scalable Platforms NEW: Added support for the new SNMP OIDs to get performance statistics from VSX Virtual Systems.

    Configuration in Gaia gClish
    :
    1. Run: g_all "vsx mstat enable"
    2. Run: g_all "reboot"
    3. Configure SNMP v3 in the VS mode as described in sk90860.
    SNMP OIDs - statistics from the specified Virtual System, statistics from each cluster member:
    Number of concurrent connections - 1.3.6.1.4.1.2620.1.48.30.30.10.1.*
    Physical memory - 1.3.6.1.4.1.2620.1.48.30.40.10.1.*
    Packet rate - 1.3.6.1.4.1.2620.1.48.30.80.10.1.*
    Throughput - 1.3.6.1.4.1.2620.1.48.30.90.10.1.*
    Interface packet rate - 1.3.6.1.4.1.2620.1.48.30.100.10.1.*
    Connection rate - 1.3.6.1.4.1.2620.1.48.30.120.10.1.*
    Virtual memory - 1.3.6.1.4.1.2620.1.48.30.130.10.1.*

    SNMP OIDs - statistics from the specified Virtual System, total statistics from all cluster members
    :
    Total number of concurrent connections - 1.3.6.1.4.1.2620.1.48.30.30.20
    Total packet rate - 1.3.6.1.4.1.2620.1.48.30.80.20
    Total throughput - 1.3.6.1.4.1.2620.1.48.30.90.20
    Total connection rate - 1.3.6.1.4.1.2620.1.48.30.120.20
    PRJ-26563,
    PMTR-66250
    Scalable Platforms NEW: Added new parameters for SNMP traps sent from Security Group Members:
    • chkpnyTrapChassisId : shows the chassis ID of the sender SGM
    • chkpnyTrapBladeId : shows the blade ID of the sender SGM
    PRJ-23649,
    MBS-13202
    Scalable Platforms UPDATE: Removed unsupported OIDs 1.3.6.1.4.1.2620.1.48.20.5 and 1.3.6.1.4.1.2620.1.48.21.5 from the chckpnt.mib file.
    PRJ-25357,
    MBS-13352
    Scalable Platforms UPDATE: Limited the /var/log/dist_mode.log file rotation size to 20MB to prevent exhaustion of disk space.
    PRJ-22208,
    PMTR-64637
    Scalable Platforms UPDATE: Added Member ID to connection and session log.
    PRJ-21245,
    MBS-10229
    Scalable Platforms UPDATE: Added the new column "asgResourceTitle" to the SNMP Table "asgResourceTable". The new column contains the Security Group Member ID and the resource name.
    Format of the output: "Site <Site-ID> Member <Member-ID> <Resource-Name>"
    Example output: "Site 2 Member 1 Memory Utilization

    The SNMP OID of the new column is: asgResourceTable.1.8 (.1.3.6.1.4.1.2620.1.48.23.1.8).
    PRJ-22986,
    PMTR-65813
    Scalable Platforms UPDATE: New OIDs are assigned for these appliances:
    • checkPoint61000 - .1.3.6.1.4.1.2620.1.6.123.1.3001
    • checkPoint64000 - .1.3.6.1.4.1.2620.1.6.123.1.3002
    • checkPoint41000 - .1.3.6.1.4.1.2620.1.6.123.1.3003
    • checkPoint44000 - .1.3.6.1.4.1.2620.1.6.123.1.3004
    PRJ-25785,
    MBS-13716
    Scalable Platforms "Failed to send event 8 SNMP request to chassis module" errors may appear in the messages log.
    PRJ-25526,
    MBS-11956
    Scalable Platforms "set user <username> password-hash" and "set user <username> force-password-change" Gaia gClish commands do not take effect on Security Group Members.
    PRJ-25858,
    MBS-8488
    Scalable Platforms In some scenarios, the fw_full core dump is randomly created on Quantum Scalable Chassis and Quantum Maestro appliances.
    PRJ-25495,
    MBS-11764
    Scalable Platforms In some scenarios, the asg diag test "IGMP consistency" (asg diag print 26) fails on Quantum Scalable Chassis and Quantum Maestro.
    PRJ-25506,
    MBS-11670
    Scalable Platforms fwaccel_dos_rate_on_install is not synced between SGM members. 
    PRJ-25377,
    MBS-12356
    Scalable Platforms If the "Chassis HA mode" is configured as "VSLS", the SNMP query for the OID "asgChassisParamsMaxGrade" (.1.3.6.1.4.1.2620.1.48.28.4.1.4 and .1.3.6.1.4.1.2620.1.48.28.4.1.5) returns a wrong value.
    • With this fix: When the High Availability mode configured to VSLS, Chassis grade will return "N/A". Otherwise the real Chassis grade will be displayed to user.
    PRJ-25376,
    PMTR-65459
    Scalable Platforms The "asg_provision" command fails on hotfix inconsistency if ran outside of the global context (VS instead of VS0).
    PRJ-25374,
    MBS-12834
    Scalable Platforms The "asg_license_verifier -v" command that validates the licenses on SP cluster, may incorrectly fail with "Different licenses are installed across blades" message.
    PRJ-27324,
    PMTR-70795
    Scalable Platforms The VSX gateway creation on Scalable Platforms via SmartConsole or VSX Provisioning tool fails with the "Failed to determine appliance type" error.
    PRJ-27173,
    MBS-14108
    Scalable Platforms The MIB file $CPDIR/lib/snmp/chkpnt.mib fails MIB validation tests in the SNMP tree OID .1.3.6.1.4.1.2620.1.48.0 (asg).
    PRJ-26066,
    MBS-13605
    Scalable Platforms Improved the memory usage calculation by the "asg perf" command.
    PRJ-25671,
    MBS-13627
    Scalable Platforms
    • Output of the "asg perf -p" command shows that the "Throughput" is 0 in the "Firewall" column.
    • Output of the "asg perf -v" command shows the "Throughput" value is lower than expected (the F2F traffic is missing) 
    MBS-13627 Scalable Platforms In some scenarios, SNMP Query for OID .1.3.6.1.4.1.2620.1.48.20.1.0 (asgThroughput) returns a value lower than expected (the F2F traffic is missing).
    PRJ-25542,
    MBS-11427
    Scalable Platforms The FWD process may unexpectedly exit when adding/deleting the "fw samp" rules.
    PRJ-26038,
    MBS-13989
    Scalable Platforms The "asg perf" command may display wrong values for "Throughput" and "Packet rate".
    PRJ-25741,
    MBS-11788
    Scalable Platforms Improved the memory / partitions size validity tests in the "asg resource" command.
    PRJ-25777,
    MBS-6708
    Scalable Platforms When interrupting the "asg_perf_hogs -v" command with the CTRL+C keys, the message on the screen shows "Operation was canceled/terminated by user" instead of "No issues were found".
    PRJ-21329,
    MBS-8558
    Scalable Platforms In rare scenarios, Switch distribution update in an early stage may trigger the FWK process to unexpectedly exit.
    PRJ-21328,
    MBS-9585
    Scalable Platforms In some scenarios, the output of the "asg_policy verify -a" command in the "Summary" section for the Security Group Member shows "Policy date is lower than max policy date".
    PRJ-21323,
    MBS-12525
    Scalable Platforms In some scenarios, SH zombies processes are created after a reboot or policy installation.
    PRJ-22146,
    PMTR-64499
    Scalable Platforms The "delete backup" gClish command deletes backups only on the local member and not on all Security Group members.
    PRJ-21073,
    PMTR-63442
    Scalable Platforms With this fix, sam_policy (samp) rules will be applied to new members added to the Security Group automatically.
    PRJ-22982,
    MBS-7805
    Scalable Platforms After adding a slave interface to a Bond interface, the output of the "asg diag" command shows that the "Distribution Mode" test failed because of an issue with the slave interface.
    PRJ-21832,
    MBS-13133
    Scalable Platforms SNMP query for OID 1.3.6.1.4.1.2620.1.48.20.5 and 1.3.6.1.4.1.2620.1.48.21.5 gives empty result. Refer to sk173423.
    PRJ-21580,
    MBS-8858
    Scalable Platforms Improved the Distribution Mode configuration for Bridge interfaces - each slave interface has a different Distribution Mode.
    PRJ-20750,
    MBS-10656
    Scalable Platforms In some scenarios, the "mq_mng -o -v" command fails with the "Error executing command" error message.
    PRJ-25801,
    MBS-6493
    Scalable Platforms The asymmetric traffic may fail if the "Synchronize connections if Synchronization is enabled on the cluster" checkbox in the "Cluster and synchronization" section of the corresponding service's properties is not selected.
    PRJ-25745,
    MBS-5608
    Scalable Platforms The command help (-h) misses the description of the -b parameter of the "asg_hard_start" command.
    PRJ-25719,
    MBS-6180
    Scalable Platforms Removed the "-amw" flag from the syntax of the "asg stat" command. Run the "asg stat -v" command to get the required information.
    PRJ-22554,
    PMTR-65496
    Scalable Platforms Setting multi-queue on backplane interfaces via "mq_mng -s manual" command fails with the "Error executing command" error.
    PRJ-25344,
    MBS-11411
    Scalable Platforms In some scenarios, the unclear message "Management loss failure" is displayed in the command line.
    PRJ-25572,
    MBS-8473
    Scalable Platforms Removed the "ccutil reset_parity_counter" command from the code.
    PRJ-25576,
    MBS-7630
    Scalable Platforms The output of the "asg stat vs" command in the "Virtual System Status" section shows "active chassis" in lowercase when a Virtual System is in freeze. Now the output shows "Active chassis" with a capital letter.
    PRJ-25589,
    MBS-11765
    Scalable Platforms Gaia users other than the 'admin' cannot use SCP to connect to a Security Group Member, even if the default shell /bin/bash and the 'admin' role are configured.
    PRJ-25463,
    MBS-12375
    Scalable Platforms Gaia gClish command that take more than 60 seconds to execute fail with "CLINFR0739 error in command execution; see "/var/log/messages"." Refer to sk170301
    PRJ-23285,
    PMTR-65791
    Scalable Platforms In some scenarios, the "RTNL: assertion failed" errors appear in /var/log/messages on Quantum Maestro/Quantum Scalable Chassis.
    PRJ-23217,
    MBS-9689
    Scalable Platforms In VSLS scenarios when the SMO is the ARP master, in ACTIVE-ACTIVE state the wrong VS may answer ARPs, causing "out-of-state" in TCP connections.
    PRJ-28053,
    PMTR-71372
    Scalable Platforms In some scenarios, the Maestro Gateway leaves the Security Group.
    PRJ-22976,
    MBS-9077
    Scalable Platforms Setting MTU on Management Aggregation (MAGG) interface may fail.
    PRJ-28016,
    PMTR-71262
    Scalable Platforms In some scenarios, bond interface slave fails to properly initialize and shows a partner system MAC address of 00:00:00:00:00:00.
    PRJ-26992,
    ODU-123
    HCP Added Update 3 of HealthCheck Point (HCP) Release. Refer to sk171436.
    PRJ-24089,
    ODU-91
    HCP Added Update #2 of HealthCheck Point (HCP) Release. Refer to sk171436.
    PRJ-26326,
    CST-212
    Carrier Security The FWK process may unexpectedly exit producing a core dump when the GTP tunnel expires.
    R81 Jumbo HotFix - General Availability Take 36 (19 July 2021, GA from 26 July 2021)                   
    PRJ-28539,
    PMTR-71636
    ClusterXL During Multi-Version Cluster (MVC) upgrade with R81 Jumbo Hotfix Take 34, the "MVC WARNING uninitialized VPN table" message frequently appears in log. Refer to sk174445.
    PRJ-28195 ClusterXL In public cloud environments, CloudGuard Network High Availability/Cluster solutions may incorrectly detect Cluster status.
    R81 Jumbo HotFix - Ongoing Take 34 (27 June 2021)                   
    PRJ-25809 Security Management NEW: Performance improvements for security policy and database installation when R81 Security Management manages R80.40 Gateways.
    PRJ-20295,
    PMTR-62823
    Security Management NEW: Added new API version (1.7.1). For more information, refer to the Management API Reference.
    PRJ-23312,
    ODU-89
    Security Management UPDATE: Added Update 9 of Autonomous Threat Prevention Management (ATPM). Refer to sk167109.
    PRJ-23923,
    PMTR-64482
    Security Management SmartConsole Extensions fail to load with "Error: unable to retrieve read-only session" if login with SmartConsole is performed with an IP address that is not defined as the primary IP of the Management Server.
    PRJ-23774,
    PMTR-66072
    Security Management "Query failed" error is displayed in Security Gateway Device & License Information view in SmartConsole when canceling the "Export to PDF/CSV" operation.
    PRJ-23885,
    PMTR-66708
    Security Management In some scenarios, when updating Check Point Host object to be a Network Policy Management and in addition configuring it as a Secondary Server, "Publish" fails with "Action Failed due to an internal error".
    PRJ-23544,
    PMTR-66182
    Security Management In some scenarios, HA sync in a Multi-Domain environment may fail with the "Failed to import data" error message after the user creates new Permission Roles.
    PRJ-22442,
    PRHF-15754
    Security Management Upgrade or migration from R80.10 and lower to R80.20 and higher may fail with "Scheme adjustment had failed" error in logs. Refer to sk172003.
    PRJ-24487,
    PRHF-16631
    Security Management In very large Management environments, Policy verification and installation may fail with FWM process core dump. Refer to sk173722.
    PRJ-24021,
    PMTR-66953
    Security Management In some scenarios, after upgrade of Multi-Domain environment that has active Domains on multiple Multi-Domain Servers, some objects may not be visible in the System Domain.
    PRJ-24617,
    PRHF-16791
    Security Management In Domain High Availability, policy installation may fail if a Global Dynamic Network object defined and the active peer is the Security Management Server.
    PRJ-23438,
    PMTR-65646
    Security Management When configuring SNMP traps with thresholds_config utility on the Management Server, the settings may not be applied on the Security gateway upon policy installation.
    PRJ-22076,
    PRHF-15725
    Security Management In rare scenarios, the Management Server may fail to start because Solr fails to initialize.
    PRJ-24520,
    PMTR-67390
    Security Management When adding or updating star/meshed VPN community using the Management API and setting default values for ike-p2-use-pfs or ike-p2-pfs-dh-grp fields, the operation mail fail with the validation error.
    PRJ-21400,
    PRHF-15001
    Security Management In rare scenarios, deleting an object fails with "Can't reach source object, maybe it already deleted" error. Refer to sk172828.
    PRJ-23899,
    PRHF-16297
    Security Management In some scenarios, the policy installation may fail after following sk55502. Refer to sk174646.
    PRJ-22202,
    PRHF-15250
    Security Management In some scenarios in Management High Availability environment, after restoring a Domain from backup, the Security Management Server appears as 'Unavailable' in SmartConsole.
    PRJ-24612,
    PMTR-63454
    Security Management Incorrect Mobile Access license status upon a license change.
    PRJ-25032,
    PMTR-68166
    Security Management The "add access-role" Management API may fail when it is configured with base-dn.
    PRJ-25057,
    PMTR-68197
    Security Management In some scenarios, the "set-simple-gateway name ..." and "set simple-cluster name ..." Management APIs may not reach the "SIC Communicating" state.
    PRJ-22132,
    PMTR-61861
    Security Management In a rare scenario, Management HA synchronization fails after the Purge Revisions operation.
    PRJ-20811,
    PMTR-62949
    Security Management On Security Management with connected Endpoint Security Server, the SICTUNNEL process may unexpectedly exit and start again every few minutes with core file ~4gb in size. Refer to sk173704.
    PRJ-22124,
    PMTR-61785
    Security Management Running override_server_setting.sh may not update settings correctly when updating a setting multiple times.
    PRJ-21705,
    PRHF-12911
    Security Management In some scenarios, Apache does not start and shows a "No space left on device" message if the user runs "cprestart" frequently.
    PRJ-22212,
    PMTR-61168
    Security Management In rare scenarios, concurrent update operations performed by several administrators on the Management Server may fail.
    PRJ-23931,
    CPM-3316
    Multi-Domain Management NEW: Once a day, Multi-Domain Management Servers will check for peers that are not synchronized. If such are identified, HA full sync will be automatically initiated at the MDS level.
    PRJ-23698,
    PRHF-16119
    Multi-Domain Management Global Policy Reassignment may take a long time to complete after an IPS Update in the Global Domain.
    PRJ-22924,
    PMTR-65145
    Multi-Domain Management When secondary Domain Management Server is in active state, sicRenew utility may fail with "Certificate cannot be renewed by the Internal CA. (Error no. -179)". Refer to sk172183.
    PRJ-22633,
    PMTR-62650
    Multi-Domain Management UPDATE: Improved the Domain Management Server and Domain Log Server creation and deletion operations.
    PRJ-23160,
    PMTR-64136
    Multi-Domain Management UPDATE: Added stabilization improvement for Assign and Reassign Global Policy operations.
    PRJ-22523,
    PMTR-65290
    Multi-Domain Management In some scenarios, Reassign Global Domain for a Domain that is active on another Multi-Domain Server may fail with "An internal error has occurred" message. Refer to sk172704.
    PRJ-24760,
    PRHF-16660
    Multi-Domain Management Global Policy Assignments may be missing in Multi-Domain environment after upgrade from R77.x.
    PRJ-22139,
    PMTR-64481
    Multi-Domain Management A Multi-Domain Server with dozens of Domains may take a long time to start.
    PRJ-22784,
    SL-5370
    SmartConsole UPDATE:
    1. When using Updatable Objects, Source and Destination fields in logs will display the icon from the matched Updatable Object.
    2. Improved the accuracy of flag icons when using Updatable Objects for Geo-IP restrictions.
    • Requires R81 SmartConsole Build 552 (or higher).
    PRJ-22127,
    PMTR-62338
    SmartConsole SmartConsole configures a default value for the IPv4 mask length of VIP interface each time a user opens the interface editor for cluster object configured in the Active-Active mode. As a result, the value configured by a user is overwritten with the default value each time the user opens the cluster object and clicks OK.
    • Requires R81 SmartConsole Build 552 (or higher).
    PRJ-21908,
    PMTR-61429
    SmartConsole Generating a Changes Report may fail when the changes include new LSM Profiles or Small Office Gateway objects.
    PRJ-23605,
    PMTR-66244
    SmartConsole In some scenarios, a SmartTask may fail to execute its action when it is triggered for a policy installation.
    PRJ-22524,
    PMTR-61526
    SmartConsole "The object specified in 'Always send alerts to' field, has no active 'Logging & Status' blade" error may be displayed after running the "add-simple-gateway" command in Management HA environments where one of the Security Management Servers has the "Logging & Status" blade disabled. Refer to sk172226.
    PRJ-18888,
    PRJ-18886
    CPView CPView shows "N/A" for speed values of some network cards.
    PRJ-22974,
    PRHF-11884
    Compliance Deactivated Compliance Best Practices appear in the Compliance report.
    PRJ-21180,
    PMTR-61750
    Logging NEW: Resource pools for log queries and report generation have been separated to ensure query responsiveness while multiple reports are generated. 
    PRJ-18560,
    PRHF-13614
    Logging In the "Logs" view in SmartConsole, when the query filter contains "time:yesterday" as a literal, the query fails with a "Query resolution failed" error. The pre-defined time filter "Yesterday" shows results from today. Refer to sk170999.
    PRJ-23205,
    PMTR-65244
    Logging In rare scenarios, when creating a Log Server object and establishing SIC, log queries from the newly created Log Server object may fail.
    PRJ-23068,
    PMTR-62454
    Logging When viewing an Access log card that was matched on both a Network layer (firewall) rule and an Application layer rule, and both actions are "Accept", the application layer rule will be presented in the card instead of the network layer rule. Refer to sk172763.
    PRJ-22967,
    PMTR-64536
    Logging In some scenarios, when exporting logs using the Log exporter tool and filtering on all Threat Prevention blades, logs of "Anti Spam" blade are not exported.
    PRJ-23416,
    PMTR-60082
    Logging In SmartView's "Cyber Attack View - Endpoint", the widgets Active/Dormant Attacks and Cleaned/Blocked Attacks show clean hosts as infected (false positive results).
    PRJ-20621,
    PRHF-14608
    Logging In SmartView, when filtering with specific time filters, the result may include more logs than was requested.
    PRJ-22186,
    PMTR-58496
    Logging In SmartView, when the user exports multiple PDF/CSV/Templates of the same view/report at the exact same time, the second export to complete may overwrite the first one.
    PRJ-22250,
    PMTR-65133
    Logging In some scenarios, in the "Views and Reports" of SmartView, it is not possible to use the field "Roles".
    PRJ-23010,
    PRHF-15886
    Logging In rare scenarios, when the user exports logs to Excel using SmartView web, the action fails when the exported logs contain special characters, like emojis.
    PRJ-23283,
    PMTR-65335
    Security Gateway NEW: Added the "Top Connections" tool. For more information, refer to sk172229.
    PRJ-21903,
    PMTR-64675
    Security Gateway NEW: Added new troubleshooting tool to cplic command for Entitlement manager.
    PRJ-19592,
    PRHF-9582
    Security Gateway NEW: Added support for authentication with a RADIUS Server that expects to receive an empty password on the first message. VPN client will receive 2 dialogs instead of 3.
    PRJ-20961,
    PMTR-61684
    Security Gateway NEW: In a Management Data Plane Separation (MDPS) environment, each plane has its own configuration. Run these commands in each plane:
    • save configuration <Name of Script>
    • load configuration <Name of Script>
    PRJ-19989,
    PMTR-59944
    Security Gateway NEW: Added support for Drop templates optimization on accelerated policy installation.
    PRJ-23382,
    PMTR-66195
    Security Gateway NEW: Implemented new Fast-Accel producer.

    The following Fast-Accel statistics are added to CPView:

    • Status: current status of Fast-Accel feature (enabled/disabled).
    • Configured rules: number of rules were added by the user. These rules determines whether a connection should be accelerated or not.
    • Accelerated connections amount: number of accelerated connections.
    • Total connections amount: total connections opened in PPAK.
    • Accelerated connections percentage: percentage of accelerated connections as part of the overall traffic.
    • Services distribution: number of times each service was used by the accelerated connections.
    PRJ-17932,
    PRHF-8504
    Security Gateway UPDATE: Added L3 routing support for bridge interface assigned with IP address. To enable it, set fw_bridge_with_ip_routing=1 in the $FWDIR/fwkern.conf file. Refer to sk165560.
    PRJ-22261,
    PMTR-64681
    Security Gateway UPDATE: Added $CPDIR/log/sic_info.elg log file to show detailed SIC errors.
    PRJ-22988 Security Gateway UPDATE: Added support for DPL for non-FQDN Objects on Cluster Load Sharing environments.
    PRJ-22654,
    PRHF-14534
    Security Gateway UPDATE: Security Gateway performance optimizations for specific scenarios. Refer to sk174607.
    PRJ-23079,
    PMTR-65799
    Security Gateway Enhancement: Early drop optimization will work even if the UserCheck is not relevant for this connection.
    PRJ-20570,
    MBS-12769
    Security Gateway In some scenarios, the "fwauthd_init: got known service port XXX ... choosing another one" message appears repeatedly in the $FWDIR/log/fwd.elg file.
    PRJ-25905,
    PMTR-69241
    Security Gateway In a rare scenario, machine hangs and user is unable to run any command. Refer to sk173405.
    PRJ-24731,
    PRHF-16851
    Security Gateway On rare scenarios, running "fw1 + misp" debug on cluster may cause Security Gateway to crash.
    PRJ-24378,
    SMB-10515
    Security Gateway A memory leak in a DNS resolving infrastructure may occur.
    PRJ-20983,
    PRHF-14104
    Security Gateway In rare scenarios, the CPD process unexpectedly exits when the VPN is enabled, and statuses are not sent to the Management Server.
    PRJ-19359,
    PRHF-14127
    Security Gateway In a rare scenario, the FWK process may unexpectedly exit while passing TLS traffic, resulting in a cluster failover.
    PRJ-21473,
    PRHF-14963
    Security Gateway When the Security Gateway is configured as a proxy, some network objects may not be matched correctly.
    PRJ-21056,
    PRHF-15024
    Security Gateway In a rare scenario, Fast Accel logs are sent although they are disabled on the matched rule. Refer to sk171336.
    PRJ-21012,
    PRHF-15031
    Security Gateway In a rare scenario, Security gateway may crash when using non-FQDN domains in Access policy.
    PRJ-23393,
    PRHF-15802
    Security Gateway Added support for “Other” services configured with IP protocol, but without advanced “Match” expression.
    PRJ-23342,
    PRHF-16111
    Security Gateway Boot may take a long time on machines with many VLANs or secondary IP addresses.
    PRJ-21837,
    PMTR-63900
    Security Gateway The "up_fw_module_load_commit: failed to load" error may be displayed in dmesg during cpstart or policy installation.
    PRJ-24300,
    PMTR-67184
    Security Gateway In a rare scenario, the FWK process unexpectedly exits on the Security Gateway.
    PRJ-24275,
    PMTR-63867
    Security Gateway Allow automatic configuration of Identity Awareness nested group state 4 for Security Gateways with a previously installed fix for IDA-754.
    PRJ-22874,
    PRHF-15786
    Security Gateway In some scenarios, policy installation fails with "Error code 0-2000077" message.
    PRJ-22839,
    PMTR-64303
    Security Gateway In a rare scenario, policy installation may fail with the "problem with the Commit Function" message.
    PRJ-22943,
    PMTR-65733
    Security Gateway In rare scenarios, policy installation fails with "gen_other_service_inspect_func: failed to find corresponding service object for <service name>" error message.
    PRJ-22931,
    PRHF-13912
    Security Gateway When using "User Alert 3" in the code alert, cosmetic error "FW-1: fwdrv_get_string_id_from_code: illegal parameters for code 8" appears in the /var/log/messages file.
    PRJ-22456,
    PMTR-64448
    Security Gateway In a rare scenario, the Security gateway may crash with fwk and fwk_wd core dump files.
    PRJ-23102,
    PRHF-13417
    Security Gateway The connection may not exist in the SecureXL connection table when configuring Smart Connection Reuse kernel parameters and allow out of state TCP packets.
    PRJ-22374,
    PRHF-15705
    Security Gateway In some scenarios, the Security Gateway attempts to access the Management Server through the server's NAT IP address (defined in the "NAT" section of the server object), while the server is reachable only through the main IP address (defined in the "General Properties" section of the server object).

    Refer to sk171665 to configure the required parameter SKIP_NATTED_IP.
    PRJ-23042,
    PMTR-65729
    Security Gateway In a rare scenario, Security Gateway may crash during the Application Control / IPS / Anti-Bot package update.
    PRJ-23949,
    PMTR-66474
    Security Gateway In a rare scenario, Security Gateway may crash when running in USFW (User-Space Firewall) mode.
    PRJ-24294,
    PMTR-67231
    Security Gateway In a rare scenario, Security Gateway may crash during policy installation.
    PRJ-24414,
    PRHF-16452
    Security Gateway In a rare scenario, Security Gateway may crash under heavy load during cluster failover.
    PRJ-23900,
    PMTR-65612
    Security Gateway In a rare scenario, the Security Gateway may crash when GRE or VXLAN interfaces are configured.
    PRJ-21451,
    PRHF-14785
    Security Gateway RSA integration using SAML (Security Assertion Markup Language) protocol may not work as expected. Refer to sk171501.
    PRJ-25304,
    PMTR-68439
    Security Gateway When the Security Gateway is configured as a proxy, some network objects may not be matched correctly.
    PRJ-22740,
    PRHF-15578
    Security Gateway When Strict Hold is enabled in the fail-open configuration, some HTTPS connections may stuck.
    PRJ-25594,
    PRHF-12228
    Security Gateway In some scenarios, packets are dropped due to incorrect SACK translation when SACK and sequence translation are being used together.
    PRJ-23428,
    PMTR-65909
    Security Gateway The VPND process may consume high CPU because of ECDHE use, which affects multi-portal functionality. Refer to sk173145.
    PRJ-24466,
    PRHF-15688
    Security Gateway In a rare scenario, Security Gateway may crash when handling some DNS packets.
    PRJ-19413,
    PMTR-60877
    Security Gateway The "new-conn-rate" DOS/Rate limiting rules may not be enforced in usermode when enforcement for internal interfaces is disabled.
    PRJ-23518,
    PMTR-20344
    Application Control In some scenarios, the fw_full (fwd daemon) unexpectedly exits producing a core dump file and causing a cluster failover.
    PRJ-21772,
    PMTR-58795
    Application Control A failure log may be generated when inspecting connections to servers with certificates without a common name (CN) field.
    PRJ-24479,
    PMTR-67931
    Threat Extraction,
    Threat Emulation
    In some scenarios, License errors for Threat Emulation and Threat Extraction blades are displayed for NGTP customers that use Autonomous Threat Prevention.
    PRJ-24924,
    PMTR-61787
    Threat Prevention UPDATE: Added support for more than 20 CIFS objects in rulebase. Refer to sk170300.
    PRJ-21883,
    PRHF-15174
    Threat Prevention Policy installation fails if it contains objects with "://" text.
    PRJ-23571,
    PRHF-15500
    Threat Prevention Security Gateway may crash when transferring the HTTP multipart traffic if the Anti-Virus Deep Scanning, Threat Extraction, or Threat Emulation is enabled.
    PRJ-19558,
    PMTR-61333
    Threat Prevention In some scenarios, "cpssh_trans_endpoint_handle_session_travers_timeout: INTERNAL ERROR" errors are displayed in the fwk.elg file when inspecting SSH traffic.
    PRJ-20485,
    PMTR-61702
    Threat Prevention In rare scenarios, Security Gateway may crash when working with SSH.
    PRJ-20814,
    PMTR-61640
    Threat Prevention Large file download with SFTP may fail when the connection is inspected.
    PRJ-21279,
    PMTR-60297
    Threat Prevention Removed the "beta" label from SSH DPI's SSH server identification string.
    PRJ-23037,
    PMTR-65728
    Threat Prevention In rare scenarios, Security Gateway may crash if event app debug flag is enabled.
    PRJ-24193,
    TPE-453
    Threat Prevention In rare scenarios, the Threat Prevention policy is not enforced after a reboot of the Security Gateway.
    PRJ-21656,
    PMTR-63310
    SSL Inspection UPDATE: Avoid sending the TLS probe during the inbound inspection when a rule is matched according to the IP address.
    PRJ-20486,
    PMTR-62467
    SSL Inspection Memory leak may occur during policy installation.
    PRJ-19857,
    PMTR-61029
    SSL Inspection TLS probing failures generate logs with a general description in SmartLog: "Internal system error in HTTPS Inspection (Error Code: 2)". With this fix, more descriptive logs will be generated.
    PRJ-24421,
    PMTR-66343
    SSL Inspection Improved performance of the TLS handshake when TLS 1.3 support is enabled.
    PRJ-19765,
    PMTR-62211
    SSL Inspection In rare scenarios in mixed IPv4/IPv6 environments, some connections may fail.
    PRJ-22428,
    PMTR-64992
    SSL Inspection In some scenarios, the "Parallel TLS Sessions" and "Cache entries" CPView statistics for SSL Inspection are incorrect.
    PRJ-23398,
    PMTR-66181
    SSL Inspection In rare scenarios, the wstlsd daemon may unexpectedly exit during TLS probing.   
    PRJ-23442,
    PMTR-65718
    SSL Inspection In some scenarios, memory leaks may occur after policy installation.
    PRJ-20237,
    PMTR-59665
    SSL Inspection In a rare scenario, some errors in requests to the Security Gateway are ignored and can cause the connections to remain open instead of being closed.
    PRJ-25055,
    PRHF-14178
    SSL Inspection In some scenarios, when HTTPS Inspection is enabled, overall memory consumption may gradually increase. Refer to sk171280.
    PRJ-21028,
    PMTR-63319
    Anti-Malware Improved the way Threat Prevention distinguishes between .docx, .pptx, .xlsx and .zip files.
    PRJ-24782,
    PRHF-16849
    Anti-Malware In a rare scenario, the Security gateway may crash with the "Problem with the Commit Function" error during policy installation. Refer to sk173248.
    PRJ-23037,
    PMTR-65728
    Anti-Malware In rare scenarios, Security Gateway may crash if event app debug is enabled.
    PRJ-21458,
    PRHF-14980
    Identity Awareness In some scenarios, the VPN Remote Access client fails to connect if a certificate contains a DN with an asterisk (*). 
    PRJ-22360,
    IDA-3759
    Identity Awareness In some scenarios, output of "pdp conn pep" command may show incorrect PEP names.
    PRJ-20460,
    PMTR-52079
    IPS UPDATE: Exceptions are now enforced for these IPS protections:
    • ASCII Request Response
    • ASCII Response Response
    • HTTP Header Patterns
    • HTTP URL Patterns
    • CIFS File Patterns
    Refer to sk166222.
    PRJ-23191,
    PRHF-15832
    IPS In rare scenarios, the Security gateway may crash.
    PRJ-22514,
    PMTR-65461
    IPS Proxy source IP address is not printed in the IPS logs.
    PRJ-22405,
    IPS-352
    IPS In some scenarios, the DNS response message with record type 0 may be dropped by "Non compliant DNS" protection.
    PRJ-20714,
    PRHF-13454
    IPS In rare scenarios, policy installation fails due to duplicate id in IPS Snort protections.
    PRJ-22398,
    PRHF-15404
    IPS The "ciu_lic_open_lic_db_file: crc check failed" error message may be printed in fwd.elg log file during the policy installation if the IPS blade is disabled. Refer to sk172903.
    PRJ-24254,
    PMTR-66115
    Anti-Virus UPDATE: Reduce performance when Anti-Virus is configured with deep inspection on all file types.
    PRJ-23929,
    PMTR-66261
    Anti-Bot UPDATE: Anti-Bot URL cache was enhanced to support further requests.
    PRJ-23982,
    PRHF-16392
    UserCheck Sensitive file push.js may be visible on the Security gateway.
    PRJ-21297,
    PMTR-63495
    URL Filtering UPDATE: Improved RAD event output to provide additional information on events, such as detailed timing. This update also activates the retry mechanism by default.
    PRJ-22333,
    PMTR-21454
    Mobile Access In some scenarios, the VPND process unexpectedly exits in SNX Application Mode.
    PRJ-23093,
    PRHF-12121
    Mobile Access In some scenarios, the FWK process unexpectedly exits due to SNX authorization timeout in MAB's Unified Policy mode. Refer to sk173125.
    PRJ-23654,
    PMTR-60065
    Mobile Access Remote Access session may not be synced on the standby member VS.
    PRJ-21644,
    PMTR-60226
    Mobile Access Mobile Access may overwrite the /etc/hosts file on Security Gateway.
    PRJ-21700,
    PMTR-64360
    ClusterXL UPDATE: Added the fwha_disable_ccp_on_monitor global kernel parameter. The parameter turns on/off the sending of CCP packets on link monitor interfaces.
    PRJ-26458,
    PRHF-13428
    ClusterXL UPDATE: Added clusterXLFailover to the database to have the ability to set SNMP traps to monitor cluster failovers. Refer to sk173810.
    PRJ-19515,
    PRHF-14206
    ClusterXL In some scenarios, the required interface value is higher than it should be when adding a VLAN interface.
    PRJ-22151,
    PMTR-63571
    ClusterXL During active-active-bridge mode, the "show routed cluster-state" command may display some members as slave instead of master.
    PRJ-21350,
    CLUS-1804
    ClusterXL In some scenarios, a large quantity of logs is generated on cluster VIP API.
    PRJ-21974,
    PMTR-64480
    ClusterXL In some scenarios, when using IPv6 link-local VIP and dynamic routing protocols, failovers can cause a temporary outage.
    PRJ-25943,
    CLUS-1804
    ClusterXL In some scenarios, the user cannot run any dynamic routing or install any static routes, including the default route.
    PRJ-24146,
    PMTR-67140
    SecureXL UPDATE: Firewall debug drop template message now indicates the rule ID the template was created from.
    PRJ-18063,
    PMTR-60766
    SecureXL UPDATE: Changed the "accept out of state" global parameter usage and added support to change it for specific VS. Refer to sk147093.
    PRJ-24653,
    PMTR-67738
    SecureXL In some scenarios, the "reached the limit of maximum enqueued packets!" log is printed in the /var/log/messages file.
    PRJ-23461,
    PRHF-16084
    SecureXL A race condition in the DOS/Rate limiting policy's install logic may cause incorrect counter values for "concurrent-conns".
    PRJ-19373,
    PRHF-14133
    SecureXL Security Gateway may crash when the user runs "fwaccel tab -t" to view certain rate limiting tables that have a large number of entries.
    PRJ-20434,
    PMTR-58524
    SecureXL In some scenarios, DOS/Rate Limiting rules that do not work as expected may be created.
    PRJ-22169,
    PRHF-15607
    SecureXL Rate limiting rules using concurrent-connection counters may cause connections to be blocked. 
    PRJ-22917,
    PRHF-15478
    SecureXL Improved the Smart Connection Reuse feature to be consistent with the user configuration. Refer to sk24960.
    PRJ-22437,
    PRHF-15755
    SecureXL In some scenarios, the concurrent-conns rate limiting count may be inaccurate for FTP data connections.
    PRJ-22290,
    PMTR-62849
    SecureXL TCP reset packets may be dropped with an invalid sequence.
    PRJ-24478,
    PRHF-16658
    Routing UPDATE: Allow "set bgp internal peer <value> send-route-refresh" commands.
    PRJ-23146,
    PRHF-16038
    Routing UPDATE: Added "$" to the list of allowed characters for BGP MD5 authentication passwords in in WebUI and CLI.
    PRJ-23501,
    PRJ-23499
    Routing UPDATE: Added support for PBR with VTI/VPN interfaces.
    PRJ-24499,
    PMTR-66844
    Routing In some scenarios, after member failover, some traffic may be lost.
    PRJ-23742,
    PMTR-62549
    Routing After restarting OSPF with the "restart ospf instance default" command, OSPF may not redistribute routes until making a configuration change.
    PRJ-24404 Routing VRRP member freezes when deleting a VLAN interface. Refer to sk106226.
    PRJ-24717,
    PRHF-16801
    Routing In OSPF environment, the routed process may unexpectedly exit when a VPN tunnel is flapped leading to a temporary connectivity loss.
    PRJ-25042,
    PRHF-16981
    Routing In a rare scenario, the routed process unexpectedly exits when creating an MFC (S,G) entry. Refer to sk176685.
    PRJ-22386,
    MBS-9798
    Routing In some scenarios, Fragmented traffic is dropped when using L4 Distribution. Refer to sk167198.
    - VPN Hardened the ability to use narrowed IKEv2 tunnels. For more information, refer to sk166417.
    PRJ-23843,
    PMTR-66754
    VPN UPDATE: Option 3 of the "vpn tu" command shows now the realm name and if the authentication was performed with the server certificate.
    PRJ-24813,
    VPNS2S-2313
    VPN UPDATE: Added VPN improvements in IKEv2:
    • Added support for IKEv2 authentication when using multiple certificates.
    • Added support for “Matching info” authentication.
    PRJ-21904,
    PMTR-63196
    VPN Added major VPN enhancements for Scalable Platforms. Refer to sk174228.
    PMTR-63196 VPN Added Improvements for VPND resiliency (disabled by default in this release).
    VPNS2S-2313 VPN Invalid ID information” message may be displayed when peer is 3rd party and Link selection is overridden.
    VPNS2S-2313 VPN IKEv2 may cause the VPND process to exit unexpectedly when IKEv2 rekey uses certificates.
    VPNS2S-2313 VPN
    • Stability improvement of IKEv2 rekey when using Pre-shared-key
    • Stability improvement of cluster synchronization mechanism
    PRJ-24255,
    PRHF-15984
    VPN In some scenarios, the TTM (Transform Template) file is not loaded when there are no TTM groups for the user.
    PRJ-26350,
    PMTR-69744
    VPN If SSL Inspection or other blades that use the CPAS infrastructure is enabled, a call trace warning is displayed in dmesg when the cpstop command is issued.
    PRJ-22416,
    PRHF-12576
    VPN Remote Access users may randomly disconnect because the Tunnel test packets are mapped to the incorrect interface. Refer to sk172328.
    PRJ-25490,
    PMTR-68687
    VPN In VSX environments, Anti-Spoofing in SecureXL may cause Remote Access VPN drops. Refer to sk173266.
    PRJ-24889,
    PMTR-63753
    VPN In some scenarios, the "Global param: operation failed: Unknown parameter (param name vpn_cluster_on_aws)" cosmetic error may appear in dmesg.
    PRJ-23304,
    PMTR-66146
    VPN In rare scenarios, the VPND process may unexpectedly exit in an L2TP-related flow.
    PRJ-23975,
    PMTR-65986
    VPN In some scenarios, the IKED process unexpectedly exits producing a core dump.
    PRJ-23986,
    PMTR-66902
    VPN In some scenarios, the he VPND process may unexpectedly exit producing a core dump.
    PRJ-21944,
    PRHF-15509
    VPN In some scenarios, VPN Remote Access users are disconnected after policy installation. Refer to sk171966.
    PRJ-24573,
    PRHF-9691
    VPN Added IKE improvement for DAIP peer with ID_DER_ASN1_DN ID type.
    PRJ-22414,
    PMTR-60014
    VPN In some scenarios, L2TP tunnel is not deleted completely upon disconnection. 
    PRJ-22544,
    PRHF-14102
    VPN Added stability fix in validation checks for ECDSA certificates.
    PRJ-22285,
    PRHF-14819
    VPN When the Remote Access is configured to use DHCP for the Office Mode allocation, disconnection of SNX/L2TP clients may cause the IP address not be removed from the table.
    PRJ-23826 Gaia OS NEW: Adding support for Smart-1 600-S/M appliances. Refer to sk171903.
    PRJ-21432,
    PRJ-21424
    Gaia OS NEW: Added support for hardware (sensors/NICs) data auto-update.
    PRJ-22843,
    PMTR-55383
    Gaia OS UPDATE: Added the option to bind IP addresses to sockets using the udp_connect API. Refer to sk171019.
    PRJ-26746,
    PMTR-70210
    Gaia OS The raid_diagnostic command fails on Smart-1 3050/3150/5050/5150 appliances. Refer to sk173788.
    PRJ-24606,
    PMTR-67624
    Gaia OS Updated the OpenSSL version in the RPM database.
    PRJ-24134,
    PRJ-23252
    Gaia OS Added timestamp, hostname and syslog version control to syslog messages. Refer to sk100727.
    PRJ-22877,
    PRHF-15925
    Gaia OS In rare scenarios, Clish unexpectedly exits when configuring the ip-conflicts-monitor on more than 4 interfaces simultaneously.
    PRJ-21920,
    PRJ-17304
    Gaia OS Unable to set MTU on Igb cards.
    PRJ-23615,
    PRHF-16252
    Gaia OS In rare scenarios, there is a difference between the value of "Packets" in the output of "ifconfig <interface name>" and "show interface <interface name> statistics" commands.
    PRJ-23586,
    MBS-9917
    Gaia OS In some scenarios, Bond interface's slaves stop sending LACP Traffic after reboot. Refer to sk169977.
    PRJ-22794,
    PRHF-15900
    Gaia OS In rare scenarios, "show asset network" command may lead to memory leak. Refer to sk174823.
    PRJ-22923,
    PMTR-62465
    Gaia OS "kernel: [SIM4];resume_from_error: failed to get ci_or_corr" error message may be printed numerous times in /var/log/messages file while running UDP Traffic Load. Refer to sk172543.
    PRJ-23330,
    PRHF-16081
    Gaia OS The "snmptable" command may fail to fetch data via SNMP producing core dump. Refer to sk172824.
    PRJ-23422,
    PMTR-65206
    Gaia OS The administrator cannot force a password change to users with UID 0.
    PRJ-23491,
    PMTR-64696
    Gaia OS When bond/bridge interfaces configured with IP conflicts monitoring are deleted, they still appear under the configuration of ip-conflicts-monitor.
    PRJ-24174,
    PRHF-16489
    Gaia OS In rare scenarios, the Security Gateway may crash during tcpdump. Refer to sk141412.
    PRJ-22216,
    PRHF-15159
    Gaia OS "show configuration on" may not expose bond' members.
    PRJ-23829,
    PRHF-16241
    VSX In rare scenarios, the Wrp interface may not come up. Refer to sk171753.
    PRJ-24383,
    PRHF-16604
    VSX In rare scenarios, when the VSX cluster experiences an outage, the FWK process generates a core dump file.
    PRJ-27489 VSX In rare scenarios after Jumbo Hotfix installation, the Security Gateway may crash and a file system becomes corrupted. Refer to sk174191.
    PRJ-21717,
    PMTR-64430
    CloudGuard Azure Improved performance consistency (with Multi-Queue) after the Microsoft Azure Maintenance event.
    PRJ-20396,
    PMTR-60449
    CloudGuard IaaS In some scenarios, failover to another APIC server fails.
    PRJ-23380,
    PRHF-13883
    CloudGuard IaaS The SNMP response may show incomplete values.
    PRJ-23122,
    PMTR-60974
    Endpoint Security NEW: Added an option to configure email alert for Endpoint High Availability synchronization issues.
    • Requires R81 SmartConsole Build 552 (or higher).
    PRJ-22511,
    PMTR-65440
    Endpoint Security In rare scenarios, the Endpoint server fails to start after uninstalling Jumbo Hotfix.
    PRJ-24340,
    PMTR-65923
    Endpoint Security In some scenarios, device duplications appear in SmartEndpoint.
    PRJ-24279,
    PMTR-66083
    Endpoint Security In some scenarios, the "Included Blades" tab in the SmartEndpoint Package repository for Dynamic Package is empty. 
    PRJ-23055,
    PRHF-15942
    Endpoint Security In some scenarios, Compliance status shows "Status information is missing" in SmartEndpoint for all computers although the blade is installed and running.
    PRJ-25251,
    PMTR-68435
    Endpoint Security In some scenarios, the Policy server fails to synchronize with Endpoint primary Management after installing a hotfix for local E1 signature updates.
    PRJ-23133 IoT NEW: Added new features:
    1. Custom tags support - Any custom tag can be now used within a policy.
      • Add it to the $VSECDIR/conf/IotTags.conf configuration file
      • Run vsec off; vsec on
    2. Zone tag - The ‘Zone’ tag is now considered as a built-in tag. 
    PRJ-25721 IoT UPDATE: If the recommended-policy includes some illegal rules, an IoT layer will be created with the legal rules only and the user will be notified with a warning about the illegal ones.
    PRJ-20922,
    PRHF-14900
    QoS Security gateway may crash in QoS flow when interface goes down and up during packet processing.
    PRJ-22800,
    ODU-81
    HCP Added Update 1 of HealthCheck Point (HCP) Release. Refer to sk171436.
    R81 Jumbo HotFix - General Availability Take 29 (24 May 2021, GA from 29 Jun 2021)                   
    PRJ-26320,
    PMTR-66768
    Logging After installing R81 Jumbo Hotfix Take 25 or higher, when running a Logs Query after 12:00 pm, all logs of the first half of the day are not shown in the Logs View. This issue occurs only on the same day of Jumbo hotfix installation and is cosmetic only (all logs are indexed correctly).
    PRJ-25524 Security Gateway In some scenarios, "dst_release: dst:ffff88052d4c68c0 refcnt:-480" messages may be printed in dmesg regarding HTTPS traffic when SSL Inspection blade is enabled.
    R81 Jumbo HotFix - Ongoing Take 27 (26 April 2021)                   
    PRJ-24974,
    PRHF-16965
    Security Management In environments that use Data Type Group objects, the Management server may fail to start after installing Jumbo Hotfix Take 23.
    PRJ-24913,
    PMTR-67937
    Security Management "Unauthorized client" error on login failure from an IP address that is not explicitly defined in the Trusted Clients list. Refer to sk173026.
    R81 Jumbo HotFix - Ongoing Take 25 (08 April 2021)                   
    PRJ-21007,
    PRHF-14969
    Security Management NEW: Improved FWM process performance during Security policy or database installation. 
    PRJ-22314,
    PRJ-22315
    Security Management NEW: Performance improvement of Management High Availability Full Sync.
    PRJ-18428,
    PMTR-61041
    Security Management UPDATE: In High Availability environment, Assign and Reassign Global Policy actions are not supported for a Domain if the active Domain Server for this Domain is a Security Management device. The assignment will be performed after change-over to the primary Domain Server.
    PRJ-21873,
    ODU-82
    Security Management UPDATE: Added Update 8 of Autonomous Threat Prevention Management (ATPM). Refer to sk167109.
    PRJ-21239,
    PMTR-62918
    Security Management In some scenarios, the log file of PostgreSQL (postgres.elg) may become very large.
    PRJ-23500,
    PMTR-66213
    Security Management In some scenarios, verification errors regarding conflict of rules may be missing if the policy installation is accelerated and the target is a cluster.
    PRJ-20805,
    PRHF-14691
    Security Management In some scenarios, delete partial domain with createDomainRecovery.sh script fails when there are several RadiusGroup objects with the same name in different domains.
    PRJ-21704,
    PMTR-64423
    Security Management In large environments with High Availability, synchronization and upgrade may fail due to very large database size.
    PRJ-22519,
    PMTR-64104
    Security Management Policy Installation may fail with "Error code: 0-2-2000245" message when using IPv6.
    PRJ-20128,
    PMTR-62503
    Security Management Data Center objects defined in NAT and HTTPS Inspection rulebases may not be enforced correctly after policy installation that was accelerated.
    PRJ-21417,
    PRJ-20995
    Security Management In rare scenarios, the initiation of the Management server may take a long time.
    PRJ-20305,
    PRHF-14634
    Security Management In some scenarios, deleting a Domain Server may fail with "Got at least one duplicate UID in requested list" error.
    PRJ-21360,
    PRHF-14606
    Security Management In some scenarios, the Purge Revisions task may stop and show 0% for hours or fail with the "An error has occurred while performing revision purge operation" message in SmartConsole.
    PRJ-17790,
    PRHF-13382
    Security Management In some scenarios, policy verification for static NAT rules succeeds even though the source subnet NAT is bigger than the destination subnet NAT.
    PRJ-20888,
    PRHF-14946
    Security Management In some scenarios, when connecting to an existing session in SmartConsole from a different IP address, a wrong "Client IP" is shown in Audit Logs view.
    PRJ-21587,
    PRHF-15222
    Security Management In rare cases, the CPM Solr process may not be stopped when running cpstop or mdsstop.
    PRJ-20766,
    PRHF-14399
    Security Management High load may occur on the Management Server when searching for a prefix of IP address that has more than 10 thousand matches.
    PRJ-21185,
    PMTR-63358
    Security Management In rare scenarios, logout from a session fails with "An internal error has occurred" message.
    PRJ-19720,
    PMTR-62272
    Multi-Domain Management The Multi-Domain session APIs "view sessions" and "show last-published-session" results may include sessions that were not filtered according to the administrator's permissions profile.
    • A Domain manager running the API will be notified when the results will be filtered and will be asked to run the command again with the "ignore-warnings" flag
    PRJ-21913,
    PMTR-64572
    Multi-Domain Management In some scenarios, installation of Jumbo Hotfix on Multi-Domain Server may fail after running restore from backup.
    PRJ-21081,
    SMCUPG-1625
    Multi-Domain Management In some scenarios, HA Full Sync on the System Domain fails after upgrade on a Multi-Site environment with multiple Multi-Domain Servers. Refer to sk171059.
    PRJ-21344,
    PRJ-16910
    Multi-Domain Management When running many Reassign Global Domain operations for Domains that are not active on the current Multi-Domain Server, the load on the Server may increase and result in slowness of user and automation work.
    PRJ-20952,
    PMTR-62383
    SmartConsole After a network interface is removed by cluster API, a network group assigned to that interface remains as used by cluster members and cannot be deleted.
    PRJ-21627,
    PMTR-55104
    SmartConsole In Multi-Domain environment with High Availability using Security Management Server, if the Security Management is the active peer for a Domain assigned to the Global Domain, the Policy Package creation may fail.
    PRJ-20241,
    PRHF-14533
    SmartConsole When there are no search results, search in Access Control Policy displays "An error occurred while searching" instead of "No Items Found".
    PRJ-19932,
    PRHF-14278
    SmartConsole In rare scenarios, the "Show Policy Package" tool and some Management API commands with "details-level full" may fail when UTM cluster is part of the policy targets.
    PRJ-20316,
    PRHF-14637
    SmartConsole In some scenarios, the "show gateways-and-servers" Management API command fails when running it with "details-level full" and when connected to the Global Domain. Refer to sk170895.
    PRJ-19142,
    PRHF-14010
    SmartConsole In some scenarios, the "add-user" API command with authentication method TACACS+ or Radius server fails with "object not found" message. Refer to sk170325.
    PRJ-18923,
    PRHF-13879
    SmartConsole In some scenarios, the "show-access-rulebase" Management API command fails when running it with details-level "full" and there is a network group with more than 50000 objects on one of the rules. Refer to sk170435.
    PRJ-21160,
    PMTR-63555
    SmartConsole If there is an HTTPS Inspection layer that is not used in the policy, policy installation may fail with the "Internal error" message.
    PRJ-21624,
    PRHF-15156
    SmartConsole In some scenarios, FWM process logs show Provisioning/LSM activity even though LSM is not in use. Refer to sk171905.
    PRJ-21390,
    PMTR-63149
    SmartConsole Slowness may be observed in some SmartProvisioning operations (like open SmartProvisioning GUI, create a new LSM object, open an LSM object editor, etc.).
    PRJ-22223,
    PMTR-32568
    SmartConsole In some scenarios, a validation warning may appear on an updatable object with the following message: "Object is no longer supported. Enforcing security for this object is not possible." However, the object is still available in the updatable objects picker.
    PRJ-22050,
    PMTR-62337
    SmartConsole In some scenarios, the Hit count information in the Access Policy rulebase is not shown correctly.
    PRJ-20776,
    PRHF-13197
    Compliance In some scenarios, an incorrect Compliance status for Gaia OS Best Practices is displayed.
    PRJ-19303,
    PRHF-11595
    Compliance Compliance Blade may not scan inline layers for Application Control and URL Filtering best practices.
    PRJ-22825,
    PRHF-15936
    Logging NEW: Log server now supports up to 4 billion logs per day in Index mode (previously it stopped indexing with a limit of 2 billion logs).
    PRJ-21380,
    PMTR-63927
    Logging In some scenarios, in Multi-Domain servers with many domains, the Solr process for logs may unexpectedly exit.
    PRJ-19011,
    PRHF-13936
    Logging In a rare scenario, CPD process may use a random port for AMON communication instead of port 18196.
    PRJ-24068,
    PMTR-66159
    Logging In Smart-1 6000-L and 6000-XL, drill down to a log card from the Logs view does not bring results.
    PRJ-20587,
    VPNRA-642
    Mobile Access Removed potential XSS vulnerability in the MAB Login page.
    PRJ-21112,
    PRHF-14953
    Security Gateway Authentication may fail when LDAP branch name contains "\".
    PRJ-18980,
    PRHF-13153
    Security Gateway In some scenarios, PPTP or GRE traffic may be dropped. Refer to sk170293.
    PRJ-19801,
    PMTR-60336
    Security Gateway Improved the policy enforcement of the ZIP archive inner files.
    PRJ-21613,
    PRHF-14715
    Security Gateway Security Gateway may crash when "Categorize HTTPS Websites" feature is enabled and categorization mode is set to "Hold".
    PRJ-20341,
    PRHF-14616
    Security Gateway In rare scenarios, passive FTP packets may be dropped.
    PRJ-21200,
    PMTR-63550
    Security Gateway The VMCore file may be created during reboot after the upgrade procedure.
    PRJ-22082,
    PMTR-64650
    Internal CA In a rare scenario, "This operation is not supported on STANDBY members" message is displayed and the cpca_client process unexpectedly exits when trying to renew a certificate on a standby Domain.
    PRJ-21727,
    PMTR-64420
    Content Awareness In a rare scenario, Security Gateway may crash when CPcode is running within Content Awareness or parser flow.
    PRJ-20848,
    PRHF-14347
    Identity Awareness In some scenarios, running pdpd commands results in "daemon did not respond or not running!" error. Refer to sk171136.
    PRJ-22016,
    IDA-3194
    Identity Awareness Added optimization for PDP when handling Terminal servers Multi-User Host Agent (MUH).
    PRJ-20349,
    PRHF-14266
    IPS In rare scenario, the SmartConsole shows the "IPS is not responding" message even though IPS is functioning normally.
    PRJ-17883,
    PMTR-59113
    Anti-Virus UPDATE: Improved Anti-Virus buffer allocation to reduce stack size. 
    PRJ-20839,
    PRHF-14744
    DLP Improved DLP scanning for POST request to some Web sites.
    PRJ-21711,
    PMTR-64263,
    PRJ-21991,
    PMTR-64780
    SSL Inspection In rare scenarios, a memory leak may occur in a crypto module.
    PRJ-20977,
    PRHF-14820
    Anti-Malware In rare scenarios, the Threat Prevention policy installation fails due to IOC parsing errors. Refer to sk171316.
    PRJ-18958,
    PRHF-13881
    ClusterXL When MDPS is configured, the output of "cphaprob syncstat" may show unreadable characters for the speed of the sync interface.
    PRJ-19665,
    PRHF-13929
    SecureXL In some scenarios, connections are dropped when SYN Defender and ISN Defender are both enabled on the same interface.
    PRJ-20547,
    PRHF-14680
    SecureXL Security Gateway may crash when there are interfaces that do not need the ARP resolution (VTI).
    PRJ-22489 Gaia OS NEW: Added support for Smart-1 6000-L/XL appliances. Refer to sk171903.
    PRJ-23358,
    PMTR-65962,
    PRJ-24397,
    PMTR-67460
    Gaia OS UPDATE: Upgraded OpenSSL to 1.1.1k to fix CVE-2021-3449 and add the latest security improvements. Refer to sk172983.
    PRJ-20733,
    PMTR-63201
    Gaia OS CVE-2020_25705: ICMP reply rate.
    PRJ-21721 Gaia OS The "show configuration" command cannot print Gaia user with spaces in name.
    PRJ-21827,
    PRHF-12751
    Gaia OS In some scenarios, the "rhost" value may be missing from logs when the user tries to access the WebUI.
    PRJ-18852,
    PRHF-13802
    Gaia OS In some scenarios, the "show arp dynamic all" command displays values of VS0 instead of VS.
    PRJ-20286,
    PRHF-13475
    Gaia OS Messages log level in /var/log/messages file for ERR level was changed to INFO level when fetching proxy configuration from Clish/WebUI/Gaia API.
    Example: [DATE TIME] <daemon.err> ... xpand[25958]: proxy_live_get_proc: Started...
    PRJ-19975,
    PMTR-62104
    Gaia OS In some scenarios, bond interface bandwidth monitored via SNMP is missing.
    PRJ-17684,
    PMTR-60173
    Gaia OS When upgrading with enabled Management Data Plane Separation (MDPS), an additional reboot may be required.
    PRJ-18941,
    PRHF-13812
    Gaia OS In some scenarios, the "... fwldbcast_handle_retrans_request: Updated bchosts_mask to 1" message may be printed in /var/log/messages file.
    PRJ-21667,
    PRHF-15328
    Gaia OS In some scenarios, policy installation on a Check Point Gateway in Azure causes the Gateway to crash and load a default policy. Refer to sk171553.
    PRJ-21261,
    VSX-2520
    VSX Allow the addition of routes with specific group of type "Group with Exclusion" when using VSX Provisioning tool.
    PRJ-20965,
    VSX-2519
    VSX After running "vsx_util vsls" and selecting option #6, the operation may fail with the "Internal Error: got empty reply set" error. Refer to sk171352.
    PRJ-13302,
    PMTR-63247
    VPN NEW: Added 3 new views to SmartView for Remote Access, providing visibility for Remote Access users, users login summary, failed login attempts, used clients, top login options, number of users, operating systems, authentication methods and login activity.
    PRJ-17616,
    PMTR-57245
    VPN UPDATE: Added:
    • VPN Remote Access StrongSwan IKEv2 client logs.
    • Key install logs with StrongSwan IKEv2 client improvement to show the correct authentication method.
    • RAsession_util with StrongSwan IKEv2 client improvement.
    PRJ-19217,
    PRHF-13685
    VPN Site to Site VPN fails to establish with IKEv2 on GCP when NAT-t is enabled.
    PRJ-21544,
    PMTR-64128
    VPN Added VPN Remote Access stability improvement.
    PRJ-22219,
    PRHF-15006
    VPN When static NAT is configured on a destination, the SCV may fail to access the internal resources and "No scv status from client..." drops appear in SmartConsole. Refer to sk171550.
    PRJ-19905,
    PRHF-14090
    VPN Mobile Access SNX may fail to connect to the Security gateway when the realm used by the client is different for the SSL VPN realm.
    PRJ-21235,
    EPS-30018
    Endpoint Security NEW: Added Application Control and Developer Protection support in Endpoint Web Management.
    PRJ-21750,
    PMTR-60418
    Endpoint Security On the SmartEndpoint Reporting page, the "Endpoint Connectivity" report that is filtered by a virtual group returns an empty list. 
    PRJ-21915,
    PMTR-50113
    Endpoint Security In some scenarios, the "Endpoint Security Client Version" report shows "N/A" in DAT Date column for all devices on the SmartEndpoint Reporting page.
    PRJ-21106,
    PMTR-62363
    Endpoint Security Adding devices to virtual group using the epmcommands tool may fail.
    PRJ-19313,
    PRHF-13909
    CloudGuard IaaS When creating a GCP Data Center, Test Connection may fail on large GCP accounts.
    PRJ-23944,
    PMTR-66384
    Maestro VSX "dxl stat" and "dxl calc" commands may fail on non-VS0 context with the "failed to retrieve dxl information" error.
    R81 Jumbo HotFix - General Availability Take 23 (25 March 2021, GA from 5 Apr 2021)                   
    PRJ-23912,
    PRHF-16377
    Security Management Accelerated Policy installation may fail with the "Error Code: 2000232" message if this policy contains changed services. Refer to sk172484.
    PRJ-23583,
    PMTR-66363
    Endpoint Security Endpoint Security Clients may disconnect after installing R81 Jumbo Hotfix on a Management that was upgraded from the previous versions. Refer to sk172485.
    R81 Jumbo HotFix - Ongoing Take 17 (01 March 2021)                   
    PRJ-22324,
    PMTR-62199
    Security Management Accelerated Policy installation may fail when a Custom Application is used in Access Control policy, URL Filtering blade is enabled and Application Control blade is disabled on the selected gateway.
    PRJ-22277,
    PMTR-65110
    Multi-Domain Management In some scenarios, updating a Domain Server may fail with the "<IP> already in use" message. Refer to sk171916.
    PRJ-20150,
    PRHF-14537
    VSX In rare scenarios, some interfaces remain in "Down" state after reboot.
    R81 Jumbo HotFix - Ongoing Take 13 (08 February 2021)                   
    PRJ-19946,
    PMTR-62429
    Security Management NEW: Added new Management HA utility to schedule automatic full syncs to peers that failed to be synchronized incrementally.
    PRJ-18434,
    PMTR-60665
    Security Management NEW: The upgrade process is being monitored dynamically and will be stopped if it cannot be completed, not basing on a timeout.
    PRJ-19545,
    ODU-73
    Security Management UPDATE: Added Update 6 of Autonomous Threat Prevention Management (ATPM). Refer to sk167109.
    PRJ-20165,
    ODU-76
    Security Management UPDATE: Added Update 7 of Autonomous Threat Prevention Management (ATPM). Refer to sk167109.
    PRJ-19972,
    PRJ-13465
    Security Management UPDATE: If a Management HA synchronization stalls (displaying "Peer is busy"), it will be released within 2 hours instead of 24 hours.
    PRJ-20032,
    PMTR-61770
    Security Management UPDATE: When purging revisions, task notifications will also be purged if created before the last revision to purge was published.
    PRJ-20001,
    PRHF-14293
    Security Management UPDATE: Added improvements in policy load process, to reduce the policy installation time when having large amount of objects.
    PRJ-22105,
    PRJ-21382
    Security Management In some scenarios, the installation time of Jumbo Hotfix Take 11 on the Management Server may take up to several hours.
    PRJ-18253,
    PRHF-12594
    Security Management When logging into SmartConsole directly to a Domain using Radius or TACACS, the Authentication method in the audit log may show as "Internal Password". Refer to sk168716.
    PRJ-17693,
    PRHF-13332
    Security Management In some scenarios, HA temporary sub-directories in $FWDIR/tmp are not deleted if sync fails. Refer to sk170972.
    PRJ-18289,
    PMTR-61010
    Security Management In rare scenarios, the CPU and memory usage of CPM process may be abnormally high. Refer to sk170672.
    PRJ-18266,
    PRHF-13607
    Security Management 'Revert to Revision' tasks cannot be cleared from tasks pane in SmartConsole.
    PRJ-19105,
    PMTR-61908
    Security Management In some scenarios, Management HA change-over to Security Management Server Backup fails with the "Failed to communicate with the peer" message.
    PRJ-20564,
    PMTR-62785
    Security Management In some scenarios, policy installation on LSM Gaia cluster profile fails with "Policy installation had failed due to an internal error" message.
    PRJ-17563,
    PRHF-12885
    Security Management In some scenarios, reassigning a Global Policy may fail if the Global and local domains are not active on the same Multi-Domain Server.
    PRJ-17729,
    PRHF-13278
    Security Management Upgrade may fail if a Data Center object was last modified by an Administrator with a single quote in the name.
    PRJ-19274,
    PRHF-14074
    Security Management Policy installation duration may increase due to large $FWDIR/conf/invalid_object_names.C file on the Management server. Refer to sk170427.
    PRJ-18476,
    PRHF-13644
    Security Management In some scenarios, the first environment variable configured using sk165938 is not loaded and not used by the CPM process.
    PRJ-19571,
    PMTR-60842
    Security Management In rare scenarios, on a Multi-Domain Server where Domains are using a Security Management Server configured for High Availability, initial configuration of the Security Management Server may fail with "Failed to reach peer after restart" error.
    PRJ-20135,
    PMTR-60541
    Security Management In a rare scenario, the FWM process unexpectedly exits.
    PRJ-19950,
    PRHF-14394
    Security Management The Management HA window in SmartConsole may mistakenly show the "Peer is busy" warning message for a few seconds.
    PRJ-19589,
    PRHF-12851
    Multi-Domain Management UPDATE: With this fix, mds_backup will backup the Upgrade Tools package(s) and mds_restore will restore them on a Multi-Domain Server.
    PRJ-19648,
    PMTR-62201
    Multi-Domain Management In rare scenarios, a Domain is shown in the Domains view without any Domain Server or a Domain is shown with Domain Server that was deleted and does not exist anymore. Refer to sk170556.
    PRJ-19278,
    PRHF-13977
    Multi-Domain Management In rare scenarios, Management server becomes inaccessible after Global Policy reassign operation.
    PRJ-18994,
    PRHF-13874
    Multi-Domain Management The "cplic db_print -all -x" command fails when running on the MDS level.
    PRJ-19321,
    PMTR-61346
    SmartConsole NEW: Added support for Python 3 in Management API scripts.
    PRJ-20248,
    PMTR-62490
    SmartConsole UPDATE: A pop-up warning will be displayed every time a "Custom Application" object with a performance impacting URL is edited (instead of being displayed only once).
    PRJ-18466,
    PRHF-13551
    SmartConsole In some scenarios, Staging mode IPS protections activation in the Local Domain does not match the activation in the Global Domain after a Global Threat Prevention policy assignment. Refer to sk170322.
    PRJ-18338,
    PRHF-12226
    SmartConsole When using the "set simple-cluster" Management API command to update a user defined security zone, the "Specify security zone" checkbox in SmartConsole is not selected.
    PRJ-19323,
    PMTR-60220
    SmartConsole In some scenarios, the api.csv file may show extra empty columns.
    PRJ-19203,
    PRHF-13955
    SmartConsole In some scenarios, when using the "set simple-gateway" API command with "logs-settings.forward-logs-to-log-server", it fails with "Generic server error". Refer to sk170352.
    PRJ-19535,
    PMTR-62078
    SmartConsole In some scenarios, when adding a new user certificate of type .p12 via API command, the returned certificate may be incorrect.
    PRJ-18960,
    PMTR-61418
    SmartConsole In a VPN Community with MEP configuration, the OK operation may fail with the "Update operation failed" message.
    PRJ-20787,
    PRHF-13556
    SmartConsole When the user creates an Access Role, the AD organization tree may show duplicate branches, and some branches may be missing.
    PRJ-20381,
    PMTR-62935
    SmartConsole Adding Global dynamic objects to source or destination columns of access rules on the Global Domain via Management API may fail when using the Global dynamic object names.
    PRJ-20911,
    PMTR-63302
    SmartConsole In some scenarios, deleting a policy fails.
    PRJ-18550,
    PMTR-61235
    SmartConsole In a community with Cluster VSX member, the Granular encryption window may not open and show "Unable to load page".
    PRJ-18309,
    PRJ-18307
    SmartProvisioning NEW: Added support for Threat Emulation blade on LSM profile of R81 SMB gateways and clusters.
    • Requires R81 SmartConsole Build 548 (or higher).
    PRJ-18000,
    SL-2106
    Logging NEW:
    1. Log Exporter can now schedule a recurring reconnection to the target 3rd party server periodically. This allows usage of a Load Balancer component for target servers.
    2. The target 3rd party server can be declared as a DNS name also when using UDP protocol.
    PRJ-19451 Logging UPDATE: Log Exporter read mode default was changed to Semi-unified instead of Raw mode.
    PRJ-18099,
    PRHF-7415
    Logging In rare scenarios, a log may display incorrect values in the Action and Rule field. Refer to sk170676.
    PRJ-21078 Logging In rare scenarios, the FWD process on the Security gateway may be blocked for several seconds due to processing of log attachments.
    PRJ-18405,
    PMTR-59205
    Logging FWM and\or log_indexer processes may repeatedly stop when there are more than ~500K network objects declared. Refer to sk164452.
    PRJ-19819,
    SL-4358
    Logging In rare scenarios, the log_indexer process may unexpectedly exit when reading a specific log format. Refer to sk116117.
    PRJ-19846,
    PMTR-62010
    SmartView UPDATE: Improved the time resolutions usability (formally known as samples) of the Timeline widgets.
    PRJ-20875,
    PMTR-62957
    SmartView UPDATE: To improve performance, SmartView now exports data in CSV format instead of Excel.
    PRJ-20795,
    PRHF-13973
    Security Gateway UPDATE: Service with source port in the Access rulebase will no longer disable accept templates for all connections.
    PRJ-19066,
    PRJ-18831,
    PRJ-20716,
    PRJ-20057,
    PRJ-20738,
    PRJ-20058
    Security Gateway In rare scenarios, Security Gateway memory consumption may increase.
    PRJ-18982,
    PMTR-61179
    Security Gateway In rare scenarios, Security Gateway may crash with USFW fwk core file.
    PRJ-19802,
    PMTR-62080
    Security Gateway Connectivity issues may appear due to missing proxy ARP entries on the Security Gateway.
    PRJ-19813,
    PMTR-62012
    Security Gateway In some scenarios, duplicate verification message is displayed when installing NAT policy on Security Gateways R80.40 and lower.
    PRJ-20362,
    PMTR-62876
    Security Gateway In some scenarios, DHCP traffic may be dropped after installing an accelerated policy.
    PRJ-19705,
    PMTR-62215
    Security Gateway In rare scenarios, a memory leak may occur in TOPOD process.
    PRJ-20386,
    PRHF-13431
    Security Gateway In a rare scenario, Access Control policy installation may fail after upgrade of Security Gateway from R80.10 or below to R80.20 or higher.
    PRJ-20633,
    PRHF-14378
    Security Gateway In rare scenarios, high memory consumption in CPD may occur due to a memory leak in authentication flow with an LDAP server.
    PRJ-19586,
    PMTR-61102
    Security Gateway In some scenarios, "email_unified_cmi_get_attribs: not valid caller: up_log_get_user_hash" error appears in dmesg for SMTP traffic.
    PRJ-20516,
    PRHF-14630
    Security Gateway In some scenarios, when using routing separation, connection to Management Plane via Data Plane is dropped.
    PRJ-19852,
    PRHF-14268
    Security Gateway In some scenarios, a memory leak may occur after sending a packet from the kernel.
    PRJ-20937,
    PMTR-62420
    Security Gateway In a rare scenario, policy installation may fail on timeout and "fw amw fetch" process is still running on the Security gateway.
    PRJ-18488,
    PMTR-61165
    Security Gateway In some scenarios, repeating "fwx_alloc_global_find_free_port_atomic: rtsp pending port doesn't match the same pool" errors are displayed in dmesg when using Hide NAT with VoIP.
    PRJ-20656,
    PMTR-63092
    Security Gateway Accept logs with reason "Connection terminated before detection: Insufficient data passed. To learn more see sk113479." may be wrongly generated when the matched action is user authentication and wrong username/password provided by user.
    PRJ-20901,
    PRHF-14824
    Security Gateway In some scenarios, the DNS requests from the Security gateway may fail.
    PRJ-18631,
    PRHF-11912
    Security Gateway Wrong memory (hmem) values may be reported by specific SNMP OID. Refer to sk168992.
    PRJ-19958,
    PMTR-62477
    Security Gateway Half-closed accelerated TCP connections may take too long time to expire.
    PRJ-19942,
    PMTR-61708
    Security Gateway In some scenarios, policy installation fails with "Error code 1-2000245".
    PRJ-18316,
    PRHF-12224
    Security Gateway In rare scenarios, a memory leak may occur on Security Gateway in gconn table.
    PRJ-19162,
    TEX-1482
    Threat Extraction UPDATE: Threat Extraction will no longer attempt to perform "Convert to PDF" if the file is corrupted, because the resulting files in these cases are usually unreadable.
    To reactivate this behavior, set the "enable_alternative_scrub_method" variable in $FWDIR/conf/scrub_debug.conf file to 1 and install the Security policy.
    PRJ-19194,
    TEX-1906
    Threat Extraction UPDATE: Threat Extraction ( Sanitization) will be automatically disabled when Infinity Threat Prevention mode is installed while the machine does not have enough resources (RAM).
    PRJ-18248,
    PRJ-18124
    Identity Awareness NEW: Added Identity Sharing's performance and functionality improvements. Refer to sk170516.
    PRJ-19640,
    PMTR-61982
    Identity Awareness In some scenarios, when a standby cluster member receives RADIUS accounting updates, there may be high CPU on the PDP process.
    PRJ-20863,
    IDA-3642
    Identity Awareness In some scenarios, there may be enforcement issues for MUHv2 users due to table mismatch.
    PRJ-18181,
    MBS-12220
    URL Filtering In some scenarios, the wstlsd process may unexpectedly exit and produce a core dump.
    PRJ-19042,
    PRHF-13886
    UserCheck In some scenarios, users cannot restore original attachment via UserCheck portal and receive the "An unexpected error has occurred" error message.
    PRJ-20927,
    PRHF-11733
    IPS NEW: Added ability to send connection log per application match for ATM transactions identification. The functionality is disabled by default and can be enabled by using the "up_duplicate_connection_log_on_packet_matched_app_enabled" kernel parameter.
    PRJ-19198,
    PRHF-10943
    IPS In some scenarios, a non-compliant IMAP traffic is dropped. 
    PRJ-19301,
    PRHF-13560
    IPS In some scenarios, log output shows the Origin/Source as "0.0.0.0" in VSX 3rd party IPS logs.
    PRJ-19601,
    PRHF-14259
    DLP UPDATE: Improved the DLP scans queue for a better scan rate.
    PRJ-19923,
    PRHF-14156
    DLP UPDATE: Expanded DLP postfix authentication to include NTLM to allow the Security gateway to connect to a mail servers that use the NTLM authentication protocol.
    PRJ-20097,
    PMTR-59101
    DLP UPDATE: Added support for multi-part data to DLP.
    PRJ-20935,
    PRHF-14978
    SSL Inspection The AES-NI (Intel® Advanced Encryption Standard New Instructions) status is not displayed and "dmesg | grep AES-NI" returns no output. Refer to sk170779.
    PRJ-19435,
    PRHF-13987
    SSL Inspection In rare scenarios, the DynamicID Certificate validation may fail.
    PRJ-18843,
    PRHF-13322
    SSL Inspection In rare scenarios, a memory leak may occur during policy installation.
    PRJ-21629,
    PMTR-64293
    SSL Inspection When IPv6 is enabled, the wstlsd process may consume а high CPU after booting in kernel mode causing HTTPS connections to fail for a few minutes until the CPU returns to normal.
    PRJ-17875,
    PRHF-10279
    HTTPS Inspection UPDATE: "Categorize HTTPS websites" feature enhancements when "Categorize HTTPS Sites" feature is enabled:
    • Improved enforcement of first connection when URL Filtering setting is 'Hold' mode
    • Added SNI information to connection logs when connection is matched on rule with "Extended Log"
    • Hold mode granularity
    For configuration, refer to sk173633.
    PRJ-19196 Threat Prevention NEW: Improved the way Threat Prevention distinguishes between .docx, .pptx, .xlsx and .zip files.
    PRJ-18119,
    PRHF-12737
    Anti-Malware Exported with ioc_feeds export command indicator feeds may contain user credentials. Refer to sk169035.
    PRJ-19591,
    PRJ-16924
    Anti-Malware In rare scenarios, after downloading files, Anti-Virus prevent logs appear with "Strict hold is not possible failure - Write to other side occurred" error message.
    PRJ-17439,
    PMTR-62284
    Anti-Malware In some scenarios, users may fail to access a web site with many malicious URLs.
    PRJ-20924,
    PRHF-13478
    Anti-Malware In a rare scenario, Security gateway may crash when the Threat Prevention Forensics feature is enabled.
    PRJ-18198,
    PRHF-8315
    Anti-Malware In some scenarios, multiple files called "ckp_mutex" are created on the Security Gateway.
    PRJ-19745,
    PRHF-13998
    Anti-Bot Dynamic Global Network Object usage inside a Network Group object may cause an Access Policy installation failure.
    PRJ-19205,
    PRHF-13935
    ClusterXL UPDATE: Added the option to display only monitored interfaces to "show cluster members <option>" command:
    • In Gaia Clish, run "show cluster members monitored"
    • In Expert mode, run "cphaprob -m tablestat"
    PRJ-19926,
    PMTR-58748
    ClusterXL In rare scenarios, running cphastop;cphastart may cause a cluster member to stay in "Down" state.
    PRJ-19393,
    PRHF-14115
    ClusterXL "set router active-active-mode" settings do not survive а reboot.
    PRJ-20536,
    PRHF-14728
    ClusterXL In some scenarios, data connections are dropped with "First packet isn't SYN" message on ClusterXL Load Sharing.
    PRJ-16568,
    MBS-11708
    SecureXL NEW: Added the ability to enable monitor-only mode for penalty box independently of other DOS/Rate limiting features.
    PRJ-18324,
    PRHF-13474
    SecureXL UPDATE: Drop templates can be generated for connections with matched action Reject. For additional information and configuration, refer to sk171146.
    PRJ-20056,
    PRHF-14417
    SecureXL In rare scenarios, SecureXL may crash due to NULL handling.
    PRJ-18088,
    PRHF-13507
    SecureXL SNMP may show wrong values for the number of bytes and packets accepted by Security gateway. Refer to sk170132.
    PRJ-20028,
    PRHF-14228
    SecureXL Server may not reuse the TCP connection when the user allows out of state TCP packets.
    PRJ-20051,
    PRHF-14165
    SecureXL Memory leak may occur in VPN or Active Streaming configuration.
    PRJ-19407,
    PMTR-60870
    SecureXL In some scenarios, Rate Limiting rules for DoS do not work after reboot. Refer to sk170148.
    PRJ-20105,
    MBS-11960
    Routing NEW: Added support for ISP Redundancy on Scalable Platforms Appliances.
    PRJ-19536,
    PMTR-62075
    Routing On Scalable Platforms, SSH via MAB may disconnect.
    PRJ-19630,
    PRHF-14280
    Routing ip-reachability-detection ping marks a target IP address as "unreachable" if the path goes via a VPN tunnel, although pinging this IP address directly works.
    PRJ-20445,
    ROUT-1325
    Routing The old route may be not removed when an BGP ECMP route was changed.
    PRJ-20243,
    PRHF-14562
    Routing In rare scenarios, confd or routed process may restart.
    PRJ-19464,
    PMTR-60878
    Routing Routed logs may incorrectly state that routemaps that export to OSPF cannot set the OSPF manual tag, even though the functionality works.
    PRJ-18281,
    PMTR-58528
    Routing Certain types of multicast traffic may not be handled correctly in Bridge mode.
    PRJ-18665,
    PRJ-18664
    Routing PBR does not work with VTI/VPN.
    - Gaia OS NEW: Added support for 1570R and 1600 / 1800 SMB appliances.
    PRJ-19532,
    PRJ-19531
    Gaia OS NEW: Gaia API (version 1.5) will now be deployed via Jumbo Hotfix.
    PRJ-20501,
    PMTR-62883
    Gaia OS UPDATE: OpenSSL was updated to version 1.1.1i to include the latest code fixes and security improvements.
    PRJ-20472,
    PRHF-14653
    Gaia OS In some scenarios, the Security Gateway attempts to fetch the policy from / send logs to the real IP address of the Management Server (defined in the "General Properties" section of the server object) instead of the server's NAT IP address (defined in the "NAT" section of the server object).

    Refer to sk171055 to configure the required parameter FORCE_NATTED_IP.
    PRJ-19518,
    PRA-1520
    Gaia OS The syslog messages may be spammed when the "show asset all" command is running.
    PRJ-17720,
    PRHF-13075
    Gaia OS In some scenarios, one session disconnection of RADIUS users can cause another session to loose permission when one of the session terminates.
    PRJ-20944,
    PMTR-63343
    Gaia OS Upgrade process may fail due to corrupted sic_local_cert.p12 certificate. Refer to sk171253.
    PRJ-18721,
    PMTR-60804
    Gaia OS Bond interface in XOR mode or 802.3AD (LACP) mode may experience suboptimal performance, if on the Bond interface the Transmit Hash Policy is configured to "Layer 3+4" and Multi-Queue is enabled.
    PRJ-18773,
    PMTR-61381
    VPN NEW: Added Remote Access VPN performance improvement.
    PRJ-19717,
    PMTR-60976,
    VPNS2S-1335
    VPN NEW: Added VPN command line mechanism stability enhancement and VPN improvements in IKEv2.
    VPNS2S-1482 VPN NEW: Added new display of vpn tu tlist command for DAIP gateway.
    PRJ-19248,
    PMTR-62158
    VPN NEW: Added CPDIAG (on/off) for IKE negotiations per community feature.
    PRJ-21123,
    PRHF-10420
    VPN Access roles do not recognize Remote Access SNX CLI clients.
    PRJ-19672,
    PMTR-61913
    VPN In some scenarios, Remote Access Endpoint client disconnects after roaming from Visitor Mode to NAT-T.
    PRJ-20869,
    PMTR-56565
    VPN In some scenarios, the VPND process keeps re-downloading the same CRL, which can cause performance issues.
    PRJ-20523,
    PRHF-14766
    VPN In a rare scenario, the FWM process unexpectedly exits when enrolling a certificate using the SCEP protocol.
    PRJ-20276,
    PRHF-14308
    VPN In a rare scenario, a memory leak may occur when RASession_util is active.
    PRJ-20949,
    PMTR-63287
    VPN In some scenarios, L2TP clients disconnect from the Security gateway after 10 minutes of the connection.
    PRJ-20640,
    PMTR-63280
    VPN In some scenarios, the VPND process may unexpectedly exit.
    PRJ-19425,
    PRHF-13784
    VPN In some scenarios, the VPND process unexpectedly exits with Segmentation fault.
    PRJ-20334,
    PMTR-62776
    VPN Security gateway may crash when you install policy on a MAB gateway and a policy file is corrupted.
    PRJ-20082,
    PRHF-12828
    VPN Connectivity issue may appear between Check Point Gateway and 3rd party device in MEP DPD configuration when 3rd party device is defined as Central Gateway in MEP. Relevant error message: "Failed to resolve VPN MEP gateway".
    PRJ-18504,
    PMTR-60820
    VSX UPDATE: Added support for VSX SecureXL tabs on CPView. Refer to sk167903.
    PRJ-20567 VSX IPv6 traffic and multicast IPv4 may not work with Virtual Switch (VSW).
    PRJ-20123,
    PMTR-62387
    VSX In VSX environment, Generic Data Center objects are not enforced on the VSX members.
    PRJ-20284,
    PRHF-14543
    VSX In some scenarios, SNMP v3 users are not recognized on VSX when SNMP is in VS mode. The "Unknown user name" error message is displayed. Refer to sk170993.
    PRJ-20597,
    PRHF-14400
    VoIP VoIP’s RTP can cause overload on global instance (CoreXL instance 0).
    PRJ-18979,
    PRHF-12691
    VoIP SIP parser may cause the wrong RTP dynamic connection to be opened. Refer to sk169373
    PRJ-18971,
    PRJ-17805
    IoT NEW: Added IoT support to Multi-Domain Security Management.
    • Requires R81 SmartConsole Build 549 (or higher).
    PRJ-20905,
    PMTR-59281
    Endpoint Security NEW: Added support for new Push Operations - Host Isolation and Host Release from isolation.
    PRJ-20990,
    PMTR-61783
    Endpoint Security NEW: Added support for new Push Operation - Remote Uninstall for Endpoint Client.
    PRJ-20394 Endpoint Security UPDATE: Updated Endpoint Web Docker Image.
    PRJ-19400,
    PRHF-14139
    Endpoint Security Attempt to move members from one group to another using Endpoint Server command line operations fails.
    PRJ-20778,
    PMTR-63041
    Endpoint Security The "Sent to Client On" column is empty in SmartEndpoint >Reporting > Push Operations even if push operation was completed successfully.
    PRJ-19772 Endpoint Security Database size may increase exponentially because dynamic packages are packed into exported .tgz using migrate_export. 
    PRJ-20639,
    MBS-10278
    Scalable Platforms NEW: Added full support for Gaia Backup.
    PRJ-20895,
    MBS-12714
    Scalable Platforms On Maestro / Scalable Platforms, users may disconnect after several attempts due to bad forwarding in TCPT flow.
    PRJ-20749,
    MBS-12642
    Maestro Gaia scheduled backup fails to run and the /var/log/messages file contains the error "scheduled_backup: SGM isn't SMO, skipping scheduled backup". Refer to sk170925.
    PRJ-20140,
    PMTR-62718
    Maestro "Packet Capture was not found" error when clicking the "View Packet Capture" link in the IPS log.
    R81 Jumbo HotFix - Ongoing Take 11 (26 January 2021)                   
    PRJ-21382,
    PMTR-62199
    Security Management Accelerated Policy installation may fail when a Custom Application is used in Access Control policy, URL Filtering blade is enabled and Application Control blade is disabled on the selected gateway.
    PRJ-18511,
    PMTR-61232
    SmartConsole In a rare scenario, automatic NAT rules are not visible in SmartConsole. This may cause policy installation failure. Refer to sk171395.
    R81 Jumbo HotFix - Ongoing Take 10 (14 December 2020)                   
    PRJ-18770,
    PRHF-13728
    Security Management NEW: Improved FWM process performance during policy or database installation.
    PRJ-19096,
    PMTR-61758
    Security Management Fetch policy on Security gateway may fail after installing Accelerated policy on it.
    PRJ-19137,
    PMTR-61781
    Security Management In some scenarios, policy installation may fail with verification errors when the installation is accelerated.
    PRJ-18392,
    PMTR-60541
    Security Management In a rare scenario, the FWM process unexpectedly exits. 
    PRJ-19085,
    PRHF-13972
    Security Management In some scenarios, HA synchronization may fill up the disk space of a standby Management Server. Refer to sk168492.
    PRJ-18493,
    PRHF-13681
    Security Management In rare scenarios, a policy installation task may never complete.
    PRJ-18955,
    PRHF-13948
    Security Management Policy verification may fail with error "For security gateways R80.40 and higher, rules that use Access Roles can only have ‘Any Traffic’ or ‘RemoteAccess’ in the VPN column"
    PRJ-18818,
    PRHF-13819
    Security Management Management HA synchronization between Multi-Domain Management Servers may fail with "Failed to import data" error due to manual or automatic updates of contracts.
    PRJ-18945,
    PMTR-61616
    Security Management In rare scenarios, FWM process may unexpectedly exit after a login attempt to the Management server.
    PRJ-18908,
    PMTR-61579
    Multi-Domain Management In some scenarios, size of MDS backup file increases after each policy installation.
    PRJ-19072 SmartConsole NEW: Added ability to view policies, objects and logs from the new Web SmartConsole. Refer to Take 24 sk170314.
    PRJ-16059,
    PRHF-12395
    SmartConsole In some scenarios, certain Gateways do not appear in the IPS Core protections list. Refer to sk168474
    PRJ-18350,
    PRHF-13223
    SmartConsole When removing an object from a group using the “groups” field of the object’s module in the Ansible collection, the group will not be changed and Ansible will show that no changes are needed.
    PRJ-20142,
    PMTR-60372
    SmartConsole Duplicate central licenses may be added to the management database. In some rare scenarios, this may lead to heavy load on the FWM process and prevent login.
    PRJ-18554,
    PMTR-60476
    SmartConsole After enabling the Endpoint Policy Management blade on the Security Management Server, some views on SmartConsole may not load properly and SmartClient may disconnect.
    PRJ-16978,
    PRHF-12928
    SmartConsole In some scenarios, some Web APIs fail with "Script stopped running due to severe error!" message when SMB gateway is defined as a policy target. Refer to sk169557.
    PRJ-17644,
    PRHF-13379
    SmartConsole When creating a user with Check Point password authentication through the Management API, log in to Mobile Access portal may fail. Refer to sk170412.
    PRJ-15815,
    PRHF-12352
    SmartConsole In some scenarios, Management API does not start automatically after restart, although automatic start is enabled. Refer to sk168332.
    PRJ-18383,
    PRHF-13609
    SmartConsole In some scenarios, running an action on a ROBO Gateway behind NAT does not work during sync on SMB appliances.
    PRJ-18366,
    PRHF-12819
    SmartConsole Enabling Threat Prevention policy may fail with validation errors when the policy's targets include cluster members running a version lower than R80.10.
    PRJ-17483,
    PRHF-12997
    SmartProvisioning In some scenarios, when recreating a ROBO object with the same name, the new object receives the previous status.
    PRJ-18953,
    PRJ-18833
    Security Gateway In rare scenarios, Security Gateway memory consumption may increase.
    PRJ-18931,
    PMTR-61541
    Security Gateway NAT may not work properly when Domain objects are used in the Translated Destination column.
    PRJ-19177,
    PMTR-61822
    Security Gateway Connections may be wrongly matched on Domain or Updatable objects used in Security policy.
    PRJ-19004,
    PRHF-13892
    Security Gateway In some scenarios, when using routing separation, connection from data plane to management plane is dropped.
    PRJ-18685,
    PMTR-56181
    Security Gateway In some scenarios, compilation errors during policy installation are ignored instead of immediately failing the policy. This may cause drops on the Security Gateway.
    PRJ-17806,
    PRHF-12119
    Anti-Malware In a rare scenario, Security gateway may crash after a match of the Anti-Bot blade.
    PRJ-19107,
    IDA-3240
    Identity Awareness NEW: Performance optimization for Identity broker.
    PRJ-18443,
    PMTR-59795
    DLP In a rare scenario, "SEC Filings - Draft or Recent" Data Type in DLP is not properly enforced.
    PRJ-18826,
    PRHF-13605
    HTTPS Inspection The user may not be able to browse with Chrome when using mixed chain with ECDSA subordinate CA in HTTPS Inspection. Refer to sk170332.
    PRJ-17828,
    PRHF-13029
    SecureXL In some scenarios, CPView may show incorrect statistics for VPN encrypted/decrypted packets.
    PRJ-18027,
    PRHF-13480
    Routing SNMP queries for bgpPeerFsmEstablishedTime return an incorrect constant value. Refer to sk170074.
    PRJ-18530 Gaia OS NEW: Added Jumbo Hotfix for Scalable Platforms support. Refer to sk169954.
    This Jumbo Hotfix Take is mandatory for Scalable Platform installation. 
    PRJ-19156,
    PMTR-61729
    Gaia OS NEW: Allow Amazon Web Services (AWS) to modify partitioning via lvm_manager.
    PRJ-18242,
    PRHF-13451
    Gaia OS "cphaprob -h" shows wrong explanation for "cphaprob show_bond [<bond_name>]" command.
    PRJ-19331,
    PRHF-14073
    Gaia OS In some scenarios, login from data plane context fails (no connectivity to server).
    PRJ-19150,
    PMTR-57495
    Gaia OS "Docker0" bridge interface with assigned IP address from class B private pool may appear in the system, causing routing issues.
    PRJ-19051,
    PRHF-13949
    Gaia OS In some scenarios, when using routing separation, modifying interface IP address fails.
    PRJ-18068,
    PMTR-59437
    VPN NEW: Added Remote Access VPN performance improvements.
    PRJ-19165 VPN UPDATE: Added support for fetching CRL through proxy in Site to Site VPN configuration.
    PRJ-18535,
    PMTR-61276
    VPN In rare scenarios, when a Wire-Mode is configured on a community, it may cause a Security gateway from another community not to accelerate connections in SecureXL.
    PRJ-18167,
    CRYPTOIS-661
    VPN In some scenarios, Security Gateway Portals and Remote Access VPN clients show wrong certificate after certificate renewal. Refer to sk131212.
    PRJ-18733,
    PMTR-61360
    VPN In some scenarios, userspace cores may appear on Security gateways with enabled AES-GCM-256 and AES-256 VPN encryption. Refer to sk169417.
    PRJ-18313,
    PMTR-60933
    VPN "Decryption failed" drop logs may appear under heavy VPN load for accelerated tunnels using SHA 384 or SHA 512 Ciphers.

    Installation Instructions

    Procedure:

    • Show / Hide instructions for installation in Gaia Portal - using CPUSE (Check Point Update Service Engine)

      • Offline installation

        Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").

        1. Install the latest build of CPUSE Agent from sk92449.
        2. Connect to the Gaia Portal on your Check Point machine and navigate to Upgrades (CPUSE) section - click on Status and Actions.
        3. In the upper right corner, click on the Import Package button.
        4. In the Import Package window, click on Browse... - select the CPUSE package (either offline TGZ file, or exported TAR file) - click on Import.
        5. Above the list of all software packages, click on the Showing Recommended packages button - select All.
        6. Select the imported package Check Point R81 Jumbo hotfix T<number> for sk170114 - click on More button on the toolbar - click on Verifier (or right-click on the package and click on Verifier).
        7. Select this package and click on Install Update button on the toolbar.


    • Show / Hide instructions for installation in Gaia Clish - using CPUSE (Check Point Update Service Engine)

      For detailed installation instructions, refer to CPUSE - Gaia Software Updates (including Gaia Software Updates Agent) - section "(4) How to work with CPUSE".

      • Offline installation

        Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").

        1. Install the latest build of CPUSE Agent from sk92449.
        2. Connect to command line on target Gaia OS.
        3. Log in to Clish.
        4. Acquire the lock over Gaia configuration database:
          HostName:0> lock database override
        5. Import the package from the hard disk:
          HostName:0> installer import local <Full_Path>/<Package_File_Name>.TGZ_or_TAR
        6. Show the imported packages:
          Note: Refer to the top section "Hotfixes" - refer to "Check Point R81 Jumbo hotfix T<number> for sk170114"
          HostName:0> show installer packages imported
        7. Verify that this R81 Jumbo Hotfix Accumulator package can be installed without conflicts:
          HostName:0> installer verify <Package_Number>
        8. Install the imported package:
          HostName:0> installer install <Package_Number>

     

    Uninstall Instructions

    Important Note: This Jumbo Hotfix Accumulator removes all its packages during uninstall.

      Procedure:

       

      Revision History


      Show / Hide revision history

      Date Description
      17 Jan 2022 Released Take 56 of R81 Jumbo Hotfix Accumulator
      29 Dec 2021
      • Released Take 51 of R81 Jumbo Hotfix Accumulator.
      • SmartConsole package has been updated to Build 556
      21 Oct 2021 Updated the Important Notes section
      12 Oct 2021 Take 44 of R81 Jumbo Hotfix Accumulator moved to General Availability
      06 Oct 2021 Added PRJ-26981 to Take 42
      04 Oct 2021 Published List of upcoming resolved issues
      29 Sep 2021 Released Take 44 of R81 Jumbo Hotfix Accumulator
      19 Sep 2021 Updated the Important Notes section
      01 Sep 2021
      • Released Take 42 of R81 Jumbo Hotfix Accumulator
      • SmartConsole package has been updated to Build 553
      31 Aug 2021 Updated the Important Notes section
      16 Aug 2021 Added PRJ-22016 to Take 25
      28 Jul 2021 Added PRJ-20570 to Take 34
      26 Jul 2021
      • Take 36 of R81 Jumbo Hotfix Accumulator moved to General Availability
      • Updated the Important Notes section
      25 Jul 2021 Added link to General Availability Jumbo Takes Download Archive
      20 Jul 2021 Published List of upcoming resolved issues
      19 July 2021 Released Take 36 of R81 Jumbo Hotfix Accumulator
      29 Jun 2021 Take 29 of R81 Jumbo Hotfix Accumulator moved to General Availability
      27 Jun 2021
      • Released Take 34 of R81 Jumbo Hotfix Accumulator
      • SmartConsole package has been updated to Build 552
      24 May 2021 Released Take 29 of R81 Jumbo Hotfix Accumulator
      09 May 2021 Updated the Important Notes section
      02 May 2021 Published List of upcoming resolved issues
      26 Apr 2021 Released Take 27 of R81 Jumbo Hotfix Accumulator
      18 Apr 2021 Updated the Important Notes section
      08 Apr 2021
      • Released Take 25 of R81 Jumbo Hotfix Accumulator
      • SmartConsole package has been updated to Build 550
      05 Apr 2021 Take 23 of R81 Jumbo Hotfix Accumulator moved to General Availability
      25 Mar 2021 Released Take 23 of R81 Jumbo Hotfix Accumulator
      17 Mar 2021
      • Updated the Important Notes section
      • Published List of upcoming resolved issues
      01 Mar 2021 Released Take 17 of R81 Jumbo Hotfix Accumulator
      08 Feb 2021
      • Released Take 13 of R81 Jumbo Hotfix Accumulator
      • SmartConsole package has been updated to Build 549
      26 Jan 2021 Released Take 11 of R81 Jumbo Hotfix Accumulator
      21 Dec 2020
      • Updated the Important Notes section
      • Published List of upcoming resolved issues
      14 Dec 2020 First release of R81 Jumbo Hotfix Accumulator - Take 10

      Give us Feedback
      Please rate this document
      [1=Worst,5=Best]
      Comment