Support Center > Search Results > SecureKnowledge Details
Check Point R81.10 Resolved Issues Technical Level

This article lists all new features and issues that have been resolved in Check Point R81.10 GA.


Table of Contents

  • Installation and Upgrade
  • Gaia OS
  • Security Management
  • SmartConsole / Management Console
  • Logging / SmartLog / SmartView
  • SmartEvent
  • Compliance
  • Threat Prevention
  • Cluster
  • VSX
  • Dynamic Routing / Advanced Routing
  • Small Office Appliances

List of Resolved issues, New Features and Enhancements in R81.10 GA

Enter the string to filter the below table:

ID Symptoms
Installation and Upgrade
NEW: Added ability to upgrade the Security Management Server from R80.20 to R81.10 in an R80.20 Multi-Domain Server environment, where a Domain and an R80.20 Security Management Server are configured for High Availability.
Gaia OS
PMTR-63096 NEW: Added the ability to configure Ciphers and Message Authentication Codes (MAC) for the Gaia OS built-in OpenSSH Server in Gaia Clish.
  • To configure a Cipher, run: set ssh server cipher VALUE {off | on}
  • To configure a MAC, run: set ssh server mac VALUE {off | on}
  • To see the list of the supported Ciphers in the installed OpenSSH server, run: show ssh server cipher supported
  • To see the list of the enabled Ciphers, run: show ssh server cipher enabled
  • To see the list of the supported MACs in the installed OpenSSH server, run: show ssh server mac supported
  • To see the list of the enabled MACs, run: show ssh server mac enabled
PMTR-63821 NEW: Added new Gaia Clish commands to configure and monitor the TLS version used by the Gaia Portal:
  • show ssl tls enabled
  • show ssl tls supported
  • set ssl tls <Version> off
  • set ssl tls <Version> on
PMTR-65666 NEW: Added the ability to configure the access to Gaia REST API for specific users.
In Gaia Portal:
  1. Go to User Management > Users.
  2. Add a new user or edit an existing user.
  3. In the Access Mechanisms section, select or clear Gaia API.
  4. Click OK.
In Gaia Clish, run:
  1. add rba user <Username> access-mechanisms Gaia-API
  2. delete rba user <Username> access-mechanisms Gaia-API
PMTR-66342 Enhancement: Gaia Portal uses TLS 1.2 by default. If a client does not support TLS 1.2, then Gaia Portal uses TLS 1.x versions.
PMTR-62519 Enhancement: The /usr/local/apache2/logs/access_log file is now rotated when its size reaches 1GB. This log file was added to the /etc/cpshell/log_rotation.conf configuration file (see sk113241).
PMTR-63097 Enhancement: Added the SNMP OID to return the current number of entries in the ARP table:
PMTR-60804 Bond interface in XOR mode or 802.3AD (LACP) mode may experience suboptimal performance, if on the Bond interface the Transmit Hash Policy is configured to "Layer 3+4" and Multi-Queue is enabled.
On a CloudGuard Security Gateway for Google Cloud Platform (GCP), KVM, or OpenStack, outputs of these commands show empty RX and TX statistics for VirtIO:
# ethtool -S <name of interface that uses the 'virtio' driver>
# cat /proc/interrupts
# mq_mng --show -v
Security Management
NEW: Added support for SmartConsole "Extensions" feature when SmartConsole connects to the secondary IP address of the Management Server.
PMTR-54256 When activating Endpoint Web Management, audit logs have many login and logout events by these users: internal, sessionmanager, cachemanager, healthcheck.
SmartConsole / Management Console
PMTR-60476 SmartConsole may hang in a loading state after enabling the Endpoint Policy Management Software Blade in the Security Management Server object and navigating to another tab.
PMTR-59400 "Publish failed due to session validation errors. Resolve the errors shown in the validation pane and publish again." error in SmartConsole.
The "Validations" pane shows "No items found".
PMTR-24110 The "Lockout administrator's account after X failed authentication attempts" setting affects only the main SmartConsole application.
For Legacy GUI client applications, SmartEvent servers and Log Servers, administrator accounts are not locked out after multiple failed login attempts.
Logging / SmartLog / SmartView
PMTR-44569 UPDATE: Log server now supports up to 2700 Gateways (previously 1024).
PMTR-54949 UPDATE: In the Endpoint Web Management portal, no error message is displayed if SmartEvent is not activated.
Compliance Blade regulation reports do not contain the Best Practices themselves.
Threat Prevention
PMTR-70013 In some scenarios, the /tmp/ directory on the Security Gateway / Cluster Member may contain a large number of empty sub-directories with the names that start with "pymp-". Refer to sk173930.
PMTR-63078 Enhancement:
  • Added support for a Virtual IPv4 Address on Loopback interfaces.
  • Added support for a Virtual IPv6 Address on Loopback interfaces.
PMTR-59990 GRE traffic fails to pass through a cluster after all cluster members are rebooted. For more information, see sk169672.
PMTR-59810 NEW: Added support for Dynamic Balancing on VSX Gateways and VSX Clusters.
PMTR-59845 Installation or upgrade of Mobile Access Portal Agent on an end-user's computer may fail on a VSX Gateway or VSX Cluster. For more information, see sk169614.
Dynamic Routing / Advanced Routing
PMTR-64578 NEW: Added support for the BGP local-address in ClusterXL.
PMTR-47725 On a Security Gateway that is configured with DHCP relay and automatic Hide NAT for the network(s) that the DHCP requests come from, DHCP offers are dropped at the gateway.
This message shows: fw_log_drop_ex: Packet proto=17 -> dropped by fw_conn_inspect Reason: post lookup verification failed;
Small Office Appliances
In Small Office appliance policy installation, services that are manually configured with INSPECT code including the definition "CALL_XLATE_FOLD_FUNC (..." will cause a policy installation failure.

Give us Feedback
Please rate this document