Support Center > Search Results > SecureKnowledge Details
R71.10 Known Limitations
Solution

This article lists all of the known limitations of R71.10.

This is a live document that may be updated without special notice. We recommend registering to our weekly updates in order to stay up to date. To register go to UserCenter > My Profile > My Subscriptions.

Important notes:

  • This release includes all limitations from R71, unless listed as solved in R71.10 Resolved Issues.
  • To get a fix for an issue listed below contact Check Point Support with the issue ID.
  • To see if an issue has been fixed, search for the issue ID in Support Center.

For more information on R71.10, refer to R71.10 Release Notes and to R71.10 Resolved Issues.

Note: A valid support account is needed in order to access these solutions.

Visit our discussion forums to ask questions and get answers from technical peers and Support experts.
Popular forums:

 

ID Symptoms
Security Gateway
Upgrade
00642325 WebUI upgrade from R65 HFA_50 to R71.10 fails.
Kernel
00659326, 00661649
Memory leak at 'csi_create_new_state'.
00732975, 00734387
IP1280 Security Gateway (R71.10), in IPSO Load Sharing cluster, crashes/reboots after running debugs.
Services
00754970, 00754012
Segmentation fault occurs on sendmail, if file to read does not exist.
Policy Installation
00623452
When more than one instance of a Dynamic Object run simultaneously, $FWDIR/database/dynamic_objects.db file was corrupted.
01056265 File descriptor leak in CPD.
Policy Compliance
00621257 CPD crash due to ICS update.
CoreXL
00647556
Passive FTP data connection on VoIP ports (1720, 2000) is dropped when CoreXL enabled.
SecureXL
00648120, 00259650
SecureXL crashes on Crossbeam cluster.
01005615 Endpoint client fails during policy installation when SecureXL is enabled.
QoS
00645493
QoS causing machine to crash when pushing policy to Security Gateway.
Abra
00558077 FTP through Abra is supported only on SecurePlatform.
00559956 After upgrading a standalone Security Gateway with the advanced upgrade (export-import) option from a version lower than R71 to R71.10, Abra VPN client fails to connect. To prevent this problem, perform these steps:
  1. Before running the import, copy $FWDIR/conf/service_modules.C to a temporary location, e.g. /home/admin/service_modules.C
  2. Run the import.
  3. Copy the file from the temporary location to $FWDIR/conf/service_modules (overwrite the imported file).
00664168, 00658837
Abra Secure Workspace policy not copied on synch between HA management members.
SNX
00629592
SNX fails to authenticate using a certificate PrincipalName. Contact Check Point Support to get a Hotfix for this issue. A Support Engineer will make sure the Hotfix is compatible with your environment before providing the Hotfix.
IPSec VPN
00576549 RDP probing responses from non-locally managed gateways are dropped. See sk54901: RDP probing replies dropped from Externally managed VPN gateways.
00594640

Allowing HT to replace string with another one and run translation on it.
New HT configuration parameter was added : CvpnHTAddStringForReplaceAndTranslate "original string" "translated string". (This is a solution in case one needs to replace original url that depends on some parameter with several urls and then run hostname translation on all of those urls.

  • The original string cannot start with " or http.
  • Both strings can contain " but you have to put \ before it.
  • The translated string cannot end with the url path, you must put some character, even "" (space) after it.
00636308 When client using Vistor Mode sends IPSec encrypted traffic to NATed Security Gateway, the Security Gateway does not recognize that the packet is intended for it.
00632264 When client sends Tunnel Test packet to NATed Security Gateway, the Security Gateway does not recognize that the packet is intended for it.
00833986,
00835824,
01101966,
01104905,
01379596,
01379730,
01461368
VPND daemon might crash during policy installation. See sk102716.
00846431 Packet loss for Endpoint Connect and traffic latency.
01037763 'libcpauth' library files (along with several other 'cpagent' library files) was not replaced by R71.10 installation.
SSL VPN
00588490
Parts of web application cannot be seen correctly. SSL VPN UT link translation ignores links specific for IE browsers, when those links are in a comment, e.g. <!--[if IE 7]>
00640296 SSL VPN blade problem in UT link translation mode. Cookies are not send to internal host if it uses a non-standard port. This can cause several web applications, including Citrix, not to work. Citrix enters into a loop and sends the client detection page time after time.
00774053 Links that start with https:\\\\u002f\\\\u002f are not translated. If you use HT link translation and the page is part of a SharePoint application, it may contain links starting with https:\\\\u002f\\\\u002f, or http:\\\\u002f\\\\u002f. Those links will not be translated and the user will be redirected in clear, or will get a DNS error.
IPS
00785233
Scheduled IPS updates install policy to all gateways, not just selected gateways.
00832538 Unable to create 'sdstat' report.
00853204 Temporary bypassing of IPS due to resources shortage.
AV Integration
00780003
CPD process consumed 100% CPU while performing a URL Filtering signatures update.
01176835,
01177121,
01177120,
01177119,
01177118
Policy installation fails after several months of uptime of Security Gateway with enabled Traditional Anti-Virus. See sk93189.
ClusterXL
01069501
Rare FWD crash resolved.
Security Management
SmartConsole
00814794 Customer cannot open GUI to SmartCenter via bond/vlan tagged interface from external network.
00528574 After establishing SIC or during policy verification, you might get an error message: "Incorrect reply from server. Command: private-db-dirty-check." The message can be ignored. See sk44508.
01346350,
01347657,
01347658
In SmartDashboard, when entering Gateway Properties: 'Mobile Access > Portal Settings', see error message: "Hostname is resolved to a different IP".  After replacing certificate and than clicking "OK", SmartDashboard crashes.
Daemons
00745405, 00745470
Topology fetch incomplete (interface with topology) on UTM-1 when using the default interface name: "Internal". (fwm)
Upgrade
00596547
After upgrading SmartCenter from R65 HFA70 to R71.10, not able to push policy to Edge Object.
Provider-1
00610529
While trying to connect to a CMA via Smart DashBoard the user gets an error: "Can not load CPMI object from 'network-object' table". This happens when a CMA Admin (not superuser) attempts to disconnect the Admin currently connected to the SmartDashboard.
00660372, 00660949
After cma_migrate, CMA disappears from MDS database. This occurs after the first start for a management exported from versions R70.xx or R71.xx.
Smart-1
00621016 After upgrading Smart-1 25 from R70.20 to R71.10, status of Case Fan Speed is displayed as High in 'WebUI > Hardware Sensor'. According to user, real Case Fan Speed seems normal.
00834094 Restore process on SecurePlatform might succeed even though it should fail.
SmartProvisioning
00646868, 00649933
SmartProvisioning to Edge sets incorrect NTP update message on R71.10
00752270, 00752401
Memory leak in fwm, related to Provisioning functionality.
00762584, 00764202

Harmless error message in $CPDIR/log/cpd.elg on Standby member of UTM-1 Full HA cluster :

CpmClientMgr::OnError(), result=-2147215817 [Management Server Not Active]
CCPMIDatabaseClient::HandleOpenDb - returns OPSEC_SESSION_END on error -2147215817

00918988 SmartProvisioning hangs during search.
SmartUpdate
00557913 Upgrading Security Gateways using SmartUpdate to R71.10 will result in an error if you attempt to add the gateways as members to a cluster.
Workaround: Before adding the new upgraded gateways to a cluster, delete the existing gateway objects in SmartDashboard, create new ones and then add them to the cluster.
00560641 Each product that is installed using the R71.10 full release package, has 2 lines in SmartUpdate. The first line shows R71 in the Major Version column and the second line shows R71 in the Major Version column and R71_10 in the Minor Version column.

When using SmartUpdate to uninstall an R71.10 product that was installed with the full release package, you must select the line that only has R71 in the Major Version column. Do not select the line that has both R71 in the Major Version column and R71_10 in the Minor Version column because it will cause the uninstallation to fail.

When using SmartUpdate to uninstall an R71.10 product that was upgraded from R71, selecting either line will successfully uninstall the product.
00560663

In Provider-1, sometimes, when selecting "Get Gateway Data" in SmartUpdate, the packages of the gateway disappear in the GUI.

The missing packages reappear once you select "Get Gateway Data" again.

Reporting Tool
00647211, 00649675
Inconsistent Anti Spam reports.
00820724 User tries to generate report with "per gateway" option and receives error message:
"Generator process terminated abnormally."
According to genInfo, it fails in 'Active Policy Analysis'.
SmartView Monitor
00853202
SmartViewMonitor shows AV signature is empty on Full HA UnifiedWall Standby member.
Logging
00917171
Log was generated and sent with an uninitialized rule number.
Other Platforms and Products
SecurePlatform
00561047 When upgrading to R71.10 from a CD, the upgrade package version shown in "patch add CD" is R71.
00616083 Unable to install SecurePlatform R71.10 on IBM x3850 M2.
00732936,
00733468,
00733481,
00733485,
00787576,
00827602
Quering SNMP OID tree .1.3.6.1.4.1.2021.4 (memory statistics) returns incorrect results. See sk42811.
Upgrade Tools
00561181 When exporting a Security Management server's database that was upgraded with an HFA/minor version from Windows to SecurePlatform/IPSO/Solaris, perform these steps to avoid import failure:
  1. cpstop
  2. Convert the text file %FWDIR%\conf\objects_5_0.C to Unix format (either transfer the file to SecurePlatform/Solaris, run 'dos2unix objects_5_0.C' and transfer the converted file back, or perform the conversion using tools available in Windows).
System Status
00615363

On IPSO 6, 'cpstat -f memory os' command returns erroneous values ("real free" larger than "real memory"). (This is only an IPSO 6 issue). See sk58160.

This solution is about products that are no longer supported and it will not be updated

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment