Support Center > Search Results > SecureKnowledge Details
R71.30 Known Limitations Technical Level

This article lists all of the known limitations of R71.30.

This is a live document that may be updated without special notice. We recommend registering to our weekly updates in order to stay up to date. To register go to UserCenter > My Profile > My Subscriptions.

Important notes:

For more information on R71.30 see the R71.30 Release Notes, R71.30 home page and R71.30 Resolved Issues.

Visit our discussion forums to ask questions and get answers from technical peers and Support experts.
Popular forums:

Table of Contents

ID Symptoms
Security Management
00621804 The SNMP thresholds policy is not included in the database revision. You can not revert the SNMP thresholds policy when you revert to an older database revision.

Use the threshold_config utility to save a revision of the SNMP thresholds policy.

00616175 Synchronization between management peers does not update the SNMP thresholds policy. Policy installation installs the SNMP thresholds policy of the active Management Server.

Use the threshold_config utility to export the SNMP thresholds policy from the primary Management Server and import it into the secondary Management Server.

00664562 Policy install on SG80 cluster fails with error:
"/opt/CPSG80CMP-R71/conf/<policy_name>.pf", line xxx: ERROR: target <SG80_member_name> is prohibited.
00831322 Router load reports success by tftp, but actually has failed.
01114172 FWM process crashes in rare cases when initializing SIC with new Security Gateway.
01142116, 01144580, 01144581, 01144582, 01149605, 01379922, 01563920, 01657359
If policy contains several thousand host objects and network objects, memory consumed by the FWM daemon might exceed the 2GB limit, which can cause the FWM daemon to crash.
Refer to sk106340.
Global policy reassign installs incorrect policy. 
When both SmartDashboard and SmartProvisioning are open in R/W, deleting ROBO or Edge object partially fails with "Deleting SmartLSM Gateway Failed" popup.
00760942 SmartProvisioning shows Edges in an "Error" state in the Device Status diagram and in the Devices tab, when filtering by Provisioning Error Status.
Check Point Mobile for iPhone and iPad
00624534 The Link Translation Domain feature is not supported with iPhones. Disable Link Translation Domain on Mobile Access gateways before you connect to them with the iPhone App.
00573299 If this supplement is installed, the Mobile Access portal supports username and password authentication only.
00597730 Interactive Simultaneous Login Prevention (SLP) is not supported.
00568280 Application protection levels that include authentication settings are not supported.
SmartView Monitor
00628009 The interface thresholds only monitor interfaces that have an assigned IP address.
00630457 For CMAs that were created after the upgrade to R71.30, SmartView Monitor shows the values in the Threshold view as "wait".

To change this:

  1. Run: mdsstop
  2. To enter the cma environment, run: mdsenv <cma_name>
  3. Run: cd $MDS_TEMPLATE/bin
  4. Run: install_snmp_thresholds
  5. Run: mdsstart
00637262 Last policy install name and install time in Smart View Monitor Alerts is not changing after multiple policy install.
00825929 A user with Read-Only permissions can stop cluster members via SmartView Monitor.
00838278 SmartView Monitor > Tunnels on Gateway > 'To' filter does not show Edge objects.
SSL Network Extender
00630361 After you upgrade your Security Gateway to R71.30, SNX automatically updates to the latest version when users connect to the gateway. On Mac OS 10.6, SNX also updates after every reboot.
Refer to sk60410.
00630318 If you have SmartEvent enabled on a Security Management server, before you restore a version in Database Revision Control you must run cpstop and cpstart on the Security Management server.

If you do not run cpstop and cpstart, the SmartEvent configuration is removed.
00869541 Mails from Automatic Reaction are getting Java error.
00630478 On SecurePlatform, when you uninstall the R71.30 upgrade package, the CVPN HFA package is not uninstalled. To uninstall the CVPN HFA package, run: /opt/CPcvpn-R71/uninstall_cvpn_HOTFIX_R71_30
00864383 CLIGATED crashes with core.
Querying tree . (memory statistics) returns incorrect results.
Refer to sk42811.
00631943 If you Assign a Global Policy on a Customer before you save any policy on its active CMA, SmartDashboard shows a message, when you login to the CMA, for you to create a new policy package.
If you see this message, create a new policy package. To work with the Standard package that already exists on the CMA, copy policies from the new package to the Standard package (File > Copy Policy To Package).
00522683 In Provider-1 environments that use either standalone log servers or Security Management backup servers, R71.30 should be installed on all MDSs, Log servers and Security Management servers. In addition, the minor version needs to be activated on the CMAs/CLMs.
00656723 Issue in the GUI with a Read Only user, if you click on IPSEC VPN, then Advanced on the General page, you get stuck on a dialogue which is all greyed out and then you cannot exit the dialog or the GUI.
00753105 Improving stability of FWM on CMA.
00737538 CPD could crash on Provider-1 when using Anti-Virus updates.
00759031 In MDS and MLM environment, when creating new CLM, the change is not saved in the CMA database.
01075551 CMA's FWM crashing during Database Revision creation.
VPN tunnels randomly select the incorrect external interface, when specifically defined under VPN link selection.
00651439 VPN traffic is dropped if drop templates are enabled AND implied rules are disabled.
00741903 Authentication failed if "VPN-1 Embedded devices defined as Remote Access" added to RA community.
00835925 Wrong cookie is send by VPN to CVPND during SNX connection. This can cause CVPND to crash.
Connection to SNX portal using fails.
VPND Core Dump observed on R71.30 gateway.
Clientless VPN
00648263 ActiveSync with MS Win Mobile will not work if two-factor authentication is configured. Contact Check Point Support to get a Hotfix for this issue. There is a partial fix available, it will allow users to connect, but will ask several times to enter the password.
00746730 Several lib files that were supposed to be updated as a part of this release were not included in the package. Contact Check Point Support to get a Hotfix for this issue.
00760121 Mac OS 10.6.7 Thunderbolt-MacBook fails to connect via SSL VPN to R71.30 gateway (kernel panic).
00982107 RSA forces authentication after new PIN is not implemented. This effects VPN clients connecting with SecurID. Hotfix is available.
Cannot select specific network under Anti-Spoofing in VTI interface property page in SmartDashboard.
00656135 Provisioning Status is "Unknown" in SmartProvisioning for objects without provisioning enabled and for objects that do not support provisioning.
00661640 Certificate path is placed in the user field when connecting to a separate server from Windows menu of the GUI.
00664498 Enabling DHCP range on WLAN or LAN interface on SmartProvisioning GUI fails when using Bridge mode.
00747310 When performing Get Topology on a 3rd Party IPSO IP Clustering Cluster, network objective check point sync interfaces changes to "Cluster + X Sync"
00667427 Clipboard contents is unexpectedly cleared when opening SmartDashboard.
00528574 After establishing SIC or during policy verification, you might get an error message: "Incorrect reply from server. Command: private-db-dirty-check." The message can be ignored.
Refer to sk44508.
Security Gateway
Install policy fails due to vmalloc exhaustion.
Boot sequence hangs for a long time when Loading Network devices.
00770917 When using NAT in conjunction with DHCP Relay, Security Gateway drops may be seen on DHCP Offer packets.
00789130 Panic in 'vpnk_crypt_task'.
00783013 FWM crashes if more than 128 licenses are added.
00815139 Firewall unexpectedly crashes. Re-occurs randomly. Following the core's trace shows that crash occurred in 'vpn1' procedures.
00836401 Destination NAT with same source and destination not working since R60.
Security Gateway crashes when using 'FTP_DATA_ASPII' protocol type for FTP service.
Refer to sk98620.
01076022 While increasing 'cphad' timeout in $FWDIR/conf/cphaprob.conf to 30 sec, the timeout is increased to 30,000 sec.
A crash in CPD due to AV update was fixed.
00831920 Add the ability to use the Anti-Virus update according to the gateway object proxy tab.
00833974 SIP packet with CSeq number value "zero" is dropped.
00851827 SIP connection is attempting to open two consecutive ports using the syntax 45080/2

It is attempting to open 45080 and 45081.

1602325 ;sdp_parse_media: port from sdp is (str): 45080/2;

The firewall ignores the / and reads this as 450802.

When enabling IPS "Header Spoofing" protection, some HTTP file download never completes (seen as a progress hang). This happens in R75.20 too, and probably in other versions.
Changes in the input field of a report are not saved.
01092958 Outgoing traffic is seen as 'Other' direction on Network Activity Report.
Port flapping on the switch, to which the Synchronization interfaces are connected of three and more ClusterXL members.
Refer to sk95150.


Related Solutions:

sk61000 (Upgrading to minor version breaks advanced routing on cluster).

This solution is about products that are no longer supported and it will not be updated

Give us Feedback
Please rate this document