Support Center > Search Results > SecureKnowledge Details
R71.40 Known Limitations
Solution

This article lists all of the known limitations of R71.40.

This is a live document that may be updated without special notice. We recommend registering to our weekly updates in order to stay up to date. To register go to UserCenter > My Profile > My Subscriptions.

Important notes:

For more information on R71.40 see the R71.40 Release Notes, R71.40 home page and R71.40 Resolved Issues.

Visit our discussion forums to ask questions and get answers from technical peers and Support experts.
Popular forums:

Table of Contents

  • General
  • Security Management
  • Secure Workspace
  • IPS
  • SmartEvent
  • SecurePlatform
  • VPN
  • Provider-1
ID Symptoms
General
01073033 "Error allocating more space for arpcache" error in the /var/log/messages file on the active cluster member.
Security Management
00975073,
00983111,
00983800 
Policy installation fails with error "Operation failed. Install/uninstall has been improperly terminated" instead of showing a proper error message and FWM daemon crashes when a NAT contains multiple Source / Destination objects.
Refer to sk103918.
00528574 After establishing SIC or during policy verification, you might get an error message: "Incorrect reply from server. Command: private-db-dirty-check." The message can be ignored. Refer to sk44508.
Secure Workspace
00591709,
00510227
Win+A is not an officially supported way to switch between the Secure Workspace desktop and the host desktop. It may cause unexpected behavior. Use Win+S as a shortcut to switch between the desktops.
00573859 The Windows 7 theme might change occasionally after you close Secure Workspace.
00461597 In Windows 7, the task switching window that shows when you click Alt+Tab might not work on the host computer while Secure Workspace is open. It also might not display correctly after you close Secure Workspace.
  Internet Explorer Protected mode:
  • Endpoint Security on Demand and Secure Workspace do not work correctly if the user’s browser is configured to use Protected Mode for the SSL VPN Portal’s URL.
  • If Endpoint Security on Demand is configured, Protected Mode is detected and an informative error page opens for the user.
  • If Endpoint Security on Demand is not configured, there is no error page. If users use Secure Workspace with Protected Mode on, various errors might occur.
00591735 If Chrome or Firefox is the default browser on a device, the SSL VPN shortcut on the desktop has an image of Chrome or Firefox, although the portal opens in Internet Explorer.
00573964 Sometimes the message "Fail to run Secure Workspace due to lack of resources" opens, although there are free resources on the machine. Rebooting the client machine might repair this.
  Secure Workspace is not compatible with these third party applications:
  • McAfee HIP / signature 432
  • Symantec Event Library
  • Kaspersky Proactive Defense
  • Create Desktops limit
  • FS corruption
  If you get errors only when you use Firefox or Chrome, but not on Internet Explorer it might indicate that there are problems with the Java version. Update to the latest Java version.
  Secure Workspace does not work correctly on computers that have Internet Explorer 9 installed.
  Abra limitations that are related to Secure Workspace also apply to this hotfix. Refer to sk52764.
00628747 If you log in to Secure Workspace from a Windows 7 64-bit machine using Internet Explorer 8 64-bit, Cshell deployment fails in both ActiveX and Java.
00766955 ESOD scan is disabled for all EC clients. 
IPS
00660059
Install policy with IPS pattern granularity and AA profile, or with manual profile, might fail due to timeout. Workaround:
  1. Run: cpstop
  2. Run: export commit_func_timeout=600
  3. Make sure the last command was successful. Run: echo $commit_func_timeout
    The output should be 600.
  4. Run: cpstart
  5. Install policy.
Refer to sk101559.
00661820,
00662785
Changing the Check Point pattern names or values before upgrade sometimes causes Online Update issues.
00725130 Protections that were converted from patterns should not be marked for Follow Up. In some cases, they are incorrectly marked for Follow Up and receive the IPS policy. This can cause the new protection not to receive the overridden policy when the policy of the pattern was overridden before upgrade.
00735793 Patterns that were deleted before upgrade are added again to the IPS blade as protections. They do not show as new patterns in R65 protections.
00937173,
00941307,
00941310,
00941479
IPS bypass never occurs on IPSO OS under CPU load.
01203733,
01204217,
01204216,
01204215,
01204214
"FW-1 - cmi_sticky_exec: Failed to resolve handler from database" errors in /var/log/messages file when IPS blade is enabled. Refer to sk94287.
SmartEvent
00755556 SmartEvent GUI fails to load on Windows after upgrade from R71.10.
To resolve, run cpstop and then cpstart.
SecurePlatform
00828614,
00776316,
00828720,
00828722,
00828724
"Server error (error code = INITIALIZE_CP_SENSORS_FAILED)" message appears in the WebUI on the UnifiedWall applicance after upgrade to R71.40. Refer to sk65823.
00889162,
00887956 
If running Security Management on the R71.40 image, SG 80 appliance cannot be managed.
00732936,
00733468,
00733481,
00733485,
00787576,
00827602
Quering tree .1.3.6.1.4.1.2021.4 (memory statistics) returns incorrect results. Refer to sk42811.
VPN
00845358,
00851954 
vpnd crashes on loading root CA chain and User authentication fails after upgrade to R71.40. 
00839151,
00840479
SNX users disconnected due to vpnd crashes.
00894343,
00896531,
00897192
When SWS is required but not enabled, access/log in to Mobile Access portal does not work. 
Provider-1
00943804,
00949746,
00950201 
Memory leak of FWM on CMA level.
This solution is about products that are no longer supported and it will not be updated

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment