Support Center > Search Results > SecureKnowledge Details
Check Point R75.20 Known Limitations
Solution

This article lists all of the R75.20 specific known limitations.

This is a live document that may be updated without special notice. We recommend registering to our weekly updates in order to stay up to date. To register go to UserCenter > My Profile > My Subscriptions.

 

Important notes:

 

Table of Contents

  • General
  • UserCheck
  • HTTPS Inspection
  • DLP
  • Identity Awareness
  • Security Management
  • UTM-1 Edge
  • SmartConsole
  • SmartEvent, SmartReporter, SmartView Tracker
  • SmartProvisioning
  • SecurePlatform
  • ClusterXL
  • Multi-Domain Management
  • IP Series Security Platforms
  • Mobile Access
  • VPN
  • IPS
  • SecureXL

 

ID Symptoms
General
00753002 To use Client Authentication with Internet Explorer 9, you must configure the session limit for the Client Authentication rule to infinite.
00260539 If Equal Cost Multi Path is turned off, unexpected behavior may result. Make sure that it is always "on".
00822156,
00822529
Memory leak in CPD process.
00769690,
00771821,
00846644
The CPSB-SSLVPN-5000 license is handled incorrectly.

Note: this license is not directly available for purchase and is only provided as a part of migration from Connectra appliances to Software Blades. Refer to sk92503.
00815766,
00820249,
00820250,
00836804
"TCP Out of State" exception still allows some Out of State traffic to pass.
00844733,
00852980
Client authentication does not work without SmartDirectory after upgrading to R75.20.
00848911,
00849461,
00849462,
00850274
IPMI interface is not initialized on Open Server machines, this functionality is used when running snmpd.
00829231,
00846276
CLM fwd memory leak on communication with skybox.
00857668 After the Android fix is installed, Enabling Anti-Virus blade causing issues with ActiveSync and access to Exchange Server.
00856964,
00857709,
00880364,
00884537,
00974878,
01175699
Manual Client Authentication over Telnet for LDAP users does not work without SmartDirectory after upgrade from R71.X.
00855384,
00855416,
00855417,
00855418
RADIUS authentication does not work after upgrade to R75.20.
00839057,
00839173,
00839175,
00839177,
00840693
If the R75.20 ISO file is mounted to /mnt/cdrom, 'patch add cd' command fails and leaves the system in an unstable state.
00871277,
00873671
VPN packets drops when upgrading to R75.20 with VPNx enabled.
00862912,
00864201
Following upgrade from NGX R65 HFA 70 to R75.20, some of the VPN tunnels are down due to IKE drops.
00892090,
00894501,
00894505,
00894508
After creating a new bond interface, some interfaces are not listed in the interfaces list when creating a new bond.
00896710 Bond interface show as down even if the physical interfaces are up.
00923522,
00929076,
00929080,
00929078
When configuring NAT behind two ISP's and there is a link failover, NAT still uses the old ISP information.
00943794,
00944430,
00946441,
01025914,
01042065,
00945912,
00945971
Various memory leaks.
01055359 CPD process crash.
01072433,
01062444,
01073294
IPS Bypass is called when it should not. Refer to sk89360.
00902397,
00911985,
00853204,
00898434,
00919761,
00935781,
00904506,
00939223,
00890301
'IPS Bypass Engaged' alert with low CPU usage although the 'High' threshold is set to high value. Refer to sk89080.
01072431,
00937173,
00975176,
00941479,
01073283,
00941310,
00974633
IPS Bypass does not function on IPSO. Refer to sk80540.
01371145,
01373299,
01383102
SmartView Tracker shows logs about Client Authentication over HTTP, although 'Successful Authentication Tracking' in Client Authentication properties in security rule is set to 'None'. Refer to sk98966.
01371146,
01373300,
01383104
SmartView Tracker shows logs about Client Authentication over Telnet, although 'Successful Authentication Tracking' in Client Authentication properties in security rule is set to 'None'. Refer to sk98966.
01406541 NFS RPC requests are getting dropped when traffic passes on an RPC service with a diferrent "program number", although an RPC service with a matching program number is defined in a lower rule. 
01407991,
01408863 
Client Authentication logs for Single-Sign On are always generated even if "Successful Authentication Tracking" in Client Authentication properties is set to "None".
Refer to sk106131.
UserCheck
00658898 HTTP applications that are not Web browsers do not generate UserCheck messages or redirects. Administrators can allow or block access to these applications.
00744992
00741909
The block page message does not show an icon for URL Filtering or Application Control rules where UserCheck is not enabled for HTTPS connections.
00746912 When a URL Filtering rule blocks SSL traffic that goes through an HTTP proxy, the blocked message does not show.
00752828 The Security Gateway cannot enforce a UserCheck action for an Application Control or URL Filtering rule if the following conditions are true:
  • The UserCheck portal is accessible on specified interfaces (for example, internal interfaces).
  • The traffic source is from a different interface (for example, an external interface).
00758371 When you enable one of the Check Point portals (UserCheck, Identity Awareness or SNX portal) on an IPSO platform, you must not define the Voyager port as port 80 or 443.
00759947 We recommend that client browsers do not use a proxy to connect to a UserCheck portal in a deployment where the proxy server is located between the Security Gateway and the Internet. You can use a proxy PAC file to exclude the portal from the connections that require a proxy, This allows the client to connect directly to the portal without going through a proxy.
00762928 Blocking notification messages are shown to users that are blocked by the Application Control or URL Filtering software blades. After upgrading to R75.20, these messages are shown through the new enhanced UserCheck portal, that runs on the HTTP protocol.
To use blocked messages, use the Block > New UserCheck option in the Action column of rules in the Application & URL Filtering rulebase.
00766568 If you need to disable Captive Portal, you must do this to be able to reactive it later:
  1. Clear the Captive Portal option, disable Identity Awareness, and install Policy.
  2. Re-activate Identity Awareness, configure it again, and install policy.
00838883,
00833811
Traffic is randomly rejected on cleanup rule when using URI Resource and Anti-Virus.
00829417,
00830244
FEAT command is not allowed by Anti-Virus blade in R75.20.
00850863 An identity agent for MAC OS x 10.6 and higher versions cannot be downloaded from the Captive Portal. To download a MAC agent, refer to sk63920.
00851697 Specific URL access is Rejected by combination of IPS blade and Anti-Virus blade.
00870421,
00865965
Check Point Security Gateway is not able to download DShield BlockList. Refer to sk21534.
00874929,
00878664
Anti-Virus Mail Zero Hour protection might create false positive SmartView Tracker logs, incorrectly reporting innocent e-mail messages as "Blocked".
The issue is only relevant to the SmartView Tracker log, as the e-mail itself is not blocked.
00922939,
00910877
Users authenticated in the Identity Awareness Captive Portal with RADIUS server credentials have their group membership (and as a result, their identity roles) wiped during policy install and when running "pdp update all", requiring them to re-authenticate.
00932662,
00939493
Captive portal language customization process does not work for R75.20 and above.
HTTPS Inspection
00655365 HTTPS inspection can cause instability when using Debug. To resolve this issue, turn off debug and then delete the $FWDIR/log/wstlsd.elg file.
00660371 HTTPS Inspection does not support non-SSL protocols, such as FTP. You cannot include these services in HTTPS Inspection rules.
00735163 When you configure a custom application (using the Sites/Application wizard) for HTTPS sites, you must define the site URL according to location of the gateway with respect to the proxy server.
  • If the gateway is located before the proxy server, use the actual site URL (For example: https//checkpoint.com).
  • If the gateway is located after the proxy server, or there is no proxy server, use the DN string from the Subject field in the site certificate. Make sure that you remove the asterisk character (*) from the DN string.
00749148 SSLv2 is not supported. Websites that support SSLv2 will not work with HTTPS inspection.
00754400 The Anti-Virus Software Blade is supported in the non-proactive mode only.
00756867 In the HTTPS Inspection log, the Action field shows which action was actually taken for the connection. In some circumstances there could be a mismatch between the action in the log and the action defined in matching rule.

For example, a connection matches a rule with the INSPECT action. But, this connection is an exception on all blades defined in the matched rule. In this case, the action that is actually done is BYPASS.
00759900 When using HTTPS inspection, you must not include (do not inspect) HTTPS sites in the Remote Access Encryption Domain in policy rules. If you do not do this, access to these sites is blocked.
00819329,
00823450
WebUI Restore does not restore user defined data on R75.20 Smart-1 box.
00858633 VPN clients cannot browse HTTPS on R75.20 in hub mode (route all traffic through gateway) while HTTPS inspection is enabled.
DLP
00648666 You cannot import a DLP data type that was exported from R75.20 into R71.x, R75 or R75.10.

You cannot import a DLP data type that was exported from R71.x, R75 or R75.10 into R75.20.
00649767 For Security Gateways version R75.20 or higher, you must use a DLP UserCheck client that is version R71.10 or higher.
00663490 When creating SIC trust from a Check Point Exchange Agent to a DLP gateway configured in the Layer 2 Bridge mode, you must use one of the DLP Gateway interfaces (physical or VLAN) IP address rather than the bridge interface IP address.
00735695 You can only see incident data collected by the Check Point Exchange Agent using Microsoft Outlook 2007 or 2010. If you try to show data from other email clients (such as Outlook 2003, Outlook Professional 2010 or Mozilla Thunderbird), the data is visible, but attachments are not visible.
00754874 SmartEvent Intro is not available in a full High Availability cluster deployment of DLP-1 appliances.
00757004 When you upgrade a gateway to R75.20, all out-of-the-box DLP rules are automatically restored to the Rule Base. If you deleted some out-of-the-box rules before the upgrade, make sure that you delete them again if you still do not want to use them.

The new out-of-the-box Outlook Message - Confidential DLP rule is not supported on gateway versions earlier then R75.20. If you install a policy that includes the Outlook Message - Confidential rule on a pre-R75.20 gateway, is not enforced and a warning message shows.

You can safely ignore this warning. You can also prevent this warning message from showing by configuring the Install On targets for the Outlook Message - Confidential rule to exclude pre-R75.20 gateways.
00761092 You can only enable HTTPS inspection on DLP-1 gateways from the HTTPS Inspection page of the DLP-1 gateway network object. Enabling HTTPS inspection on DLP-1 gateways from the HTTPS Inspection -> Gateways page is not supported.
00737855 The Performance Pack is not installed automatically on DLP-1 models 2571 and 9571. Do these steps to install the Performance Pack:
  1. Run the SecurePlatform First-Time Wizard and then reboot.
  2. Log in and run sysconfig.
  3. Select Product Installations > Performance Pack.
  4. When prompted, accept the license terms.
  5. Press n to continue with the installation.
  6. Reboot the computer.
  7. Log in and run fwaccel stat to verify the installation.
00757481 The send and discard email options for DLP incidents operate only when:
  1. The SmartEvent server is defined as a Log Server in the Management Blades section in SmartDashboard.
  2. An install database operation has been performed on the SmartEvent server.
Identity Awareness
00745549 When defining a custom application/site or overriding categorization rules using a regular expression, it is important to avoid expressions such as *acme.com. (The correct expression would be .*acme\.com) These may lead to policy installation failures.
01102067,
00896702,
00911403,
00913037,
00974899,
01046092,
01046092,
01057322,
01115813,
01116245,
01274689
User must enter the credentials twice in order to authenticate via Captive Portal in Internet Explorer 9 and Chrome 17 (and above).
Refer to sk102387.
00952619,
01015320,
01025293
Users are disappearing from local PEP yet still exist in PDP.
00853153 Two custom applications get the same UID in SmartDashboard, which causes mismatch in Application Control policy. As a result, applications' traffic might pass, although it is supposed to be blocked. To resolve the issue, use sk91320.
01126592,
01128755,
01128756,
01128757
Some entries are not removed from Windows Registry ('HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\IA' key) after uninstallation of customized Identity Awareness client 'customAgent.msi'.
01154085 In rare cases, session expiration message might show up in SmartView Tracker as 'Internal error. Authentication method is not supported.'
Security Management
00646115 The SIC connection can become disconnected during migration while doing an Advanced Upgrade. If this occurs, you must manually reset SIC trust. To prevent this issue, you can add the new Security Management server to the dedicated DLP Masters in the Security Gateway properties.
00743740 When using the R75.20 SmartDashboard to create a Firewall-1 GX gateway, this message shows after creating SIC trust: Flow.20 cannot manage a NGX R60 version.
To resolve this issue, do these steps:
  1. On the SmartDashboard computer, backup the registry.
  2. Using the Registry Editor, go to this key:
    HKEY_CURRENT_USER\Software\CheckPoint\Management Clients\6.2.1\GA\Check Point SmartDashboard\General Settings
  3. Add a new registry key: AllowLegacyVersions
  4. Define this new registry key as DWORD with a value of 1.
  5. Save the registry.

After making this registry change, SmartDashboard lets you select R60 in the Cluster Properties -> Version field. You can now create new Firewall-1 GX gateways using the Simple mode or the Get button.
00749664 You must use the Run as Administrator option to use the Windows command shell (cmd.exe) when User Access Control is enabled. If you don't do this, some Check Point commands (such as cpstop and cpstart) cannot run.
00758060 You must use the "Exporting using the CLI" procedure for Linux and Solaris advanced upgrades. You can see this procedure in the R75.20 Installation and Upgrade guide (Advanced Upgrade and Database migration > Migration Workflow > Platform Specific Procedures > Database Migration on Linux or Solaris Platforms > Exporting using the CLI).
00648583 The Management Portal does not support multiple certificates assigned to one user. If a user has more than one assigned certificate, the Management Portal shows only one of these certificates.
00746526 The Management Portal cannot be installed on the same computer as the Multi-Domain server.
00636167 The certificate information shown in SmartDashboard always comes from the active database (typically $FWDIR/conf), even when looking at another database. This can happen, for example, if you are looking at an old database version.
00849216,
00850164
FWM crash during policy installation due to database corruption.
00843507,
00843629
'File' menu -> 'Open' in SmartView Tracker is very slow when there are many log files.
00881967,
00883361
It is impossible to change the default user certificate expiration days number.
00902275,
01294105
On 3rd party LEA OPSEC client, the fields about the logged Application are empty in the Application Control blade logs. Refer to sk113138.
00940639,
01399758,
00944421
Policy installation fails when policy contains more than 16000 rules. Refer to sk89460. Refer to issue 01399758.
00943101,
00871030
The "ca" feature (VPN management) license is not being read from the MDS environment.
00943489,
00943628
Security Policy installation fails with "ERROR: Duplicate keys <xxxxxxxx> in table 'sd_dst_intvl_list'". Refer to sk83480.
01089781,
01090951,
01090953
Error: "You do not have a license to manage gateways from this Domain Management Server. Management of gateways that are not Virtual Systems requires a Security Management level license." when running fwm verify from command line.
01053576,
01109748,
01055166,
01055167
Shared secret change in a VPN community is not saved in Database. Refer to sk92516.
UTM-1 Edge
00766275 UTM-1 Edge Firmware is not downloaded to UTM-1 Edge devices managed by an R75.20 management server. Refer to sk65102.
00785860 UTM-1 Edge and Safe@Office devices that use locally configured VPN connections with download configuration settings, may experience VPN connectivity failure with R75.20 Security Gateways. To enable this configuration with R75.20, refer to sk65369.
SmartConsole
00739152 To enable these legacy Software Blades in an R75.20 Security Gateway, go to Create or Edit Gateway > Other > More Settings:
  • Legacy URL Filtering
  • FireWall-1 GX
  • UserAuthority Server
  • UserAuthority WebAccess
If you want to configure these blades on a gateway with a version earlier than R75.20, a More Blades link shows on the General Properties page. This link takes you to the More Settings pane
00818506,
00825085,
00838502
'Domain Name' field is not saved in the new 'External User Profile' that is 'Matched by domain' in SmartDashboard. Refer to sk90260.
00848917,
00849961
GUI memory leaks. When open SmartDashboard -> IPS -> Protections, the SmartDashboard is stuck and FWPolicy.exe starts growing until it reaches 2GB of RAM and crashes.
00847554,
00847575
SmartDashboard crashes when editing IPS Header Rejection Dialog Box.
00872659,
00873136
Performance issues on UTM-1 EdgeX when policy is installed from R75.20 Security Management.
00862073,
00863217
Object list search starts before the complete search pattern is entered, leading to delays in overall search performance.
00864836,
00866753
Closing the Print Preview screen closes the SmartDashboard. On the next start of the SmartDashboard the top menu is missing.
00872978,
00873364
On Windows versions where the decimal point is not a dot (e.g. - a comma in French Windows) an exception is thrown when we want to enable Application Control by adding the gateway from the drop down menu.
00884174,
00884427,
00884428,
00884430
Unable to schedule IPS updates on Thursdays - they all are displayed as N/A.
00907492,
00908436
If one of the communities contains exact 2 gateways, the following pop-up is displayed when deleting a user: "MEP can only be configured on communities with more than one central gateway. If you choose to continue, MEP will be disabled. Are you sure you want to continue?"
00938310 Incorrect characters are displayed instead of Russian in LDAP OU in SmartDashboard.
01057214,
01059318,
01059319
Windows clipboard is emptied when a network object is deleted.
01065620,
01066036,
01066037
It is possible to set "Timeout for SYN attack Identification" to 1-3 seconds although the actual minimum value is 4 seconds.
01160473,
01161895,
01161896,
01161897
Rules with time limit show up as expired even though their expiration time is several hours in the future.
SmartEvent, SmartReporter, SmartView Tracker
00665795 You must do some additional steps to configure SmartEvent in a Management High Availability deployment. If the primary Security Management server is in the standby state and is running:
  1. Run evstop on the SmartEvent computer.
  2. Synchronize the primary Security Management server (in standby state) with the active Security Management server.
  3. Run evstart on the SmartEvent computer to get the updated configuration.
00737843 When viewing logs in SmartView Tracker or events in SmartEvent, blank log details can show. This is caused by legacy Windows XML parsing libraries.
00757481 The send and discard email options for DLP incidents operate only if the SmartEvent server is defined as a Log Server in SmartDashboard in the Management Blades section.
00748297 When upgrading Security Management from R75 to R75.20 on a 64 bit Windows platform, you must do this to use SmartEvent:
  1. Uninstall the SmartEvent and SmartReporter package from the Security Management server R75. (Control Panel > Add Remove Programs > Check Point SmartEvent and SmartReporter Suite R75).
  2. Upgrade the Security Management to R75.20.
  3. Install the SmartEvent and SmartReporter package from the installation R75.20 DVD.
00749927 You cannot use the mds_backup and mds_restore commands for backup, recovery or migration between Smart-1 and SecurePlatform computers. This is because of differences in the log directory structure on these platforms.
00647088 When using the User Privacy feature, user names are hidden in SmartView Tracker and SmartEvent by default. To show user names, clear the Hide Users option in the Query menu.
00653693 In SmartView Monitor, SNMP traps sent from a cluster member contain the cluster virtual IP address.
00818321,
00819577,
00819588
Missing filter for confidence in SmartEvent user defined policy.
00845305 SmartReporter cannot filter on VPN features like SecureClient and Endpoint.
00846599,
00847735
When SmartEvent uses "Send Event by email using SMTP server" option, email in HTML format is sent without startime in the Event Detection field.
00841753,
00841912,
00841913
When administrator logs in to SmartReporter GUI client using the credentials of Provider-1 Super User, only "Out of the Box" policy shows when creating consolidation session.
00867521 Threshold section text is changed when defining a new event based on IPS Generic Event.
00890334,
00890914
In SmartView Tracker, when logging to a CMA/CLM, its IP address appears instead of CMA/CLM name at the window title bar.
00868605 If SmartEvent username gets truncated for endpoint events, in SmartView Tracker they are normal.
00893937,
00893893
Time Setting in Database Maintenance Settings is displayed incorrectly.
00904667,
00911162
When attempting to modify settings in SmartEvent GUI, user gets the Exception message: "No write permissions for ob00ject: OBJ_4DB1B12E_5524_4F28_8CFE_879D4171C39A of type: CSchedItem (File: .\DBMaintenanceBridge.cpp Line: 804"
00911014,
00917364
Mail from SmartEvent automatic reaction show incorrect time.
01036872,
01073869,
01073870
'Active' Security Management Server is not visible in 'Input' tab of SmartReporter reports after failover in Management HA setup.
01084507,
01299321,
01094024,
01089802,
01294336,
01298533,
01294335,
01094069
  • "The interface does not exist. Try a different interface." error in SmartView Monitor when opening a Traffic view on an interface.
  • Running 'rtm monitor' command on Security Gateway shows "Error: Bad interface name".
Refer to sk97466.
01097670 SSLCA_COMP does not work (fails to compress).
01092002,
01103211,
01103212,
01118709
SmartReporter 'Firewall Blade - Activity' reports show incorrect 'Traffic Size' information when the results are sorted by 'Bytes'. Refer to sk92485.
00863374,
00866796,
00905558,
01079529,
01127897,
01140149,
01186407,
01226490,
01227438,
01227439,
01227440,
01265819;
01374971,
01375023
In E-mail alerts sent by SmartEvent, the user name field contains '*** Confidential ***' instead of real data.

Refer to sk68020.
SmartProvisioning
00763393 When you upgrade to R75.20, you cannot create a new ROBO cluster with SmartProvisioning. A provisioning configuration file (provision_db.conf) is not updated during the upgrade process.

To resolve this, you must copy the file manually to $FWDIR/conf and $MDS_TEMPLATE/conf (in a Multi-Domain Security Management environment).
SecurePlatform
00815514,
00818303
Kerberos authentication does not work on a RHEL non-SPLAT Management installation.
00871043 Volume Flags in Volume OIDs that are reported by snmpwalk, do not match the ones specified in $CPDIR/lib/snmp/chkpnt.mib file.
01074196 After enabling Admin Login Restrictions, once one administrator is locked out, all administrators are locked out too.
00732936,
00733468,
00733481,
00733485,
00787576,
00827602
Quering tree .1.3.6.1.4.1.2021.4 (memory statistics) returns incorrect results. Refer to sk42811.
01429346,
01431791
'cpstat os -f power_supply' command returns empty table on Check Point appliance. Refer to sk101511.
ClusterXL
00647007 The 'cphaprob -a if' command is not supported on Windows platforms.
01079289,
01103133,
01081270,
01086900,
01095303,
01081271,
01089476,
01081272,
01101130
Non-Pivot cluster member on 21400 appliances drops the packets without any log when VMAC is enabled. Refer to sk89321.
Multi-Domain Management
00761528 When using Global IPS in a Multi-Domain Management environment, make sure to assign the global IPS policy to all subscribers after upgrading to R75.20. Do this before installing policy to any of the Security Gateways.
00785967,
00788910,
00788911,
00788912,
00785968,
00788284,
00788904,
00788906,
00788907
Multi-Domain Management synchronization status shows 'Advanced' or 'Lagging'.
00842291,
00842622,
00842623,
00842624
FWD daemon leaks memory when sending SNMP traps from Domain.
01001027,
01002213,
01002221,
01002230
VLAN interface as Leading VIP interface fails.
01322609,
01322803,
01322804
"The Global History file is not found" error in SmartDomain Manager. Refer to sk97812.
01353886,
01365307,
01365309
Session description info is not provided in CMA "change-to-active" log. Refer to sk98695
IP Series Security Platforms
00650190 On Flash-based IP290, IP390, IP560 appliances you must perform a clean install to install the R75.20 version. There is not enough space on these appliances to perform an upgrade from a previously installed firewall version.
00828490,
00831344
On IPSO 6.2, multi-CPU statistics are not reported in SmartView Monitor or in the output of cpstat os -f multi_cpu command.
Mobile Access
00774475,
00777083
iPhone users cannot connect due to problem with external certificates handling when several active portals exist.
00787474,
00831141,
00831144
When entring Web app through Mobile Access and trying to download any file, the download is reported as successful but the file downloaded is of zero size.
00816450,
00828843,
00844826
MAB has problems to use fileshare and SMS server - wrong cookie sent to procsrv can cause the RPC's to fail.
00815112,
00815211,
00828198
If file share application is configured in MAB after user logs out, the UNMOUNT is not executed.
00848987,
00850637
iPhone devices are unable to install ActiveSync profiles that contain & character.
00836729,
00836894,
00836895
Unnecessary includes in HT.virtualhost.conf file.
00849423 SNX fails to install on Windows Vista x64.
00859513,
00860050
The mpdaemon process is not brough up by WD.
00843547,
00844757
ActiveSync's username comparison is case sensitive.
01089729,
01090848,
01090849
SNX fails to connect when using certificate with UPN.
01108953 Access to files in /Login directory on internal web server blocked in HT - HTTP 404 error page is received.
01274023,
01276914,
01276915,
01290398,
01291152,
01292291,
01299352,
01301141,
01301350,
01305298,
01313859,
01320512,
01323156,
01367394,
01381533,
01408581,
01414931
SSL Network eXtender (SNX) connects in Internet Explorer 11 (IE11) only with Java and no longer via ActiveX.
Refer to sk96449.
VPN
00848918,
00849338,
01053958
Traffic does not pass over Site-to-Site VPN tunnel when choosing SHA-256 for IKE Phase 2 negotiation.
Refer to sk66441.
00937684,
00937971
VPN over VPN (double encryption) with CoreXL fails.
00943309,
00945951
VPN trusted interface does not work when CoreXL is enabled.
01147243,
01147226,
01149364
SIC with gateway cannot be established due to PDT timezone.
01154294,
01154787,
01154788,
01154789
Endpoint VPN client cannot authenticate with third party certificate if CA marked policyConstraints option in certificate as critical

01178788,
01178965,
01178966,
01178967

Custom certificate does not parse rules (according to vpn realm) for VPN portal on SSL Network Extender.

01189974,
01191012,
01191013,
01191014
Certificate authentication to SNX portal fails in Internet Explorer 9.
00872886 ,
00874492 ,
01062620 ,
01105907 ,
01272047
After policy installation on Endpoint Connect Client, client fails to reconnect to ClusterXL for 15 minutes. Refer to sk97929.
IPS
01166665,
01166816,
01166817,
01166818
SmartDashboard crashes during IPS online update.
SecureXL
01166865
Crossbeam performance issue: Affinity of SDP interfaces is being modified by SecureXL SIM Affnity, causing performance degradation. Refer to sk101358.
00625782 The fwaccel identities and fwaccel revoked_ips commands are not supported on IPSO Appliances.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment