Support Center > Search Results > SecureKnowledge Details
R75.30 Resolved Issues
Solution

This article lists all of the issues that have been resolved in R75.30.

 

Important notes:

 

Table of Contents

  • Firewall
  • Identity Awareness
  • VPN
  • Management Server
  • SecurePlatform
  • SmartEvent
  • SmartDashboard
  • IPS
  • Anti-Virus
  • SmartReporter
  • Multi-Domain Security Management
  • ClusterXL
  • Advanced Routing
  • VoIP
  • Miscellaneous

 

ID Symptoms
Firewall
00539459 Mails could not be sent when using SMTP Resource and CoreXL is enabled. See sk44259.
00543552 RTP and NAT related issues.
00546222 Web Security related memory leak.
00549582 High CPU usage issue.
00550209 Stability issue when running fw fetch local.
00550224 Memory allocation error when using the fw fetch local command.
00550565 Improved policy installation on Windows platforms with more than 4 GB RAM.
00550787 Instability issue when IPS is enabled.
00552842 Gateway accepts proposals from 3rd party interoperable devices with a different DH group from that defined in the VPN community.
00552946 SYNDefender now changes from the active mode to the passive mode correctly when CoreXL is disabled.
00553503 Improved handling of SQL injection attacks.
00555530 Performance issue when "dst cache overflow" is seen in /var/log/messages.
Resolved DST cache hash size limit issue.
00556014 Fixed SecureXL issue where the affinity setting for a process did not survive reboot.
00559704 Added partial support for Cisco Call Manager 7.1.
00561059 The firewall now parses email messages with very large file names correctly.
00562354 Anti-Virus issue.
00562737 Gateway stops sending traffic.
00565634 SNMP stability issue.
00566404 Some packets were incorrectly dropped by the Small PMTU IPS protection even though this protection was disabled.
00567227 SCV dropped traffic for verified SecureClient users in the Monitor Only mode.
00567735 The counter for ifIndiscards (OID 1.3.6.1.2.1.2.2.1.13) now shows the correct information.
00568188 Solaris Security Management server stability issues.
00570072 Console errors caused by corrupted ICMP error packets.
00570223 Bond locking issues in cluster deployments.
00570933 Fixed VOIP related issues for incoming traffic when ISP redundancy is enabled.
00571926 MGCP packets are now parsed correctly. This resolves an issue where MGCP packets were blocked incorrectly.
00572056 Stability issue during policy installation.
00572335 NAT fails after installing a policy.
00576659 ACK packet corruption on the gateway.
00589585 Stability issue for psnmpd.
00589587 MIB tree handling works correctly. This resolves an issue where snmpwalk does not work.
00590334 Added grace period to Anti-Spam license checking algorithm.
00595100 Improved OM assignment handling with Radius authentication.
00596725 Added automatic TCP keep-alive for H.323 active streaming connections.
00597074 QoS stability issue.
00609256 Some MGCP packets were incorrectly blocked.
00630092 Stability issue during Geo Protection update that is not caused by policy installation.
00634176 VPN memory leak issue when using L2TP.
00635212 Kernel memory leak issue in cluster deployments.
00646616 Memory leak issue.
00645696 Default policy enforcement now operates correctly after rebooting the gateway, when a PPPoE interface is down.
00647968 Added new global parameter (fw_log_bad_fwd_packet global) to prevent unwanted messages in the log file. This option is disabled by default.
00654258 Stability issue when the gateway inspects MSN traffic.
00654776 Passive FTP data connections on VoIP ports (1720, 2000) now operate correctly with CoreXL.
00739919 Email messages stay in the MDQ queue.
00739915 An Active gateway cluster member incorrectly generates this log entry in /var/log/messages:
fl1ibagate02b kernel: FW-1: fw_xlate_anticipate: wx_anticipate_server_side failed.
00745499 When there is no VPN tunnel between two gateways, this command causes instability:
snmpwalk -v 2c -c public localhost 1.3.6.1.4.1.2620.500.9002.1.3.<IP>
00628172 Improved handling of MSN traffic.
00630209 Improved display of http statistics for Anti-Virus to block traffic based on file size.
00570225 Improved stability in cluster environment with bond interfaces.
00635133 Improved stability in NAT after policy installation that changes IPS settings.
00738188 If a user added a script to the SmartDashboard and attached it to IPS HTTP - DOS attack, alerts did not trigger the defined script.
00827505 The sessions agent did not generate a new PIN, because HTTP code 230 was not sent from the firewall.
00535889 The firewall dropped sip SUBSCRIBE messages on the error: sip_get_brother_data: internal error - brother init failed
00652756 If there is an IPv6 license, FTP data connections for IPv4 addresses were not opened.
00656748 SMTP was logged, even when logging was disabled.
00742167 Error "550 Mailbox Unavailable". Improved SMTP resources with CoreXL.
00748564 User authentication fails with FW1: form expired.
00763357 H323 connections expired. Improved data connections to refresh the control connections.
00765061 Clientless VPN did not function correctly with CoreXL.
00816465 Firewall crashed using R71.30 gateways on IPSO 6.2.
00829424 The previous policy name was not shown correctly in SmartView Monitor Alerts.
00732856,
00735281,
00743875,
00788821,
00862119,
00891568,
00893883,
00893885
The "FW-1: fw_kfree: wrong magic number at 0xADDRESS caller is 'fw_xlate_find_all_matches_rm2'" error in /var/log/messages files and on console during policy installation when configuration involves ISP Redundancy and hosts with Static NAT per sk25152. Refer to sk92180.
Identity Awareness
00827301 Sometimes the message "fwnac_ioctl_call: IOCTL failed" was written erroneously to the file $FWDIR/log/pepd.elg.
00827335

Improved performance of PDP when unregistering networks.

00827291 Identity Awareness sometimes resolved the Fully Qualified Domain Name (FQDN) incorrectly.
00760574 On SecurePlatform or IPSO with Identity Awareness enabled, this incorrect message sometimes appears in the $FWDIR/log/pepd.elg file: _fwnac_ioctl_call: IOCTL failed
00774627 AD Query could not resolve the domain.
00782049 When Identity Awareness was enabled, the PDP process sometimes consumed 100% CPU.
VPN
00566847 High CPU usage issue when VPN is disabled and SecureXL is enabled.
00630289 Users can now use SSL Network Extender with certificates with unique Principal Names to connect to R71 gateways.
00630361 On MacOS 10.6, SSL Network Extender only updates when it first connects to the gateway.
00593006 Security Gateway processes can connect to third-party products with SSLv3 in addition to TLSv1.
00564789 Endpoint Connect client can use pre-shared secret authentication.
00630593 Improved handling of calculating subnets for tunnel management.
00650124 Host Translation did not translate URLs sent in queries to an internal server.
00777083 Mobile Access error: "Establish trust with ICA failed. reason: There's no trusted server certificate by the given DN." All portals' certificates are examined, rather than showing the error after the first portal without a certificate.
0082819 After a user logged out from the Mobile Access portal, fileshares were not unmounted.
00828607 If ICS and SWS are enabled but not required, Windows users cannot access the portal.
00658422,
00658929,
00753517,
00850929
R75 Endpoint Security VPN users authenticated by LDAP are prompted to change their passwords on every login.
Management Server
00541671 The Security Management server generates multiple log entries as necessary without losing database changes.
00541689 NAT rule changes now show correctly in the logs.
00549654 Security Management can now accept more than 25 QOS unlimited connection licenses.
00551139 Improved custom commands processing in SmartProvisioning.
00558002 Solaris RPC credentials are parsed incorrectly.
00574386 Gateways now show correctly in Connectra cluster objects and the update continues as needed.
00597656 cpca_client enhancements:
  • Failure logs.
  • Shows which user owns newly created registration keys.
  • This command accepts an input file containing users for certificate revocation.
00600619 After you run "fw debug fwm off" on Windows, the Install Policy and Install Database windows now do not show the debug messages.
00593654 Policy installation is successful when the policy includes a Connectra object and a monitoring license is not installed on the Security Management server.
00558003 Improved RPC authentication handling.
SecurePlatform
00531930 SNMP stability issue.
00541671 The Security Management server generates multiple log entries as necessary without losing database changes.
00549731 SIP TCP stability issue.
00551095 WebUI issue after an upgrade while using Radius authentication.
00557059 Corrected text in the snapshot prompt message before doing a backup.
00561766 Delay values for a Bond interface are not saved correctly.
00591539 The /dev/ppp file is not created after creating a PPPoE connection.
00591758 Only one (more meaningful) snmpd log entry shows in /var/log/messages when configuring channel bonding/IPv6.
00592663 You can now add routes that go through the loopback interface.
00596093 Stability issue during SNMP queries when the gateway is under heavy load.
00630603 Users cannot use the WebUI.
00645735 SNMP polling for ifHighSpeed now returns the correct value for 10Gb interfaces.
00639936 Includes support for up to 1024 bridge interfaces.
00639986 When you view the Advanced Parameters for a bond interface and do not make any changes, the interface is not restarted.
00761991 In an environment with multiple gateways, certificates for SecurePlatform WebUI login were not accepted, because duplicate serial numbers were used. This issue is fixed with a new random serial number generator.
SmartEvent
00531535 Removed limit on the number of items in multi-value event fields.
00542796 The cpstat cpsead commands do not generate output when the Correlation Unit connects to many log servers.
00555330 SmartEvent does not send emails.
00559896,
00565642,
00565651,
00565659
Memory leak issue in the SmartEvent GUI.
00561967 Users can now select "Source" in the "Group By" window.
00562351 SmartEvent now correctly creates log entries for an SNMPTRAP with the AuthenticationFailure trap.
00565892 Stability issue when sending emails that have multiple value fields.
00567821 When SmartEvent Intro for IPS is enabled, the IPS Event Manager in SmartView Monitor shows the correct IPS events.
00589918 Improved stability in SmartReporter client.
SmartDashboard
00503197 SmartDashboard stability issue when using 'VPN Communities Tab > Site to Site > My Intranet > VPN Properties'.
00495332 Changing the VPN community for a firewall object causes an error when the object is part of a global community.
00495432 The "Where Used" option now works correctly with time objects and time object groups.
00498837 Automatic Hide Nat is supported for all versions, up to and including this release. It now shows correctly in SmartDashboard.
00524516 Authentication issue with the Content Inspection signature and the saved password.
00531786 SmartDashboard instability when selecting an OPSEC application.
00535664 SmartDashboard now saves changes to section titles in the Rule Base pane.
00546927 Improved the description in the 'Global Properties > SNX tab'.
00556430 "Print" and "Print Preview" now show all rules and section headers correctly, according the page dimensions.
00562578, 00562584 The "View Rule in SmartDashboard" option (in SmartView Tracker) now shows the correct rule in SmartDashboard.
00568708 The SmartView tracker "View rule" feature in SmartDashboard now opens a closed title heading and highlights the rule in SmartDashboard.
00597610 The "Link Selection" window now shows all GUI objects correctly.
00647653 You can now install a policy to a Connectra gateway when there is no Firewall and Address Translation policy.
00615363 SmartView Monitor now correctly shows the memory usage of IPSO gateways.
00593326 Removed tooltip that shows when you point to a NAT section heading in SmartDashboard.
00623378 When you change the order of priority of ISP links, SmartDashboard shows the correct DNS server IP addresses.
00628976 The tooltip for Network Groups in the Firewall rules shows up to 1000 characters.
00611159 Improved handling of Dynamic Address setting for Security Management server in SmartDashboard.
00749714 Added the ability to use the same IPv6 address in topology of 3rd party cluster members.
IPS
00559784 Resolved issue where URL Filtering automatic updates are not successful in a full High Availability deployment.
00569925 Memory leak issue.
00591537 Corrected textual error in Geo Protections output.
00620918 Stability issue during qualys scan.
00626872 'HTTPS Non-Compliant' IPS exceptions did not operate correctly.
00626884 Log messages are no longer sent for HTTP protections that are disabled.
00739911 Video calls are now supported using the skinny (SCCP) VoIP protocol.
00739912 Skinny (SCCP) calls are dropped when the IpPort message shows a value of 0 in the IP address or port field.
00739917 The error message "fwsynatk_write_log: failed to get rule" now shows only if debug is enabled.
00575400 IPS records a log for non-standard HTTP traffic according to IPS protections.
00613891 Logs and Masters page shows in properties window for IPS Sensor objects in SmartDashboard.
Anti-Virus
00546652 Web pages containing jpeg files freeze when the jpeg file type rule is defined as "Pass" (do not scan).
00550897 Anti-Virus update engine stability issue.
00553579 Stability issue during URL filtering update.
SmartReporter
00563594 Database maintenance no longer runs automatically every 15 minutes when there are no records to delete.
00550673 Users get too many information messages from SmartReporter when they generate "Detailed Events" reports.
00550700 Users see incorrect error messages in the Event Viewer.
00558481 Connections are now correctly classified as Incoming, Outgoing, or Internal according to their definition in the gateway topology tab.
00558044 Connectra connections and interfaces now show correctly in SmartReporter.
00553434 Advanced upgrade of the SmartReporter database now succeeds if the file size is greater than 2 GB.
00555590 SmartReporter now correctly translates IP addresses to host names in reports for client authentication logs.
Multi-Domain Security Management
00555191 You can now delete contracts from SmartUpdate in the SmartDomain Manager.
00571399 Global policies can now be automatically installed on a Bridge Mode Virtual System.
00628494 SIC stability issue between the Multi-Domain Server and the Multi-Domain Log Server.
00630604 The Multi-Domain Server now starts if a bond interface is not configured.
00653662 Searches across Domain Management Server now give the correct results when there are title header rules in the Rule Base.
00650830 Connectra cluster objects no longer show the "Waiting" status in the SmartDomain Manager.
00542255 Install date and policy name are now shown in the SmartDomain Manager for VSX modules.
00759119 Creation of new Domain Log Server on new Multi-Domain Log Server from Multi-Domain Server now saved in Domain Management Server database.
00788907, 00788910 The synchronization status of High Availability server shown in the SmartDomain Manager was fixed.
ClusterXL
00536217 Improved processing of cluster sync retransmission requests.
00565897 Stability issue.
00589669 Corrected debug output message for dynamic routing.
00638726 The standby member no longer sends accounting logs.
Advanced Routing
00596724 A standby member now gets dynamic routes correctly from the Active member after restoring an interface that was taken offline using the ifdown command.
00651556 After deleting a type 7 route, the translated type 5 route is also deleted correctly.
VoIP
00567425 H.323 RTP connections do not open correctly.
00568819 Dropped SIP traffic issue.
00574610 H.323 connections are dropped after redirection when the 'Block connection redirection' protection is disabled.
Miscellaneous
00494545 IPSO: VRRP third party cluster members now show on the list of available monitored objects.
00540762 Secure XL now functions correctly after installing a policy.
00546479 SmartView Monitor no longer shows a 'no match' error for QoS rules.
00551697 QoS: Resolved policy installation issue for QoS policy.
00569815 Debug: Fixed the debug behavior for FWM process.
00597649 SmartView Tracker: The "Edit filter" menu in SmartView Tracker now appears in Windows XP when using small icon fonts.
00624560 You can now install new products if some values are missing from the registry.
00600730, 00601488 Improved stability in SmartProvisioning.
00640339 SmartProvisioning shows the list of firmware versions for UTM-1 Edges.
00668410 Fixed memory leak in cpd.
00820685 Memory corruption when SecureXL was enabled on cat /proc/ppk/stats.
00815512 Incorrect database maintenance message was shown: "Database auto. maintenance event - The database maintenance parameters needs to be adjusted. Max FSM should be increased"
00745510, 00745478 SSL Network Extender certificate authentication did not work with Linux CLI client.
This solution is about products that are no longer supported and it will not be updated

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment