Support Center > Search Results > SecureKnowledge Details
R75.40 Known Limitations
Solution

This article lists all of the R75.40 specific known limitations.

This is a live document that may be updated without special notice. We recommend registering to our weekly updates in order to stay up to date. To register go to UserCenter > My Profile > My Subscriptions.

 

Important notes:

 

Table of Contents

  • General and Installation
  • FireWall
  • Automatic Software Updates
  • IP Series
  • 21400 Appliance
  • Security Management
  • Multi-Domain Security Management
  • Identity Awareness
  • IPS
  • DLP
  • Mobile Access / VPN
  • SecurePlatform / Gaia
  • Gaia Dynamic Routing
  • SecurePlatform Dynamic Routing
  • Security Gateway 80
  • PerformancePack / SecureXL
  • Policy Server
  • SmartView Tracker
  • SmartView Monitor
  • SmartDashboard
  • SmartEvent / Eventia Analyzer / SmartReporter
  • SmartProvisioning
  • ClusterXL
  • VoIP
  • SNMP
  • SSL Network Extender
  • Anti-Virus
  • VPN
  • Anti-Malware

 

ID Symptoms Integrated In
General and Installation
01048259 If you upgrade from R75.40 with fox_hf_ha40_057 or foxx_hf_ha40_066 hotfixes, installation will stop with errors. Uninstall the hotfixes and then install this release. -
00944702 If an R75.40 Windows machine to be upgraded to R75.45 release already has a hotfix or HFA installed prior to R75.40, the crs.xml file must be deleted manually, if it exists.
For example, if the hotfix is for FireWall on Windows, crs.xml can be in: C:\WINDOWS\FW1\R75.40\FW1\conf\crs.xml		 R76
00733220 Upgrade on a Solaris platform completes with error. If you deployed a Security Gateway 80 with the IPS blade enabled, update the IPS database on these appliances.
Otherwise you can safely ignore this error.		 R75.47
01040038 After upgrading to R75.45 on SecurePlatform OS, the Boot Menu incorrectly shows "Check Point SecurePlatform R75.40". -
01069487 On Security Management server running on Windows OS, the migrate export command fails with plugin error.
Refer to sk86804.		 R75.46,
R76
01080475,
01078173		 Connection with SmartDashboard to freshly installed R75.45 SecurePlatform Security Management Server fails with 'Unable to get idle-time workstation locking policy' error.
Refer to sk111293 (Scenario 5).		 R75.46,
R76
01103093 The smartlog_server process crashes if a log does not have action. R75.47
01105053,
01148236,
01106061,
01130956		 Output of 'cpstat -f all ha' command shows VLAN interfaces without the VLAN ID in the 'Cluster IPs table'.
Refer to sk93210.		 R77.10
01104997,
01109975,
01109976,
01109977		 ICMP packets are dropped on Multi-Portal real ports implied rule with "Reason: Rulebase drop - rule 0;" error. R75.47,
R77
01119817,
01122448,
01122449,
01122450		 Many of "psl_get_tmpl_opaque_ref: tmpl_data is NULL" messages in /var/log/messages file. R75.47,
R77
01128050 After upgrade to R75.45, 'Version & Blade Updates' status in SmartDomain Manager changes to "Needs Attention". -
01134295,
01138530,
01138718		 SmartLog server does not function correctly when different gateways perform a simultaneous log switch. R75.47,
R77
01140369,
01140437,
01140438		 "Process DLPU_0 isn't monitored by cpWatchDog. Stop request aborts" errors in $CPDIR/log/cpwd.elg file when DLP blade is disabled. R75.47
01144219,
01144565,
01144566,
01189318,
01150992,
01144284,
01146802,
01168628		 SmartView Tracker shows incorrect logs after upgrade to R75.x. Symptoms of this issue include, but are not limited to:
  • Wrong interface name is shown on logs
  • Source / Destination / Origin fields show wrong information
  • NAT is being logged as performed, while it is not
  • Identity Awareness shows irrelevant IP addresses
  • Services are shown with the wrong port
Refer to sk72160.		 R75.47
01176835,
01177121,
01177120,
01177119,
01177118		 Policy installation fails after several months of uptime of Security Gateway with enabled Traditional Anti-Virus.
Refer to sk93189.		 R77.10
FireWall
01229302,
01231052,
01231207,
01231208,
01231209,
01231210		 RPC packets for NFS mounts ("Dump Call") are dropped on 'rule 0 - implied rules'.
Refer to sk95109.		 R77.10
00942327,
01224452,
01224455,
01221978,
01199049,
01224454,
01200848,
01215728,
01224451		 Memory usage constantly increases on Security Gateway without results from memory leak detection procedure (sk35496).
Refer to sk95008.		 R76
01254114,
01259439,
01259441,
01259442		 The values of RAD debugging environment variables 'CP_RAD_ELG_FILE_NUM' (controls the number of rotated debug output files) and 'CP_RAD_ELG_FILE_SIZE' (controls the size of each debug output file) are not applied - RAD debug ('rad_admin rad debug on all') runs with default values of 10 output debug files with maximal size 20 MB for each file.
Refer to sk95889.		 R77.10
01292768,
01310693,
01310694,
01310695;
01305054,
01310696,
01310697,
01310698		 'fw sam' command fails to process the SAM rule with "sam: Name_of_GW_Object (FW_Index/FW_Total) ... failed 'Syntax of SAM rule' processing" error.
Refer to sk97306.		 R77.20
01322955,
01323223,
01323225,
01339025,
01404871		 Specific traffic is dropped by Security Gateway, although it should be accepted by the relevant security rule because in FireWall rulebase, the Service may be evaluated before evaluating the Source or the Destination.
Refer to sk97876.		 R77.20
00909368,
00912734,
01111227,
01308749,
01433278,
01438761

Policy installation / fetch on Security Gateway R75.40 / R75.40VS fails with the following possible errors in SmartDashboard:

  • Load on Module failed - no memory
  • Load on Module failed - failed to load Security Policy
Refer to sk101875.		 R75.45
01264866,
01298649,
01302539,
01313949,
01316687,
01399331,
01482998,
01487264;
01284461,
01316702,
01317454,
01483000
 FWD process on Security Gateway might crash during heavy traffic load when traffic is logged with packet capture.
Refer to sk98326.
 R77.10
Automatic Software Updates
01045889 If you use Gaia Automatic Software Updates to uninstall R75.45, you must reboot the machine after the uninstall. -
01045667 During installation on Gaia through Software Updates, if you see error messages such as "Unable to connect" or "Failed to acquire the lock", click 'OK' and ignore the message. -
01051080 On a Multi-Domain Security Management Server, if the FWM daemon of some Domain Management Server does not start after installation or uninstallation of R75.45, you must run these commands:
  • [Expert@HostName]# mdsstop
  • [Expert@HostName]# mdsenv
  • [Expert@HostName]# rm -i $FWDIR/conf/install_manager/ConversionScheme.conf
  • [Expert@HostName]# mdsstart
-
01038950 If you install R75.45 with Gaia Automatic Software Updates, Gaia Portal loses connectivity. Workaround: configure the Gaia Portal to work on a port other than 443 (HTTPS).

To change the Gaia Portal port:

  1. In SmartDashboard, edit the Security Gateway object.
  2. In the left pane, go to 'Platform Portal'.
  3. In the 'Main URL' field, add a port other than 443 at the end of the URL. For example, "url:4434".
R75.46
00985443 With Gaia Automatic Software Updates on Multi-Domain Security Management environment, if the DAService terminates on error or after reboot, the DAService does not restart automatically.
Workaround: Create a watch-dog script that runs this command: /opt/CPda/bin/DAService		 R75.47
IP Series
00953969 When an IP Series appliance is upgraded to R75.45, this error shows and can be ignored: "Global Params logs send output". -
01014565 During installation of R75.45 Gaia on IP Series appliances, if you run a backup, the size of the backup file is incorrectly reported for file sizes smaller than 1 MB. -
21400 Appliance
01011236 To upgrade a 21400 appliance from R75.40 to R75.45 with the new SAM and Acceleration-ready card:
  1. Make sure the new card is not installed in the appliance.
  2. Upgrade to R75.45.
  3. When prompted to reboot, halt the appliance and power off.
  4. Insert the new SAM and Acceleration-ready card.
  5. Power on the appliance.
-
Security Management
01075154,
01076096		 On Security Management server running on Windows OS, Scheduled IPS update does not work. To get a fix for for this issue - contact Check Point Support. R75.46
01092599 "Security Management Server" tab disappears from SmartView Monitor after upgrade. R77.10
01134659,
01134688		 FWM process crashes when creating a Database Revision. R75.47
01139848,
01147896,
01147897,
01147898,
01172770,
01178697		 "Administrator failed to log in: No SIC error message" error in SmartView Tracker for "Unknown" type Application log when working with Tufin Admin Login.
Refer to sk92749.		 R75.47,
R77
01146319,
01147350		 Administrator user created via 'cpconfig' on Security Management Server, is not synchronized to the peer Security Management Server in Management HA deployment.
Refer to sk92736.		 R75.47,
R77
01175810 cache_max_hash can be configured over the limit applied in the kernel. R75.47
01348430,
01349217,
01349223		 Cannot perform "Change to Active" action - getting the message "Read/Write Client is currently logged in". -
01395422,
01396110		 Policy installation fails with "Operation incomplete due to timeout" error. 
Refer to sk109236 - Scenario 5.		 -
01428990,
01430845		 Services with defined source port "hides" other services with same destination port in the resolving stage.
Refer to sk101526.		 -
Multi-Domain Security Management
00948225 To uninstall R75.45, you must de-activate all Plug-ins on all Domains. R75.47
00951624,
00931523		 On appliances running Gaia and SecurePlatform, Domain Management Server logs are created on '/var/opt/' partition. To fix the logs path, refer to sk83601. -
00899202 'mds_restore' operation fails on Multi-Domain Security Management Server R75.40.
Refer to sk72080.		 -
01057689,
01060351,
01082199,
01060350		 The settings in '$MDSDIR/conf/mds_exclude.dat' file do not work on mds_backup on Multi-Domain Security Management after upgrade to R75.45.
Refer to sk86880.		 R75.46,
R76
01073424,
01073805,
01073807		 Cannot synchronize Primary Domain Management Server with Secondary Domain Management Server.
Refer to sk88260.		 R75.46
01145108,
01145254,
01147351,
01147352		 SmartView Tracker 'Management' log shows false positive log in failures (from MDS and from Domains):
Application: Unknown
Subject: Administrator Login
Operation: Log In
Status: Failure
Type: Log
General Information: Administrator failed to log in: No SIC error message 		R75.47,
R77
01212431 When modifying Multi-Domain Security Management administrator, the admin name is not logged in SmartView Tracker. R77.10
Identity Awareness
01102355,
01105215,
01105140,
01105141		 Deploying the MSI package of Identity Agent using GPO rule fails with error
"Please uninstall the Identity Agent from the Control Panel.
Changing the Identity Agent from "Light" To "Full" or from "Full" to "Light" requires manual uninstall."		 R75.47
01120887,
01151005,
01182310,
01122006,
01278209,
01278786,
01201177,
01166831,
01194285,
01203517,
01123051,
01122007		 In Identity Awareness environment with identity sharing, identities created by a local Security Gateway that are on the same 32/28 network as identities created by a remote Security Gateway might be lost in rare occassions. R75.47,
R77
01126910,
01129631,
01129632,
01129633		 When Identity Awareness is running with both AD query and Identity or Multi User Host Agents as identity sources, the agents might ocassionally disconnect with "Invalid Session" message. R75.47
01142084,
01144092,
01144093,
01144094		 When checking the box "Assume one user per machine", multiple users appear on the same machine (when running 'pdp m a' command). -
01149718,
01154248,
01154249,
01154250		 Identity Awareness Terminal Server agent creates a lot of unneccessary Windows event logs stating that the agent is connected. R75.47
01139670,
01146357,
01148529,
01150390,
01150391		 Numer of connection attempts the Identity Awareness agent performs before assumed disconnected, cannot be configured. R75.47
01184550 SmartView Monitor shows incorrect messages and severities regarding PDP disconnections from PEP. R75.47,
R77
01187267,
01195807,
01195808,
01195809,
01219367,
01324051		 Cluster status change notifications causing redundant ADLOG reconf leading to AD Query outage.
Refer to sk98015.		 R77.10
01190458,
01196002,
01196003,
01196004		 Identity Awareness AD Query cannot utilize more than 100 Domain Controllers at once.
Refer to sk93753.		 R77.10
01482431,
01488228,
(01462099,
01462099,
01482518)		 Unable to install policy with URLF enabled.
Refer to sk103048.
IPS
01140621,
01145008,
01140826		 Citrix traffic is dropped by IPS with log 'Citrix Enforcement Violation' when Security Gateway is running Gaia OS with 64-bit kernel.
Refer to sk92720.		 R75.47,
R77
01265930,
01266343,
01301002,
01266341,
01266342,
01343010,
01344720,
01352201,
01360416		 Security Gateway might crash when IPS blade is enabled.
Refer to sk96046.		 R77.10
DLP
01169344,
01165147		 Data type is not recognized when sending e-mail using OWA 2007 or BlackBerry when the forbidden words exist in the end of the e-mail body. R75.47,
R77
01339010,
01370246		 "Message to User: An error has occurred while processing this DLP message" Alert log in SmartView Tracker when processing AutoCad files.
Refer to sk98310.		 -
Mobile Access / VPN
01071316,
01071534,
01071535,
01071536		 Login to File Share with comma (,) in the password is not possible.
Refer to sk88500.		 R75.46,
R76
01076012,
01076131,
01076130		 HTTP cookies are not sent during NTLM negotiation. To get a fix for for this issue - contact Check Point Support. R75.46,
R76
01109172,
01110840,
01110841,
01110842		 Client fails to connect with error "SSL initialization failed" if local network overlaps with encryption domain. R75.47
01076453,
01118443,
01118444		 iOS location awareness gets incorrect result from the cluster due to inability to locate the connection. R75.47,
R77.10
01153364,
01153846,
01153847,
01153848,
01153956		 Mobile Access portal main page is inaccessible ((HTTP 403 error) in cluster when both Anti-Virus and Trace IP are enabled. R75.47
01190814 New applications that require approval incorrectly display MD5 warning dialog:
The server presented a certificate that uses a security method vulnerable to forgeries.
The authenticity of this server cannot be guaranteed.
You are advised to contact your system administrator before continuing.
Related limitation - 01190171.		 R77.10
01190171 On 64-bit machines, Web Applications in SNX incorrectly prompt for approval - the user is prompted to approve the application when user attempts to launch it.
Related limitation - 01190814.		 R77.10
01340539, 01369908, 01399801, 01580949, 01581562, 01592300

Some Remote Access users are not able to connect to large Remote Access VPN Communities:

  • Some Remote Access VPN clients are not able to connect.
  • Some Remote Access VPN clients might be disconnected seconds after they connect.
Refer to sk105181.		 -
SecurePlatform / Gaia
01074110,
01074448,
01074450		 ClusterXL does not advertise BGP routes to Cisco router when configuring Cisco Loopback interface as neighbor IP address.
Refer to sk89580.		 R75.47
01085766,
01087654,
01087655		 "xpand: Failed to read Fan sensors" error in /var/log/messages file. R75.46
01089240,
01092306,
01092307		 Restore from remote backup file fails when user name contains illegal characters. -
01092659 RouteD asserts with "mfc_ifl != ((void *)0)" errors in in /var/log/messages after passing Multicast traffic in PIM Sparse-Mode. R77
01103609,
01159207		 TCP Segmentation Offload (TSO) is reenabled on some Fiber 10GB interfaces after changing MTU or RX/TX ring size. R75.47
01111060 Load configuration from a file with more than 500 VLANs fails in clish - due to timeout. -
01110134,
01111100,
01111099,
01204815,
01452594		 VTI interface does not work on machine with CPU that does not support PAE.
Refer to sk92320.		 R75.47
01079779,
01080986,
01080987,
01113053		 Running 'show /configuration' command in clish on Gaia OS results in 'Segmentation Fault' crash.
Refer to sk90142.		 R75.46,
R76
01115145,
01073911,
00915833		 Excessive memory utilization by /bin/confd daemon on Gaia OS (when SNMP monitoring is enabled).
Refer to sk91081.		 -
01142296,
01142342,
01142343,
01142344		 Backup files created on Gaia OS running on Check Point appliances, are stored in '/var/' instead of '/var/log/'. R75.47
01147025 The sshd configuration option MaxAuthTries from openssh 3.9p1 does not exist on SecurePlatform OS. R77.10
01149077,
01150321,
01150322,
01150323		 All default routes in Gaia are deleted when running multiple PPPoE tunnels and one PPPoE tunnel disconnects. R75.47,
R77.10
01149080,
01150324,
01150325,
01150327		 Multiple PPPoE tunnels with same peer address cause RouteD daemon to exit on Gaia. R75.47
01152669,
01152708,
01152709,
01152710		 Restoring a Backup, created on the same server, fails. R75.47
01165593,
01165760,
01165762		 Proxy ARP in Gaia VRRP cluster does not function properly. When many interfaces are configured in the VRRP (~50), the /proc/net/varp file became corrupted and sometimes crashes the machine. R75.47
01165087,
01168113,
01184448,
00265998,
00265666,
01303434,
01299367,
01294060,
01294058,
01253308,
01234812,
01184448		 Large number of VRRP backup addresses causes confd and searched processes to consume the CPU at 100% for a long time on every configuration change in VRRP Simplified Mode cluster running on Gaia OS.
Refer to sk92926.		 -
01168228,
01166969		 When running 'show backup-scheduled backup_file_name' command, Clish crashes with: 
*** glibc detected ***
Backtrace:
/lib/libc.so.6(cfree+...)
/usr/lib/libcli.so(freeStringArr+...)
/usr/lib/cli/lib/libcli_backup.so
/usr/lib/cli/lib/libcli_backup.so(sched_backup_show+...)
Refer to sk113266.		 R76,
R77.10
00981634,
00982105,
00982109,
01118403		 Syslogd messages in Gaia in /var/log/messages:
  • syslogd: sendto: Invalid argument
  • syslogd: sendto: Bad File Descriptor
  • syslogd: sendto: Connection refused
Refer to sk83160.		 -
01049568 PPPoE username with leading "0" (zero) is not saved correctly on Gaia OS.
Refer to sk86400.		 R76
01175025,
01175446,
01175447,
01175448,
01345796		 VLAN interfaces created on top of Bond interface are shown in Gaia Portal as 'No Link'.
Refer to sk98288.		 -
01200927,
01201131,
01201132,
01201133,
01294356,
01470743
 Backup in SecurePlatform WebUI / Gaia Portal via FTP fails with 'User name contains illegal characters' error when user account contains hyphen ("-") sign.
Refer to sk104104.		 R77.10
00264327,
00264364,
01183780,
01195653		 VRRP cluster member freezes when removing a VLAN from a VRID configuration and error 'kernel: unregister_netdevice: waiting for VLAN_NAME to become free. Usage count = 1' appears repeatedly on console and in /var/log/messages.
Refer to sk93544.		 R77.10
01249275 CVE-2010-5107 describes a situation in which an attacker creates a DOS attack by preodically making many new TCP connections. R77.10
01259785,
01262879,
01266337,
01266339		 When running 'show configuration syslog' command, Clish crashes with a core dump file. R77.10
01324168,
01324205,
01338524		 Global password policy is getting enforced for users configured with key based authentication.
Refer to sk98082.		 -
01400893, 01401536, 01406408, 01521366
 Hosts connected to a Gaia machine with enabled DHCP Server do not receive IP addresses. 
Refer to sk100545.		 -
01469747  Cannot load VTI interface on R75.40.
Refer to sk102425.		 -
01529412, 01529627, 01560695, 01562794
 Slow traffic / traffic latency through RuggedCom Appliance due to issues with the RealTek NIC driver R8169.
Refer to sk103890.		 -
01528042,
01529079		 Backup output file is not saved in correct folder on SecurePlatform.
Refer to sk103891.
00936369,
01101532,
01144505,
01294484,
01526458;
01547769,
01550478
 Gaia Portal crashes with error "Unable to connect to the server. Press OK to reconnect." when TACACS / RADIUS user with adminRole privileges changes "Roles" settings (change/add a role) in Gaia Portal.
Refer to sk91420.		 -
00935189, 00935303, 01075844, 01090386, 01160985, 01180805, 01186421, 01342226, 01456153;
00956291, 00956369, 01082333, 01105026, 01186598, 01342210, 01456165;
01399215, 01401007, 01452067, 01475275, 01595558, 01597357, 01599477

/var/log/messages file on Security Gateway running Gaia OS and SmartView Tracker logs from Security Gateway running Gaia OS repeatedly show the following messages about Hardware Sensors:

  • Several times per second in /var/log/messages file:
    xpand[PID]: Sending request to System Interface
    xpand[PID]: The max bit is 0 value is 0 max is 0.000000
    xpand[PID]: The min bit is 0 value 0 min is 0.000000

  • Every minute:
    xpand[PID]: Note: no Name_of_Sensor sensors

Refer to sk79140.		 R77.20
Gaia Dynamic Routing
- IPv6 Router Discovery is not supported on ClusterXL. IPv6 Router Discovery can be used only with the VRRP clustering solution, or on single Security Gateway. -
01138574,
01139359,
01139366,
01139368,
01139369		 Changing OSPF route redistribution metric for a route with overlapping subnet can cause an extra LSA to be added to the database. R75.47,
R77.10
01104528,
01106641,
01106643		 Some of the Dynamic Routing features fail after upgrading from IPSO IP Clustering to Gaia OS.
Refer to sk92140.		 R75.47
01155071,
01159027,
01159028,
01159029		 On Gaia, static routes through a PPPoE tunnel are missing if PPPoE tunnel is recreated. R75.47,
R77.10
01183320 In Gaia Advanced VRRP, cannot create two interfaces for the same VRID. R77
01217365,
01226674		 In ClusterXL, when multiple interfaces are used for OSPF, and the same interface is disconnected on both cluster members, OSPF Hello messages might not be sent on the other OSPF interfaces from the member that is in 'Active Attention' state.
Refer to sk95246.		 -
01355732 Standby member crash when with PIM is configured with more than 20 OIFs. -
00891805, 01868791, 01868975
 'ip rule list' command on Gaia OS shows duplicate PBR rules.
Refer to sk109101.		 R75.40VS,
R76 
SecurePlatform Dynamic Routing
01215441 GateD daemon does not support forcing an Ethernet interface to work as a Point-to-Point interface for OSPF. -
Security Gateway 80
01085131,
01085257		 $FWDIR/conf/masters file disappears when upgrading Security Gateway 80 from R71.40 to R71.45 -
01173995,
01182537,
01182538,
01182539		 Cannot import XML license file for Security Gateway 80 in R75.45 R77
PerformancePack / SecureXL
01088382,
01088433,
01088434
  • SecureXL does not start on the Backup member of VRRP cluster after reboot.
  • Output of "fwaccel stat" command shows:
    Accelerator Status : off by Firewall (too many general errors (NUMBER) (caller: Name_of_Function)).
Refer to sk100467 (Scenario 4 - "SecureXL does not start on the Backup member of VRRP cluster after reboot").		 R75.46,
R76
01115708,
00263356,
00263358		 When SecureXL is enabled, errors are displayed and then gateway reboots.
Errors:
SIM: sim_db_get_conn: Error !!! connection <...> already freed
drv_write_lock: already locked. name = CI, current = simtcp_validate_tcp, previous = NONE, level=0		 -
01336995,
00265456,
00266019,
00266053,
01341519,
01364424,
01364425,
01365920,
01399776
 IPS protection "Sequence Verifier" drops legitimate packets when SecureXL is enabled.
Refer to sk98830 		R77.20
Policy Server
01094096,
01094287		 The dtls process crashes frequently. -
SmartView Tracker
01252725,
01253838,
01264516,
01272579,
01287312,
01294564,
01306386,
01306996
  • The 'Origin' column in SmartView Tracker logs (on 'Network & Endpoint' tab) always shows the Security Gateway's object name instead of its IP address even though the 'abc' button (Resolve IP) in the Query Toolbar is un-pressed (i.e., IP addresses are not resolved).

  • Filtering the logs by Security Gateway's object name in the 'Origin' column does not work.
Refer to sk95974.		 R77.10
SmartView Monitor
00957381 Exporting historical data fails with "An invalid argument was encountered" error message. R75.47,
R76
01350069,
01351236,
01351234		 'cpstat os -f routing' command and SmartView Monitor show nexthop as 0.0.0.0 -
SmartDashboard
01090393,
01116279,
01116278		 SmartDashboard might hang when clicking on 'OK' in cluster Topology dialog with many interfaces defined. R75.47
01117384,
01120540,
01120541		 Follow up comment changes for IPS protections are not saved when right-clicking a protection and selecting "Edit follow up comment". R75.47,
R77.10
01122870,
01127319,
01127320,
01127338		 When on SmartConsole Windows OS machine font is set to 125% (in Control Panel -> Display -> Medium (125%) ), checkboxes of gateway machines disappear from the policy installation dialog. When attempting to install policy you may receive the error pop-up "No Machines Eligible for Installation". -
01124725,
01132295,
01132296,
01132297		 In some conditions the Edge status shows 'OK' on the 'Devices' menu although it is not connected. -
01133149,
01133696,
01133695,
01133694,
01136114,
01136039		 SmartDashboard crashes when editing a Group Object or an Address Range Object that was just cloned.
Refer to sk92632.		 R75.47,
R77
00943814 When downloading the 'R75.45 SmartConsole' package from R75.45 Security Management Server via SecurePlatform WebUI / Gaia Portal, the SmartConsole package that will be downloaded is actually 'R75.40 SmartConsole'.
Refer to sk91582.		 R75.47
SmartEvent / Eventia Analyzer / SmartReporter
01139635 'cpstat cpsead' command does not display more than 100 jobs. R75.47,
R77
01151049,
01151537,
01151538,
01151539		 'cpstat cpsead' command does not print anything. R77.10
01161276,
01161946,
01161948,
01161949		 Error appears repeatedly for SmartReporter/SmartEvent in Windows Event Viewer - Application log:
Source: PostgreSQL
Event ID: 0
ERROR: schema "mysq" does not exist
STATEMENT: delete from mysql.user where host='build' or user = 'PUBLIC'.
Refer to sk92862.		 R75.47,
R77.10
01162270,
01164514,
01164515,
01164516		 SmartReporter cannot generate a report in PDF format. R75.47,
R77,
R77.10
01161276,
01161948,
01239460,
01161946,
01244974,
01161949,
01244126;
01168703,
01171253,
01251118,
01171252,
01171251		 The following errors appear repeatedly for SmartReporter/SmartEvent in Windows Event Viewer - Application log:

  • Source: PostgreSQL
    Event ID: 0
    ERROR: schema "mysql" does not exist
    STATEMENT: delete from mysql.user where host='build' or user = 'PUBLIC'

  • Source: PostgreSQL
    Event ID: 0
    ERROR: column "sam_int_domain_name" does not exist at character X
    STATEMENT: SELECT SAM_INT_DOMAIN_NAME FROM INT_DOMAIN

  • Source: PostgreSQL
    Event ID: 0
    ERROR: relation "con0X_connections" already exists
    STATEMENT: CREATE TABLE CON0X_CONNECTIONS(...)
Refer to sk92862.		 R75.47,
R77.10
01230042,
01261419,
01261420,
01261421		 The following errors appear repeatedly for SmartReporter/SmartEvent in Windows Event Viewer - Application log:

  • Source: PostgreSQL
    Event ID: 0
    ERROR: syntax error at or near "s" at character N
    STATEMENT: SELECT * FROM Attack_Info WHERE Attack_Info_code = 14928 OR
    Attack_Info_name='Connections table's denial of service prevention mechanism'

  • $RTDIR/log_consolidator_engine/<IP_Address>/lc_rt.log file shows repeatedly: [LogConsolidator] Error:'ATTACK_INFO' - can not set field's value
    [LogConsolidator] Warning:failed to process current Log record (FileName:fw.log, FileID:..., Pos:...)
    [LogConsolidator] Error:failed to insert ATTACK_INFO inter_code data (Connections table's denial of service prevention mechanism) into table
    [LogConsolidator] :ERROR: syntax error at or near "s"
    LINE 1: ...de = 37727 OR Attack_Info_name='Connections table's denial o...
                                                                 ^
Refer to sk95891.		 R77.10
01213537,
01216284,
01216285		 5 gateways extension license 'CPSM-SM-5' does not add 5 additional managed SmartReporter gateways as it should. R77.10
01288611,
01288869,
01288868,
01288870,
01293702		 SmartReporter report does not show expected data.
DataBase error 'value too long for type character varying(100)'.		 -
01339272,
01339953,
01339952		 Country filter in SmartEvent returns empty for countries with apostrophe, such as Cot'e Divor. -
01340359,
01340537,
01340644		 Network Activity by Date showing duplicate week entries. -
SmartProvisioning
01201231,
01202498		 SmartProvisioning GUI connects successfully to Security Management Server, but it does not display any devices.
Refer to sk93984.		 -
ClusterXL
01079289,
01103133,
01081270,
01086900,
01095303,
01081271,
01089476,
01081272,
01101130		 Non-Pivot cluster member on 21400 appliances drops the packets without any log when VMAC is enabled.
Refer to sk89321.		 R75.46,
R76
01174253,
01175165,
01175166,
01175167,
01177475,
01187610,
01198641,
01202117,
01209940,
01248754,
01352098,
01363848		 No traffic passes through ClusterXL in High Availability mode when proxy is enabled.
Refer to sk93247.		 R75.47,
R77
01188513,
01191042,
01191043		 Proxy ARP addresses of the NATed hosts are erased on the Gaia VRRP Master member from the Check Point ARP Kernel table 'arp_table' (output of 'fw ctl arp' command returns 'No proxy ARP entries') after fail-over and fallback.
Refer to sk93534.		 R75.47,
R77.10
01208645,
01208853,
01208854		 IGMP packets generated by cluster members running on Gaia OS are dropped by the cleanup rule.
Refer to sk94405.		 R77.10
VoIP
01154896 'SIP 100 trying' is dropped when the connection destination port is not 5060 and NAT is used. R77.10
SNMP
01166621 SNMPv3 with USM 'authentication' configuration does not survive reboot on Gaia OS.
Refer to sk92937.		 R75.47
00266607, 00265491, 01407756 SNMP trap: VRRP master/backup transition is missing.
Refer to sk82060.		 -
01466901,
01467051		 SNMP functionality on Gaia machine breaks intermittently (stops answering SNMP Queries, stops sending SNMP Traps).
Refer to sk102271.		 -
SSL Network Extender
01206930,
01212882,
01212883,
01212884		 Trust fails when package path includes Korean characters. R77.10
01432574,
01432727		 The SNX connection from command line "snx -l <CA_Dir> -s <Server>" fails with "SNX: Authentication failed" when authenticating with a user certificate.
Refer to sk101588.		 -
Anti-Virus
01177282,
01182583,
01294565,
01294566		 Traditional Anti-Virus inspects files although it should not according to configuration.
Refer to sk98715.		 R77
VPN
01633902,
01635234		 After upgrade from R75.40 to R77.10 Endpoint Connect users can no longer connect to other R75.40/R75.45 gateways. Refer to sk105859 -
Anti-Malware
01322972,
01363510		 Unable to install policy with Anti-Bot enabled.
Refer to sk101505.		 -

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment