| ID |
Symptoms |
| Firewall |
| 00771490 |
Multiple DCE-RPC handler issues. |
| 00635514 |
On IPSO, when the Virtual IP address of a VLAN interface is not zero, the 'cphaprob -a if' command displays the name of the physical interface instead of the name of the VLAN interface (in the 'Virtual cluster interfaces' section). |
| 00748183 |
It took several minutes for the 'fw sam -M -nij all' command to generate the output. Refer to sk63662. |
| 00770556 |
Clientless VPN showed incorrect display of authentication form when CoreXL was enabled. |
| 00661649 |
Memory leak in kernel. |
| 00741350 |
Policy installation failed with "Load on Module failed - no memory" error in SmartDashboard due 'vmalloc' memory exhaustion because the table containing the rule name and UID has filled up. Refer to sk101875. |
| 00733481 |
SNMP query for memory statistics .1.3.6.1.4.1.2021.4 returned incorrect results. Refer to sk42811. |
| 00754962 |
The sendmail command failed to send E-mail header information. Refer to sk63988. |
| 00754968 |
The sendmail command caused a segmentation fault, if the file to read does not exist. |
| 00663563 |
/var/log/messages file was filled with "FW-1: fwk_get_str_cparam: param rule-N-name buffer too small (40)" error after policy installation because the name of a rule had more than 30 characters. Refer to sk80380. |
| 00638026 |
When sk25152 was applied, after several policy installations the $FWDIR/database/dynamic_objects.db file was corrupted. |
| 00738186 |
Received alerts did not trigger a user defined script that was added in SmartDashboard and attached to IPS HTTP DoS attack. |
| 00746573 |
User Authority or Session Authority sometimes stopped working, possibly due to crash of in.asessiond daemon. |
| 00610787 |
FWM daemon crashed when installing policy. |
| 00775348 |
When IPv6 license on the Multi-Domain Security Management Server expired, policies were installed, but not enforced for IPv6 traffic. All IPv6 packets were dropped after the IPv6 license expiration. |
| 00734342 |
Different crashes when cluster was configured and IPS 'SYN Attack' (SYNDefender) protection was enabled. |
| 00653589 |
The previous policy name was not shown correctly in SmartView Monitor alerts. |
| 00650471 |
Memory leak in kernel during certain content inspection conditions. |
00732856,
00735281,
00743875,
00788821,
00862119,
00891568,
00893883,
00893885 |
The "FW-1: fw_kfree: wrong magic number at 0xADDRESS caller is 'fw_xlate_find_all_matches_rm2'" error in /var/log/messages files and on console during policy installation when configuration involves ISP Redundancy and hosts with Static NAT per sk25152. Refer to sk92180. |
| 00759572 |
E-mails that had an attachment with a long filename were blocked. Refer to sk64261. |
| 00738947 |
The Anti-Virus in the kernel did not process filenames that ended with a period. |
| 00639460 |
Time object expiration was late by one minute.
For example, when setting a time object with the parameters "From 20:00" / "To 20:15", the object was active until "20:15:59". |
| 00773856 |
Root partition on Security Management server is full. $CPDIR/tmp/ directory is filled with files named 'fileXXX' where XXX are alphanumeric characters - e.g., fileCujfTT.... Refer to sk68561. |
| Security Management Server |
00753435
|
The FWM daemon sometimes crashed, possibly due to 3rd Party OPSEC applications. |
| 00734447 |
Memory leak in the FWM daemon. |
| 00660949 |
The cma_migrate command did not work correctly for a Security Management server that was exported from a R70.xx, or R71.xx Security Management server. |
| SmartDashboard |
00733752
|
The Windows clipboard was cleared when SmartDashboard was opened. |
00770523
|
Increased the limit of characters that can be entered in a rule comment field from 450 to 2050. |
| 00662024 |
when connecting to a separate server from the SmartConsole GUI 'Windows' menu, the certificate file path was placed in the "User Name" field instead of the "Certificate" field. |
| 00653834 |
The "Where Used" window (Search -> Query Network Objects -> Actions -> Where Used) closed when you closed the "Query Network Objects" window. Refer to sk62272. |
| 00656482 |
In VPN Gateway properties -> Topology -> select the VPN Tunnel Interface (VTI) -> 'Edit...' -> Interface Properties -> 'Topology' tab -> under "Anti-spoofing" -> select "Don't check packets from" - it was not possible to select a specific network. |
| 00763397 |
The settings in the "Logs and Masters" tab were not always updated when connecting with SmartDashboard to different interfaces of a UTM-1 FUllHA cluster. |
| 00745470 |
"Topology fetch was incomplete. To make Anti-Spoofing work correctly, accept the results, and then manually edit the topology definitions." error when using the "Topology -> Get" option, and one of the interfaces was naned as "Internal" or "internal". |
| 00746554 |
Incomplete Audit Log for rule base modifications when using "Save as Policy". |
| 00656996 |
When opening SmartDashboard in Read-Only mode, you could access "IPSEC VPN -> Advanced", which would cause the system to stall. The "Advanced" button is now unavailable. |
| 00763345 |
Anti-Spam & Mail tab -> Anti-Spam -> Content based Anti-Spam -> Security Gateway Engine settings -> "Scan only the first" - the field showed an incorrect KB value when closing the window and then returning to it. |
| 00637768 |
Incorrect warning message was shown in SmartDashboard: "There are more than 1024 objects with address translation". |
| 00752984 |
SmartDashboard showed incorrect Sync interfaces in the "Topology" window for IPSO IP Clustering members. |
| 00767336 |
Browsing LDAP group properties in SmartDashboard caused time out issues. |
| IPS and Web Security |
00662527
|
Sex education sites were not classified correctly. |
| 00661055 |
The IPS 'Cross-Site Scripting' protection notified about the attacks incorrectly. |
| 00644581 |
If the IPS Blade was disabled, a kernel panic was sometimes caused by a 'fw ctl tcpstrstat -p' command. Refer to sk64540. |
| Multi-Domain Security Management Server |
| 00775348 |
When IPv6 license on the Multi-Domain Security Management Server expired, policies were installed, but not enforced for IPv6 traffic. All IPv6 packets were dropped after the IPv6 license expiration. |
| 00759118 |
Failed to create a new Customer Log Module (CLM) on a new Multi-Domain Log Module (MLM). The CLM object is now added to the CMA database. |
00738573
|
Sometimes CPD daemon crashed on Multi-Domain Security Management Server when using Anti-Virus Updates. |
| SmartEvent |
00649027
|
GUI crashed when opening Policy -> "Virus Alert" -> right-click "virus Found" -> Properties -> 'Filter' tab. |
| SmartReporter |
00762648
|
Selecting specific gateways on the Input tab of a report was not saved when exiting the report and returning to it later. |
00645025
|
Failure to open reports from the SmartReporter GUI. |
| 00651663 |
When multiple sessions are consolidated at the same time, the status incorrectly shows "Aborted".
After installing this release, set the number of seconds to wait between session creation:
cpprod_util CPPROD_SetValue "Reporting Module" "WAIT_BETWEEN_LC" <num seconds to wait> |
| SmartProvisioning |
00649030
|
Incorrect number of profiles in the SmartProvisioning 'Overview' tab was displayed. |
00646045
|
IP addresses of Bridge interfaces were not saved correctly when changed in SmartProvisiong -> Bridge Interfaces. |
00649933
|
The Time Zone in the Edge Web GUI was not in the correct format. |
| SmartView Monitor and SmartView Tracker |
00755032
|
Incorrect data shown in generated SmartView Monitor reports. |
| 00656753 |
The SmartView Tracker console closed when right-clicking the current Rule Number. |
| 00760889 |
"Block HTTP Non Compliant" messages were shown in Smartview Tracker when accessing legitimate websites. |
| Mobile Access / Clientless VPN |
00735808
|
Improved handling of web applications that have hyperlinks with port number. |
| 00764409 |
If an Alternative Portal was configured, users could access it without encryption after a re-login. |
| 00764523 |
Login sometimes failed, because of the "Requested URL" feature. |
| 00655353 |
Sometimes, access to non-main IP addresses of a Connectra R66CM cluster were blocked. |
| 00661151 |
URL's that start with http:\u002f\u002f were not translated. |
| 00750474 |
Users could pass the Endpoint Security On Demand check without being compliant. |
| 00769020 |
CVPND daemon crashed when the first user logged in, if the 'localhost' entry was missing from the /etc/hosts file.
Note that users will not be able to authenticate to the gateway, if this entry is missing. |
| 00737253 |
Endpoint Security on Demand scan was not performed ipon login, if user previously logged out from SWS in the same browser window. |
| 00650118 |
Error in the HT link translation of URL's with query that contains another URL. |
| VPN |
00668256
|
'Location Awareness' did not work properly with Endpoint Connect when the SSL VPN (Mobile Access) blade was used. |
| 00668679 |
For overlapping domains, error message was displayed when you selected 'Policy' menu -> 'View...' feature. |
| 00742044 |
Remote users failed to connect after upgrading to R71, because the "VPN-1 Embedded devices defined as Remote Access" object was added to the groups for queries. |
| 00637128 |
Tunnel test packets were accepted by the VPN gateway and then sent back to the NATed IP address. |
| 00734387 |
A crash/reboot sometimes occurred in IPSO Load Sharing cluster after collecting VPN kernel debugs. |
| 00742045 |
Memory leaks that occurred in certain situations. |
| 00662722 |
IKE traffic was not encrypted in certain scenarios. |
| SecurePlatform |
| 00828722 |
After upgrading to R71.40 on a UnifiedWall appliance, this error message was shown: "Server error (error code = INITIALIZE_CP_SENSORS_FAILED)". Refer to sk66382. |
| 00663797 |
The 'fwconn_chain_is_data_conn: get flags failed' message appeared repeatedly in the /var/log/messages files. Refer to sk57540. |
| 00647308 |
Configuring a large number of VLANs and routes caused a longer boot time. Refer to sk62681. |
| 00647308 |
Gateway sometimes crashed when IPv6 traffic was processed. |
| 00761989 |
Firefox browser sometimes refused SecurePlatform WebUI logins, because certificates were getting identical serial numbers. |
| VoIP |
| 00746586 |
MGCP packets (code 100 ; Response Code 100) were dropped due to no status. Refer to sk66295. |
| ClusterXL |
| 00624571 |
Data connections were dropped, if a rulebase match failed due to the Connection Persistence setting "Keep data connections" that was not enforced. |
| SecureXL |
| 00259650 |
SecureXL crashed in certain scenarios. |
| 00820685 |
When SecureXL is enabled, the gateway experienced instability, if user runs 'cat /proc/ppk/stats' command. |
| QoS |
00646097
|
When Floodgate-1 is installed, kernel panic occurred in certain QoS configurations. |
| Security Gateway 80 |
00845118
|
Administrator names are validated to not be reserved words: ntp, rpm, root, nobody, pcap. |
| Platform Specific - Solaris |
00659037
|
In cluster environments under specific conditions, a member sometimes crashed. |
Visit our 