Support Center > Search Results > SecureKnowledge Details
R71.50 Resolved Issues Technical Level

This article lists all of the issues that have been resolved in R71.50.

For more information on R71.50 see the R71.50 Release Notes, R71.50 home page and R71.50 Known Limitations.

To see if an issue has been fixed in other releases, search for the issue ID in Support Center.

Visit our discussion forums to ask questions and get answers from technical peers and Support experts.
Popular forums:

Table of Contents

  • Firewall
  • Security Management Server
  • SmartDashboard
  • IPS and Web Security
  • Multi-Domain Security Management Server
  • SmartEvent
  • SmartReporter
  • SmartProvisioning
  • SmartView Monitor and SmartView Tracker
  • Mobile Access / Clientless VPN
  • VPN
  • SecurePlatform
  • VoIP
  • Cluster XL
  • SecureXL
  • QoS
  • Security Gateway 80
  • Platform Specific - Solaris
ID Symptoms
00771490 Multiple DCE-RPC handler issues.
00635514 On IPSO, when the Virtual IP address of a VLAN interface is not zero, the 'cphaprob -a if' command displays the name of the physical interface instead of the name of the VLAN interface (in the 'Virtual cluster interfaces' section).
00748183 It took several minutes for the 'fw sam -M -nij all' command to generate the output. Refer to sk63662.
00770556 Clientless VPN showed incorrect display of authentication form when CoreXL was enabled.
00661649 Memory leak in kernel.
00741350 Policy installation failed with "Load on Module failed - no memory" error in SmartDashboard due 'vmalloc' memory exhaustion because the table containing the rule name and UID has filled up. Refer to sk101875.
00733481 SNMP query for memory statistics . returned incorrect results. Refer to sk42811.
00754962 The sendmail command failed to send E-mail header information. Refer to sk63988.
00754968 The sendmail command caused a segmentation fault, if the file to read does not exist.
00663563 /var/log/messages file was filled with "FW-1: fwk_get_str_cparam: param rule-N-name buffer too small (40)" error after policy installation because the name of a rule had more than 30 characters. Refer to sk80380.
00638026 When sk25152 was applied, after several policy installations the $FWDIR/database/dynamic_objects.db file was corrupted.
00738186 Received alerts did not trigger a user defined script that was added in SmartDashboard and attached to IPS HTTP DoS attack.
00746573 User Authority or Session Authority sometimes stopped working, possibly due to crash of in.asessiond daemon.
00610787 FWM daemon crashed when installing policy.
00775348 When IPv6 license on the Multi-Domain Security Management Server expired, policies were installed, but not enforced for IPv6 traffic. All IPv6 packets were dropped after the IPv6 license expiration.
00734342 Different crashes when cluster was configured and IPS 'SYN Attack' (SYNDefender) protection was enabled.
00653589 The previous policy name was not shown correctly in SmartView Monitor alerts.
00650471 Memory leak in kernel during certain content inspection conditions.
The "FW-1: fw_kfree: wrong magic number at 0xADDRESS caller is 'fw_xlate_find_all_matches_rm2'" error in /var/log/messages files and on console during policy installation when configuration involves ISP Redundancy and hosts with Static NAT per sk25152. Refer to sk92180.
00759572 E-mails that had an attachment with a long filename were blocked. Refer to sk64261.
00738947 The Anti-Virus in the kernel did not process filenames that ended with a period.
00639460 Time object expiration was late by one minute.
For example, when setting a time object with the parameters "From 20:00" / "To 20:15", the object was active until "20:15:59".
00773856 Root partition on Security Management server is full. $CPDIR/tmp/ directory is filled with files named 'fileXXX' where XXX are alphanumeric characters - e.g., fileCujfTT.... Refer to sk68561.
Security Management Server
The FWM daemon sometimes crashed, possibly due to 3rd Party OPSEC applications.
00734447 Memory leak in the FWM daemon.
00660949 The cma_migrate command did not work correctly for a Security Management server that was exported from a R70.xx, or R71.xx Security Management server.
The Windows clipboard was cleared when SmartDashboard was opened.
Increased the limit of characters that can be entered in a rule comment field from 450 to 2050.
00662024 when connecting to a separate server from the SmartConsole GUI 'Windows' menu, the certificate file path was placed in the "User Name" field instead of the "Certificate" field.
00653834 The "Where Used" window (Search -> Query Network Objects -> Actions -> Where Used) closed when you closed the "Query Network Objects" window. Refer to sk62272.
00656482 In VPN Gateway properties -> Topology -> select the VPN Tunnel Interface (VTI) -> 'Edit...' -> Interface Properties -> 'Topology' tab -> under "Anti-spoofing" -> select "Don't check packets from" - it was not possible to select a specific network.
00763397 The settings in the "Logs and Masters" tab were not always updated when connecting with SmartDashboard to different interfaces of a UTM-1 FUllHA cluster.
00745470 "Topology fetch was incomplete. To make Anti-Spoofing work correctly, accept the results, and then manually edit the topology definitions." error when using the "Topology -> Get" option, and one of the interfaces was naned as "Internal" or "internal".
00746554 Incomplete Audit Log for rule base modifications when using "Save as Policy".
00656996 When opening SmartDashboard in Read-Only mode, you could access "IPSEC VPN -> Advanced", which would cause the system to stall. The "Advanced" button is now unavailable.
00763345 Anti-Spam & Mail tab -> Anti-Spam -> Content based Anti-Spam -> Security Gateway Engine settings -> "Scan only the first" - the field showed an incorrect KB value when closing the window and then returning to it.
00637768 Incorrect warning message was shown in SmartDashboard: "There are more than 1024 objects with address translation".
00752984 SmartDashboard showed incorrect Sync interfaces in the "Topology" window for IPSO IP Clustering members.
00767336 Browsing LDAP group properties in SmartDashboard caused time out issues.
IPS and Web Security
Sex education sites were not classified correctly.
00661055 The IPS 'Cross-Site Scripting' protection notified about the attacks incorrectly.
00644581 If the IPS Blade was disabled, a kernel panic was sometimes caused by a 'fw ctl tcpstrstat -p' command. Refer to sk64540.
Multi-Domain Security Management Server
00775348 When IPv6 license on the Multi-Domain Security Management Server expired, policies were installed, but not enforced for IPv6 traffic. All IPv6 packets were dropped after the IPv6 license expiration.
00759118 Failed to create a new Customer Log Module (CLM) on a new Multi-Domain Log Module (MLM). The CLM object is now added to the CMA database.
Sometimes CPD daemon crashed on Multi-Domain Security Management Server when using Anti-Virus Updates.
GUI crashed when opening Policy -> "Virus Alert" -> right-click "virus Found" -> Properties -> 'Filter' tab.
Selecting specific gateways on the Input tab of a report was not saved when exiting the report and returning to it later.
Failure to open reports from the SmartReporter GUI.
00651663 When multiple sessions are consolidated at the same time, the status incorrectly shows "Aborted".
After installing this release, set the number of seconds to wait between session creation:
cpprod_util CPPROD_SetValue "Reporting Module" "WAIT_BETWEEN_LC" <num seconds to wait>
Incorrect number of profiles in the SmartProvisioning 'Overview' tab was displayed.
IP addresses of Bridge interfaces were not saved correctly when changed in SmartProvisiong -> Bridge Interfaces.
The Time Zone in the Edge Web GUI was not in the correct format.
SmartView Monitor and SmartView Tracker
Incorrect data shown in generated SmartView Monitor reports.
00656753 The SmartView Tracker console closed when right-clicking the current Rule Number.
00760889 "Block HTTP Non Compliant" messages were shown in Smartview Tracker when accessing legitimate websites.
Mobile Access / Clientless VPN
Improved handling of web applications that have hyperlinks with port number.
00764409 If an Alternative Portal was configured, users could access it without encryption after a re-login.
00764523 Login sometimes failed, because of the "Requested URL" feature.
00655353 Sometimes, access to non-main IP addresses of a Connectra R66CM cluster were blocked.
00661151 URL's that start with http:\u002f\u002f were not translated.
00750474 Users could pass the Endpoint Security On Demand check without being compliant.
00769020 CVPND daemon crashed when the first user logged in, if the 'localhost' entry was missing from the /etc/hosts file.
Note that users will not be able to authenticate to the gateway, if this entry is missing.
00737253 Endpoint Security on Demand scan was not performed ipon login, if user previously logged out from SWS in the same browser window.
00650118 Error in the HT link translation of URL's with query that contains another URL.
'Location Awareness' did not work properly with Endpoint Connect when the SSL VPN (Mobile Access) blade was used.
00668679 For overlapping domains, error message was displayed when you selected 'Policy' menu -> 'View...' feature.
00742044 Remote users failed to connect after upgrading to R71, because the "VPN-1 Embedded devices defined as Remote Access" object was added to the groups for queries.
00637128 Tunnel test packets were accepted by the VPN gateway and then sent back to the NATed IP address.
00734387 A crash/reboot sometimes occurred in IPSO Load Sharing cluster after collecting VPN kernel debugs.
00742045 Memory leaks that occurred in certain situations.
00662722 IKE traffic was not encrypted in certain scenarios.
00828722 After upgrading to R71.40 on a UnifiedWall appliance, this error message was shown: "Server error (error code = INITIALIZE_CP_SENSORS_FAILED)". Refer to sk66382.
00663797 The 'fwconn_chain_is_data_conn: get flags failed' message appeared repeatedly in the /var/log/messages files. Refer to sk57540.
00647308 Configuring a large number of VLANs and routes caused a longer boot time. Refer to sk62681.
00647308 Gateway sometimes crashed when IPv6 traffic was processed.
00761989 Firefox browser sometimes refused SecurePlatform WebUI logins, because certificates were getting identical serial numbers.
00746586 MGCP packets (code 100 ; Response Code 100) were dropped due to no status. Refer to sk66295.
00624571 Data connections were dropped, if a rulebase match failed due to the Connection Persistence setting "Keep data connections" that was not enforced.
00259650 SecureXL crashed in certain scenarios.
00820685 When SecureXL is enabled, the gateway experienced instability, if user runs 'cat /proc/ppk/stats' command.
When Floodgate-1 is installed, kernel panic occurred in certain QoS configurations.
Security Gateway 80
Administrator names are validated to not be reserved words: ntp, rpm, root, nobody, pcap.
Platform Specific - Solaris
In cluster environments under specific conditions, a member sometimes crashed.
This solution is about products that are no longer supported and it will not be updated

Give us Feedback
Please rate this document