This Hotfix package installs important updates for R75.40 Security Management servers or Security Gateways.
This Hotfix is incorporated into R75.45.
Table of Contents
Installing R75.40 Hotfix
To install this hotfix via command line:
This procedure is for all computers and appliances in your environment. Make sure to install on all cluster members.
Note: The installation scripts run cpstop and cpstart automatically.
- Back up modified files (see the list in R75.40 Hotfix Release Notes).
- Copy the upgrade package file for the platform to a temporary directory.
- Extract the .tgz package:
- On Windows: use an archive utility (such as WinZip)
- On other platforms, run: tar zxvf Check_Point_R75.40_HF.<platform>.tgz
- Run the installation:
- On Windows: double-click the exe file.
- On other platforms, run: ./UnixInstallScript
- Make sure that the script completes successfully (no errors).
Installation using the Automatic Software Updates For Gaia/Gaia+ only:
To install using automatic software updates follow sk81680
Important Note: the hotfix cannot be installed on IPSO diskless.
Resolved Issues in R75.40 Hotfix
- Security enhancements
- Performance enhancements to processes
- Fixes for memory leaks and kernel panics
- Fixes for timers, LDAP, and other errors and behaviors
||Resolved kernel panic on IPSO caused by fragmented traffic.
||Resolved issue with expiration in cache timers of PEP daemon.
||Resolved issue with LDAP groups for users and machines not being updated by PDP.
||Changed the size limit of PDP tables.
Fixed invalid handle error (
/var/log/messages files showed the following errors:
FW-1: fwhandle_get(hashlong.c:N): Table kbufs - Invalid handle M (bad pool)
FW-1: fwkbuf_free(hashlong.c N): kbuf id is not found: M
FW-1: fwlddist_get_table_id: table name conflict, unknown ld name).
Resolved issues with policy installation (CPU load during was increasing significantly, policy installation took more than several minutes to complete, and during that CPU peak Security Gateway stopped processing connections).
Resolved synchronization issues between PDP and PEP tables after connecting to Captive Portal.
||Added a fix for the issue with IOWait consuming 100% CPU on Security Gateway after security policy installation. Refer to sk60703.
||Resolved kernel panic on cluster member.
||Resolved stability of PDPD daemon (PDPD consumed 100% CPU, was constantly crashing and restarting).
||Enhanced security against script injection.
||Resolved issue with number of Identity Awareness users in output of 'cpstat' command that did not decrease (check the output of 'pep s u a', and compare to output of 'pdp m a' command).
||Resolved memory leak caused by SecureXL (
fw_drv_fini: N bytes allocated by 'simi_mem_halloc').
Resolved issue with user enforcement in Application Control - when "assume single user" is on, and a user without access roles logs in on the same machine after a user with access roles, the access will not fail anymore.
||Resolved issue with logging in to portals on port 443 (WebUI, Mobile Access) on ClusterXL Load Sharing mode with SDF, and VRRP cluster.
R75.40 Hotfix Downloads
R75.40 Hotfix Documentation
This solution is about products that are no longer supported and it will not be updated