Support Center > Search Results > SecureKnowledge Details
Check Point R75.40 Hotfix
Solution

This Hotfix package installs important updates for R75.40 Security Management servers or Security Gateways.

This Hotfix is incorporated into R75.45.

 

Table of Contents

  • Installing R75.40 Hotfix
  • Resolved Issues in R75.40 Hotfix
  • R75.40 Hotfix Downloads
  • R75.40 Hotfix Documentation

 

Installing R75.40 Hotfix

To install this hotfix via command line:


This procedure is for all computers and appliances in your environment. Make sure to install on all cluster members.
Note: The installation scripts run cpstop and cpstart automatically.

  1. Back up modified files (see the list in R75.40 Hotfix Release Notes).
  2. Copy the upgrade package file for the platform to a temporary directory.
  3. Extract the .tgz package:
    • On Windows: use an archive utility (such as WinZip)
    • On other platforms, run: tar zxvf Check_Point_R75.40_HF.<platform>.tgz
  4. Run the installation:
    • On Windows: double-click the exe file.
    • On other platforms, run: ./UnixInstallScript
  5. Make sure that the script completes successfully (no errors).
  6. Reboot.

 

Installation using the Automatic Software Updates For Gaia/Gaia+ only:

To install using automatic software updates follow sk81680


Important Note: the hotfix cannot be installed on IPSO diskless.

 

Resolved Issues in R75.40 Hotfix

Summary

  • Security enhancements
  • Performance enhancements to processes
  • Fixes for memory leaks and kernel panics
  • Fixes for timers, LDAP, and other errors and behaviors
ID Symptoms
00900253
Resolved kernel panic on IPSO caused by fragmented traffic.
00911323 Resolved issue with expiration in cache timers of PEP daemon.
00911327 Resolved issue with LDAP groups for users and machines not being updated by PDP.
00911527 Changed the size limit of PDP tables.
00912432

Fixed invalid handle error (/var/log/messages files showed the following errors:
FW-1: fwhandle_get(hashlong.c:N): Table kbufs - Invalid handle M (bad pool)
FW-1: fwkbuf_free(hashlong.c N): kbuf id is not found: M
FW-1: fwlddist_get_table_id: table name conflict, unknown ld name).

00911073

Resolved issues with policy installation (CPU load during was increasing significantly, policy installation took more than several minutes to complete, and during that CPU peak Security Gateway stopped processing connections).

00910149

Resolved synchronization issues between PDP and PEP tables after connecting to Captive Portal.

00923135 Added a fix for the issue with IOWait consuming 100% CPU on Security Gateway after security policy installation. Refer to sk60703.
00911520 Resolved kernel panic on cluster member.
00901499 Resolved stability of PDPD daemon (PDPD consumed 100% CPU, was constantly crashing and restarting).
00913527 Enhanced security against script injection.
00914938 Resolved issue with number of Identity Awareness users in output of 'cpstat' command that did not decrease (check the output of 'pep s u a', and compare to output of 'pdp m a' command).
00912461 Resolved memory leak caused by SecureXL (fw_drv_fini: N bytes allocated by 'simi_mem_halloc').
00924852

Resolved issue with user enforcement in Application Control - when "assume single user" is on, and a user without access roles logs in on the same machine after a user with access roles, the access will not fail anymore.

00922773 Resolved issue with logging in to portals on port 443 (WebUI, Mobile Access) on ClusterXL Load Sharing mode with SDF, and VRRP cluster.

 

R75.40 Hotfix Downloads

R75.40 Hotfix Documentation

This solution is about products that are no longer supported and it will not be updated

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment