| ID |
Symptoms |
| Upgrade |
| 00924128 |
Gaia Portal may disconnect, without notice, during the upgrade via Gaia Portal from R75.40 to R75.40VS, if there is at least one activated software blade that uses the Multi-Portal infrastructure (e.g., Mobile Access blade).
Refer to sk79521. |
| Infrastructure |
| 00938745 |
Output of 'cpwd_admin list' command incorrectly shows the 'DASERVICE' as terminated. This message can be ignored. |
00553445,
00553444,
00547140,
00548020,
00548320,
00552380,
00553442,
00567059,
00574093,
00574430,
00647906,
00648633,
00648958,
00765541,
00774981,
00815732,
00848407;
00904918,
00906772,
00923135,
00968476,
01007249,
01007599 |
IOWait consumes 100% CPU on Security Gateway after security policy installation.
Refer to sk60703. |
| Firewall |
| 00906131 |
QoS stability issue. |
| 00903784 |
Install policy takes a long time to complete. |
| 00900355 |
Kernel panic on IPSO when CoreXL is enabled and fragmented packets sent through the gateway. |
| 00906975 |
Client authentication does not function with UTF-8 characters. |
| 00911247 |
If Anti-Virus is enabled, EPSV and ERPT are dropped. The FTP security server now accepts the commands EPRT and EPSV. |
| 00920035 |
There is a spelling mistake in the SmartView Tracker log for "interface is down". |
| 00922932 |
When IPS protection "SYN Attack" (SYNDefender) detects an attack, an incorrect message ("illegal post SYN") is given for legitimate connections. |
| 00853800 |
Security Gateway crashes during policy installation. |
| 00857709 |
After upgrading to R75.20, client authentication only works when using SmartDirectory. |
| 00868774 |
Unexpected termination in fwpprof from "fwpprof t 1" in certain situations. |
| 00889090 |
Memory leaks in the kernel. |
| 00889954 |
If a secondary log server is enabled, the primary log server does not get all the logs. |
| 00849461 |
The IPMI interface for snmpd is not initialized on Open Servers. |
| 00867796 |
In rare cases, Security policy is installed with debug enabled, the fw_loader process crashes and the policy installation fails. |
| 00870421 |
Unable to connect to dshield site. |
| 00870566 |
snmpd error: "diskio.c: don't know how to handle" |
| 00902111 |
Packets arriving to the internal interface of the firewall with dscp markings (QoS) were dropped.
|
| 00912734 |
Policy installation sometimes failes in an uncommon configuration. |
| 00915442 |
Packets are dropped in an uncommon NAT configuration. |
| 00917167 |
Binary file attachments with Strip ActiveX tags corrupt HTTP resources. |
| 00920430 |
FTP accounting logs does not account data connections, only control connections. |
| 00920465 |
Enhancement: QoS is kept for packets that arrive to the internal interface of the firewall. |
| 00929076 |
NAT connections are not restored after an ISP link failure is resolved. |
| 00901881 |
Enhancement: Improved security against CVE-2011-3389 ("BEAST attack"), new vulnerability exposed in SSL packets, TLSv1.0 with CBC encryption. |
00917910,
00918421,
00918418,
00943331,
00938631,
00918416 |
NATed VPN traffic that passes through Security Gateway is dropped when SecureXL is enabled. Refer to sk77240. |
00853274,
00853798,
00853799,
00853800,
00857677,
00859676,
00885390,
00903026,
00936263,
01056437,
01056440,
01057695,
01060611,
01111724,
01118586,
01119306,
01119814,
01121955,
01129793 |
Security Gateway might crash upon policy installation after deleting some rules from the rulebase if 'Connection Persistence' is set to 'Keep all connections' in Security Gateway object.
Refer to Scenario 4 in sk103598. |
00909368,
00912734,
01111227,
01308749,
01433278,
01438761 |
Policy installation / fetch on Security Gateway R75.40 / R75.40VS fails with the following possible errors in SmartDashboard:
Load on Module failed - no memoryLoad on Module failed - failed to load Security Policy
Refer to sk101875. |
| Advanced Dynamic Routing |
| 00261792 |
The OSPF Default Gateway is chosen over the static gateway. |
| 00860760 |
The Advanced Dynamic Routing process crashes after failover from Primary to Standby when 3 BGP ADG was brought up. |
| 00867968 |
The "router" and "cligated" commands sometimes exit with core. |
| 00883596 |
A checksum comparison during an OSPF LS update can end in error: "OSPF FLOOD: got an older lsa" in trace file. |
| 00899020 |
The "show ip pim sparse mrt" does not display an mroute. Sometimes an mroute is deleted from PIM-SM but not from the kernel MFC. |
| Anti-Spam & Email Security |
| 00878664 |
The zero-hour protection mechanism creates false-positive SmartView Monitor log records. The logs say that emails were blocked even for safe emails that were not blocked. |
| ClusterXL |
| 00896297 |
Instability of the cphaprob stat process if the cluster has a large number of virtual IP addresses. |
| Identity Awareness |
| 00914967 |
Captive Portal causes a Rule Base enforcement mismatch, checking for a rule that does not use HTTP services. |
| 00832375 |
The wrong timeout is sometimes shown for the captive portal. |
| 00915452 |
Enhanced communication between PDP and PEP. |
| 00897953 |
LDAP groups of users and machines are not updated with the "pdp update all" command in the CLI, or with policy install. |
| 00920449 |
Identity Awareness AD Query for Log_user_ad_logins does not correctly filter all relevant logs. |
| IPS |
| 00890301 |
IPS does not exit the bypass when the CPU reached the lower limit. |
| 00903724 |
HTTP traffic with content-type="multipart" is incorrectly dropped. |
| Security Management |
| 00877960 |
Client IP field in audit records is sometimes incorrect. |
| 00886257 |
Segmentation fault in the in.ahttpd process. |
| 00912074 |
On Windows OS only, the Active Virtual memory is not always calculated correctly, and SmartView Monitor shows the incorrect value |
| 00914695 |
"Cannot add certificate when no Certificate Authority Server exists.
You must first define Certificate Authority Server object." message pops up in SmartDashboard when closing Check Point object properties.
Refer to sk75160. |
| Multi-Domain Security Management |
| 00911137 |
"fwboot command not found" appears when running the mdsstip_customer command for a domain. |
| 00862532 |
Unexpected termination of FWM of the Domain Management Server. |
| 00880042 |
The mds_backup command now collects Domain Management Server and Multi-Domain Server logs from Smart-1 appliances. |
| Mobile Access |
| 00852954 |
In SSL Network Extender Application mode on IE9 64-bits, web application traffic does not pass through the SSL tunnel. |
| 00860050 |
Multi Portal daemon does not restart after unexpected termination. |
| 00900686 |
Saving Web credentials fails if the application is configured with a host name and DNS resolution fails. |
| 00903870 |
Cookie headers are ignored during HTTP 401 negotiation. |
| 00905419 |
When a Web server sends a page in many chunks and the first chunk is empty, the beginning of the page is lost and replaced by an irrelevant string. |
| 00909673 |
Opening the Mobile Access tab can cause SmartDashboard to become temporarily unresponsive. |
| 00914777 |
iPhone active sync takes more than one session per user. |
| 00919217 |
CvpnHTAddStringForReplaceAndRunTranslation is not working correctly. |
| 00754583 |
Clicking a File Shares Favorites link in the Mobile Access blade portal shows an error "Page not found". |
| 00864517 |
The hostname in URL arguments is not translated by Mobile Access PT link translation. |
| 00869144 |
Link Translation is not done on HTML pages without the <html> opening tag. |
| 00871307 |
When doing an ActiveSync from an Android phone or an iPhone, several sessions cannot be opened for each user. |
| 00874381 |
An extra "&" character is sometimes sent in POST requests to an internal server. |
| 00875142 |
Web pages with an empty location header are dropped. |
| 00876453 |
The vpnd process is sometimes unstable. |
| 00888727 |
Expired cookies are sent to an internal Web server. |
| 00895753 |
DynamicID with email does not work for Mobile Access on Gaia platforms. |
| 00904253 |
Web Application behind a proxy server is not accessible |
| 00949048 |
The name of Citrix clients that were downloaded with Mobile Access are incorrectly changed. |
| 00902111 |
If packets arrive to the internal interface of the firewall with DSCP tags (QoS), the firewall changes the packets to DSCP 0 - no classification was made. |
| 00917167 |
Binary file attachments with Strip ActiveX tags corrupted http resources |
| SecurePlatform |
| 00548016 |
Settings are incorrectly displayed for 10 Gb NICs. |
| 00842704 |
Large SCP file transfers may fail for certain SCP clients. |
| 00915217 |
Resolved issues with multi-line banner messages. |
| 00917388 |
The message banner is limited to 150 characters (3 lines, 50 chars per line). It was increased to 1600 chars (20 lines, 80 chars per line). |
| 00744683 |
When an IP address for an interface is in /etc/hosts, and the IP address is removed in sysconfig, the /etc/hosts file is not updated. |
| 00865788 |
After upgrading different appliances, the server is incorrectly shown as Power-1 12000 on the WebUI. |
| 00944576 |
Log collection for "backup -l" is overridden by the backup_sched.conf log setting. |
| 00885936, 00894283, 00894284, 00894285, 00900197, 00908306, 01603080 |
GateD daemon might crash when Security Gateway is a part of a large OSPF environment.
Refer to sk105383.
|
| SSL Network Extender |
| 00895803 |
Intermittent problems with internal DNS resolution before auto launch of network application. |
| 00895886 |
When the external or internal CA is revoked, you can still connect to the VSX gateway with an SSL Network Extender client. |
| SNMP |
| 00905612 |
Validation errors in a MIB file. |
| SmartDashboard |
| 00884427 |
IPS Updates Schedule shows N/A on Thursdays. |
| 00900559 |
Unable to see gateway portal certificate that containes more than 4,000 characters. |
| 00851801 |
Management Blades are shown in the wrong nodes on the Objects Tree. |
| 00908436 |
Users cannot be deleted without disabling MEP. |
| SmartEvent |
| 00867990 |
If you saved an IPS Generic Event with a new name, the threshold text was incorrectly changed. |
| 00869760 |
If a username has a delimiting character (such as a comma), it is truncated in the Endpoint Security Events view in the SmartEvent console. |
| SmartProvisioning |
| 00902185 |
Added create, change, and delete ROBO interface functionalities for Edge. |
| SmartReporter |
| 00819692 |
On servers with only IPS Intro license, SmartReporter starts report generation and fails on the error "Failed to get licensing data". |
| 00821390 |
If the Per Gateway option is selected and the "Active Policy Analysis" section was included, the report is not always generated successfully. |
| Smart-1 |
| 00948424 |
Enhanced: Added control for log collection from Multi-Domain Server during backup. |
| VPN |
| 00872475 |
Improved handling of Certificate enrollment when management server is behind NAT. |
| 00895858 |
Check Point Mobile for iOS cannot connect to an external cluster IP address from an internal network if Anti-Virus was on and if a DNS server resolved all out-going traffic. |
| 00788211 |
SecureClient failes to renew its Office Mode IP address with the error: "OM: User not in Office Mode group". |
| 00875143 |
Improved handling of SSL Network Extender connections on cluster failover. |
| 00897063 |
SSL Network Extender application available to a non-compliant Office Mode user after re-login. |
| 00895859 |
Defective handling of connections to the SSL portal. |
| 00897192 |
Users cannot log into Mobile Access Portal if SWS was required but disabled. |
| 00848430 |
The database for the policy server of connected users is recreated each time when users connected on the last day of the month. |
| 00848444 |
A possible file descriptor leak when recreating a database for policy server users. |
| 00864196 |
Various remote access traffic may fail with "Failed to Enforce VPN Policy (8)" drops in SmartView Tracker when HTTPS inspection is used. See sk88983 |
