ID |
Symptoms |
Upgrade |
00924128 |
Gaia Portal may disconnect, without notice, during the upgrade via Gaia Portal from R75.40 to R75.40VS, if there is at least one activated software blade that uses the Multi-Portal infrastructure (e.g., Mobile Access blade). Refer to sk79521. |
Infrastructure |
00938745 |
Output of 'cpwd_admin list ' command incorrectly shows the 'DASERVICE ' as terminated. This message can be ignored. |
00553445, 00553444, 00547140, 00548020, 00548320, 00552380, 00553442, 00567059, 00574093, 00574430, 00647906, 00648633, 00648958, 00765541, 00774981, 00815732, 00848407; 00904918, 00906772, 00923135, 00968476, 01007249, 01007599 |
IOWait consumes 100% CPU on Security Gateway after security policy installation. Refer to sk60703. |
Firewall |
00906131 |
QoS stability issue. |
00903784 |
Install policy takes a long time to complete. |
00900355 |
Kernel panic on IPSO when CoreXL is enabled and fragmented packets sent through the gateway. |
00906975 |
Client authentication does not function with UTF-8 characters. |
00911247 |
If Anti-Virus is enabled, EPSV and ERPT are dropped. The FTP security server now accepts the commands EPRT and EPSV. |
00920035 |
There is a spelling mistake in the SmartView Tracker log for "interface is down". |
00922932 |
When IPS protection "SYN Attack" (SYNDefender) detects an attack, an incorrect message ("illegal post SYN") is given for legitimate connections. |
00853800 |
Security Gateway crashes during policy installation. |
00857709 |
After upgrading to R75.20, client authentication only works when using SmartDirectory. |
00868774 |
Unexpected termination in fwpprof from "fwpprof t 1" in certain situations. |
00889090 |
Memory leaks in the kernel. |
00889954 |
If a secondary log server is enabled, the primary log server does not get all the logs. |
00849461 |
The IPMI interface for snmpd is not initialized on Open Servers. |
00867796 |
In rare cases, Security policy is installed with debug enabled, the fw_loader process crashes and the policy installation fails. |
00870421 |
Unable to connect to dshield site. |
00870566 |
snmpd error: "diskio.c: don't know how to handle" |
00902111 |
Packets arriving to the internal interface of the firewall with dscp markings (QoS) were dropped.
|
00912734 |
Policy installation sometimes failes in an uncommon configuration. |
00915442 |
Packets are dropped in an uncommon NAT configuration. |
00917167 |
Binary file attachments with Strip ActiveX tags corrupt HTTP resources. |
00920430 |
FTP accounting logs does not account data connections, only control connections. |
00920465 |
Enhancement: QoS is kept for packets that arrive to the internal interface of the firewall. |
00929076 |
NAT connections are not restored after an ISP link failure is resolved. |
00901881 |
Enhancement: Improved security against CVE-2011-3389 ("BEAST attack"), new vulnerability exposed in SSL packets, TLSv1.0 with CBC encryption. |
00917910, 00918421, 00918418, 00943331, 00938631, 00918416 |
NATed VPN traffic that passes through Security Gateway is dropped when SecureXL is enabled. Refer to sk77240. |
00853274, 00853798, 00853799, 00853800, 00857677, 00859676, 00885390, 00903026, 00936263, 01056437, 01056440, 01057695, 01060611, 01111724, 01118586, 01119306, 01119814, 01121955, 01129793 |
Security Gateway might crash upon policy installation after deleting some rules from the rulebase if 'Connection Persistence ' is set to 'Keep all connections ' in Security Gateway object. Refer to Scenario 4 in sk103598. |
00909368, 00912734, 01111227, 01308749, 01433278, 01438761 |
Policy installation / fetch on Security Gateway R75.40 / R75.40VS fails with the following possible errors in SmartDashboard:
Load on Module failed - no memory
Load on Module failed - failed to load Security Policy
Refer to sk101875. |
Advanced Dynamic Routing |
00261792 |
The OSPF Default Gateway is chosen over the static gateway. |
00860760 |
The Advanced Dynamic Routing process crashes after failover from Primary to Standby when 3 BGP ADG was brought up. |
00867968 |
The "router" and "cligated" commands sometimes exit with core. |
00883596 |
A checksum comparison during an OSPF LS update can end in error: "OSPF FLOOD: got an older lsa" in trace file. |
00899020 |
The "show ip pim sparse mrt" does not display an mroute. Sometimes an mroute is deleted from PIM-SM but not from the kernel MFC. |
Anti-Spam & Email Security |
00878664 |
The zero-hour protection mechanism creates false-positive SmartView Monitor log records. The logs say that emails were blocked even for safe emails that were not blocked. |
ClusterXL |
00896297 |
Instability of the cphaprob stat process if the cluster has a large number of virtual IP addresses. |
Identity Awareness |
00914967 |
Captive Portal causes a Rule Base enforcement mismatch, checking for a rule that does not use HTTP services. |
00832375 |
The wrong timeout is sometimes shown for the captive portal. |
00915452 |
Enhanced communication between PDP and PEP. |
00897953 |
LDAP groups of users and machines are not updated with the "pdp update all" command in the CLI, or with policy install. |
00920449 |
Identity Awareness AD Query for Log_user_ad_logins does not correctly filter all relevant logs. |
IPS |
00890301 |
IPS does not exit the bypass when the CPU reached the lower limit. |
00903724 |
HTTP traffic with content-type="multipart" is incorrectly dropped. |
Security Management |
00877960 |
Client IP field in audit records is sometimes incorrect. |
00886257 |
Segmentation fault in the in.ahttpd process. |
00912074 |
On Windows OS only, the Active Virtual memory is not always calculated correctly, and SmartView Monitor shows the incorrect value |
00914695 |
"Cannot add certificate when no Certificate Authority Server exists. You must first define Certificate Authority Server object. " message pops up in SmartDashboard when closing Check Point object properties. Refer to sk75160. |
Multi-Domain Security Management |
00911137 |
"fwboot command not found " appears when running the mdsstip_customer command for a domain. |
00862532 |
Unexpected termination of FWM of the Domain Management Server. |
00880042 |
The mds_backup command now collects Domain Management Server and Multi-Domain Server logs from Smart-1 appliances. |
Mobile Access |
00852954 |
In SSL Network Extender Application mode on IE9 64-bits, web application traffic does not pass through the SSL tunnel. |
00860050 |
Multi Portal daemon does not restart after unexpected termination. |
00900686 |
Saving Web credentials fails if the application is configured with a host name and DNS resolution fails. |
00903870 |
Cookie headers are ignored during HTTP 401 negotiation. |
00905419 |
When a Web server sends a page in many chunks and the first chunk is empty, the beginning of the page is lost and replaced by an irrelevant string. |
00909673 |
Opening the Mobile Access tab can cause SmartDashboard to become temporarily unresponsive. |
00914777 |
iPhone active sync takes more than one session per user. |
00919217 |
CvpnHTAddStringForReplaceAndRunTranslation is not working correctly. |
00754583 |
Clicking a File Shares Favorites link in the Mobile Access blade portal shows an error "Page not found". |
00864517 |
The hostname in URL arguments is not translated by Mobile Access PT link translation. |
00869144 |
Link Translation is not done on HTML pages without the <html> opening tag. |
00871307 |
When doing an ActiveSync from an Android phone or an iPhone, several sessions cannot be opened for each user. |
00874381 |
An extra "&" character is sometimes sent in POST requests to an internal server. |
00875142 |
Web pages with an empty location header are dropped. |
00876453 |
The vpnd process is sometimes unstable. |
00888727 |
Expired cookies are sent to an internal Web server. |
00895753 |
DynamicID with email does not work for Mobile Access on Gaia platforms. |
00904253 |
Web Application behind a proxy server is not accessible |
00949048 |
The name of Citrix clients that were downloaded with Mobile Access are incorrectly changed. |
00902111 |
If packets arrive to the internal interface of the firewall with DSCP tags (QoS), the firewall changes the packets to DSCP 0 - no classification was made. |
00917167 |
Binary file attachments with Strip ActiveX tags corrupted http resources |
SecurePlatform |
00548016 |
Settings are incorrectly displayed for 10 Gb NICs. |
00842704 |
Large SCP file transfers may fail for certain SCP clients. |
00915217 |
Resolved issues with multi-line banner messages. |
00917388 |
The message banner is limited to 150 characters (3 lines, 50 chars per line). It was increased to 1600 chars (20 lines, 80 chars per line). |
00744683 |
When an IP address for an interface is in /etc/hosts, and the IP address is removed in sysconfig, the /etc/hosts file is not updated. |
00865788 |
After upgrading different appliances, the server is incorrectly shown as Power-1 12000 on the WebUI. |
00944576 |
Log collection for "backup -l" is overridden by the backup_sched.conf log setting. |
00885936, 00894283, 00894284, 00894285, 00900197, 00908306, 01603080 |
GateD daemon might crash when Security Gateway is a part of a large OSPF environment. Refer to sk105383.
|
SSL Network Extender |
00895803 |
Intermittent problems with internal DNS resolution before auto launch of network application. |
00895886 |
When the external or internal CA is revoked, you can still connect to the VSX gateway with an SSL Network Extender client. |
SNMP |
00905612 |
Validation errors in a MIB file. |
SmartDashboard |
00884427 |
IPS Updates Schedule shows N/A on Thursdays. |
00900559 |
Unable to see gateway portal certificate that containes more than 4,000 characters. |
00851801 |
Management Blades are shown in the wrong nodes on the Objects Tree. |
00908436 |
Users cannot be deleted without disabling MEP. |
SmartEvent |
00867990 |
If you saved an IPS Generic Event with a new name, the threshold text was incorrectly changed. |
00869760 |
If a username has a delimiting character (such as a comma), it is truncated in the Endpoint Security Events view in the SmartEvent console. |
SmartProvisioning |
00902185 |
Added create, change, and delete ROBO interface functionalities for Edge. |
SmartReporter |
00819692 |
On servers with only IPS Intro license, SmartReporter starts report generation and fails on the error "Failed to get licensing data". |
00821390 |
If the Per Gateway option is selected and the "Active Policy Analysis" section was included, the report is not always generated successfully. |
Smart-1 |
00948424 |
Enhanced: Added control for log collection from Multi-Domain Server during backup. |
VPN |
00872475 |
Improved handling of Certificate enrollment when management server is behind NAT. |
00895858 |
Check Point Mobile for iOS cannot connect to an external cluster IP address from an internal network if Anti-Virus was on and if a DNS server resolved all out-going traffic. |
00788211 |
SecureClient failes to renew its Office Mode IP address with the error: "OM: User not in Office Mode group". |
00875143 |
Improved handling of SSL Network Extender connections on cluster failover. |
00897063 |
SSL Network Extender application available to a non-compliant Office Mode user after re-login. |
00895859 |
Defective handling of connections to the SSL portal. |
00897192 |
Users cannot log into Mobile Access Portal if SWS was required but disabled. |
00848430 |
The database for the policy server of connected users is recreated each time when users connected on the last day of the month. |
00848444 |
A possible file descriptor leak when recreating a database for policy server users. |
00864196 |
Various remote access traffic may fail with "Failed to Enforce VPN Policy (8)" drops in SmartView Tracker when HTTPS inspection is used. See sk88983 |