Support Center > Search Results > SecureKnowledge Details
R75.45 Resolved Issues
Solution

This article lists all of the issues that have been resolved in R75.45.

Important notes:

 

Table of Contents

  • Upgrade
  • Infrastructure
  • Firewall
  • Advanced Dynamic Routing
  • Anti-Spam & Email Security
  • ClusterXL
  • Identity Awareness
  • IPS
  • Security Management
  • Multi-Domain Security Management
  • Mobile Access
  • SecurePlatform
  • SSL Network Extender
  • SNMP
  • SmartDashboard
  • SmartEvent
  • SmartProvisioning
  • SmartReporter
  • Smart-1
  • VPN

 

ID Symptoms
Upgrade
00924128 Gaia Portal may disconnect, without notice, during the upgrade via Gaia Portal from R75.40 to R75.40VS, if there is at least one activated software blade that uses the Multi-Portal infrastructure (e.g., Mobile Access blade).
Refer to sk79521.
Infrastructure
00938745 Output of 'cpwd_admin list' command incorrectly shows the 'DASERVICE' as terminated. This message can be ignored.
00553445,
00553444,
00547140,
00548020,
00548320,
00552380,
00553442,
00567059,
00574093,
00574430,
00647906,
00648633,
00648958,
00765541,
00774981,
00815732,
00848407;
00904918,
00906772,
00923135,
00968476,
01007249,
01007599
IOWait consumes 100% CPU on Security Gateway after security policy installation.
Refer to sk60703.
Firewall
00906131 QoS stability issue.
00903784 Install policy takes a long time to complete.
00900355 Kernel panic on IPSO when CoreXL is enabled and fragmented packets sent through the gateway.
00906975 Client authentication does not function with UTF-8 characters.
00911247 If Anti-Virus is enabled, EPSV and ERPT are dropped. The FTP security server now accepts the commands EPRT and EPSV.
00920035 There is a spelling mistake in the SmartView Tracker log for "interface is down".
00922932 When IPS protection "SYN Attack" (SYNDefender) detects an attack, an incorrect message ("illegal post SYN") is given for legitimate connections.
00853800 Security Gateway crashes during policy installation.
00857709 After upgrading to R75.20, client authentication only works when using SmartDirectory.
00868774 Unexpected termination in fwpprof from "fwpprof t 1" in certain situations.
00889090 Memory leaks in the kernel.
00889954 If a secondary log server is enabled, the primary log server does not get all the logs.
00849461 The IPMI interface for snmpd is not initialized on Open Servers.
00867796 In rare cases, Security policy is installed with debug enabled, the fw_loader process crashes and the policy installation fails.
00870421 Unable to connect to dshield site.
00870566 snmpd error: "diskio.c: don't know how to handle"
00902111 Packets arriving to the internal interface of the firewall with dscp markings (QoS) were dropped.
00912734 Policy installation sometimes failes in an uncommon configuration.
00915442 Packets are dropped in an uncommon NAT configuration.
00917167 Binary file attachments with Strip ActiveX tags corrupt HTTP resources.
00920430 FTP accounting logs does not account data connections, only control connections.
00920465 Enhancement: QoS is kept for packets that arrive to the internal interface of the firewall.
00929076 NAT connections are not restored after an ISP link failure is resolved.
00901881 Enhancement: Improved security against CVE-2011-3389 ("BEAST attack"), new vulnerability exposed in SSL packets, TLSv1.0 with CBC encryption.
00917910,
00918421,
00918418,
00943331,
00938631,
00918416
NATed VPN traffic that passes through Security Gateway is dropped when SecureXL is enabled. Refer to sk77240.
00853274,
00853798,
00853799,
00853800,
00857677,
00859676,
00885390,
00903026,
00936263,
01056437,
01056440,
01057695,
01060611,
01111724,
01118586,
01119306,
01119814,
01121955,
01129793
Security Gateway might crash upon policy installation after deleting some rules from the rulebase if 'Connection Persistence' is set to 'Keep all connections' in Security Gateway object.
Refer to Scenario 4 in sk103598.
00909368,
00912734,
01111227,
01308749,
01433278,
01438761

Policy installation / fetch on Security Gateway R75.40 / R75.40VS fails with the following possible errors in SmartDashboard:

  • Load on Module failed - no memory
  • Load on Module failed - failed to load Security Policy
Refer to sk101875.
Advanced Dynamic Routing
00261792 The OSPF Default Gateway is chosen over the static gateway.
00860760 The Advanced Dynamic Routing process crashes after failover from Primary to Standby when 3 BGP ADG was brought up.
00867968 The "router" and "cligated" commands sometimes exit with core.
00883596 A checksum comparison during an OSPF LS update can end in error: "OSPF FLOOD: got an older lsa" in trace file.
00899020 The "show ip pim sparse mrt" does not display an mroute. Sometimes an mroute is deleted from PIM-SM but not from the kernel MFC.
Anti-Spam & Email Security
00878664 The zero-hour protection mechanism creates false-positive SmartView Monitor log records. The logs say that emails were blocked even for safe emails that were not blocked.
ClusterXL
00896297 Instability of the cphaprob stat process if the cluster has a large number of virtual IP addresses.
Identity Awareness
00914967 Captive Portal causes a Rule Base enforcement mismatch, checking for a rule that does not use HTTP services.
00832375 The wrong timeout is sometimes shown for the captive portal.
00915452 Enhanced communication between PDP and PEP.
00897953 LDAP groups of users and machines are not updated with the "pdp update all" command in the CLI, or with policy install.
00920449 Identity Awareness AD Query for Log_user_ad_logins does not correctly filter all relevant logs.
IPS
00890301 IPS does not exit the bypass when the CPU reached the lower limit.
00903724 HTTP traffic with content-type="multipart" is incorrectly dropped.
Security Management
00877960 Client IP field in audit records is sometimes incorrect.
00886257 Segmentation fault in the in.ahttpd process.
00912074 On Windows OS only, the Active Virtual memory is not always calculated correctly, and SmartView Monitor shows the incorrect value
00914695 "Cannot add certificate when no Certificate Authority Server exists.
You must first define Certificate Authority Server object.
" message pops up in SmartDashboard when closing Check Point object properties.
Refer to sk75160
Multi-Domain Security Management
00911137 "fwboot command not found" appears when running the mdsstip_customer command for a domain.
00862532 Unexpected termination of FWM of the Domain Management Server.
00880042 The mds_backup command now collects Domain Management Server and Multi-Domain Server logs from Smart-1 appliances.
Mobile Access
00852954 In SSL Network Extender Application mode on IE9 64-bits, web application traffic does not pass through the SSL tunnel.
00860050 Multi Portal daemon does not restart after unexpected termination.
00900686 Saving Web credentials fails if the application is configured with a host name and DNS resolution fails.
00903870 Cookie headers are ignored during HTTP 401 negotiation.
00905419 When a Web server sends a page in many chunks and the first chunk is empty, the beginning of the page is lost and replaced by an irrelevant string.
00909673 Opening the Mobile Access tab can cause SmartDashboard to become temporarily unresponsive.
00914777 iPhone active sync takes more than one session per user.
00919217 CvpnHTAddStringForReplaceAndRunTranslation is not working correctly.
00754583 Clicking a File Shares Favorites link in the Mobile Access blade portal shows an error "Page not found".
00864517 The hostname in URL arguments is not translated by Mobile Access PT link translation.
00869144 Link Translation is not done on HTML pages without the <html> opening tag.
00871307 When doing an ActiveSync from an Android phone or an iPhone, several sessions cannot be opened for each user.
00874381 An extra "&" character is sometimes sent in POST requests to an internal server.
00875142 Web pages with an empty location header are dropped.
00876453 The vpnd process is sometimes unstable.
00888727 Expired cookies are sent to an internal Web server.
00895753 DynamicID with email does not work for Mobile Access on Gaia platforms.
00904253 Web Application behind a proxy server is not accessible
00949048 The name of Citrix clients that were downloaded with Mobile Access are incorrectly changed.
00902111 If packets arrive to the internal interface of the firewall with DSCP tags (QoS), the firewall changes the packets to DSCP 0 - no classification was made.
00917167 Binary file attachments with Strip ActiveX tags corrupted http resources
SecurePlatform
00548016 Settings are incorrectly displayed for 10 Gb NICs.
00842704 Large SCP file transfers may fail for certain SCP clients.
00915217 Resolved issues with multi-line banner messages.
00917388 The message banner is limited to 150 characters (3 lines, 50 chars per line). It was increased to 1600 chars (20 lines, 80 chars per line).
00744683 When an IP address for an interface is in /etc/hosts, and the IP address is removed in sysconfig, the /etc/hosts file is not updated.
00865788 After upgrading different appliances, the server is incorrectly shown as Power-1 12000 on the WebUI.
00944576 Log collection for "backup -l" is overridden by the backup_sched.conf log setting.
00885936, 00894283, 00894284, 00894285, 00900197, 00908306, 01603080 GateD daemon might crash when Security Gateway is a part of a large OSPF environment.
Refer to sk105383.
SSL Network Extender
00895803 Intermittent problems with internal DNS resolution before auto launch of network application.
00895886 When the external or internal CA is revoked, you can still connect to the VSX gateway with an SSL Network Extender client.
SNMP
00905612 Validation errors in a MIB file.
SmartDashboard
00884427 IPS Updates Schedule shows N/A on Thursdays.
00900559 Unable to see gateway portal certificate that containes more than 4,000 characters.
00851801 Management Blades are shown in the wrong nodes on the Objects Tree.
00908436 Users cannot be deleted without disabling MEP.
SmartEvent
00867990 If you saved an IPS Generic Event with a new name, the threshold text was incorrectly changed.
00869760 If a username has a delimiting character (such as a comma), it is truncated in the Endpoint Security Events view in the SmartEvent console.
SmartProvisioning
00902185 Added create, change, and delete ROBO interface functionalities for Edge.
SmartReporter
00819692 On servers with only IPS Intro license, SmartReporter starts report generation and fails on the error "Failed to get licensing data".
00821390 If the Per Gateway option is selected and the "Active Policy Analysis" section was included, the report is not always generated successfully.
Smart-1
00948424 Enhanced: Added control for log collection from Multi-Domain Server during backup.
VPN
00872475 Improved handling of Certificate enrollment when management server is behind NAT.
00895858 Check Point Mobile for iOS cannot connect to an external cluster IP address from an internal network if Anti-Virus was on and if a DNS server resolved all out-going traffic.
00788211 SecureClient failes to renew its Office Mode IP address with the error: "OM: User not in Office Mode group".
00875143 Improved handling of SSL Network Extender connections on cluster failover.
00897063 SSL Network Extender application available to a non-compliant Office Mode user after re-login.
00895859 Defective handling of connections to the SSL portal.
00897192 Users cannot log into Mobile Access Portal if SWS was required but disabled.
00848430 The database for the policy server of connected users is recreated each time when users connected on the last day of the month.
00848444 A possible file descriptor leak when recreating a database for policy server users.
00864196 Various remote access traffic may fail with "Failed to Enforce VPN Policy (8)" drops in SmartView Tracker when HTTPS inspection is used. See sk88983

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment