Support Center > Search Results > SecureKnowledge Details
Identity Awareness R75.45 - Stability Fixes and Performance Enhancements
Solution

This Hotfix package installs important updates for R75.45 Security Gateways for improved Identity Awareness stability and performance.

Make sure to install this hotfix only on an R75.45 Security Gateway. No need to install it on Security Management servers.

Identity Awareness R75.45 Hotfix Downloads:


The following limitations were resolved in this HotFix:

ID Symptoms
01044827
"X-forward-for" header replacement in Identity Awareness with Application Control does not work - data was stripped.
Messages from kernel debug:
[fw_1];psl_handle_data_replacement: error, replace_tcp_data_f failed
[fw_1];psl_handle_packet: error, psl_handle_data_replacement failed
[fw_1];psl_handle_packet: saving msg "internal error - psl_handle_data_replacement failed" 
00974896, 01025328 The PDP daemon terminates unexpectedly.
01041714 High CPU consumption of PDP daemon process. 
00912088  Performance improvement for Identity Awareness blade. 
01055241  Enhanced communication between PDP and PEP. 
01064737  Identity Awareness Captive Portal displays an error alert in iOS6 Wi-Fi hotspot detector. 
01064691  The PDP updates the identity role on the PEP only when the TTL is not equal to zero.
01069903  Performance improvement for Identity Awareness blade for distributed deployments, where the gateway acquires identities from many sub-networks.


Installation Instructions:

If this fix was previously installed with a different build number, uninstall the previous fix and install this one.

  1. Back up modified files.

  2. Unzip and run the package:
    # gunzip fw1_wrapper_HOTFIX_FOXX_HF_HA45_007.tgz
    # tar -xvf fw1_wrapper_HOTFIX_FOXX_HF_HA45_007.tar
    # ./fw1_wrapper_HOTFIX_FOXX_HF_HA45_007_986007015_1

    Note: The script will run cpstop and cpstart.

  3. Make sure that the script completes successfully (no errors).

  4. Reboot the machine.

  5. To uninstall the hotfix run uninstall script: uninstall_fw1_wrapper_HOTFIX_FOXX_HF_HA45_007 located under /opt/CPsuite-R75.40 directory.

  6. If you encounter problems during the uninstall process, use your own backup and contact Check Point Support. 

Important Note:

Error messages may be displayed on certain shells during installation of this hotfix.

If the error ends with "rm: cannot remove '/opt/CPmds-R75.40/usercheckportal.tgz': No such file or directory" it can be ignored, it has no effect on functionality.

This issue is resolved in the following packages (note that you need to uninstall the previous fix before installing this one):

Unzip and run the package:

# gunzip fw1_wrapper_HOTFIX_FOXX_HF_HA45_007.tgz

# tar -xvf fw1_wrapper_HOTFIX_FOXX_HF_HA45_007.tar

# ./fw1_wrapper_HOTFIX_FOXX_HF_HA45_007_986007016_1

Note: No reinstallation is required for users who have already installed the original package.

 

*** All of the above limitations are resolved in R75.46. ***

    This solution is about products that are no longer supported and it will not be updated

    Give us Feedback
    Please rate this document
    [1=Worst,5=Best]
    Comment