Support Center > Search Results > SecureKnowledge Details
R75.46 Resolved Issues
Solution

This article lists all of the issues that have been resolved in R75.46.

For more information on R75.46 see the R75.46 Release Notes, R75.46 Home Page and R75.46 Known Limitations.

To see if an issue has been fixed in other releases, search for the issue ID in Support Center.

Visit our discussion forums to ask questions and get answers from technical peers and Support experts.
Popular forums:

Table of Contents

  • General and Installation
  • Automatic Software Updates
  • Firewall
  • Gaia
  • Gaia Dynamic Routing
  • SecurePlatform Dynamic Routing
  • SecurePlatform
  • SecurePlatform SNMP
  • Security Management
  • Multi-Domain Security Management
  • SmartConsole
  • Management Portal / WebUI
  • SmartReporter
  • SmartEvent
  • SmartProvisioning
  • Mobile Access
  • IPS
  • Identity Awareness
  • Anti-Malware
  • Endpoint Security on Demand
  • Smart-1
  • SmartLog Index Server
  • ClusterXL
  • SecureXL
  • IPsec VPN
  • Mobile VPN Client
  • SSL Network Extender
  • VPN
  • VSX
ID Symptoms
General and Installation
00953969 During installation of R75.45 HFA on IPSO, this error appears on screen: "Global Params logs send output".
01060112 On the Security Management Server running on Windows OS, the migrate export command fails with plugin error due to incorrect name in registry.
Error:
Execution finished with errors. See log file 'C:\Program Files\CheckPoint\R75.40\CPShared\R75.40\log\migrate-ddd_MMM_dd_HH-mm-ss_Year.log' for further details.
Automatic Software Updates
01045889 If you use Gaia Automatic Software Updates to uninstall R75.45, you must reboot the computer or appliance after the uninstall.
Firewall
00935442 Unable to connect to VRRP IP after running "fw unloadlocal" command. Kernel debug shows: "...dropped by fwha_forw_run Reason: Failed to send to another cluster member"
01047145
"X-forward-for" header replacement in Identity Awareness with Application Control does not work - data was stripped.
Messages from kernel debug:
[fw_1];psl_handle_data_replacement: error, replace_tcp_data_f failed
[fw_1];psl_handle_packet: error, psl_handle_data_replacement failed
[fw_1];psl_handle_packet: saving msg "internal error - psl_handle_data_replacement failed"
01055330
Skinny packets drop with error "Malformed SCCP packet - Invalid Reserved field".
01052012 The snmpwalk command shows CPU at 100% utilization on 4 clusters.
00968456 When using IPS, a memory leak occurs.
00920202 Stability issues during memory buffer cleanup.
00992889 Enhancement: An option added for profiling packets handled by PSL. The packets are printed when the threshold set by the kernel parameter psl_print_stack_threshold_on_handle_pkt is reached.
00941110 routed process periodically crashes during IPv6 Router Discovery.
00894501 When creating Bond interfaces, some interfaces do not show on the interface list.
00915830 Soft lockup CPU#X gets stuck for 10s, when using VoIP.
00912429,
01025908
Memory leak in FWM daemon.
01081709 Using URI Resource with UFP server casues high CPU utilization.
00915764 "SKB BUG: Invalid truesize (1586) len=1386, sizeof(sk_buff)=240" warning messages might be seen on a bridge interface.
01025713 When CoreXL enabled, the error message "FW-1 form has expired" appears.
00943628 Security Policy installation fails with "ERROR: Duplicate keys <xxxxxxxx> in table 'sd_dst_intvl_list'" . Refer to sk83480.
00957127 After the upgrade of the Security Management Server to R75.40, the UserCheck logo fails to display on the UserCheck Access Notification page
01062799 IPS Bypass is activated when it is not supposed to, while the CPU utilization is still within valid threshold limits.
01053677 Scheduled backup using FTP overwrites the last backup.
01084304 When running the fwaccel stats -s command, "PXL packets" and "PXL bytes" are shown incorrectly.
00949765 IPS logs over 1KB are partially lost when passed to syslogd using the 'logger' command.
01083594 CPAS drops TCP connections that support Explicit Congestion Notification (ECN).
01094556 In rare cases, URL Filtering causes instability and crashes.
01050063 A third-party SNMP viewer shows a warning about a mismatch with the returned values.
00623746 Fragmented traffic is lost if the fragmented packets do not arrive before the frag_table timeout value of 1 second expires.
01087655 On an Open Server gateway, "xpand: Failed to read Fan sensors" messages may appear in /var/log/messages file.
00936087 Firewall daemon (FWD) crashes.
01064688 IPS Bypass memory thresholds are not applied correctly.
00932080 NAT does not work properly after ISP failover - when trying to get IP address from DHCP server, it is dropped on "message_info: Connection contains real IP of NATed address"
01025497 cp_conf terminates unexpectedly with core dump file when running cp_conf lic add -f text.
00938999 Mobile Access policy changes on UTM fail to apply.
01084302 Application Control and IPS protection cause Firewall to crash when activating HTTP decoding.
01092702 SmartUpdate package upload process terminates after 3 minutes with error in SmartUpdate GUI "Transfer of verification script failed."
'CUSTOM_SU_PROC_TIMEOUT' environment variable has been added. Configure this variable (in minutes) to set the timeout value to up to 60 minutes.
01087845 System panic on IPSO 6.0.7.
Gaia
00923108 Mounting an NFS disk does not work in Gaia.
Error: "wrong fs type, bad option, bad superblock on <IP address>:/usr/isos, missing codepage or other error".
00940782 If a Virtual IP address is not on the same subnet as the physical IP addresses, the route to the Virtual IP address may not appear in the routing table.
Workaround: manually define the route.
01054033 When setting up a VTI VPN tunnel between clusters, doing "Get Interfaces" in SmartDashboard does not work. Also, the VTI does not show when running the command ifconfig -a.
01057221 When adding or configuring a cron job with a long command that has many spaces, the command is truncated.
00990162 Gaia stops responding when many MCVR addresses (Monitored Ciruits) are added to VRRP.
01080987
When running the "show configuration" command in clish, both clish and WebUI crash with a "Segmentation Fault" error.
01119560 Excessive memory utilization by /bin/confd daemon on Gaia when SNMP monitoring is enabled. Refer to sk91081.
00262101 Disconnecting interfaces on the same subnet on two VRRP cluster member gateways causes both members to become master.
01081425 The "show arp dynamic all" command does not show all entries.
00956369 User cannot filter which message are sent from syslogd to firewall syslog.
00936665 Cannot debug SNMP on Gaia using the TDERROR environment variable - the snmpd process fails.
01071820 "set lcd none" command does not disable the LCD panel on the appliance.
01070884,
01179220,
01190956;
01084061,
01084188,
01084187,
01203721
Backup/Restore function in Gaia Portal and Clish worked only for files up to 2GB in size. Refer to sk88145.
01247678,
01248259,
01248260,
01248261 
Gaia IP appliance crash related to ixgbe portwell driver.
Gaia Dynamic Routing
01060163
In VSLS cluster, when the member that is configured to run if active is rebooted, it does not synchronize OSPF routes from the current active member.
Log shows:
cpcl_slave_init(...): instance 2 connection waiting for select to return
cpcl_should_send() returns -4
00957124 A Policy Based Routing Action Table with a Normal Nexthop Type IP address is not created properly.
00923067 In Gaia, inactive routemaps cannot be deleted completely. Dynamic routing protocols retain the deleted routemap.
01013754, 00934769 The clish "save configuration" command on Gaia does not save all the dynamic routing configuration data. Refer to sk85280.
01084341 OSPF state is not synchronized to the Standby cluster member.
01092707 Configuring multiple MCVR interfaces in VRRP on Gaia causes WebUI and clish to time out.
01092667 When routed with OSPF MD5 authentication runs for a long time, the OSPF session gets restarted. 
01090376  When using OSPF with MD5 authentication, a failover to a member that came up after a reboot, can cause the OSPF session to restart. 
SecurePlatform Dynamic Routing
01069932
Some of the signals received by routed are printed with the wrong name in the routed trace file.
00774951,
00261870,
00261872,
00261904,
00775263,
00867105,
01007541,
01068385
Enabling NTP on SecurePlatform OS causes OSPF adjacencies to break.
Refer to sk90365.
01040548 The "show running" command in the Gated CLI configuration interface (router) shows "set ip nexthop" instead of "set ip next-hop" for a route-map.
00937571 The SecurePlatform GateD routing daemon stops running when BGP is used with routemaps that match on interfaces.
01039490 The GateD routing daemon on SecurePlatform consumes 100% CPU on a ClusterXL Standby member with PIM enabled.
SecurePlatform
01072603 CPWMD version entries in /var/log/messages are logged too frequently on some appliances.
01073740 Setting a cron job through clish prints out debug messages to /var/log/messages.
01090028 Bond interface does not show the link state of its physical slave interfaces.
01084325 Frequent hardware sensor alerts on Check Point 2012 appliances running SecurePlatform or Gaia.
01076734 When the session lockout is enabled, after running the faillog -r command, users cannot be authenticated by the gateway.
SecurePlatform SNMP
00901333
On SecurePlatform systems, the snmpwalk command does not always give full output for custom OIDs, because it was limited to 100 lines. Refer to sk71980.
00941815 When SNMP is used, these type of messages appear in /var/log/messages:
snmpd[PID]: unknown interface in /proc/net/ipv6_route
snmpd[PID]: /proc/net/ipv6_route data format error (5!=8), line == ...
00909497
The SNMPD daemon prints "snmpd[PID]: ioctl 35123 returned -1" error on interface names longer than 8 symbols. Refer to sk72240.
00901703 An snmpwalk on OID 1.3.6.1.4.1.2620.1.6.7.5.1.7 (multiProcInterrupts) returns a zero value for the number of interrupts per second if the total number of interrupts in /proc/stat exceeds a 32-bit value.
01080526 Changing an interface IP address crashes snmpd.
00937554 Running an SNMP query for RIP SNMP OIDs 1.3.6.1.2.1.23 after RIP is disabled causes the GateD routing daemon to stop running.
01091072 snmpwalk does not show all the entries in the Check Point tree.
00951914 SecurePlatform does not support HP NC522SFP Dual Port 10GbE Gigabit Server Adapters.
01057118 On 32-bit SecurePlatform the SNMP OID .1.3.6.1.2.1.31.1.1.1.6 (ifHCInOctets) shows a truncated value when traffic exceeds 136 MB.
Security Management
00897954 The set2xml parser leads to crashes when "_l-" substring exists in user-defined object names. Example: some_name_I-AG.
01042427,
00944256, 00944154,
01045126
Memory leak in FWM daemon.
00975073,
00983111,
00983800
Policy installation fails with error "Operation failed. Install/uninstall has been improperly terminated" instead of showing a proper error message and FWM daemon crashes when a NAT contains multiple Source / Destination objects.
Refer to sk103918.
01054133 In a Multi-Domain Security Management environment, options for High Availability are not available in SmartDashboard.
01076084 IPv6 traffic is dropped on Anti-Spoofing after changes to the IPv6 spoofing configuration.
01076096 Scheduled IPS update does not work on R75.46 running on Windows.
00963167 Corrupted cp.license file on a Security Gateway causes FWM to crash on the Security Management Server.
01025611 Memory leak in FWD daemon.
01074771 Policy installation fails on Security Gateways with Mobile Access Blade enabled.
01094157 Wrong Registration Key is sent in e-mail through ICA tool.
Example:
Valid Registration Key: 60078-vevvj8
Wrong Registration Key: CN=user one+OU=users,O=gr7540,O=MGMT..f6wyjb 92161-v7rwcy
Multi-Domain Security Management
01073807
CMA sync fails with the warning message "Database has been changed since synchronization start". Refer to sk88260.
01076616 The FWM daemon on the CMA becomes unstable during a Database Revision because the Value of CurrentMSP in the registry is corrupt.
00912430 Memory leak in FWM daemon on Domain Management Server.
01044637 After restarting the Secondary CMA, Domain Management Servers are out of sync, even though no changes occurred.
01062126,
00944214 
In a Provider-1 environment, security policy installation fails, when it includes VPN rules. Errors:
do_cklic_ex: Activated with signature: null
fw: no license for 'ca'
Rule xx: no license for encryption.   (where xx is your policy rule number)
00950201 Memory leak in FWM daemon.
01060351 mds_exclude.dat option does not work on mds_backup on R75.45 Provider-1 - definitions in mds_exclude.dat file is ignored.
01002221 Configuration fails when adding external interface with a name that is longer than 8 characters.
01051597 Renaming policy on CMA results in error "Global object modification is prohibited".
SmartConsole
01062616 Unicode characters might display incorrectly in the LDAP users tree in SmartDashboard:
  • If enable the "Unicode support" option in "LDAP account unit", all fields correct but "branch" field is corrupted
  • If clear the "Unicode support" option in "LDAP account unit", the "branch" field is displayed correctly, but the "Login name", "Last name", "full name" and some other fields are corrupted.
00915226 Importing certificate for Mobile Access portal causes SmartDashboard to hang.
00939069 IP Pool NAT settings disappear (checkbox is not selected and the range is removed) in the IP Pool NAT tab on an interface in a cluster topology.
01057417 User cannot add a new 'group with exclusion' from the 'Add object' menu into NAT rulebase.
01047673 After a policy is installed, a popup window appears, asking to "save policy", even though the policy was saved before its installation.
00938796 SmartDashboard crashes when changing from 'Read-only' to 'Read/write' mode.
00972548 In SmartDashboard 'Read-only' mode, scrolling down the network objects list in the User Properties window does not work.
00968991 SmartDashboard freezes when user tries to modify an object.
00938334 ROBO Cluster members do not resolve in SmartView Tracker.
Note: The fix is not supported for Windows platforms.
01055324 After upgrading from R75.30 to R75.40, SmartView Monitor shows that all Security Gateways are in the 'Attention Needed' state.
01087743 Carriage Return characters in Edge configuration script are deleted during an upgrade.
01081844 When choosing a group in the source/dest/service field of a rule, policy verification does not recognize identical rules as duplicates and some rules will have overlapping objects.
01081392 Administrators with full permissions see masked users with an asterisk in SmartView Tracker.
01039951 Anti-Spam tab in SmartDasboard does not recognize Security Gateway object with enabled Anti-Spam.
00931121 SmartWorkflow shows UTC time instead of the local time.
01059319 Deleting an object in SmartDashboard clears the contents of the Windows clipboard.
01059502 SmartLSM gateways are not shown correctly in SmartView Tracker.
01002306 Configuring IP Pool NAT triggers a "IP Pool NAT is required to be defined on at least one interface" error pop-up on SmartDashboard.
01085350 When "cpstart -b" fails on boot, it does not display the error message on the console.
01083350 The migrate folder in $FWDIR/tmp directory does not get deleted at the end of an advanced upgrade.
Management Portal / WebUI
01062364
After logging into a system with TACACS+ credentials, privilege elevation operations through clish or WebUI cause the system to freeze.
SmartReporter
00940898 PDF generated by Smart Reporter is corrupted. PDF reports shows an error "There was an error opening this document. The root object is missing or invalid".
01014254 SmartReporter does not show all 50 users, when generating 'Top 50 Users' report.
01042436 Changes are not saved correctly for specified custormers in the SmartReporter Input tab.
00923904 Selecting *.MHT report option generates an *.HTML format report instead.
01056289 Problems occur in an environment with many Customer Management Add-ons (CMAs), if the Multi-Domain Server is rebooted during a SmartReporter consolidation session. All of the CMAs change from "processing logs" to "Tying to connect".
01071053 SmartReporter does not include logs from SAM rules when generating reports.
SmartEvent
00893937 Time setting in Database Maintenance Settings is displayed incorrectly: Time of Action 2:00 AM is displayed as AM 00:02. and 24:10 is displayed as 10:24
00911162 "An unexpected error occurred. No write permissions for object: OBJ_4DB1B12E_5524_4F28_8CFE_879D4171C39A of type: CSchedItem (File: .\DBMaintenanceBridge.cpp Line: 804" error shows, when trying to change settings in SmartEvent GUI.
00819588 Missing filter for confidence in SmartEvent user defined policy.
00917364 Mail messages from SmartEvent automatic reaction show incorrect time.
01060840 In R75.40 SmartEvent, cannot view content of an email for a DLP event (the 'Show Email' icon does not work) because of mismatch between SmartEvent and Security Management release numbers.
01045219 Cannot launch SmartEvent from SmartDashboard receiving an authentication failure message and the cpsemd process crash.
01079792 SmartEvent fails to send E-mail alert for IP sweeps events when the event is configured for Automatic Reaction.
The $RTDIR/log/cpsemd.elg file shows:
CEventParser::_readFile: failed to read from /opt/CPrt-R71/tmp/eventDetails3.xml CEventParser::GetMhtForMail: Faild to create html
CInternalMailCommand::Execute: Event has no data
01080432 Russian user names show up corrupted.
SmartProvisioning
00920712
SmartProvisioning hangs during search.
01056773 LSMcli command ModifyROBOInterface VPN1Edge fails with 'Validation error in field..' error, when used with these switches: Hide NAT, interface mode, DHCP.
00917252 SmartProvisioning can crash in rare cases when running Update Selected Corporate Office Gateway on cluster object.
Mobile Access
00923887 If a large PDF file is sent as application/octet-stream with many regular ASCII characters in the beginning, it will not be downloaded and 0 size file will be created.
01054103 If URL link translation is used and a JavaScript page contains src="//:" an empty request is sent to the Security Gateway.
01054341
If a user logs out inside of a Web application and is directed to a login page, SSO might use the default credentials instead of the user's credentials.
01054343 If SSO is enabled, Web applications with complex login pages load slowly.
00967218 The Mobile Access login page is unstable when connecting from a Windows Phone 7.5 browser.
01028151 Cannot use Java Script (for example, document.body.style.background ="url(../test.jpg)";) to set the background image for internal sites accessed through the Mobile Access Portal.
01068161 ActiveSync fails when LDAP server uses UPN as a username.
The following error can be found in httpd.log:
[APACHE] [CVPN_ERROR] Cvpn::ActiveSyncHandler::isConfForSameUser: The usernames are different: from conf (user1@company.com) from user (user1)
01054332 After a user logs out from a Web application, the FWSSO does not use the stored credentials for a repeat connection for the same user.
The problem is caused by authorization cache hit for login page, and credential are not stored in this cache.
01073383 Custom certificate parsing is not applied for the legacy authentication scheme.
01076131 httponly cookies are not forwarded correctly during NTLM negotiations.
01081092 Web Intelligence policy fails to load.
Error in httpd.log: [emerg] WIConnection::init. ERROR! install_policy failed
00871249,
00897790,
00937707,
00871307,
01087345,
01069328,
01087308,
00886432,
01087344
When using an ActiveSync app on an Android phone or an iPhone, multiple sessions could be established for each user. As a result, available licenses are exhausted on Security Gateway, which causes sporadic updates to e-mail and random losses of connectivity. Refer to sk68120.
01071535 Cannot use FileShare in Mobile Access portal if the AD password contains a comma. For example: "test,123".
IPS
00906619
IPS Exception does not work for non-compliant HTTP - traffic is dropped.
00938213 Files cannot be downloaded from a web server object that has the IPS header spoofing protection enabled. The download starts, then stops without showing any progress and never completes.
00941310 On IPSO, IPS Bypass is not implemented when the CPU load passes the configured threshold.
01022363 After upgrading to R75.40, a number of IPS profiles on the Domain Management servers changed from Detect to Prevent.
01056665 IPS logs show a host IP address instead of the host name.
00937766
'sd_global_white_list_check: fwx_get_original_conn() failed' error appeared repeatedly in /var/log/messages file. Refer to sk88280.
Identity Awareness
00938409,
01264259,
00938722,
01052881,
00974896,
01049256,
01200696,
01256842
PDP daemon crashes with core dumps unexpectedly.
01051749,
01064455,
01200715,
01061648,
01069916,
01264298,
01260090,
01061650,
01064691
PDP Security Gateway updates the identity role on the PEP Security Gateway only when the TTL is not equal to zero.
01040052 Enhancement: Configuration option is added for timeout value in user/password login via Captive Portal.
01048697 The Terminal Server Agent uses alternative UPN (if applicable), while the Identity Awareness agent uses the user domain name to identify the same user and the same domain in logs.
01015320

Enhancement: You can configure AD Query to ignore login events from users that log in to a different domain.

To configure this, in GuiDBEdit Tool, go to Table > Network Objects > network_objects > Management Server object - then in the lower pane, go to "ad_query_profile" > "ignore_different_domains".
Set the value of ignore_different_domains attribute to "true". Save all changes.

00939493 Captive Portal language customization does not work. The necessary field does not exist in /opt/CPNacPortal/phpincs/view/html/Authentication.php by default.
01065724 When modifying customAgent.msi using cpmsi_tools, the msi does not update the registry.
Anti-Malware
00940647, 00974903 Anti-Malware engine blocks POP3 message download. The in.emaild.pop3 and in.emaild.smtp processes crash.
Endpoint Security on Demand
00909605
Endpoint Security on Demand updates fail with error: "Failed module reports that local application ended during handshake".
Smart-1
01041691
Cannot use 'Backup' or 'Scheduled Backup' to back up to an FTP server from the Smart-1 WebUI, receiving error "GENERAL_ERROR".
SmartLog Index Server
01054296
The FWM daemon crashes, because the SmartLog is not supported on Solaris Security Management. Refer to sk86585.
ClusterXL
01081271 When VMAC is configured on 21400 series appliances, the traffic sent to Non Pivot member is dropped.
01087692 Full Sync fails after reboot.
01079289,
01103133,
01081270,
01086900,
01095303,
01081271,
01089476,
01081272,
01101130
Non-Pivot cluster member on 21400 appliances drops the packets without any log when VMAC is enabled. Refer to sk89321.
SecureXL
00259925 Memory leak in asynchronous (SecureXL) IPSO appliances.
01088382,
01088433,
01088434
  • SecureXL does not start on the Backup member of VRRP cluster after reboot.
  • Output of "fwaccel stat" command shows:
    Accelerator Status : off by Firewall (too many general errors (NUMBER) (caller: Name_of_Function)).
Refer to sk100467 (Scenario 4 - "SecureXL does not start on the Backup member of VRRP cluster after reboot").
IPsec VPN
01064508
Cannot configure a timeout for the Security Gateway to lease an Office Mode IP address from a DHCP server - Office Mode DHCP request timeout is hard-coded to 5 seconds.
01089882 VPND daemon crashes when Mobile Access clients authenticate using long certificates.
Mobile VPN Client
01052809
Remote access VPN users cannot use UPN certificates for authentication.
SSL Network Extender
00901633 On Windows client machines, after SSL Network Extender tunnel establishment, the DNS suffix gets truncated.
00950862 DNS configuration on Windows 7 computers does not work properly for 3G modems that use a legacy driver (not implemented as Microsoft WWI device).
00748457 After connecting with SSL Network Extender to a VPN domain from a Windows 7 client, and then disconnecting, inbound connectivity to one or more NICs is lost. Microsoft's IP stack is dropping the inbound packet because it is viewed as "not locally destined", even though there is a LAN interface with that IP address bound to it.
01090849 SSL Network Extender fails to connect when using an authorization certificate with a UPN.
VPN
00924424
Poor connection to the LDAP server results in CVPND process crash.
00951684
After a Security Gateway reboot, policy installation, or VPND daemon restart, the vpnd process runs in debug mode. Refer to sk86620.
01074564 MPLS (trusted connection) configuration does not always work on a system with CoreXL enabled: the packet is dropped with "...vpn_encrypt_chain Reason: No error;" message in kernel debug.
00260574

VPN negotiation fails for some NAT-T interfaces, getting the error "PAYLOAD-MALFORMED" in $FWDIR/log/ike.elg log file.

A configurable mechanism now limits the size of IKE packets for Security Gateways with a large number of external interfaces.

01044197 Vulnerability to Downgrade Attack during SSL negotiations (CVE-2008-7270).
00895953 Insufficient memory allocation when supporting a large number of Security Gateways.
Kernel errors:;
fw_salloc: fwioctl: fwbintabreplace: failed to allocate 131680 bytes
FW-1: Warning: fw_kmalloc: unable to allocate 131672 bytes for fwioctl: fwbintabreplace
fwioctl: fwbintabreplace: fw_kmalloc(131664) failed
fwioctl: cmd=40e87ad4 data=f2e73580
00937971
When using CoreXL and VPN over VPN (encrypting an already encrypted VPN packet), a gateway in a Site-to-Site configuration will fail to register a valid SA and drop the encrypted packets with "no valid SA" error.
01055167 Changes to the shared secret of a VPN community are not saved.
00821417, 00827465, 00832833, 00851996, 00944368, 01056623, 01057165, 01110932, 01573964, 01574712
Security Gateway will stop maintaining new IKE negotiations if it fails to resolve VPN peers (the relevant negotiations for peers that were not resolved are not removed from the internal data structure, which causes the data structure to get full and not accept new negotiation to process).
00954294 Issues occur when handling remote access connections from a user who is in many user groups.
00922603,
01056597
Reauthentication timeout interval for Remote Access clients is limited to one day.
00943687 Changing VPN capacity optimization options does not change the corresponding kernel tables size (ike2esp, peer2ike, ike2peer)
00905443 CoreXL drops 'in clear' traffic from a trusted interface with "Clear text packet should be encrypted" message.
01091769

Incorrect error level messages shown in the $FWDIR/log/vpnd.elg log file.
Example:
cptls_Validation::CheckRevocation_cb: vrc: 0, elevel: 2005845172
cptls_validation_cb: called. validation rc: 0, error level: 2005845172

01088262 Large remote access community topologies cause a kernel memory leak.
01081704 If link selection "statically NATed IP" is enabled, UDP traffic sent to the IP address of the Security Gateway is dropped with message: "...vpn_ipsec_decrypt Reason: decryption failure: Could not get SAs from packet;" in kernel debug.
01057165 Memory leak in IKE negotiation.
01091750 Cannot install policy when there are more than 255 VPN communities defined.
Error: "The Community idX has an ID higher than 255 (256). Please change the value of the "ID" attribute in this community, possible value could be anything between 1 to 255"
01086058 When CoreXL is enabled, multiple duplicates of the log message "disconnected from gateway" appear.
00764349 Windows L2TP client disconnects after 1 hour.
VSX
00661732
Missing entries in the Check Point MIB file in the VSX Appliance for snmpwalk3 172.24.139.115 svn command.
01004032 When adding over 32 warp interfaces in VSX, "Virtual System interface count exceeds 64" error shows.
00943793 Interface sorting for VSX cluster topology does not work in SmartDashboard - nothing is displayed.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment