This hotfix package installs important updates for R75.40 Security Gateways for improved Identity Awareness stability and performance.

This hotfix should be installed only on R75.40 Security Gateway with the R75.40 hotfix. No need to install it on Security Management servers.

This hotfix requires reboot.

 

Table of Contents

• Known Limitations
• Identity Awareness R75.40 Hotfix Downloads
• Installation Instructions
• Resolved Issues in Identity Awareness R75.40 Hotfix

 

Known Limitations

• Upgrade from this version to R75.45 or to R75.46 is not supported. If you wish to upgrade, uninstall the Identity Awareness hotfix before upgrading. If upgrading to R75.45, it is recommended to install the Identity Awareness stability fixes and performance enhancements hotfix for R75.45.

Identity Awareness R75.40 Hotfix Downloads

• Identity Awareness R75.40 Hotfix for IPSO
• Identity Awareness R75.40 Hotfix for SecurePlatform and Gaia/Gaia+
• Identity Awareness R75.40 Hotfix for Gaia CPUSE Offline installation (for instructions, refer to sk92449)

 

Installation Instructions

Make sure you have installed the R75.40 Hotfix.

1. Extract and run the package:
   
   [Expert@HostName]# tar -zxvf CHECK_POINT_R75_40_HOTFIX_041_001_sk92420.tgz
[Expert@HostName]# ./fw1_wrapper_HOTFIX_FOXX_HF_041_001_986001030_2
   
   Note: The script will run 'cpstop' command.
   
   
2. Make sure that the script completes successfully (no errors).
   
   
3. Reboot the machine.
   
   
4. To uninstall the hotfix, run the uninstall script:
   
   [Expert@HostName]# ./opt/CPsuite-R75.40/uninstall_fw1_wrapper_HOTFIX_FOXX_HF_041_001
   
   In addition, run the following commands:
   
   [Expert@HostName]# cp -R /opt/CPNacPortal /opt/CPNacPortal_Backup
[Expert@HostName]# tar xvzf $FWDIR/nacportal.backup.tgz -C /opt/CPNacPortal
   
   If you encounter problems during the uninstall process, contact Check Point Support.

 

Resolved Issues in Identity Awareness R75.40 Hotfix

ID	Symptom	Integrated in
Identity Awareness
01083265	Improved PDP Daemon memory usage.	R76
01100310	When modifying customAgent.msi of the Identity Awareness Agent using cpmsi_tools, the msi does not update the registry.	R75.46
01100382	The PDP daemon terminates unexpectedly.	R75.46, R76
01116098	Improved CPU usage when choosing "Assume only one user per IP".
01069915	Enhanced communication between PDP and PEP.	R75.46
01115503	Wrong session update in case of session deletion.	R76
01069525	Performance improvement for Identity Awareness blade for distributed deployments, where the gateway acquires identities from many sub-networks.	R75.46
01069930	Enhancement: Added configurable option to to change the default debug size and number of cyclic logs for PDP and PEP. See sk90281 for more details.	R75.47, R76
00944908	Enhanced communication between PDP and PEP.	R75.45
01044827	"X-forward-for" replacement in Identity Awareness with Application Control does not work.	R75.46, R76
01073595	Improved memory usage when using ADQuery.
01115543	Memory leak when using ADQuery.
01069916	The PDP updates the identity role on the PEP only when the TTL is not equal to zero.	R75.47
01055444	Identity Awareness AD Query for Log_user_ad_logins did not correctly filter all relevant logs.	R75.45
01092026	Enhancement: You can configure AD Query to ignore login events from users that log in to a different domain. To configure this, in GuiDBEdit, go to Network Objects > Network Objects > Management > ad_query_profile > ignore_different_domains. Set the value of ignore_different_domains to "true".	R75.46, R76
01115460	Improved memory usage and CPU consumption when using ADQuery.	R75.47
01099415	Captive Portal displays an error when using iOS6 wifi hotspot detector.	R75.46, R76
01123051	On IDA environment with identity sharing, identities created by a local gateway that are on the same 32/28 network as identities created by a remote gateway might be lost in rare occasions. This causes incorrect enforcement of role based rules at random times.	R75.47
01124186	Sporadic pdpd stability issue.	R75.47
Firewall
01090021	In rare cases, URL Filtering causes instability.	R75.40VS, R75.46
00994117	Using URI resource with UFP server causes high CPU utilization.	R75.46
01044862	Memory leak in kernel during certain content inspection conditions.	R71.50, R75.45
01049355	Skinny packets drop with error "Malformed SCCP packet - Invalid Reserved field".	R75.45, R75.46, R76
01050710	When using the Security Gateway as a proxy server in non-transparent mode, cannot browse to web site. Proxy connection is not removed from the HTTP header.	R75.46, R76

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.