This hotfix package installs important updates for R75.40 Security Gateways for improved Identity Awareness stability and performance.
This hotfix should be installed only on R75.40 Security Gateway with the R75.40 hotfix. No need to install it on Security Management servers.
This hotfix requires reboot.
Table of Contents
-
Known Limitations
-
Identity Awareness R75.40 Hotfix Downloads
-
Installation Instructions
-
Resolved Issues in Identity Awareness R75.40 Hotfix
Known Limitations
Identity Awareness R75.40 Hotfix Downloads
Installation Instructions
Make sure you have installed the R75.40 Hotfix.
- Extract and run the package:
[Expert@HostName]# tar -zxvf CHECK_POINT_R75_40_HOTFIX_041_001_sk92420.tgz
[Expert@HostName]# ./fw1_wrapper_HOTFIX_FOXX_HF_041_001_986001030_2
Note: The script will run 'cpstop' command.
- Make sure that the script completes successfully (no errors).
- Reboot the machine.
- To uninstall the hotfix, run the uninstall script:
[Expert@HostName]# ./opt/CPsuite-R75.40/uninstall_fw1_wrapper_HOTFIX_FOXX_HF_041_001
In addition, run the following commands:
[Expert@HostName]# cp -R /opt/CPNacPortal /opt/CPNacPortal_Backup
[Expert@HostName]# tar xvzf $FWDIR/nacportal.backup.tgz -C /opt/CPNacPortal
If you encounter problems during the uninstall process, contact Check Point Support.
Resolved Issues in Identity Awareness R75.40 Hotfix
| ID |
Symptom |
Integrated in |
| Identity Awareness |
| 01083265 |
Improved PDP Daemon memory usage. |
R76 |
| 01100310 |
When modifying customAgent.msi of the Identity Awareness Agent using cpmsi_tools, the msi does not update the registry. |
R75.46 |
| 01100382 |
The PDP daemon terminates unexpectedly. |
R75.46,
R76 |
| 01116098 |
Improved CPU usage when choosing "Assume only one user per IP". |
|
| 01069915 |
Enhanced communication between PDP and PEP. |
R75.46 |
| 01115503 |
Wrong session update in case of session deletion. |
R76 |
| 01069525 |
Performance improvement for Identity Awareness blade for distributed deployments, where the gateway acquires identities from many sub-networks. |
R75.46 |
| 01069930 |
Enhancement: Added configurable option to to change the default debug size and number of cyclic logs for PDP and PEP. See sk90281 for more details. |
R75.47,
R76 |
| 00944908 |
Enhanced communication between PDP and PEP. |
R75.45 |
| 01044827 |
"X-forward-for" replacement in Identity Awareness with Application Control does not work. |
R75.46,
R76 |
| 01073595 |
Improved memory usage when using ADQuery. |
|
| 01115543 |
Memory leak when using ADQuery. |
|
| 01069916 |
The PDP updates the identity role on the PEP only when the TTL is not equal to zero. |
R75.47 |
| 01055444 |
Identity Awareness AD Query for Log_user_ad_logins did not correctly filter all relevant logs. |
R75.45 |
| 01092026 |
Enhancement: You can configure AD Query to ignore login events from users that log in to a different domain.
To configure this, in GuiDBEdit, go to Network Objects > Network Objects > Management > ad_query_profile > ignore_different_domains. Set the value of ignore_different_domains to "true". |
R75.46,
R76 |
| 01115460 |
Improved memory usage and CPU consumption when using ADQuery. |
R75.47 |
| 01099415 |
Captive Portal displays an error when using iOS6 wifi hotspot detector. |
R75.46,
R76 |
| 01123051 |
On IDA environment with identity sharing, identities created by a local gateway that are on the same 32/28 network as identities created by a remote gateway might be lost in rare occasions. This causes incorrect enforcement of role based rules at random times. |
R75.47 |
| 01124186 |
Sporadic pdpd stability issue. |
R75.47 |
| Firewall |
| 01090021 |
In rare cases, URL Filtering causes instability. |
R75.40VS,
R75.46 |
| 00994117 |
Using URI resource with UFP server causes high CPU utilization. |
R75.46 |
| 01044862 |
Memory leak in kernel during certain content inspection conditions. |
R71.50,
R75.45 |
| 01049355 |
Skinny packets drop with error "Malformed SCCP packet - Invalid Reserved field". |
R75.45,
R75.46,
R76 |
| 01050710 |
When using the Security Gateway as a proxy server in non-transparent mode, cannot browse to web site. Proxy connection is not removed from the HTTP header. |
R75.46,
R76 |
|
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.
|
