Support Center > Search Results > SecureKnowledge Details
Identity Awareness R75.40 - Stability Fixes and Performance Enhancements
Solution

This hotfix package installs important updates for R75.40 Security Gateways for improved Identity Awareness stability and performance.

This hotfix should be installed only on R75.40 Security Gateway with the R75.40 hotfix. No need to install it on Security Management servers.

This hotfix requires reboot.

 

Table of Contents

  • Known Limitations
  • Identity Awareness R75.40 Hotfix Downloads
  • Installation Instructions
  • Resolved Issues in Identity Awareness R75.40 Hotfix

 

Known Limitations

Identity Awareness R75.40 Hotfix Downloads

 

Installation Instructions

Make sure you have installed the R75.40 Hotfix.

  1. Extract and run the package:

    [Expert@HostName]# tar -zxvf CHECK_POINT_R75_40_HOTFIX_041_001_sk92420.tgz
    [Expert@HostName]# ./fw1_wrapper_HOTFIX_FOXX_HF_041_001_986001030_2

    Note: The script will run 'cpstop' command.

  2. Make sure that the script completes successfully (no errors).

  3. Reboot the machine.

  4. To uninstall the hotfix, run the uninstall script:

    [Expert@HostName]# ./opt/CPsuite-R75.40/uninstall_fw1_wrapper_HOTFIX_FOXX_HF_041_001

    In addition, run the following commands:

    [Expert@HostName]# cp -R /opt/CPNacPortal /opt/CPNacPortal_Backup
    [Expert@HostName]# tar xvzf $FWDIR/nacportal.backup.tgz -C /opt/CPNacPortal

    If you encounter problems during the uninstall process, contact Check Point Support.

 

Resolved Issues in Identity Awareness R75.40 Hotfix

ID Symptom Integrated in
Identity Awareness
01083265 Improved PDP Daemon memory usage. R76
01100310 When modifying customAgent.msi of the Identity Awareness Agent using cpmsi_tools, the msi does not update the registry. R75.46
01100382 The PDP daemon terminates unexpectedly. R75.46,
R76
01116098 Improved CPU usage when choosing "Assume only one user per IP".  
01069915 Enhanced communication between PDP and PEP. R75.46
01115503 Wrong session update in case of session deletion. R76
01069525 Performance improvement for Identity Awareness blade for distributed deployments, where the gateway acquires identities from many sub-networks. R75.46
01069930 Enhancement: Added configurable option to to change the default debug size and number of cyclic logs for PDP and PEP. See sk90281 for more details. R75.47,
R76
00944908 Enhanced communication between PDP and PEP. R75.45
01044827 "X-forward-for" replacement in Identity Awareness with Application Control does not work. R75.46,
R76
01073595 Improved memory usage when using ADQuery.  
01115543 Memory leak when using ADQuery.  
01069916 The PDP updates the identity role on the PEP only when the TTL is not equal to zero. R75.47
01055444 Identity Awareness AD Query for Log_user_ad_logins did not correctly filter all relevant logs. R75.45
01092026 Enhancement: You can configure AD Query to ignore login events from users that log in to a different domain.
To configure this, in GuiDBEdit, go to Network Objects > Network Objects > Management > ad_query_profile > ignore_different_domains. Set the value of ignore_different_domains to "true".
R75.46,
R76
01115460 Improved memory usage and CPU consumption when using ADQuery. R75.47
01099415 Captive Portal displays an error when using iOS6 wifi hotspot detector. R75.46,
R76
01123051 On IDA environment with identity sharing, identities created by a local gateway that are on the same 32/28 network as identities created by a remote gateway might be lost in rare occasions. This causes incorrect enforcement of role based rules at random times. R75.47
01124186 Sporadic pdpd stability issue. R75.47
Firewall
01090021 In rare cases, URL Filtering causes instability. R75.40VS,
R75.46
00994117 Using URI resource with UFP server causes high CPU utilization. R75.46
01044862 Memory leak in kernel during certain content inspection conditions. R71.50,
R75.45
01049355 Skinny packets drop with error "Malformed SCCP packet - Invalid Reserved field". R75.45,
R75.46,
R76
01050710 When using the Security Gateway as a proxy server in non-transparent mode, cannot browse to web site. Proxy connection is not removed from the HTTP header. R75.46,
R76
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment