Support Center > Search Results > SecureKnowledge Details
R75.47 Security Management upgrade to R77
Solution

Notes:

  • R75.47 Security Management server / Multi-Domain Security Management server upgrade to R77 is fully supported.
  • Due to the fact that parts of R75.47 fixes are not included in R77, upgrade of R75.47 Security Gateway to R77 is not supported. Nevertheless, customers can perform a clean install of a Security Gateway with R77 to replace the R75.47 if needed.

Important note: The following resolved issues relevant to Security Management server / Multi-Domain Management were fixed in R75.47 and are NOT a part of R77.

 

Table of Contents

  • FireWall
  • Security Management
  • Anti-Bot / Anti-Virus
  • Identity Awareness
  • SmartDashboard
  • SmartProvisioning
  • URL Filtering
  • SmartEvent / SmartReporter / SmartLog
  • Multi-Domain Security Management Server
ID Symptoms
FireWall
01136720,
01137534,
01137535,
01137536		 Security Gateway drops the connection when there is Dynamic Object in the NAT rulebase, which is not mapped (is not configured in the Dynamic Objects list on the Security Gateway).
01150621,
01155058,
01172804,
01155060,
01155061,
01155059		 RPC NULL calls and RPC GETTIME calls are dropped on cleanup rule even when used the RPC service 'nfsprog'.
Security Management
01085749,
01090991,
01090990,
01090988,
01152734		 Skybox LEA Client cannot fetch all logs from Security Management Server / Log Server.
01109343,
01110887,
01110888,
01168270		 FWM daemon crash if LDAP user with DN longer than 503 characters was selected in SmartDashboard.
00983975,
00987027,
01176017,
01102388,
01175979		 The $FWDIR/log/fwm.elg file is filled with unnecessary messages:
CCPMIStatusRequest::~CCPMIStatusRequest: Called destructor for an uninitialized object or already released
01155286,
01155688,
01155686,
01155687		 When creating a certificate via ICA tool, it is not saved.
Anti-Bot / Anti-Virus
01152926,
01155814		 The following error is displayed in SmartDashboard when added a service in Anti-Bot & Anti-Virus policy:

SmartDashboard - 'Anti-Bot & Anti-Virus' tab - go to 'Policy' - right-click on 'Protection' column - add 'Service' - in 'Service' column click to add service - start typing in the drop down text box.

ModalDropDownContainer
Unhandled exception has occurred in a component in your application.
If you click Continue, the application will ignore this error and attempt to continue.
Can't find property '[ipaddr]'.
01103916,
01104533,
01104532		 The Anti-Virus Policy does not show the 'Service' column in SmartDashboard.
Identity Awareness
01157206,
01159941,
01159942,
01159943,
01209559,
01321563,
01351162,
01363762,
01395591;
01459004,
01459085		 "CLogFormat::create failed - field already exists !" messages appear repeatedly in $FWDIR/log/fwd.elg file on Identity Awareness gateway.
Refer to sk102171.
SmartDashboard
01093127,
01132353,
01117435,
01131576,
01131575,
01131568		 In the object of Gaia VRRP cluster - go to 'Topology' - click on 'Edit Topology...' button - 'Get Topology' button is not available under the members' names.
Note: The improved SmartDashboard requires a fix from sk93201 to be installed on VRRP cluster members. Refer to Resolved Issue 01153574.
01117384,
01120540,
01120541		 On the IPS tab, when you right-click a signature and select 'Edit follow up comment', the comment is not saved.
01065620,
01066036,
01066037
 It is possible to set "Timeout for SYN attack Identification" to 1-3 seconds although the actual minimum value is 4 seconds.
SmartProvisioning
01095224,
01096963,
01096961,
01096962		 Memory leak in the CPD daemon when using SmartProvisioning.
01117423,
01118213,
01118214,
01320963,
01350176,
01350524		 Dynamic Object LocalMachine_All_Interfaces on ROBO gateway does not include all the interfaces that were configured in SmartProvisioning GUI.
Refer to sk98418.
01171847,
01173514,
01173512,
01173513		 If $FWDIR/conf/robo-IKE.NDB file on Security Gateway contains duplicate keys (due to some leftovers of old deleted ROBO/Edge devices), validation results in drop of VPN traffic.

LSMrouter will now validate that there are no duplicate keys for the 'Robo_ranges' hash table (key is a range <lo_ip,hi_ip>). If there are duplicate keys, update CO will now fail:
  • SmartProvisioning will show 'Fail Execution'.

  • Running LSMrouter command will show: 
    [Expert@GW_HostName]# LSMrouter 
duplicate keys, ip range is not unique: lo_ip: X.X.X.X, hi_ip: X.X.X.X 
Memory allocation failure!
SmartEvent / SmartReporter / SmartLog
01144961,
01145801,
01145799,
01145800		 The symbolic links for the $SMARTLOGDIR/data/ directory and the $SMARTLOGDIR/log/ directory in the context of Domain Management Server are not always created when upgrading a Multi-Domain Security Management Server.
01092958,
01093460,
01093461,
01093462		 'Outgoing' traffic is shown as 'Other' in the '...by Direction' section of the Cross Blade Network Activity report.
Refer to sk90620.
01161276,
01161948,
01239460,
01161946,
01244974,
01161949,
01244126;
01168703,
01171253,
01251118,
01171252,
01171251		 The following errors appear repeatedly for SmartReporter/SmartEvent in Windows Event Viewer - Application log:

  • Source: PostgreSQL
    Event ID: 0
    ERROR: schema "mysql" does not exist
    STATEMENT: delete from mysql.user where host='build' or user = 'PUBLIC'

  • Source: PostgreSQL
    Event ID: 0
    ERROR: column "sam_int_domain_name" does not exist at character X
    STATEMENT: SELECT SAM_INT_DOMAIN_NAME FROM INT_DOMAIN

  • Source: PostgreSQL
    Event ID: 0
    ERROR: relation "con0X_connections" already exists
    STATEMENT: CREATE TABLE CON0X_CONNECTIONS(...)
Refer to sk92862.
URL Filtering
01175810,
01177409,
01177407,
01177408		 Policy installation fails with 'Load on module failed - no memory' error when the size of URL Filtering cache parameter 'cache_max_hash_size' is set to a value over 25000.
Refer to sk101875.
Multi-Domain Security Management Server
01107629,
01108173,
01108174		 In the SmartDomain Manager: launch a Read-Only SmartDashboard connected to a Domain Management Server - go to 'IPS' tab - expand 'Protections' - expand 'By Protocol' - expand 'IPS Software Blade' - expand 'Web Intelligence' - right-click on 'General HTTP Worm Catcher' protection - select 'See Details...' - in the 'Worm Patterns Definitions' line, click on 'Edit...' button - click on any pattern - the 'View...' button was grayed out.


Sync with UserCenter

Customers who chose to periodically synchronize their server and gateway data with UserCenter (under Help > Sync with UserCenter) may notice that their data is no longer synchronized automatically after the upgrade from R75.47 to R77.

To make sure that the periodic synchronization continues to work as before, after the upgrade is over, go to SmartDashboard >  Global Properties > Security Management Access and verify that the option "Improve Product experience by sending information to Check Point" is selected.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment