Support Center > Search Results > SecureKnowledge Details
Check Point R77.10 Known Limitations
Solution

This article lists all of the R77.10 specific known limitations.

This is a live document that may be updated without special notice. We recommend registering to our weekly updates in order to stay up to date. To register go to UserCenter > ASSETS / INFO > My Subscriptions.

Important notes:

 

Table of Contents

  • Installation
  • Security Gateway
  • Gaia / SecurePlatform
  • ClusterXL
  • IPS
  • Security Management
  • Multi-Domain Security Management
  • SmartDashboard
  • SmartView Tracker
  • SmartUpdate
  • SmartLog
  • CoreXL
  • QoS
  • DLP
  • Application Control
  • Identity Awareness
  • UserCheck
  • VSX
  • Check Point Appliances
  • Mobile Access
  • SecureXL
  • Compliance Blade
  • SmartEvent
  • SmartReporter
  • Dynamic Routing
  • VPN
  • URL Filtering
  • SNMP
  • CPUSE
  • SmartProvisioning
  • VoIP
  • Threat Prevention (Anti-Bot / Anti-Virus / Threat Emulation)
  • SmartView Monitor
  • HTTPS Inspection
  • SmartWorkflow

 

ID Symptoms Integrated In
Installation
01305855 Uninstall through SmartUpdate is not supported. -
Security Gateway
01382860,
01384130,
01399995,
01400003,
01400018,
01400042,
01400044,
01400226,
01400439,
01400441,
01400443,
01400606,
01400624,
01400636,
01401303,
01401879,
01402060
Security Gateway might crash after an upgrade to R76 / R77 / R77.10.
Refer to sk100431.
R77.20
01540833,
01542323
Security Gateway with PPPoE external interface installs "defaultfilter" policy instead of an expected policy if PPPoE interface is administratively shut down.
Refer to sk43293.
-
01495958,
01496338,
01496872,
01499687
FWD process on Security Gateway might crash when working with Proxy ARP (as described in sk30197).
Refer to sk103214.
-
01202691 TCP SACK (Selective Acknowledgment) option is not supported with IPS protection 'ISN Spoofing'. -
01380239,
01381238
When running 'fw ctl affinity -l' command on Check Point appliance, the following errors appear in the output:
Error while reading mask
                        fw: Corrupt affinity value Unsupported
                    
Refer to sk99078.
-
01384154,
01407376,
01407752,
01408686
When malformed DHCP relay packet arrives, Security Gateway drops this packet and stops connection, but then next NOT malformed packet that arrives also dropped on same connection.
Refer to sk100233.
R77.20
01396472,
01396841
State of Sync interface configured on Bond interface is 'DOWN' for each Virtual System.
Refer to sk100450.
-
01412937,
01412888,
01413579,
01413577,
01415613,
01413580,
01414964
NFS traffic is allowed on 'nfsprog' service instead of 'mountd'.
Refer to sk101128.
R77.20
01423234,
01423963
IPS protection 'SYN Attack' (SYNDefender) drops SYN packet during cut-off period.
Refer to sk101405.
-
01426889 SmartView Monitor reports incorrect status of VRRP cluster. R77.20
01430609, 01432668, 01438923, 01450221, 01555515, 01570507, 01585395 Security Gateway with enabled Non-Transparent Proxy causes some sites to no longer function properly because HTTP 'OPTIONS' method is not recognized by the Security Gateway in Proxy mode.
Refer to sk102188.
-
01433313,
01433710
Policy installation fails due timeout on Security Gateway with Broadcom NetXtreme interfaces that use 'bnx2x' driver.
Refer to sk101547.
-
01444096,
01445734
UserCheck portal does not work after clean installation on IPSO OS.
Refer to sk101902.
-
01444923,
01447368
Proxy ARP entries for Automatic NAT rules are not written to the table on VRRP Cluster.
Refer to sk101907.
-
01426872,
01467589;
01427791,
01471887
Security Gateway might crash when available memory is low.
Refer to sk102719.
R77.20
01443734,
01445232,
01446201
IPv6 ICMP traffic (Neighbor Solicitation, Neighbor Advertisement) is dropped by "0 - Implied Rules".
Refer to sk102390.
-
01473057, 01473316 Although the ISP Redundancy is configured to have the PPPoE interface as primary, after a flap, the failback does not occur properly.
Refer to sk102560.
-
01438052,
01442503,
01443612,
01460515
Security Gateway might crash during policy installation in rare scenarios.
Refer to sk102787.
-
01496309,
01497174
The Security Gateway doesn not pass HTTP traffic to the Accept rule when Websense server is down - the "Igore UFP server after connection failure" setting in the URI Resource properties does not work. -
01513354,
01513406,
01513829,
01513872,
01513875
Security Gateway might crash when IPv6-over-IPv4 security rule is configured (with service SIT_with_Intra_Tunnel_Inspection), but IPv6 is disabled on Security Gateway.
Refer to sk103526.
-
01507852, 01508950, 01601106, 01572083

In the output of snmpwalk -v2c -c public localhost command, statuses for fwAcceptBytesIn and fwAcceptBytesOut are always 0 (zero) on all interfaces.

Refer to sk105395

-
01516302,
01516817
Fetching policy on a DAIP gateway fails with "External interface is not properly defined. Please run cpconfig to define it."
Refer to sk103819.
-
01493579, 01503031, 01522264 in.ahttpd process crashes repeatedly on Security Gateway with HTTP/HTTPS User Authentication rules.
Refer to sk103974.
-
01582224, 01594559 HTTP traffic with non-common HTTP methods does not pass through Security Gateway configured as Proxy.
Refer to sk104887.
-
01597807, 01598848 "Failed to load security policy: invalid argument" on policy installation failure.
Refer to sk105061.
-
01570045, 01570872 'raid_diagnostic' command and SmartView Monitor shows "State:MISSING" state for some harddisks.
Refer to sk104580.
-
01605756,
01606543,
01607383
Kernel panic on Security gateway due to memory access violation. -
01691906, 01692486 CPU consummation is high when environment is configured to run Multi-Queue.
Refer to sk106570
-
01863493, 01868284, 01865623, 01864610 Security Gateway is not able to download DShield BlockList because certificate name was changed on secure.dshield.org
Refer to sk21534.
-
01894464, 01896518, 01897216  "fw ctl affinity -l" command shows different results when running multiple times. Refer to sk109151. -
01718497, 01718501, 01718506 HTTP/HTTPS traffic drop when Domain Object is configured
Refer to sk110687.
 
01654017, 01845838, 02003221, 01717835
The "X-Forward-For" (XFF) header is not stripped from web traffic when Security Gateway is configured as HTTP/HTTPS Proxy in Non Transparent mode.
Refer to sk111016.
-
01705016, 01723483, 01778440, 01710137, 01848363, 01707360, 01856715 Issues with traffic and with web pages when Security Gateway is configured in Proxy Non-Transparent mode.
Refer to sk106663.
01644740, 01680224, 01689641, 01712179  ISP Redundency in Load Sharing mode is disabled when Non-Transparent Proxy is defined. Refer to sk111678. -
01855362,
01861704 
FireWall failover occurred after policy installation on the cluster. As a result, a VPN tunnel went down and a core dump file was generated.
-
01673097,
01927631,
01673098,
01927636
NAT Port Failure. Refer to sk111779.  
Gaia / SecurePlatform
01502473,
01503130,
01502711,
01503132
IPv6 traffic from some hosts stops passing randomly through the Security Gateway / Active ClusterXL member running Gaia OS.
Refer to sk103226.
-
01502687,
01502803,
01505698
VMCORE dump file created during the crash is incomplete (its size is only 1.9 GB) on a machine that has more than 4GB of RAM and runs Gaia OS with 32-bit kernel.
Refer to sk103328.
-
01320381,
01359306

When Gaia users are assigned the 'monitorAll' role, they cannot run external commands from clish, even if they should have read-only permissions.

Workaround: to execute the external commands with 'monitorAll' role, create the same user-defined role as 'monitorAll' and give it read-write permissions.

-
01102858,
01252296

In VRRP mode on Gaia OS, a VRRP Backup member cannot establish local connections.

Workaround: In the cluster object, clear the box "Hide cluster members outgoing traffic behind the cluster IP address" and install the policy.

-
01342543 New role names must be 30 characters or fewer. Roles with longer names will not be added. -
01338428,
01290516
Gaia Clish command "show virtual-system all" displays empty virtual system list when logging with TACACS+ / RADIUS user (non-local) to VSX Gateway.
Refer to sk105342.
R77.20
01336097,
01359428

The link state of an interface can momentarily go down if:

  • administrator changes the MAC address of the interface
  • administrator removes a physical slave interface from a Bond, if the slave's MAC address is the bond's MAC address
-
01377392,
01379912
RouteD daemon crashes on Gaia OS after enabling IPv6.
Refer to sk98863.
R77.20
01382403,
01383377,
01413125;
01450163,
00267167,
01458523,
01458527
Active member in ClusterXL HA Primary Up mode running on Gaia OS frequently reboots when PIM SM is configured and multicast traffic is passing through.
Refer to sk99042.
R77.20
01377096,
01377305
Gaia backup does not collect files from $CVPNDIR/conf/ directory.
Refer to sk99079.
R77.20
01375782,
01382255;
01374376,
01382252
RouteD daemon crashes on Gaia ClusterXL when the 'ping' option is set on a static route.
Refer to sk99025.
R77.20
01360794,
01377768
Security Gateway on Gaia OS might crash when setting MTU of 9000 and above (for Jumbo frames) on a Bond interface.
Refer to sk99113.
-
01382318,
01382397,
01423823,
01440537,
01475757
Clish or Gaia Portal might become unresponsive.
Refer to sk100174.
R77.20
01373478,
01373679,
01404998
SCP (Secure Copy Protocol) backup Gaia OS fails when user password is greater than 16 characters.
Refer to sk100215.
R77.20
01396067,
01397262
Login to Gaia OS Clish fails with "CLINFR0819 User: admin denied access via CLI" after clean installation.
Refer to sk100418.
-
01395337,
01395366
Clish crashes when logging in to the Expert mode from Clish.
Refer to sk113266.
R77.20
01395540,
01395748
Unable to add VLAN in WebUI when interface is not on the same page.
Refer to sk100538.
R77.20
01401927, 01402267, 01515140, 01610334, 01612989, 01613022
Security Gateway using the be2net NIC driver crashes when SecureXL is enabled. -
01406839,
01407599,
01464194
'cpstat os -f sensors' command does not show the hardware sensors information on some Open Servers.
Refer to sk102193.
R77.20
01408190 Output of Gaia Clish command 'show config-state' changes from 'saved' to 'unsaved'.
Refer to sk101051.
-
01413772,
01414025
VRRP cluster member on Gaia OS crashes when using 'arping' command.
Refer to sk101087.
-
01414789,
01414851
User authenticated by TACACS does not see the 'Blades' and 'Network Configuration' widgets on Gaia Portal's "System Overview" page.
Refer to sk101088.
-
01423170, 01423468, 01437168, 01569853
"Authentication failure" error when authenticating with TACACS user that has special characters (e.g., "$" sign) in his password and the "Enable TACACS+ authentication" option is enabled in Gaia Portal ('User Management' pane - 'Authentication Servers').
Refer to sk101332.
-
01446615,
01447324
"The value of sensor could not be read" error in /var/log/messages file and SNMP Traps about hardware sensors are sent repeatedly.
Refer to sk101898.
-
01445836,
00267031

"ifa_unnumbered_find_proxy: no proxy interface found" error appears repeatedly in /var/log/messages file.
Refer to sk101899.

-
01449608,
00267074
Random failovers in VRRP cluster with configured BGP on Gaia OS.
Refer to sk102006.
-
01455461,
01455632
Gaia backup on VSX R77.10 machine does not collect the contents of $CVPNDIR directory.
Refer to sk102027.
R77.20
01463257, 01501391, 01501393, 01502513, 01502515, 01541464, 01574366 Boot Menu is not seen during boot when connected via LOM card to Check Point Smart-1 25B or 13000 appliances.
Refer to sk102178.
-
01338366,
00265702

On a Security Gateway configured with DHCP Relay and automatic Hide NAT for the network(s), from which the DHCP Requests are sent, DHCP Offers are dropped by Security Gateway:

fw_log_drop_ex: Packet proto=17 IP_of_DHCP_Server:67 -> IP_of_Security_Gateway:67 dropped by fw_conn_inspect Reason: post lookup verification failed;

Workaround:
Before the Hide NAT rule, add a NAT rule that prevents the translation when traffic is on port 67, and is going to the DHCP server.
Make the NAT similar to this:
  • Original Packet:
      Source = Source network(s) for DHCP requests
      Destination = DHCP Server
      Service = UDP bootp
  • Translated Packet:
      Source = Original
      Destination = Original
      Service = Original
-
01338200,
00265700
In a VRRP cluster configured with DHCP Relay, simple BOOTP rules and Manual NAT, DHCP Offers are dropped by the cluster members:

fw_log_drop_ex: Packet proto=17 IP_Address:67 -> IP_Address:67 dropped by fw_conn_inspect Reason: post lookup verification failed;
fw_log_drop_ex: Packet proto=17 IP_Address:67 -> IP_Address:67 dropped by fw_conn_post_inspect Reason: fwconn_key_init_links (OUTBOUND) failed;

Workaround:
Before the NAT rule, add a NAT rule that prevents the translation when the traffic is on port 67 and going to the DHCP server.
Make the NAT similar to this:
  • Original Packet:
      Source = Source network(s) for DHCP requests
      Destination = DHCP Server
      Service = UDP bootp
  • Translated Packet:
      Source = Original
      Destination = Original
      Service = Original
-
01338239,
00265713
On a VRRP or ClusterXL cluster that is configured with DHCP Relay and Automatic Hide NAT for the network(s), from which the DHCP Requests are sent, DHCP Offers are dropped by the cluster members:

fw_log_drop_ex: Packet proto=17 IP_of_DHCP_Server:67 -> IP_of_Security_Gateway:67 dropped by fw_conn_inspect Reason: post lookup verification failed;

Workaround:
Before the Hide NAT rule, add a NAT rule that prevents the translation when traffic is on port 67 and is going to the DHCP server.
Make the NAT similar to this:
  • Original Packet:
      Source = Source network(s) for DHCP requests
      Destination = DHCP Server
      Service = UDP bootp
  • Translated Packet:
      Source = Original
      Destination = Original
      Service = Original
-
01337125,
00265708
In SecurePlatform OS, DHCP Relay does not send the DHCP reply packet received from the DHCP Server back to the DHCP Client. -
01430788,
01431074
Configuring an interface in Gaia Portal to obtain an IP address from DHCP causes all other interfaces with configured static IPv4 addresses to lose their current IPv4 addresses and also obtain an IP address from DHCP.
Refer to sk101513.
-
01429934, 01431285, 01576358, 01577926, 01578882, 01581134
In Gaia Portal, Link Status of VLAN interface defined on Bond interface does not change when the Link Status of Bond's physical slave interfaces changes.
Refer to sk101514.
-
01465885,
01466612
Deleting static route on SecurePlatform OS via 'sysconfig' menu does not survive a reboot, while via SecurePlatform WebUI it does.
Refer to sk102291.
-
01488429,
01489353
Intermittent outages of TCP traffic on 10GbE interfaces in IP Appliances running Gaia OS.
Refer to sk102969.
-
01471255,
01475263
Clish in Gaia OS is very slow when making any changes in Gaia OS configuration.
Refer to sk102994.
-
01518075 When the backed up file is restored, policy fetch fails. -
01426068,
01426160,
01445202,
01452026,
01469580,
01473270,
01500557,
01507021,
01513212,
01515176,
01515237
After a reboot the Gaia system loads without Clish and without static routes.
Refer to sk101501.
-
01524538,
01524594,
01526450,
01526769
Missing BGP routes after failover in a cluster with BGP Graceful Restart configured.
Refer to sk103724.
-
01530022,
01531035
Clish command "show asset all" returns incorrect Chassis and Motherboard information on 21000 appliances.
Refer to sk103711.
-
01562411,
01563149,
01562489
Security Gateway crashes with kernel panic when mounting / unmounting shared storage over CIFS. -
01523786,
01528656
SNMP configuration per RFC2925 "DISMAN-PING-MIB" does not work.
Refer to sk103817.
-
01443738, 01495302, 01560272, 00267123 RouteD process (routed -N) consumes CPU at 100% on a cluster member.
Refer to sk102436.
-
01566243,
01566361
Standby member of VRRP cluster crashes with deadlock. -
01563234, 01564383, 01565007 RouteD daemon might crash due to memory leak when PIM Sparse Mode multicast is configured.
Refer to sk104518.
-
01562499, 01566876 RouteD daemon crashes after receiving an OSPF LSA packet that contains invalid netmask.
Refer to sk104519.
-
01574444, 01575917, 01581226, 01594203, 01595732;
01606353, 01607637, 01660734
confd process consumes CPU at high level when Gaia Database (/config/db/initial_db) file size is large.
Refer to sk104761.
-
01621147 System hangs for 20 minutes at boot after hotfix installation.
Refer to sk105582.
-
01634892
Gaia machine might boot up without IP addresses after fresh installation, configuration and reboot.
Refer to sk105779.
-
01458160, 01461805, 01470402, 01510462, 01511898, 01512051 Output of "ps auxw" command after reboot shows multiple "clishd" processes in state "Z" (zombie) with "defunct" arguments.
Refer to sk105953.
-
01593435, 01601476, 01654908 Gaia VRRP member freezes when deleting a VLAN interface previously associated with VRRP.
sk106226.
-
01692028, 01693665 CPU utilization spikes every 30 seconds on Open Server with RAID controller that uses CCISS driver when SmartView Monitor is open.
Refer to sk106575.
-
01593528, 01594658

Different number of IPv6 neighbors is shown in Expert mode and in Gaia Clish:

  • In Expert mode, output of command "ip -6 neighbour show" shows all expected IPv6 neighbors.
  • In Gaia Clish, output of command "show neighbor dynamic-table" shows up to 50 IPv6 neighbors.
Refer to sk106622.
-
01730613
Output of Gaia Clish command "show asset memory" shows less RAM than is actually installed on Check Point appliance.
Refer to sk107032.
-
01806088, 01806618 RADIUS users with CLISH as default shell, cannot login via SSH.
Refer to sk107648
-
01886416, 01887574, 01887926  "delete interface <interface_name> alias <interface_name>" command corrupts the database.
Refer to sk109199.
-
01725282, 01781230
Authentication on Gaia OS from console with local user fails (times out) while two RADIUS servers are configured.
Refer to sk111572.
-
01650085 On VSX Gateway, Static routes are stuck in the Kernel after ROUTED process restart
Refer to sk111619.
 
ClusterXL
01251422

In the ClusterXL Load Sharing mode, after running the First Time Configuration Wizard on an appliance, the 'cphaprop -ia list' command does not show the 'routed' pnote.

Workaround: Restart the routed process by running the following commands in Expert mode:

[Expert@HostName]# tellpm process:routed
[Expert@HostName]# tellpm process:routed t
-
01364543,
00265996,
00266033,
00266260,
00266575,
00266645,
00266728,
01410136
In certain scenarios when both CoreXL and SecureXL are enabled, despite setting 'fw_allow_simultaneous_ping=1' per sk26874, user still cannot simultaneously ping Virtual IP address of the cluster and IP addresses of physical interfaces on cluster members from a remote host.
Refer to sk101134.
R77.20
01371278,
01381638,
01407798,
01429238,
01449315,
01455215
Pings sent by Standby cluster member consume a large number of NAT high ports.
Refer to sk99108.
R77.20
01396152,
00266418
Traffic stops passing through Security Gateway after disconnecting a cable from a physical interface, on which VLAN interfaces and OSPF were configured.
Refer to sk100255.
R77.20
00264667,
00265711
pimreg is listed as a 'Down' interface in ClusterXL.

Workaround:
Add the line with 'pimreg' word to the $FWDIR/conf/discntd.if file on each cluster member and restart the clustering on each cluster member with 'cphastop;cphastart' commands.
-
00927546,
01392636,
01415314,
01417159,
01421988
After change of member state in R77.10 cluster on Gaia OS, Proxy ARP configuration from the $FWDIR/conf/local.arp file (per sk30197) is lost - output of 'fw ctl arp' command on R77.10 cluster member shows "No proxy ARP entries".
Refer to sk98853.
R77.20
01371276,
01381647,
01410134,
01418696,
01428790,
01433731,
01446531
Hide NAT port exhaustion on Standby cluster member in ClusterXL HA mode.
Refer to sk98828.
-
01462163,
01465843
Adding support to IPv6 for the 'fw_allow_simultaneous_ping' feature.
Refer to sk102235.
-
01402180,
01461361
ClusterXL member with enabled HTTP/HTTPS Proxy might crash while internal client downloads a big file through the HTTP proxy.
Refer to sk102714.
R77.20
01394541,
01394737,
01396248,
01410571,
01422182,
01452043,
01460000,
01472870,
01481322;
01392662,
00267059,
01404588,
01423431,
01471438,
01495372
Standby cluster member drops packets on Anti-Spoofing when VMAC mode is enabled.
Refer to sk100405.
-
01422703,
01520275,
01433338,
01470958,
01489407,
01519958
FTP Passive/Active Data connection breaks after cluster failover that occurred during the file transfer.
Refer to sk103571.
R77.20
01595600, 01599244

The following message appears in /var/log/messages file on each member of ClusterXL Load Sharing Unicast during every policy installation:

kernel: [fwX];FW-1: fwha_pivot_init_conversion_tables_and_member_loads: Warning! No active machines were found.
kernel: Please contact Check Point support.

Refer to sk105063.
-
01620304, 01621251 Gratuitous ARP Request packets (GARP) are not sent during cluster fail-over for IP addresses configured in the $FWDIR/conf/local.arp file (per sk30197), if those IP addresses and Cluster VIP address are on different subnets.
Refer to sk105645.
-
01692837, 01697132, 01697438 ClusterXL in High Availability mode fails over during policy installations due to missing CUL remote freeze notification.
Refer to sk106576.
-
01856691, 01858825
Output of "dbget :cluster_ip:interface:<IF_NAME>" command on cluster member returns wrong subnet mask.
Refer to sk108701.
-
IPS
01465073,
01472536,
01473776

IPS blade rejects Windows OS updates traffic with the followind log in SmartView Tracker:

Action: Reject
                        Attack: Block HTTP Non Compliant
                        Product: IPS Software Blade
                        Reason: Failed to handle connection data
                        Protection Name: Non Compliant HTTP
                    
Refer to 102671.
-
01412270,
01479500,
01493901,
01451658,
01488765
Kernel debug 'fw ctl debug -m WS + stream' (and 'fw ctl debug -m WS all') causes high load on CPU, which might cause the Security Gateway to freeze.
Refer to sk103111 .
-
01424004,
01430984,
01432213,
01457549,
01467431,
01468837,
01481392,
01493902
RTSP over HTTP traffic might cause high CPU load on Security Gateway.
Refer to sk103113.
-
Security Management
- "Internal error, please contact support" when trying to create new "Threat Prevention" profile after upgrade of Security Management Server to R77 / R77.10.
Refer to sk102099.
-
01205351, 01357424 "Object with the name 'Name_of_Object' already exist" error in SmartDashboard when trying to rename network objects from lower case to upper case, or vice versa. -
01264665 Policy installation can fail immediately after you upgrade to R77.10 and show "/opt/CPsuite-R77/fw1/conf/updates.def", line N: ERROR: syntax error" message.
Workaround: Perform one of these steps:
  • Restart the FWM process:

    [Expert@HostName]# cpwd_admin stop -name FWM -path "$FWDIR/bin/fw" -command "fw kill fwm"

    [Expert@HostName]# cpwd_admin start -name FWM -path "$FWDIR/bin/fwm" -command "fwm"


    Or

  • Perform an online IPS update.
-
01286213 After adding a new Security (or VSX) Gateway, no logs appear in SmartView Tracker.
To get logs:
  1. Install a policy on the Security Gateway
  2. Install the database on the Security Management Server (go to 'Policy' menu > click on 'Install Database...').
-
01298477 If Endpoint Policy Management is enabled on a StandAlone machine, and you want to make it a Full High Availability cluster member, you must disable the Endpoint Policy Management Software Blade before configuring the cluster. -
01189956 Policy installation fails because of IPv6 object configured in the Domain VPN.
When a Security Gateway is a part of the Remote Access Community, the Security Gateway must not have interfaces with both IPv4 and IPv6 addresses.
-
01316755

When performing an advanced upgrade from R75.30 to R77.10 for a Standalone Full HA configuration, it is possible to cause an HA synchronization failure. Synchronization will fail with error message - "Failed to synchronize. reason: failed to obtain PostgreSQL DB backup data."

Workaround:
After the Advanced Upgrade to R77.10, from SmartDashboard:

  1. Disable Endpoint Security.
  2. Install the database.
-
01345425,
01360706,
01356270

When you downgrade a Security Management Server on a Windows server from R77.10 to R75.47, SmartDashboard cannot connect to the Security Management Server.

Workaround:
Run these commands on the Security Management Server:

  1. cpstop
  2. CPRegSvr %FWDIR%\lib\Carbon2Commands.dll
  3. cpstart
-
01391939,
01392258
Policy installation crashes when Application Control or URL Filtering blade is enabled. R77.20
01400243,
01400327,
01400566
Management HA status changing from Synchronized to Lagging.
Refer to sk100555.
R77.20
01402165,
01402368
"License allows only a single Virtual System" error message during policy installation.
Refer to sk100463.
R77.20
01402555,
01402824
Scheduled IPS update fails on Security Management Server running on Windows Server 2003.
Refer to sk57000.
R77.20
01406724,
01407013
'fwm logexport' command fails with 'Error: Failed to read field FollowUp' after enabling Anti-Virus / Anti-Bot blades.
Refer to sk91620.
R77.20
01415906,
01456935
FWD daemon crashes on Security Management Server / Domain Management Server with core dump file when creating new Security Gateway objects with Identity Awareness blade.
Refer to sk102120.
R77.20
01416853 SmartView Tracker disconnects from server when filtering for string matches.
Refer to sk101137.
-
01422561,
01423717
SmartDashboard crashes when in Security Gateway object trying to enroll certificate with authentication code from subCA.
Refer to sk101331.
-
01424274,
01424395
Policy installation fails for long IPv6 address when Identity Awareness Browser-Based Authentication is enabled.
Refer to sk101396.
-
01424794,
01425078
LEA OPSEC clear port is not opening on Windows Security Management.
Refer to sk101398.
-
01429626,
01431234,
01462250
False error during policy installation: "IPv6 addresses domain is not supported for Remote Access VPN community".
Refer to sk101506.
-
01441367 Login to an external SmartLog server GUI with MDM accounts fails with "Authentication failed" error.
Refer to sk101677.
R77.30
01445570,
01445768
'config_system' command does not complete the configuration properly for Log servers.
Refer to sk101712.
-
01445077,
01445354
Log actions are not filtered by 'fw log -c' command.
Refer to sk101905.
-
01470728, 01471607 SmartUpdate fails to fetch contracts from User Center.
Refer to sk102429.
-
01481858,
01481996
'Follow Up' flag disappears from IPS logs in SmartView Tracker.
Refer to sk102733.
-
01489076,
01489329
Policy installation on Security Gateway 80 / 600 / 1100 appliance fails with "ERROR: target <Name_of_Object> is prohibited".
Refer to sk102947.
-
01526640 cp_merge fails to merge cluster and members.
Refer to sk103701.
-
01523349,
01525113
Policy Verification error is not displayed when installing policy on Clusters R75.X and lower with configured IPv6 address.
Refer to sk103734.
-
01525314,
01527814,
01528445
"Failed to update administrator object (Reason: No write permission for object: XXX)" error in SmartDashboard when Administrator with Read-Only permissions tries to change his own password.
Refer to sk103738.
-
01510367, 01516504, 01516749, 01519022, 01561476

Pushing VSX configuration fails with:

Pushing VSX Configuration to Name_of_VSX_Cluster.
Name_of_VSX_Cluster_Member error :Internal Error - Failed to commit changes in the OS.various_messages_about_an_interface

Refer to sk103844.

-
01546568,
01549770
Packet capture settings displayed in SmartCenter only object, although they do not function there.
Refer to sk104223.
-
01552113,
01554870,
01554842
Special sub-directories in $FWDIR/conf/ are not synchronized between Security Management Servers / Multi-Domain Security Management Servers in HA configuration.
Refer to sk104298.
-
01846730, 01850825, 01850823, 01847958  IPS scheduled update fails with "Failed to create db revision".
Refer to sk108382.
 -
01886327, 01887580
"Rule <N> (<Name of Rule>): Only Legacy Users Access is supported for Remote Access rules" errors about Mobile Access policy rules during policy installation on a Virtual Router.
Refer to sk109036.
-
02103065, 02103563 FWM consumes high CPU and crashes when working with DAIP objects. 
Refer to sk112237.
-
Multi-Domain Security Management
01261952 After advanced upgrade of the Multi-Domain Server, errors can occur when you:
  • Assign a Global Policy
  • Attach licenses to the Domain Management Serve with SmartUpdate
Workaround: Manually attach a license to the Active Domain Management Server and then restart the Multi-Domain Server.
-
01351270 'config_system' command (per sk69701) fails with 'Validating configuration file: Failed' error when configuring Smart-1 appliance as Multi-Domain Security Management Server.
Refer to sk98414.
-
01323098 After running the First Time Configuration Wizard, you must run the 'mdsstart' command. -
01367374,
01372809
MDS upgrade to R77.10 fails.
Refer to sk99022.
R77.20
01380563,
01380792
Output of 'top' command shows that threshold_config process consumes CPU at 100% on Multi-Domain Security Management Server.
Refer to sk99081.
R77.20
01421195,
01421714
MDS status shows "Disconnected" from the HA MDSs.
Refer to sk101234.
-
01475120,
01475739
Gateway object Link Selection redundancy settings are not preserved when converted to Global object. -
01530792, 01531872 mds_backup is stuck at "Releasing all databases" stage.
Refer to sk103741.
-
01538298, 01538331 The "mdscmd adddomain ..." command / "mdscmd addlogserver ..." command creates Domain Management Server / Domain Log Server with wrong build number - as a result, SmartDashboard shows "R77" version instead of the real version "R77.10" / "R77.20".
Refer to sk103958.
R77.30
01476521, 01476560;
01435766;
01422537, 01423420
"Unspecified error" or "Failed to create a new version" error in SmartDashboard during policy installation and/or when creating a new Database Revision Control version.
Refer to sk103407.
R77.30
01583104,
01583257,
01584563
Licenses attached to Domain are shown as unattached in SmartUpdate.
Refer to sk104884
-
01638705, 01638918 The cma_import operation ends with errors.
Refer to sk105861
-
01444839, 01572497, 01572549, 01573199
IPS online update in Global SmartDashboard remains stuck at "Applying updates and rebuilding protection categories...".
Refer to sk107163.
R77.30
01815245, 01816025 Confusing message when synchronizing two MDSs.
Refer to sk107814
-
01813599, 01814361  Global policy cannot be installed after IPS reset.
Refer to sk107817.
-
01876976,
01878095
SIC is lost between CMA to all its Security Gateways.
Refer to sk109097.
 
01789471, 01825778, 01965868 FW process crash on CLM when running the "fw fetchlog" command.
Refer to sk110733.
 R77.30
SmartDashboard
01346695;
01351312,
01367294,
01369477,
01406295
When connecting with R77 SmartDashboard to Gaia R77.10 Management Server, administrator is asked to update his SmartConsole. However, clicking on the 'Update' button does not work, and new SmartConsole download does not start.
Workaround: Download R77.10 SmartConsole either from Gaia Portal, or from sk98734.
R77.20
01245252,
01181036

After removing a member from a cluster while Central Device Management is enabled, the network services and routes of the Gateway object in SmartDashboard are not synchronized with the actual Gateway device.

To resolve this issue:

  1. On the "Firewall" tab > "Gateways" pane, right-click the Gateway object.
  2. Select "Maintenance" > "Fetch Settings From Device".
  3. Clear the "Calculate interfaces topology" option, and click "Yes".

    If the Gateway status was "Local Change Detected", when the fetch operation completes, it changes to a different status, typically "OK".
-
01245092,
01194017
When selecting the "Fetch Settings" option for a gateway in the SmartDashboard > "Gateways" pane, do not open the gateway object until the fetch operation completes. If you open the gateway object before the fetch operation completes, the information is displayed incorrectly. -
01348185,
01358633
  • When editing a VSX NGX R65 / VSX NGX R67 / R75.40VS for 61000 / R76 for 61000 object in R77.10 SmartDashboard, the following message is displayed:

    New Version Detected.
    Updating from CURRENT_VSX_VERSION to N.


  • When clicking "OK" in a VSX NGX R65 / VSX NGX R67 / R75.40VS for 61000 / R76 for 61000 object in R77.10 SmartDashboard, the following warning is displayed:

    Failed to save object NAME_OF_VSX_OBJECT.

    Server error is:
    Validation error in field 'Check Point Version' at object 'NAME_OF_VSX_OBJECT' @ 'network_objects' -> The value 'N' is not in the list of valid values '{5.0,6.0,8.0,9.0}'.
    (Code: 0x800415A6, Object Validation Failed)
Refer to sk98423.
-
01352011,
01373827
Managed to configure cluster with same IP address as Cluster IP already configured on interface of cluster node and did not get error message.
Refer to sk100211.
R77.20
01384516,
01385919
Scrolling the object list using up/down keys is not possible.
Refer to sk100411.
R77.20
01370177,
01375670
'CoreXL' tab in the Virtual System object is empty.
Refer to sk100217.
R77.20
01399656,
01400353
"Mail Anti-Virus" configuration changes are not saved in SmartDashboard.
Refer to sk100542.
-
01407037,
01408005
"Automatically authenticate users from machines in the domain" checkbox is not saved.
Refer to sk100789.
-
01408231,
01408711
The 'cphaprob -a if' command does not show all VIPs in Load Sharing VRRP.
Refer to sk100947.
-
01427675 LDAP information is not populated when defining an External group.
Refer to sk101414.
-
01425798,
01426437
Incorrect time in the administrator notification state.
Refer to sk101426.
-
01444480,
01445833
The comment section in the Application Control policy does not show all lines.
Refer to sk101906.
-
01445522,
01448852,
01450594
Less results when using Objects list in SmartDashboard in order to search an object by typing all or a part of its name.
Refer to sk101908.
-
01458255,
01458503
The box 'Turn on QoS Logging' is not saved in the Centrally Managed 600 / 1100 / Security Gateway 80 object.
Refer to sk102046.
-
01458542,
01459092
"The changes you performed on this gateway cause it to no longer meet the requirements for participants in permanent tunnels" error when trying to edit the SmartLSM Profile object.
Refer to sk102173.
-

01457310,
01457392, 01340727,
01464715,
01392488,
01358604

Sync with User Center fails with error "Internal Error: Failed to complete licensing information operation".
Refer to sk102186.
-
01522265, 01522660, 01523578 Anti-Spoofing setting changes to "undefined" when a VSX cluster object is edited.
Refer to sk92646.
-
01550949, 01551665 Cannot configure Cluster Full HA without additional local Log Server.
Refer to sk104240.
-
01570798,
01571545,
01571427
When you right-click on a header and select "Add section Title > Below", all the rules are automatically moved from the current header to the new header.
Refer to sk104621
-
01595259 SmartDashboard allows to enter only 30 characters to automatic certificate enrollment. -
01612641,
01504509
After changing VPN Client certificate in Gateway properties, certificate rolls back to default certificate.
Refer to sk105457.
-
01687346 SmartDashboard Help incorrectly shows "You can assign up to 8 instances on a Virtual System"
(SmartDashboard - Virtual System object - "CoreXL" pane - click on "?" button in the upper right corner).
The correct number is up to 10.
-
01697227,
01703445
Cannot change Aggressive Aging timeout on created/cloned service.
Refer to sk106584.
-
01713086,
01717259
When try to import URLs, URLs are rejected but no logs are generated.
Refer to sk106917.
-
01410070
SmartDashboard hangs when browsing to the IPSec VPN tab.
Refer to sk100790.
-
01580249,
01584911
"Optimized Drops" feature is not supported in Linux OS. Refer to sk111764.  
SmartView Tracker
01370009,
01370366
SmartView Tracker - 'View' menu - 'Query Properties' option is always checked (although clicking on this option toggles the Query Properties filter window correctly).
Refer to sk99077.
R77.20
01416668,
01416792
"Failed to fetch the file" error appears when trying to open packet captures in SmartView Tracker logs from VSX gateways.
Refer to sk101210.
-
01466380,
01466599
No logs are shown in SmartView Tracker when selecting 'Link Selection' or 'Permanent Tunnels' in 'VPN Feature' filter.
Refer to sk102332.
-
01585383,
01592558
SmartDashboard allows to create an object of up to 100 characters. However, SmartView Tracker allows to find or filter only up to 30 characters.
Refer to sk104863.
-
SmartUpdate
01257457,
01108408,
01357684
When using IPv6 Addressing on Security Gateway, and using SmartUpdate to attach a MAC-based license to a Security Gateway, the MAC address on the license must be the same as the MAC address of the Management interface on Security Gateway. -
01458259,
01459317,
01463006
SmartUpdate does not allow to upload files to Check Point Service Requests that start with digit "5".
Refer to sk102133.
-
SmartLog
01403088,
01403300
"Log Servers" list in SmartLog GUI is displayed as a small box with a scroll-bar instead of a complete list of all available Log Servers.
Refer to sk100993.
R77.20
01431950,
01432243,
01475111,
01475280
When using a special Permissions Profile, the username of an administrator that viewed the DLP 'Incident' logs in SmartLog GUI is not logged in the 'Management' ('Audit') logs in SmartView Tracker. Instead, the value 'localhost' is displayed in the 'Admin' column of the 'Management' ('Audit') logs.
Refer to sk101528.
-
CoreXL
- CoreXL is enabled by default after the upgrade to R77.10 when using Gaia Software Updates to upgrade Security Gateway with disabled CoreXL from versions older than R77 to R77.10. -
01365460,
01365459

Kernel debug 'fw ctl debug' command is not applied to all CoreXL FW instances:

  • Kernel debug is disabled only for CoreXL FW instance 0 (and not for all instances)
  • Kernel debug flags 'all' are enabled only for CoreXL FW instance 0 (and not for all instances)
  • Kernel debug specified flags are enabled only for CoreXL FW instance 0 (and not for all instances)
  • The CPU consumption may remain high after running the 'fw ctl debug 0' command
Refer to sk98625.
R77.20
01364112,
01366286,
01366291
RTSP 'SETUP' request packets are dropped by Security Gateway.
Refer to sk99114.
R77.20
01894464, 01896518, 01897216
Inconsistency in "fw ctl affinity -l" command output - "multi queue" status is shown differently for the same interfaces.
Refer to sk109151.
-
QoS
- VSX does not support QoS (not related to CPQoS). -
01311457,
01365620,
00266161
When CoreXL or SecureXL are enabled on the Security Gateway with QoS blade, the following are not supported:
  • IPSO OS
  • Security Gateway lower than R77.10
  • Citrix printing rule
  • User Authority Server
  • Multicast acceleration (multicast traffic will not be accelerated via SecureXL)
  • QoS on outbound interfaces when VMAC mode is enabled (per sk50840)
-
01322597 SmartView Monitor does not show QoS traffic that has been accelerated by SecureXL or CoreXL. -
01343078 VPN traffic might be dropped in some cases on Anti-Spoofing when SecureXL and QoS are enabled on R77.10 Security Gateway.
Refer to sk98172.
R77.20
DLP
01158402 When users install or run the DLP Exchange agent, make sure that they have the appropriate security privileges to run the agent. Incorrect privileges can cause the agent to not run correctly.
On the Exchange server, change the User Account Control security settings to allow users with the standard privileges to run the agent.
-
01407930,
01409377,
01410583,
01465357
Memory consumption on DLP Gateway constantly increases when SMTP / HTTP inspection is enabled.
Refer to sk102211.
R77.20
01593662
Multiple "Bypassing DLP due to resource shortage" logs from DLP blade in SmartView Tracker.
Refer to sk111567.
-
Application Control
01425390,
01456120
Security Gateway with enabled Application Control blade might crash after resetting SIC in 'cpconfig' menu and exiting from 'cpconfig' menu.
Refer to sk102121.
R77.20
Identity Awareness
01350837,
01352695,
01353620,
01353766
When an LDAP group is nested in another LDAP group, and the parent group is used in an 'AccessRole', users in the nested group will not be identified as part of the parent group and will not be assigned to this 'AccessRole'.
As a result, enforcement based on this 'AccessRole' (within Firewall, Application Control, etc. policies) will be incorrect.
Refer to sk98328.
R77.20
01360356,
01362304,
01362305
PDP Advanced rulebase configuration is not saved when creating custom Identity Agent.
Refer to sk100220.
R77.20
01364615,
01366603,
01366605
$FWDIR/conf/NAC_AGENT_VERSION.txt file on Security Gateway contains wrong version of the Identity Agent.
Refer to sk98700.
R77.20
01362387,
01363800,
01363801
PDP ignores the domain prefix when querying LDAP for RADIUS accounting user groups.
Refer to sk99017.
R77.20
01424973,
01426025,
01425440
Identity Agent on Mac OS X asks to validate the "Trust" for Identity Server during each boot.
Refer to sk101327.
-
01427389,
01427823;
01427391,
01427825;
01433720,
01434036
It is not possible to exclude networks from Identity Awareness Captive Portal's keepalive feature.
Refer to sk101449.
-
01438363,
01439077
MADService consumes CPU at high level on the Terminal Server.
Refer to sk101611.
-
01410342,
01416767,
01424641,
01449848;
01410174,
01416765,
01424645,
01449845
Browser-based Authentication Guests are timed out by Identity Awareness after 10 minutes.
Refer to sk101503.
-
01459004,
01459085
"CLogFormat::create failed - field already exists" messages appear repeatedly in $FWDIR/log/fwd.elg file.
Refer to sk102171.
-
01460636 Some users randomly get a block page from Identity Awareness gateway when two PDP Gateways share the same identities to the same PEP Gateway.
Refer to sk102172.
-
01470526, 01473354, 01608568, 01613406
User login events are logged by Identity Awareness as separate logins for different users if username is written in upper case letters, or in lower case letters - in all Check Point logs, the user is identified by the username with which the user has actually logged in - as if different user names were used ('USERNAME' / 'UserName' / 'username').
Refer to sk102398.
-
01474286,
01474579,
01474449
Automatic update of LDAP group membership (introduced in R77) does not work.
Refer to sk102656.
-
01488921,
01490355
Different number of 'Authenticated Users' is reported on cluster members.
Refer to sk102967.
-
01494506,
01494654
Number of entries in the pep_identity_index table on Identity Awareness Gateway has reached 25000.
Refer to sk103221.
-
01523753,
01524611
Identity Agent on Mac OS X does not connect automatically on start-up.
Refer to sk101687.
-
01552306,
01555558
Output of command 'pep show user query cid IP_Address_of_Terminal_Server' does not show identities when Identity Agent is installed on Terminal Server / Citrix Server.
Refer to sk104115.
-
02050838, 02050859  PDPD process constantly restarts on slave cluster member. Refer to sk111822. -
UserCheck
01253628 If there is a proxy between the gateway and Internet, UserCheck Portal will not redirect properly for connections to "https://" sites.
UserCheck client should be used instead.
-
01396595,
01396692,
01397545,
01398410,
01404169,
01404182,
01404184,
01404197,
01404651,
01405339,
01405790,
01406225,
01407571,
01409218,
01409220
A redirect to the UserCheck page can cause the fwk0 process to crash, which causes traffic outage.
Refer to sk100505.
R77.20
VSX
01453316
Check Point VSX OID Branch 1.3.6.1.4.1.2620.1.16 can not be queried per Virtual System. The SNMP response contains the data from all configured Virtual Systems.
Refer to sk90860.
-
01466618

To query a VSX Gateway / VSX cluster member over SNMPv2 / SNMPv3, the query should be sent to the VSX machine itself (context of VS0):

  • In DMI configuration:
    • In case of a single VSX Gateway, the SNMP query should be sent to the IP address of the DMI interface.
    • In case of a VSX cluster, the SNMP query should be sent to the physical IP address (of the DMI interface) of each cluster member.
  • In non-DMI configuration:
    • The SNMP query should be sent to the physical IP address of the external interface on the VSX machine.
Refer to sk90860.
-
01425480

The following limitations apply to Virtual System in Bridge mode:

  • Virtual System in Bridge mode is supported only for two interfaces, except for hairpin mode, which supports a single interface.
  • Mutliple Bridges on the same Virtual System are not supported.
-
00186960 When enabling Per Virtual System High Availability or VSLS, each Virtual Switch must have a physical interface that provides connectivity between cluster members.
Refer to sk36980.
-
00892773 VTI interfaces are not supported in VSX mode. -
01456150 In SmartDashboard, it is not possible to select VSX Gateway itself as 'Next Hop Gateway' in 'Advanced Routing Rule':
  1. Open Virtual System / Virtual Router object.
  2. Go to 'Topology' pane.
  3. Click on 'Advanced Routing...' button.
  4. Click on 'Add...' button.
  5. When configuring a rule, VSX Gateway itself does not appear in the 'Next Hop Gateway' list (only other Virtual Systems / Virtual Routers appear).
-
01238409 When adding a new Virtual Device (VR/VSW/VS) that is not related to the VSX Gateway (VS0), interfaces change their numbering in the Netflow packets. -
01291155,
01347240,
01347249,
01356757
Remote Wipe on a Check Point Mobile Enterprise, connected to a Virtual System, takes effect up to 24 hours after its user certificate has been revoked. R77.20
01304178,
01303205,
01303218,
01303219
The VSX Gateway (VS0) cannot be used as Virtual System in Bridge mode. -
01258154,
01347285,
01356724
VPN configurations that use the IP-per-user and IP-Pool-per-group features may not work correctly on the Virtual Systems because $FWDIR/conf/ipassignment.conf file contains identical configuration on all Virtual Systems.
Refer to sk97992.
R77.20
01336186,
01347142,
01347250,
01356815
The 'vsx_util change_interfaces' command corrupts Gaia OS database when replacing an existing Bond interface with one of its slave interfaces.
Refer to sk98002.
R77.20
01177515,
01347362,
01356690
Enabling and disabling of the SMT (HyperThreading) without reboot removes the manual affinity definitions.
Sample scenario (taking into account that SMT was already enabled in BIOS):
  1. 'cpconfig' - select 'Configure Hyper-Threading' - enable - do not reboot!
  2. 'cpconfig' - select 'Configure Hyper-Threading' - disable - do not reboot!
  3. Reboot.
  4. All affinity configuration returns to default.
Refer to sk97996.
-
01298013,
01347319,
01356763
The 'vsx_util reconfigure' command fails with "Failed to fetch configuration information from Name_of_VSX_object".
Refer to sk98001.
-
01262108,
01358857,
01359659,
01362993,
01373866
On VSX machine, output of Clish command 'show arp' shows the ARP table only for Virtual System 0, even if the command is run from a context of the different Virtual System.
Refer to sk98003.
R77.20
01273832,
01347408,
01356739
The 'vsx_util change_mgmt_ip' command fails for non-DMI configurations with "New management IP doesn't match the current management subnet". R77.20
01180672,
01347281,
01356692
When removing and adding expansion card on a VSX machine, the interfaces are not added to their configured Virtual Systems.
Refer to sk97990.
-
01275204,
01347336,
01356743
In SmartView Monitor "System Counters", the "Firewall History" and "System History" do not show any data for Virtual System.
Refer to sk98013.
-
01319800,
01347115,
01347125,
01347130,
01360704,
01369939
After running the 'vsx_util reconfigure' command on Security Management Server / Domain Management Server for a VSX gateway, in rare scenario, the output of the 'vsx stat -v' command on VSX gateway might show Virtual Systems with 'InitialPolicy' and/or 'No Trust'.
Refer to sk98311.
R77.20
01321032,
01347407,
01356785
The 'vsx_util add_member' command does not work with IPv6 address.
Refer to sk97995.
R77.20
01215573,
01347269,
01356701;
01321102,
01347306,
01356788
VSX Gateway / VSX cluster member reconfiguration operation (e.g., 'vsx_util reconfigure', 'vsx_util add_member_reconf') fails with the following error: "Error: Interface 'interface_name' exists in the management database, but not on the gateway."
Refer to sk97989.
-
01204836,
01292495,
01293560,
01293561,
01293562,
01297264,
01312690
'snmpwalk' command times out or returns zeros, when running an SNMPv2 query for OID 1.3.6.1.4.1.2620.1.16
Example:
snmpwalk -c public -v 2c localhost 1.3.6.1.4.1.2620.1.16

Refer to sk97947.
-
01370241,
01383320
After issuing 'cpstop' command on the Active member of VSX cluster, failover to the Standby member takes a long time.
Refer to sk99109.
R77.20
01394079,
01397060
After adding a new USM (User-based Security Model) user, query from vs0 on vs2 works with user credentials, but after setting the SNMP agent off and on again, same query with same user credentials responds with: "snmpwalk: Unknown user name".
Refer to sk100218.
R77.20
01420468,
01420789,
01448758
Configuring Proxy ARP on Gaia OS in VSX mode does not create the '$FWDIR/conf/local.arp' file in the context of Virtual System.
Refer to sk30197.
-
01427110,
01427284
When creating a route manually on the VR, and then creating a propagated route on the VS, duplicate routes are created on the VR with no warning or prevention, making it impossible to then make changes to the VR.
Refer to sk101508.
-
01455016,
01455601
VSX machine with enabled IPv6 might crash when running 'netstat' command.
Refer to sk102028.
-
01279754,
01471922,
01471953
Traffic outage might occur through Virtual Systems with enabled Application Control blade.
Refer to sk102720.
R77.20
01427690,
01476310,
01479417,
01488770,
01493903
Virtual System in HTTP/HTTPS Proxy mode intermittently stops passing traffic.
Refer to sk103122.
-
01368553, 01368927, 01401772, 01475358, 01572817;
01392700

Traffic passing through the VSX cluster is lost (during more than several seconds) when cluster state of Standby member changes:

  • if a cable is disconnected from the Standby member and then reconnected
  • if a switch port, to which the Standby member connects, is shut down and then brought up
Refer to sk104567.
R77.20
01612191,
01478852,
01290516,
01358508,
01359798,
01494538, 01338428,
01430927,
01295822,
01493120,
01493089
"show virtual-system all" command displays empty virtual system list when logging with TACACS user (non-local).
Refer to sk105342.
-
01533618 In VSX cluster, Virtual Router sends ICMP packets with its cluster private network IP instead of Cluster VIP as Source address.
Refer to sk104937.
-
02334826, 02336018 Commands executed in Gaia OS on VSX Gateway are logged into /var/log/messages file, but do not contain the VSID of Virtual Systems, in whose contexts these commands were executed.
Refer to sk113128.
-
Check Point Appliances
01296802,
00265612
When installing a 21400 Appliance, the appliance must have two hard disks. -
01216257,
01216728,
01353959
In VPN Remote Access Office Mode, Automatic (DHCP) method is not supported on Check Point 1100 Appliances. -
01310314,
00265645
With SAM-enabled interfaces, the BGP graceful restart time is 3 seconds longer than with non-SAM interfaces. -
01499723, 01500455, 01675110, 01676648
21000 series appliance with SAM card might crash in specific scenario when accessing the /dev/tilegxpci*/boot for reading or writing.
Refer to sk103209.
R77.30
Mobile Access
01288987 If users delete a site that sent push notifications, they will still receive push notifications until they log off, or their certificates are revoked by the administrator. -
01426893,
01463334

Login failure after upgrading Check Point Mobile Enterprise:

  • After upgrading Mobile Enterprise for iOS, users fail to login, getting "bad username or password" message.
  • In SmartLog or SmartView Tracker, the login failure log reason is "Re-login failed Current Username is different from previous one".
Refer to sk101348.
-
01244809,
01294173,
01353737,
01386596
SSL Network Extender in Application Mode does not support applications that connect to IPv4-mapped IPv6 addresses.
Refer to sk97444.
R77.20
01262337,
01260221
If the user of a hand held device logs off when the device is not connected to the gateway, notifications are sent for the last known status.
  • Depending on the session's length, if a new user has the device, the first push notification may be sent for the previous user.
  • If the user enrolled for a new gateway, the old gateway will send notifications for the remainder of the session duration.
-
01108315,
00928947
SecureWorkspace in the Mobile Access Blade does not support Google Chrome browser (all versions). -
01320973,
01353742
On Windows 64-bit computers with SSL Network Extender enabled, Java native applications sometimes fail to start in Application mode.
Solution: Install Java 64-bit on the client computer.
-
01297091,
1356492
When using Outlook Web App with URL Translation, new email notifications in Internet Explorer 9 or earlier may be delayed. -
01307135,
01356522
In SharePoint, the "Upload Multiple Files" does not work. You must upload one file at a time with the regular uploader. -
01352089,
01356644
When upgrading using CPUSE, user settings file is erased. -
01351290,
01353108,
01356928
Mobile Access blade does not function as expected when enabled on Virtual Systems of a VSX gateway that was upgraded from R77 to R77.10.
Refer to sk98352 for upgrade package download and installation instructions.
R77.20
01365409,
01365508
Multiple Authentication Schemes with certificate not enforced correctly on Check Point Mobile VPN clients.
Refer to sk98592.
(This Known Limitation is also relevant to IPsec VPN).
R77.20
01358972,
01363743,
01363745,
01372157
iNotes reply to e-mail does not work in Mobile Access Blade.
Refer to sk98744.
R77.20
01367460,
01373577,
01380241,
01423600,
01507951
The following error is displayed when accessing an application through Mobile Access using Hostname Translation (HT):
"This content cannot be displayed in a Frame: To help protect the security of information you enter into this website, the publisher of this content does not allow it to be displayed in a frame".
Refer to sk99072.
-
01395337,
01395366
Mobile Access Portal login page contains syntax that is supported only in Internet Explorer 8 and above.
Refer to sk100447.
R77.20
01399854,
01400184,
01531213
When enabling ESOD, Mobile Access policy installation fails with "Failed to install policy on Mobile Access blade - previous configuration is used".
Refer to sk100539.
-
01404026, 01404567, 01556384, 01571967 SNX VPN portal can be reached over HTTP on port 444 (without encryption) - http://<IP_Address_of_Gateway>:444.
Refer to sk100646.
-
01413750,
01413752
Problem with license count when SNX and ICS are enabled.
Refer to sk101129.
R77.20
01417659,
01418553
"This file is invalid for use..." error during certificate enrollment process in the Mobile Access Portal when using a language other than English.
Refer to sk101007.
-
01450216,
01452166
Mobile Access blade translates all URLs with IP addresses.
Refer to sk102032.
-
01426823,
01427362,
01427363,
01469797,
01470830
Mobile Access Portal might become unstable if an authenticated user sends a password that contains Extended ASCII characters (e.g., euro €).
Refer to sk102487.
R77.20
01499536,
01499541,
01501008,
01501020,
01501161,
01501308,
01501438,
01501891
Push Notifications are not received on the mobile phones due to IPS protection "Secure Socket Layer (SSL) v3.0".
Refer to sk103080.
-
01518298, 01518993 Authentication method is not saved on session if portal credentials are forced.
Refer to sk103570.
-
01467856, 01471445, 01613474, 01614665 Link Translation domain does not work - some links are not included/excluded from translation domain.
Refer to sk105565.
-
01281737 Customer is not able to open attachments in SecureWorkspace. The process crashes SecureWorkspace.
Refer to sk107177.
-
01569470, 01595501, 01570653 A Mobile device, which is known to be non-compliant, is still able to connect with Mobile VPN / Capsule Connect app to Mobile Access Gateway, and SmartView Tracker log shows this device as compliant.
This mobile device had to be checked for compliance by an MDM vendor based on the $FWDIR/conf/mdm.conf file on Mobile Access Gateway.
Refer to sk107207.
-
01745841,
01751483
User is sometimes asked to re-authenticate when accessing web application in Mobile Access Portal.
Refer to sk107314.
-
01803560,
01803713
User is able to access Mobile Access Portal even if Secure Workspace is forced, but fails to load.
Refer to sk107603.
-
01752500, 01816272, 02029554, 01808252
Version of ESOD Compliance Updates on Mobile Access Gateway does not change after successful update.
Refer to sk111627.
 -
02119169,
02119538
RDP not auto launching (for existing users).
Refer to sk112468
 
SecureXL
01313783,
00265655
Multicast traffic that is accelerated by SecureXL in ClusterXL Load Sharing mode is accelerated only by one member of the cluster (traffic is not load-balanced). -
01383940,
00266263,
00266317,
00266608,
01413418
SecureXL gets disabled automatically after upgrade to R77.10.
Refer to sk99041.
R77.20
01379842,
01407753,
01383740,
01384330,
01405757,
01412661,
01429733
Some pings are lost when passing through Security Gateway with enabled SecureXL.
Refer to sk99112.
R77.20
01392081,
01392620,
01452631
Once IPv6 is enabled on Security Gateway in Bridge mode, output of 'fwaccel stats' command shows that IPv4 traffic is not accelerated by SecureXL.
Refer to sk100170.
-
01398302,
01398592,
01405942,
01418762,
01421012,
01429442
Output of 'fwaccel stat' command shows:
Accelerator Status : off by Firewall (too many general errors (Number_Larger_than_10) (caller: cphwd_offload_drop_templates))
Refer to sk100467 (Scenario 1 - Number of elements in kernel table 'src_ranges_list' exceeds the limit).
R77.20
01420108,
01490031,
00267057,
01424723,
01475027,
01520297,
01461503
Connections are dropped as Out-of-State after some idle time when SecureXL is enabled.
Refer to sk101232.
-
01426122,
01426358,
01431384,
01432327,
01433505,
01443313,
01444855,
01523014; 01429933,
01443315,
01431385,
01432332,
01433512,
01447024,
01523080,
01531477,
01531479,
01535435; 01510636,
01513427,
01513430,
01513825,
01522792,
01523681,
01524862,
01535457
21000 series appliance with SAM card crashes when disabling SecureXL with 'fwaccel off' command and during / after policy installation.
Refer to sk101451.
-
01397083, 01397729, 01523072, 01550633, 01550636, 01557534, 01557728, 01638997
SAM card on 21000 appliances might crash during boot if the number of configured CoreXL FW instances is equal to the number of CPU cores on the appliance (e.g., there are 16 CPU cores, and 16 CoreXL FW instances were configured).
Refer to sk100546.
-
01447865,
01448372
IPSO cluster member crashes when SecureXL is enabled and services are configured to start synchronization after a delay.
Refer to sk101909.
-
01337381,
00266060,
00266160,
00266427,
00266654,
00266716,
01551843
Security Gateway with enabled SecureXL might crash when running 'fw ctl failmem' command per sk100766.
Refer to sk102719.
R77.20
01323769, 00265661, 01516673, 01520067, 01526386, 01584335, 01594490 Security Gateway might crash during boot if drop optimization is enabled in 'Firewall Policy Optimization' per sk90861.
Refer to sk105182.
-
01830730, 01831050
EIGRP (multicast) neighborship through the Security Gateway is breaking while SecureXL is enabled.
Refer to sk108158
-
Compliance Blade
01323724,
01355244
The date format was changed in R77.10 from "DD/MM/YYYY" to "MM/DD/YYYY". If you downgrade to R77, there might be issues.
Refer to sk97881.
-
01345316,
01355290,
01371433
Compliance Blade does not recognize network objects after advanced upgrade from R77 to R77.10.
Refer to sk98204.
-
SmartEvent
01272376,
01269813,
01272374,
01272375,
01272376
"Target Server URL" field is empty in SmartEvent "DLP Incident" logs.
Refer to sk96195.
-
01382357,
01382558
Timeline View section is empty in SmartEvent GUI client.
Refer to sk98900.
R77.20
01370563,
01371218
SmartEvent GUI client crashes when creating an event based on an existing event from the "Mobile Access" group.
Refer to sk99110.
R77.20
01400316,
01400328
When generating a DLP report with a filter in SmartEvent, we get the following errors:
Unable to complete generation for: Section: 5. DLP User Actions by User Unit: 5.1 DLP User Actions by User
Additional information:
:ERROR: column "dlp_violation" does not exist
LINE 1: ..._VIEW ON (TEMP_VIEW.rowid=USERS_VIEW.eventid , dlp_violat...

Refer to sk100547.
R77.20
01431846,
01431972,
01491280,
01477751
DLP events are not created even though there are DLP logs.
Refer to sk101491.
-
01408259,
01415653
Generating reports for AD groups does not show all users that generated events.
Refer to sk101509.
-
01408656,
01408796
Configuring a shorter default timeline in SmartEvent GUI.
Refer to sk101543.
-
01450736,
01453019
SmartEvent Server would not connect to Log Server / Correlation Unit in clear (without authentication).
Refer to sk101928.
-
01450132, 01451865, 01477664, 01491056, 01599078
New events are not shown in SmartEvent; CPSEMD daemon consumes CPU and randomly crashes with core dump files.
Refer to sk102007.
-
01466229,
01466876,
01466862
Some reports are missing in SmartEvent GUI on 'Reports' tab when logging in from Domain Management Server.
Refer to sk102272.
-
01473131,
01473192
Generation of User Activity report while filtering on application fails.
Refer to sk102655.
-
01474354,
01474971,
01477725,
01491251
postgres process on SmartEvent server consumes CPU at high level while performing SELECT/INSERT operations or rollback on database.
Refer to sk102660.
-
01488371,
01492960,
01488462
DLP Incident Reports are not showing correctly.
Refer to sk103049.
-
01496407,
01496677
No details displayed for Anti-Spam events.
Refer to sk103224
-
01552963,
01553130
Mail alerts from SmartEvent are received with red X instead of icons.
Refer to sk104239.
-
01558556,
01559070
.NET error 'Value' should be between 'Minimum' and 'Maximum' in SmartEvent GUI after increasing SmartEvent database to more than one terabyte.
Refer to sk104241.
-
01570560,
01572377
When generating report with user filter that contains a user name with apostrophe ('), the report output is not shown (is grayed out).
Refer to sk104545
-
01951913, 01952677

SmartEvent Server does not receive logs from Security Gateways managed by Domain Management Servers in the following scenario:

  1. SmartEvent Server (a separate machine) is defined as Global Object in SmartDomain Manager
  2. Global SmartEvent Server object is selected as a Log Server in the properties of Security Gateways (connect with SmartDashboard to Domain Management Server - open Security Gateway object - go to "Logs" pane - select Global SmartEvent Server object).
Refer to sk110135.
-
SmartReporter
01377610,
01377756,
01395497,
01403467
When trying to restart an existing session / create a new consolidation session, it appears to start, then the status goes into 'Abort' almost immediately.
Refer to sk99080.
R77.20
01380916,
01381197
SmartReporter license for 25 Security Gateways allows only 20.
Refer to sk99111.
R77.20
01412839,
01412839,
01413746
"No relevant data found to generate report" error in SmartReporter when generating "Endpoint Security VPN Users Activity" report ('Definitions' tab - 'Standard' tab - expand 'Predefined' - expand 'IPSEC VPN'). -
01429964,
01430210,
01431966

Issues with 'Network Activity' report generated for a period of a month when Time Resolution is set to either 'Automatic' or 'Week':

  • The 'Network Activity by Date' section is arranged by weeks
  • The 'Network Activity by Date' section shows incorrect dates
Refer to sk101512.
-
Dynamic Routing
00265498,
00265750
IPv4 BGP ECMP is only supported for eBGP (iBGP is not supported). -
01313873,
00265775
IPv6 BGP ECMP is not supported. -
01268457,
00265858
BGP Graceful Restart is supported only in ClusterXL clusters. It is not supported in VRRP clusters. -
01288533,
00265776
BGP Graceful Restart is supported only in ClusterXL clusters. Is not supported on single Security Gateways. -
01298391,
00265870
BGP Graceful Restart does not work well in a ClusterXL High Availability "Switch to higher priority Cluster Member" mode (Primary Up), because the Cluster fails-back too quickly when traffic is restored to the original master. This results in routes being removed from the restored Active member, and traffic loss.

Workaround:
Configure the ClusterXL High Availability as "Maintain current active Cluster Member" (Active Up).
-
01322220,
00265765
iBGP is not supported for peers on a different subnet than the Security Gateway's subnet. -
01270046,
00265877
When BGP configured is between Virtual Systems, BGP Graceful Restart does not work for failover between these Virtual Systems hosted on one VSX gateway, or for failover between BGP peers, which are within the same cluster. -
01319073,
00265742
BGP is not supported in VRRP cluster, where the VRRP Master interface of one cluster member is running IPv6 and the VRRP Master interfaces on other members are running IPv4. -
00266170,
00266274,
00266193
PIM multicast traffic does not pass through Security Gateway correctly.
Refer to sk100219.
R77.20
01424295 When no RP is configured for a multicast group, the following errors appear repeatedly in the /var/log/messages:
routed[PID]: mfc_create_sg: PIM instance 0 failed toresolve source X.X.X.X, group N.N.N.N
-
01448634,
01448859,
01450278
Security Gateway with configured BGP might randomly crash.
Refer to sk101976.
-
01443738,
00267123
RouteD instance manager process is running 100% CPU.
Refer to sk102436.
-
01667223,
01672560
Multicast IGMP v1 traffic fails when sending membership request with TTL > 1.
Refer to sk106159.
-
01784821 RouteD daemon might crash when receiving BGP "Update" message.
Refer to sk111571.
-
01714896, 01717273  routemap action RIP tag is randomized.
Refer to sk111752.
-
02394770, 02397263, 02397251 RouteD daemon restarts constantly without core dump files after enabling OSPF Force Hellos.
Refer to sk114619.
-
02494003 The routed daemon crashes in OSPF policy flow.  -
VPN
01345486,
01349083,
01349084,
01448755
After policy installation, the VPN peer crashes and reboots. When connect via console, see that the machine is stuck during the boot stage with following error: "CKP loading FW-1 ipv4 instance 0 failed".
Refer to sk98279.
R77.20
01357827,
01360076,
01360258,
01360259,
01395307,
01426058,
01426251
ClusterXL with ISP Redundancy sends VPN traffic with wrong source IP address after VPN link failover.

Refer to sk98532.
R77.20
01370961,
01371194
IKEv2 negotiation fails in IPv6 if FQDN is used.
Refer to sk99069.
-
01395232,
01396707
Users cannot use the real IP address of DAIP gateway when using the 'vpn tu' command.
Refer to sk100346.
R77.20
01430907,
01432266
Policy install during link probing session sometimes causes VPN outage.
Refer to sk101532.
-
01455936,
01456884
When configuring SNX server with Subordinate CA server, SecureClient R60 HFA3 clients are unable to connect.
Refer to sk33319.
-
01464632,
01465318
Client configured with always_connect enabled tries to reconnect even though certificate is revoked or expired.
Refer to sk102408.
-
01468444,
01469027
IKE fails with message "Traffic Selector Unacceptable" if there are more then 255 Traffic Selectors.
Refer to sk102437.
-
01508206,
01509037
When the user logs in to the gateway from Remote Access VPN Client, the Firewall logs of the Remote Access traffic include Session UID. About one hour after login, the Session UID is changed to zero.
Refer to sk103396.
-
01569431, 01605509 Windows 8.1 VPN plugin can connect, but user is unable to reach resources behind the VPN Gateway.
Refer to sk104619.
-
01616679,
01617287
Unable to get DPD to work in Aggressive mode.
Refer sk105390
-
01532401, 01539196, 01560781, 01621047, 01621087 Remote Access clients that authenticate with username and password, cannot connect to Security Gateway working in Hybrid Mode if it does not have an ICA and uses 3rd party certificate.
Refer to sk105566.
-
01633198, 01638371 Cluster member on Gaia OS crashed due to corrupted encryption key after changing its state to Active / VRRP Master.
Refer to sk105780.
-
01577618, 01593438, 01713652, 01749545 IKE negotiation fails at Main Mode packet 5 between Security Gateway and DAIP non-Centrally Managed Gateway.
Refer to sk104880.
-
01843633 RIM does not inject routes for external interfaces of the VPN peers managed via SmartProvisioning (e.g., Edge devices) after upgrade of Security Gateway to R77.XX.
Refer to sk108412.
R77.30
01861112,
01862528
When Check Point peer is initiator of IKEv2 negotiation, FQDN not being sent. Refer to sk108817.
01893104,
01899599
If SXL and debugs are on, when UDP encapsulation peer connects, kernel crashes. Refer to sk109337  
URL Filtering
01362385,
01422411,
01366990,
01377452,
01379645,
01396795,
01402500,
01404287,
01405849,
01414498
URL Filtering drops the traffic with an "Internal Error" log.
Refer to sk98743.
R77.20
01466938,
01462230,
01471486,
01474415,
01474787,
01476226
URL Filtering intermittently blocks some HTTPS requests.
Refer to sk102273.
-
01431893,
01433702,
01433786,
01434216,
01471298,
01480952
URL Filtering blocks non-HTTPS traffic (e.g., SFTP) with "Internal System Error occured" log in SmartView Tracker.
Refer to sk102849.
-
01430167,
01434195,
01434385,
01471225,
01480934
URL Filtering blocks HTTPS web sites with "Internal System Error occured" log when "Categorize HTTPS sites" and "Fail-close" are enabled.
Refer to sk102866.
-
01412858,
01517886,
01511792,
01536626,
01471171,
01525328

URL Filtering blocks HTTPS web sites with "Internal System Error occured" log due to empty CN field in HTTPS site's certificate.
Refer to sk103859.

-
SNMP
01386346,
01386495,
01401324
The 'snmpwalk' command for Check Point OID 1.3.6.1.4.1.2620 stops in the middle of the query with "Timeout: No Response from", and core dump files are created for snmpd process in the /var/log/dump/usermode directory.
Refer to sk100193.
R77.20
01398870,
01399409,
01418605,
01440524,
01453530,
01469745
SNMPD process crashes with core dump files.
Refer to sk100514.
R77.20
01402619,
01402835
Description of SNMP OID 1.3.6.1.4.1.2620.1.38.24.1.5 (identityAwarenessDistributedEnvTableStatus) in the $CPDIR/lib/snmp/chkpnt.mib file is incorrect.
Refer to sk100990.
R77.20
01421392,
01422059,
01421419,
01422061
  • Querying Check Point SNMP OID .1.3.6.1.4.1.2620.1.1.27.1.12 returns IPv4 addresses instead of IPv6 addresses

  • The following OID definitions are missing from the Check Point MIB file:
    • OID .1.3.6.1.4.1.2620.1.1.27.1.12 (fwNetIfIPV6Addr)
    • OID .1.3.6.1.4.1.2620.1.1.27.1.13 (fwNetIfIPV6AddrLen)
Refer to sk101231.
-
01428542,
01428702,
01440667,
01447871,
01468124
SNMP Trap for a monitored process that runs under different names generates SNMP Trap Alert although this process is not down.
Refer to sk101446.
-
01425973,
01426280
High CPU utilization when using SNMP in VSX. -
01427113,
01427355
SNMP VRRP Traps do not appear in Clish / Gaia Portal after upgrading to R77.10.
Refer to sk101407.
-
01469254,
01469413,
01470204
SNMP query for CPU usage by each Virtual System (OID 1.3.6.1.4.1.2620.1.16.22.2 = 'vsxStatusCPUUsageTable') returns 0 (zero) values.
Refer to sk102434.
-
01289099,
01289976,
01289977,
01289978,
01312680,
01359227,
01380612
Cannot import GaiaTrapsMIB.mib file into CA Unicenter Spectrum.
Refer to sk98892.
-
01441761,
01445120,
01447889,
01447926,
01468125
SNMP Traps for Check Point OIDs are not sent by Gaia OS after configuring notification events in the /etc/snmp/userDefinedSettings.conf file.
Refer to sk102926.
-
01674944, 01695846, 01714507,
01672988, 01695844, 01713901 
Netmask row does not define in MIB file and always returns 0. Refer to sk111743 -
01695056, 01696109 After saving clish configuration, an SNMP poll to the gateway shows state as "unsaved". Refer to sk111745 -
CPUSE
01400050 Verification succeeds where it should fail (e.g., when upgrading from R77.10 to R77.10). -
SmartProvisioning
01417061,
01417277
'Field Not Found' error in SmartProvisioning when editing Edge.
Refer to sk101207.
-
01434100,
01437953
Edge Cluster failover does not work if managed by SmartProvisioning.
Refer to sk101680.
-
01508107, 01508127 When using DAIP on provisioned gateway, SIC is lost. -
VoIP
01433546,
01439174
MGCP Call Agent and Media Gateway are not able to register if CoreXL is enabled on Check Point Security Gateway and in SmartDashboard Protocol Type is disabled in the MGCP service properties ('mgcp_MG' - UDP 2427).
Refer to sk102049.
-
01673126, 01944440, 01673679, 01673823
Occasionally, SCCP VoIP phones unregister from Call Manager during cluster failover.
Refer to sk110025
-
Threat Prevention (Anti-Bot / Anti-Virus / Threat Emulation)
01377195,
01379692,
01468191
Security Gateway with enabled Anti-Virus blade might crash during Anti-Virus scan of a file transferred over File Share (Common Internet File System, CIFS).
Refer to sk102488.
R77.20
01380688,
01467858
Security Gateway with enabled Anti-Virus blade / Anti-Bot blade and policy 'Action' set to 'Prevent' might crash under high load.
Refer to sk102489.
R77.20
02361107, 02391559 "Reason: Failed to process the file" log from Anti-Virus blade in SmartLog / SmartView Tracker.
Refer to sk114573.
-
SmartView Monitor
01501709,
01507598,
01502173
SmartView Monitor shows incorrect data for accelerated traffic in "Top Interfaces" view.
Refer to sk103330.
-
HTTPS Inspection
01372343,
01398701,
01372648,
01402055,
01422259
Occasionally, certificate errors appear for some HTTPS sites, although HTTPS Inspection policy is configured to 'Bypass' these sites.
Refer to sk98972.
R77.20
01550289,
01556843,
01720147,
01801831
ssl resumption is not working for specific websites. Refer to sk111762.
SmartWorkflow
01846749,
01847940
When using SmartWorkflow on a Security Management server with large scale database, operations of submit for approval and generating report take more than 5 minutes. Refer to sk108736. -
01841426, 01842660, 01957204 SmartWorkflow session time interval is not readable.
Refer to sk111753.
-

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment