Support Center > Search Results > SecureKnowledge Details
Jumbo Hotfix Accumulator for R80.20 (R80_20_jumbo_hf) Technical Level
Solution
Show the Entire Article

Availability | Important Notes| List of resolved issues | Installation instructions | Uninstall instructions | Revision History

 

Introduction

R80.20 Jumbo Hotfix Accumulator is an accumulation of stability and quality fixes resolving multiple issues in different products.

This Incremental Hotfix and this article are periodically updated with new fixes.

The list below describes each resolved issue and provides a Take number, in which the fix was included. A resolved issue is included in the Incremental Hotfix starting from the Take number listed in this table (inclusive). In addition, you can find the date when the take was published in the table below. List of files replaced by this Jumbo Hotfix Accumulator can be provided upon request by Check Point Support.

This Jumbo Hotfix Accumulator is suitable for these products and configurations: Security Gateway, StandAlone, Security Management Server, Multi-Domain Management Server, Log Server, Multi-Domain Log Server, SmartEvent Server, Endpoint Security Server, VSX and Cluster.

  • This Jumbo Hotfix Accumulator has to be installed only after successful completion of Gaia First Time Configuration Wizard and reboot.
  • It is recommended to install Jumbo Hotfix Accumulator on all the R80.20 machines running on Gaia OS.
  • Each of the Jumbo Hotfix Accumulator Takes is based on Check Point R80.20.
  • For CPUSE installation, CPUSE Agent build 1573 and above (refer to sk92449) must be used.

Refer to sk98028 - Jumbo Hotfix Accumulator FAQ.

 

Availability

  • General Availability Take

    Take_141 is the latest R80.20 Jumbo Hotfix Accumulator General Availability release that can be directly downloaded from Check Point Cloud using CPUSE and from this article:

    Product Take Date CPUSE offline package SmartConsole package
    Security Gateway / Standalone Jumbo HF Take_141 20 Feb 2020 (TGZ) (EXE)
    Build 114
    Security Management (TGZ)
    Blink Image for Security Gateway - Clean Install/Upgrade R80.20 GA +
    Jumbo HF Take_141
     
    12 Mar 2020 (TGZ)
    Blink Image for Security Management - Clean Install (TGZ)
    • For Gaia Fast Deployment mechanism "Blink", refer to sk120193.

    • If the Jumbo Hotfix is installed via the Blink image and you wish to uninstall:
      • Use the “Uninstall last Take” option to remove the Jumbo Hotfix Accumulator
      • Do not use the "Uninstall completely" option, because it does not return Gaia to the GA state as expected.

 

  • Ongoing Take

    Product Take Date CPUSE offline
    package
    SmartConsole package
    Security Gateway / Standalone Jumbo HF Take_156 24 May 2020 (TGZ) (EXE)
    Build 114
    Security Management (TGZ)
    • For CPUSE Online Identifier, use 
      Check_Point_R80_20_JUMBO_HF_Bundle_T<Take number>_sk137592_Security_Gateway_and_Standalone_2_6_18_FULL.tgz
      and
      Check_Point_R80_20_JUMBO_HF_Bundle_T<Take number>_sk137592_Security_Management_3_10_FULL.tgz

 

Take 156 | Take 155 | Take 149 | Take 141 | Take 138 | List of upcoming resolved issues

 

Important Notes

  • R80.30 GA release is aligned with R80.20 Jumbo Hotfix Accumulator Take 74.
  • Effective February 13th 2020, SmartConsole package has been updated (Build 100).
  • For Take 118, refer to sk163473 and sk163312 due to Gaia restore errors on Multi-Domain Server.
  • To check the Take number of the currently installed R80.20 Jumbo Hotfix (if it is installed), run: [Expert@HostName:0]# cpinfo -y all
  • Customers planning an upgrade, please refer to sk164258 to check the compatibility of Jumbo Hotfix Takes between different releases.
  • Starting from Take 117,  on a Multi-Domain Server/Multi-Domain Log Server, several Domain smartlog_server processes may fail to load printing a "Failed to start web server (Probably another server listens on the same port)" message into smartlog_server.elg file. Refer to sk165262. Issue was resolved in Take 149.

 

List of resolved issues per HotFix Take

ID Product Description
R80.20 Jumbo HotFix - Ongoing Take 156 (24 May 2020)
PRJ-10296,
PRHF-8781
Security Gateway In some scenarios, the license status of the Security gateway is not updated properly in SmartConsole.
PRJ-11561,
PMTR-52267
SecureXL SCTP Stateful inspection and payload NAT (INIT Chunks) might not work correctly when SecureXL is enabled.
PRJ-11669,
PRHF-9774
VSX The "Destroying alive neighbour *"  error might appear in /var/log/messages file.
PRJ-12748,
PRJ-12738
VPN Some Remote Access clients that do not support Multi-Factor Authentication (MFA) are able to connect to a Security Gateway even though the "Allow older clients" option is disabled. Refer to sk166912.
R80.20 Jumbo HotFix - Ongoing Take 155 (30 April 2020)
PRJ-8255,
PMTR-36367
Security Management FWM and\or INDEXER processes might repeatedly stop when there are more than ~500K network objects declared.
PRJ-11958 Gaia OS In a rare scenario on a cluster environment, Security gateway may corrupt data or crash during an upgrade.
R80.20 Jumbo HotFix - Ongoing Take 149 (01 April 2020)
PRJ-9470,
PRJ-9461
Security Management NEW: Added ability for R80.20 Security Management or Multi-Domain Server to manage R80.40 Security gateway. Refer to sk164652.
  • Requires R80.20 SmartConsole Build 114 (or higher).
PRJ-10087,
PMTR-50276
Security Management The cpm_solr process might stop working and cause one of the following:
  • The upgrade of a Management machine might stuck on 58%
  • The Management HA synchronization might fail with "NGM failed to import data" error
  • Users might not be able to log in.
PRJ-9159,
PMTR-48267
Security Management When reverting a security layer to a previous revision, if there are rules which are currently disabled, but were enabled in the selected previous revision (or vice versa), their status might not be reverted.
PRJ-8375,
PRHF-7874
Security Management In some scenarios, the exported database might be very large and include redundant data.
PRJ-8858,
PMTR-48652
Security Management If the database contains an internal user object with the same account name as an administrator object, then after the user publishes any change to the administrator object, the login in a VPN client with the internal user account might fail.
PRJ-8798,
PMTR-48610
Security Management If the database contains an internal user object with the same account name as an administrator object, then after the user publishes any change to the internal user object, the login in SmartConsole with the administrator account might fail.
PRJ-5446,
PMTR-40663
Security Management In some scenarios, an unclear error appears when the user imports a global policy on a Multi-Domain Management Server. The error is caused by a mismatch between the leading interface defined on the machine and the one defined in the database. 
PRJ-9264,
PMTR-49516
Security Management Policy verification might fail after the user does the following steps: Configures specific install targets for a policy, publishes them, changes the install targets back to "All Gateways", and tries to install them on a Gateway which is not in the original list of targets.
PRJ-5449,
PMTR-42420
Security Management In some scenarios, an upgrade from R7x secondary Multi-Domain Server with active Domains might fail.
PRJ-7767,
PRHF-7425
Security Management In rare scenarios,  publishing a session fails with the following "Action Failed due to an Internal Error" error.
Discarding the session in SmartConsole completes as "discarded", but the changes are still there.

The same behavior occurs in the Management API:
mgmt_cli -r true discard uid <UID>
number-of-discarded-changes: 4
message: "OK"
PRJ-9592,
PMTR-38555
Security Management Security hardening: The Management Server will block connection requests with a TLS version below 1.2 on port 19009. 
PRJ-7589,
PMTR-38305
Security Management In a rare scenario, following a failure to delete a Domain, the Management Server may fail to start.
PRJ-8403,
PRJ-8402
Security Management In a rare scenario, the Security Management Server does not start due to a missing object, or a duplication of objects.
PRJ-9082,
PMTR-47530
Security Management In some scenarios, IPS update fails in the Global Domain after an upgrade from R80.10.
PRJ-677,
PMTR-36302
Security Management In some scenarios, Check Point services fail to start and the CPM log shows that there are duplicate session aggregators.
PRJ-9260.
PMTR-49143
Multi-Domain Management Upgrade of Multi-Domain Server might fail when the source version is R80.10 and there is no license configured on the target machine.
PRJ-10745,
PMTR-50936
Multi-Domain Management In some scenarios, policy installation from the Domain Management Server fails after mds_backup procedure that was interrupted. Refer to sk165559.
PRJ-8450,
PMTR-47772
Multi-Domain Management The Administrator and Trusted Clients pop-up editors at the Multi-Domain Server level show all domain names linked to these objects. Domain Managers with partial permissions, may see the names of domains that they are not permitted to see.
PRJ-5099,
PMTR-41234
SmartConsole When editing the description of a revision, the "Changes" field is reset to 0.
PRJ-9020,
PRJ-8753
SmartConsole In some scenarios, on a Global domain, when the user sets a logging option of an IPS protection whose activation is Detect or Prevent, the activation of the protection is set to "Inactive" on the local domain after an Assign Global Policy operation. 
PRJ-8133,
PMTR-45751
SmartEvent "The process <process-name> which is monitored by watchdog restarted more than once in the last half an hour" error might appear in the SmartEvent GUI status window even though the process has been up for more than 30 minutes.
PRJ-10141,
PMTR-43309
SmartProvisioning Deletion of LSM Robo cluster may cause the FWM process so stop working.
PRJ-7881,
PRJ-7879
Security Gateway In a rare scenario, there is no HTTPS Inspection when ICAP client is enabled. 
PRJ-7373,
PMTR-45566
Security Gateway Improved multicast routing under high load and/or during system initialization.
PRJ-10029,
PMTR-50431
Security Gateway In a rare scenario, when the web server is defined, policy installation fails with "Error code 0-20000111".
PRJ-6697,
PMTR-44388
Logging In some scenarios, exporting a large number of logs to Excel may fail and cause SmartView to restart.
PRJ-9970,
SL-3551
Logging In a Multi-Domain environment, one or more CMA's SMARTLOG_SERVER processes may fail to start after upgrade. Refer to sk165262.
PRJ-8681,
PRHF-7856
Logging In some scenarios, Threat Emulation Logs cannot be viewed in the logging or reporting views because of a certain format of the "file size" field sent from the Security Gateway.
PRJ-2628 Logging In some scenarios, in a Multi-Domain environment with more than 50 domains, some domains are not seen in the SmartEvent GUI.
PRJ-10757,
IDA-2866
Identity Awareness In some scenarios, multiple "idapi_load_data_impl: session id <Session ID> not found in client_db, although ip <Session IP> was assigned to it" errors appear in /var/log/messages file.
PRJ-8423,
IDA-2022
Identity Awareness Identity Awareness performance improvements in large scale environments. 
PRJ-10736,
PRHF-9265
SSL Inspection In a rare scenario, a memory leak might appear when SSL inspection is enabled.
PRJ-8339,
PMTR-47846
SSL Inspection In a rare scenario, memory leak may appear in ICAP client when HTTPS Inspection is enabled.
PRJ-7652,
PMTR-45863
SSL Inspection HTTPS Inspection's default CA certificate was upgraded to use a signing algorithm based on SHA256 instead of SHA1. Refer to sk163932
PRJ-7843,
PMTR-45726
Routing In a rare scenario, Netflow does not report outbound flow records. 
PRJ-8767,
PMTR-46170
Routing PIM might be unable to resolve outbound interface of multicast route when unicast route lookup fails.
PRJ-7491,
PMTR-39273
Routing In some scenarios, the CLISH command for PBR results in an error. 
PRJ-9073,
PRHF-8337
Routing In some scenarios, a corrupted BGP AS4_PATH attribute value might result in an invalid, long BGP update that is rejected by the BGP peer.
PRJ-9126,
PMTR-46873
SecureXL NEW: Added acceleration support for Ethernet Over IP Tunneling (EOIP). EOIP is RFC 3378 protocol # 97 used between Wireless AP and Wireless Cisco controller. 
PRJ-8984,
PMTR-44150
SecureXL When NAT-T packets pass through a standalone gateway, this traffic might be dropped if SecureXL is enabled.
PRJ-10805,
PRJ-10806,
PMTR-50836
Gaia OS CVE-2020-8597: pppd is vulnerable to buffer overflow. Refer to sk165875.
PRJ-9038,
PMTR-29811
VPN Connectivity improvement of IPSec tunnels when IKEv2 is configured.
PRJ-11034,
PMTR-36437
VPN In some scenarios, VPN traffic distribution change might cause high CPU consumption on one CPU core. Refer to sk165853.
R80.20 Jumbo HotFix - General Availability Take 141 (20 February 2020, GA from 03 March 2020)
PRJ-9975,
PRJ-9968
Security Gateway In a rare scenario, a non-HTTP traffic on port TCP/80 is dropped.
PRJ-10117,
PMTR-43665
Application Control
HTTPS Inspection
In some scenarios, when Application Control and HTTPS Inspection are enabled and detailed or extended log is used, applications may not be matched correctly.
PRJ-5529,
PMTR-42941
CloudGuard In some scenarios, centrally distributed license disappears from CloudGuard Gateways. Refer to sk151794.
R80.20 Jumbo HotFix - Ongoing Take 138 (10 February 2020)
PRJ-9053,
PMTR-44668
Security Management In a rare scenario, the FWM process will utilize 100% CPU, and connections to SmartConsole might fail.
R80.20 Jumbo HotFix - Ongoing Take 135 (23 January 2020)
Note: This Take updates Take 134 released on 14 January 2020.
PRJ-8216,
PMTR-47601
Security Management Management HA synchronization fails with error "Failed to export data" on Multi-Domain Management or Security Management server environment with at least 3 machines. Refer to sk164792.
R80.20 Jumbo HotFix - Ongoing Take 134 (14 January 2020)
PRJ-7660 Upgrade Tools In some scenarios, migration with R80.20 Migration Tool fails with "Database export was done with migration tools for different version" error.
PRJ-6821,
PMTR-37053
Upgrade Tools In some scenarios, cannot export a database using the migration tools of the current version while there are open sessions in the database. 
PRJ-3378,
PMTR-39797
Security Management In a rare scenario, the $CPDIR/tmp/ directory is filled with "CKP_mutex::_opt_CPsuite-RXX_fw1_log__..." files. Refer to sk36754.
PRJ-5494,
PRHF-5881
Security Management NEW: Added the policy verifier memory enhancement and additional debugging options. Refer to sk162453.
PRJ-4970,
PRHF-5435
Security Management In some scenarios, disconnected sessions with no changes or locks appear in SmartConsloe session view. 
PRJ-3038,
PMTR-39305
Security Management In some scenarios, the Management Server takes a long time to start or even fails to start.
PRJ-8094,
PRHF-7729
Security Management In some scenarios, policy installation fails when installation target is Check Point Host. 
PRJ-7917,
PRHF-7614
Security Management When installing policy to a Cisco router, an automatic ACL number change may cause networking issues. 
PRJ-7412,
CPM-2541
Security Management In a rare scenario, all users connected to the Management Server get disconnected and new logins fail until the Management Server is restarted. 
PRJ-5096,
PMTR-41712
Security Management When an administrator edits the description of a revision, he becomes the publisher of the revision. 
PRJ-7039,
PRHF-6722
Security Management The 'fwm sic_reset' command does not print which object still has an IKE certificate. 
PRJ-7105,
PRHF-6605
Multi-Domain Management The cma_migrate might fail if the IPS version does not exist on the R80.x Multi-Domain Management Server.
PRJ-7832,
PMTR-43461
Multi-Domain Management In some scenarios, upgrade of R7x secondary Multi-Domain Management Server or Multi-Domain Log Server fails.
PRJ-6694,
PMTR-44390
Multi-Domain Management Improved Domain/CMA logs visibility.
PRJ-4261,
PMTR-45046
SmartConsole When performing login using mgmt_cli as root admin (with '-r' set to "true"), session timeout is not set.
PRJ-6842,
API-841
SmartConsole NEW: Added integration of Management API with Ansible 2.9. For more info, see: https://galaxy.ansible.com/check_point/mgmt
PRJ-7944,
PMTR-46715
SmartConsole In some scenarios, when running the "show-mdss" command with "details-level full" option, not all Domains are retrieved.
PRJ-6941,
PRHF-6754
SmartConsole In a rare scenario, policy installation fails with "Policy installation had failed due to an internal error". Refer to sk163482.
PRJ-6643,
PRHF-6606
SmartConsole In some scenarios, administrator cannot open the 'RemoteAccess' - VPN community object for editing. 
PRJ-6933,
PRHF-6842
SmartConsole Threat prevention policy installation may include wrong topology warning on VSX cluster interfaces.
PRJ-5373,
PMTR-43427
SmartConsole In Multi-Domain environment, IPS protections become staging on each domain after global policy assignment while the protection does have override/staging status in the global domain.
PRJ-2437,
PRHF-4184
SmartConsole When disabling NAT for a network object and searching for the NAT IP address, the network object is still shown as part of the search results even though it should not be. 
PRJ-6046,
PMTR-43654
Security Gateway Improved misleading log for connections that terminate before detection. 
PRJ-5889,
PRHF-6029
Security Gateway In some scenarios, enabling the Multi-Queue on a line card enables the Multi-Queue also on the on-board interfaces. Refer to sk162622
PRJ-7486,
GAIA-4638
Security Gateway Connectivity issues on some HTTPS sites (as login pages) when Security gateway is configured as proxy. Refer to sk147878
PRJ-8196,
PMTR-47784
Security Gateway Since R80.20, in some scenarios, predictable TCP sequences are generated by the Security Gateway. Refer to sk164775.
PRJ-7869,
SWG-2361
Security Gateway Improved DNS caching and negative DNS response handling.
PRJ-8097,
PMTR-46330
Security Gateway Improved a Proxy connectivity while Anti-Virus blade works in Hold mode.
PRJ-7338,
MUX-193
Security Gateway In a rare scenario, Security gateway may crash.
PRJ-7243 Security Gateway In some scenarios, connectivity issues may appear when ISP redundancy is configured.
PRJ-7751,
PRHF-7389
Security Gateway In some scenarios, no SIC after applying the ICA certificate replacement procedure.
PRJ-7622,
PMTR-31257
Logging In a rare scenario, when exporting logs to Excel, the resulted file is smaller than expected.
PRJ-7814,
PMTR-42519
Logging In a rare scenario involving multiple disconnections and reconnections between Security gateway and Log Server, connection is not automatically restored and logs may not be written locally. Refer to sk164852.
PRJ-6854,
PMTR-42177
Logging In a rare scenario, the "Logs & Monitor" view in SmartConsole freezes while scrolling down the results. 
PRJ-6639,
SL-2819
Logging In some scenarios, the user cannot see his Check Point logs in the LogRhythm platform using Log Exporter.
PRJ-5880,
QOS-67
QoS  QoS Time Objects are not enforced in R80.20. Refer to sk163074
PRJ-1020,
PRHF-2795
DLP DLP activation was optimized to reduce the CPU consumption.
PRJ-8195,
MBS-8939
URL Filtering In some scenarios, HTTPS traffic is not categorized as expected.
PRJ-7718,
PMTR-39944
Application Control In some scenarios, HTTP traffic is blocked with "HTTP parsing error occurred (2)" and "parameters are undecodable in request" errors. Refer to sk160092.
PRJ-7637,
PMTR-46064
ClusterXL The "set router-options auto-restore-iface-routes" command is now deprecated. 
PRJ-7552,
PRHF-7071
ClusterXL In a rare scenario in a ClusterXL environment, SYN Defender may incorrectly drop a valid traffic.
PRJ-2546 SecureXL In some scenarios, SNMP queries for SecureXL OIDs return incorrect values.
PRJ-6946, PRHF-6356 SecureXL Some traffic may not pass when Policy Based Routing (PBR) and SecureXL are enabled. Refer to sk163252.
PRJ-4827,
PRHF-5032
SecureXL With SecureXL enabled, after VRRP cluster failover all TCP connections become expired. Refer to sk162052.
PRJ-7560,
PRHF-7247
SecureXL In some scenarios, when SecureXL is enabled, it drops the TCP traffic for the particular connection for invalid state reasons. Refer to sk147093.
PRJ-6747,
PMTR-42788
SecureXL In a rare scenario, FTP Data connections do not pass while SYN Defender is active and enforcing.
PRJ-6750,
GAIA-5914
SecureXL Drop templates are not disabled for USFW (User space Firewall mode).
PRJ-1544,
GAIA-4880
Gaia OS In some scenarios, the VSX Management fails to be properly restored from backup.
PRJ-6789,
PRJ-6159,
PRHF-6143
Gaia OS "Gaia Web-UI recognized a non-valid input data" error when creating a scheduled backup in WebUI via SCP or FTP with special characters used.
PRJ-6589,
GAIA-6588
Gaia OS 16000 and 26000 Appliances with CPAC-4-1/10F-C NICs (using i40e driver) connected to some specific Cisco switches are flapping. Refer to sk163267.
PRJ-7406,
PMTR-45530
Routing When MaaS tunnels are added, the routed process might stop working.
PRJ-6577,
PRHF-6603
Routing For compliance and interoperability with BGP peers implementing older RFC, no BGP capability is advertised if peer does not advertise it first. 
PRJ-5883,
VSX-2190
VSX The "vsx_util vsls" command does not display in full the long names of the VSX server name. Refer to sk163073.
PRJ-6964,
PMTR-44031
VSX In some scenarios, when running the 'cphaprob show_bond' command, one of the bond's slaves might be missing from the output. Refer to sk163333
PRJ-3403,
VPNS2S-417
VPN SmartView Monitor VPN tunnel status may show incorrect or missing tunnels status for a cluster object. 
PRJ-1993,
PMTR-37912
VPN NEW: Improved supernetting handling with 3rd party peers in IKEv2.
PRJ-7265,
CRYPTOIS-903
VPN In some scenarios, connectivity issue may appear in VPN and HTTPS portals. Refer to sk109140.
PRJ-7121,
VPNRA-300
VPN Packets from SSL Network Extender are dropped: "Reason: decrypted and user methods are not identical (VPN Error code 01)". Refer to sk163636
PRJ-2603,
PMTR-25655
VPN If the VPN tunnel is configured with GCM ciphers for Phase 2, encrypted traffic may be dropped when SecureXL is enabled. Refer to sk152832.
PRJ-7182,
PMTR-44859
CloudGuard Public IP addresses for Virtual Machines and Virtual Machines Scale Sets might be missing.
PRJ-7065
PMTR-45006
CloudGuard In some scenarios, subnet objects might not contain all the relevant IP addresses for VMSS VMs.
PRJ-7381,
PRHF-7119
CloudGuard During a license pool creation, when a blade service is shared between different licenses, the vsec_lic_cli tool may create multiple pools instead of one.
PRJ-5940,
PRHF-5289
Endpoint Security NEW: Added the feature to use epmCommands with object nids. 
PRJ-5754,
EPS-22621
Endpoint Security Endpoint Management might fail on FileVault recovery for MacOS clients when а computer re-joins a domain.
PRJ-5942,
PRHF-5936
Endpoint Security Some messages in self-help portal are not properly localized in Japanese.
PRJ-7302,
PRHF-4371
Mobile Access In a rare scenario, when Mobile Access blade is enabled, Security gateway may crash with vmcore.
R80.20 Jumbo HotFix - Ongoing Take 127 (03 December 2019)
PRJ-4929,
PMTR-41602
Upgrade In some scenarios, the FWM process fails to start after a successful upgrade with the "Found an indication that the current domain was migrated, and the migration had failed. Cannot start after a migration failure" message in fwm.elg file.
PRJ-5664,
PRHF-6087
Security Management In some scenarios, purge revisions fails and blank lines, that cannot be deleted, appear in SmartConsole Revisions view. Refer to sk163116.
PRJ-5660,
PRHF-5965
Security Management Blank lines may appear in SmartConsole Purge Revisions view after purging a large database>
PRJ-4834,
PRHF-5419
Security Management The FWM process might stop working when an incorrect license SKU with a specific format is applied.
PRJ-5756,
PMTR-43497
Security Management High Availability synchronization between Management Servers may fail when there is no enough disk space in the root partition. 
PRJ-4728,
PMTR-41157
Security Management After deleting a network object that is part of a network group, the audit log of the group modification does not show who is the removed member. Refer to sk164057.
PRJ-5412,
PRHF-5815
Security Management In some scenarios, policy Installation fails with "Operation failed, install/uninstall has been improperly terminated" error. Refer to sk162855
PRJ-5556,
PMTR-43278
Security Management In some scenarios, policy installation fails with "Policy installation failed on gateway. If the problem persists contact Check Point support (Error code: 0-2000117)". Refer to sk162554
PRJ-5655,
PRHF-5776
Security Management In some scenarios, cpm_status.sh reports incorrect CPM status. Refer to sk162633
PRJ-4874,
PRHF-5274
Security Management In some scenarios, when setting or modifying the Email/Phone fields of an administrator, the old values still appear at the bottom pane under "View Sessions" instead of the updated values.
PRJ-5426,
PMTR-41518
Security Management In some scenarios, policy fetch fails if name of the Security gateway that tries to fetch this policy is not defined in DNS. Refer to sk150472.
PRJ-3392,
PMTR-40003
Multi-Domain Management Objects on Domain level that should be shown on the Multi-Domain Server level, sometimes are not shown correctly.
PRJ-6669,
PMTR-44148
Multi-Domain Management In some scenarios, traffic outage may happen after policy installation from Multi-Domain SmartConsole. Refer to sk163712.
PRJ-6992 Multi-Domain Management The Gaia restore of Multi-Domain Server fails when using Take 103, 117 and 118 of R80.20 Jumbo Hotfix Accumulator. Refer to sk163473.
PRJ-4665,
PMTR-41210
Multi-Domain Management The FWM process may stop working when there is no valid license on the Multi-Domain Server. 
PRJ-103,
PRHF-3002
SmartConsole Cannot delete Global Host object from the Global Domain if the name matches the name of Multi-Domain Management. Refer to sk151192.
PRJ-5526,
PRHF-5527
SmartConsole In some scenarios, applying "Where used" from the local Domain on an object that is used in global policies, may return results from the global policies that are not assigned to the local Domain. Refer to sk162753.
PRJ-3949,
PRJ-7071
SmartConsole In a rare scenario, when editing a Star VPN community, SmartConsole terminates.
PRJ-6127,
PRHF-6532
SmartConsole In some scenarios, the "Installed IPS Version" information is empty in the "Gateways and Servers" view.
PRJ-1676,
SL-1890
SmartView In some scenarios, Hit Count on specific rules does not increment after they were recently created or re-ordered.
PRJ-5629,
PRHF-5810
SmartView In SmartView, when exporting logs to Excel after drill-down, the amount of logs is less than expected. Refer to sk162621.
PRJ-4201,
PMTR-40076
Logging NEW: Added support for "SmartView for QRadar" extension. Refer to sk122323.
PRJ-5295 Logging NEW: Added new Log Exporter feature to export links to the relevant log and log attachments (such as Forensics\TE report).
PRJ-870,
PRHF-2806
Logging In a rare scenario, SmartConsole does not show indexed logs because the log_indexer process stopped working. Refer to sk152934.
PRJ-4964,
SL-2456
Logging In a rare scenario, a specific log fails to be written and an alert informing on this is displayed in SmartConsole. 
PRJ-5936,
PRHF-5344
Logging In some scenarios, when retrieving the UserCheck logs, FWD process on the Security gateway may stop working.
PRJ-1157,
PRHF-3561
Logging In SmartView, if a view contains 2 map widgets, one displaying source countries and the other displaying destination countries, drilling down on one of them may display incorrect data.
PRJ-5783,
PRHF-6117
Compliance In some scenarios, the Compliance blade treats a non-existing rule as if it was a real rule and shows the rule index in the Firewall Best Practices relevant objects.
PRJ-5316,
NAT-137
Security Gateway In a rare scenario, Security gateway freezes when IP pool NAT and VPN are used. Refer to sk165953.
PRJ-5810,
PMTR-37949
Security Gateway In some scenarios, traffic is dropped with 'up_transaction_notify_clob failed' error in dmesg when Application Control is enabled.
PRJ-1871,
PRHF-3940
Security Gateway In some scenarios, when using Hide NAT with GRE tunnel, packets going through this GRE tunnel may get dropped. Refer to sk154492.
PRJ-5432,
PMTR-42553
Security Gateway Non-FQDN domain objects may not be enforced correctly when used in the Access policy along with updatable objects. 
PRJ-1700,
PRJ-4482
Security Gateway In some scenarios, the /var/log/messages file is flooded with ICAP related errors.
PRJ-5987,
PMTR-10094
Security Gateway In a rare scenario, some commands on Security gateway fail and traffic might be dropped.
PRJ-5869,
SWG-2208
Security Gateway In a rare scenario, Security gateway crashes when proxy is enabled.
PRJ-4106,
PRHF-2796
Security Gateway In some scenarios, logs cannot be seen because the log_indexer process stopped working.
PRJ-5085,
PMTR-41407
Security Gateway Access rulebase might not be enforced properly when wildcard objects are used in in source and destination columns. Refer to sk162692.
PRJ-4748,
PRHF-5313
Security Gateway In a rare scenario, the FWK process stops working during debug.
PRJ-3349,
SWG-2013
Security Gateway In some scenarios, a designated interface might drop packets.
PRJ-6660,
PRJ-6655
Security Gateway Performance enhancement for gzip traffic on VSX environment.
PRJ-2989,
PMTR-34813
Security Gateway In some scenarios, traffic is dropped with "[ERROR]: network_classifier_handle_dag: failed to get uuid of DAG bogus_ip" error in dmesg.
PRJ-5483,
NAT-110
Security Gateway NEW: Enhancement: NAT port exhaustion logs mechanism was updated. Refer to sk156852.
PRJ-1782,
PRHF-3890
SSL Inspection NEW: Added support of RDP over SSL inspection as part of HTTPS Inspection blade. (Relevant for Remote Desktop Protocol Vulnerability CVE-2019-0708.) 
PRJ-5468,
PMTR-38358
SSL Inspection In some scenarios, several applications are not matched correctly when HTTPS Inspection enabled and URL Filtering is in HOLD mode. 
PRJ-5490,
PRJ-4758
URL Filtering NEW: Improved scalability and resiliency of URL Filtering service. 
PRJ-7463,
PMTR-45826
IPS  Cannot update the Geo Policy IPToCountry database on Security Gateways. Refer to sk163672
PRJ-4359,
PMTR-40826
SecureXL In a rare scenario, Security gateway may crash if cpinfo reads from the /proc/ppk/cpls directory before SecureXL is initialized. 
PRJ-6107,
PRHF-5706
SecureXL In some scenarios, connection does not to expire correctly when NAT and some Software Blades are enabled. 
PRJ-4782,
PMTR-40553
SecureXL NEW: "sim if" and "sim nonaccel" commands will be deprecated. Instead, "fwaccel if" and "fwaccel nonaccel" commands will be used to accommodate multiple SecureXL instances. 
PRJ-1251,
PRHF-3608
SecureXL On cluster, Drop templates are disabled on reboot. Refer to sk153412
PRJ-7175 SecureXL Cannot configure or use the "SecureXL Fast Accelerator" feature after installing R80.20 Jumbo HotFix Take 117 or 118.
PRJ-6099,
PRHF-5450
SecureXL In some scenarios, SecureXL drops TCP packets with "Out of state" reason.
PRJ-4590,
PMTR-41002
ClusterXL In some scenarios, arp table is not synchronized with master MAC address after fail-over.
PRJ-5895,
PRHF-6145
Endpoint Security Exported from SmartEndpoint .xlsx files may produce a warning when opened in Excel.
PRJ-586,
EPS-20841
Endpoint Security In some scenarios, SmartEndpoint shows "Unknown Error" when trying to open the "User and Computers" Tab "Top Bots" and software deployment by policy reports. Refer to sk151932
PRJ-2915,
EPS-21658
Endpoint Security In some scenarios, when searching for a machine in SmartEndpoint and selecting it, a "Server Error" message appears. Refer to sk158432.
PRJ-2322,
EPS-21609
Endpoint Security If there is a large amount of devices which are going to be removed from the Deleted Container, the server may fail to process the epmCommands, returning "FATAL: remaining connection slots are reserved for non-replication superuser connections" error.
PRJ-6055,
PRJ-1757,
PRHF-3943
Gaia OS A network interface may restart when changing its properties from WebUI if the interfaces configuration was performed via CLISH.
PRJ-6685,
PRJ-6990,
PMTR-44076
Gaia OS In some scenarios, Gaia restore on Multi-Domain Server fails with error "failed to edit update registry". Refer to sk163312.
PRJ-1260,
PRHF-3675
Gaia OS CPD process may stop working when attempting to query sensor values on Smart-1 525, Smart-1 5050 and Smart-1 5150 appliances.
PRJ-6037,
GAIA-6587
Gaia OS In some scenarios, the Smart-1 3150 appliance becomes unresponsive after enabling the optical interface.
  • To upgrade to R80.20 using the Jumbo Hotfix, make sure all the interfaces are in state OFF. Refer to sk146512
PRJ-407,
PRJ-5595,
PRHF-1739
Gaia OS In some scenarios, Smart-1 405 and 410 appliances may show high voltage due to incorrect VBat thresholds.
PRJ-3361 Gaia OS '|' and '-' characters cannot be used in the message banner.
PRJ-963,
PRHF-2474
Gaia OS In some scenarios, user cannot access terminal from WebUI in monitor role mode.
PRJ-5999,
ROUT-445
Routing In a rare scenario, last two (or more) nexthops of a BGP ECMP route disappear simultaneously and are not removed from the forwarding database. Refer to sk153552.
PRJ-6109,
PRHF-6139
Routing In a rare scenario, the routed process might stop working during ClusterXL failover when BGP is configured. Refer to sk165682.
PRJ-3613,
ROUT-679
Routing In some scenarios, OSPFv3 LS updates of the default route are not accepted by the Security gateway for Stub/TSA areas. Refer to sk161472
PRJ-6061,
PRHF-2798
Routing In a rare scenario, the routed process may stop working when a route with a local address as a nexthop is received. 
PRJ-4848,
ROUT-484
Routing In some scenarios, legitimate subnets of 0.0.0.0 (for example 0.0.0.0/1) cannot be configured for certain routing features, like static routes, PBR, routemaps, etc. 
PRJ-4675,
PMTR-41221
VSX VSX configuration cannot not be applied after upgrade from R77.x to R80.x, due to duplicated VSX routes.
PRJ-5921,
PRHF-6345
VSX In some scenarios, IGMP traffic is dropped by "local interface address spoofing" in VSX HA. Refer to sk162953.
PRJ-4647,
PRHF-4819
VPN In some scenarios, traffic is not working over Site-to-Site VPN after an upgrade when SecureXL is enabled. 
R80.20 Jumbo HotFix - General Availability Take 118 (27 October 2019, GA from 04 November 2019)
PRJ-6085,
PRJ-6078
ClusterXL After installing Jumbo HotFix Take 117 only on a standby member, it's outgoing traffic does not pass.
R80.20 Jumbo HotFix - Ongoing Take 117 (13 October 2019)
PRJ-2725,
PMTR-38948
Upgrade Added a pre-upgrade verification that Global network objects with NAT configuration are not supported.
PRJ-3605,
PMTR-39644
Security Management Added ability to automatically determine the API process memory allocation to avoid "Out of memory" errors. Refer to sk119553.
PRJ-2338,
PRHF-4046
Security Management In some scenarios, user cannot discard or publish a worksession, receiving the general message "Internal error".
PRJ-4305,
PMTR-40468
Security Management Added a mechanism to prevent the Management Server from starting if an import process was interrupted.
PRJ-3872,
PRHF-3463
Security Management In some scenarios, size of the shadow_object.C file increases after each policy installation, eventually causing a failure in installing a policy.
PRHF-3242,
PRJ-658
Security Management In a rare scenario, the policy verifier ignores rules with object named "Internet" used with negate operator.
PRJ-4515,
PMTR-39361
Security Management Cannot export a .pdf file from the Licence inventory view after Jumbo HotFix installation on the Management server.
PRJ-1374,
CPM-2242
Security Management High Availability synchronization between Management Servers fails with "Couldn't get peers for peers ids" message in the cpm.elg file.
PRJ-4240,
PMTR-38720
Security Management When many users are connected to and actively working in the same domain in SmartConsole, they may experience:
  • Slowness in SmartConsole responses
  • Long duration of operations
  • High load on the Management Server
PRJ-3690,
PMTR-36555
Security Management New policy creation may fail when there are no installation targets defined in this policy. 
PRJ-5025,
PRHF-4877
Security Management In some scenarios, policy verification process fails after reaching memory size of 4GB. Refer to sk161412.
PRJ-1517,
CPM-2264
Security Management Performance and stability improvements in large High Availability setups.
PRJ-2646,
PMTR-38095
Security Management In a rare scenario, the Security Management server does not start due to a missing object, or a duplication of objects.
PRJ-5250 Multi-Domain Management NEW: Added the Domain Management Migration, Backup and Upgrade feature:
  • Backup and restore an individual Domain Management Server on a Multi-Domain Server.
  • Migrate a Multi-Domain Security Management from one Multi-Domain Server to a different Multi-Domain Server.
  • Migrate a Security Management Server to become a Domain Management Server on a Multi-Domain Server.
  • Migrate a Domain Management Server to become a Security Management Server.
For more information see sk156072 .
PRJ-2787,
PMTR-41157
Multi-Domain Management In some scenarios, upgrade from R80 fails due to an internal error related to deprecated application objects. Refer to sk157752.
PRJ-3880,
PRHF-5177
Compliance In some scenarios, some of the Best Practices show "N\A" status in the Compliance blade dashboard.
PRJ-2644,
SL-2509
Logging  Running views and reports with a filter fails if the filter contains a "NOT" operator combined with parentheses. 
PRJ-395,
PMTR-28518
Logging  In some scenarios, lea_session processes consume 100% CPU causing the machine to slow down. 
PRJ-1324,
PRHF-3690
Logging  In some scenarios, when running mdsstart, the following error message is shown: "/opt/CPSmartLog-R80.20/bin/smartlogstop: line 65: /opt/CPmds-R80.20/customers/<name>/CPSmartLog-R80.20/log/smartlogRun.log: No such file or directory".
PRHF-4497,
PRJ-3209
Logging In some Full HA environment scenarios, the "Logserver <Cluster virtual IP> is disconnected" error pops up in SmartConsole log view.
PRJ-1310,
PRHF-3681
Logging In the Logs & Monitor view, the "File size" field is missing from the logs generated by Media Encryption & Port Protection blade. Refer to sk157952.
PRHF-4975,
PRJ-4061
Logging In some scenarios, when exporting logs with "Visible columns" option selected from SmartView, some columns return empty record. Refer to sk161712.
PRJ-3642,
PRHF-2607
Logging In some scenarios, when SAM activity is defined and a Log server receives a high amount of packets, the FWD process on the Log server stops working.
PRJ-3011,
PRHF-1554
Logging In some scenarios, the log maintenance mechanism deletes the earliest logs due to mistake in Emergency mode maintenance. Refer to sk163813.
PRJ-3363,
PMTR-34580
Multi-Domain Management In some scenarios, Administrator does not see that a revision was created in its Domain (on Domain level) after a Global policy was assigned to it.
PRJ-798
PMTR-36765
Multi-Domain Management  In some scenarios, the "Unable to connect to server. Please make sure the server is up and running." error appears when trying to log into single Domain from SmartConsole. Refer to sk153293.
PRJ-3687,
PMTR-7744
Multi-Domain Management "dleserver.utils.UidManager" errors on cma_migrate failure on Multi-Domain Server upgraded from R80. 
PRJ-4413,
PRHF-3285
Multi-Domain Management In a rare scenario, FWM process stops working on the Domain level during login. 
PRJ-1881,
PRJ-783
SmartConsole In some scenarios, user cannot delete a VS object since it is referenced by an automatically generated exception rule. 
PRJ-4135,
PRHF-1847
SmartConsole Administrators with "\" in their username receive the "Error Occurred" pop-up when trying to view a packet capture. Refer to sk140992
PRJ-4430,
PMTR-27392
SmartConsole In some scenarios, when there is a large quantity of unused permission profiles in the system, the CPM server takes a long time to start.
PRHF-2194,
PRJ-4433
SmartConsole In some scenarios, Client certificate is removed when deleting Domain that is included in certificate's permissions. 
PRJ-1969,
PRJ-4546,
PRHF-3268
SmartConsole

In setups with a large quantity of network object, users may experience slowness when editing the HTTPS Inspection policy. Refer to sk147134.

  • This fix requires R80.20 SmartConsole Build 081 to be installed.
PRJ-4531,
PRJ-965
SmartConsole In a rare scenario, the DNS Maximum Reply Length IPS protection is not enforced.
  • This fix requires R80.20 SmartConsole Build 081 to be installed.
PRJ-3869,
PRHF-4655
SmartConsole In a rare scenario, when user clicks on Mail Transfer Agent (MTA) options in the Security gateway settings or on 'Next hop' column inside MTA settings, SmartConsole shows "Not Responding" and freezes. Refer to sk161232
  • This fix requires R80.20 SmartConsole Build 081 to be installed.
PRJ-777 SmartConsole In a rare scenario, the FTP Bounce, Port Overflow and Known Ports IPS protections are not enforced.
  • This fix requires R80.20 SmartConsole Build 081 to be installed.
MCFG-199,
PRJ-2383
SmartProvisioning SmartUpdate generates audit log even when no action was taken. 
PROV-2068,
PRJ-4671
SmartProvisioning In some scenarios in SmartProvisioning:
  • When executing Run Script on SmartProvisioning profile, the application disconnects from the server and is closed.
  • When executing Push Settings and Actions the "The action was not performed due to maintenance mode" error appears.
PRJ-5512,
PMTR-42219
Security Gateway In some scenarios, fw monitor on Security gateway shows some packets that are handled by SecureXL and not FireWall-1.
PRJ-5502,
PMTR-40456
Security Gateway In a rare scenario, using "kill" or pressing Ctrl+C on the "fw monitor" process does not finish it. 
PRJ-5509,
PMTR-38750
Security Gateway In some scenarios, fw monitor fails to show IPv6 traffic in SecureXL. 
PRJ-5504,
PMTR-40523
Security Gateway In some scenarios, the "fwmonitor_kiss_add_to_global_buf: all the buffers are full" error is displayed even after the heavy traffic is stopped.
PRJ-5506,
PMTR-40455
Security Gateway In a rare scenario, Secure Network Distributor (SND) consumes high CPU when running fw monitor.
PRJ-5507,
PMTR-41300
Security Gateway In some scenarios, when running "fw monitor" with "-e" flag, SecureXL traffic is not filtered, and all traffic is displayed.
PRJ-5503,
PMTR-39556
Security Gateway In some scenarios, incorrect chain number and name are displayed by "fw monitor -p all". 
PRJ-5497,
PMTR-39046
Security Gateway Added ability for fw monitor to support monitoring traffic on Acceleration Card.
PRJ-4310,
STRM-149
Security Gateway In some scenarios, a remote client disconnects after one hour although the session is not idle. Refer to sk160213.
PRJ-770,
SWG-1922
Security Gateway  In a rare scenario, memory usage may rise on Security gateway, when using service with resource with "Optimize URL logging" feature enabled. Refer to sk153052.
SWG-2174,
PRJ-4179
Security Gateway Some Web sites cannot be opened when Content Awareness or Anti-Virus/Anti-Bot is enabled, and Security gateway is configured as proxy. 
PRJ-2918,
UP-293,
PRHF-4494
Security Gateway In a rare scenario, Security gateway may crash due to NULL pointer dereference.
PMTR-40937,
PRJ-4613
Security Gateway In some scenarios, VoIP traffic is dropped with "allocate_port_impl: could not find a free port;" error in dmesg.
PRJ-697,
QOS-22
Security Gateway In a rare scenario, Security gateway crashes during QoS policy installation.
PMTR-35854,
PRJ-3040
Security Gateway In a rare scenario, changing the xmit-hash-policy of the bonding group while machine handling traffic, causes it to crash. Refer to sk154573.
PRJ-4806,
PMTR-41392
Security Gateway  Added ability to enable NAT over specific IP address avoiding a source port allocation.
PRJ-1016,
PRHF-5456
Security Gateway In some scenarios, packets with TTL1 are dropped when using security zones in the Access rulebase. 
PRJ-3562,
STRM-109
Security Gateway  Disabling connections timestamp does not work on active streaming connections. Refer to sk62700.
PRJ-4760,
PMTR-40677
IPS In some scenarios, IPS update fails as a result of error in management server installation. 
PRJ-3766,
MUX-174
Content Awareness  In some scenarios, when the Content Awareness blade is enabled, uploading files via ShareFile stucks at 100%. 
PRJ-5764 HTTPS Inspection Improved TLS implementation for TLS Inspection and Categorization - Server Name Indications (SNI).
TLS 1.2 support for additional cipher suites:
  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_RSA_WITH_AES_256_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  • X25519 Elliptic Curve
  • P-521 Elliptic Curve
  • Full ECDSA support
Also was improved the fail open/close mechanism and logging for validations.
For the complete list of supported cipher suites, see sk104562.
PRJ-4839,
PMTR-4178
SSL Inspection In a rare scenario, when SSL Inspection is enabled and there is big latency, Microsoft websites (for example Azure) may not respond. Refer to sk150175.
PRJ-3368,
PMTR-13884
Threat Prevention Deleting a Threat Prevention profile might fail if the IPS profile has many overrides. Refer to sk136552
PRJ-689,
PMTR-26827
Application Control In some scenarios, custom Application Object that was initiated with wrong "Application Risk" value might cause connectivity problems. Refer to sk140892
PRJ-4517,
PMTR-38645,
GAIA-5872
ClusterXL Added support for Cluster Load Sharing without IPSec VPN. To enable the support, refer to sk162637.
PRJ-1205,
PRHF-3633
ClusterXL  In some scenarios, after adding a vlan to the bond slave cluster member may go down. 
PRJ-3298,
PMTR-38208
ClusterXL In some scenarios, when changing cluster topology and installing the policy, the cluster fails over. Refer to sk156335.
PRJ-3315,
PMTR-37812
ClusterXL  In some scenarios, pushing policy in order to update the cluster topology during high load, causes the members to fail-over. Refer to sk154575.
PRJ-480,
PRHF-3328
ClusterXL  In some scenarios, the xmit-hash-policy of a Bond interface with the vlan causes the cluster member to go down. Refer to sk151412
PRJ-3294,
PRHF-4301
CoreXL  In a rare scenario, custom affinity configuration is overwritten when HT is enabled. Refer to sk158112
PRJ-1201,
PRJ-1843,
PRHF-3487
SecureXL  In some scenarios, Policy Based Routing (PBR) does not work properly when acceleration is enabled.
PRJ-3598,
PMTR-39660
SecureXL In a rare scenario, when SecureXL is enabled, a VSX gateway may crash. Refer to sk160912.
PRJ-1640,
PRJ-1637,
PMTR-37736,
PMTR-37727
SecureXL  In some scenarios, packets with IP options are not forwarded across bridge interfaces. Refer to Issue #3 in sk154892.
PMTR-40703,
PRJ-4620
SecureXL In some scenarios, sending IP fragmented traffic through a Virtual Switch or Virtual Router fails with "Virtual defragmentation error".
PRJ-2114,
PMTR-29033,
PRHF-4050
Routing  In a rare scenario, the Standby member of ClusterXL incorrectly calculates the routing protocol priorities, causing the routes to be synchronized in the wrong way.
PRJ-306,
ROUT-318
Routing In some scenarios, Routed Pnote in 'Problem' state and ClusterXL member is down after enabling OSPF. Refer to sk123317
PRJ-307,
ROUT-209
Routing Enhancement: Improved the memory handling mechanism in Routed. 
GAIA-4695,
PRJ-614
Gaia OS When running "service vmtoolsd restart" command on Gaia installation with VMware, the "Installing memory driver: FATAL: Module vmmemctl not found. [FAILED]" error is displayed although the vmw_balloon.ko driver is loaded.
PRJ-3793,
PRHF-1778
Gaia OS  Enhancement: The maximum size of the arp table was increased to 4096. 
PRJ-440,
PRJ-4541,
02473276
Gaia OS "Authentication failure" error when authenticating with TACACS+ user that has special characters in their password. Refer to sk101332.
PRJ-3625 Gaia OS On Smart-1 525/5050/5150, user cannot open the iDRAC without installing a dedicated Hotfix.
PRJ-3141,
GAIA-2861
Gaia OS In some scenarios, the IGB driver interfaces are occasionally down after reboot of a Management machine. Refer to sk135532.
PRJ-1029
GAIA-5047
Gaia OS Changing the xmit-hash-policy of the bond may cause all static arp entries to disappear from the arp -a output. Refer to sk152892.
PRJ-4152,
PMTR-38041
VPN In some scenarios, the Phase-2 negotiation fails with "Reason: Wrong value for: Encapsulation Mode" after upgrade. Refer to sk157092.
PRJ-1604, PMTR-27831 VPN In some scenarios, when client disconnects from the gateway, the information about the client is not cleared correctly.
PRJ-2874,
PMTR-38894
VPN Connectivity improvement for Remote Access clients in environments with 3rd party VPN tunnels.
PRJ-2347,
PMTR-38631
VPN Remote Access client randomly disconnect / unable to connect when DHCP multi-homed server is configured.
PRJ-2434,
VSX-1866
VSX Added the option to configure reject routes via vsx_provisioning_tool on Scalable Platforms Appliances. Refer to sk151473.
PRJ-5304,
PMTR-42418
VSX Running fw monitor with -v flag on a VSX gateway may cause the fw monitor to quit with the "Segmentation fault" error. Refer to sk162402.
PRJ-3433,
PRHF-5371
VSX  In some scenarios, traffic is dropped on VSX when SecureXL is enabled. Refer to sk160352.
PRJ-4265,
PRHF-5105
VSX  In a rare scenario, machine crashes when using VSX with Virtual Switch (VSW). 
PRJ-4955,
GAIA-6397
VSX  In some scenarios, traffic does not pass in VSX setup with VS-VSW-VS topology and some Threat Prevention blades enabled on VSs. 
PRJ-4683,
SPC-1903
VSX  In some scenarios, running the "fw vsx resctrl monitor disable" command or disabling VSX Resource Monitor via CPView causes crash of the VSX Gateway. Refer to sk144432.
PRJ-4960,
PMTR-38779,
MUX-186
Hardware In a rare scenario, the watchdog process of Falcon Acceleration Card stops working.
R80.20 Jumbo HotFix - General Availability Take 103 (26 August 2019, GA from 22 September 2019)
PMTR-35836,
PRJ-249
Security Management "Runtime error: java.lang.String incompatible with com.checkpoint.management.web_api_is.common.multi_values.objects.MultiStringForSet" error when trying to set a tag to ICMP and ICMP6 services or set those services into a group with API command.
PMTR-36761,
PRJ-716
Security Management A new feature for process tracking was added. If the restart occurs, a 'pstree' command is logged and the process that caused the restart can be tracked.
PMTR-23492,
PRJ-2947
Security Management

Support for Internal CA certificate replacement.

PRHF-2012,
PRJ-1247
Security Management High CPU usage of fwm when SmartEvent is enabled on the Security Management Server. Refer to sk147563.
SMCUPG-719,
PRJ-1686
Security Management Deletion of Domain failed with "Could not send message" error when having large amount of gateways in the domain. The Domain remain without Domain Servers.
PRHF-3283,
PRJ-450
Security Management In a rare scenario, a failure in policy installation causes a false "Policy installation is currently in progress" error message while there is no installation attempt.
PRJ-1899,
PRJ-1901
Security Management After opening and searching in pickers for a few times, the "error retrieving results" message appears when opening a picker.
CPM-2300,
PRJ-1973
Security Management In some rare scenarios CPM server does not start after a failure in delete domain.
PMTR-38249,
PRJ-2161
Security Management In some scenarios, traffic is dropped with "network_classifier_get_dynobjs_for_ip: failed to get UUIDs for IP 0.0.0.0" and "kfunc_ip_ranges_to_dynobj: network_classifier_get_dynobjs_for_ip failed" errors in dmesg when dynamic object is used in access policy.
PRHF-3514,
PRJ-1379
Security Management Upgrade from R7x is failing with core file of cpdb due to an empty field in 'autoupdate_and_install_settings' object.
PRHF-3455,
PRJ-1335
Security Management Inline layers are not verified when there are no selected targets in the 'install on' column.
RJ-1864,
PRJ-1880
Security Management In some scenarios, SmartConsole stops working while adding or removing many objects via Web API.
PMTR-33605,
PRJ-2159
Security Management In some cases on Multi-Domain environments with several servers, tasks still appear in progress after restart of the server even though they are not really running.
PMTR-38103,
PRJ-2490
Security Management In some scenarios, a validation incident about Invalid Email Address is presented in SmartConsole after upgrade from R77.
PMTR-37924,
PRJ-1761
Security Management Due to a failed full sync, FWM was restarted unexpectedly and obsolete domain sessions were used in the global policy assignment.
PMTR-26076,
PRJ-1570
Multi-Domain Management

Synchronization in a Multi-Domain High-Availability setup fails post upgrade from R80 due to duplicate compliance objects.

PRJ-1303 Multi-Domain Management When running the 'add-domain' Web API command on an existing Domain, the original Domain is deleted.
CPM-1730,
PRJ-1403
Multi-Domain Management The Multi-Domain Server database size grows significantly causing operations like 'mds restore' and HA full sync to take a long time.
PMTR-36438,
PRJ-552
Multi-Domain Management

In rare cases, if Domain deletion failed in the past, and following MDS Upgrade or MDS Restore - some objects are missing on Domain or Global level in SmartConsole.

This is relevant specifically under the following cases:

  • Multi-Domain Server upgrade from R80.10 to R80.20.
  • Multi-Domain Server Restore in any R80.x
PRHF-3783,
PRJ-1440
Multi-Domain Management In some scenarios, gateways are missing in the 'Gateways and Servers' view in SmartConsole on the MDS level.
PRHF-3300,
PRJ-592
Multi-Domain Management Multi-Domain Server processes must be stopped before running cma_migrate.
PRJ-2386,
PMTR-38670
Multi-Domain Management In a rare scenario, CPM server fails to start after successful Domain deletion. 
PMTR-36614,
PRJ-2244
Multi-Domain Management The mds_backup command will generate an output file of format .tar instead of .tgz to improve the duration time of backup (mds_backup) and restore (mds_restore) of Multi-Domain Server. Refer to sk163300.
PRJ-2421,
PMTR-38710
SmartProvisioning

In VPN Community managed by SmartProvisioining: 

  • When adding SMB gateway to the VPN community, VPN tunnel may not been established.
  • When changing security profile in VPN community, the VPN settings are not changed.
  • Policy installation fails for cluster member of CO Gateway.
PRJ-2664,
PRJ-2721
SmartProvisioning VPN tunnel of LSM gateway can not be established when CO gateway is managed by Security Management of higher version. Refer to sk106628
PRHF-3392,
PRJ-867
SmartProvisioning In VPN star community managed by SmartProvisioning, VPN tunnels may not be established after installing policy to CO gateway (center). Refer to sk152612.
PMTR-31155,
PRJ-1433
SmartConsole In some scenarios, SmartConsole terminates when installing policy on many targets at once.
PMTR-36527,
PRJ-760
SmartConsole

Redundant layers appear in the output of the 'show-package' command when Global policy holding more than one layer, is assigned to Domain.

PRHF-3415,
PRJ-738
SmartConsole In rare scenarios, upgrade fails with "com.checkpoint.management.classes.dle.triggers.internal.VersionInfo.VersionInfo" NPE in cpm.elg file.
PMTR-24658,
PRJ-1745
SmartConsole Wrong error message displayed in SmartConsole when Domain Server cannot be deleted when it is referenced in the policy.
PRJ-1532,
PRJ-1535
SmartConsole In a specific scenario, Global policy rules may change order after Multi-Domain Server upgrade. Refer to sk155432.
MCFG-200,
PRJ-2559
SmartConsole In "Gateways and Servers" view, gateways are missing status when managing more than 1000 gateways. This fix supports statuses up to 5,000 gateways.
PRJ-1919,
PRJ-2416
Identity Awareness

Security hardening for IDA enforcement according to XFF IP.

PRJ-1926,
PRJ-1952
Identity Awareness Performance improvement of Identity Awareness kernel tables for Cluster and multi-fw1 instances gateways.
PRJ-1926,
IDA-1966
Identity Awareness In a rare scenario, identities are missing from all connected Identity Gateways (PEPs).
IDA-1987,
PRJ-1956
Identity Awareness In a rare scenario, sessions longer than 24 hours disappear from the Identity Gateway (PEP) but exist on the Identity server (PDP)
IDA-1981 Identity Awareness Users are not propagated from the PDP to the PEP on a specific network due to a rare race condition between register and unregister requests triggered by different instances or cluster members.
PRJ-1926 Identity Awareness The output of pep show pdp all command on the Identity Gateway (PEP) contains "inx invalid type (0)" instead of an Identity server (PDP) IP address.
Refer to Scenario #3 in sk156953.
PMTR-32539,
PRHF-3443
Identity Awareness Users are not authenticated when an identity source provides the login name in an 'User Principal Name' format "user@domain". Refer to sk147417
PRHF-2895,
PRJ-334
Security Gateway

After upgrading to R80.20, it is not possible to configure an OSPF interface to have a priority of 0.

PRJ-3735,
PMTR-40259 
Security Gateway In some scenarios, when a connection is accelerated and ICMP packet is sent from a server to a client, it is being dropped by Security gateway. 
PRJ-1490,
GAIA-4689
Security Gateway  In some scenarios, the fwk process virtual memory increases on USFW/VSX environment. Refer to sk160513
PRJ-604,
PRHF-3117
Security Gateway In a rare scenario, routed process stops working when ECMP is enabled for both IBGP and EBGP. Refer to sk162547.
PMTR-25754,
PRJ-773
Security Gateway

Potential NAT issues when using "Hide internal networks behind the Gateway's external IP" along with destination NAT. Potential NAT issues for connections opened from templates due to route change.

PMTR-28915,
PRJ-915
Security Gateway Possible performance impact on NAT port exhaustion scenarios.
PRJ-3675 Security Gateway In some scenarios, when disabling the interface, large amount of "fwmultik_f2p_routing: fw_os_route_retrieve_streaming failed" error messages appears in \var\log\messages file.
PRJ-3330 Security Gateway The Fast Acceleration feature lets you define trusted connections to allow bypassing deep packet inspection. This feature significantly improves throughput for these trusted high volume connections and reduces CPU consumption.
PMTR-21865,
PRJ-1141
Security Gateway In a rare scenario, Security Gateway may crash when sending log from FW instance with IPv6 packet.
PRJ-2108 Security Gateway Issue with categorization of HTTPS sites over IPv6.
PRJ-2310 Logging Log Exporter filtering feature allows to decide which logs will be exported based on values from the various fields on the raw log. 
SL-2002,
PRJ-1239
Logging Running views or reports that contain the attack / attack_info fields may fail or not be completed.
PRHF-3831,
PRJ-2677
Logging In a rare scenario, the accounting of bytes in a report is not accurate.
SL-1052,
PRJ-1275
Logging In a rare scenario, when an environment has many gateways (dozens), FWM on the log server might crash when reaching to 4 GB memory.
PMTR-37425,
PRJ-1401
Gaia OS Backup task fails if SmartConsole is open during backup.
PRJ-2173,
PRHF-5189
Gaia OS Many "fwldbcast_new: too many hosts : 0" kernel messages appear in /var/log/messages file. Refer to sk153253.
PRJ-181 Gaia OS Jumbo installation block on ISO from sk100566
PMTR-35299,
PRJ-624
Gaia OS Enable the user to use CLISH commands related to LOM at (Smart-1 3150).
PRJ-2464 Gaia OS Adding 6800 appliance picture to WebUI.
PRHF-4394,
PRJ-2651
ClusterXL

In a rare scenario, crash on Active member when accessing Standby member via IPv6. Refer to sk159635.

PRHF-4105,
PRJ-2146
ClusterXL  In a rare scenario, the fw_workers process consumes high CPU on the Standby member of a ClusterXL. Refer to sk156333.
PRJ-2152,
PRJ-2551
ClusterXL The message "fwlddist_debug_update_op: resetting to avoid overflow" should be printed only in debug mode since it's not an error.
PRHF-4193,
PRJ-2396
CoreXL "fwmutlik_do_sequence_accounting_on_entry: bad dir" errors are mistakenly printed in dmesg output. Refer to sk158312.
GAIA-4153,
PRJ-415
SecureXL Debug for the adp module in host Performance Pack does not work.
PRJ-630,
PRHF-5533
SecureXL In some scenarios, latency is observed on the Security gateway when SecureXL is enabled. Refer to sk162914
GAIA-4855,
PRJ-897
SecureXL When IPS is enabled on VS connected to VR, HTTP traffic is not passing out of the internal Host.
PRJ-1176 SecureXL Added sim module parameter "sim_anti_spoofing_enabled" to allow disable of anti-spoofing in Performance Pack without installing new Firewall policy.
PRJ-1300,
PRJ-1299
SecureXL In a rare scenario, multicast routing lookup may lead to SIM crash.
PRHF-4430,
PRJ-2752
SecureXL In some scenarios, TCP syn-ack packets are dropped when server is behind a hide NAT rule on a VPN interface.
PRJ-1848 SecureXL Host destination entries memory leaking when neighbor entry is incomplete state.
PMTR-37165,
PRJ-1217
SecureXL In some scenarios, multicast traffic is not forwarded across bridge interfaces.
PRJ-579 Endpoint Management R80.20 JHF failed to install when using Anti-Malware E2 engine for signatures update.
PRJ-1419,
GAIA-5136
VPN In some scenarios, VPN Encryption Domain Routes are not added to kernel via RIM in VSX environment. Refer to sk154692.
CRYPT-210,
PRJ-2954
VPN After running "cpca_client re_sign_ca" and "mcc replace", SmartConsole shows the same Internal CA certificate.
GAIA-5338,
PRJ-1386
VPN In some scenarios with acceleration enabled, traffic through VR for a VPN setup does not pass.
R80.20 Jumbo HotFix - General Availability Take 91 (10 July 2019, GA from 20 August 2019)
PRJ-645,
PRJ-601
Security Management Added ability for R80.20 Security Management or Multi-Domain Server to manage R80.30 Security gateway. Refer to sk149272.
  • This fix requires R80.20 SmartConsole Build 055 to be installed. 
PRJ-2301,
GAIA-3984
SmartConsole Added support for 16000 and 26000 appliances.
  • This fix requires R80.20 SmartConsole Build 055 to be installed.
PRJ-2820,
PMTR-39191
Gaia OS While unplugging one of the Power supply cables on Smart-1 5150/5050/525 appliances a false 'No Read' message appears for ~5 seconds in both PSUs statuses (instead of Present/Input Lost/Absence). 
R80.20 Jumbo HotFix - General Availability Take 87 (26 June 2019, GA from 09 July 2019)
PRJ-1603,
PMTR-37581
Security Management CPUSE Upgrade of Multi-Domain Server is stuck indefinitely when more than one Leading VIP interface is defined.
PRJ-1168,
PMTR-33784,
PMTR-36843
Multi-Domain Management After upgrade of Multi-Domain Server from R77.x to R80.20, some of the validation incidents might not have a link to the relevant object.
PRJ-845,
PMTR-36840
Multi-Domain Management Improved duration of Multi-Domain Server upgrade from R80.10.
PRJ-1786,
PMTR-37945
SmartConsole In a rare scenario, when using "add-threat-exception" API command to empty rulebase, it fails with the "Runtime error: Index: -1, Size: 0" error.
PRJ-1478,
PRHF-2632
Logging In some scenarios, logs for a specific Management server or Domain are not displayed. Refer to sk135213.
PRJ-1553,
PMTR-31315
Logging
  • In some scenarios with low disk space and customized retention configuration, logs and indexes may be deleted contrary to the configuration.
  • In some cases, logs are not forwarded when log forwarding in enabled on a Log server machine.
PRJ-2374 Gaia OS CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479: TCP SACK PANIC - Linux Kernel vulnerabilities. Refer to sk156192.
PRJ-1867,
PRJ-1677,
PMTR-37999
Gaia OS Clish command "show system init-services" and Expert command "service --status-all" run "mdsstart" on the server.
PRJ-766,
PMTR-36031,
MBS-6878
CoreXL  In a rare scenario, Security gateway may freeze when "Drop Templates" or "DOS rate" feature is enabled.
R80.20 Jumbo HotFix - Ongoing Take 80 (27 May 2019)
PRJ-96,
PRHF-2762
Security Management In some scenarios, the postgres.elg file grows and fills up the disk space. Refer to sk143852
PMTR-34832,
CPM-2137
Security Management In a rare scenario, policy installation from a previous revision fails with "Internal error".
PMTR-27539,
PMTR-27797
Multi-Domain Management False message "peer <name> failed to synchronized me" appears in Multi-Domain Servеr HA window although machines are successfully synced. Refer to sk151392.
PMTR-35703,
PRHF-3127
SmartConsole "Legacy URL Filtering not supported" error pops up when installing policy.. Refer to sk110116.
PMTR-25295,
PMTR-14661
SmartConsole "SessionInWorkLoginException" error when using the API "discard" to discard a connected session other than the current session. Refer to sk142534.
PMTR-30862,
PRHF-2252
SmartConsole "Get Gateway Data" returns "Execution error" for cluster object in SmartUpdate.
PMTR-29658,
VPNRA-189
SmartView Monitor In some scenarios, SNX client is not seen in SmartView Monitor tracking page after connecting to the Security gateway.
PMTR-33424,
SL-1997
SmartView Monitor SmartView Time filter does not work correctly if the server Time Zone is different than the client Time Zone.
PMTR-32677,
PMTR-31278
Security Gateway Connectivity issues on some HTTPS sites (as login pages) when Security gateway is configured as proxy. Refer to sk147878
PMTR-34742,
PMTR-34543
Security Gateway OpenSSL is vulnerable to Padding Oracle Timing / Side Channel Attack.
PMTR-35948,
PMTR-34489
Security Gateway Security gateway crashes in a certain rare scenario.
PMTR-33337,
PMTR-33143
Security Gateway In a rare scenario, setting interface topology to "Network defined by routes" causes policy installation failures or traffic drops.
PRJ-378,
PMTR-31289,
PMTR-26959
Security Gateway In some scenarios, Security Gateway drops ICMP traffic with "fw_conn_post_inspect Reason: First server side outbound packet is an ICMP" message. 
PMTR-34114,
PMTR-32168
Logging In a rare scenario, Security gateway starts to log locally even if logs are sent to backup server.
PRJ-833,
PRJ-748
Logging In a rare scenario, cannot open new tab in SmartView after exporting data using a relative time filter.
PMTR-34126,
PMTR-31493
Logging In some scenarios, a Domain picker is displayed when logging in to the SmartView web application on a dedicated SmartEvent server.
PMTR-34878,
PRJ-69,
PRJ-105
Threat Emulation Management Server upgrade from R80.10 to R80.20 fails in these scenarios:
  • There are Threat Emulation settings, which remained from Security Gateway objects that were already removed.
  • There are Threat Emulation settings, which are configured in the cluster member objects and not in the cluster object.
Refer to sk150793.
PMTR-31036,
IDA-1689
Identity Awareness In some scenarios during Identity Agent or Terminal Server Agent IP change, PEP database becomes corrupted.
PMTR-35095,
MB-30
ClusterXL New validation added: Starting from R80.20, ClusterXL does not support Load Sharing mode. SmartConsole blocks such configuration with a warning message.
PMTR-33209,
PMTR-30582
ClusterXL Unable to access ClusterXL Standby members over an IPSec tunnel or when the connections are routed through the Active member. Refer to sk147493.
PMTR-32708,
PMTR-33852
SecureXL Security gateway forwards re-transmitted TCP reset packets although fw_disable_rst_replay property is enabled.
PMTR-34750,
PMTR-32605
VPN After a Multi-Domain Management Server upgrade, if there are more than 1 certificate for internal_ca, it may cause a connectivity loss when using Global VPN Community. Refer to sk147836
PMTR-33335,
MBS-5210,
PRHF-3647
VSX In a rare scenario, VSX reboots when running with 40G NICs. 
PMTR-35083,
PMTR-26556,
PMTR-30291
CPView In some scenarios, the CPView tool does not display any sensor information under the "Hardware Health" tab.
PMTR-33418,
PRJ-292,
PRJ-3535
CoreXL In a rare scenario, Security gateway freezes when Priority Queue is enabled.
Refer to sk149413.
R80.20 Jumbo HotFix - Ongoing Take 74 (14 April 2019)
PMTR-36350,
PRJ-503
General Alignment to Mail Transfer Agent Engine Update. Refer to sk123174.
PMTR-26344,
PMTR-26345
SecureXL UDP packets are dropped during policy installation and the following error is displayed: "simi_reorder_enqueue_packet: reached the limit of maximum enqueued packets for conn". Refer to sk148432.
R80.20 Jumbo HotFix - Ongoing Take 73 (08 April 2019)
PMTR-31335 General Added support for 6500 and 6800 appliances. Refer to sk139932.
PMTR-23799 General Added ability to FW Monitor to support monitoring of accelerated traffic by default. Refer to sk30583.
PMTR-29498,
PRHF-1960
Security Management Manual changes in INSPECT files under $FWDIR/lib directory of compatibility packages are not synchronized from active to standby Management servers. Refer to sk143792.
PMTR-29853 Security Management Policy installation fails with "IPv6 addresses domain is not supported for Remote Access VPN community" message when using Domain object in Remote Access encryption domain. Refer to sk142832.
PMTR-29923,
PMTR-28958
Security Management "Error retrieving results" message is displayed in SmartConsole after searching for unused objects in Object Explorer.
PMTR-34653,
PRHF-2891
Security Management After installing R80.20 Jumbo HFA Take 33, newly created users fail to log in into local SmartView WebUI, receiving the "Invalid username and password" error. 
Refer to sk148794.
PMTR-23745,
MCFG-80
Security Management Unjustified validation error is displayed when installing Threat Prevention policy on Cluster object:
"Threat Prevention requires topology to be defined.
At least one internal, one external, and no undefined interfaces are required.
Incorrectly defined topology impacts performance and security.

Please install both Access Control and Threat Prevention policies after fixing the topology."
PMTR-34017,
API-595
SmartConsole Number of sessions in "Changes" list does not match the value of 'total'.
PMTR-31336,
PMTR-12430
SmartConsole When searching in the SmartConsole main search bar for network groups we can see some number of network groups, but the search inside the Logical Server object shows the different number of Logical server objects groups.
PMTR-31641,
MCFG-144
SmartConsole FWM process stops working after repeatedly clicking "Update Corporate Gateways" in SmartConsole.
PMTR-31044 SmartConsole When an administrator publishes session for a different administrator, the name of the administrator that invoked the action will be written in the audit logs as the publisher.
PMTR-31136 Mobile Access Mobile Access Portal Agent installation page is vulnerable for XSS attack in Chrome and Firefox.
PMTR-29243,
PMTR-32515
Security Gateway When routed syslog is enabled, the "show configuration routedsyslog" command does not show any output.
PMTR-33631,
PMTR-24656
Security Gateway In some scenarios, Security Gateway crashes when Priority Queue is enabled. Refer to sk149414.
PMTR-34473,
PMTR-33518
Security Gateway R80.20 bridge with no VLAN configuration may cause connectivity disruptions on VLAN-tagged traffic passing through it.
PMTR-30245,
PMTR-29336,
PRHF-2609
Security Gateway In rare scenarios, Security Gateway crashes during file upload to Google drive when Content Awareness blade is enabled.
PMTR-33140,
PMTR-1479
Security Gateway In a rare scenario, TCP segments of HTTPS payload are missing in Mirror and Decrypt designated interface.
PMTR-33559,
IDA-1793
Security Gateway Users are not matched to access roles with nested LDAP groups or LDAP groups with filter.
Refer to sk148092
PMTR-31049,
IDA-1120
Security Gateway Group update request is sent specifically to the originator LDAP server even if it is down. Refer to sk127833
PMTR-26374,
SWG-1312
Security Gateway Added support for ICAP client working with Symantec DLP ICAP server.
PMTR-27196, PMTR-24606 Security Gateway  Starting from SmartConsole Build 46, added automatic Implied Rule for ICAP Server to allow connectivity with trusted ICAP clients. 
PMTR-31315,
PRHF-2244
Logging In a rare scenario, TCP state information is not displayed in the log despite being enabled in SmartConsole.
PMTR-32876,
PMTR-15708,
PMTR-28005
UserCheck Potential memory leak in rare scenarios when UserCheck is used on HTTP connection.
PMTR-30599 UserCheck When switching from manual expiration date in User Template to "According to global properties", the actual expiration date is not changed.
PMTR-31422 Threat Extraction When configuring scrub_additional_file_types to "all" and enabling block_unsupported_files, file types that have no extension are not stripped.
PMTR-30657 Identity Awareness When X-Forwarded-For (XFF) settings are enabled on one of the policy layers or/and on the Security gateway object, the /var/log/messages file shows errors related to asynchronous identity fetch. Refer to sk145673.
PRHF-523,
PMTR-29857
IPS Some SMTP-related IPS Core Protections remain enabled despite the IPS is disabled.
PMTR-33238,
PMTR-32352
IPS R77.x gateways managed by R80.x Security Management show that IPS blade is enabled while it is disabled on the gateway object.
Refer to sk146592.
PMTR-35032 VPN Important security update for IPSec Site-to-Site (S2S) VPN.
PMTR-31860,
PMTR-31863,
PMTR-21587
VPN Connectivity improvements for certain Windows L2TP client versions. Refer to sk145895.
PMTR-23293,
02031663
Gaia OS The CLISH command "show arp table dynamic all" and Bash command "arp -an" show different entries. Refer to sk112753.
PMTR-32129,
PMTR-26981,
PMTR-26979
Gaia OS Added 'pigz' and 'unpigz' binaries.
PMTR-30225,
GAIA-3093,
PMTR-30226,
02085811
Gaia OS Enhancement: administrators are allowed to use personal, remotely managed password to login to Expert mode, instead of the shared "expert password". 
PMTR-33811,
PMTR-33923
CPView "Connections from templates" property shows incorrect value Network tab ->Traffic-> Templates of CPView.
PMTR-29063,
PMTR-23710
Endpoint "User was not authenticated" errors in Capsule Docs when activating Single Sign-On in the policy.
PMTR-30683,
PMTR-30518
Compliance The grc_conditions3.xml and grc_controls.xml files in R80.20 are overwritten by the files of R80.10 from the Cloud.
R80.20 Jumbo HotFix - General Availability Take 47 (24 February 2019, GA from 25 March 2019)
PMTR-28379,
PMTR-28378
Security Management Added ability to manage Check Point Maestro.
PMTR-32183,
PRHF-2532,
PRHF-2618
Security Management High Availability synchronization fails on Multi-Domain Server level after Domain deletion or after updating licenses or contracts in SmartUpdate. Refer to sk151072.
PMTR-32160 IPS Accelerated HTTP traffic might not be accelerated on an R77.10 Security Gateway managed by a Security Management server.
R80.20 Jumbo HotFix - Ongoing Take 43 (11 February 2019)
PMTR-27655 Security Management Values updated in resourceProfiles files to handle high CPU utilization for "Java" process (described in sk123417) are not resistant and get overridden after Jumbo Hotfix Accumulator installation or backup/restore or export/import procedures.
PMTR-28644,
PMTR-28557
Security Management Running the fwm sic_reset command from CMA fails with "reset_objects: updateMultiple failed". Refer to sk142512.
PMTR-25816,
PMTR-25793
Security Management Once user performs any change to his configuration, the Compliance blade performs a partial scan and calculates the relevant Best practices. During this scan, exceptions of relevant objects for these Best practices are deleted. Meaning, if previously obj1 was excluded from applying Best practice #1, during partial scan obj1 will be relinked to Best practice #1. 
PMTR-32542,
PMTR-32187
Multi-Domain Management
  • Log servers are not seen in SmartConsole Log Server tab after Advanced Upgrade to Jumbo Hotfix Accumulator Take 33.
  • After new Domain creation, logs from this Domain are not seen in SmartConsole.
PMTR-29670,
PMTR-29604
Multi-Domain Management Upgrade of the Primary Multi-Domain Server from R80.10 fails when its Global Domain is in Standby mode. Refer to sk143892.
PMTR-27321,
PMTR-21282,
PMTR-24274,
PMTR-24249,
PMTR-22245
Multi-Domain Management CPView is not supported on Multi-Domain Security Management environments.
PMTR-29458,
PMTR-26606
SmartConsole "Synchronization with Check Point UserCenter" feature displays "Synchronization with Check Point UserCenter requires a valid license." warning message even though all licenses are valid.
PMTR-23395,
PMTR-29385
SmartConsole If administrator updates his details (e.g. name, phone, email) and tries to publish the session, it fails with "Internal error" message.
  • After Jumbo HFA installation, the session cannot be published or discarded and any further update will fail. Refer to sk144214.
PMTR-25778,
PMTR-25825,
PMTR-25790
SmartConsole When using Global VPN Community with permanent tunnel gateways list (matrix / permanent tunnel gateways), upgrade from R7x fails.
PMTR-26495,
PMTR-26474
SmartConsole "Error: SIC initialization failed because of failure in parsing the certificate file" error when user attempts to log in with certificate to API (mgmt_cli) with password including "!".
API-512,
PMTR-25591
SmartConsole Web API show-package fails if the package was installed on a cluster member which is already deleted. Refer to sk144132
PMTR-25081,
PMTR-25069,
PMTR-24728
SmartConsole Attempt to update Threat Emulation images fails with "Could not send Threat Emulation images update command, validate SIC connectivity and install policy with Threat Emulation enabled for [name]" message.
PMTR-28877,
BS-859
SmartConsole The existing regulation is not updated and appears as "EU Data Privacy" instead of "GDPR".
PMTR-28488,
DO-902
Security Gateway Traffic is dropped when using non-FQDN Domain object in Security policy. 
PMTR-28593,
PMTR-25909
Security Gateway Added support for NAT on payload of H323 packets when different IP addresses are used for payload and control.
PMTR-28197,
PMTR-27742
Security Gateway No service enforcement when creating "Other services" without match expression for TCP, UDP or SCTP.
PMTR-27663,
PMTR-28320,
PMTR-24802
Threat Emulation Added ability to update Threat Emulation file types in an offline environment.
PMTR-26022,
PMTR-25770
HTTPS Inspection When HTTPS Inspection is enabled and "Hide X-Forwarded-For in outgoing traffic" option is selected, the XFF header is not obfuscated on HTTPs traffic.
PMTR-27367,
IDA-1609
Identity Awareness In some scenarios, Identity Agent fails to authenticate using Kerberos SSO due to very large Kerberos ticket and the agent fallback to User/Password authentication. 
PMTR-28368,
PMTR-28140
Anti-Malware During upgrade, if Anti-Virus is enabled, all emails are stuck in MTA queue due to missing certificate.
PMTR-30218,
TPM-1378
IPS The "A general error has occurred" message is displayed when trying to change the IPS protection configuration in "MySQL -> General settings".
PMTR-30868,
PMTR-30867
Web Intelligence In some scenarios, connectivity issues between Capsule Workspace and Security gateway.
PMTR-27702,
PMTR-20103
Web Intelligence Potential memory leak due to "Out of state" HTTP response.
PMTR-26141,
01967376
SSL Inspection Added support for custom extension used by Apple.
PMTR-30550,
PMTR-29405
Logging Exporting 100K or more logs to Excel from SmartView fails.
PMTR-30609,
PMTR-30608,
PMTR-30607,
PMTR-29589,
PMTR-29583
Logging In rare scenarios, when the Log server miscalculates the available disk space, it may stop receiving logs from the connected gateways and cause the logs to accumulate locally on the Security gateway.
Refer to sk146152.
PMTR-27043,
PMTR-23553
Logging After two or more upgrades of a Security gateway / Security Management server / Log server or SmartEvent server, log maintenance fails to delete logs from older version. 
PMTR-26706,
PMTR-26696
Logging After Daylight saving time change, the logs from the time of change until the end of the day are not indexed and the "Illegal instant due to time zone offset transition (daylight savings time 'gap')" error is displayed in solr.elg file. 
PMTR-28160,
PMTR-23550
Logging After upgrade from R80.x to R80.20 GA, the pre-upgrade logs data will not be deleted according to the logs retention policy. 
PMTR-22357,
SL-1600
Logging In rare scenarios, due to a connection attempt failure to the Security Management, the Security gateway starts logging locally.
PMTR-29044,
SL-1538
Logging When Security gateway is configured to send alerts only to a specific Log server, logs may be written locally on the gateway instead to be sent to the Log server. 
PMTR-26040,
PMTR-25672,
PMTR-28925
Logging Added Threat Emulation forensic report in SmartView Log card.
PMTR-29233,
PMTR-22839,
02535956
SecureXL Memory consumption on Security Gateway increases after enabling NetFlow v9 in Gaia OS. Refer to sk118719.
PMTR-30162,
PMTR-22869,
PMTR-30163
SecureXL Concurrent connections monitoring can become inaccurate when "fw samp quota" rules are changed.
PMTR-27529,
MBS-4134
SecureXL In rare scenarios, Security gateway crashes when penalty checkbox is selected.
PMTR-29118,
PMTR-17539,
PMTR-27741
SecureXL In some scenarios, large number of incorrectly classified "simlinux_br_port: dev == NULL !!!" debug messages appear in kernel message logs.
PMTR-28120,
GAIA-3349
SecureXL In some scenarios, HTTP requests do not pass when SecureXL is enabled. 
PMTR-28084,
PMTR-27895
ClusterXL In some scenarios, standby cluster member sends PIM Hello packets.
PMTR-29200,
PMTR-28139,
VSX-1928
VSX In some scenarios, the cpd and fw_full processes stop working when the TDERROR debug flag is enabled.
PMTR-28022,
VSX-1895
VSX Traffic from a Virtual System in VSX Cluster to Security Management Server is dropped with "Local interface address spoofing" log.
Refer to sk110473
PMTR-23158,
PMTR-26453,
PMTR-26095
GAIA-3010
Gaia OS CVE-2018-15473: Username enumeration is possible due to a premature bail-out while dealing with a malformed packet. The issue exists in several authentication protocols. 
PMTR-28381,
PRHF-1502,
PMTR-28899
Gaia OS When using conv2db to recreate Gaia database from /config/active, comments are not skipped and the new database file may contain irrelevant information. Refer to sk139832.
Note: the issue is cosmetic only. 
PMTR-28798,
PMTR-28822,
PMTR-12070,
01515638
Gaia OS SNMPD process fails to send Coldstart on reboot. Coldstart is configured by threshold that can be too short comparing to the OS boot time.
PMTR-28277,
GAIA-2493
Gaia OS Connectivity problem for 10 Gigabit fiber network interfaces (be2net driver) after upgrade from R77.30. 
PMTR-28041,
PMTR-25332,
GAIA-3471
Gaia OS Added support for "/", "(", and "*" characters as part of the system message banner. 
PMTR-23058,
PMTR-24458,
01579916
Gaia OS syslog messages forwarded to external Syslog server, do not contain the host name.
Refer to sk100727.
PMTR-28303,
02397556,
CP-41
Gaia OS In some scenarios, snmpwalk reports false values of bond interface.  
PMTR-28312,
PMTR-28338,
01906257
Gaia OS In some scenarios, sporadic timeouts occur during snmpwalk run.
PMTR-28834,
PMTR-28836,
02489137
Gaia OS Different LOM versions are reported in WebUI and Clish.
PMTR-11377,
PMTR-25506
02100804
VPN After Cluster failover, VPN tunnel is down and "Unknown SPI for IPsec packet" log is shown. Refer to sk112339.
PMTR-30425, PMTR-30360 VPN VPN tunnels with 3rd party peers fail because of mismatched IDs. Refer to sk144094
PMTR-25196,
PMTR-31887
VPN In some scenarios, IKE fragmentation is dropped when NAT-T is enforced. Refer to sk143372
R80.20 Jumbo HotFix - General Availability Take 33 (08 January 2019, GA from 04 February 2019)
PMTR-25005,
PMTR-23377
Security Management In some scenarios, purge operation fails with "Task was interrupted because of server restart" message and the CPM process stops working, producing core dump file.
PMTR-28037,
PRHF-1977
Security Management Policy installation fails due to a memory allocation failure. 
PMTR-26802 Security Management When creating a Security Gateway object and click OK, SmartConsole terminates with "The connection with the server was lost...." error. 
PMTR-25488,
PMTR-25218
Security Management When Database is more than 100 objects and searching for the objects in the Objects Explorer and scrolling down, list of items disappears and the results in the bottom-left show "No items found". Refer to sk139793.
PMTR-26386,
PRHF-1656,
PMTR-25184
Security Management Cannot export logs to Excel from SmartView connected to Multi-Domain Log Server.
Refer to sk140433.
PMTR-24555,
PMTR-26219
Security Management  In some scenarios, migrate_export fails when exporting R77.30 database from Windows machine in order to import it to R80.20 on Gaia.
PMTR-26457,
PMTR-17608
Multi-Domain Management When Domain has policies that are in use in some policy installation preset, the attempt to delete this Domain fails with "Error: Unspecified error". 
PMTR-23217,
PMTR-22277
Multi-Domain Management Log in to the primary Multi-Domain Management GUI fails due to HA and logging objects synchronization generating high load.
PMTR-21125 SmartEvent In large-scale environments, log_indexer process may unexpectedly stop working producing 3.5GB core file.
PMTR-23080,
PMTR-26637
SmartConsole HTTPS Inspection rule with mixed Access Role and network object cannot be enforced. 
PMTR-25913 SmartView Added consolidated Threat Prevention dashboard, providing full threat visibility across Networks, Mobile and Endpoints. 
Refer to sk134634.
PMTR-23063,
PMTR-22415
SmartUpdate SmartUpdate hangs on launch due to over 4000+ unattached licenses.
Refer to sk136512.
PMTR-21902,
PMTR-21183
Security Gateway Memory leak in FWD process.
PMTR-29099 Security Gateway Security gateway drops multicast or broadcast packets when working in bridge mode.
PMTR-26564,
PMTR-25323
ClusterXL
  • 3rd party cluster Full-Sync does not run on startup and caused the cluster to be in down state.
  • Dynamic Routing packets are dropped on the cluster member with the lower priority.
PMTR-25290,
PRHF-1556
Threat Prevention In some scenarios, Advanced Upgrade fails with different errors due to NULL pointer exception check. 
PMTR-25286,
PMTR-25287,
PMTR-25106
Identity Awareness

User's access to a network resource may fail in the following scenario: 

  • Access to a network resource is through an Identity Awareness Gateway (configured as PEP)
  • In SmartConsole, the Identity Awareness Gateway object is configured with "Identity Awareness -> Identity Sharing -> Get identities from other gateways -> All sharing gateways"
  • The sharing Identity Awareness Gateway (configured as PDP) that shares identities with the affected Identity Awareness Gateway (configured as PEP), opens an identity sharing connection not from its main IP address
Refer to Scenario 1 in sk156953.
PMTR-24536,
PRHF-1462
Identity Awareness Identity sharing does not work for non-HTTP traffic when XFF is enabled only on the layer and not on the Security gateway.
PMTR-25193,
IDA-1396
Identity Awareness Identity sharing fails when XFF is enabled and remote PDP does not respond.
PMTR-26589,
IDA-1604
Identity Awareness In some scenarios, Terminal Servers Identity Agent (MUH Agent) session Access Role is missing on PDP but exists on PEP, causing next PEP to PDP sync to be removed from PEP and thus the accessibility loss. 
PMTR-25100,
IDA-1226
Identity Awareness Improved error handing when Identity Sharing is used and remote PDP server does not respond due to prolong outage.
Refer to sk141152.
PMTR-22758,
PMTR-22632
Identity Awareness In rare scenarios, PDP crashes after generating traffic for a long time.
PMTR-26173,
PMTR-26171
SSL Inspection Change SSL Network Extender on MacOS to 64-bit architecture to support 32 bit apps depreciation in OSX.
PMTR-24797 SSL Inspection HTTPS traffic is inspected when it is configured to be bypassed: when HTTPS Inspection is enabled and probe bypass is 0.
Refer to sk132913.
PMTR-23567,
PMTR-23317
Logging A Domain administrator connected to a specific Domain in Multi-Domain environment cannot see suggestions when typing in logs search box. 
PMTR-29010,
SL-1878
Logging After configuring mail alerts to be sent using "internal_sendmail" script, emails from Check Point server arrive with blank email body. Refer to sk142492.
PMTR-23288,
PMTR-19838
Gaia OS After adding the RBA roles Gaia commands (add rba role TACP-0 virtual-system-access all), the lines are missing from the "show configuration" command output, but the values can be seen in Expert mode (/config/active). Refer to sk119394.
PMTR-24810,
PMTR-24803
Gaia OS Security Management / Multi-Domain Management server OS backup fails due to package compression errors. Refer to sk121212.
PMTR-24293,
VSECC-785
CloudGuard Attempt to install central license on CloudGuard gateway fails with "not vSec product" error.
PMTR-24166,
PMTR-23917
SecureXL The Anti-Spoofing policy is not unloaded by running the "fw unloadlocal" command.
PMTR-25207 SecureXL "sume_from_fw_forward: dropping packet of for vsid=0 due to loop prevention" dmesg errors during policy installation failure. 
R80.20 Jumbo HotFix - General Availability Take 17 (04 December 2018, GA from 08 January 2019)
PMTR-24006,
PMTR-22022
Security Management Remote Access users configured with Pre-Shared Secret Key (PSK) cannot connect after upgrade from R77.x.
PMTR-23394,
PRHF-1450
Security Management Policy installation fails with "Policy installation had failed due to an internal error" message when Security gateway has more than hundred interfaces.
Refer to sk138592.
PRHF-734,
PMTR-11728
Security Management In rare scenarios, the CPM service does not start on machine startup. 
PMTR-20174,
01619796
Security Gateway Security gateway does not load policy after reboot when number of SAM rules reaches its limit of 25000. Refer to sk110560.
PMTR-22110,
02661309,
02662730
Security Gateway DNS NAT does not work when the DNS parser encounters an IPv6 record in DNS servers answer. Refer to sk121346.
PMTR-14588,
PMTR-22784,
02768662,
02769044
Security Gateway Security gateway with Dynamic NAT enabled, is rebooted after running "cpstop".
PMTR-20144,
IDA-1176,
PRHF-721
Identity Awareness Update with "-" machine name from the Domain Controller causes the Identity Collector to create un-authenticated sessions on the PDP.
PMTR-22826,
VSECC-734
CloudGuard Controller CloudGuard Controller Data Center objects are not enforced on Multi-Domain Security Management.
Refer to sk139372.
PMTR-24762,
PMTR-19431
SecureXL Drops from link collisions in PPAK due to Dynamic port allocation ("db_save_conn: failed to save conn <>, collision(-2)").
PMTR-23850,
PMTR-22080
ClusterXL When upgrading a VRRP cluster to R80.20 with Connectivity Upgrade (CU), CU fails due to the member not being in READY state. 
PMTR-23382,
IDA-982
VPN User cannot connect to a VPN site that belongs to a group that has a special character in its name. Refer to sk124514
PMTR-20038,
PMTR-22373
Gaia OS "/opt/CPInstLog/uninstall_SecurePlatform_R80_10_JHF_PLATO:Uninstallation failed!" error during uninstallation of Jumbo Hotfix Take on Smart-1 device. Newer version of RPMs remain installed after uninstall.
R80.20 Jumbo HotFix - General Availability Take 10 (01 November 2018, GA from 22 November 2018)
PMTR-22164 Security Management When using Global Dynamic Network objects, creating a new policy package in a local Domain fails with 'Internal error' if it is assigned to the Global Domain. 
PRHF-755,
PRHF-495,
PMTR-16967,
PMTR-16968
Multi-Domain Management Domain deleting fails with "Delete Domain failed: Error: Unspecified error". 
PMTR-22800,
PMTR-24139
Endpoint Security In some scenarios, assignment to Virtual Group does not apply properly. 
PMTR-22405 Security Gateway In rare scenario, when configured as a proxy/ICAP client, a Security gateway may crash when using HTTPS Policy Categorization.
PMTR-21081,
UP-251
Security Gateway A large number of Time objects used in the rule base may cause rulebase matching failures resulting in connectivity issues.
PMTR-22320,
PRHF-903
Security Gateway ISP redundancy OID is missing from the MIB file. 
SL-1594,
PRHF-1268,
PMTR-22564
Logging In rare scenarios, monitoring information (such as licensing information, CPU usage, etc.) displayed in SmartConsole and SmartView Monitor is not updated. 
Refer to sk137092.
PMTR-23183,
SL-1654
Logging Added new format for Log Exporter to support "Check Point App for Splunk"
PMTR-23418,
PMTR-23417
Logging In some scenarios, the Logs & Monitor -> Logs section in SmartConsole is stucked on searching. Refer to sk144313

 

Installation instructions

Procedure:

  • Show / Hide instructions for installation in Gaia Portal - using CPUSE (Check Point Update Service Engine)

    • Offline installation

      Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").

      1. Install the latest build of CPUSE Agent from sk92449.
      2. Connect to the Gaia Portal on your Check Point machine and navigate to Upgrades (CPUSE) section - click on Status and Actions.
      3. In the upper right corner, click on the Import Package button.
      4. In the Import Package window, click on Browse... - select the CPUSE package (either offline TGZ file, or exported TAR file) - click on Import.
      5. Above the list of all software packages, click on the Showing Recommended packages button - select All.
      6. Select the imported package Check Point R80.20 Jumbo hotfix T<number> for sk137592 - click on More button on the toolbar - click on Verifier (or right-click on the package and click on Verifier).
      7. Select this package and click on Install Update button on the toolbar.


  • Show / Hide instructions for installation in Gaia Clish - using CPUSE (Check Point Update Service Engine)

    For detailed installation instructions, refer to CPUSE - Gaia Software Updates (including Gaia Software Updates Agent) - section "(4) How to work with CPUSE".

    • Offline installation

      Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").

      1. Install the latest build of CPUSE Agent from sk92449.
      2. Connect to command line on target Gaia OS.
      3. Log in to Clish.
      4. Acquire the lock over Gaia configuration database:
        HostName:0> lock database override
      5. Import the package from the hard disk:
        HostName:0> installer import local <Full_Path>/<Package_File_Name>.TGZ_or_TAR
      6. Show the imported packages:
        Note: Refer to the top section "Hotfixes" - refer to "Check Point R80.20 Jumbo hotfix T<number> for sk137592"
        HostName:0> show installer packages imported
      7. Verify that this R80 Jumbo Hotfix Accumulator package can be installed without conflicts:
        HostName:0> installer verify <Package_Number>
      8. Install the imported package:
        HostName:0> installer install <Package_Number>

 

Uninstall instructions

Important Note: This Jumbo Hotfix Accumulator removes all its packages during uninstall.

    Procedure:

     

     

    List of upcoming resolved issues

    The below issues are planned to be addressed in our future Jumbo Hotfix Takes. The list is not final and might be changed.

    ID Product Description
    PRJ-8806,
    PMTR-48604
    Diagnostics SmartView Monitor might not show a match on accelerated QoS traffic. All or part of the traffic might be matched on "No Match". 
    PRJ-9470,
    PRJ-9461
    Security Management NEW: Added ability for R80.20 Security Management or Multi-Domain Server to manage R80.40 Security gateway. Refer to sk164652.
    • Requires R80.20 SmartConsole Build 114 (or higher).
    PRJ-9777,
    PRJ-8605
    Security Management NEW: Added ability to search in the Management Server by adding asterisk before any sequence of characters. For more information, refer to sk164873.
    • Requires R80.20 SmartConsole Build 114 (or higher).
    PRJ-8866,
    PMTR-39066
    Security Management NEW: Java JRE version was updated from 8.5_0.21 to 8.5_0.35.
    PRJ-8643,
    CPM-2623
    Security Management NEW: Performance enhancements while the Management Server is under high load.
    PRJ-6703,
    PMTR-44004
    Security Management In a rare scenario, when viewing the Layer History, some revisions not relevant to the selected Layer might be shown.
    PRJ-7469,
    CPM-1745
    Security Management Global policy reassignment might fail after a rulebase is deleted in the Global Domain.
    PRJ-7783,
    PMTR-46434
    Security Management In some scenarios, HA synchronization in the Global Domain fails with the "Failed to sync peer - Global Domain is incompatible with the Domains." error.
    PRJ-9213,
    PRHF-8370
    Security Management Logging into SmartConsole to the Standby Management Server with a Radius or TACACS user might fail after changing the shared secret on the Radius or TACACS object. 
    PRJ-9088,
    PRHF-8266
    Security Management In a rare scenario, when an environment has many Gateways (dozens), the FWM daemon might stop working when 4 GB of memory is reached. Refer to sk165015.
    PRJ-8229,
    PRHF-7728
    Security Management The "Unused Objects" filter in Object Explorer might display a failure message if there are more than 20000 unused objects.
    • A limit was added so that only the first 5000 objects will be displayed.
    PRJ-7818,
    PRHF-4644
    Security Management In some scenarios, SmartView Monitor unexpectedly terminates when the user selects the Specific QoS Rules option in Top QoS Rules. 
    PRJ-7886,
    PMTR-46703
    Security Management In some scenarios, when the user modifies a policy rule and creates a section above it in the same session, the log tracker shows that the rule was created instead of modified.
    PRJ-5793,
    PMTR-40790
    Security Management In some scenarios, after the user manually performs "Full Sync", a newly created secondary Domain Server or Domain Log Server is not shown in SmartConsole's Domains view.
    PRJ-9298,
    PRHF-8336
    Security Management In a rare scenario, the "SmartDashboard component failed to connect to server <IP address>. Please contact technical support" error is displayed in SmartConsole when opening the Management object for editing.
    PRJ-9321,
    PRHF-8494
    Security Management In some scenarios, a disconnected SmartView Monitor session appears in SmartConsole with a grayed out 'Disconnect' option, which cannot be discarded. Refer to sk165037
    PRJ-8864,
    PMTR-48673
    Security Management When an administrator fails to publish another administrator’s session, the session of the other administrator disappears from the Sessions view in SmartConsole.
    PRJ-9085 Security Management In some scenarios, Management HA synchronization fails with “Failed to export data” error after an advanced upgrade from R77.x to R80.20 Jumbo Hotfix Take 103.
    PRJ-7456,
    PRHF-7167
    Security Management In some scenarios, upgrade fails with the "Satellite object of type GatewayAggregator not found for core object" message in cpm.elg file.
    PRJ-9278,
    PMTR-48463
    Multi-Domain Management NEW: Performance improvement for Multi-Domain environments in which many administrators are connected.
    PRJ-10529,
    PRHF-8581
    Multi-Domain Management The mds_import.sh script might fail if the IPS version for a Domain/CMA does not exist on the R80.x Multi-Domain Management Server.
    PRJ-10525,
    PRHF-8686
    Multi-Domain Management Upgrade of Multi-Domain Server might fail if Sync With User Center is running.
    PRJ-9697,
    PRHF-8593
    Multi-Domain Management MLM might open a connection to the reversed IP address of the Multi-Domain Server.
    PRJ-10036,
    PMTR-27672
    Multi-Domain Management In some scenarios, CPUSE and advanced Multi-Domain Management upgrade are stuck at "Upgrading products: 58%". Refer to sk146933
    PRJ-6984,
    PMTR-44593
    Multi-Domain Management In some scenarios, there might be high Solr CPU on Multi-Domain Management Servers with dozens of Domains. 
    PRJ-9239,
    PRHF-8077
    Multi-Domain Management In some scenarios, secondary MDS or MLM fail to renew a management certificate. Refer to sk164732.
    PRJ-5742 SmartConsole NEW: LDAP advanced query now supports ANR filtering.
    PRJ-732,
    PRHF-3128
    SmartConsole "An internal error has occurred. (Code: 0x8003001D, Could not access file for write operation)" error is displayed when editing IKE PSK on “External User Profile” objects using Legacy SmartDashboard. Refer to Scenario 2 in sk119973.
    PRJ-4102,
    PRHF-2388
    SmartConsole In "Top services" view of SmartView Monitor, "cp_tcp_A936BBAC_EBC3_4F18_B3CC_A63365F07477*" service is displayed instead of "https" service. Refer to sk146052.
    PRJ-9550,
    PRJ-9544
    SmartConsole When the user invokes the 'show-access-layer' API command, the parent layer might be missing from the output result.  
    PRJ-8700,
    PRHF-7991
    SmartConsole The shared secret's edit button might be grayed out.
    PRJ-9464,
    PMTR-49817
    SmartConsole In some scenarios, when the user attempts to delete a Gateway / Cluster member, an error message might appear and the operation might not complete successfully. 
    PRJ-72,
    PRJ-71
    SmartConsole Objects of Unused Access Roles are not visible in the Object Explorer. Refer to sk151896.  
    PRJ-1448,
    PRHF-3822
    SmartConsole In some scenarios, the api.elg log is flooded with the the "Returning default standard reply class" message. 
    PRJ-9291,
    PMTR-49566
    SmartConsole NEW: Enhancement: Two new flags were added for the performance improvement of Threat Protection API commands: 'show-profiles' and 'show-ips-additional-properties'. The default value for both flags is false.
    PRJ-9078,
    API-864
    SmartConsole In some scenarios, the Management Server might stop working following authenticated API commands to create or update objects with extremely long comments.
    PRJ-8133,
    PMTR-45751
    SmartEvent "The process <process-name> which is monitored by watchdog restarted more than once in the last half an hour" error might appear in the SmartEvent GUI status window even though the process has been up for more than 30 minutes.
    PRJ-7496,
    PRHF-7101
    SmartEvent When using SmartEvent automatic reactions, *.MHT files in $RTDIR/tmp directory are not cleaned up in case of email sending failure.
    PRJ-4328,
    SE-331
    SmartEvent In some scenarios, automatic reactions in SmartEvent are sent with the "Destination address" field containing the resolved country name instead of the raw IP value. Refer to sk146992.
    PRJ-433,
    PRHF-2797
    SmartEvent In SmartEvent, when the user customizes an event to accumulate logs by the field UUID, logs with UUID equal to 0 might not be correlated.
    PRJ-8016,
    PMTR-46682
    SmartView SmartView might show wrong time in tables and graphs for clients located in Brazil.
    PRJ-3476,
    PRHF-4624
    Security Gateway In a topology in which Client and Server are connected to the Security Gateway using two different interfaces each, for example:

    Client -- eth1 <Gateway> eth2 -- Server
    Client -- eth3 <Gateway> eth4 -- Server

    The response packets from Server to Client might be incorrectly routed back to the Server because of an incorrect route cache in the Security Gateway (medium path).
    PRJ-8648,
    PMTR-41512
    Security Gateway In a rare scenario, ICAP client requires manual steps to activate RESP mode after running cpstop ; cpstart.
    PRJ-10565 Security Gateway In some scenarios, wrong service name appears in SmartConsole logs.
    PRJ-4091,
    PMTR-35130
    Security Gateway Using spaces in the $FWDIR/boot/modules/fwkern.conf file might cause long reboot time.
    PRJ-8354,
    PRJ-8351
    Security Gateway Improved the ICAP client connectivity when using Trickling mode 3 in settings.
    PRJ-9119,
    PRJ-8907
    Security Gateway Connections might be dropped when "keep all connections" is configured during policy installation.
    PRJ-8615,
    PMTR-46465 
    Security Gateway "uc_log_suppression_set_entry: Failed storing log data in log suppression table" error might appear in /var/log/messages file.
    PRJ-9050,
    PRHF-8288
    Security Gateway Global connections might not be freed correctly when the Gateway acts as a Proxy.
    PRJ-9416 Security Gateway Added logs for packets that include invalid TCP options. This feature is off by default.
    PRJ-8882,
    PRHF-7048
    Security Gateway In a rare scenario, Security gateway may crash when activating a web parsing debug.
    PRJ-8552,
    PRJ-8548
    Logging NEW: Log Exporter feature exports log attachment identifiers and adds the ability to fetch them through the Management API command.
    PRJ-6024,
    PRHF-4951
    Logging When restarting the FWD process on the Log server, the syslogd process (syslog daemon), might stop working.
    PRJ-1651,
    SL-1901
    Logging The SOLR process, running on the log server (and indexing logging data), supports communication using protocols lower than TLSv1.2.
    PRJ-5573,
    PRHF-6592
    Logging When a Log Server is configured to parse Syslog messages, the field "User" might be truncated in the parsed log in the Log Details view if the field contains underscore.
    PRJ-5899,
    PRHF-6120
    Logging It is not possible to query the "file_name" field on a Log server that does not have the SmartEvent activated.
    PRJ-8495,
    PRHF-7875
    Logging In SmartView, when the user exports logs to CSV using the "visible columns" option, the following fields might be missing from the CSV file: Resource, Application Risk, Application Name, and Application Category. 
    PRJ-3653,
    PRHF-4654
    Logging SmartEvent might not correlate certain Anti-Virus logs.
    PRJ-5649,
    PRHF-6080
    Logging In some scenarios, when the user creates a table widget in SmartView, there is no option to add the “hostname” field. Refer to sk162752
    PRJ-7924,
    PMTR-42913
    Logging Following changes in correlation unit settings, new logs may not be read by SmartEvent until the log_indexer process is restarted.
    PRJ-4447,
    PMTR-39444
    Logging In SmartView, drilling down from the timeline widget to logs, may show less logs than expected.
    PRJ-6189, PRHF-6325 Logging Widgets inside SmartView's "Views and Reports" might result in "Query Failed" messages when filtered by the "Log Server Origin" field.
    PRJ-2794,
    IPS-682
    IPS In some scenarios, the interface name is not displayed correctly in the IPS log.
    PRJ-9487,
    PMTR-46123
    IPS After an upgrade, policy installation might not update the IPS version on the gateway if the "IPS scheduled update" option was changed before the upgrade.
    PRJ-9448,
    PRHF-8530
    IPS,
    VSX
    In some scenarios, SmartConsole shows "No license" and "Contract is expired" for IPS blade in VSX. Refer to sk164917.
    PRJ-5021,
    PRHF-5528
    DLP The DLP engine might incorrectly process the file if the file name is missing in the connection header.
    PRJ-7422,
    PMTR-44671
    Infrastructure In some scenarios, Anti-Bot\Anti-Virus\IPS\Threat Emulation blade update fails with "Curl error code 56".
    PRJ-9495,
    PRHF-4033
    Identity Awareness Policy installation process has been improved.
    PRJ-10223,
    PMTR-39175
    Identity Awareness In a rare scenario, there is a memory leak in the IDA daemon pepd. 
    PRJ-9392,
    PMTR-49565
    Identity Awareness NEW: Performance improvement in the automatic LDAP group update feature.
    PRJ-7506, PRHF-5184 Identity Awareness When the Identity Awareness blade is enabled, a memory leak may appear in LDAP sessions.
    PRJ-6074,
    PMTR-41138
    Identity Awareness Machine identity for Terminal Server agent is not identified unless Identity Agent is also enabled on the Security Gateway. 
    PRJ-8002,
    PMTR-45649
    Threat Prevention Improvements in HTTP chunked encoding inspection.
    PRJ-7165,
    PMTR-23406
    SSL Inspection NEW: Added support for proxy configuration when downloading CRL from a VSX device. Refer to sk151115.
    PRJ-7921,
    PMTR-46737
    SmartView In the Logs page of the SmartView web application, the "File Name" filter might appear twice in the quick filters pane. 
    PRJ-7723,
    PRHF-7326
    SmartView In SmartView, when filtering a view using special characters in the search bar and exporting to Excel, the file may be generated empty.
    PRJ-10118,
    PRJ-9633
    Compliance In some scenarios, database import on a single Domain machines where the Compliance blade is activated fails, and as a result, the FWM process stops working after the import.
    PRJ-2213,
    PMTR-30347
    VoIP In some scenarios, Cisco VoIP calls are dropped with "SIP Re-Invites exceeded the limit" reject reason. Refer to sk145412
    PRJ-8010,
    PRHF-5809
    ClusterXL In some scenarios, a connectivity issue takes place in ClusterXL environment after a fast "fail over"-"fail back" or a "fail over" on bridge configuration. 
    PRJ-599,
    PMTR-35261
    SecureXL SYN Defender status in CPView sometimes appears as invalid.
    PRJ-602,
    PMTR-36548
    SecureXL In some scenarios, DOS/Rate Limiting configuration is not applied after reboot if no fw samp policy is configured. 
    PRJ-9670,
    PRHF-5522
    SecureXL In some scenarios, when SecureXL is enabled, it drops the TCP traffic for the particular connection for invalid state reasons. This fix enables the new property per specific gateway. Refer to sk147093.
    PRJ-8760,
    PMTR-40390
    SecureXL NEW: Improved performance for multicast traffic after all listeners have been removed for an existing connection.
    PRJ-10619 SecureXL NEW: Added a new feature to support certain types of asymmetric bridged configurations.
    PRJ-8914,
    PRJ-8890
    SecureXL In some scenarios, multicast packets arrive to the Security gateway in order, but leave out-of-order.
    PRJ-8978,
    PRJ-8977
    SecureXL When PIM-SM multicast routing transitions from RPT to SPT, packets might be dropped or become out-of-order.
    PRJ-8779,
    PRHF-6971
    SecureXL In a rare scenario, DOS/Rate Limiting Logs are not searchable.
    PRJ-6155,
    PRHF-6490
    SecureXL In some scenarios, SecureXL causes an issue in the routing of multicast traffic. 
    PRJ-7500,
    PMTR-34845
    SecureXL In some scenarios, new connection may fail to open if it is reopened with the same source port. Refer to sk164839
    PRJ-6123, 
    PRHF-5797
    SecureXL In some scenarios, DOS/Rate Limiting drops too few (or too many) packets for "concurrent-conns" fw samp rules. Refer to sk112454. 
    PRJ-8488,
    PMTR-48255
    SecureXL In some scenarios, held packets are incorrectly reported to the penalty box.
    PRJ-5904,
    PMTR-43772
    SecureXL In some scenarios, the penalty box violation rate is configured incorrectly. 
    PRJ-7371,
    PMTR-44835
    Gaia OS In some scenarios, the iDRAC (LOM) interface is not pingable.
    PRJ-9350,
    PRHF-8098
    Gaia OS NEW: Added optimization for 40GbE and 25/100GbE cards configured in multiqueue allowing better transmit performance when Hyper-Threading (SMT) is enabled.
    PRJ-7578,
    PMTR-42309
    Gaia OS '#', '=' and '+' characters cannot be used in "Banner" and "Message of the day" features. 
    PRJ-5185,
    PRHF-5617
    Endpoint Security The log description of the "Media Encryption & Port Protection" blade might state that the "Media Storage" is encrypted even though it is not. The details in the log show the correct value. Refer to sk162812
    PRJ-4878,
    PRHF-5471
    VSX Resource Monitor Control may cause segmentation fault when there are more than 64 CPUs. Refer to sk125112.  
    PRJ-5332,
    PMTR-41386
    VPN NEW: Added functionality enhancements for the authentication realms that is used with Remote Access VPN.
    PRJ-8114,
    PMTR-49502
    VPN vpn_trap_multik: - wrong header length 36 != 72” message might appear in  the vpnd.elg when working with multiple users with the same credentials.
    PRJ-8259,
    PMTR-28302
    Endpoint Security In some scenarios, the wrong cipher suite is chosen for RSA certificates in HTTPS portals. Refer to sk164240.

     

    Revision History

    Show / Hide revision history

    Date Description
    24 May 2020 Released Take 156 of R80.20 Jumbo Hotfix Accumulator
    10 May 2020 Added CPUSE offline package for Take 155
    30 Apr 2020 Released Take 155 of R80.20 Jumbo Hotfix Accumulator
    22 Apr 2020  Published List of upcoming resolved issues
    01 Apr 2020
    • Released Take 149 of R80.20 Jumbo Hotfix Accumulator
    • SmartConsole package has been updated to Build 114
    12 Mar 2020 Released Blink images for R80.20 GA Take 117 + Jumbo HF Take 141
    03 Mar 2020
    • Take 141 of R80.20 Jumbo Hotfix Accumulator is now in General Availability
    • Added PRJ-5529 to Take 141
    27 Feb 2020 Published List of upcoming resolved issues
    24 Feb 2020 Added PRJ-6046 to Take 134
    13 Feb 2020 SmartConsole package has been updated to Build 100
    10 Feb 2020 Released Take 138 of R80.20 Jumbo Hotfix Accumulator
    09 Feb 2020 Added PRJ-5250 to Take 117
    02 Feb 2020 Added PRJ-8196 to Take 134
    23 Jan 2020 Released Take 135 of R80.20 Jumbo Hotfix Accumulator
    14 Jan 2020 Released Take 134 of R80.20 Jumbo Hotfix Accumulator
    24 Dec 2019 Published List of upcoming resolved issues
    11 Dec 2019 SmartConsole package has been updated to Build 088
    03 Dec 2019
    • Released Take 127 of R80.20 Jumbo Hotfix Accumulator
    • Released Blink images for R80.20 GA Take 117 + Jumbo HF Take 118
    04 Nov 2019 Take 118 of R80.20 Jumbo Hotfix Accumulator is now in General Availability
    27 Oct 2019 Released Take 118 of R80.20 Jumbo Hotfix Accumulator
    23 Oct 2019
    • SmartConsole package has been updated to Build 081
    • Added PRJ-1969, PRJ-4531, PRJ-3869 and PRJ-777 to Take 117
    13 Oct 2019 Released Take 117 of R80.20 Jumbo Hotfix Accumulator 
    22 Sep 2019 Take 103 of R80.20 Jumbo Hotfix Accumulator is now in General Availability
    09 Sep 2019  Added PRJ-2173 to Take 103
    29 Aug 2019 SmartConsole package has been updated to Build 067
    26 Aug 2019 Released Take 103 of R80.20 Jumbo Hotfix Accumulator
    20 Aug 2019 Take 91 of R80.20 Jumbo Hotfix Accumulator is now in General Availability 
    21 July 2019 Added PRJ-2301 to Take 91
    17 July 2019 Added PMTR-28120, PMTR-30425 and PMTR-25196 to Take 43
    10 July 2019 Released Take 91 of R80.20 Jumbo Hotfix Accumulator
    09 July 2019 Take 87 of R80.20 Jumbo Hotfix Accumulator is now in General Availability
    07 July 2019  Added PMTR-24810 to Take 33
    02 July 2019 Added PMTR-34126 to Take 80
    26 June 2019 Released Take 87 of R80.20 Jumbo Hotfix Accumulator
    13 June 2019
    • SmartConsole package has been updated to Build 053
    • Added PMTR-29010 to Take 33
    • Added PRJ-378 to Take 80
    27 May 2019 Released Take 80 of R80.20 Jumbo Hotfix Accumulator 
    14 Apr 2019 Released Take 74 of R80.20 Jumbo Hotfix Accumulator 
    08 Apr 2019
    • Released Take 73 of R80.20 Jumbo Hotfix Accumulator 
    • SmartConsole package has been updated to Build 046
    25 Mar 2019 Take 47 of R80.20 Jumbo Hotfix Accumulator is now in General Availability 
    19 Feb 2019  Released Take 47 of R80.20 Jumbo Hotfix Accumulator
    11 Feb 2019 Released Take 43 of R80.20 Jumbo Hotfix Accumulator
    04 Feb 2019 Take 33 of R80.20 Jumbo Hotfix Accumulator is now in General Availability
    17 Jan 2019 SmartConsole package has been updated to Build 025
    08 Jan 2019
    • Released Take 33 of R80.20 Jumbo Hotfix Accumulator 
    • Take 17 of R80.20 Jumbo Hotfix Accumulator is now in General Availability
    04 Dec 2018 Released Take 17 of R80.20 Jumbo Hotfix Accumulator 
    22 Nov 2018 Take 10 of R80.20 Jumbo Hotfix Accumulator is now in General Availability
    1 Nov 2018 First release of R80.20 Jumbo Hotfix Accumulator (Take 10)

    Give us Feedback
    Please rate this document
    [1=Worst,5=Best]
    Comment