Jumbo Hotfix Accumulator for R80.20 (R80_20_jumbo

Support Center > Search Results > SecureKnowledge Details

Jumbo Hotfix Accumulator for R80.20 (R80_20_jumbo_hf)

Technical Level

Solution ID	sk137592
Technical Level
Product	All
Version	R80.20
OS	Gaia
Date Created	01-Nov-2018
Last Modified	01-Mar-2021

Solution

Show the Entire Article

Introduction

R80.20 Jumbo Hotfix Accumulator is an accumulation of stability and quality fixes resolving multiple issues in different products.

This Incremental Hotfix and this article are periodically updated with new fixes.

The list below describes each resolved issue and provides the Take number which includes the fix. A resolved issue is included in the Incremental Hotfix starting from the Take number listed in this table (inclusive). In addition, the table includes the date the take was published. List of files replaced by this Jumbo Hotfix Accumulator can be provided upon request by Check Point Support.

The Jumbo Hotfix Accumulator supports these products and configurations: Security Gateway, StandAlone, Security Management Server, Multi-Domain Management Server, Log Server, Multi-Domain Log Server, SmartEvent Server, Endpoint Security Server, VSX and Cluster.

Install this Jumbo Hotfix Accumulator only after you successfully complete the Gaia First Time Configuration Wizard and reboot.
We recommended to install Jumbo Hotfix Accumulator on all R80.20 devices.
Each of the Jumbo Hotfix Accumulator Takes is based on Check Point R80.20.
For CPUSE installation, use the latest Deployment Agent build (refer to sk92449).

Refer to sk98028 - Jumbo Hotfix Accumulator FAQ.

Availability

General Availability Take

Take_188 is the latest R80.20 Jumbo Hotfix Accumulator General Availability release that can be directly downloaded from Check Point Cloud using CPUSE and from this article:

Product	Take	Date	CPUSE offline package	SmartConsole package
Security Gateway / Standalone	Jumbo HF Take_188	08 Dec 2020	(TGZ)	(EXE) Build 121
Security Management	Jumbo HF Take_188	08 Dec 2020	(TGZ)
Blink Image for Security Gateway - Clean Install/Upgrade	R80.20 GA + Jumbo HF Take_188	28 Dec 2020	(TGZ)
Blink Image for Security Management - Clean Install	R80.20 GA + Jumbo HF Take_188	28 Dec 2020	(TGZ)

Policy installation from Multi-Domain or Security Management server on R77.30 Gateways fails when using R80.20 Management with Jumbo Hotfix Take 173. Issue is resolved in Take 183. To download hotfix on top of Take 173, refer to sk169259.
For Gaia Fast Deployment mechanism "Blink", refer to sk120193.
If the Jumbo Hotfix is installed via the Blink image and you wish to uninstall:
- Use the “Uninstall last Take” option to remove the Jumbo Hotfix Accumulator
- Do not use the "Uninstall completely" option, because it does not return Gaia to the GA state as expected.
Effective February 28th 2021, SmartConsole package has been updated to Build 121.

Ongoing Take

Product Take Date CPUSE offline package SmartConsole package

Security Gateway / Standalone Jumbo HF Take_190 28 Feb 2021 (TGZ) (EXE)
Build 121

Security Management (TGZ)
- Use CPUSE Online Identifier, use
  Check_Point_R80_20_JUMBO_HF_Bundle_T<Take number>_sk137592_Security_Gateway_and_Standalone_2_6_18_FULL.tgz
  and
  Check_Point_R80_20_JUMBO_HF_Bundle_T<Take number>_sk137592_Security_Management_3_10_FULL.tgz
  for:
  - CPUSE Online Identifier
  - Starting from R81 Management servers, for Central Deployment with SmartConsole Online Identifier
- Effective February 28th 2021, SmartConsole package has been updated to Build 121.

Take 190 | Take 188 | Take 187 | Take 183 | Take 173

Important Notes

R80.30 GA release is aligned with R80.20 Jumbo Hotfix Accumulator Take 74.
To check the Take number of the currently installed R80.20 Jumbo Hotfix (if it is installed), run: [Expert@HostName:0]# cpinfo -y all
Before you perform an upgrade, refer to sk164258 to check the compatibility of Jumbo Hotfix Takes between different releases.
Starting from R80.20 Jumbo Hotfix Take 156, clients that do not support MFA (such as Mac OS and iOS) cannot connect as Remote Access clients if MFA is enabled.
For information about Jumbo Hotfix support on different appliances, refer to sk166536.
Policy installation from Multi-Domain or Security Management server on R77.30 Gateways fails when using R80.20 Management with Jumbo Hotfix Take 173. Issue is resolved in Take 183. To download hotfix on top of Take 173, refer to sk169259.
If you see conflict validation errors while upgrading to newer Jumbo Takes, use the Deployment Agent build 1999 or higher (refer to sk92449).
For Azure customers, we recommend to install Jumbo Hotfix Take 188 or higher due to Microsoft certificate change.

List of Resolved issues and New Features per HotFix Take

ID	Product	Description
R80.20 Jumbo HotFix - Ongoing Take 190 (28 February 2021)
PRJ-7662, PMTR-46091	CPview	CPview may show partial information, if there are more than 256 interfaces configured on the system.
PRJ-18836, PRHF-13728, PRJ-21003, PRHF-14969	Security Management	NEW: Improved FWM process performance during Security policy or database installation.
PRJ-19949, PMTR-62429	Security Management	NEW: Added new Management HA utility to schedule automatic full syncs to peers that failed to be synchronized incrementally.
PRJ-20070, MCFG-229	Security Management	NEW: Optimized the Solr build time to improve performance in the following operations: Restore of the entire MDS/MLM from backup Upgrade from R80.10 Solr Cure
PRJ-19998, PRHF-14293	Security Management	UPDATE: Added improvements in policy load process, to reduce the policy installation time when having large amount of objects.
PRJ-19698, PRJ-13465	Security Management	UPDATE: If a Management HA synchronization stalls (displaying "Peer is busy"), it will be released within 2 hours instead of 24 hours.
PRJ-20029, PMTR-61770	Security Management	UPDATE: When purging revisions, task notifications will also be purged if created before the last revision to purge was published.
PRJ-21589, PRHF-15244	Security Management	Although the Access Settings of the Management API is set to "All IP addresses", the API server does not accept requests from any IP address unless the IP is defined explicitly as a Trusted Client.
PRJ-20885, PRHF-14946	Security Management	In some scenarios, when connecting to an existing session in SmartConsole from a different IP address, a wrong "Client IP" is shown in Audit Logs view.
PRJ-18473, PRHF-13644	Security Management	In some scenarios, the first environment variable configured using sk165938 is not loaded and not used by the CPM process.
PRJ-18896, PRHF-13860	Security Management	Policy installation may fail after migration from Domain Management to Security Management Server.
PRJ-20115, PMTR-60541	Security Management	In a rare scenario, the FWM process stops working.
PRJ-18815, PRHF-13819	Security Management	Management HA synchronization between Multi-Domain Management Servers may fail with "Failed to import data" error due to manual or automatic updates of contracts.
PRJ-19023, PMTR-61616	Security Management	In rare scenarios, FWM process may stop working after a login attempt to the Management server.
PRJ-18490, PRHF-13681	Security Management	In rare scenarios, a policy installation task may never complete.
PRJ-20852, SMCUPG-1316	Security Management	Management Server upgrade from R80.20 to R80.40 may fail if a Network Interface object refers to a Gateway object that does not exist.
PRJ-20840, SMCUPG-1454	Security Management	When migrating a Domain Management Server to a Security Management Server: SmartEvent blade cannot be activated on the migrated domain If the Domain had standby Domain Servers , it may cause inconsistencies in the database, that may result in different failures. For example, policy installation may fail.
PRJ-20302, PRHF-14634	Security Management	In some scenarios, deleting a Domain Server may fail with "Got at least one duplicate UID in requested list" error.
PRJ-17690, PRHF-13332	Security Management	In some scenarios, HA temporary sub-directories under $FWDIR/tmp are not deleted if sync fails. Refer to sk170972.
PRJ-16472, PMTR-58630	Security Management	Login with SmartConsole is blocked while the purge revisions task is running.
PRJ-19953, PRHF-14394	Security Management	The Management HA window in SmartConsole may mistakenly show the "Peer is busy" warning message for a few seconds.
PRJ-18286, PMTR-61010	Security Management	In rare scenarios, the CPU and memory usage of the CPM process may be abnormally high. Refer to sk170672.
PRJ-20763, PRHF-14399	Security Management	High load may occur on the Management Server when searching for a prefix of IP address that has more than 10 thousand matches.
PRJ-20802, PRHF-14691	Security Management	In some scenarios, delete partial domain with createDomainRecovery.sh script fails when there are several RadiusGroup objects with the same name in different domains.
PRJ-21584, PRHF-15222	Security Management	In rare cases, the CPM Solr process may not be stopped when running cpstop or mdsstop.
PRJ-21187, PMTR-63358	Security Management	In rare scenarios, logout from a session fails with "An internal error has occurred" message.
PRJ-21357, PRHF-14606	Security Management	In some scenarios, the Purge Revisions task may stop and show 0% for hours.
PRJ-17787, PRHF-13382	Security Management	In some scenarios, policy verification for static NAT rules succeeds even though the source subnet NAT is bigger than the destination subnet NAT.
PRJ-16470, PMTR-58631	Multi-Domain Management	UPDATE: When reassigning Global Domain for a Domain that is active on another Multi-Domain Server, the task is immediately relayed to the remote Multi-Domain Server without waiting in queue of the local server due to other tasks that are running.
PRJ-17211, PRHF-12851	Multi-Domain Management	UPDATE: With this fix, mds_backup will backup the Upgrade Tools package(s) and mds_restore will restore them on a Multi-Domain Server.
PRJ-22273, PMTR-65110	Multi-Domain Management	In some scenarios, updating a Domain Server may fail with the "<IP> already in use" message. Refer to sk171916.
PRJ-18688, PRHF-13744	Multi-Domain Management	Database installation to the newly created Domain Log Server may fail.
PRJ-19723, PMTR-62272	Multi-Domain Management	The Multi-Domain session APIs "view sessions" and "show last-published-session" results may include sessions that were not filtered according to the administrator's permissions profile. A Domain manager running the API will be notified when the results will be filtered and will be asked to run the command again with the "ignore-warnings" flag.
PRJ-19275, PRHF-13977	Multi-Domain Management	In rare scenarios, Management Server becomes inaccessible after a Global Policy reassign operation.
PRJ-19645, PMTR-62201	Multi-Domain Management	In rare scenarios, a Domain is shown in the Domains view without any Domain Server or a Domain is shown with Domain Server that was deleted and does not exist anymore. Refer to sk170556.
PRJ-17560, PRHF-12885	Multi-Domain Management	In some scenarios, reassigning a Global Policy may fail if the Global and local domains are not active on the same Multi-Domain Server.
PRJ-21342, PRJ-16910	Multi-Domain Management	When running many Reassign Global Domain operations for Domains that are not active on the current Multi-Domain Server, the load on the Server may increase and result in slowness of user and automation work.
PRJ-21277, SMCUPG-1625	Multi-Domain Management	In some scenarios, HA Full Sync on the System Domain fails after upgrade on a Multi-Site environment with multiple Multi-Domain Servers. Refer to sk171059.
PRJ-19992, PRHF-14349	Multi-Domain Management	After importing two (or more) Security Management servers into a Multi-Domain Server, the Gateway objects may not be functional: The editor may not show configuration correctly Security Gateway update may fail.
PRJ-19317, PMTR-61346	SmartConsole	NEW: Added support for Python 3 in Management API scripts.
PRJ-20244, PMTR-62490	SmartConsole	UPDATE: A pop-up warning will be displayed every time a "Custom Application" object with a performance impacting URL is edited (instead of being displayed only once).
PRJ-13810, PRJ-13808	SmartConsole	In some scenarios, the Administrators view shows all administrators in all domains regardless to specific permission profile of the connected administrator.
PRJ-20145, PRJ-20146	SmartConsole	SmartConsole may disconnect when searching in the Object Explorer for the text with an odd number of double quotes.
PRJ-20784, PRHF-13556	SmartConsole	When the user creates an Access Role, the AD organization tree may show duplicate branches, and some branches may be missing.
PRJ-19831, PMTR-50205	SmartConsole	The "show objects" command returns all objects in Global domain with any filter when "ip-only" flag is set to "true".
PRJ-13121, PRHF-11105	SmartConsole	In some scenarios, the "Update operation failed" error is displayed when attempting to delete a Gateway from the VPN community. Refer to sk167212.
PRJ-19200, PRHF-13955	SmartConsole	In some scenarios, when using the "set simple-gateway" API command with "logs-settings.forward-logs-to-log-server", it fails with "Generic server error".
PRJ-14104, PRHF-11590	SmartConsole	Search in Threat Prevention Exceptions in Protection/Site/File/Blade column may not return all expected results.
PRJ-18882, PRHF-13818	SmartConsole	Setting values for the environment variables of the Management API as per sk165938 does not work: the values are neither loaded nor used by the API process.
PRJ-19059, PMTR-34323	SmartConsole	Upgrade may fail due to IPS protections comment that is exceeding the comment length limit.
PRJ-13815, PMTR-19017	SmartConsole	In some scenarios, when the user attempts to delete a VSX Gateway / VSX Cluster, an error message may appear and the operation may not be completed successfully. Refer to sk167492. Requires R80.20 SmartConsole Build 121 (or higher).
PRJ-18380, PRHF-13609	SmartConsole	In some scenarios, running an action on a ROBO Gateway behind NAT does not work during sync on SMB appliances.
PRJ-20313, PRHF-14637	SmartConsole	In some scenarios, the "show gateways-and-servers" Management API command fails when running it with details-level full and when connected to the Global Domain. Refer to sk170895.
PRJ-21523	SmartConsole	In a rare scenario, Automatic NAT rules are not visible in SmartConsole.
PRJ-20238, PRHF-14533	SmartConsole	When there are no search results, search in Access Control Policy displays "An error occurred while searching" instead of "No Items Found".
PRJ-18920, PRHF-13879	SmartConsole	In some scenarios, the "show-access-rulebase" Management API command fails when running it with details-level "full" and there is a network group with more than 50000 objects on one of the rules. Refer to sk170435.
PRJ-17480, PRHF-12997	SmartProvisioning	In some scenarios, when recreating a ROBO object with the same name, the new object receives the previous status.
PRJ-17998, SL-2106	Logging	NEW: Log Exporter can now schedule a recurring reconnection to the target 3rd party server periodically. This allows usage of a Load Balancer component for target servers. The target 3rd party server can be declared as a DNS name also when using UDP protocol.
PRJ-12199, PRHF-10306	Logging	In some scenarios, the "Failed to fetch the file" error is displayed when trying to open Threat Emulation summary reports generated by VSX Gateways.
PRJ-17354, PMTR-59205	Logging	FWM and\or log_indexer processes may repeatedly stop when there are more than ~500K network objects declared. Refer to sk164452.
PRJ-1651, SL-1901	Logging	UPDATE: Added ability to SOLR process running on the Log server to prevent TLS1.1 and below in port 8211. Refer to sk168472.
PRJ-19714, PMTR-53967	Logging	When installing a newer Jumbo Hotfix, the Log Exporter filtering configuration may not persist and set to default.
PRJ-16174, PMTR-55550	Logging	In some scenarios, the cpsemd process on the log server may close unexpectedly during a restart, shutdown or upgrade.
PRJ-17162, PMTR-59241	Logging	The "show-log" API command may fail with the "GENERIC_SERVER_ERROR" error.
PRJ-7952, PRHF-7415	Logging	In rare scenarios, a log may display incorrect values in the Action and Rule field. Refer to sk170676.
PRJ-19008, PRHF-13936	Logging	In a rare scenario, CPD process may use a random port for AMON communication instead of port 18196.
PRJ-21157, PRJ-21078	Logging	In rare scenarios, the FWD process on the Security gateway may be blocked for several seconds due to processing of log attachments.
PRJ-11310, PMTR-51802	Logging	In Multi-Domain Management environments, some of the log_indexer processes may fail to start due to an occupied port.
PRJ-19820, SL-4358	Logging	In rare scenarios, the log_indexer process may stop working when reading a specific log format. Refer to sk116117.
PRJ-7523, SL-2989	Logging	Connection between the Gateway and the Log Server may go down, with the following error message in the fwd.elg file on the Gateway: "Log server xxx.xxx.xxx.xxx went down".
PRJ-5872, PRHF-3460	Logging	In rare scenarios, when the user configures a custom event with a script based automatic reaction in SmartEvent, the SmartEvent client may show the following error: "Server is not responding. Please try to reconnect later". Refer to sk155192.
PRJ-20561, PMTR-58714	Logging	In rare scenarios, the Log Exporter fails to connect to external destination when using the TLS protocol.
PRJ-19843, PMTR-62010	SmartView	UPDATE: Improved the time resolutions usability (formally known as samples) of the Timeline widgets.
PRJ-20872, PMTR-62957	SmartView	UPDATE: To improve performance, SmartView now exports data in CSV format instead of Excel.
PRJ-18778, PMTR-56281	SmartView	In rare scenarios, "Critical attacks allowed by policy widgets" in "General Overview" view may show no results while actual data exists. Refer to sk171001.
PRJ-9548, PRJ-9381	Security Gateway	NEW: Added DNS Passive Learning feature for enhanced non-FQDN domain objects & updatable objects matching. Refer to sk161612.
PRJ-11341, PRHF-9582	Security Gateway	NEW: Added support for authentication with a RADIUS server that expects to receive an empty password on the first message. VPN client will receive 2 dialogs instead of 3.
PRJ-20335, PMTR-57101	Security Gateway	NEW: Added Performance improvement when IP Pool NAT is used.
PRJ-13344, PRHF-8408	Security Gateway	In a rare scenario, the FWD process opens connections to port 111.
PRJ-20735, PRJ-20058	Security Gateway	In rare scenarios, Security Gateway memory consumption may increase.
PRJ-21609, PRHF-14715	Security Gateway	Security Gateway may crash when "Categorize HTTPS Websites" feature is enabled and categorization mode is set to "Hold".
PRJ-11203, PRHF-9029	Security Gateway	In some scenarios, traffic that is matched on implied rule is dropped while it should not.
PRJ-20382, PRHF-13431	Security Gateway	In a rare scenario, Access Control policy installation may fail after upgrade of Security Gateway from R80.10 or below to R80.20 or higher.
PRJ-21242, PRHF-12746	Security Gateway	In rare scenarios, proxy ARP entries may be deleted when installing a policy.
PRJ-20629, PRHF-14378	Security Gateway	In rare scenarios, high memory consumption in CPD may occur due to a memory leak in authentication flow with an LDAP server.
PRJ-21108, PRHF-14953	Security Gateway	Authentication may fail when LDAP branch name contains "\".
PRJ-11404, PMTR-24679	Security Gateway	In some scenarios, dmesg shows "up_manager_resume_chain: fwhold_send failed. chain will be dropped by the fwhold API" error messages when the connection was already dropped and cannot be resumed. Refer to sk133253.
PRJ-20652, PMTR-63092	Security Gateway	Accept logs with reason "Connection terminated before detection: Insufficient data passed. To learn more see sk113479." may be wrongly generated when the matched action is user authentication and the wrong username/password is provided by the user.
PRJ-18627, PRHF-11912	Security Gateway	Wrong memory (hmem) values may be reported by specific SNMP OID. Refer to sk168992.
PRJ-11792, AVIR-479	Security Gateway	False "alert" logs may be displayed in some Anti-Spam events.
PRJ-20720, PRJ-20057	Security Gateway	In rare scenarios, Security Gateway memory consumption may increase.
PRJ-20897, PRHF-14824	Security Gateway	In some scenarios, the DNS requests from the Security gateway may fail.
PRJ-19701, PMTR-62215	Security Gateway	In rare scenarios, a memory leak may occur in TOPOD process.
PRJ-14446, PMTR-10041	Security Gateway	In some scenarios, large number of interfaces defined on Security gateway may cause high CPU utilization by CPD process. Refer to sk168674.
PRJ-17366, PRHF-858	Security Gateway	DynamicID via SMTP does not work when an HTTP proxy server is defined.
PRJ-19954, PMTR-62477	Security Gateway	Half-closed accelerated TCP connections may take too long time to expire.
PRJ-19064, PRJ-18831	Security Gateway	In a rare scenario, Security Gateway memory consumption may increase and lead to a memory leak.
PRJ-13374, PMTR-54887	Security Gateway	The TCP State Logging feature may not work as expected.
PRJ-19582, PMTR-61102	Security Gateway	In some scenarios, "email_unified_cmi_get_attribs: not valid caller: up_log_get_user_hash" error appears in dmesg for SMTP traffic.
PRJ-19848, PRHF-14268	Security Gateway	In some scenarios, a memory leak may appear after sending a packet from the kernel.
PRJ-19158, TEX-1482	Threat Extraction	UPDATE: Threat Extraction will no longer attempt to perform "Convert to PDF" if the file is corrupted, because the resulting files in these cases are usually unreadable. To reactivate this behavior, set the "enable_alternative_scrub_method" variable in $FWDIR/conf/scrub_debug.conf file to 1 and install the Security policy.
PRJ-9943, PRHF-8315	Anti-Malware	In some scenarios, multiple files called "ckp_mutex" are created on the Security Gateway.
PRJ-17841, PMTR-58416	Anti-Malware	In some scenarios, Threat Prevention logs appear half full (not unified).
PRJ-19736, PRJ-17439	Anti-Malware	In some scenarios, users may fail to access a web site with many malicious URLs.
PRJ-12467, PMTR-38976	Anti-Malware	In rare scenarios, Security Gateway crashes during CIFS traffic when the Anti-Virus blade is in Hold mode and the CIFS feature is enabled for Anti-Virus or Threat Extraction (see sk101606).
PRJ-19742, PRHF-13998	Anti-Bot	Dynamic Global Network Object usage inside a Network Group object may cause an Access Policy installation failure.
PRJ-18124	Identity Awareness	NEW: Added Identity Sharing SmartPull mechanism performance and functionality improvements. Refer to sk170516.
PRJ-13173, PMTR-53443	Identity Awareness	UPDATE: Optimized memory usage in the PDP process’s LDAP operations.
PRJ-19748, PRHF-14338	Identity Awareness	In some scenarios, the Security Gateway may not recognize an IP address as a local address, resulting in wrong drops.
PRJ-19636, PMTR-61982	Identity Awareness	In some scenarios, when a standby cluster member receives RADIUS accounting updates, there may be high CPU on the PDP process.
PRJ-16169, IDA-754	Identity Awareness	After changing 'pdp nested_groups __set_state 2' ,flat groups are fetched correctly, but nested groups are not fetched. Refer to sk166199.
PRJ-12501, PRHF-10481	Identity Awareness	In some scenarios, Identity Awareness counters in cluster environments show zero.
PRJ-20844, PRHF-14347	Identity Awareness	In some scenarios, рunning pdpd commands results in "daemon did not respond or not running!" error. Refer to sk171136.
PRJ-20093, PMTR-59101	DLP	UPDATE: Added support for multi-part data to DLP.
PRJ-17871, PRHF-10279	HTTPS Inspection	UPDATE: "Categorize HTTPS websites" feature enhancements when "Categorize HTTPS Sites" feature is enabled: Improved enforcement of first connection when URL Filtering setting is in 'Hold' mode Added SNI information to connection logs when connection is matched on rule with "Extended Log" Hold mode granularity
PRJ-18822, PRHF-13605	HTTPS Inspection	Cannot browse with Chrome when using mixed chain with ECDSA subordinate CA in HTTPS Inspection. Refer to sk170332.
PRJ-19468, PMTR-58086	HTTPS Inspection	In some scenarios, the HTTPS Inspection CA bundle is not created on the Security Gateway.
PRJ-18702, PRHF-12299	UserCheck	When using the UserCheck agent, the original URL attribute variable $orig_url$ may appear on URL field of log details.
PRJ-19038, PRHF-13886	UserCheck	In some scenarios, users cannot restore original attachment via UserCheck portal and receive the "An unexpected error has occurred" error message.
PRJ-13968, PRHF-11634	IPS	UPDATE: The "ips stat" command now shows all active Threat Prevention profiles with IPS enabled on the Security Gateway.
PRJ-13497, PRHF-10943	IPS	In some scenarios, a non-compliant IMAP traffic is dropped.
PRJ-14059, PRHF-5061	IPS	In some scenarios, SmartEvent does not create IPS events based on the "Critical severity" field.
PRJ-19297, PRHF-13560	IPS	In some scenarios, log output shows the Origin/Source as "0.0.0.0" in VSX 3rd party IPS logs.
PRJ-20345, PRHF-14266	IPS	In rare scenario, the SmartConsole shows the "IPS is not responding" message even though IPS is functioning normally.
PRJ-10921, HP-97	IPS	In some scenarios, "cmik_loader_fw_context_match_cb: match_cb for CMI APP 10 failed" error appears in dmesg for HTTP traffic.
PRJ-18177, MBS-12220	URL Filtering	In some scenarios, the wstlsd process may stop working and produce a core dump.
PRJ-20583, VPNRA-642	Mobile Access	Removed potential XSS vulnerability in the MAB Login page.
PRJ-19233, PRHF-14046	Mobile Access	There may be a delay when connecting to HTTPS based SMS portal over a non-standard proxy port. Refer to sk170497.
PRJ-17323, PRHF-13031	Mobile Access	A user may not connect with Remote Access Client if this user belongs to many groups defined in SmartConsole.
PRJ-20532, PRHF-14728	ClusterXL	In some scenarios, data connections are dropped with "First packet isn't SYN" message on ClusterXL Load Sharing.
PRJ-14358	ClusterXL	Same MAC Magic configuration on different clusters in Unicast mode may cause flapping in switch. Refer to sk167206.
PRJ-16513, MBS-11708	SecureXL	NEW: Added the ability to enable monitor-only mode for penalty box independently of other DOS/Rate limiting features.
PRJ-14937, PMTR-56844	SecureXL	UPDATE: "fwaccel dos blacklist" and "fwaccel dos whitelist" commands are deprecated and replaced by "fwaccel dos deny" and "fwaccel dos allow". Refer to sk112454.
PRJ-18320, PRHF-13474	SecureXL	UPDATE: Drop templates can be generated for connections with matched action Reject. For additional information and configuration, refer to sk171146.
PRJ-20024, PRHF-14228	SecureXL	Server may not reuse the TCP connection when the user allows out of state TCP packets.
PRJ-16580, PRHF-12716	SecureXL	In some scenarios, traffic with the destination IP address as the broadcast address configured according to sk98810 is dropped.
PRJ-18081, RHF-13507	SecureXL	SNMP may show wrong values for the number of bytes and packets accepted by Security gateway. Refer to sk170132.
PRJ-20052, PRHF-14417	SecureXL	In rare scenarios, SecureXL may crash due to NULL handling.
PRJ-891, PRHF-2914	SecureXL	In some scenarios, output of "fwaccel stat" command does not display the layer name that disables the templates (only "Layer ---" is displayed). Refer to sk145533.
PRJ-19661, PRHF-13929	SecureXL	In some scenarios, connections are dropped when SYN Defender and ISN Defender are both enabled on the same interface.
PRJ-19403, PMTR-60870	SecureXL	In some scenarios, Rate Limiting rules for DoS do not work after reboot. Refer to sk170148.
PRJ-17401, PRHF-13153	SecureXL	In some scenarios, PPTP or GRE traffic may be dropped. Refer to sk170293.
PRJ-16353, PRJ-16349	CoreXL	In a rare scenario, CPU consuming on some instances is high. Refer to sk168513.
PRJ-20468, PRHF-14653	Gaia OS	UPDATE: On Scalable Platforms, added ability to force a Security Gateway to access Management/Log-Server via the NATed IP address for fetching policy or sending logs, by running this command on the Security Gateway: ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 FORCE_NATTED_IP -n 1
PRJ-19143, PMTR-55383	Gaia OS	UPDATE: Added the option to bind IP addresses to sockets using the udp_connect API. Refer to sk171019.
PRJ-18240, PRHF-13451	Gaia OS	"cphaprob -h" shows wrong explanation for "cphaprob show_bond [<bond_name>]" command.
PRJ-18078, PRHF-13504	Gaia OS	On environments with large IP routing tables, the SNMPD process may consume 100% CPU when running a scan from an external tool. Refer to sk170150.
PRJ-20940, PMTR-63343	Gaia OS	Upgrade process may fail due to corrupted sic_local_cert.p12 certificate. Refer to sk171253.
PRJ-18086, PRHF-13504	Gaia OS	Query routing info via SNMP may consume 100% CPU in case of a massive IP routing table. Refer to sk170150.
PRJ-18937, PRHF-13812	Gaia OS	In some scenarios, the "... fwldbcast_handle_retrans_request: Updated bchosts_mask to 1" message may be printed in /var/log/messages file.
PRJ-20745, PMTR-63201	Gaia OS	CVE-2020_25705: ICMP reply rate.
PRJ-15659, PMTR-57216	Routing	UPDATE: Display of routing CPview results is limited to 30 lines.
PRJ-18798, PMTR-46178	Routing	In some scenarios, the routed process stops working when removing an OSPF interface that had authentication configured. Refer to sk170272.
PRJ-19460, PMTR-60878	Routing	Routed logs may incorrectly state that routemaps that export to OSPF cannot set the OSPF manual tag, even though the functionality works.
PRJ-19626, PRHF-14280	Routing	ip-reachability-detection ping marks a target IP address as "unreachable" if the path goes via a VPN tunnel, although pinging this IP address directly works.
PRJ-20441, ROUT-1325	Routing	The old route may be not removed when an BGP ECMP route was changed.
PRJ-20436, PMTR-45014	Routing	ECMP route nexthops learned from BGP peers may be not properly updated in the kernel, resulting in network connectivity loss.
PRJ-18785, PMTR-60976	VPN	NEW: Added VPN command line mechanism stability enhancement and VPN improvements in IKEv2.
PRJ-17484, PMTR-40127	VPN	NEW: Added Anti-Spoofing functionality for Remote Access Office Mode IPs in SecureXL.
PRJ-16429	VPN	UPDATE: Added support for fetching CRL with proxy in Site-to-site VPN configuration.
PRJ-19087, PMTR-61752	VPN	UPDATE: Remote Access VPN stability improvement.
PRJ-15547, PRHF-11629	VPN	UPDATE: Added the TTM-per-group feature improvement that allows it to work with more client types (for example Nemo client).
PRJ-15739, PRHF-12010	VPN	In some scenarios, findSAByPeer does not validate the peer IP address for DAIP peer behind NAT.
PRJ-18750, PRHF-2209	VPN	In some scenarios, the Dynamic ID configuration in SmartConsole (SMS/Email) is ignored. Refer to sk144933. With this fix, an administrator will be able to choose for each login option separately which protocol (HTTP/SMTP) will be used to send the one-time code.
PRJ-20330, PMTR-62776	VPN	Security Gateway may crash when you install policy on a MAB Gateway and a policy file is corrupted.
PRJ-20865, PMTR-56565	VPN	In some scenarios, the VPND process keeps re-downloading the same CRL, which can cause performance issues.
PRJ-20945, PMTR-63287	VPN	In some scenarios, L2TP clients disconnect from the Security gateway after 10 minutes of the connection.
PRJ-17491, PRHF-13007	VPN	In IKEv2 renegotiation scenario, IPSec SAs may be deleted on a standby cluster member during post sync causing a VPN traffic outage.
PRJ-7479, GAIA-6504	VPN	Policy installation with VPN enabled may take a long time.
PRJ-19421, PRHF-13784	VPN	In some scenarios, the vpnd process stops working with Segmentation fault.
PRJ-20824	VPN	In IKEv2, the renegotiation of IKE SA may fail.
PRJ-20646, PMTR-63280	VPN	In some scenarios, the VPND process may stop working.
PRJ-20272, PRHF-14308	VPN	In a rare scenario, a memory leak may appear when RASession_util is active.
PRJ-20519, PRHF-14766	VPN	In a rare scenario, the FWM process stops working when enrolling a certificate using the SCEP protocol.
PRJ-16338, PRHF-12447	VPN	The user may be unable to connect with Remote Access when the username or user field in the certificate is too long.
PRJ-13093, PRHF-11004	VPN	RADIUS packet sent by Security gateway, may show the Framed-IP-Address field in the reverse order. Refer to sk167361.
PRJ-19213, PRHF-13685	VPN	Site to Site VPN fails to establish with IKEv2 on GCP when NAT-t is enabled.
PRJ-18268, PRHF-13543	VPN	The VPND process on a standby cluster member may stop working when VPN peer has a probing link selection configured. Refer to sk170136.
PRJ-12240, PRHF-10370	VPN	When clicking "View..." in Trusted CA object's OPSEC PKI tab, this may show the "Failed to get a certificate of <object name> from keyset" error. Refer to sk166496.
PRJ-13819, PRHF-10420	VPN	Access roles do not recognize Remote Access SNX CLI clients.
PRJ-18500, PMTR-60820	VSX	UPDATE: Added support for VSX SecureXL tabs on CPView. Refer to sk167903.
PRJ-18292, PMTR-53549	VSX	VSX VSLS with 3 Members may fail to connect to Identity Collector. Refer to sk170836.
PRJ-20962, VSX-2519	VSX	After running "vsx_util vsls" and selecting option #6, the operation may fail with the "Internal Error: got empty reply set" error. Refer to sk171352.
PRJ-18575, PMTR-59637	Compliance	UPDATE: Added ability to select 'Any' in the Service column when creating a custom firewall Best practice. Requires R80.20 SmartConsole Build 121 (or higher).
PRJ-14100, PRJ-14100	Compliance	In some scenarios, Compliance Blade does not scan inline layers for Application Control and URL Filtering Best Practices.
PRJ-20601, PRHF-14400	VoIP	VoIP’s RTP can cause overload on global instance (CoreXL instance 0).
PRJ-16454, PRHF-12691	VoIP	SIP parser may cause the wrong RTP dynamic connection to be opened. Refer to sk169373.
R80.20 Jumbo HotFix - General Availability Take 188 (08 December 2020, GA from 28 December 2020)
PRJ-20083, PMTR-60885	CloudGuard IaaS	UPDATE: Added new certificates for Microsoft Azure. For details, refer to this Microsoft article.
R80.20 Jumbo HotFix - Ongoing Take 187 (17 November 2020)
PRJ-18356, PMTR-58781	CPView	In some scenarios, peak values for interfaces are not updated in CPView.
PRJ-14450, PRHF-11981	CPView	In some scenarios, CPView may stop working after upgrade from R80.20 GA.
PRJ-16145, PMTR-58152	Security Management	NEW: The "cma_migrate" command will continue working if the SSH connection with the Multi-Domain Server was lost. If the user presses "Ctrl+C" while cma_migrate is running, the user will be asked whether to stop cma_migrate or to continue.
PRJ-15499, PMTR-56638	Security Management	NEW: The $MDS_FWDIR/scripts/cpm_status.sh script will show if the CPM process fails to start.
PRJ-15565, PRHF-12170	Security Management	NEW: In some scenarios, modifying or deleting objects in bulk may cause slowness in SmartConsole responses and long duration of operations. Ability to improve performance in such cases was added. Refer to sk135972.
PRJ-14490, SMCUPG-1384	Security Management	In some scenarios, migrating two different Security Management Servers to domains in the same Multi-Domain Management Server fails.
PRJ-14523, PRJ-13319	Security Management	Upgrade from R80.10 may take many hours when there are hundreds or more Administrators and dozens or more Permission Profiles defined.
PRJ-16197, PRHF-9260	Security Management	When running the "show-access-rulebase" API command with filter, and the selected layer is an inline layer, rules of the inline layer are not returned even though they match the search criteria.
PRJ-15495, PMTR-57275	Security Management	$MDS_FWDIR/scripts/solr_start.sh script may fail to start Solr Cure if sk123417 is applied.
PRJ-11702, PRHF-9017	Security Management	The Purge Revisions operation may not clean deleted objects of previous revisions.
PRJ-13611, PRHF-11300	Security Management	In rare scenarios, the "where-used" API command fails with "Management server failed to execute command" error.
PRJ-17041, PMTR-59394	Security Management	In rare scenarios, some objects may be locked and not available for editing. Refer to sk169772.
PRJ-15417, PMTR-48628	Security Management	In some scenarios, Read-Only sessions appear twice in the Sessions view.
PRJ-17073, PRJ-13851	Security Management	In some scenarios, the Security Management Server's startup takes a very long time after editing or deleting many Administrators.
PRJ-16367, PRHF-12594	Security Management	When logging into SmartConsole directly to a Domain using Radius or TACACS, the Authentication method in the audit log may show as "Internal Password". Refer to sk168716.
PRJ-18045, PRHF-13462	Security Management	In rare scenarios, a Management server may become inaccessible and requires a reboot. Refer to sk170634.
PRJ-13725, PMTR-55574	Multi-Domain Management	NEW: Global object deletion will be blocked if used in Domains on the Multi Domain Server. The "Unused Objects" filter in the Global Domain will show objects only if not used by all of the Domains on the Multi-Domain Server.
PRJ-16425, PMTR-58559	Multi-Domain Management	Management HA incremental synchronization may break on the MDS level with "failed to import data" error message due to an operation related to the Compliance Blade.
PRJ-17305, PMTR-59799	Multi-Domain Management	In rare scenarios, the fwm process may stop working and fail the Multi-Domain Management server upgrade.
PRJ-16436, PRHF-12236	Multi-Domain Management	After upgrading a Multi-Domain Management Server, the object version of the Domain Management Servers or Domain Log Servers in the MDS SmartConsole may not have changed.
PRJ-13794, PMTR-43231	Multi-Domain Management	In a Multi-Domain Server, domain-related processes may not start when the user runs "evstop" and then "evstart".
PRJ-13474, PRHF-11299	Multi-Domain Management	Domain Servers may disappear from Multi-Domain view after running the Solr Cure utility.
PRJ-18683, PRJ-18682	Multi-Domain Management	In some scenarios, domain import to a Multi-Domain Management Server may fail.
PRJ-17236, PMTR-59666	Multi-Domain Management	On Multi-Domain environments with multiple Multi-Domain servers connected in HA, operations such as "Log in" and "Reassign Global Domain" may fail due to high load on FWM process.
PRJ-7431, PRHF-7241	Multi-Domain Management	In rare scenarios, reassigning the Global Policy on a specific domain fails with "An internal error has occurred". Refer to sk163938.
PRJ-17068, PMTR-59232	Multi-Domain Management	In some scenarios, Domain appears in the System Domain without any Domain Servers.
PRJ-16641, PMTR-58309	Multi-Domain Management	In some scenarios, Domain Management Server is shown in System Domain under Domains View even though it was deleted.
PRJ-13904, PMTR-54935	SmartConsole	In some scenarios, when working with older applications like SmartView or SmartProvisioning, the admin count in SmartConsole presents an incorrect number of connected admins.
PRJ-13454, PRHF-10952	SmartConsole	In some scenarios, Management API commands with "details-level":"full" Payload return a truncated output and fail to complete. Refer to sk170414.
PRJ-12853, PRHF-10453	SmartConsole	Hit count data may not be deleted automatically.
PRJ-17130, PRHF-13005	SmartConsole	When scrolling or clicking a rule, some inline layer rules may open unexpectedly.
PRJ-16704, PRHF-12819	SmartConsole	Enabling Threat Prevention policy may fail with validation errors when the policy's targets include cluster members running a version lower than R80.10.
PRJ-16060, PRHF-12395	SmartConsole	In some scenarios, certain Gateways do not appear in the IPS Core protections list. Refer to sk168474.
PRJ-17878, PMTR-60559	SmartConsole	In Global Properties under Stateful Inspection tab, the "TCP end timeout (R80.20 and higher gateways)" option does not support values higher than 60 seconds. Requires R80.20 SmartConsole Build 119 (or higher).
PRJ-15816, PRHF-12352	SmartConsole	In some scenarios, Management API does not start automatically after restart, although automatic start is enabled. Refer to sk168332.
PRJ-18039, PMTR-60761	SmartConsole	In some scenarios, after a successful IPS update, the new IPS version does not appear under 'switch version' window.
PRJ-17412, PRHF-13223	SmartConsole	When removing an object from a group using the “groups” field of the object’s module in the Ansible collection, the group will not be changed and Ansible will show that no changes are needed.
PRJ-18330, PMTR-58703	SmartConsole	Exception group may be incorrectly deleted in the following scenarios: "Apply On" in exception group is changed from "Automatically attached to each rule with profile" to "Automatically attached to all rules". A profile that was attached to the exception group, is deleted. The group is removed from the exception groups list, however it remains in the Threat Prevention rulebase.
PRJ-17007, PMTR-48331	SmartConsole	When using SmartConsole CLI, the application may unexpectedly terminate if the input has quotation marks that are not closed.
PRJ-16466, PRHF-11438	SmartConsole	Update corporate Gateway procedure takes a long time and may cause login issues and general slowness in the Provisioning GUI.
PRJ-15833, PMTR-39061	SmartProvisioning	In some scenarios, when the user installs policy on R77.30 Central Office Security Gateway from Management version R80 and higher, VPN tunnels may be dropped for LSM Gateways.
PRJ-14355, SL-4323	SmartView	In SmartView, when the user sends a generated report via email in a language with non-standard English letters (Accented, Cyrillic, Chinese, Japanese, etc), some of the text may appear as question marks (?).
PRJ-16888, PMTR-59093	SmartView	In SmartView, after adding a new page to a report, the preview page appears to have no data although it has (this data appears in the Edit Mode).
PRJ-17013, PMTR-59317	Logging	NEW: Added ability to filter Threat Prevention and Endpoint logs by file size on a Log server machine via Logs & Monitor view in SmartConsole.
PRJ-13348, PMTR-54708	Logging	In some scenarios, when the user configures the log exporter filter with the “cp_log_export” command (action, origin, product), the filter is not configured properly according to the used format.
PRJ-490, SL-1896	Logging	In SmartConsole logs tab, filtering logs by the field "Method" may return empty results when using the values PROPFIND, CCM_POST or PATCH.
PRJ-5135, PRHF-9424	Security Gateway	NEW: Added performance optimization for the time object matching on the VSX environment.
PRJ-17010, PMTR-55179	Security Gateway	In some scenarios, the "CGsoapSessions::AuthenticateSession failed, session is not authenticated" message may appear in mds.elg or fwm.elg file.
PRJ-13587, PRHF-11311	Security Gateway	In a rare scenario, Security Gateway may crash during policy installation.
PRJ-16156, PMTR-58124	Security Gateway	In a rare scenario, Security Gateway may crash after policy installation.
PRJ-13886, PRHF-9759	Security Gateway	An interface name with more than 15 characters may cause the policy installation to fail. Refer to sk167955.
PRJ-17310, PMTR-59182	Security Gateway	In rare scenarios, Security Gateway memory consumption may increase.
PRJ-15599, PRJ-13567	Security Gateway	In some scenarios, policy installation fails with "Error code 0-2000121".
PRJ-11291, PRHF-8491	Security Gateway	Unused OIDs may appear in SNMP MIB file.
PRJ-15846, PMTR-57739	Security Gateway	SXL drop due to routing configuration when using security zone on bridge (layer2).
PRJ-14070, AVIR-1090	Security Gateway	In rare scenarios, Security Gateway may crash due to memory allocation failure.
PRJ-17957, PMTR-60574	Security Gateway	In some scenarios, policy installation fails with "Error code 0-2000077".
PRJ-16086, PRHF-12224	Security Gateway	In rare scenarios, a memory leak may appear on Security Gateway in gconn table.
PRJ-19062	Security Gateway	In rare scenarios, Security Gateway memory consumption may increase.
PRJ-16663, PRHF-12727	Security Gateway	Security Gateway running in USFW mode (User-Mode Firewall) may crash with fwk core dump. Refer to sk169119.
PRJ-13693, PMTR-55510	Security Gateway	Proxy arp change is applied only after the second policy installation.
PRJ-13259, PRHF-9930	Security Gateway	In a rare scenario, traffic is dropped with the "[ERROR]: up_handle_get_matched_service_clob: no clob list on handle for type SERVICE;" error in dmesg.
PRJ-18423, MPTT-2224	Internal CA	In a rare scenario, some emails with links are cached due to timeout failure.
PRJ-872, PRHF-1162	Internal CA	In some scenarios, manual edit of user's certificate expiration period does not take effect. Refer to sk143292.
PRJ-15579, PRHF-9645	Application Control	In some scenarios, deprecated applications are not removed/replaced during an upgrade from R77.30 to R80.x. Refer to sk131372.
PRJ-1454, PRHF-3790	Anti-Virus	In rare scenarios, Security Gateway crashes during CIFS traffic when CIFS feature is enabled for Anti-Virus or Threat Extraction (see sk101606).
PRJ-16953, PRJ-16952	Anti-Malware	In some scenarios, a file with HTTP chunked encoding is drooped if there is a Fail-Close configuration on the Anti-Virus blade. Refer to sk169312.
PRJ-8612, NSS-2348	Anti-Malware	In some scenarios, dmesg may show many "rad_client id 6 is not register" errors.
PRJ-17649, PMTR-44711	Identity Awareness	In some scenarios, user cannot authenticate to Captive Portal as a Guest User.
PRJ-6862, PRHF-2081	Identity Awareness	In some scenarios, the user cannot connect to the AD server when the account is set to “never expires” on Microsoft Active Directory. Refer to sk143672
PRJ-12452, PMTR-52404	Identity Awareness	In a rare scenario, a standby cluster member receives updates from identity sources and creates a mismatch in the PDP tables.
PRJ-18839, PRHF-13322	SSL Inspection	In rare scenarios, a memory leak may occur during policy installation.
PRJ-17197, PMTR-59565	HTTPS Inspection	In a rare scenario, a connection remains open after it is closed by the server, and the web browser may load a page for a long time.
PRJ-15974, PMTR-57915	UserCheck	In some scenarios, the UserCheck daemon usrchkd may stop working.
PRJ-17637, PRHF-12934	UserCheck	In some scenarios, UserCheck agent notifications may be blocked.
PRJ-18190, PRHF-11733	IPS	NEW: Added ability to send connection log per application match for ATM transactions identification. The functionality is disabled by default and can be enabled by using the "up_duplicate_connection_log_on_packet_matched_app_enabled" kernel parameter.
PRJ-9123, PMTR-47855	IPS	In some scenarios, Threat Prevention policy installation may fail when the Threat Prevention profile performance impact is configured to "Very Low".
PRJ-16104, PRHF-12463	URL Filtering	In some scenarios, there may be sporadic connectivity issues in the Anti-Malware/URLF service (RAD).
PRJ-16996, PRJ-16965	Mobile Access	Mobile Access portal may become unresponsive after Jumbo Hotfix uninstallation. Refer to sk169152.
PRJ-13844, PMTR-42541	Mobile Access	Browser based applications cannot be opened in MAB portal.
PRJ-2922, PRHF-4457	SecureXL	In a rare scenario, the Security Gateway may crash when deleting certain non-TCP connections.
PRJ-9562, PRHF-9919	SecureXL	In a rare scenario, Security gateway may crash when the Drop Template feature is enabled.
PRJ-17827, PRHF-13029	SecureXL	In some scenarios, CPView may show incorrect statistics for VPN encrypted/decrypted packets.
PRJ-15390, PRHF-11950	Routing	A TCP connection between cluster master and slave may flap on OSPF attempt to delete a non-Max-Aage LSA.
PRJ-18023, PRHF-13480	Routing	SNMP queries for bgpPeerFsmEstablishedTime return an incorrect constant value. Refer to sk170074.
PRJ-17853, PRHF-13388	Routing	In rare scenarios involving large AS paths, there may be a loss of BGP adjacency. Refer to sk170876.
PRJ-16577, SPC-3089	Routing	In some scenarios, the routed daemon may stop working with BGP.
PRJ-17711, ROUT-954	Routing	Security Gateway may stop forwarding the Multicast stream when PIM is configured on it. Refer to sk169774.
PRJ-15319, PMTR-48973	VPN	In some scenarios, using LS/HA mode on a VPN tunnel may cause packets to be dropped. Refer to sk160612.
PRJ-17629, PMTR-42363	VPN	The vpnd process may stop working when the user runs the "vpn tu" command.
PRJ-15619, PMTR-57459	VPN	Access Roles with MAB SNX as the client type may not work.
PRJ-16208, VPNRA-469	VPN	Stability improvement for Remote Access VPN.
PRJ-16719, PMTR-57565	VPN	Remote Access potential connectivity issue when there are more than 1 external interfaces.
PRJ-17774, PRJ-17706	VPN	The vpnd may stop working during IKEv2 negotiation.
PRJ-16863, PMTR-55844	VPN	Software Blade name inconsistency between login and logout logs of an SNX client.
PRJ-873, PRHF-2155	VPN	Connectivity problem in Remote Access VPN when aggressive SLP is enabled. Refer to sk148273.
PRJ-14209, PRHF-1490	VPN	The vpnd process may stop working and a "CvpnUMD process crashed" error is printed into /var/log/messages. Refer to sk160735.
PRJ-15835, PMTR-40895	VPN	When a Gateway does not recognize the SPI, it sometimes sends the "Invalid SPI" notification in clear. As a result, the peer may ignore it, resulting in an outage.
PRJ-11050, PRHF-7972	VPN	Improved NAT Detection with 3rd party peers in IKEv1 and IKEv2. Refer to sk165003.
PRJ-10951, PRHF-8923	VPN	In some scenarios, VPN tunnel connection is dropped with "no MSA for MSPI" error. Refer to sk167393.
PRJ-12769, PRHF-10314	VPN	In some scenarios, RADIUS authentication may take more than five minutes to be fulfilled with Endpoint Clients, reaching connection timeout on the Gateway side.
PRJ-10032, CRYPTOIS-661	VPN	In some scenarios, Security Gateway Portals and Remote Access VPN clients show wrong certificate after certificate renewal. Refer to sk131212.
PRJ-17025, PRHF-5394	VPN	The VPND process cannot stop listening on port 264.
PRJ-18531, PMTR-61276	VPN	In rare scenarios, when a Wire-Mode is configured on a community, it may cause a Security gateway from another community not to accelerate connections in SecureXL.
PRJ-11044, ACCL-417	Gaia OS	UPDATE: CPView Network -> Top-Protocols and Network -> Top-Connections tabs were added back. Refer to sk167903.
PRJ-16669, PMTR-53960	Gaia OS	UPDATE: CPView Network -> Top-Protocols and Network -> Top-Protocols tabs was added back. Refer to sk167903.
PRJ-15592, PRJ-13625, PRHF-11367	Gaia OS	The "show configuration" Clish command may show 'Exported by admin' instead of the correct user name.
PRJ-14457, PRJ-11859, PRHF-9702	Gaia OS	It is not allowed to create usernames with reserved words, such as 'eval', 'apply' etc., in the middle of the username in WebUI. Refer to sk170681.
PRJ-13940, PRHF-11368	Gaia OS	In some scenarios, when the RADIUS user enables bash logging (as per sk99134) and moves to Expert mode, the username in the log files appears as admin instead of RADIUS.
PRJ-15463, PMTR-56502	Gaia OS	"show asset" command shows the Network card model CPAC-4-1C instead of CPAC-4-1C-L.
PRJ-15612, PRJ-11968, PRHF-9336	Gaia OS	The confd process may stop working when the user runs the "show/set/add interface" long command. Refer to sk167635.
PRJ-11992, PRHF-10312	Gaia OS	In rare scenarios, a snapshot creation may fail.
PRJ-6170, PRJ-16475, PRHF-6118	Gaia OS	In some scenarios, the monitord process may consume high CPU. Refer to sk163614.
PRJ-16077, PMTR-57581	Gaia OS	In some scenarios, when the user tries to return to the factory default, the machine reverts to a different snapshot.
PRJ-9117, PRHF-4435	Gaia OS	In some scenarios, SNMP fails to report disk utilization.
PRJ-10080, PMTR-50675	Gaia OS	When enlarging the partition via lvm_manager from a small partition to a larger partition, the user may reach an internal filesystem settings limit. As a result, some filesystem monitoring commands stop working.
PRJ-12860, PMTR-51379	Gaia OS	Creating LOM users for Smart-1 525/625/5050/5150 appliances may fail if the username length is shorter then 4 characters.
PRJ-12740, PMTR-51157	Gaia OS	Restore backup may fail due to unmatched upgrade tools.
PRJ-14312, PRHF-11752	Gaia OS	In rare scenarios, gateway uptime in SmartConsole may show an abnormally high number. Refer to sk167937.
PRJ-16258, PRJ-4868, PRHF-5016	Gaia OS	A Timestamp in Unix/Epoch time may not be updated when the user changes a password using hash.
PRJ-16267, PRHF-12508	VSX	Latency and/or packet loss may occur for traffic which passes through a Virtual Switch in a VSX Gateway. Refer to sk168592.
PRJ-17297, PMTR-59775	VSX	Connections distribution may get unbalanced on VSX environment. Refer to sk169352.
PRJ-18104, PRHF-13218	VSX	In rare scenarios, dynamic objects database may be cloned between Virtual Systems. Refer to sk169514.
PRJ-16529, PMTR-43791	CloudGuard IaaS	NEW: Improved CloudGuard Controller logging options.
PRJ-16252, PRHF-12538	CloudGuard IaaS	Scanning of GCP Data Center may fail when instance does not have disks.
PRJ-9401, STRM-152	QoS	In some scenarios, QoS Policy installation fails with the following message: "Error - QoS Policy does not apply to any network interface. Please edit your Network Object and check the interfaces you wish to install on" when policy is defined properly on the interface.
PRJ-16598, PRHF-12083	Endpoint Security	In some scenarios, Policy server stops syncing with the Endpoint Security Server. Refer to sk168912.
PRJ-15857, PRHF-7446	Endpoint Security	An exception may be displayed in SmartEndpoint when uploading an offline group software deployment package. Refer to sk165852.
PRJ-16285, PMTR-58322	VoIP	NEW: Added support for HopCount field in H323 protocol. Refer to sk169513.
R80.20 Jumbo HotFix - General Availability Take 183 (3 September 2020, GA from 11 Oct 2020)
PRJ-14373, PMTR-36116	Diagnostics	Missing information in total throughput/inbound/outbound packets in CPView history's Network view.
PRJ-13960, PMTR-55974	Security Management	NEW: Added the ability to purge revisions automatically based on user configuration. Refer to Automatic Purge Documentation.
PRJ-14643, PRHF-11983	Security Management	NEW: Solr server process is restarted automatically if it is not responsive for a long time.
-	Security Management	Policy installation from Multi-Domain or Security Management server to R77.30 Security Gateway fails when using R80.20 Management with Jumbo Hotfix Take 173. Refer to sk169259.
PRJ-12373, PRHF-10550	Security Management	Policy Presets may disappear from view after the user runs the Solr Cure utility. Refer to sk167455.
PRJ-14295, PRHF-11704	Security Management	In rare scenarios, High Availability sync fails with "Ngm failed to import data" error after the user deletes a Permission Role.
PRJ-13917, MCFG-242	Security Management	In some scenarios, exporting the Security Management Server in order to migrate it to Domain in Multi-Domain Environment, fails.
PRJ-13461, PMTR-54975	Security Management	In rare scenarios, Install Policy Presets are not triggered.
PRJ-15608, PMTR-57447	Multi-Domain Management	NEW: Added ability to run Management REST API on a Multi-Domain Log Server.
PRJ-15414, PRJ-13920	Multi-Domain Management	In Multi-Domain environments with High Availability, if the Management Server is stopped while there's a Purge Revisions operations in progress, the server may fail to start again. Refer to sk168175.
PRJ-15457, PRHF-6093	Multi-Domain Management	Policy Installation may fail due to an internal error in an MDS environment where there is a Global Dynamic object usage inside Networks Groups with a depth that is higher than 2-level (group inside a group).
PRJ-14759, PRHF-12085	Multi-Domain Management	In some scenarios, migrating a Domain between different Multi-Domain Management servers fails if a previous migration of the same Domain failed.
PRJ-14453, PRHF-11940	Multi-Domain Management	Policies may disappear from the Global Domain Assignments view after running the Solr Cure utility. Refer to sk168060.
PRJ-15370, PMTR-57065	SmartConsole	The user may not be able to delete objects that are referenced by a previously deleted policy. Refer to sk122954.
PRJ-14174, PMTR-32568	SmartConsole	In some scenarios, a validation warning may appear on an updatable object with the following message: "Object is no longer supported. Enforcing security for this object is not possible." However, the object is still available in the updatable objects picker.
PRJ-13898, PRHF-11537	SmartConsole	Audit log is not shown in SmartConsole's Logs & Monitor View for the login action through API when the "-r" flag is set to true (login as root).
PRJ-14292, PMTR-53220	SmartConsole	If there are thousands (or more) of unused objects, the "show unused-objects" API command and the Unused Objects view may load and work very slowly. Also, the load on the Management server will increase, causing general slowness when working with SmartConsole.
PRJ-12703, PRHF-10295	SmartView	The SmartView Timeline may be distorted when logs contain an empty value for the field specified in the “Series” settings and when the Legend is enabled. Refer to sk167095.
PRJ-14360, PMTR-54723	SmartView	In SmartView, the icon is missing from the cover page of Compliance and Content Awareness PDF reports.
PRJ-14530, PMTR-55130	SmartView	In some scenarios, when attempting to download a DLP attachment from the log card in SmartView, the download does not start.
PRJ-12091, PMTR-52324	Logging	NEW: Added Management API command "show logs" to query logs. Added Management API command "get attachment" to fetch attachments from logs by log ID and attachment ID.
PRJ-13560, PMTR-53242	Logging	In rare scenarios, the evstop script does not stop all logging processes. As a result, upgrade procedures may hang and show no progress.
PRJ-14047, PRHF-11502	Logging	In some scenarios, the command "cp_log_export status" prints "last log read at: N/A" rather then a timestamp.
PRJ-14367, PRHF-10818	Security Gateway	UPDATE: Reduced CPU usage in some configurations by parsing TLS traffic only when required by the policy. Refer to sk166700 for more information.
PRJ-14630, PRHF-12058	Security Gateway	In rare scenarios, Security Gateway memory consumption may increase.
PRJ-9847, PRHF-7150	Security Gateway	In some scenarios, SCCP traffic may be dropped by the Security Gateway. Refer to sk108124.
PRJ-12945, PRHF-10972	Security Gateway	After policy installation, the output of the "cphaprob stat" command may show 'HA module not started' when a large number of non-monitored Cluster interfaces are configured in SmartConsole. This fix adds support for multiple non-monitored interfaces in SmartConsole.
PRJ-14214, PMTR-56300	Security Gateway	In a rare scenario, the Security gateway may crash if the rulebase contains a logical server object.
PRJ-13379, PMTR-54897	Security Gateway	In some scenarios, Security gateway generates an ICMP error with wrong IP address. Refer to sk167953.
PRJ-15686, PRHF-12067	HTTPS Inspection	In some scenarios, web traffic may be blocked with "Content Awareness - Error: Internal system error (1000)" error log.
PRJ-7758, PMTR-40495	SSL Inspection	DynamicID authentication may fail due to server certificate validation failure. Refer to sk167177.
PRJ-16487, PMTR-57645	IPS	In some scenarios, invalid characters are sent to gw-stat report.
PRJ-12563, IDA-2983	Identity Awareness	PDP process may consume high CPU during policy installation because of a large amount of Access Roles.
PRJ-13513, PMTR-55246	Identity Awareness	In some scenarios, a XFF allowed proxy list is enforced only for instance 0 in VSLS environment after VS has transitioned from Backup to Active.
PRJ-11194, PRHF-9801	ClusterXL	In some scenarios, "fw ctl affinity" and "sim affinity" commands show wrong IRQ numbers. Refer to sk166356.
PRJ-14609, PRHF-7700	SecureXL	UPDATE: Added a global variable that enables log for packets that include unapproved IP option. This variable is off by default.
PRJ-13412, ACCHA-301	SecureXL	DECnet DIGITAL Network Architecture (Phase IV) traffic may be dropped. Refer to sk167202.
PRJ-14517, PRHF-10860	SecureXL	In a rare scenario, a VSX gateway with Virtual Switch may crash.
PRJ-13760, PMTR-55537	SecureXL	Security Gateway may crash when concurrent connection rules exist in the DOS/Rate limiting policy and the Application Control blade is enabled.
PRJ-15899, PRHF-12374	SecureXL	An asymmetric routing issue may occur between a Virtual System and a Virtual Switch/Router.
PRJ-13924, PMTR-54829	Routing	UPDATE: Increased the configuration limits of the BFD timers for detect multiplier, minimum RX interval, and minimum TX interval to 255, 255000, and 255000, respectively.
PRJ-5817, PRHF-6216	Routing	BGP connection may fail to establish when there are multiple peer groups with the same AS number in iBGP configurations.
PRJ-14432, PMTR-53221	Gaia OS	NEW: Added support for CPAC-4-10-AB cards.
PRJ-14410, PRHF-11683	Gaia OS	In some scenarios, the snapshot creation fails because of compression errors.
PRJ-13153	Gaia OS	In some scenarios, a snapshot creation may fail.
PRJ-10799	Gaia OS	In some scenarios, due to backup compression errors, restoring a backup does not restore all files.
PRJ-15989, PRJ-15983	VPN	Starting from R80.20 Jumbo Hotfix Take 156, clients that do not support MFA (such as Mac OS and iOS) cannot connect as Remote Access clients if MFA is enabled. Refer to sk168493.
PRJ-14404, PMTR-54728	VPN	Connectivity improvements for Remote Access VPN with L2TP.
PRJ-15328, VPNRA-379	VPN	In some scenarios, Remote Access VPN traffic may be dropped when XFF is enabled.
PRJ-14573, PMTR-54771	VPN	IP compression may not work in some scenarios when IKEv2 is configured.
PRJ-14241, PRHF-7995	VPN	VPN traffic may be dropped when working with peer behind NAT - Hide NAT with Port Translation.
PRJ-16017, PRHF-12425	CloudGuard IaaS	In some scenarios, CloudGuard Controller may lose connection to GCP projects. Refer to sk168499.
PRJ-12183, VSECC-1293	CloudGuard IaaS	CloudGuard Controller may sometimes update the Standby cluster member in VSLS mode.
PRJ-14149, PRHF-11651	Endpoint Security	In some scenarios, no audit logs are shown regarding object changes in SmartEndpoint virtual groups and FDE pre-boot users. Refer to sk167907.
PRJ-14132, PRHF-7699	Endpoint Security	In some scenarios, the user cannot get an FDE Offline Management File (cpomf) for an offline group in SmartEndpoint if this group or a directory in its path has special characters \ _ %.
R80.20 Jumbo HotFix - General Availability Take 173 (23 July 2020, GA from 26 August 2020)
PRJ-12024, PMTR-51885	Security Management	NEW: Tasks that fail to complete within 18 hours will be stopped automatically and appear as failed. Refer to sk166455.
PRJ-12273, PMTR-53007	Security Management	In Management HA configuration, a hotfix installation may fail during the verification phase.
PRJ-12505, PRHF-10058	Security Management	When using packet mode in Rulebase Search, results from inline layer may be matched even though their parent layer is not.
PRJ-4953, PRHF-4593	Security Management	"The Correlation Unit can't connect to one of its Log Servers. Please make sure connectivity between the Correlation Unit and Log Server isn't blocked. There is no need to stop the job." message after the putkey process. Refer to sk12882.
PRJ-12477, PRHF-9260	Security Management	In some scenarios, when using Rulebase Search, the 'number of rules' section is incorrect. Refer to sk166003.
PRJ-13158, CPM-2811	Security Management	In rare scenarios, a session becomes unusable, and one or more of the following may occur: The user is not able to log in and make changes with this session. Publishing this session fails. Discarding this session fails. Refer to sk167735.
PRJ-12669, PMTR-52789	Security Management	If an administrator searches for a certain text in SmartConsole, it may cause the Management Server to become inaccessible until a restart.
PRJ-13165, PMTR-53758	Security Management	When an administrator enters a very long text into an object field (more than 32767 characters), the Security Management Server terminates and fails to start.
PRJ-10057, PRHF-8924	Security Management	In some scenarios, Security policy deletion or installation may fail when there are many Application Control objects used in this policy.
PRJ-12144, CPM-2624	Security Management	Management HA synchronization between the active Domain server to a standby Domain server may fail with "Failed to import data" error.
PRJ-13032, PRHF-10917	Multi-Domain Management	Global Policy reassignment may fail after performing the IPS update in the Global domain.
PRJ-12486, PRHF-10330	Multi-Domain Management	Multi-Domain Administrator configuration for RADIUS authentication may show local Domain Radius servers and groups.
PRJ-12204, PRHF-10405	Multi-Domain Management	In some scenarios, changes to a .def file in $FWDIR/lib may be reverted when creating a secondary CMA.
PRJ-12554, PRHF-10523	Multi-Domain Management	In some scenarios, updating firewall_properties in GuiDBedit in the MDS context fails. Refer to sk42184.
PRJ-9599, PRHF-8502	Multi-Domain Management	In environments with more than five Multi Domain servers, changes to objects may not be reflected in the logs.
PRJ-1391, PMTR-33408	Multi-Domain Management	NEW: Added ability to log in to the Management Server with SmartConsole while MDS Backup is running.
PRJ-12964, PRHF-10944	Multi-Domain Management	In some scenarios, certain deleted domain level objects are visible in the SmartConsole at the MDS level.
PRJ-12899, PMTR-53694	SmartConsole	NEW: Added more information on each Management API call to api.csv.
PRJ-12972, PMTR-51691	SmartConsole	When the VSX Cluster object editor is closed without making any changes, the "Topology has changed. Please reinstall Security Policy" message is displayed unnecessarily.
PRJ-12453, PMTR-37222	SmartConsole	In some scenarios, a calculation of UIDs for irrelevant rules may result in the "Cannot insert a rule into its own sub rulebase" validation error.
PRJ-11257, PRHF-9106	SmartConsole	In some scenarios, Inspection Settings view under the General tab is blank.
PRJ-12459, PRHF-8968	SmartConsole	In some scenarios, IPS update may be locked with the message "IPS management update is locked by Scheduled update" .
PRJ-12960, PRHF-10916	SmartConsole	Global Policy reassign in MDS may fail with "An internal error has occurred" message after adding overrides to Snort protections.
PRJ-12537, PRHF-9941	SmartConsole	Unable to delete Snort protections in Multi-Domain environment - they still exist after deletion.
PRJ-12082, PRHF-10297	SmartConsole	When configuring "Visitor Mode" in SmartConsole and choosing the IP address, the wrong IP address may be displayed after clicking "OK".
PRJ-12872, PMTR-53909	SmartConsole	An incorrect netmask may be shown for Virtual System objects in the network group editor.
PRJ-12907, PMTR-53855	SmartConsole	When using the Management API "show-objects" command to show OPSEC application objects, it may fail with "Requested object [OBJECT ID] not found".
PRJ-13006, PRHF-10998	SmartConsole	In the Management API, the "show objects" command with details-level full may return the "ip-address" field even if it is empty.
PRJ-12449, PRHF-8488	SmartConsole	In some scenarios, IPS update tasks may stuck when multiple machines are attempting an update within the same time frame.
PRJ-12209, PMTR-52897	SmartConsole	When running the "show-domain" API command, the "active" field may be missing from the reply.
PRJ-11431, PRHF-8506	SmartProvisioning	The SmartProvisioning application may hang when the user adds/edits Dynamic Objects in the LSM Gateway object editor.
PRJ-10199, PRHF-9019	SmartView	SmartView may show "query failed" error message when creating a table widget with filter by source/destination host name. Refer to sk119056.
PRJ-10669, PMTR-49128	SmartView	In SmartView, when using a language other than English, an error may occur when drilling down on a widget.
PRJ-12690, MB-731	Compliance	Compliance blade may show incorrect Best Practice status if one or more relevant network objects for that Best Practice is in status "N/A".
PRJ-2194, PMTR-38377	Logging	NEW: Added new SmartView Report for SandBlast Threat Extraction. The report provides visibility of sanitized files in mail and web downloads, including cleaned file types and cleaned active and embedded content.
PRJ-10155, PRHF-8586	Logging	"UserCheck Reference ID” field is missing from logs when the message of the UserCheck customized page is modified and does not contain the text "reference:". Refer to sk165355.
PRJ-4609, PRHF-5209	Logging	When the user tries to open a Forensic report in SmartLog, the "Error getting report." message may appear if there is a network object configured with the same IP address as that of the Endpoint Security Management Server.
PRJ-11887, PRHF-10057	Logging	In some scenarios, searching for logs using "client_name" in the logging tab returns no values.
PRJ-10359, PMTR-46596	Logging	Log_indexer may stop working on a SmartEvent server with a large number of CPUs (32 and up), and\or when the total number of log servers declared in correlation units is above 30.
PRJ-4737	Logging	In environments that use certain mail servers, sending a report using SmartView may not work properly.
PRJ-11500, PMTR-52209	Security Gateway	NEW: Added "Hold" override for unsupported protocols (i.e. GRE). Refer to sk148432.
PRJ-5032, PMTR-41300	Security Gateway	In some scenarios, when running "fw monitor" with the "-e" flag, SecureXL traffic is not filtered, and all traffic is displayed. Refer to sk166592.
PRJ-13074, PMTR-54306	Security Gateway	When HTTPS Inspection is enabled using layer-2/bridge, traffic may be dropped when deciding the outgoing interfaces.
PRJ-11694, PRHF-9799	Security Gateway	In a rare scenario, access rules with service type of "other" may not be matched correctly. Refer to sk166365.
PRJ-11140, PMTR-39019	Security Gateway	In some scenarios, "fwxlate_dyn_port_global_to_local_get_port: port was not found in global, and not in local" error message may appear in dmesg.
PRJ-12517, PRHF-10672	Security Gateway	In some scenarios, a backup on a Gaia device with Threat Emulation Blade enabled may fail with "Cannot complete the backup process: not enough space". Refer to sk166833.
PRJ-13430, PRHF-1197	Security Gateway	In some scenarios, "cmik_loader_fw_get_connkey: Invalid streaming opaque type: (3)" message appears in dmseg. Refer to sk137494.
PRJ-11741, SWG-2533	Security Gateway	Improved connectivity in a specific flow when ICAP Client is enabled with Trickling 3.
PRJ-11415, PRHF-9776	Security Gateway	In some scenarios, NAT log shows source port 0 even though a port was allocated.
PRJ-8674, PMTR-38384	Security Gateway	In some scenarios, "simple_debug_filter_unset: unsetting debug filter when no filter is set" messages may appear in dmesg. Refer to sk165675.
PRJ-10769, PRHF-8926	Internal CA	In some scenarios, no SIC between R80.x Security Management and R77 Security gateway after ICA certificate replacement procedure described in sk158096.
PRJ-9046, PRHF-8153	Threat Prevention	The number of overrides in Threat Prevention policy -> Profile -> Overrides may also show inactivated overrides, with mismatched information between "override" and "User Modified".
PRJ-5230, PRHF-4808	Identity Awareness	Failure in LDAP groups membership query for specific user that was reported by MUH agent, may cause all users under the same MUH agent to be removed from the PDP database.
PRJ-12618, MTR-45782	Identity Awareness	After the user disables and re-enables the Identity Collector in SmartConsole, the Identity Collector may fail to connect to the PDP Gateway again.
PRJ-13564, PRHF-561	Identity Awareness	In some scenarios, when the user changes the TACACS+ server to a different one, the configuration is applied only after an MDS reboot.
PRJ-8711, PRHF-7978	Identity Awareness	In some scenarios, Dynamic ID authentication fails when SMS server returns HTTP status code 2xx but not 200 or 202.
PRJ-7277, PRHF-7027	Application Control	In some scenarios, Application Control updates cannot be initiated on Gateways without Application Control enabled, even though URL Filtering is enabled.
PRJ-11060, PRHF-9354	Application Control	In some scenarios, Application Control update task may get stuck indefinitely when it is executed as part of Global Policy assignment.
PRJ-12164, PMTR-52106	Application Control	In some scenarios, Application Control updates in Multi-Domain High Availability environments may get stuck when multiple updates from different Domains/Multi-Domains take place simultaneously.
PRJ-12338, PMTR-53146	URL Filtering	In a rare scenario, policy installation may fail with "Error code: 0-2000112" if the URL Filtering blade is active while no other feature or blade is enabled.
PRJ-13108, PRHF-11112	HTTPS Inspection	In some scenarios, HTTPS websites may show corrupted text when HTTPS Inspection and Anti-Virus are enabled.
PRJ-13596, PMTR-55344	HTTPS Inspection	In some scenarios, web traffic is blocked with "HTTP parsing error occurred" and "parameters are undecodable in request" errors.
PRJ-8298, MBS-9133	SSL Inspection	In some scenarios, some HTTPS sites are not categorized when both "Categorize HTTPS Sites" and "HTTPS Inspection" are enabled.
PRJ-13115, PMTR-52580	DLP	Improved DLP functionality when working with IDA MUH1 and MUH2 agents.
PRJ-8902, PRJ-8880	IPS	In a rare scenario, Security Gateway may crash due to NULL pointer reference.
PRJ-12708, RHF-10849	ClusterXL	In some scenarios, a Cluster member forwards ICMP replies via its Sync interface after being rebooted.
PRJ-12284, CLUS-1752	ClusterXL	ClusterXL in Load Sharing mode may drop traffic after a cluster member is rebooted, due to inconsistency of MAC addresses saved in the Firewall kernel and in SecureXL kernel.
PRJ-12551, PRHF-10647	SecureXL	NEW: Added tunable kernel parameter "adp_mc_rt_hold_queue_len" to adpkern.conf to eliminate multicast packet drops at the start of a connection (when large bursts of multicast traffic are expected).
PRJ-12173, PRHF-10228	SecureXL	In some scenarios, TCP traffic containing the TCP Fast Open option may be dropped by the Security Gateway.
PRJ-10495, PMTR-50926	SecureXL	In some scenarios, SecureXL makes an offload decision to not accelerate multicast traffic for route-based VPN.
PRJ-14076, PMTR-56026	SecureXL	For some topologies, RIPV2 neighbors may be missing. Refer to sk167934.
PRJ-11630, PRJ-11552	SecureXL	In some scenarios, MCAST packets may not be accelerated on a PIM-SM RP Gateway.
PRJ-11449, PMTR-51868	Gaia OS	NEW: Added support for Smart-1 3150/3050 SAN and 'show asset' line cards for SAN.
PRJ-7270, PRHF-7124	Gaia OS	In some scenarios, adding a Gaia user may result in a high number of zombie sh processes. Refer to sk164259.
PRJ-13647, PRJ-10350, PRHF-8760	Gaia OS	In rare scenarios, clish consumes 100% CPU when the user runs a Tenable scan. Refer to sk166195.
PRJ-13154, PRJ-13746	Gaia OS	In some scenarios, SNMPD daemon stops working with core dump, causing the SNMP service to become unavailable.
PRJ-13478, PMTR-55154	Gaia OS	Intake and outlet temperature sensors display incorrect values on 15400 appliance.
PRJ-12760, PMTR-52834	Gaia OS	In some scenarios, WebUI shows unknown HDDs that are not part of RAID.
PRJ-8948, GAIA-7018	Gaia OS	In some scenarios, interface names may not correspond to the correct ports on 4-ports 10GbE SFP+ Rev 1.1 on 12200/4200/4400/4600/4800/TE250 appliances.
PRJ-12250, PMTR-52663	Gaia OS	UPDATE: on Smart-1 5050: Line card 1 model PE2G2SFPi35-CP is changed to CPAC-2-1F-SM-C Line card 2 model PE210G2SPI9A-XR-CP is changed to CPAC-2-10F-SM-C
PRJ-3025, PRHF-4557	Gaia OS	Backup on Gaia machine may fail with "Cannot complete the backup process: not enough space". Refer to sk98609.
PRJ-13265, PRJ-13266, GAIA-7496	Gaia OS	In some scenarios, the value for Voltage/Fan/Temperature sensor may appear as "NotValid".
PRJ-11780, PRJ-10761, PRHF-9221	Gaia OS	Only 1024 characters of a cron jobs output are displayed when using show cron jobs from clish.
PRJ-12917, PMTR-17149	Gaia OS	In some scenarios, snapshot creation on Gaia OS may get stuck at 1-2% because of a large number of tmp files. Refer to sk116679.
PRJ-11619, PRHF-10009	Gaia OS	When a bond exceeds 60GB/s, ethtool may report an incorrect speed of the bond interface.
PRJ-12420, GAIA-7499	Gaia OS	In some scenarios, concurrent CIFS mount/umount processes to the same Windows machine may crash the kernel.
PRJ-471	Gaia OS	In the load configuration command, when the loading configuration file contains SNMP, the interface configuration commands may not apply the configuration correctly.
PRJ-9782, PMTR-42309	Gaia OS	'#', '=' and '+' characters cannot be used in "Banner" and "Message of the day" features.
PRJ-11496, PMTR-51462	Gaia OS	In some scenarios, the PSU status is reflected even if there is no PSU on the appliance.
PRJ-11682, PRJ-11365	Routing	NEW: Performance improvement for multicast packets in SecureXL (fast path) when there are no multicast listeners.
PRJ-12797, ROUT-530	Routing	In some scenarios, there may be a loss of BGP adjacency when displaying BGP routes with very long AS paths or large numbers of BGP communities.
PRJ-12801, ROUT-541	Routing	In some scenarios, when processing BGP ECMP routes, routed may stop working, resulting in loss of BGP adjacency.
PRJ-13351, PMTR-54833	Routing	In some scenarios, routed process generates an assert when the user runs the "dbget -rv iclid" command.
PRJ-11243, PRHF-9628	VoIP	SIP calls with NAT (SIP packet with no SDP but content-type=sdp) may fail to open correctly.
PRJ-9103, PRHF-7758	VoIP	In a rare scenario, Security Gateway crashes when passing SIP traffic. Refer to sk166474.
PRJ-8620, PRHF-7485	VPN	Improved the VPN connectivity with DAIP peers when Tunnel Monitoring is enabled. Refer to sk164933.
PRJ-12193, PRHF-9885	VPN	A connectivity issue may occur when a non-encrypted VPN tunnel is used with IKEv2. Refer to sk167902.
PRJ-58	VPN	In a rare scenario, the vpnd process stops working when unallocated memory is accessed.
PRJ-13312	VPN	In some scenarios, packets are dropped on proposal unmatched, although the VPN tunnel is established. Refer to sk122438.
PRJ-4510, PMTR-1408	VPN	In some scenarios, Site-to-Site VPN between central Security gateway and 700 DAIP appliances disconnects in random fashion. Refer to sk149432.
PRJ-13528, VPNRA-398	VPN	In some scenarios, Remote Access VPN users are not matched against the Access Control policy and traffic is dropped. Refer to sk167432.
PRJ-13406, PMTR-54443	VPN	In rare scenarios, the Global Domain Assignment view shows that a Global Domain Assignment is in the 'up to date' state even though it is not.
PRJ-11803, VPNRA-357	VPN	In some scenarios, an incorrect number of connected Remote Access users is displayed in SmartView Monitor. Refer to sk167297.
PRJ-12889, PRHF-10685	VPN	IKEv2 rekey may fail when the resolved peer IP address is not the main IP address. Refer to sk166897.
PRJ-12463, PRHF-388	VPN	In a rare scenario, Security Gateway may crash when using Remote Access VPN with L2TP clients.
PRJ-13340, PRHF-1164	VPN	In some scenarios, L2TP client fails to connect with "Failed to write L2TP session params to kernel" error in vpnd.elg file. Refer to sk167636.
PRJ-13079, PRHF-10978	VSX	When performing a provisioning operation in VSX, process may hang on "Pushing configuration to ...". Refer to sk167175.
PRJ-11839, PRHF-9304	Endpoint Security	Cannot delete the client MSI package from SmartEndpoint because of a previously deleted FDE offline group.
PRJ-11144, PRHF-9706	Endpoint Security	Local users may not be displayed under the selected machine in the "Users and Computers tab" in SmartEndpoint. Refer to sk166316.
R80.20 Jumbo HotFix - General Availability Take 161 (21 June 2020, GA from 02 July 2020)
PRJ-13689, PRJ-13686	Security Management	In some scenarios, when using many management API calls in parallel, the output is not consistent. Refer to sk167509.
R80.20 Jumbo HotFix - Ongoing Take 160 (02 June 2020)
PRJ-8806, PMTR-48604	Diagnostics	SmartView Monitor may not show a match on accelerated QoS traffic. All or part of the traffic may be matched on "No Match".
PRJ-10630, PRJ-10629	Installation	Firmware upgrade for Small Office appliance using SmartProvisioning in Multi-Domain Management environment may fail.
PRJ-9777, PRJ-8605	Security Management	NEW: Added ability to search in the Management Server by adding asterisk before any sequence of characters. For more information, refer to sk164873. Requires R80.20 SmartConsole Build 114 (or higher).
PRJ-8643, CPM-2623	Security Management	NEW: Performance enhancements while the Management Server is under high load.
PRJ-12009, PMTR-52087	Security Management	NEW: Significant performance improvement for policy installation time when many groups are defined on the Management Server.
PRJ-10899, PMTR-49801	Security Management	NEW: Set values for environment variables on the Management Server that will remain there after a Management Server upgrade, as well as Backup/Restore and Export/Import of the Management Server. Refer to sk165938.
PRJ-11707, PMTR-27164	Security Management	NEW: Performance and stability improvements for large environments.
PRJ-10993, PMTR-51743, PRJ-11116, PMTR-51778	Security Management	NEW: Added ICA Management security enhancements.
PRJ-12358, PMTR-48272	Security Management	The "Recent Tasks" and "Install Policy Preset" views in MDS Domain may include Domain names, policy packages, and Gateways names. This information is not filtered according to the administrator's permission profile.
PRJ-8792, VPNRA-316	Security Management	Improved the Access Control Policy installation time for environments with high amount of objects and enabled IPSEC VPN blade. Refer to sk166321.
PRJ-6703, PMTR-44004	Security Management	In a rare scenario, when viewing the Layer History, some revisions not relevant to the selected Layer may be shown.
PRJ-10471, PMTR-49832	Security Management	In a rare scenario, export does not completes because the Postgres dump_all process gets stuck.
PRJ-7469, CPM-1745	Security Management	Global policy reassignment may fail after a rulebase is deleted in the Global Domain.
PRJ-7783, PMTR-46434	Security Management	In some scenarios, HA synchronization in the Global Domain fails with the "Failed to sync peer - Global Domain is incompatible with the Domains." error.
PRJ-9213, PRHF-8370	Security Management	Logging into SmartConsole to the Standby Management Server with a Radius or TACACS user may fail after changing the shared secret on the Radius or TACACS object.
PRJ-9088, PRHF-8266	Security Management	In a rare scenario, when an environment has many Gateways (dozens), the FWM daemon may stop working when 4 GB of memory is reached. Refer to sk165015.
PRJ-8229, PRHF-7728	Security Management	The "Unused Objects" filter in Object Explorer may display a failure message if there are more than 20000 unused objects. A limit was added so that only the first 5000 objects will be displayed.
PRJ-7818, PRHF-4644	Security Management	In some scenarios, SmartView Monitor unexpectedly terminates when the user selects the Specific QoS Rules option in Top QoS Rules.
PRJ-7886, PMTR-46703	Security Management	In some scenarios, when the user modifies a policy rule and creates a section above it in the same session, the log tracker shows that the rule was created instead of modified.
PRJ-5793, PMTR-40790	Security Management	In some scenarios, after the user manually performs "Full Sync", a newly created secondary Domain Server or Domain Log Server is not shown in SmartConsole's Domains view.
PRJ-9298, PRHF-8336	Security Management	In a rare scenario, the "SmartDashboard component failed to connect to server <IP address>. Please contact technical support" error is displayed in SmartConsole when opening the Management object for editing.
PRJ-9321, PRHF-8494	Security Management	In some scenarios, a disconnected SmartView Monitor session appears in SmartConsole with a grayed out 'Disconnect' option, which cannot be discarded. Refer to sk165037.
PRJ-8864, PMTR-48673	Security Management	When an administrator fails to publish another administrator’s session, the session of the other administrator disappears from the Sessions view in SmartConsole.
PRJ-9085	Security Management	In some scenarios, Management HA synchronization fails with “Failed to export data” error after an advanced upgrade from R77.x to R80.20 Jumbo Hotfix Take 103.
PRJ-7456, PRHF-7167	Security Management	In some scenarios, upgrade fails with the "Satellite object of type GatewayAggregator not found for core object" message in cpm.elg file.
PRJ-9278, PMTR-48463	Multi-Domain Management	NEW: Performance improvement for Multi-Domain environments in which many administrators are connected.
PRJ-11506, PRJ-11508	Multi-Domain Management	A migration from Security Management server to a Domain on a Multi-Domain Management Server may fail with: “didn't find ObjectStoreSessionEntity for session <uuid> return null" error in cpm.elg file.
PRJ-10529, PRHF-8581	Multi-Domain Management	The mds_import.sh script may fail if the IPS version for a Domain/CMA does not exist on the R80.x Multi-Domain Management Server.
PRJ-8415, PRHF-7865	Multi-Domain Management	When the user runs the 'add-domain' Web API command on an existing Domain, the original Domain is deleted.
PRJ-11524, PRHF-9981	Multi-Domain Management	In rare scenarios, upgrading the Multi-Domain Server fails to upgrade some Domain Servers with "IllegalArgumentException" in the upgrade log.
PRJ-11175, PMTR-51890	Multi-Domain Management	In some scenarios, Full synchronization fails in the Global Domain with "Full sync with peer '[Peer Name]' NGM failed to import data" error. Refer to sk145972.
PRJ-10364, PMTR-51017	Multi-Domain Management	After performing Full synchronization or failover of the Global Domain, the following operations may fail (refer to sk145972): Global Domain reassignment IPS or Application Control updates in the Global Domain
PRJ-11165, PMTR-51180	Multi-Domain Management	In a rare scenario, synchronization between Multi-Domain Management Servers breaks after revisions purge operation.
PRJ-12064, PRHF-10327	Multi-Domain Management	The fwm process of domains may not stop after the user runs mdsstop or mdsstop_customer.
PRJ-10525, PRHF-8686	Multi-Domain Management	Upgrade of Multi-Domain Server may fail if Sync With User Center is running.
PRJ-9697, PRHF-8593	Multi-Domain Management	MLM may open a connection to the reversed IP address of the Multi-Domain Server.
PRJ-10036, PMTR-27672	Multi-Domain Management	In some scenarios, CPUSE and advanced Multi-Domain Management upgrade are stuck at "Upgrading products: 58%". Refer to sk146933.
PRJ-6984, PMTR-44593	Multi-Domain Management	In some scenarios, there may be high Solr CPU on Multi-Domain Management Servers with dozens of Domains.
PRJ-9239, PRHF-8077	Multi-Domain Management	In some scenarios, secondary MDS or MLM fail to renew a management certificate. Refer to sk164732.
PRJ-5742	SmartConsole	NEW: LDAP advanced query now supports ANR filtering.
PRJ-9291, PMTR-49566	SmartConsole	NEW: Enhancement: Two new flags were added for the performance improvement of Threat Protection API commands: 'show-profiles' and 'show-ips-additional-properties'. The default value for both flags is false.
PRJ-11072, PMTR-51815	SmartConsole	NEW: Added ability to reset the following network object fields to be empty through the Management API: ipv4-address, ipv6-address, subnet4, subnet6, mask-length4, and mask-length6.
PRJ-5102, PMTR-40942	SmartConsole	"An internal error has occurred" message may pop up when the user tries to modify a Revision's description.
PRJ-732, PRHF-3128	SmartConsole	"An internal error has occurred. (Code: 0x8003001D, Could not access file for write operation)" error is displayed when editing IKE PSK on “External User Profile” objects using Legacy SmartDashboard. Refer to Scenario 2 in sk119973.
PRJ-4102, PRHF-2388	SmartConsole	In "Top services" view of SmartView Monitor, "cp_tcp_A936BBAC_EBC3_4F18_B3CC_A63365F07477" service is displayed instead of "https*" service. Refer to sk146052.
PRJ-9550, PRJ-9544	SmartConsole	When the user invokes the 'show-access-layer' API command, the parent layer may be missing from the output result.
PRJ-8700, PRHF-7991	SmartConsole	The shared secret's edit button may be grayed out.
PRJ-9464, PMTR-49817	SmartConsole	In some scenarios, when the user attempts to delete a Gateway / Cluster member, an error message may appear and the operation may not complete successfully.
PRJ-72, PRJ-71	SmartConsole	Objects of Unused Access Roles are not visible in the Object Explorer. Refer to sk151896.
PRJ-1448, PRHF-3822	SmartConsole	In some scenarios, the api.elg log is flooded with the "Returning default standard reply class" message.
PRJ-11904, PRHF-10275	SmartConsole	In rare scenarios, certain domain level objects may not be visible in SmartConsole at the MDS level.
PRJ-9078, API-864	SmartConsole	In some scenarios, the Management Server may stop working following authenticated API commands to create or update objects with extremely long comments.
PRJ-8133, PMTR-45751	SmartEvent	"The process <process-name> which is monitored by watchdog restarted more than once in the last half an hour" error may appear in the SmartEvent GUI status window even though the process has been up for more than 30 minutes.
PRJ-7496, PRHF-7101	SmartEvent	When using SmartEvent automatic reactions, .MHT files in $RTDIR/tmp* directory are not cleaned up in case of email sending failure.
PRJ-4328, SE-331	SmartEvent	In some scenarios, automatic reactions in SmartEvent are sent with the "Destination address" field containing the resolved country name instead of the raw IP value. Refer to sk146992.
PRJ-433, PRHF-2797	SmartEvent	In SmartEvent, when the user customizes an event to accumulate logs by the field UUID, logs with UUID equal to 0 may not be correlated.
PRJ-8016, PMTR-46682	SmartView	SmartView may show wrong time in tables and graphs for clients located in Brazil.
PRJ-9645, PRHF-4623	Security Gateway	NEW: Added support for the bridge configuration when packet is passing via the Security gateway twice.
PRJ-3476, PRHF-4624	Security Gateway	In a topology in which Client and Server are connected to the Security Gateway using two different interfaces each, for example: Client -- eth1 <Gateway> eth2 -- Server Client -- eth3 <Gateway> eth4 -- Server The response packets from Server to Client may be incorrectly routed back to the Server because of an incorrect route cache in the Security Gateway.
PRJ-8648, PMTR-41512	Security Gateway	In a rare scenario, ICAP client requires manual steps to activate RESP mode after running cpstop ; cpstart.
PRJ-11953, PMTR-52583	Security Gateway	In a rare scenario, Security Gateway may crash due to NULL pointer reference.
PRJ-8750, PMTR-46471	Security Gateway	In some scenarios, incorrect number of outbound interfaces may be received when SecureXL is disabled.
PRJ-4612, PRHF-5055	Security Gateway	In some scenarios, policy installation fails with "configload_mgmt_compile: Failed to run compiler command".
PRJ-8503, PRHF-5333	Security Gateway	In some scenarios, there may be connectivity problems with DHCP traffic.
PRJ-10838, PRHF-1920	Security Gateway	Improved the in.aftpd process memory management.
PRJ-1213, PRHF-3652	Security Gateway	In a rare scenario, the Security Gateway may crash due to a NULL pointer reference.
PRJ-5729, PRHF-6035	Security Gateway	In some scenarios, SIP traffic may be dropped by Anti-Spoofing with "fw_early_sip_nat Reason: spoofed packet on SIP traffic" error in dmseg although it is set to"detect".
PRJ-2410, PRHF-4282	Security Gateway	DCE-RPC traffic may be dropped because of a drop template that is incorrectly created for the ALL_DCE_RPC service.
PRJ-10565	Security Gateway	In some scenarios, wrong service name appears in SmartConsole logs.
PRJ-4091, PMTR-35130	Security Gateway	Using spaces in the $FWDIR/boot/modules/fwkern.conf file may cause long reboot time.
PRJ-8151, PRHF-7736	Security Gateway	Policy installation on Cluster may fail if the Cluster member name is longer than 64 characters.
PRJ-11529, MUX-319	Security Gateway	In a rare scenario, Security gateway may crash while connection is closed while being held.
PRJ-10408, PMTR-49504	Security Gateway	In a rare scenario, after upgrading a Security Gateway to R80.20, the log_indexer process running on the Log server may consume 100% CPU and cause the indexing backlog.
PRJ-9687, PMTR-46451	Security Gateway	Traffic may be dropped on DAIP gateway after the gateway IP address is changed or the gateway is rebooted. Refer to sk165176.
PRJ-8354, PRJ-8351	Security Gateway	Improved the ICAP client connectivity when using Trickling mode 3 in settings.
PRJ-8688, PMTR-39579	Security Gateway	A memory leak may occur in Management/local connection which loop back to the bridge interface.
PRJ-12235, PRHF-10039	Security Gateway	In a rare scenario, Security Gateway memory consumption may increase when the Anti-Virus blade is enabled.
PRJ-9119, PRJ-8907	Security Gateway	Connections may be dropped when "keep all connections" is configured during policy installation. Refer to sk166212.
PRJ-8615, PMTR-46465	Security Gateway	In some scenarios, the uc_log_suppression_data table may reach its limit and "uc_log_suppression_set_entry: Failed storing log data in log suppression table" error appears in /var/log/messages file.
PRJ-9050, PRHF-8288	Security Gateway	Global connections may not be freed correctly when the Gateway acts as a Proxy.
PRJ-9416	Security Gateway	Added logs for packets that include invalid TCP options. This feature is off by default.
PRJ-8882, PRHF-7048	Security Gateway	In a rare scenario, Security gateway may crash when activating a web parsing debug.
PRJ-8552, PRJ-8548	Logging	NEW: Log Exporter feature exports log attachment identifiers and adds the ability to fetch them through the Management API command.
PRJ-9189	Logging	NEW: Added support for viewing MITRE ATT&CK fields.
PRJ-6024, PRHF-4951	Logging	When restarting the FWD process on the Log server, the syslogd process (syslog daemon), may stop working.
PRJ-5573, PRHF-6592	Logging	When a Log Server is configured to parse Syslog messages, the field "User" may be truncated in the parsed log in the Log Details view if the field contains underscore.
PRJ-5899, PRHF-6120	Logging	It is not possible to query the "file_name" field on a Log server that does not have the SmartEvent activated.
PRJ-8495, PRHF-7875	Logging	In SmartView, when the user exports logs to CSV using the "visible columns" option, the following fields may be missing from the CSV file: Resource, Application Risk, Application Name, and Application Category.
PRJ-3653, PRHF-4654	Logging	SmartEvent may not correlate certain Anti-Virus logs.
PRJ-5649, PRHF-6080	Logging	In some scenarios, when the user creates a table widget in SmartView, there is no option to add the “hostname” field. Refer to sk162752.
PRJ-7924, PMTR-42913	Logging	Following changes in correlation unit settings, new logs may not be read by SmartEvent until the log_indexer process is restarted.
PRJ-11361, PMTR-51655	Logging	In a rare scenario, the CPD process on a Security Management Server that manages R77.30 Security Gateway may stop working.
PRJ-4134, PRHF-2711	Logging	In some scenarios, it may not be possible to filter logs by the field "IKE IDs:" when searching the log files directly.
PRJ-9315, PRHF-8166	Logging	Logging view may show results from the wrong day if the server Time Zone is configured to use half/quarter hour deviations from standard time.
PRJ-8921, PRHF-8148	Logging	When the user searches logs in the "Logs and Monitor" tab in SmartConsole and applies a filter using the "?" wildcard, incorrect logs may be returned.
PRJ-9705, PRHF-7716	Logging	The FWD process may stop working if one of the following changes were made using GuiDBEdit: Change to log forwarding timing Change to log switch timing
PRJ-4981, SL-2893	Logging	In SmartView, the percentage values in pie charts may add up to 99% or 101%.
PRJ-11005, PRHF-9292	Logging	In some scenarios, changes made to Network Objects on the Security Management Server are not reflected in the logs view. Refer to sk166493.
PRJ-1524, SL-2379	Logging	In some scenarios, Autosuggestion does not complete in SmartConsole's "Logs & Monitor" tab for users who do not have super user privileges. Refer to sk155252.
PRJ-9192, PMTR-42449	Logging	After synchronization, MLM / Secondary MDM may have different log policy configuration. Refer to sk165692.
PRJ-4447, PMTR-39444	Logging	In SmartView, drilling down from the timeline widget to logs, may show less logs than expected.
PRJ-6189, PRHF-6325	Logging	Widgets inside SmartView's "Views and Reports" may result in "Query Failed" messages when filtered by the "Log Server Origin" field.
PRJ-10857, PRHF-1898	Application Control	NEW: Gateway status will reflect Application Control and URL Filtering updates.
PRJ-2794, IPS-682	IPS	In some scenarios, the interface name is not displayed correctly in the IPS log.
PRJ-11303, PMTR-51681	IPS	In a rare scenario, the fw_full process may stop working.
PRJ-9487, PMTR-46123	IPS	After an upgrade, policy installation may not update the IPS version on the gateway if the "IPS scheduled update" option was changed before the upgrade.
PRJ-9448, PRHF-8530	IPS, VSX	In some scenarios, SmartConsole shows "No license" and "Contract is expired" for IPS blade in VSX. Refer to sk164917.
PRJ-10968, SWG-2484	DLP	NEW: Reading and sending files from the registry by DLP was optimized.
PRJ-10847, PRJ-10854	DLP	DLP stability for some scenarios was improved.
PRJ-10422, PMTR-39431	DLP	In a rare scenario, when Security Gateway is configured as proxy, the HTTP traffic may be not scanned by DLP.
PRJ-5021, PRHF-5528	DLP	The DLP engine may incorrectly process the file if the file name is missing in the connection header.
PRJ-9327, PRHF-8152	DLP	Improved the scanning time of files for some scenarios in SMTP and HTTP/S.
PRJ-9692, PRHF-8503	DLP	In some scenarios, DLP prints wrong error message in the log.
PRJ-9773, PRHF-8847	DLP	In some scenarios for SMTP, when an internal user sends an email, the DLP logs may show the topology as "external to external" instead of as "internal to internal".
PRJ-9404, PMTR-51402	HTTPS Inspection	In some scenarios, wrong certificate is shown by HTTPS Inspection for some websites, including certificates issued by "CloudFlare Inc ECC CA-2". Refer to sk118392.
PRJ-7995, PMTR-46960	HTTPS Inspection	WSDNSD memory leak may appear when updatable objects are configured in the policy. Refer to sk165616.
PRJ-9933, PMTR-49938	HTTPS Inspection	In some scenarios, when the minimum version of HTTPS Inspection is set to TLS 1.1, some websites may stop working. Refer to sk165555.
PRJ-7422, PMTR-44671	Infrastructure	In some scenarios, Anti-Bot\Anti-Virus\IPS\Threat Emulation blade update fails with "Curl error code 56".
PRJ-9392, PMTR-49565	Identity Awareness	NEW: Performance improvement in the automatic LDAP group update feature.
PRJ-9495, PRHF-4033	Identity Awareness	Policy installation process has been improved.
PRJ-10223, PMTR-39175	Identity Awareness	In a rare scenario, there is a memory leak in the IDA daemon pepd.
PRJ-11613, IDA-1828	Identity Awareness	In a rare scenario, a memory leak, related to the Identity Awareness flow, may occur in the kernel.
PRJ-7506, PRHF-5184	Identity Awareness	When the Identity Awareness blade is enabled, a memory leak may appear in LDAP sessions.
PRJ-10385, IDA-2719	Identity Awareness	In a rare scenario, identity session groups and access roles may disappear following a policy installation.
PRJ-6074, PMTR-41138	Identity Awareness	Machine identity for Terminal Server agent is not identified unless Identity Agent is also enabled on the Security Gateway.
PRJ-8002, PMTR-45649	Threat Prevention	Improvements in HTTP chunked encoding inspection.
PRJ-12395, PMTR-45311	Threat Prevention	In some scenarios, policy installation fails with "Error code 0-2000111".
PRJ-8212, PRHF-7592	Anti-Bot	"Problem has occurred during search <External Log server> Disconnected" error may appear in "Logs & Monitor" tab after creating dummy object for NAT.
PRJ-7165, PMTR-23406	SSL Inspection	NEW: Added support for proxy configuration when downloading CRL from a VSX device. Refer to sk151115.
PRJ-4112, SL-1767	SmartEvent	In SmartEvent policy, adding an exclusion for sensor alert event by event id (e.g. id=20300) causes policy install failure. Refer to sk139854.
PRJ-7921, PMTR-46737	SmartView	In the Logs page of the SmartView web application, the "File Name" filter may appear twice in the quick filters pane.
PRJ-10372, PRHF-8973	SmartView	In some scenarios, after user imports view/report in SmartView, the imported view/report is not shown in the Catalog.
PRJ-7723, PRHF-7326	SmartView	In SmartView, when filtering a view using special characters in the search bar and exporting to Excel, the file may be generated empty.
PRJ-10118, PRJ-9633	Compliance	In some scenarios, database import on a single Domain machines where the Compliance blade is activated fails, and as a result, the FWM process stops working after the import.
PRJ-2213, PMTR-30347	VoIP	In some scenarios, Cisco VoIP calls are dropped with "SIP Re-Invites exceeded the limit" reject reason. Refer to sk145412.
PRJ-9955, PRHF-897	VoIP	In some scenarios, UA traffic is dropped when packet contains more then 9 UA's. Refer to sk135114.
PRJ-8010, PRHF-5809	ClusterXL	In some scenarios, a connectivity issue takes place in ClusterXL environment after a fast "fail over"-"fail back" or a "fail over" on bridge configuration.
PRJ-1501, PRHF-3839	ClusterXL	The output of the 'cphaprob routedifcs' command may be missing interfaces.
PRJ-5865, PMTR-43718	ClusterXL	SNMP Response for OID .1.3.6.1.4.1.2620.1.5.6 ("haState") is "Active" on all members of ClusterXL High Availability mode. Refer to sk106291.
PRJ-599, PMTR-35261	SecureXL	SYN Defender status in CPView sometimes appears as invalid.
PRJ-10937, PMTR-25593	SecureXL	Rule that contains dhcpv6 services, does not disable SecureXL Accept Templates. Refer to sk32578.
PRJ-602, PMTR-36548	SecureXL	In some scenarios, DOS/Rate Limiting configuration is not applied after reboot if no fw samp policy is configured.
PRJ-9670, PRHF-5522	SecureXL	In some scenarios, SecureXL drops the TCP traffic for the particular connection for invalid state reasons. This fix enables the new property per specific gateway. Refer to sk147093.
PRJ-8760, PMTR-40390	SecureXL	NEW: Improved performance for multicast traffic after all listeners have been removed for an existing connection.
PRJ-10619	SecureXL	NEW: Added a new feature to support certain types of asymmetric bridged configurations.
PRJ-8914, PRJ-8890	SecureXL	In some scenarios, multicast packets arrive to the Security gateway in order, but leave out-of-order.
PRJ-8978, PRJ-8977	SecureXL	When PIM-SM multicast routing transitions from RPT to SPT, packets may be dropped or become out-of-order.
PRJ-8779, PRHF-6971	SecureXL	In a rare scenario, DOS/Rate Limiting Logs are not searchable.
PRJ-6155, PRHF-6490	SecureXL	In some scenarios, SecureXL causes an issue in the routing of multicast traffic.
PRJ-7500, PMTR-34845	SecureXL	In some scenarios, new connection may fail to open if it is reopened with the same source port. Refer to sk164839.
PRJ-6123, PRHF-5797	SecureXL	In some scenarios, DOS/Rate Limiting drops too few (or too many) packets for "concurrent-conns" fw samp rules. Refer to sk112454.
PRJ-8488, PMTR-48255	SecureXL	In some scenarios, held packets are incorrectly reported to the penalty box.
PRJ-10233, PMTR-51942	SecureXL	Policy installation may fail with "Error code 0-2000240" when Drop templates option is enabled. Refer to sk165716.
PRJ-4175, PRHF-5051	SecureXL	In some scenarios, there may be a length verification error with SCTP traffic.
PRJ-7283, PRHF-5120	SecureXL	Improved TCP state inspection for "Smart Connection Reuse" feature.
PRJ-9825, PMTR-50294	SecureXL	In some scenarios, SYN Defender cookie validation may fail.
PRJ-12022, PRHF-10097	SecureXL	In some scenarios, ACK, FIN, and RST TCP packets are dropped, causing outages.
PRJ-11677, PRJ-11551	SecureXL	MCAST packets may be handled incorrectly when promiscuous (tcpdump) mode is enabled for the interface.
PRJ-5904, PMTR-43772	SecureXL	In some scenarios, the penalty box violation rate is configured incorrectly.
PRJ-3815, PRHF-3767	Routing	Active VRRP cluster member may not show full accounting information in logs. Refer to sk159432.
PRJ-12223, ROUT-856	Routing	In some scenarios, routed process stops working when adding an interface to OSPFv3 with a prefix length above 63 and having two or more areas.
PRJ-10791, PMTR-39379	Routing	Although only OSPFv2 with Graceful Restart Helper is configured, the Critical Device OSPF3 Graceful Restart may show the "OSPF3 Graceful Restart PROBLEM Master -> Standby. Waiting for GR" message during the cluster failover.
PRJ-11545, ROUT-554	Routing	In some scenarios, routed stops working and traffic is lost after a failover in ClusterXL when BGP and ECMP are enabled. Refer to sk166175.
PRJ-3617, PRHF-4829	Routing	In some scenarios, routed stops working when receiving an LSA with a checksum value of zero.
PRJ-11423, PRHF-9812	Routing	In some scenarios, routed_mon may stop working on some CPView queries when OSPF multiple instances are configured.
PRJ-7613, PRHF-7166	ConnectControl	Logical servers will have global table for lookups to prevent the race condition where two instances has different decisions because local sync is flushed every 0.1 sec. Added 'fw balance' command for visibility.
PRJ-9350, PRHF-8098	Gaia OS	NEW: Added optimization for 40GbE and 25/100GbE cards configured in multiqueue allowing better transmit performance when Hyper-Threading (SMT) is enabled.
PRJ-3804, PMTR-40396	Gaia OS	NEW: Added the ability to configure an IPv6 address for a LOM interface on Smart 1-525/5050/5150 appliances.
PRJ-11367, PRHF-9804	Gaia OS	SNMP Trap may not be sent even though a failover occurred. Refer to sk166100.
PRJ-11295, PRHF-6250	Gaia OS	In some scenarios, commands that were typed into Clish can be executed later on if the SSH session was uninterruptedly terminated.
PRJ-445, PRJ-447	Gaia OS	The ‘show asset all’ command may fail with core dump.
PRJ-11372, PRHF-7532	Gaia OS	In some scenarios, latency issues may occur in Clish and in the WebUI when using web scanning tools. Refer to sk164153.
PRJ-472	Gaia OS	The "load configuration" command may not work correctly when the loading configuration file contains SNMP, and interface config commands may not apply the configuration correctly.
PRJ-501, PRJ-498	Gaia OS	The "load configuration" command may not work correctly when trying to add an SNMP user with a hashed password.
PRJ-12442, PRJ-1618, PRHF-2637	Gaia OS	In some scenarios, the xmlUpgradeExec process may stop working during Jumbo Hotfix installation. As a result, the configuration file may not be created correctly. Upon login, the following error message may appear: "/etc/appliance_config.xml:1: parser error : Document is empty /etc/appliance_config.xml:1: parser error: Start tag expected, ^^^ not found".
PRJ-5269, PMTR-40400	Gaia OS	Any of the following may occur in vSphere on a Management appliance: vSphere client/WebUI does not show the instance IP in the instance summary window. vSphere client/WebUI reports that VMware tools are "not running" in the instance summary window. Machine time/date is not synchronized with the ESX host.
PRJ-7578, PMTR-42309	Gaia OS	'#', '=' and '+' characters cannot be used in "Banner" and "Message of the day" features.
PRJ-8006, PMTR-46037	Gaia OS	Apache API was updated.
PRJ-7371, PMTR-44835	Gaia OS	In some scenarios, the iDRAC (LOM) interface is not pingable.
PRJ-10397, PRJ-10396	Gaia OS	In some scenarios, transmit queues may stop, causing packet loss.
PRJ-8053, PRHF-7532	Gaia OS	In some scenarios, latency issues may occur in Clish and in the WebUI when using web scanning tools (Qualys). Refer to sk164153.
PRJ-4878, PRHF-5471	VSX	Resource Monitor Control may cause segmentation fault when there are more than 64 CPUs. Refer to sk125112.
PRJ-11280, PMTR-12883	VSX	In a rare scenario, portals are not reachable after the fwk process stops working.
PRJ-10542, PMTR-51263	VSX	In the menu of 'vsx_util vsls' #1 (Display current VS Load sharing configuration), the table shows cut names of VSs (original names are longer).
PRJ-10910, PMTR-22709	VSX	In VSX cluster with VMAC mode, traffic may not pass through VSX Cluster members if SecureXL is enabled. Refer to sk138894.
PRJ-5332, PMTR-41386	VPN	NEW: Added functionality enhancements for the authentication realms that is used with Remote Access VPN.
PRJ-10270, PMTR-50151	VPN	NEW: 3DES is disabled by default for HTTPS Inspection, Mobile Access Portal, Identity Awareness Portal, ICA Portal, SmartManagement Portal, SecurePlatform WebUI and Mobile Access curl. Note: Disabling 3DES will fail 3rd party OPSEC SDK 6.0 clients connectivity. To enable it, refer to sk113114.
PRJ-5701, PMTR-42483	VPN	NEW: Improved policy installation performance when the MAB blade is enabled with Legacy Policy and Native Application rules.
PRJ-8114, PMTR-49502	VPN	“vpn_trap_multik: - wrong header length 36 != 72” message may appear in the vpnd.elg when working with multiple users with the same credentials.
PRJ-11240, PMTR-42727	VPN	Added connectivity improvement for VPN over NAT traversal (UDP 4500). Refer to sk155953.
PRJ-11642, VPNRA-353	VPN	Added stability improvement for Remote Access VPN.
PRJ-7013, PRHF-2844	VPN	Added L2TP Remote Access client connectivity improvements. Refer to Scenario 2 in sk145895.
PRJ-11913, PRHF-252	VPN	In rare scenarios, fwm stops working after a 3rd-party certificate is signed.
PRJ-8262, PRHF-7769	VPN	Server-to-Server and Client-to-Server VPN may fail when using Wire Mode while SecureXL is enabled.
PRJ-12177, VPNRA-364	VPN	Connectivity improvements for Remote Access VPN using Traditional mode.
PRJ-7853	VPN	Connectivity improvements for Remote Access Endpoint clients that connect without Office Mode IPs.
PRJ-6718, PRHF-6672	VPN	In some scenarios, the vpnd process stops working on cluster members.
PRJ-11281, PRHF-7681	VPN	In a rare scenario, vpnd process stops working due to Segmentation fault.
PRJ-4451, PMTR-40912	VPN	Improved IKEv2 negotiation flow.
PRJ-7692, PRHF-7359	VPN	Improved usability of VPN tunnel monitoring "vpn tu" command.
PRJ-6089, PMTR-43541	VPN	In some scenarios, accelerated VPN tunnels routed over PPPoE interface may cause drop of encrypted traffic of some connections. Refer to sk148872.
PRJ-7857, PRHF-2142	VPN	In a rare scenario, a VPN memory leak may appear.
PRJ-6117, PMTR-44901	VPN	In some scenarios, NAT-D traffic goes out from the first external interface.
PRJ-4235, PRHF-4250	VoIP	In some scenarios, H323 connections are dropped after "Virtual session timeout" is configured. Refer to sk156372.
PRJ-2461, PRHF-4097	VoIP	In some scenarios, MGCP traffic may be dropped by the Security Gateway with the following message in fw ctl zdebug drop: `fw_mgcp_undo_earlynat: the needed early_nat request entry (with natted src) not found, dropping;` `fw_conn_post_inspect Reason: Handler 'mgcp_manager' drop;`
PRJ-8259, PMTR-28302	Endpoint Security	In some scenarios, the wrong cipher suite is chosen for RSA certificates in HTTPS portals. Refer to sk164240.
PRJ-2925, PMTR-39317	Endpoint Security	Very frequently repeated "update register" requests may cause performance issues.
PRJ-11814, PRHF-9151	Endpoint Security	When a user name is updated in SmartEndpoint, the change may result in an unexpected expiration date. Refer to sk165872.
PRJ-11834, PRHF-10015	Endpoint Security	An error in FDE preboot users calculation may cause Endpoint to be left in a disconnected state. Refer to sk142313.
PRJ-11827, PRHF-7087	Endpoint Security	SmartEndpoint may export a report to Excel in which incorrect distinguished names appear for deleted users/computers. Refer to sk163943.
PRJ-11823, PRHF-6365	Endpoint Security	Users/devices may not change their locations in the tree according to Active Directory changes when certain special characters appear in the names.
PRJ-11818, PRHF-9157	Endpoint Security	The default paths for offline folders in SmartEndpoint -> Offline group creation wizard may be incorrect.
PRJ-11831, PRHF-8234	Endpoint Security	The Endpoint directory scanner may fail to reconnect to the AD if the connection was lost during the scan.
PRJ-11710, PRHF-10028	Endpoint Security	In SmartEndpoint, Anti-Malware's "Top Infections" report has an empty infection name. Refer to sk166232.
PRJ-5185, PRHF-5617	Endpoint Security	The log description of the "Media Encryption & Port Protection" blade may state that the "Media Storage" is encrypted even though it is not. The details in the log show the correct value. Refer to sk162812.
PRJ-7890, VSECC-1001	CloudGuard IaaS	NEW: Added support for Google Cloud Platform projects with Shared VPC. Refer to sk164139.
PRJ-5804, VSECNSX-1211	CloudGuard IaaS	NEW: Added support for Identity Sharing with CloudGuard for NSX-V.
PRJ-10866, VSECC-1119	CloudGuard IaaS	In a rare scenario, the OpenStack Data Center becomes unresponsive, which results in a loss of updates to the Security Gateway.
PRJ-11897	QoS	In some scenarios, SmartView Monitor shows "No Match" rule on QoS traffic.
PRJ-9740, PMTR-51721	QoS	Packets to the broadcast IP address (255.255.255.255) may cause dmesg to fill with “fg_classify_and_offload_all_ifdirs: fglogRulename Failed.” messages.
R80.20 Jumbo HotFix - General Availability Take 156 (24 May 2020, GA from 14 June 2020)
PRJ-10296, PRHF-8781	Security Gateway	In some scenarios, the license status of the Security gateway is not updated properly in SmartConsole.
PRJ-11561, PMTR-52267	SecureXL	SCTP Stateful inspection and payload NAT (INIT Chunks) may not work correctly with SecureXL.
PRJ-11669, PRHF-9774	VSX	The "Destroying alive neighbour " error may appear in /var/log/messages* file.
PRJ-12748, PRJ-12738	VPN	Some Remote Access clients that do not support Multi-Factor Authentication (MFA) are able to connect to a Security Gateway even though the "Allow older clients" option is disabled. Refer to sk166912.
R80.20 Jumbo HotFix - Ongoing Take 155 (30 April 2020)
PRJ-8255, PMTR-36367	Security Management	FWM and\or INDEXER processes may repeatedly stop when there are more than ~500K network objects declared. Refer to sk164452.
PRJ-11958	Gaia OS	In a rare scenario on a cluster environment, Security gateway may corrupt data or crash during an upgrade.
R80.20 Jumbo HotFix - Ongoing Take 149 (01 April 2020)
PRJ-9470, PRJ-9461	Security Management	NEW: Added ability for R80.20 Security Management or Multi-Domain Server to manage R80.40 Security gateway. Refer to sk164652. Requires R80.20 SmartConsole Build 114 (or higher).
PRJ-10087, PMTR-50276	Security Management	The cpm_solr process may stop working and cause one of the following: The upgrade of a Management machine may stuck on 58% The Management HA synchronization may fail with "NGM failed to import data" error Users may not be able to log in.
PRJ-9159, PMTR-48267	Security Management	When reverting a security layer to a previous revision, if there are rules which are currently disabled, but were enabled in the selected previous revision (or vice versa), their status may not be reverted.
PRJ-8375, PRHF-7874	Security Management	In some scenarios, the exported database may be very large and include redundant data.
PRJ-8858, PMTR-48652	Security Management	If the database contains an internal user object with the same account name as an administrator object, then after the user publishes any change to the administrator object, the login in a VPN client with the internal user account may fail.
PRJ-8798, PMTR-48610	Security Management	If the database contains an internal user object with the same account name as an administrator object, then after the user publishes any change to the internal user object, the login in SmartConsole with the administrator account may fail.
PRJ-5446, PMTR-40663	Security Management	In some scenarios, an unclear error appears when the user imports a global policy on a Multi-Domain Management Server. The error is caused by a mismatch between the leading interface defined on the machine and the one defined in the database.
PRJ-9264, PMTR-49516	Security Management	Policy verification may fail after the user does the following steps: Configures specific install targets for a policy, publishes them, changes the install targets back to "All Gateways", and tries to install them on a Gateway which is not in the original list of targets.
PRJ-5449, PMTR-42420	Security Management	In some scenarios, an upgrade from R7x secondary Multi-Domain Server with active Domains may fail.
PRJ-7767, PRHF-7425	Security Management	In rare scenarios, publishing a session fails with the following "Action Failed due to an Internal Error" error. Discarding the session in SmartConsole completes as "discarded", but the changes are still there. The same behavior occurs in the Management API: mgmt_cli -r true discard uid <UID> number-of-discarded-changes: 4 message: "OK"
PRJ-9592, PMTR-38555	Security Management	Security hardening: The Management Server will block connection requests with a TLS version below 1.2 on port 19009.
PRJ-7589, PMTR-38305	Security Management	In a rare scenario, following a failure to delete a Domain, the Management Server may fail to start.
PRJ-8403, PRJ-8402	Security Management	In a rare scenario, the Security Management Server does not start due to a missing object, or a duplication of objects.
PRJ-9082, PMTR-47530	Security Management	In some scenarios, IPS update fails in the Global Domain after an upgrade from R80.10.
PRJ-677, PMTR-36302	Security Management	In some scenarios, Check Point services fail to start and the CPM log shows that there are duplicate session aggregators.
PRJ-10745, PMTR-50936	Multi-Domain Management	In some scenarios, policy installation from the Domain Management Server fails after mds_backup procedure that was interrupted. Refer to sk165559.
PRJ-10525, PRHF-8686	Multi-Domain Management	Upgrade of Multi-Domain Server may fail if Sync With User Center is running.
PRJ-8450, PMTR-47772	Multi-Domain Management	The Administrator and Trusted Clients pop-up editors at the Multi-Domain Server level show all domain names linked to these objects. Domain Managers with partial permissions, may see the names of domains that they are not permitted to see.
PRJ-5099, PMTR-41234	SmartConsole	When editing the description of a revision, the "Changes" field is reset to 0.
PRJ-9020, PRJ-8753	SmartConsole	In some scenarios, on a Global domain, when the user sets a logging option of an IPS protection whose activation is Detect or Prevent, the activation of the protection is set to "Inactive" on the local domain after an Assign Global Policy operation.
PRJ-8133, PMTR-45751	SmartEvent	"The process <process-name> which is monitored by watchdog restarted more than once in the last half an hour" error may appear in the SmartEvent GUI status window even though the process has been up for more than 30 minutes.
PRJ-10141, PMTR-43309	SmartProvisioning	Deletion of LSM ROBO cluster may cause the FWM process so stop working.
PRJ-7881, PRJ-7879	Security Gateway	In a rare scenario, there is no HTTPS Inspection when ICAP client is enabled.
PRJ-7373, PMTR-45566	Security Gateway	Improved multicast routing under high load and/or during system initialization.
PRJ-10029, PMTR-50431	Security Gateway	In a rare scenario, when the web server is defined, policy installation fails with "Error code 0-20000111".
PRJ-6697, PMTR-44388	Logging	In some scenarios, exporting a large number of logs to Excel may fail and cause SmartView to restart.
PRJ-9970, SL-3551	Logging	In a Multi-Domain environment, one or more CMA's SMARTLOG_SERVER processes may fail to start after upgrade. Refer to sk165262.
PRJ-8681, PRHF-7856	Logging	In some scenarios, Threat Emulation Logs cannot be viewed in the logging or reporting views because of a certain format of the "file size" field sent from the Security Gateway.
PRJ-2628	Logging	In some scenarios, in a Multi-Domain environment with more than 50 domains, some domains are not seen in the SmartEvent GUI.
PRJ-10757, IDA-2866	Identity Awareness	In some scenarios, multiple "idapi_load_data_impl: session id <Session ID> not found in client_db, although ip <Session IP> was assigned to it" errors appear in /var/log/messages file. Refer to sk167174.
PRJ-8423, IDA-2022	Identity Awareness	Identity Awareness performance improvements in large scale environments.
PRJ-10736, PRHF-9265	SSL Inspection	In a rare scenario, a memory leak may appear when SSL inspection is enabled.
PRJ-8339, PMTR-47846	SSL Inspection	In a rare scenario, memory leak may appear in ICAP client when HTTPS Inspection is enabled.
PRJ-7652, PMTR-45863	SSL Inspection	HTTPS Inspection's default CA certificate was upgraded to use a signing algorithm based on SHA256 instead of SHA1. Refer to sk163932.
PRJ-7843, PMTR-45726	Routing	In a rare scenario, Netflow does not report outbound flow records.
PRJ-8767, PMTR-46170	Routing	PIM may be unable to resolve outbound interface of multicast route when unicast route lookup fails.
PRJ-7491, PMTR-39273	Routing	In some scenarios, the CLISH command for PBR results in an error.
PRJ-9073, PRHF-8337	Routing	In some scenarios, a corrupted BGP AS4_PATH attribute value may result in an invalid, long BGP update that is rejected by the BGP peer.
PRJ-10180, PMTR-39590	SecureXL	In a rare scenario under heavy load, SecureXL crash may be experienced.
PRJ-9126, PMTR-46873	SecureXL	NEW: Added acceleration support for Ethernet Over IP Tunneling (EOIP). EOIP is RFC 3378 protocol # 97 used between Wireless AP and Wireless Cisco controller.
PRJ-8984, PMTR-44150	SecureXL	When NAT-T packets pass through a Security gateway, this traffic may be dropped.
PRJ-10805, PRJ-10806, PMTR-50836	Gaia OS	CVE-2020-8597: pppd is vulnerable to buffer overflow. Refer to sk165875.
PRJ-9038, PMTR-29811	VPN	Connectivity improvement of IPSec tunnels when IKEv2 is configured.
PRJ-11034, PMTR-36437	VPN	In some scenarios, VPN traffic distribution change may cause high CPU consumption on one CPU core. Refer to sk165853.
R80.20 Jumbo HotFix - General Availability Take 141 (20 February 2020, GA from 03 March 2020)
PRJ-9975, PRJ-9968	Security Gateway	In a rare scenario, a non-HTTP traffic on port TCP/80 is dropped.
PRJ-10117, PMTR-43665	Application Control HTTPS Inspection	In some scenarios, when Application Control and HTTPS Inspection are enabled and detailed or extended log is used, applications may not be matched correctly.
PRJ-5529, PMTR-42941	CloudGuard	In some scenarios, centrally distributed license disappears from CloudGuard Gateways. Refer to sk151794.
R80.20 Jumbo HotFix - Ongoing Take 138 (10 February 2020)
PRJ-9053, PMTR-44668	Security Management	In a rare scenario, the FWM process will utilize 100% CPU, and connections to SmartConsole may fail.
R80.20 Jumbo HotFix - Ongoing Take 135 (23 January 2020) Note: This Take updates Take 134 released on 14 January 2020.
PRJ-8216, PMTR-47601	Security Management	Management HA synchronization fails with error "Failed to export data" on Multi-Domain Management or Security Management server environment with at least 3 machines. Refer to sk164792.
R80.20 Jumbo HotFix - Ongoing Take 134 (14 January 2020)
PRJ-7660	Upgrade Tools	In some scenarios, migration with R80.20 Migration Tool fails with "Database export was done with migration tools for different version" error.
PRJ-6821, PMTR-37053	Upgrade Tools	In some scenarios, cannot export a database using the migration tools of the current version while there are open sessions in the database.
PRJ-3378, PMTR-39797	Security Management	In a rare scenario, the $CPDIR/tmp/ directory is filled with "CKP_mutex::_opt_CPsuite-RXX_fw1_log__..." files. Refer to sk36754.
PRJ-5494, PRHF-5881	Security Management	NEW: Added the policy verifier memory enhancement and additional debugging options. Refer to sk162453.
PRJ-4970, PRHF-5435	Security Management	In some scenarios, disconnected sessions with no changes or locks appear in SmartConsloe session view.
PRJ-3038, PMTR-39305	Security Management	In some scenarios, the Management Server takes a long time to start or even fails to start.
PRJ-8094, PRHF-7729	Security Management	In some scenarios, policy installation fails when installation target is Check Point Host.
PRJ-7917, PRHF-7614	Security Management	When installing policy to a Cisco router, an automatic ACL number change may cause networking issues.
PRJ-7412, CPM-2541	Security Management	In a rare scenario, all users connected to the Management Server get disconnected and new logins fail until the Management Server is restarted.
PRJ-5096, PMTR-41712	Security Management	When an administrator edits the description of a revision, he becomes the publisher of the revision.
PRJ-7039, PRHF-6722	Security Management	The 'fwm sic_reset' command does not print which object still has an IKE certificate.
PRJ-7105, PRHF-6605	Multi-Domain Management	The cma_migrate may fail if the IPS version does not exist on the R80.x Multi-Domain Management Server.
PRJ-7832, PMTR-43461	Multi-Domain Management	In some scenarios, upgrade of R7x secondary Multi-Domain Management Server or Multi-Domain Log Server fails.
PRJ-6694, PMTR-44390	Multi-Domain Management	Improved Domain/CMA logs visibility.
PRJ-4261, PMTR-45046	SmartConsole	When performing login using mgmt_cli as root admin (with '-r' set to "true"), session timeout is not set.
PRJ-6842, API-841	SmartConsole	NEW: Added integration of Management API with Ansible 2.9. For more info, see: https://galaxy.ansible.com/check_point/mgmt
PRJ-7944, PMTR-46715	SmartConsole	In some scenarios, when running the "show-mdss" command with "details-level full" option, not all Domains are retrieved.
PRJ-6941, PRHF-6754	SmartConsole	In a rare scenario, policy installation fails with "Policy installation had failed due to an internal error". Refer to sk163482.
PRJ-6643, PRHF-6606	SmartConsole	In some scenarios, administrator cannot open the 'RemoteAccess' - VPN community object for editing.
PRJ-6933, PRHF-6842	SmartConsole	Threat prevention policy installation may include wrong topology warning on VSX cluster interfaces.
PRJ-5373, PMTR-43427	SmartConsole	In Multi-Domain environment, IPS protections become staging on each domain after global policy assignment while the protection does have override/staging status in the global domain.
PRJ-2437, PRHF-4184	SmartConsole	When disabling NAT for a network object and searching for the NAT IP address, the network object is still shown as part of the search results even though it should not be.
PRJ-6046, PMTR-43654	Security Gateway	Improved misleading log for connections that terminate before detection.
PRJ-5889, PRHF-6029	Security Gateway	In some scenarios, enabling the Multi-Queue on a line card enables the Multi-Queue also on the on-board interfaces. Refer to sk162622.
PRJ-7486, GAIA-4638	Security Gateway	Connectivity issues on some HTTPS sites (as login pages) when Security gateway is configured as proxy. Refer to sk147878.
PRJ-8196, PMTR-47784	Security Gateway	Since R80.20, in some scenarios, predictable TCP sequences are generated by the Security Gateway. Refer to sk164775.
PRJ-7869, SWG-2361	Security Gateway	Improved DNS caching and negative DNS response handling.
PRJ-8097, PMTR-46330	Security Gateway	Improved a Proxy connectivity while Anti-Virus blade works in Hold mode.
PRJ-7338, MUX-193	Security Gateway	In a rare scenario, Security gateway may crash.
PRJ-7243	Security Gateway	In some scenarios, connectivity issues may appear when ISP redundancy is configured.
PRJ-7751, PRHF-7389	Security Gateway	In some scenarios, no SIC after applying the ICA certificate replacement procedure.
PRJ-7622, PMTR-31257	Logging	In a rare scenario, when exporting logs to Excel, the resulted file is smaller than expected.
PRJ-7814, PMTR-42519	Logging	In a rare scenario involving multiple disconnections and reconnections between Security gateway and Log Server, connection is not automatically restored and logs may not be written locally. Refer to sk164852.
PRJ-6854, PMTR-42177	Logging	In a rare scenario, the "Logs & Monitor" view in SmartConsole freezes while scrolling down the results.
PRJ-6639, SL-2819	Logging	In some scenarios, the user cannot see his Check Point logs in the LogRhythm platform using Log Exporter.
PRJ-5880, QOS-67	QoS	QoS Time Objects are not enforced in R80.20. Refer to sk163074.
PRJ-1020, PRHF-2795	DLP	DLP activation was optimized to reduce the CPU consumption.
PRJ-8195, MBS-8939	URL Filtering	In some scenarios, HTTPS traffic is not categorized as expected.
PRJ-7718, PMTR-39944	Application Control	In some scenarios, HTTP traffic is blocked with "HTTP parsing error occurred (2)" and "parameters are undecodable in request" errors. Refer to sk160092.
PRJ-7637, PMTR-46064	ClusterXL	The "set router-options auto-restore-iface-routes" command is now deprecated.
PRJ-7552, PRHF-7071	ClusterXL	In a rare scenario in a ClusterXL environment, SYN Defender may incorrectly drop a valid traffic.
PRJ-2546	SecureXL	In some scenarios, SNMP queries for SecureXL OIDs return incorrect values.
PRJ-6946, PRHF-6356	SecureXL	Some traffic may not pass when Policy Based Routing (PBR) and SecureXL are enabled. Refer to sk163252.
PRJ-4827, PRHF-5032	SecureXL	With SecureXL enabled, after VRRP cluster failover all TCP connections become expired. Refer to sk162052.
PRJ-7560, PRHF-7247	SecureXL	In some scenarios, SecureXL drops the TCP traffic for the particular connection for invalid state reasons. Refer to sk147093.
PRJ-6747, PMTR-42788	SecureXL	In a rare scenario, FTP Data connections do not pass while SYN Defender is active and enforcing.
PRJ-6750, GAIA-5914	SecureXL	Drop templates are not disabled for USFW (User space Firewall mode).
PRJ-1544, GAIA-4880	Gaia OS	In some scenarios, the VSX Management fails to be properly restored from backup.
PRJ-6789, PRJ-6159, PRHF-6143	Gaia OS	"Gaia Web-UI recognized a non-valid input data" error when creating a scheduled backup in WebUI via SCP or FTP with special characters used.
PRJ-6589, GAIA-6588	Gaia OS	16000 and 26000 Appliances with CPAC-4-1/10F-C NICs (using i40e driver) connected to some specific Cisco switches are flapping. Refer to sk163267.
PRJ-7406, PMTR-45530	Routing	When MaaS tunnels are added, the routed process may stop working.
PRJ-6577, PRHF-6603	Routing	For compliance and interoperability with BGP peers implementing older RFC, no BGP capability is advertised if peer does not advertise it first.
PRJ-5883, VSX-2190	VSX	The "vsx_util vsls" command does not display in full the long names of the VSX server name. Refer to sk163073.
PRJ-6964, PMTR-44031	VSX	In some scenarios, when running the 'cphaprob show_bond' command, one of the bond's slaves may be missing from the output. Refer to sk163333.
PRJ-3403, VPNS2S-417	VPN	SmartView Monitor VPN tunnel status may show incorrect or missing tunnels status for a cluster object.
PRJ-1993, PMTR-37912	VPN	NEW: Improved supernetting handling with 3rd party peers in IKEv2.
PRJ-7265, CRYPTOIS-903	VPN	In some scenarios, connectivity issue may appear in VPN and HTTPS portals. Refer to sk109140.
PRJ-7121, VPNRA-300	VPN	Packets from SSL Network Extender are dropped: "Reason: decrypted and user methods are not identical (VPN Error code 01)". Refer to sk163636.
PRJ-2603, PMTR-25655	VPN	If the VPN tunnel is configured with GCM ciphers for Phase 2, encrypted traffic may be dropped. Refer to sk152832.
PRJ-7182, PMTR-44859	CloudGuard	Public IP addresses for Virtual Machines and Virtual Machines Scale Sets may be missing.
PRJ-7065 PMTR-45006	CloudGuard	In some scenarios, subnet objects may not contain all the relevant IP addresses for VMSS VMs.
PRJ-7381, PRHF-7119	CloudGuard	During a license pool creation, when a blade service is shared between different licenses, the vsec_lic_cli tool may create multiple pools instead of one.
PRJ-5940, PRHF-5289	Endpoint Security	NEW: Added the feature to use epmCommands with object nids.
PRJ-5754, EPS-22621	Endpoint Security	Endpoint Management may fail on FileVault recovery for MacOS clients when а computer re-joins a domain.
PRJ-5942, PRHF-5936	Endpoint Security	Some messages in self-help portal are not properly localized in Japanese.
PRJ-7302, PRHF-4371	Mobile Access	In a rare scenario, when Mobile Access blade is enabled, Security gateway may crash with vmcore.
R80.20 Jumbo HotFix - Ongoing Take 127 (03 December 2019)
PRJ-4929, PMTR-41602	Upgrade	In some scenarios, the FWM process fails to start after a successful upgrade with the "Found an indication that the current domain was migrated, and the migration had failed. Cannot start after a migration failure" message in fwm.elg file.
PRJ-5664, PRHF-6087	Security Management	In some scenarios, purge revisions fails and blank lines, that cannot be deleted, appear in SmartConsole Revisions view. Refer to sk163116.
PRJ-5660, PRHF-5965	Security Management	Blank lines may appear in SmartConsole Purge Revisions view after purging a large database>
PRJ-4834, PRHF-5419	Security Management	The FWM process may stop working when an incorrect license SKU with a specific format is applied.
PRJ-5756, PMTR-43497	Security Management	High Availability synchronization between Management Servers may fail when there is no enough disk space in the root partition.
PRJ-4728, PMTR-41157	Security Management	After deleting a network object that is part of a network group, the audit log of the group modification does not show who is the removed member. Refer to sk164057.
PRJ-5412, PRHF-5815	Security Management	In some scenarios, policy Installation fails with "Operation failed, install/uninstall has been improperly terminated" error. Refer to sk162855.
PRJ-5556, PMTR-43278	Security Management	In some scenarios, policy installation fails with "Policy installation failed on gateway. If the problem persists contact Check Point support (Error code: 0-2000117)". Refer to sk162554.
PRJ-5655, PRHF-5776	Security Management	In some scenarios, cpm_status.sh reports incorrect CPM status. Refer to sk162633.
PRJ-4874, PRHF-5274	Security Management	In some scenarios, when setting or modifying the Email/Phone fields of an administrator, the old values still appear at the bottom pane under "View Sessions" instead of the updated values.
PRJ-5426, PMTR-41518	Security Management	In some scenarios, policy fetch fails if name of the Security gateway that tries to fetch this policy is not defined in DNS. Refer to sk150472.
PRJ-3392, PMTR-40003	Multi-Domain Management	Objects on Domain level that should be shown on the Multi-Domain Server level, sometimes are not shown correctly.
PRJ-6669, PMTR-44148	Multi-Domain Management	In some scenarios, traffic outage may happen after policy installation from Multi-Domain SmartConsole. Refer to sk163712.
PRJ-6992	Multi-Domain Management	The Gaia restore of Multi-Domain Server fails when using Take 103, 117 and 118 of R80.20 Jumbo Hotfix Accumulator. Refer to sk163473.
PRJ-4665, PMTR-41210	Multi-Domain Management	The FWM process may stop working when there is no valid license on the Multi-Domain Server.
PRJ-103, PRHF-3002	SmartConsole	Cannot delete Global Host object from the Global Domain if the name matches the name of Multi-Domain Management. Refer to sk151192.
PRJ-5526, PRHF-5527	SmartConsole	In some scenarios, applying "Where used" from the local Domain on an object that is used in global policies, may return results from the global policies that are not assigned to the local Domain. Refer to sk162753.
PRJ-3949, PRJ-7071	SmartConsole	In a rare scenario, when editing a Star VPN community, SmartConsole terminates.
PRJ-6127, PRHF-6532	SmartConsole	In some scenarios, the "Installed IPS Version" information is empty in the "Gateways and Servers" view.
PRJ-1676, SL-1890	SmartView	In some scenarios, Hit Count on specific rules does not increment after they were recently created or re-ordered. Refer to sk138033.
PRJ-5629, PRHF-5810	SmartView	In SmartView, when exporting logs to Excel after drill-down, the amount of logs is less than expected. Refer to sk162621.
PRJ-4201, PMTR-40076	Logging	NEW: Added support for "SmartView for QRadar" extension. Refer to sk122323.
PRJ-5295	Logging	NEW: Added new Log Exporter feature to export links to the relevant log and log attachments (such as Forensics\TE report).
PRJ-870, PRHF-2806	Logging	In a rare scenario, SmartConsole does not show indexed logs because the log_indexer process stopped working. Refer to sk152934.
PRJ-4964, SL-2456	Logging	In a rare scenario, a specific log fails to be written and an alert informing on this is displayed in SmartConsole.
PRJ-5936, PRHF-5344	Logging	In some scenarios, when retrieving the UserCheck logs, FWD process on the Security gateway may stop working.
PRJ-1157, PRHF-3561	Logging	In SmartView, if a view contains 2 map widgets, one displaying source countries and the other displaying destination countries, drilling down on one of them may display incorrect data.
PRJ-5783, PRHF-6117	Compliance	In some scenarios, the Compliance blade treats a non-existing rule as if it was a real rule and shows the rule index in the Firewall Best Practices relevant objects.
PRJ-5316, NAT-137	Security Gateway	In a rare scenario, Security gateway freezes when IP pool NAT and VPN are used. Refer to sk165953.
PRJ-5810, PMTR-37949	Security Gateway	In some scenarios, traffic is dropped with 'up_transaction_notify_clob failed' error in dmesg when Application Control is enabled.
PRJ-1871, PRHF-3940	Security Gateway	In some scenarios, when using Hide NAT with GRE tunnel, packets going through this GRE tunnel may get dropped. Refer to sk154492.
PRJ-5432, PMTR-42553	Security Gateway	Non-FQDN domain objects may not be enforced correctly when used in the Access policy along with updatable objects.
PRJ-1700, PRJ-4482	Security Gateway	In some scenarios, the /var/log/messages file is flooded with ICAP related errors.
PRJ-5987, PMTR-10094	Security Gateway	In a rare scenario, some commands on Security gateway fail and traffic may be dropped.
PRJ-5869, SWG-2208	Security Gateway	In a rare scenario, Security gateway crashes when proxy is enabled.
PRJ-4106, PRHF-2796	Security Gateway	In some scenarios, logs cannot be seen because the log_indexer process stopped working.
PRJ-5085, PMTR-41407	Security Gateway	Access rulebase may not be enforced properly when wildcard objects are used in in source and destination columns. Refer to sk162692.
PRJ-4748, PRHF-5313	Security Gateway	In a rare scenario, the FWK process stops working during debug.
PRJ-3349, SWG-2013	Security Gateway	In some scenarios, a designated interface may drop packets.
PRJ-6660, PRJ-6655	Security Gateway	Performance enhancement for gzip traffic on VSX environment.
PRJ-2989, PMTR-34813	Security Gateway	In some scenarios, traffic is dropped with "[ERROR]: network_classifier_handle_dag: failed to get uuid of DAG bogus_ip" error in dmesg.
PRJ-5483, NAT-110	Security Gateway	NEW: Enhancement: NAT port exhaustion logs mechanism was updated. Refer to sk156852.
PRJ-1782, PRHF-3890	SSL Inspection	NEW: Added support of RDP over SSL inspection as part of HTTPS Inspection blade. (Relevant for Remote Desktop Protocol Vulnerability CVE-2019-0708.)
PRJ-5468, PMTR-38358	HTTPS Inspection	In some scenarios, several applications are not matched correctly when HTTPS Inspection enabled and URL Filtering is in HOLD mode.
PRJ-5610, PRJ-5609	HTTPS Inspection	In a rare scenario, Security Gateway may crash during non-compliant HTTP traffic.
PRJ-5490, PRJ-4758	URL Filtering	NEW: Improved scalability and resiliency of URL Filtering service.
PRJ-7463, PMTR-45826	IPS	Cannot update the Geo Policy IPToCountry database on Security Gateways. Refer to sk163672.
PRJ-4359, PMTR-40826	SecureXL	In a rare scenario, Security gateway may crash if cpinfo reads from the /proc/ppk/cpls directory before SecureXL is initialized.
PRJ-6107, PRHF-5706	SecureXL	In some scenarios, connection does not to expire correctly when NAT and some Software Blades are enabled.
PRJ-4782, PMTR-40553	SecureXL	NEW: "sim if" and "sim nonaccel" commands will be deprecated. Instead, "fwaccel if" and "fwaccel nonaccel" commands will be used to accommodate multiple SecureXL instances.
PRJ-1251, PRHF-3608	SecureXL	On cluster, Drop templates are disabled on reboot. Refer to sk153412.
PRJ-7175	SecureXL	Cannot configure or use the "SecureXL Fast Accelerator" feature after installing R80.20 Jumbo HotFix Take 117 or 118.
PRJ-6099, PRHF-5450	SecureXL	In some scenarios, SecureXL drops TCP packets with "Out of state" reason.
PRJ-4590, PMTR-41002	ClusterXL	In some scenarios, arp table is not synchronized with master MAC address after fail-over.
PRJ-5895, PRHF-6145	Endpoint Security	Exported from SmartEndpoint .xlsx files may produce a warning when opened in Excel.
PRJ-586, EPS-20841	Endpoint Security	In some scenarios, SmartEndpoint shows "Unknown Error" when trying to open the "User and Computers" Tab "Top Bots" and software deployment by policy reports. Refer to sk151932.
PRJ-2915, EPS-21658	Endpoint Security	In some scenarios, when searching for a machine in SmartEndpoint and selecting it, a "Server Error" message appears. Refer to sk158432.
PRJ-2322, EPS-21609	Endpoint Security	If there is a large amount of devices which are going to be removed from the Deleted Container, the server may fail to process the epmCommands, returning "FATAL: remaining connection slots are reserved for non-replication superuser connections" error.
PRJ-6055, PRJ-1757, PRHF-3943	Gaia OS	A network interface may restart when changing its properties from WebUI if the interfaces configuration was performed via CLISH.
PRJ-6685, PRJ-6990, PMTR-44076	Gaia OS	In some scenarios, Gaia restore on Multi-Domain Server fails with error "failed to edit update registry". Refer to sk163312.
PRJ-1260, PRHF-3675	Gaia OS	CPD process may stop working when attempting to query sensor values on Smart-1 525, Smart-1 5050 and Smart-1 5150 appliances.
PRJ-6037, GAIA-6587	Gaia OS	In some scenarios, the Smart-1 3150 appliance becomes unresponsive after enabling the optical interface. To upgrade to R80.20 using the Jumbo Hotfix, make sure all the interfaces are in state OFF. Refer to sk146512.
PRJ-407, PRJ-5595, PRHF-1739	Gaia OS	In some scenarios, Smart-1 405 and 410 appliances may show high voltage due to incorrect VBat thresholds.
PRJ-3361	Gaia OS	'\|' and '-' characters cannot be used in the message banner.
PRJ-963, PRHF-2474	Gaia OS	In some scenarios, user cannot access terminal from WebUI in monitor role mode.
PRJ-5999, ROUT-445	Routing	In a rare scenario, last two (or more) nexthops of a BGP ECMP route disappear simultaneously and are not removed from the forwarding database. Refer to sk153552.
PRJ-6109, PRHF-6139	Routing	In a rare scenario, the routed process may stop working during ClusterXL failover when BGP is configured. Refer to sk165682.
PRJ-3613, ROUT-679	Routing	In some scenarios, OSPFv3 LS updates of the default route are not accepted by the Security gateway for Stub/TSA areas. Refer to sk161472.
PRJ-6061, PRHF-2798	Routing	In a rare scenario, the routed process may stop working when a route with a local address as a nexthop is received.
PRJ-4848, ROUT-484	Routing	In some scenarios, legitimate subnets of 0.0.0.0 (for example 0.0.0.0/1) cannot be configured for certain routing features, like static routes, PBR, routemaps, etc.
PRJ-4675, PMTR-41221	VSX	VSX configuration cannot not be applied after upgrade from R77.x to R80.x, due to duplicated VSX routes.
PRJ-5921, PRHF-6345	VSX	In some scenarios, IGMP traffic is dropped by "local interface address spoofing" in VSX HA. Refer to sk162953.
PRJ-4647, PRHF-4819	VPN	In some scenarios, traffic is not working over Site-to-Site VPN after an upgrade.
R80.20 Jumbo HotFix - General Availability Take 118 (27 October 2019, GA from 04 November 2019)
PRJ-6085, PRJ-6078	ClusterXL	After installing Jumbo HotFix Take 117 only on a standby member, it's outgoing traffic does not pass.
R80.20 Jumbo HotFix - Ongoing Take 117 (13 October 2019)
PRJ-2725, PMTR-38948	Upgrade	Added a pre-upgrade verification that Global network objects with NAT configuration are not supported.
PRJ-3605, PMTR-39644	Security Management	Added ability to automatically determine the API process memory allocation to avoid "Out of memory" errors. Refer to sk119553.
PRJ-2983, API-744	Security Management	In some scenarios, the show generic-objects API command fails with "Management Server failed to execute command". Refer to sk157693.
PRJ-2338, PRHF-4046	Security Management	In some scenarios, user cannot discard or publish a worksession, receiving the general message "Internal error".
PRJ-4305, PMTR-40468	Security Management	Added a mechanism to prevent the Management Server from starting if an import process was interrupted.
PRJ-3872, PRHF-3463	Security Management	In some scenarios, size of the shadow_object.C file increases after each policy installation, eventually causing a failure in installing a policy.
PRHF-3242, PRJ-658	Security Management	In a rare scenario, the policy verifier ignores rules with object named "Internet" used with negate operator.
PRJ-4515, PMTR-39361	Security Management	Cannot export a .pdf file from the Licence inventory view after Jumbo HotFix installation on the Management server.
PRJ-1374, CPM-2242	Security Management	High Availability synchronization between Management Servers fails with "Couldn't get peers for peers ids" message in the cpm.elg file.
>PRJ-4240, PMTR-38720	>Security Management	>When many users are connected to and actively working in the same domain in SmartConsole, they may experience: Slowness in SmartConsole responses Long duration of operations High load on the Management Server
PRJ-3690, PMTR-36555	Security Management	New policy creation may fail when there are no installation targets defined in this policy.
PRJ-5025, PRHF-4877	Security Management	In some scenarios, policy verification process fails after reaching memory size of 4GB. Refer to sk161412.
PRJ-1517, CPM-2264	Security Management	Performance and stability improvements in large High Availability setups.
PRJ-2646, PMTR-38095	Security Management	In a rare scenario, the Security Management server does not start due to a missing object, or a duplication of objects.
PRJ-5250	Multi-Domain Management	NEW: Added the Domain Management Migration, Backup and Upgrade feature: Backup and restore an individual Domain Management Server on a Multi-Domain Server. Migrate a Multi-Domain Security Management from one Multi-Domain Server to a different Multi-Domain Server. Migrate a Security Management Server to become a Domain Management Server on a Multi-Domain Server. Migrate a Domain Management Server to become a Security Management Server. For more information see sk156072 .
PRJ-2787, PMTR-41157	Multi-Domain Management	In some scenarios, upgrade from R80 fails due to an internal error related to deprecated application objects. Refer to sk157752.
PRJ-3880, PRHF-5177	Compliance	In some scenarios, some of the Best Practices show "N\A" status in the Compliance blade dashboard.
PRJ-2644, SL-2509	Logging	Running views and reports with a filter fails if the filter contains a "NOT" operator combined with parentheses.
PRJ-395, PMTR-28518	Logging	In some scenarios, lea_session processes consume 100% CPU causing the machine to slow down. Refer to sk142632.
PRJ-1324, PRHF-3690	Logging	In some scenarios, when running mdsstart, the following error message is shown: "/opt/CPSmartLog-R80.20/bin/smartlogstop: line 65: /opt/CPmds-R80.20/customers/<name>/CPSmartLog-R80.20/log/smartlogRun.log: No such file or directory".
PRHF-4497, PRJ-3209	Logging	In some Full HA environment scenarios, the "Logserver <Cluster virtual IP> is disconnected" error pops up in SmartConsole log view.
PRJ-1310, PRHF-3681	Logging	In the Logs & Monitor view, the "File size" field is missing from the logs generated by Media Encryption & Port Protection blade. Refer to sk157952.
PRHF-4975, PRJ-4061	Logging	In some scenarios, when exporting logs with "Visible columns" option selected from SmartView, some columns return empty record. Refer to sk161712.
PRJ-3642, PRHF-2607	Logging	In some scenarios, when SAM activity is defined and a Log server receives a high amount of packets, the FWD process on the Log server stops working.
PRJ-3011, PRHF-1554	Logging	In some scenarios, the log maintenance mechanism deletes the earliest logs due to mistake in Emergency mode maintenance. Refer to sk163813.
PRJ-3363, PMTR-34580	Multi-Domain Management	In some scenarios, Administrator does not see that a revision was created in its Domain (on Domain level) after a Global policy was assigned to it.
PRJ-798 PMTR-36765	Multi-Domain Management	In some scenarios, the "Unable to connect to server. Please make sure the server is up and running." error appears when trying to log into single Domain from SmartConsole. Refer to sk153293.
PRJ-3687, PMTR-7744	Multi-Domain Management	"dleserver.utils.UidManager" errors on cma_migrate failure on Multi-Domain Server upgraded from R80.
PRJ-4413, PRHF-3285	Multi-Domain Management	In a rare scenario, FWM process stops working on the Domain level during login.
PRJ-1881, PRJ-783	SmartConsole	In some scenarios, user cannot delete a VS object since it is referenced by an automatically generated exception rule. Refer to sk167272.
PRJ-4135, PRHF-1847	SmartConsole	Administrators with "\" in their username receive the "Error Occurred" pop-up when trying to view a packet capture. Refer to sk140992.
PRJ-4430, PMTR-27392	SmartConsole	In some scenarios, when there is a large quantity of unused permission profiles in the system, the CPM server takes a long time to start.
PRHF-2194, PRJ-4433	SmartConsole	In some scenarios, Client certificate is removed when deleting Domain that is included in certificate's permissions.
PRJ-1969, PRJ-4546, PRHF-3268	SmartConsole	In setups with a large quantity of network object, users may experience slowness when editing the HTTPS Inspection policy. Refer to sk147134. This fix requires R80.20 SmartConsole Build 081 to be installed.
PRJ-4531, PRJ-965	SmartConsole	In a rare scenario, the DNS Maximum Reply Length IPS protection is not enforced. This fix requires R80.20 SmartConsole Build 081 to be installed.
PRJ-3869, PRHF-4655	SmartConsole	In a rare scenario, when user clicks on Mail Transfer Agent (MTA) options in the Security gateway settings or on 'Next hop' column inside MTA settings, SmartConsole shows "Not Responding" and freezes. Refer to sk161232 This fix requires R80.20 SmartConsole Build 081 to be installed.
PRJ-777	SmartConsole	In a rare scenario, the FTP Bounce, Port Overflow and Known Ports IPS protections are not enforced. This fix requires R80.20 SmartConsole Build 081 to be installed.
MCFG-199, PRJ-2383	SmartProvisioning	SmartUpdate generates audit log even when no action was taken.
PROV-2068, PRJ-4671	SmartProvisioning	In some scenarios in SmartProvisioning: When executing Run Script on SmartProvisioning profile, the application disconnects from the server and is closed. When executing Push Settings and Actions the "The action was not performed due to maintenance mode" error appears.
PRJ-5512, PMTR-42219	Security Gateway	In some scenarios, fw monitor on Security gateway shows some packets that are handled by SecureXL and not FireWall-1.
PRJ-5502, PMTR-40456	Security Gateway	In a rare scenario, using "kill" or pressing Ctrl+C on the "fw monitor" process does not finish it.
PRJ-5509, PMTR-38750	Security Gateway	In some scenarios, fw monitor fails to show IPv6 traffic in SecureXL.
PRJ-5504, PMTR-40523	Security Gateway	In some scenarios, the "fwmonitor_kiss_add_to_global_buf: all the buffers are full" error is displayed even after the heavy traffic is stopped.
PRJ-5506, PMTR-40455	Security Gateway	In a rare scenario, Secure Network Distributor (SND) consumes high CPU when running fw monitor.
PRJ-5507, PMTR-41300	Security Gateway	In some scenarios, when running "fw monitor" with "-e" flag, SecureXL traffic is not filtered, and all traffic is displayed.
PRJ-5503, PMTR-39556	Security Gateway	In some scenarios, incorrect chain number and name are displayed by "fw monitor -p all".
PRJ-5497, PMTR-39046	Security Gateway	Added ability for fw monitor to support monitoring traffic on Acceleration Card.
PRJ-4310, STRM-149	Security Gateway	In some scenarios, a remote client disconnects after one hour although the session is not idle. Refer to sk160213.
PRJ-770, SWG-1922	Security Gateway	In a rare scenario, memory usage may rise on Security gateway, when using service with resource with "Optimize URL logging" feature enabled. Refer to sk153052.
SWG-2174, PRJ-4179	Security Gateway	Some Web sites cannot be opened when Content Awareness or Anti-Virus/Anti-Bot is enabled, and Security gateway is configured as proxy.
PRJ-2918, UP-293, PRHF-4494	Security Gateway	In a rare scenario, Security gateway may crash due to NULL pointer dereference.
PMTR-40937, PRJ-4613	Security Gateway	In some scenarios, VoIP traffic is dropped with "allocate_port_impl: could not find a free port;" error in dmesg.
PRJ-697, QOS-22	Security Gateway	In a rare scenario, Security gateway crashes during QoS policy installation.
PMTR-35854, PRJ-3040	Security Gateway	In a rare scenario, changing the xmit-hash-policy of the bonding group while machine handling traffic, causes it to crash. Refer to sk154573.
PRJ-4806, PMTR-41392	Security Gateway	Added ability to enable NAT over specific IP address avoiding a source port allocation.
PRJ-1016, PRHF-5456	Security Gateway	In some scenarios, packets with TTL1 are dropped when using security zones in the Access rulebase.
PRJ-3562, STRM-109	Security Gateway	Disabling connections timestamp does not work on active streaming connections. Refer to sk62700.
PRJ-4760, PMTR-40677	IPS	In some scenarios, IPS update fails as a result of error in management server installation.
PRJ-3766, MUX-174	Content Awareness	In some scenarios, when the Content Awareness blade is enabled, uploading files via ShareFile stucks at 100%.
PRJ-5764	HTTPS Inspection	Improved TLS implementation for TLS Inspection and Categorization - Server Name Indications (SNI). TLS 1.2 support for additional cipher suites: TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 X25519 Elliptic Curve P-521 Elliptic Curve Full ECDSA support Also was improved the fail open/close mechanism and logging for validations. For the complete list of supported cipher suites, see sk104562.
PRJ-4839, PMTR-4178	SSL Inspection	In a rare scenario, when SSL Inspection is enabled and there is big latency, Microsoft websites (for example Azure) may not respond. Refer to sk150175.
PRJ-3368, PMTR-13884	Threat Prevention	Deleting a Threat Prevention profile may fail if the IPS profile has many overrides. Refer to sk136552.
PRJ-689, PMTR-26827	Application Control	In some scenarios, custom Application Object that was initiated with wrong "Application Risk" value may cause connectivity problems. Refer to sk140892.
PRJ-4517, PMTR-38645, GAIA-5872	ClusterXL	Added support for Cluster Load Sharing without IPSec VPN. To enable the support, refer to sk162637.
PRJ-1205, PRHF-3633	ClusterXL	In some scenarios, after adding a vlan to the bond slave cluster member may go down.
PRJ-3298, PMTR-38208	ClusterXL	In some scenarios, when changing cluster topology and installing the policy, the cluster fails over. Refer to sk156335.
PRJ-3315, PMTR-37812	ClusterXL	In some scenarios, pushing policy in order to update the cluster topology during high load, causes the members to fail-over. Refer to sk154575.
PRJ-480, PRHF-3328	ClusterXL	In some scenarios, the xmit-hash-policy of a Bond interface with the vlan causes the cluster member to go down. Refer to sk151412.
PRJ-3294, PRHF-4301	CoreXL	In a rare scenario, custom affinity configuration is overwritten when HT is enabled. Refer to sk158112.
PRJ-1201, PRJ-1843, PRHF-3487	SecureXL	In some scenarios, Policy Based Routing (PBR) does not work properly when acceleration is enabled.
PRJ-3598, PMTR-39660	SecureXL	In a rare scenario, a VSX gateway may crash. Refer to sk160912.
PRJ-1640, PRJ-1637, PMTR-37736, PMTR-37727	SecureXL	In some scenarios, packets with IP options are not forwarded across bridge interfaces. Refer to Issue #3 in sk154892.
PMTR-40703, PRJ-4620	SecureXL	In some scenarios, sending IP fragmented traffic through a Virtual Switch or Virtual Router fails with "Virtual defragmentation error".
PRJ-2114, PMTR-29033, PRHF-4050	Routing	In a rare scenario, the Standby member of ClusterXL incorrectly calculates the routing protocol priorities, causing the routes to be synchronized in the wrong way.
PRJ-306, ROUT-318	Routing	In some scenarios, Routed Pnote in 'Problem' state and ClusterXL member is down after enabling OSPF. Refer to sk123317.
PRJ-307, ROUT-209	Routing	Enhancement: Improved the memory handling mechanism in Routed.
GAIA-4695, PRJ-614	Gaia OS	When running "service vmtoolsd restart" command on Gaia installation with VMware, the "Installing memory driver: FATAL: Module vmmemctl not found. [FAILED]" error is displayed although the vmw_balloon.ko driver is loaded.
PRJ-3793, PRHF-1778	Gaia OS	Enhancement: The maximum size of the arp table was increased to 4096.
PRJ-440, PRJ-4541, 02473276	Gaia OS	"Authentication failure" error when authenticating with TACACS+ user that has special characters in their password. Refer to sk101332.
PRJ-3625	Gaia OS	On Smart-1 525/5050/5150, user cannot open the iDRAC without installing a dedicated Hotfix.
PRJ-3141, GAIA-2861	Gaia OS	In some scenarios, the IGB driver interfaces are occasionally down after reboot of a Management machine. Refer to sk135532.
PRJ-1029, GAIA-5047	Gaia OS	Changing the xmit-hash-policy of the bond may cause all static arp entries to disappear from the arp -a output. Refer to sk152892.
PRJ-1604, PMTR-27831	VPN	NEW: Connectivity enhancements for Remote Access clients using internal Office mode allocation with a long timeout.
PRJ-4152, PMTR-38041	VPN	In some scenarios, the Phase-2 negotiation fails with "Reason: Wrong value for: Encapsulation Mode" after upgrade. Refer to sk157092.
PRJ-2874, PMTR-38894	VPN	Connectivity improvement for Remote Access clients in environments with 3rd party VPN tunnels.
PRJ-2347, PMTR-38631	VPN	Remote Access client randomly disconnect / unable to connect when DHCP multi-homed server is configured.
PRJ-2434, VSX-1866	VSX	Added the option to configure reject routes via vsx_provisioning_tool on Scalable Platforms Appliances. Refer to sk151473.
PRJ-5304, PMTR-42418	VSX	Running fw monitor with -v flag on a VSX gateway may cause the fw monitor to quit with the "Segmentation fault" error. Refer to sk162402.
PRJ-3433, PRHF-5371	VSX	In some scenarios, traffic is dropped on VSX when using SecureXL. Refer to sk160352.
PRJ-4265, PRHF-5105	VSX	In a rare scenario, machine crashes when using VSX with Virtual Switch (VSW).
PRJ-4955, GAIA-6397	VSX	In some scenarios, traffic does not pass in VSX setup with VS-VSW-VS topology and some Threat Prevention blades enabled on VSs.
PRJ-4683, SPC-1903	VSX	In some scenarios, running the "fw vsx resctrl monitor disable" command or disabling VSX Resource Monitor via CPView causes crash of the VSX Gateway. Refer to sk144432.
PRJ-4960, PMTR-38779, MUX-186	Hardware	In a rare scenario, the watchdog process of Falcon Acceleration Card stops working.
R80.20 Jumbo HotFix - General Availability Take 103 (26 August 2019, GA from 22 September 2019)
PMTR-35836, PRJ-249	Security Management	"Runtime error: java.lang.String incompatible with com.checkpoint.management.web_api_is.common.multi_values.objects.MultiStringForSet" error when trying to set a tag to ICMP and ICMP6 services or set those services into a group with API command.
PMTR-36761, PRJ-716	Security Management	A new feature for process tracking was added. If the restart occurs, a 'pstree' command is logged and the process that caused the restart can be tracked.
PMTR-23492, PRJ-2947	Security Management	Support for Internal CA certificate replacement.
PRHF-2012, PRJ-1247	Security Management	High CPU usage of fwm when SmartEvent is enabled on the Security Management Server. Refer to sk147563.
SMCUPG-719, PRJ-1686	Security Management	Deletion of Domain failed with "Could not send message" error when having large amount of gateways in the domain. The Domain remain without Domain Servers.
PRHF-3283, PRJ-450	Security Management	In a rare scenario, a failure in policy installation causes a false "Policy installation is currently in progress" error message while there is no installation attempt.
PRJ-1899, PRJ-1901	Security Management	After opening and searching in pickers for a few times, the "error retrieving results" message appears when opening a picker.
CPM-2300, PRJ-1973	Security Management	In some rare scenarios CPM server does not start after a failure in delete domain.
PMTR-38249, PRJ-2161	Security Management	In some scenarios, traffic is dropped with "network_classifier_get_dynobjs_for_ip: failed to get UUIDs for IP 0.0.0.0" and "kfunc_ip_ranges_to_dynobj: network_classifier_get_dynobjs_for_ip failed" errors in dmesg when dynamic object is used in access policy.
PRHF-3514, PRJ-1379	Security Management	Upgrade from R7x is failing with core file of cpdb due to an empty field in 'autoupdate_and_install_settings' object.
PRHF-3455, PRJ-1335	Security Management	Inline layers are not verified when there are no selected targets in the 'install on' column.
RJ-1864, PRJ-1880	Security Management	In some scenarios, SmartConsole stops working while adding or removing many objects via Web API.
PMTR-33605, PRJ-2159	Security Management	In some cases on Multi-Domain environments with several servers, tasks still appear in progress after restart of the server even though they are not really running.
PMTR-38103, PRJ-2490	Security Management	In some scenarios, a validation incident about Invalid Email Address is presented in SmartConsole after upgrade from R77.
PMTR-37924, PRJ-1761	Security Management	Due to a failed full sync, FWM was restarted unexpectedly and obsolete domain sessions were used in the global policy assignment.
PMTR-26076, PRJ-1570	Multi-Domain Management	Synchronization in a Multi-Domain High-Availability setup fails post upgrade from R80 due to duplicate compliance objects.
PRJ-1303	Multi-Domain Management	When running the 'add-domain' Web API command on an existing Domain, the original Domain is deleted.
CPM-1730, PRJ-1403	Multi-Domain Management	The Multi-Domain Server database size grows significantly causing operations like 'mds restore' and HA full sync to take a long time.
PMTR-36438, PRJ-552	Multi-Domain Management	In rare cases, if Domain deletion failed in the past, and following MDS Upgrade or MDS Restore - some objects are missing on Domain or Global level in SmartConsole. This is relevant specifically under the following cases: Multi-Domain Server upgrade from R80.10 to R80.20. Multi-Domain Server Restore in any R80.x
PRHF-3783, PRJ-1440	Multi-Domain Management	In some scenarios, gateways are missing in the 'Gateways and Servers' view in SmartConsole on the MDS level.
PRHF-3300, PRJ-592	Multi-Domain Management	Multi-Domain Server processes must be stopped before running cma_migrate.
PRJ-2386, PMTR-38670	Multi-Domain Management	In a rare scenario, CPM server fails to start after successful Domain deletion.
PMTR-36614, PRJ-2244	Multi-Domain Management	The mds_backup command will generate an output file of format .tar instead of .tgz to improve the duration time of backup (mds_backup) and restore (mds_restore) of Multi-Domain Server. Refer to sk163300.
PRJ-2421, PMTR-38710	SmartProvisioning	In VPN Community managed by SmartProvisioining: When adding SMB gateway to the VPN community, VPN tunnel may not been established. When changing security profile in VPN community, the VPN settings are not changed. Policy installation fails for cluster member of CO Gateway.
PRJ-2664, PRJ-2721	SmartProvisioning	VPN tunnel of LSM gateway can not be established when CO gateway is managed by Security Management of higher version. Refer to sk106628.
PRHF-3392, PRJ-867	SmartProvisioning	In VPN star community managed by SmartProvisioning, VPN tunnels may not be established after installing policy to CO gateway (center). Refer to sk152612.
PMTR-31155, PRJ-1433	SmartConsole	In some scenarios, SmartConsole terminates when installing policy on many targets at once.
PMTR-36527, PRJ-760	SmartConsole	Redundant layers appear in the output of the 'show-package' command when Global policy holding more than one layer, is assigned to Domain.
PRHF-3415, PRJ-738	SmartConsole	In rare scenarios, upgrade fails with "com.checkpoint.management.classes.dle.triggers.internal.VersionInfo.VersionInfo" NPE in cpm.elg file.
PMTR-24658, PRJ-1745	SmartConsole	Wrong error message displayed in SmartConsole when Domain Server cannot be deleted when it is referenced in the policy.
PRJ-1532, PRJ-1535	SmartConsole	In a specific scenario, Global policy rules may change order after Multi-Domain Server upgrade. Refer to sk155432.
MCFG-200, PRJ-2559	SmartConsole	In "Gateways and Servers" view, gateways are missing status when managing more than 1000 gateways. This fix supports statuses up to 5,000 gateways.
PRJ-1919, PRJ-2416	Identity Awareness	Security hardening for IDA enforcement according to XFF IP.
PRJ-1926, PRJ-1952	Identity Awareness	Performance improvement of Identity Awareness kernel tables for Cluster and multi-fw1 instances gateways.
PRJ-1926, IDA-1966	Identity Awareness	In a rare scenario, identities are missing from all connected Identity Gateways (PEPs).
IDA-1987, PRJ-1956	Identity Awareness	In a rare scenario, sessions longer than 24 hours disappear from the Identity Gateway (PEP) but exist on the Identity server (PDP)
IDA-1981	Identity Awareness	Users are not propagated from the PDP to the PEP on a specific network due to a rare race condition between register and unregister requests triggered by different instances or cluster members.
PRJ-1926	Identity Awareness	The output of pep show pdp all command on the Identity Gateway (PEP) contains "inx invalid type (0)" instead of an Identity server (PDP) IP address. Refer to Scenario #3 in sk156953.
PMTR-32539, PRHF-3443	Identity Awareness	Users are not authenticated when an identity source provides the login name in an 'User Principal Name' format "user@domain". Refer to sk147417
PRHF-2895, PRJ-334	Security Gateway	After upgrading to R80.20, it is not possible to configure an OSPF interface to have a priority of 0.
PRJ-3735, PMTR-40259	Security Gateway	In some scenarios, when a connection is accelerated and ICMP packet is sent from a server to a client, it is being dropped by Security gateway.
PRJ-1490, GAIA-4689	Security Gateway	In some scenarios, the fwk process virtual memory increases on USFW/VSX environment. Refer to sk160513.
PRJ-604, PRHF-3117	Security Gateway	In a rare scenario, routed process stops working when ECMP is enabled for both IBGP and EBGP. Refer to sk162547.
PMTR-25754, PRJ-773	Security Gateway	Potential NAT issues when using "Hide internal networks behind the Gateway's external IP" along with destination NAT. Potential NAT issues for connections opened from templates due to route change.
PMTR-28915, PRJ-915	Security Gateway	Possible performance impact on NAT port exhaustion scenarios.
PRJ-3675	Security Gateway	In some scenarios, when disabling the interface, large amount of "fwmultik_f2p_routing: fw_os_route_retrieve_streaming failed" error messages appears in \var\log\messages file.
PRJ-3330	Security Gateway	The Fast Acceleration feature lets you define trusted connections to allow bypassing deep packet inspection. This feature significantly improves throughput for these trusted high volume connections and reduces CPU consumption.
PMTR-21865, PRJ-1141	Security Gateway	In a rare scenario, Security Gateway may crash when sending log from FW instance with IPv6 packet.
PRJ-2108	Security Gateway	Issue with categorization of HTTPS sites over IPv6.
PRJ-2310	Logging	Log Exporter filtering feature allows to decide which logs will be exported based on values from the various fields on the raw log.
SL-2002, PRJ-1239	Logging	Running views or reports that contain the attack / attack_info fields may fail or not be completed.
PRHF-3831, PRJ-2677	Logging	In a rare scenario, the accounting of bytes in a report is not accurate.
SL-1052, PRJ-1275	Logging	In a rare scenario, when an environment has many gateways (dozens), FWM on the log server may crash when reaching to 4 GB memory.
PMTR-37425, PRJ-1401	Gaia OS	Backup task fails if SmartConsole is open during backup.
PRJ-2173, PRHF-5189	Gaia OS	Many "fwldbcast_new: too many hosts : 0" kernel messages appear in /var/log/messages file. Refer to sk153253.
PRJ-181	Gaia OS	Jumbo installation block on ISO from sk100566
PMTR-35299, PRJ-624	Gaia OS	Enable the user to use CLISH commands related to LOM at (Smart-1 3150).
PRJ-2464	Gaia OS	Adding 6800 appliance picture to WebUI.
PRHF-4394, PRJ-2651	ClusterXL	In a rare scenario, crash on Active member when accessing Standby member via IPv6. Refer to sk159635.
PRHF-4105, PRJ-2146	ClusterXL	In a rare scenario, the fw_workers process consumes high CPU on the Standby member of a ClusterXL. Refer to sk156333.
PRJ-2152, PRJ-2551	ClusterXL	The message "fwlddist_debug_update_op: resetting to avoid overflow" should be printed only in debug mode since it's not an error.
PRHF-4193, PRJ-2396	CoreXL	"fwmutlik_do_sequence_accounting_on_entry: bad dir" errors are mistakenly printed in dmesg output. Refer to sk158312.
GAIA-4153, PRJ-415	SecureXL	Debug for the adp module in host Performance Pack does not work.
PRJ-630, PRHF-5533	SecureXL	In some scenarios, latency is observed on the Security gateway. Refer to sk162914.
GAIA-4855, PRJ-897	SecureXL	When IPS is enabled on VS connected to VR, HTTP traffic is not passing out of the internal Host.
PRJ-1176	SecureXL	Added sim module parameter "sim_anti_spoofing_enabled" to allow disable of anti-spoofing in Performance Pack without installing new Firewall policy.
PRJ-1300, PRJ-1299	SecureXL	In a rare scenario, multicast routing lookup may lead to SIM crash.
PRHF-4430, PRJ-2752	SecureXL	In some scenarios, TCP syn-ack packets are dropped when server is behind a hide NAT rule on a VPN interface.
PRJ-1848	SecureXL	Host destination entries memory leaking when neighbor entry is incomplete state.
PMTR-37165, PRJ-1217	SecureXL	In some scenarios, multicast traffic is not forwarded across bridge interfaces.
PRJ-579	Endpoint Management	R80.20 JHF failed to install when using Anti-Malware E2 engine for signatures update.
PRJ-1419, GAIA-5136	VPN	In some scenarios, VPN Encryption Domain Routes are not added to kernel via RIM in VSX environment. Refer to sk154692.
CRYPT-210, PRJ-2954	VPN	After running "cpca_client re_sign_ca" and "mcc replace", SmartConsole shows the same Internal CA certificate.
GAIA-5338, PRJ-1386	VPN	In some scenarios with acceleration enabled, traffic through VR for a VPN setup does not pass.
R80.20 Jumbo HotFix - General Availability Take 91 (10 July 2019, GA from 20 August 2019)
PRJ-645, PRJ-601	Security Management	Added ability for R80.20 Security Management or Multi-Domain Server to manage R80.30 Security gateway. Refer to sk149272. This fix requires R80.20 SmartConsole Build 055 to be installed.
PRJ-2301, GAIA-3984	SmartConsole	Added support for 16000 and 26000 appliances. This fix requires R80.20 SmartConsole Build 055 to be installed.
PRJ-2820, PMTR-39191	Gaia OS	While unplugging one of the Power supply cables on Smart-1 5150/5050/525 appliances a false 'No Read' message appears for ~5 seconds in both PSUs statuses (instead of Present/Input Lost/Absence).
R80.20 Jumbo HotFix - General Availability Take 87 (26 June 2019, GA from 09 July 2019)
PRJ-1603, PMTR-37581	Security Management	CPUSE Upgrade of Multi-Domain Server is stuck indefinitely when more than one Leading VIP interface is defined.
PRJ-1168, PMTR-33784, PMTR-36843	Multi-Domain Management	After upgrade of Multi-Domain Server from R77.x to R80.20, some of the validation incidents may not have a link to the relevant object.
PRJ-845, PMTR-36840	Multi-Domain Management	Improved duration of Multi-Domain Server upgrade from R80.10.
PRJ-1786, PMTR-37945	SmartConsole	In a rare scenario, when using "add-threat-exception" API command to empty rulebase, it fails with the "Runtime error: Index: -1, Size: 0" error.
PRJ-1478, PRHF-2632	Logging	In some scenarios, logs for a specific Management server or Domain are not displayed. Refer to sk135213.
PRJ-1553, PMTR-31315	Logging	In some scenarios with low disk space and customized retention configuration, logs and indexes may be deleted contrary to the configuration. In some cases, logs are not forwarded when log forwarding in enabled on a Log server machine.
PRJ-2374	Gaia OS	CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479: TCP SACK PANIC - Linux Kernel vulnerabilities. Refer to sk156192.
PRJ-1867, PRJ-1677, PMTR-37999	Gaia OS	Clish command "show system init-services" and Expert command "service --status-all" run "mdsstart" on the server.
PRJ-766, PMTR-36031, MBS-6878	CoreXL	In a rare scenario, Security gateway may freeze when "Drop Templates" or "DOS rate" feature is enabled.
R80.20 Jumbo HotFix - Ongoing Take 80 (27 May 2019)
PRJ-96, PRHF-2762	Security Management	In some scenarios, the postgres.elg file grows and fills up the disk space. Refer to sk143852.
PMTR-34832, CPM-2137	Security Management	In a rare scenario, policy installation from a previous revision fails with "Internal error".
PMTR-27539, PMTR-27797	Multi-Domain Management	False message "peer <name> failed to synchronized me" appears in Multi-Domain Servеr HA window although machines are successfully synced. Refer to sk151392.
PMTR-35703, PRHF-3127	SmartConsole	"Legacy URL Filtering not supported" error pops up when installing policy.. Refer to sk110116.
PMTR-25295, PMTR-14661	SmartConsole	"SessionInWorkLoginException" error when using the API "discard" to discard a connected session other than the current session. Refer to sk142534.
PMTR-30862, PRHF-2252	SmartConsole	"Get Gateway Data" returns "Execution error" for cluster object in SmartUpdate.
PMTR-29658, VPNRA-189	SmartView Monitor	In some scenarios, SNX client is not seen in SmartView Monitor tracking page after connecting to the Security gateway.
PMTR-33424, SL-1997	SmartView Monitor	SmartView Time filter does not work correctly if the server Time Zone is different than the client Time Zone.
PMTR-32677, PMTR-31278	Security Gateway	Connectivity issues on some HTTPS sites (as login pages) when Security gateway is configured as proxy. Refer to sk147878
PMTR-34742, PMTR-34543	Security Gateway	OpenSSL is vulnerable to Padding Oracle Timing / Side Channel Attack.
PMTR-35948, PMTR-34489	Security Gateway	Security gateway crashes in a certain rare scenario.
PMTR-33337, PMTR-33143	Security Gateway	In a rare scenario, setting interface topology to "Network defined by routes" causes policy installation failures or traffic drops.
PRJ-378, PMTR-31289, PMTR-26959	Security Gateway	In some scenarios, Security Gateway drops ICMP traffic with "fw_conn_post_inspect Reason: First server side outbound packet is an ICMP" message.
PMTR-34114, PMTR-32168	Logging	In a rare scenario, Security gateway starts to log locally even if logs are sent to backup server.
PRJ-833, PRJ-748	Logging	In a rare scenario, cannot open new tab in SmartView after exporting data using a relative time filter.
PMTR-34126, PMTR-31493	Logging	In some scenarios, a Domain picker is displayed when logging in to the SmartView web application on a dedicated SmartEvent server.
PMTR-34878, PRJ-69, PRJ-105	Threat Emulation	Management Server upgrade from R80.10 to R80.20 fails in these scenarios: There are Threat Emulation settings, which remained from Security Gateway objects that were already removed. There are Threat Emulation settings, which are configured in the cluster member objects and not in the cluster object. Refer to sk150793.
PMTR-31036, IDA-1689	Identity Awareness	In some scenarios during Identity Agent or Terminal Server Agent IP change, PEP database becomes corrupted.
PMTR-35095, MB-30	ClusterXL	New validation added: Starting from R80.20, ClusterXL does not support Load Sharing mode. SmartConsole blocks such configuration with a warning message.
PMTR-33209, PMTR-30582	ClusterXL	Unable to access ClusterXL Standby members over an IPSec tunnel or when the connections are routed through the Active member. Refer to sk147493.
PMTR-32708, PMTR-33852	SecureXL	Security gateway forwards re-transmitted TCP reset packets although fw_disable_rst_replay property is enabled.
PMTR-33335, MBS-5210, PRHF-3647	VSX	In a rare scenario, VSX reboots when running with 40G NICs.
PMTR-35083, PMTR-26556, PMTR-30291	CPView	In some scenarios, the CPView tool does not display any sensor information under the "Hardware Health" tab.
PMTR-33418, PRJ-292, PRJ-3535	CoreXL	In a rare scenario, Security gateway freezes when Priority Queue is enabled. Refer to sk149413.
R80.20 Jumbo HotFix - Ongoing Take 74 (14 April 2019)
PMTR-36350, PRJ-503	General	Alignment to Mail Transfer Agent Engine Update. Refer to sk123174.
PMTR-26344, PMTR-26345	SecureXL	UDP packets are dropped during policy installation and the following error is displayed: "simi_reorder_enqueue_packet: reached the limit of maximum enqueued packets for conn". Refer to sk148432.
R80.20 Jumbo HotFix - Ongoing Take 73 (08 April 2019)
PMTR-31335	General	Added support for 6500 and 6800 appliances. Refer to sk139932.
PMTR-23799	General	Added ability to FW Monitor to support monitoring of accelerated traffic by default. Refer to sk30583.
PMTR-29498, PRHF-1960	Security Management	Manual changes in INSPECT files under $FWDIR/lib directory of compatibility packages are not synchronized from active to standby Management servers. Refer to sk143792.
PMTR-29853	Security Management	Policy installation fails with "IPv6 addresses domain is not supported for Remote Access VPN community" message when using Domain object in Remote Access encryption domain. Refer to sk142832.
PMTR-29923, PMTR-28958	Security Management	"Error retrieving results" message is displayed in SmartConsole after searching for unused objects in Object Explorer.
PMTR-34653, PRHF-2891	Security Management	After installing R80.20 Jumbo HFA Take 33, newly created users fail to log in into local SmartView WebUI, receiving the "Invalid username and password" error. Refer to sk148794.
PMTR-23745, MCFG-80	Security Management	Unjustified validation error is displayed when installing Threat Prevention policy on Cluster object: "Threat Prevention requires topology to be defined. At least one internal, one external, and no undefined interfaces are required. Incorrectly defined topology impacts performance and security. Please install both Access Control and Threat Prevention policies after fixing the topology."
PMTR-34017, API-595	SmartConsole	Number of sessions in "Changes" list does not match the value of 'total'.
PMTR-31336, PMTR-12430	SmartConsole	When searching in the SmartConsole main search bar for network groups we can see some number of network groups, but the search inside the Logical Server object shows the different number of Logical server objects groups.
PMTR-31641, MCFG-144	SmartConsole	FWM process stops working after repeatedly clicking "Update Corporate Gateways" in SmartConsole.
PMTR-31044	SmartConsole	When an administrator publishes session for a different administrator, the name of the administrator that invoked the action will be written in the audit logs as the publisher.
PMTR-31136	Mobile Access	Mobile Access Portal Agent installation page is vulnerable for XSS attack in Chrome and Firefox.
PMTR-29243, PMTR-32515	Security Gateway	When routed syslog is enabled, the "show configuration routedsyslog" command does not show any output.
PMTR-33631, PMTR-24656	Security Gateway	In some scenarios, Security Gateway crashes when Priority Queue is enabled. Refer to sk149414.
PMTR-34473, PMTR-33518	Security Gateway	R80.20 bridge with no VLAN configuration may cause connectivity disruptions on VLAN-tagged traffic passing through it.
PMTR-30245, PMTR-29336, PRHF-2609	Security Gateway	In rare scenarios, Security Gateway crashes during file upload to Google drive when Content Awareness blade is enabled.
PMTR-33140, PMTR-1479	Security Gateway	In a rare scenario, TCP segments of HTTPS payload are missing in Mirror and Decrypt designated interface.
PMTR-33559, IDA-1793	Security Gateway	Users are not matched to access roles with nested LDAP groups or LDAP groups with filter. Refer to sk148092.
PMTR-31049, IDA-1120	Security Gateway	Group update request is sent specifically to the originator LDAP server even if it is down. Refer to sk127833.
PMTR-26374, SWG-1312	Security Gateway	Added support for ICAP client working with Symantec DLP ICAP server.
PMTR-27196, PMTR-24606	Security Gateway	Starting from SmartConsole Build 46, added automatic Implied Rule for ICAP Server to allow connectivity with trusted ICAP clients.
PMTR-31315, PRHF-2244	Logging	In a rare scenario, TCP state information is not displayed in the log despite being enabled in SmartConsole.
PMTR-32876, PMTR-15708, PMTR-28005	UserCheck	Potential memory leak in rare scenarios when UserCheck is used on HTTP connection.
PMTR-30599	UserCheck	When switching from manual expiration date in User Template to "According to global properties", the actual expiration date is not changed.
PMTR-31422	Threat Extraction	When configuring scrub_additional_file_types to "all" and enabling block_unsupported_files, file types that have no extension are not stripped.
PMTR-30657	Identity Awareness	When X-Forwarded-For (XFF) settings are enabled on one of the policy layers or/and on the Security gateway object, the /var/log/messages file shows errors related to asynchronous identity fetch. Refer to sk145673.
PRHF-523, PMTR-29857	IPS	Some SMTP-related IPS Core Protections remain enabled despite the IPS is disabled.
PMTR-33238, PMTR-32352	IPS	R77.x gateways managed by R80.x Security Management show that IPS blade is enabled while it is disabled on the gateway object. Refer to sk146592.
PMTR-35032	VPN	Important security update for IPSec Site-to-Site (S2S) VPN.
PMTR-31860, PMTR-31863, PMTR-21587	VPN	Connectivity improvements for certain Windows L2TP client versions. Refer to sk145895.
PMTR-23293, 02031663	Gaia OS	The CLISH command "show arp table dynamic all" and Bash command "arp -an" show different entries. Refer to sk112753.
PMTR-32129, PMTR-26981, PMTR-26979	Gaia OS	Added 'pigz' and 'unpigz' binaries.
PMTR-30225, GAIA-3093, PMTR-30226, 02085811	Gaia OS	Enhancement: administrators are allowed to use personal, remotely managed password to login to Expert mode, instead of the shared "expert password".
PMTR-28064	SecureXL	In some scenarios, virtio_net is not able to run multiqueue.
PMTR-33811, PMTR-33923	CPView	"Connections from templates" property shows incorrect value Network tab ->Traffic-> Templates of CPView.
PMTR-29063, PMTR-23710	Endpoint	"User was not authenticated" errors in Capsule Docs when activating Single Sign-On in the policy.
PMTR-30683, PMTR-30518	Compliance	The grc_conditions3.xml and grc_controls.xml files in R80.20 are overwritten by the files of R80.10 from the Cloud.
R80.20 Jumbo HotFix - General Availability Take 47 (24 February 2019, GA from 25 March 2019)
PMTR-28379, PMTR-28378	Security Management	Added ability to manage Check Point Maestro.
PMTR-32183, PRHF-2532, PRHF-2618	Security Management	High Availability synchronization fails on Multi-Domain Server level after Domain deletion or after updating licenses or contracts in SmartUpdate. Refer to sk151072.
PMTR-32160	IPS	Accelerated HTTP traffic may not be accelerated on an R77.10 Security Gateway managed by a Security Management server.
R80.20 Jumbo HotFix - Ongoing Take 43 (11 February 2019)
PMTR-27655	Security Management	Values updated in resourceProfiles files to handle high CPU utilization for "Java" process (described in sk123417) are not resistant and get overridden after Jumbo Hotfix Accumulator installation or backup/restore or export/import procedures.
PMTR-28644, PMTR-28557	Security Management	Running the fwm sic_reset command from CMA fails with "reset_objects: updateMultiple failed". Refer to sk142512.
PMTR-25816, PMTR-25793	Security Management	Once user performs any change to his configuration, the Compliance blade performs a partial scan and calculates the relevant Best practices. During this scan, exceptions of relevant objects for these Best practices are deleted. Meaning, if previously obj1 was excluded from applying Best practice #1, during partial scan obj1 will be relinked to Best practice #1.
PMTR-32542, PMTR-32187	Multi-Domain Management	Log servers are not seen in SmartConsole Log Server tab after Advanced Upgrade to Jumbo Hotfix Accumulator Take 33. After new Domain creation, logs from this Domain are not seen in SmartConsole.
PMTR-29670, PMTR-29604	Multi-Domain Management	Upgrade of the Primary Multi-Domain Server from R80.10 fails when its Global Domain is in Standby mode. Refer to sk143892.
PMTR-27321, PMTR-21282, PMTR-24274, PMTR-24249, PMTR-22245	Multi-Domain Management	CPView is not supported on Multi-Domain Security Management environments.
PMTR-29458, PMTR-26606	SmartConsole	"Synchronization with Check Point UserCenter" feature displays "Synchronization with Check Point UserCenter requires a valid license." warning message even though all licenses are valid.
PMTR-23395, PMTR-29385	SmartConsole	If administrator updates his details (e.g. name, phone, email) and tries to publish the session, it fails with "Internal error" message. After Jumbo HFA installation, the session cannot be published or discarded and any further update will fail. Refer to sk144214.
PMTR-25778, PMTR-25825, PMTR-25790	SmartConsole	When using Global VPN Community with permanent tunnel gateways list (matrix / permanent tunnel gateways), upgrade from R7x fails.
PMTR-26495, PMTR-26474	SmartConsole	"Error: SIC initialization failed because of failure in parsing the certificate file" error when user attempts to log in with certificate to API (mgmt_cli) with password including "!".
API-512, PMTR-25591	SmartConsole	Web API show-package fails if the package was installed on a cluster member which is already deleted. Refer to sk144132.
PMTR-25081, PMTR-25069, PMTR-24728	SmartConsole	Attempt to update Threat Emulation images fails with "Could not send Threat Emulation images update command, validate SIC connectivity and install policy with Threat Emulation enabled for [name]" message.
PMTR-28877, BS-859	SmartConsole	The existing regulation is not updated and appears as "EU Data Privacy" instead of "GDPR".
PMTR-28488, DO-902	Security Gateway	Traffic is dropped when using non-FQDN Domain object in Security policy.
PMTR-28593, PMTR-25909	Security Gateway	Added support for NAT on payload of H323 packets when different IP addresses are used for payload and control.
PMTR-28197, PMTR-27742	Security Gateway	No service enforcement when creating "Other services" without match expression for TCP, UDP or SCTP.
PMTR-27663, PMTR-28320, PMTR-24802	Threat Emulation	Added ability to update Threat Emulation file types in an offline environment.
PMTR-26022, PMTR-25770	HTTPS Inspection	When HTTPS Inspection is enabled and "Hide X-Forwarded-For in outgoing traffic" option is selected, the XFF header is not obfuscated on HTTPs traffic.
PMTR-27702, PMTR-20103	HTTPS Inspection	Potential memory leak due to "Out of state" HTTP response.
PMTR-30868, PMTR-30867	HTTPS Inspection	In some scenarios, connectivity issues between Capsule Workspace and Security gateway.
PMTR-27367, IDA-1609	Identity Awareness	In some scenarios, Identity Agent fails to authenticate using Kerberos SSO due to very large Kerberos ticket and the agent fallback to User/Password authentication.
PMTR-28368, PMTR-28140	Anti-Malware	During upgrade, if Anti-Virus is enabled, all emails are stuck in MTA queue due to missing certificate.
PMTR-30218, TPM-1378	IPS	The "A general error has occurred" message is displayed when trying to change the IPS protection configuration in "MySQL -> General settings".
PMTR-26141, 01967376	SSL Inspection	Added support for custom extension used by Apple.
PMTR-30550, PMTR-29405	Logging	Exporting 100K or more logs to Excel from SmartView fails.
PMTR-30609, PMTR-30608, PMTR-30607, PMTR-29589, PMTR-29583	Logging	In rare scenarios, when the Log server miscalculates the available disk space, it may stop receiving logs from the connected gateways and cause the logs to accumulate locally on the Security gateway. Refer to sk146152.
PMTR-27043, PMTR-23553	Logging	After two or more upgrades of a Security gateway / Security Management server / Log server or SmartEvent server, log maintenance fails to delete logs from older version.
PMTR-26706, PMTR-26696	Logging	After Daylight saving time change, the logs from the time of change until the end of the day are not indexed and the "Illegal instant due to time zone offset transition (daylight savings time 'gap')" error is displayed in solr.elg file.
PMTR-28160, PMTR-23550	Logging	After upgrade from R80.x to R80.20 GA, the pre-upgrade logs data will not be deleted according to the logs retention policy.
PMTR-22357, SL-1600	Logging	In rare scenarios, due to a connection attempt failure to the Security Management, the Security gateway starts logging locally.
PMTR-29044, SL-1538	Logging	When Security gateway is configured to send alerts only to a specific Log server, logs may be written locally on the gateway instead to be sent to the Log server.
PMTR-26040, PMTR-25672, PMTR-28925	Logging	Added Threat Emulation forensic report in SmartView Log card.
PMTR-29233, PMTR-22839, 02535956	SecureXL	Memory consumption on Security Gateway increases after enabling NetFlow v9 in Gaia OS. Refer to sk118719.
PMTR-30162, PMTR-22869, PMTR-30163	SecureXL	Concurrent connections monitoring can become inaccurate when "fw samp quota" rules are changed.
PMTR-27529, MBS-4134	SecureXL	In rare scenarios, Security gateway crashes when penalty checkbox is selected.
PMTR-29118, PMTR-17539, PMTR-27741	SecureXL	In some scenarios, large number of incorrectly classified "simlinux_br_port: dev == NULL !!!" debug messages appear in kernel message logs.
PMTR-28120, GAIA-3349	SecureXL	In some scenarios, HTTP requests do not pass.
PMTR-28084, PMTR-27895	ClusterXL	In some scenarios, standby cluster member sends PIM Hello packets.
PMTR-29200, PMTR-28139, VSX-1928	VSX	In some scenarios, the cpd and fw_full processes stop working when the TDERROR debug flag is enabled.
PMTR-28022, VSX-1895	VSX	Traffic from a Virtual System in VSX Cluster to Security Management Server is dropped with "Local interface address spoofing" log. Refer to sk110473.
PMTR-23158, PMTR-26453, PMTR-26095 GAIA-3010	Gaia OS	CVE-2018-15473: Username enumeration is possible due to a premature bail-out while dealing with a malformed packet. The issue exists in several authentication protocols.
PMTR-28381, PRHF-1502, PMTR-28899	Gaia OS	When using conv2db to recreate Gaia database from /config/active, comments are not skipped and the new database file may contain irrelevant information. Refer to sk139832. Note: the issue is cosmetic only.
PMTR-28798, PMTR-28822, PMTR-12070, 01515638	Gaia OS	SNMPD process fails to send Coldstart on reboot. Coldstart is configured by threshold that can be too short comparing to the OS boot time.
PMTR-28277, GAIA-2493	Gaia OS	Connectivity problem for 10 Gigabit fiber network interfaces (be2net driver) after upgrade from R77.30.
PMTR-28041, PMTR-25332, GAIA-3471	Gaia OS	Added support for "/", "(", and "*" characters as part of the system message banner.
PMTR-23058, PMTR-24458, 01579916	Gaia OS	syslog messages forwarded to external Syslog server, do not contain the host name. Refer to sk100727.
PMTR-28303, 02397556, CP-41	Gaia OS	In some scenarios, snmpwalk reports false values of bond interface.
PMTR-28312, PMTR-28338, 01906257	Gaia OS	In some scenarios, sporadic timeouts occur during snmpwalk run.
PMTR-28834, PMTR-28836, 02489137	Gaia OS	Different LOM versions are reported in WebUI and Clish.
PMTR-11377, PMTR-25506 02100804	VPN	After Cluster failover, VPN tunnel is down and "Unknown SPI for IPsec packet" log is shown. Refer to sk112339.
PMTR-30425, PMTR-30360	VPN	VPN tunnels with 3rd party peers fail because of mismatched IDs. Refer to sk144094.
PMTR-25196, PMTR-31887	VPN	In some scenarios, IKE fragmentation is dropped when NAT-T is enforced. Refer to sk143372.
R80.20 Jumbo HotFix - General Availability Take 33 (08 January 2019, GA from 04 February 2019)
PMTR-25005, PMTR-23377	Security Management	In some scenarios, purge operation fails with "Task was interrupted because of server restart" message and the CPM process stops working, producing core dump file.
PMTR-28037, PRHF-1977	Security Management	Policy installation fails due to a memory allocation failure.
PMTR-26802	Security Management	When creating a Security Gateway object and click OK, SmartConsole terminates with "The connection with the server was lost...." error.
PMTR-25488, PMTR-25218	Security Management	When Database is more than 100 objects and searching for the objects in the Objects Explorer and scrolling down, list of items disappears and the results in the bottom-left show "No items found". Refer to sk139793.
PMTR-26386, PRHF-1656, PMTR-25184	Security Management	Cannot export logs to Excel from SmartView connected to Multi-Domain Log Server. Refer to sk140433.
PMTR-24555, PMTR-26219	Security Management	In some scenarios, migrate_export fails when exporting R77.30 database from Windows machine in order to import it to R80.20 on Gaia.
PMTR-26457, PMTR-17608	Multi-Domain Management	When Domain has policies that are in use in some policy installation preset, the attempt to delete this Domain fails with "Error: Unspecified error".
PMTR-23217, PMTR-22277	Multi-Domain Management	Log in to the primary Multi-Domain Management GUI fails due to HA and logging objects synchronization generating high load.
PMTR-21125	SmartEvent	In large-scale environments, log_indexer process may unexpectedly stop working producing 3.5GB core file.
PMTR-23080, PMTR-26637	SmartConsole	HTTPS Inspection rule with mixed Access Role and network object cannot be enforced.
PMTR-25913	SmartView	Added consolidated Threat Prevention dashboard, providing full threat visibility across Networks, Mobile and Endpoints. Refer to sk134634.
PMTR-23063, PMTR-22415	SmartUpdate	SmartUpdate hangs on launch due to over 4000+ unattached licenses. Refer to sk136512.
PMTR-21902, PMTR-21183	Security Gateway	Memory leak in FWD process.
PMTR-29099	Security Gateway	Security gateway drops multicast or broadcast packets when working in bridge mode.
PMTR-26564, PMTR-25323	ClusterXL	3rd party cluster Full-Sync does not run on startup and caused the cluster to be in down state. Dynamic Routing packets are dropped on the cluster member with the lower priority.
PMTR-25290, PRHF-1556	Threat Prevention	In some scenarios, Advanced Upgrade fails with different errors due to NULL pointer exception check.
PMTR-25286, PMTR-25287, PMTR-25106	Identity Awareness	User's access to a network resource may fail in the following scenario: Access to a network resource is through an Identity Awareness Gateway (configured as PEP) In SmartConsole, the Identity Awareness Gateway object is configured with "Identity Awareness -> Identity Sharing -> Get identities from other gateways -> All sharing gateways" The sharing Identity Awareness Gateway (configured as PDP) that shares identities with the affected Identity Awareness Gateway (configured as PEP), opens an identity sharing connection not from its main IP address Refer to Scenario 1 in sk156953.
PMTR-24536, PRHF-1462	Identity Awareness	Identity sharing does not work for non-HTTP traffic when XFF is enabled only on the layer and not on the Security gateway.
PMTR-25193, IDA-1396	Identity Awareness	Identity sharing fails when XFF is enabled and remote PDP does not respond.
PMTR-26589, IDA-1604	Identity Awareness	In some scenarios, Terminal Servers Identity Agent (MUH Agent) session Access Role is missing on PDP but exists on PEP, causing next PEP to PDP sync to be removed from PEP and thus the accessibility loss.
PMTR-25100, IDA-1226	Identity Awareness	Improved error handing when Identity Sharing is used and remote PDP server does not respond due to prolong outage. Refer to sk141152.
PMTR-22758, PMTR-22632	Identity Awareness	In rare scenarios, PDP crashes after generating traffic for a long time.
PMTR-26173, PMTR-26171	SSL Inspection	Change SSL Network Extender on MacOS to 64-bit architecture to support 32 bit apps depreciation in OSX.
PMTR-24797	SSL Inspection	HTTPS traffic is inspected when it is configured to be bypassed: when HTTPS Inspection is enabled and probe bypass is 0. Refer to sk132913.
PMTR-23567, PMTR-23317	Logging	A Domain administrator connected to a specific Domain in Multi-Domain environment cannot see suggestions when typing in logs search box.
PMTR-29010, SL-1878	Logging	After configuring mail alerts to be sent using "internal_sendmail" script, emails from Check Point server arrive with blank email body. Refer to sk142492.
PMTR-23288, PMTR-19838	Gaia OS	After adding the RBA roles Gaia commands (add rba role TACP-0 virtual-system-access all), the lines are missing from the "show configuration" command output, but the values can be seen in Expert mode (/config/active). Refer to sk119394.
PMTR-24810, PMTR-24803	Gaia OS	Security Management / Multi-Domain Management server OS backup fails due to package compression errors. Refer to sk121212.
PMTR-24293, VSECC-785	CloudGuard	Attempt to install central license on CloudGuard gateway fails with "not vSec product" error.
PMTR-24166, PMTR-23917	SecureXL	The Anti-Spoofing policy is not unloaded by running the "fw unloadlocal" command.
PMTR-25207	SecureXL	"sume_from_fw_forward: dropping packet of for vsid=0 due to loop prevention" dmesg errors during policy installation failure.
R80.20 Jumbo HotFix - General Availability Take 17 (04 December 2018, GA from 08 January 2019)
PMTR-24006, PMTR-22022	Security Management	Remote Access users configured with Pre-Shared Secret Key (PSK) cannot connect after upgrade from R77.x.
PMTR-23394, PRHF-1450	Security Management	Policy installation fails with "Policy installation had failed due to an internal error" message when Security gateway has more than hundred interfaces. Refer to sk138592.
PRHF-734, PMTR-11728	Security Management	In rare scenarios, the CPM service does not start on machine startup.
PMTR-20174, 01619796	Security Gateway	Security gateway does not load policy after reboot when number of SAM rules reaches its limit of 25000. Refer to sk110560.
PMTR-22110, 02661309, 02662730	Security Gateway	DNS NAT does not work when the DNS parser encounters an IPv6 record in DNS servers answer. Refer to sk121346.
PMTR-14588, PMTR-22784, 02768662, 02769044	Security Gateway	Security gateway with Dynamic NAT enabled, is rebooted after running "cpstop".
PMTR-20144, IDA-1176, PRHF-721	Identity Awareness	Update with "-" machine name from the Domain Controller causes the Identity Collector to create un-authenticated sessions on the PDP.
PMTR-22826, VSECC-734	CloudGuard Controller	CloudGuard Controller Data Center objects are not enforced on Multi-Domain Security Management. Refer to sk139372.
PMTR-24762, PMTR-19431	SecureXL	Drops from link collisions in PPAK due to Dynamic port allocation ("db_save_conn: failed to save conn <>, collision(-2)").
PMTR-23850, PMTR-22080	ClusterXL	When upgrading a VRRP cluster to R80.20 with Connectivity Upgrade (CU), CU fails due to the member not being in READY state.
PMTR-23382, IDA-982	VPN	User cannot connect to a VPN site that belongs to a group that has a special character in its name. Refer to sk124514.
PMTR-20038, PMTR-22373	Gaia OS	"/opt/CPInstLog/uninstall_SecurePlatform_R80_10_JHF_PLATO:Uninstallation failed!" error during uninstallation of Jumbo Hotfix Take on Smart-1 device. Newer version of RPMs remain installed after uninstall.
R80.20 Jumbo HotFix - General Availability Take 10 (01 November 2018, GA from 22 November 2018)
PMTR-22164	Security Management	When using Global Dynamic Network objects, creating a new policy package in a local Domain fails with 'Internal error' if it is assigned to the Global Domain.
PRHF-755, PRHF-495, PMTR-16967, PMTR-16968	Multi-Domain Management	Domain deleting fails with "Delete Domain failed: Error: Unspecified error".
PMTR-22800, PMTR-24139	Endpoint Security	In some scenarios, assignment to Virtual Group does not apply properly.
PMTR-22405	Security Gateway	In rare scenario, when configured as a proxy/ICAP client, a Security gateway may crash when using HTTPS Policy Categorization.
PMTR-21081, UP-251	Security Gateway	A large number of Time objects used in the rule base may cause rulebase matching failures resulting in connectivity issues.
PMTR-22320, PRHF-903	Security Gateway	ISP redundancy OID is missing from the MIB file.
SL-1594, PRHF-1268, PMTR-22564	Logging	In rare scenarios, monitoring information (such as licensing information, CPU usage, etc.) displayed in SmartConsole and SmartView Monitor is not updated. Refer to sk137092.
PMTR-23183, SL-1654	Logging	Added new format for Log Exporter to support "Check Point App for Splunk"
PMTR-23418, PMTR-23417	Logging	In some scenarios, the Logs & Monitor -> Logs section in SmartConsole is stucked on searching. Refer to sk144313.

Installation instructions

Procedure:

Show / Hide instructions for installation in Gaia Portal - using CPUSE (Check Point Update Service Engine)
- Offline installation
  
  Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").
  1. Install the latest build of CPUSE Agent from sk92449.
  2. Connect to the Gaia Portal on your Check Point machine and navigate to Upgrades (CPUSE) section - click on Status and Actions.
  3. In the upper right corner, click on the Import Package button.
  4. In the Import Package window, click on Browse... - select the CPUSE package (either offline TGZ file, or exported TAR file) - click on Import.
  5. Above the list of all software packages, click on the Showing Recommended packages button - select All.
  6. Select the imported package Check Point R80.20 Jumbo hotfix T<number> for sk137592 - click on More button on the toolbar - click on Verifier (or right-click on the package and click on Verifier).
  7. Select this package and click on Install Update button on the toolbar.
Show / Hide instructions for installation in Gaia Clish - using CPUSE (Check Point Update Service Engine)
For detailed installation instructions, refer to CPUSE - Gaia Software Updates (including Gaia Software Updates Agent) - section "(4) How to work with CPUSE".
- Offline installation
  
  Note: Either get the offline package from Check Point Support, or export the package from a source Gaia machine, on which this package was already downloaded / installed (for package export instructions, refer to sk92449 - section "(4-D) "How to ..."").
  1. Install the latest build of CPUSE Agent from sk92449.
  2. Connect to command line on target Gaia OS.
  3. Log in to Clish.
  4. Acquire the lock over Gaia configuration database:
    HostName:0> lock database override
  5. Import the package from the hard disk:
    HostName:0> installer import local <Full_Path>/<Package_File_Name>.TGZ_or_TAR
  6. Show the imported packages:
    Note: Refer to the top section "Hotfixes" - refer to "Check Point R80.20 Jumbo hotfix T<number> for sk137592"
    HostName:0> show installer packages imported
  7. Verify that this R80 Jumbo Hotfix Accumulator package can be installed without conflicts:
    HostName:0> installer verify <Package_Number>
  8. Install the imported package:
    HostName:0> installer install <Package_Number>

Uninstall instructions

Important Note: This Jumbo Hotfix Accumulator removes all its packages during uninstall.

Procedure:

Show / Hide instructions for uninstall in Gaia Portal - using CPUSE (Check Point Update Service Engine)
1. CPUSE Software Updates Policy should be configured to allow self-update of CPUSE Agent.
  Otherwise (and if this machine is offline), users should manually install the latest build of CPUSE Agent from sk92449.
2. Connect to the Gaia Portal on your Gaia machine and navigate to the 'Upgrades (CPUSE)' section - click on 'Status and Actions'.
3. Above the list of all software packages, click on the 'Showing Recommended packages' button - select 'All'.
4. Right-click on the Jumbo Hotfix Accumulator package - click on 'Uninstall'.
5. A warning will be displayed that after this uninstall, the machine will be automatically rebooted.
  Click on 'OK' to start the uninstall.
Show / Hide instructions for uninstall in Gaia Clish - using CPUSE (Check Point Update Service Engine)
1. CPUSE Software Updates Policy should be configured to allow self-update of CPUSE Agent.
  Otherwise (and if this machine is offline), users should manually install the latest build of CPUSE Agent from sk92449.
2. Connect to command line on Gaia OS.
3. Log in to Clish.
4. Acquire the lock over Gaia configuration database:
  HostName:0> lock database override
5. Uninstall the package:
  HostName:0> installer uninstall <Package_Number>
  Note: The progress (in per cent) will be displayed in Clish.
6. Machine will be rebooted automatically.

Revision History

Show / Hide revision history

Date	Description
28 Feb 2021	Released Take 190 of R80.20 Jumbo Hotfix Accumulator SmartConsole package has been updated to Build 121
14 Jan 2021	Published List of upcoming resolved issues
28 Dec 2020	Take 188 of R80.20 Jumbo Hotfix Accumulator moved to General Availability
08 Dec 2020	Released Take 188 of R80.20 Jumbo Hotfix Accumulator
17 Nov 2020	Released Take 187 of R80.20 Jumbo Hotfix Accumulator SmartConsole package has been updated to Build 119
11 Oct 2020	Take 183 of R80.20 Jumbo Hotfix Accumulator moved to General Availability
16 Sep 2020	Take 173 of R80.20 Jumbo Hotfix Accumulator was released again
11 Sep 2020	Take 173 was removed
10 Sep 2020	Updated the Important Notes section
09 Sep 2020	Published List of upcoming resolved issues
03 Sep 2020	Released Take 183 of R80.20 Jumbo Hotfix Accumulator
26 Aug 2020	Take 173 of R80.20 Jumbo Hotfix Accumulator moved to General Availability
24 Aug 2020	Published List of upcoming resolved issues
03 Aug 2020	Updated the Important Notes section
23 July 2020	Released Take 173 of R80.20 Jumbo Hotfix Accumulator SmartConsole package has been updated to Build 116
19 Jul 2020	Published List of upcoming resolved issues
02 July 2020	Take 161 of R80.20 Jumbo Hotfix Accumulator moved to General Availability
21 Jun 2020	Released Take 161 of R80.20 Jumbo Hotfix Accumulator
14 Jun 2020	Take 156 of R80.20 Jumbo Hotfix Accumulator moved to General Availability
02 Jun 2020	Released Take 160 of R80.20 Jumbo Hotfix Accumulator
24 May 2020	Released Take 156 of R80.20 Jumbo Hotfix Accumulator
10 May 2020	Added CPUSE offline package for Take 155
30 Apr 2020	Released Take 155 of R80.20 Jumbo Hotfix Accumulator
22 Apr 2020	Published List of upcoming resolved issues
01 Apr 2020	Released Take 149 of R80.20 Jumbo Hotfix Accumulator SmartConsole package has been updated to Build 114
12 Mar 2020	Released Blink images for R80.20 GA Take 117 + Jumbo HF Take 141
03 Mar 2020	Take 141 of R80.20 Jumbo Hotfix Accumulator moved to General Availability Added PRJ-5529 to Take 141
27 Feb 2020	Published List of upcoming resolved issues
24 Feb 2020	Added PRJ-6046 to Take 134
13 Feb 2020	SmartConsole package has been updated to Build 100
10 Feb 2020	Released Take 138 of R80.20 Jumbo Hotfix Accumulator
09 Feb 2020	Added PRJ-5250 to Take 117
02 Feb 2020	Added PRJ-8196 to Take 134
23 Jan 2020	Released Take 135 of R80.20 Jumbo Hotfix Accumulator
14 Jan 2020	Released Take 134 of R80.20 Jumbo Hotfix Accumulator
24 Dec 2019	Published List of upcoming resolved issues
11 Dec 2019	SmartConsole package has been updated to Build 088
03 Dec 2019	Released Take 127 of R80.20 Jumbo Hotfix Accumulator Released Blink images for R80.20 GA Take 117 + Jumbo HF Take 118
04 Nov 2019	Take 118 of R80.20 Jumbo Hotfix Accumulator moved to General Availability
27 Oct 2019	Released Take 118 of R80.20 Jumbo Hotfix Accumulator
23 Oct 2019	SmartConsole package has been updated to Build 081 Added PRJ-1969, PRJ-4531, PRJ-3869 and PRJ-777 to Take 117
13 Oct 2019	Released Take 117 of R80.20 Jumbo Hotfix Accumulator
22 Sep 2019	Take 103 of R80.20 Jumbo Hotfix Accumulator moved to General Availability
09 Sep 2019	Added PRJ-2173 to Take 103
29 Aug 2019	SmartConsole package has been updated to Build 067
26 Aug 2019	Released Take 103 of R80.20 Jumbo Hotfix Accumulator
20 Aug 2019	Take 91 of R80.20 Jumbo Hotfix Accumulator moved to General Availability
21 July 2019	Added PRJ-2301 to Take 91
17 July 2019	Added PMTR-28120, PMTR-30425 and PMTR-25196 to Take 43
10 July 2019	Released Take 91 of R80.20 Jumbo Hotfix Accumulator
09 July 2019	Take 87 of R80.20 Jumbo Hotfix Accumulator moved to General Availability
07 July 2019	Added PMTR-24810 to Take 33
02 July 2019	Added PMTR-34126 to Take 80
26 June 2019	Released Take 87 of R80.20 Jumbo Hotfix Accumulator
13 June 2019	SmartConsole package has been updated to Build 053 Added PMTR-29010 to Take 33 Added PRJ-378 to Take 80
27 May 2019	Released Take 80 of R80.20 Jumbo Hotfix Accumulator
14 Apr 2019	Released Take 74 of R80.20 Jumbo Hotfix Accumulator
08 Apr 2019	Released Take 73 of R80.20 Jumbo Hotfix Accumulator SmartConsole package has been updated to Build 046
25 Mar 2019	Take 47 of R80.20 Jumbo Hotfix Accumulator moved to General Availability
19 Feb 2019	Released Take 47 of R80.20 Jumbo Hotfix Accumulator
11 Feb 2019	Released Take 43 of R80.20 Jumbo Hotfix Accumulator
04 Feb 2019	Take 33 of R80.20 Jumbo Hotfix Accumulator moved to General Availability
17 Jan 2019	SmartConsole package has been updated to Build 025
08 Jan 2019	Released Take 33 of R80.20 Jumbo Hotfix Accumulator Take 17 of R80.20 Jumbo Hotfix Accumulator moved to General Availability
04 Dec 2018	Released Take 17 of R80.20 Jumbo Hotfix Accumulator
22 Nov 2018	Take 10 of R80.20 Jumbo Hotfix Accumulator moved to General Availability
1 Nov 2018	First release of R80.20 Jumbo Hotfix Accumulator (Take 10)

Give us Feedback

Please rate this document

[1=Worst,5=Best]

Comment
	Submitting rating