The " show objects" command returns all objects in Global Domain with any filter when " ip-only" flag is set to " true". In some scenarios, exact search in the Object Explorer may not return the expected results.Īfter creating a new administrator in SmartConsole, the Administrators view may fail to load with " Error retrieving results". In some scenarios, the " run-script" Management API command may fail with " Null Pointer Exception" when using root user permissions. There may be many duplicates of OCSP response in the $CPDIR/tmp/curl_crl_ocsp folder. UPDATE: Enhanced the mechanism of Maestro Gateway leaving a Security Group. UPDATE: Added Management Data Plane Separation (MDPS) support for Maestro Orchestrator and Chassis scalable platforms. UPDATE: Added support for Data Centers in AWS ap-southeast-4 Melbourne region. This change prevents scenarios when CloudGuard Controller fails to connect to Cluster with MDPS enabled ( sk180981). Refer to the " updateClusterMemberAndNotVip" section in CloudGuard Controller R81.10 Administration Guide > Configuration Parameters. UPDATE: Added support for sending Data Center updates from the CloudGuard Controller to the main IP address of Active member on the Management Plane instead of the cluster VIP address on the Data Plane. UPDATE: Upgraded OpenSSL from 1.1.1n to 1.1.1t to include the latest security improvements. UPDATE: Linux installations are now automatically added to "All Linux Desktops Virtual Group" in Harmony Endpoint. VSX Provisioning tool is now logged in the vpt_history.elg. Also, commands are added to the name of log files (for example, vsx_util_reconfigure_xxxxx_xx_xx.elg). On the Security Management side: in the vsx_util log. On the Security Gateway side: in the last_vsx_push_configuration.elg. UPDATE: Added more logs related to Pushing VSX Configuration. To make the change permanently, open the $PPKDIR/conf/nf file for editing and add the entry " sim vpn use physical mtu=0". This allows using configured VTI MTU as the default. To modify the default behavior (the change does not survive reboot), run the CLI command " fw ctl set int sim_vpn_use_physical_mtu 0 -a". UPDATE: When the VTI MTU is different from the physical MTU, the physical MTU is used for sending packets by default. UPDATE: FakeServer will now listen for packets coming from the Virtual Machine during Threat Emulation to port 18443 instead of port 8443. This can prevent fragment drops when having multiple instances in the Firewall. To use it, set the kernel parameter " sim_frag_limit_override" with the new value and install policy. UPDATE: Added a new kernel parameter allowing to control the size of fragments table in SecureXL. To disable, run " set fwx_force_random_nat_port_alloc=0". Also, in the nf file, run " set fwx_force_random_nat_port_alloc=1", It is controlled by kernel parameter (off by default). UPDATE: Added ability to force GNAT Port randomization. Defining GUI Clients is allowed only from the Security Management Server in Active mode. UPDATE: Defining GUI Clients on the Log Server is now blocked. NEW: HCP report is now available in WebUI. NEW: Compliance blade is enhanced with 5 new Firewall Best Practices. Now it will be automatically renewed one year before its expiration date. NEW: Previously, the Internal CA certificate required manual renewal process. NEW: Added ability to run the " verify-policy" Management API command on a private session with unpublished changes.Īdded support for 1595 Slim Ruggedized appliances (Early Availability Program).Īdded support for 1535 / 1555, 1575 / 1595 Quantum Spark Pro appliances. Released on 13 April 2023 and declared as Recommended on
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |