Loading...
Loading...
Starting March 1st, 2026, newly created certificates and newly generated CRL (Certificate Revocation List) may fail validation. The issue may manifest as one or more of the following: ; VPN Site to Site VPN tunnels based on X509 certificate may fail on re-authentication. Remote Access VPN certificate-based authentication failures. ; Maestro Orchestrator Synchronization between Maestro Orchestrators fails. Applying the configuration changes in Gaia Portal or Gaia Clish fails with the "Orchestrator 1_2 has Rest Server issues" message. Configuring the authentication with a remote Orchestrator fails with errors: "Orchestrator is known but cannot securely communicate. Orchestrator can SSH but cannot REST." The HCP test "Orchestrators REST server" fails on the Orchestrators with "Client return code: 132". ; Management and Provisioning Failure to establish SIC (Secure Internal Communication) between Management and Gateway when creating a new gateway or Virtual System. Failure to provision new Gateways in CloudGuard Network autoscaling VMSS. Upgrade of Multi-Domain Log Server (MLM) and Global SmartEvent may fail. ; CloudGuard Network Security In addition to the symptoms listed, CloudGuard Network Security may also experience these issues on: AWS, Azure, GCP, and OCI public clouds Cloud Management Extension (CME) on the Security Management CloudGuard Controller and CloudGuard Central License Note: Only Gateways running R82.10 Build 991001970 or R82 Build 991002015 or earlier are affected.; Check Point Cloud Updates and Services Failure to download IPS, Anti-Virus, and URL Filtering updates, and use of Threat Emulation services for up to 24 hours. Intermittent errors when connecting to Check Point update services. ; Smart-1 Cloud connectivity Potential failure to establish connection with Smart-1 Cloud management. Risk of losing connection to Smart-1 Cloud management. ; HTTPS Inspection Failure to connect to sites with certificates created in the past 24 hours. ; Third-Party Integrations Certificate-based integrations with third-party products may fail. Note: VPN traffic on environments with R82 Management Server and R81.20 Security Gateways is not impacted.
In R82 and R82.10 , there is an error in the date calculation logic used during validation of: X.509 certificates Certificate Revocation Lists (CRLs) Starting March 1, 2026 , newly generated certificates and CRLs are evaluated as not yet valid because of incorrect calculation of the Not Before timestamp. As a result: Certificates and CRLs are considered valid only after up to 24 hours. Any operation requiring immediate certificate or CRL validation fails during this period. This issue is not related to the system clock, timezone, or NTP configuration.
Gaia, Gaia Embedded
Check Point Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.