https://community.checkpoint.com/t5/Firewall-and-Security-Management/Weird-VPN-TU-Smart-view-monitor-behavior-during-policy/m-p/121653#M17361 <P>The SK pointed to by&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/5874">@KennyManrique</a>&nbsp;suggests this is a bug and you should request a portfix from TAC.</P> Mon, 21 Jun 2021 00:35:04 GMT PhoneBoy 2021-06-21T00:35:04Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Weird-VPN-TU-Smart-view-monitor-behavior-during-policy/m-p/121563#M17319 <P>Hey Everyone,</P><P>&nbsp;</P><P>I have been working with a customer running R80.40. While it's weird, I haven't had any specific explanation to the behavior.</P><P>The gateway is catering to several site to site VPNs which are up and running and we can verify the same via vpn tu or smartview monitor (tunnels per gateway/community).</P><P>Whenever we install policy, these entries just vanishes. VPN TU doesn't show a single entry though there are 6 to 7 tunnels. Smartview with "tunnels on gateway" shows "no data". Interestingly traffic through the VPN tunnel continues to work without any issues, VPN peers based on tcpdump/fwmonitor concludes that they continue to communicate with each other.</P><P>Sometimes the IKE SA entries come back automatically, sometimes only when the tunnel go through a manual or auto reset. (attached screenshots from the test bed)</P><P>&nbsp;</P><P>In order confirm the behavior, I created a test bed with R80.10, R80.40 and R81.</P><P>R80.10 - Did not see this happening throughout the policy installation. IKE entries are always seen</P><P>R80.40 and R81 - IKE entries from VPN and Smartview monitor vanishes</P><P>Installed the latest R80.40 hotfix which did not make any difference, though I did not really find anything relevant in the hotfix notes.</P><P>&nbsp;</P><P>Has anyone seen this or is this expected to happen, because this can deem risky if we are troubleshooting a VPN problem and we are to install such a policy!!</P> Fri, 18 Jun 2021 16:32:19 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Weird-VPN-TU-Smart-view-monitor-behavior-during-policy/m-p/121563#M17319 dumbhead123 2021-06-18T16:32:19Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Weird-VPN-TU-Smart-view-monitor-behavior-during-policy/m-p/121650#M17359 <P>Hi,&nbsp;</P> <P>Same behavior here on R80.40 T118, for me its broken at least since T91 (as far I can remember) , because it worked ok at first.</P> <P>The following SK was the most related to the issue I was able to get:&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk171985" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk171985</A>&nbsp;</P> Mon, 21 Jun 2021 00:35:24 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Weird-VPN-TU-Smart-view-monitor-behavior-during-policy/m-p/121650#M17359 KennyManrique 2021-06-21T00:35:24Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Weird-VPN-TU-Smart-view-monitor-behavior-during-policy/m-p/121653#M17361 <P>The SK pointed to by&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/5874">@KennyManrique</a>&nbsp;suggests this is a bug and you should request a portfix from TAC.</P> Mon, 21 Jun 2021 00:35:04 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Weird-VPN-TU-Smart-view-monitor-behavior-during-policy/m-p/121653#M17361 PhoneBoy 2021-06-21T00:35:04Z