https://community.checkpoint.com/t5/Firewall-and-Security-Management/R80-40-Take-120-amp-VSX-Full-HTTPS-Inspection-issue/m-p/127961#M18590 <P>Hi <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>&nbsp;</P> <P>We are not familiar with this issue , I will appreciate getting the SR number for better understanding.&nbsp;</P> <P>thanks!</P> <P>Naama Specktor</P> Wed, 25 Aug 2021 12:11:34 GMT Naama_Specktor 2021-08-25T12:11:34Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/R80-40-Take-120-amp-VSX-Full-HTTPS-Inspection-issue/m-p/127959#M18588 <P>Upgraded two unrelated VSX clusters to R80.40 Take 120 running full HTTPS inspection, and on each I began to notice choppy behaviour on web browsing, along with web-based applications beginning to fail.</P><P>When I switched back to the member still on Take 118, it worked directly. Then issues reappeared after going again to the Take 120 system. I refreshed the VS and pushed the policy but it didn't help. I rolled back to Take 118 and everything is peachy again, although I could have used the myriad of fixes introduced in Take 119. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>On one of these clusters, HTTPSi was in evaluation so I can narrow it down to a couple of PC's and work with TAC, an SR is open.</P><P>I will post if I get relevant developments, I just wondered if others are using VSX + Take 120 + HTTPSi and having a similar issue.</P> Wed, 25 Aug 2021 11:22:20 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/R80-40-Take-120-amp-VSX-Full-HTTPS-Inspection-issue/m-p/127959#M18588 Alex- 2021-08-25T11:22:20Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/R80-40-Take-120-amp-VSX-Full-HTTPS-Inspection-issue/m-p/127961#M18590 <P>Hi <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>&nbsp;</P> <P>We are not familiar with this issue , I will appreciate getting the SR number for better understanding.&nbsp;</P> <P>thanks!</P> <P>Naama Specktor</P> Wed, 25 Aug 2021 12:11:34 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/R80-40-Take-120-amp-VSX-Full-HTTPS-Inspection-issue/m-p/127961#M18590 Naama_Specktor 2021-08-25T12:11:34Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/R80-40-Take-120-amp-VSX-Full-HTTPS-Inspection-issue/m-p/127962#M18591 <P>There was a rare issue discovered with T119 and T120 that sounds similar to what you are describing.</P> <P>Are you seeing any parser errors in your logs?</P> <P>Either way, if you have a TAC case open then you’re on the right path.</P> <P>&nbsp;</P> Wed, 25 Aug 2021 12:12:31 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/R80-40-Take-120-amp-VSX-Full-HTTPS-Inspection-issue/m-p/127962#M18591 mcatanzaro 2021-08-25T12:12:31Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/R80-40-Take-120-amp-VSX-Full-HTTPS-Inspection-issue/m-p/128067#M18623 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/63263">@mcatanzaro</a>&nbsp;There is a bunch of "<SPAN>F2P outbound processing failed (CPAS)", after a session with TAC they hint at SecureXL but additional debug sessions are planned during an upcoming maintenance window.</SPAN></P> Thu, 26 Aug 2021 07:40:57 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/R80-40-Take-120-amp-VSX-Full-HTTPS-Inspection-issue/m-p/128067#M18623 Alex- 2021-08-26T07:40:57Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/R80-40-Take-120-amp-VSX-Full-HTTPS-Inspection-issue/m-p/144459#M22487 <P>Did you find any solution for this problem?&nbsp;</P> Tue, 22 Mar 2022 18:39:44 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/R80-40-Take-120-amp-VSX-Full-HTTPS-Inspection-issue/m-p/144459#M22487 maad-pul 2022-03-22T18:39:44Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/R80-40-Take-120-amp-VSX-Full-HTTPS-Inspection-issue/m-p/144471#M22492 <P>Are you already running a JHF version that includes the following?</P> <TABLE class="footnote" border="1" width="100%" cellspacing="2" cellpadding="4"> <TBODY> <TR> <TD>PRJ-30818,<BR />PRHF-19417</TD> <TD>SecureXL</TD> <TD>In a rare scenario, after an upgrade, HTTPS traffic may be dropped.</TD> </TR> </TBODY> </TABLE> Tue, 22 Mar 2022 23:51:49 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/R80-40-Take-120-amp-VSX-Full-HTTPS-Inspection-issue/m-p/144471#M22492 Chris_Atkinson 2022-03-22T23:51:49Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/R80-40-Take-120-amp-VSX-Full-HTTPS-Inspection-issue/m-p/144492#M22500 <P>No, not yet. Take38 not GA for 81.10. I have seen that bug, but it just day HTTPS traffic not HTTPS Inspected traffic. Maybe a typo from CP?&nbsp;</P> Wed, 23 Mar 2022 06:04:23 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/R80-40-Take-120-amp-VSX-Full-HTTPS-Inspection-issue/m-p/144492#M22500 maad-pul 2022-03-23T06:04:23Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/R80-40-Take-120-amp-VSX-Full-HTTPS-Inspection-issue/m-p/144514#M22504 <P>I left the cluster on R80.40 Take 118 until R81 T44 became recommended and upgraded there and now Take 58, never had any HTTPS Inspection issues since.</P> Wed, 23 Mar 2022 09:19:04 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/R80-40-Take-120-amp-VSX-Full-HTTPS-Inspection-issue/m-p/144514#M22504 Alex- 2022-03-23T09:19:04Z