Hi everyone,
We’re seeing an unexpected and concerning behavior with Generic Data Center Objects (GDCO) in SmartConsole. In short: when the GDCO JSON file is updated, SmartConsole does not reflect those changes, even though enforcement on gateways works perfectly.

Why this matters:

For firewall admins and operations teams, visibility is critical. SmartConsole becomes an unreliable source of truth — admins cannot see which IPs are actually part of a GDCO, nor which ones were added or removed. This creates a real risk of human error when managing policy.

What works (and works great!)

Using CloudGuard, Check Point correctly detects GDCO JSON changes and applies them to all gateways within the configured 60-second update window — no Publish or Install required (as expected).   We also receive clear syslogs showing exactly which IPs changed. These logs are also visible in SmartConsole (blade:"CloudGuard").

This confirms:

• The GDCO JSON file is valid and properly formatted
• CloudGuard seems to be functioning correctly, recognizes changes to the GDCO file, logs the changes
• Enforcement on gateways is accurate and immediate (within the 60 second timer set for the GDCO)

This part is fantastic!!!!

The problem

Despite successful detection, logging, and enforcement:

• SmartConsole does not update the GDCO object
• Newly added or modified IPs do not appear in the GDCO object in SmartConsole
• Deleted/removed IPs still appear as if they’re active
• Nothing resolves the issue:
  • stop/start of CMA, policy Publish, policy Install, re-configuring the GDCO on SmartConsole, re-importing the GDCO objects, even a reboot of CMA does _not_ correct the problem. 
  • The GDCO object _never updates again_, ever, despite multiple changes, uses, re-imports, none of these processes seems to resolve this issue.

So an admin opening the GDCO object in SmartConsole only sees the originally imported GDCO IPs — even when they’re no longer in policy. This is dangerous and misleading, as SmartConsole offers no visual way (other than logs) to validate the current GDCO state.    

Versions tested (issue is consistent and repeatable)

• R81.20 build 057, Jumbo Hotfix Take 120   &&  SmartConsole 81.20.9700.674
• R82 build 010, Jumbo Hotfix Take 44  &&  SmartConsole 82.0.9800.1059
• NOTE:  The SmartConsole behavior not updating GDCO objects was also observed on earlier hotfixes.  So the lab was upgraded to the latest Jumbo Hotfixes, yet the issue persists.

SHOULD NOTE that Check Point seems to have acknowledged the issue  (though it appears unresolved).   

According to the R81.20 List of Resolved Issues for Jumbo HotFix Accumulator:

          (From: https://sc1.checkpoint.com/documents/Jumbo_HFA/R81.20/R81.20/R81.20-List-of-all-Resolved-Issues.htm )

• Issue IDs:  
  • PRJ-61979
  • PRHF-40203
• Product:
  • CloudGuard Network
• Description:
  • Changes made to the JSON file of a Generic Data Center object may take a long time to appear in SmartConsole or the Management API, although enforcement on the Security Gateway functions as expected.

To reiterate, even with fixes claimed in R81.20 JH Take 115, (we applied this and the latest JH, as noted above) SmartConsole still does not reflect GDCO updates.

Questions for the community / Check Point

• Is anyone else seeing this behavior?
• Are there any workarounds to force SmartConsole to refresh GDCO contents?
• Are there additional CloudGuard logs that explain why updates never reach SmartConsole?
• Or… am I missing something obvious?

Thanks SO MUCH  in advance for any help, guidance, or insight on this — it’s a critical visibility issue for day-to-day firewall operations!!!   🙏

.