I'll pick this up where you left off, since I've observed the same issue. Here's the output of my zdebug:
@;293891;[cpu_1];[fw4_2];[<internal-IP>:34476 -> 126.96.36.199:443] [ERROR]: up_rulebase_should_drop_possible_on_SYN: conn dir 0, <internal-IP>:34476 -> 188.8.131.52:443, IPP 6 required_4_match = 0x4003002, not expected required_4_match = 0x3000;
@;293891;[cpu_1];[fw4_2];fw_log_drop_ex: Packet proto=6 <internal-IP>:34476 -> 184.108.40.206:443 dropped by fw_send_log_drop Reason: Rulebase drop - NO MATCH;
This is my mgmt server and that destination is productservices.checkpoint.com. It cannot pull updates from that IP-address. The mgmt server has two interfaces. One in a mgmt network and the other in a server network. The mgmt network interface is the one on the SmartConsole object. Both interfaces are directly connected to the FW appliance.
The rulebase allows both interfaces to communicate with checkpoint services.
I want the mgmt server to fetch updates and communicate with checkpoint on the interface in the server network, but it desires to do so over the mgmt interface. On the mgmt serer, I then added a default route with lower prio for the server network interface. That's when it stopped receiving updates because of this "rulebase internal error" drop.
Removing the the route fixes everything, but then I have the original problem again. Does the gateway mess up routing somehow or why is this happening?
I don't know if maybe OP has a similar problem; a host with multiple interfaces.
The environment I'm running here is R80.30 with jhf take 111 on both mgmt and appliance. It's been the same throughout all R80.30 iterations at least.