Some of our previously accepted web traffic outbound is dropped on an accept rule, according to
fw ctl zdebug drop | grep 220.127.116.11. This is a Hyland Systems Training website. in SmartConsole, the logs show an accept over implied rule 0, but the site never loads, and the origin/source is the NAT IP of our firewall, and not the User with the correct source IP. This seems to only occur over port 443, as port 80 is still rejected, but shows the correct source and user. We have updated IPS twice, and upgraded from take 154 to take 169 and then to take 189 (latest) on the firewalls as well as the management server.
Our security layer (the one with the accept) is now showing a drop on rule 6 in the debug log via the CLI on the gateway. Most websites seem to be fine, we noted most of the sites affected were hosted on AWS, and from what i've seen on forums, everything from IPS, Inspection Settings, GZIP exceptions have all been the cause for some people. I found this https://community.checkpoint.com/thread/8977-drops-on-accept-rule forum entry which seems to align with our current problem. We have a case open with TAC but they so far appear to be baffled.
Any thoughts would be appreciated. We are in a clustered environment where we have tried failovers, cpstart/stop and a rule clone to change the UUID and "refresh" the hits, all to no avail. Currently running R80.10 Take 189