We do use identity awareness, but it is enabled on other gateways, but not on this one. However both gateways share the same management server.

The issue is present in R80.20 JHF47 and R80.20 kernel 3.10 Take11

Looks like a new issue that TAC will need to investigate. Even old TAC SRs didn't show similar messages. 

Yes, I have TAC ticket also.

It is really strange and I hope that there is a setting which can force to skip matching roles if IA blade is disabled, but TAC is also struggling to understand this issue.

Same problem on R80.20 JHF 47(GA) or JHF87 (ongoing) with or without IA blade.

Someone have news regarding this?

Massimo

Technical support have build a fix for this. Once I try it I'll let you know.

Forgot to give feedback - the fix worked. 

In our case the problem was fixed removing all the network objects (groups in particular is a CPU consuming) from all the Roles

Hello,

Can you clarify with an example? So you had access roles and just removed objects which were in "networks" section?

Hello there,
@abihsot__ 
@Massimo_Manzato 

Could you give an example of the solution?
Was it a specific hotfix you installed?

I currently have a FW 9100 R81.20 JHT 92, this firewall ONLY does VPN mobile access, users connect by client and/or browser, when I installed policies, when I finish the installation the CVPND process is elvated between 80% and 85%, this makes the mobile access web portal stop responding and new users can't connect (users that were already connected have no problem).

Currently I've been months with tickets with TAC and they have not been able to solve the incident, I would like to know how they have managed to solve this problem.

Best Regards!