HI @the_rock ,  urgent help need, 

We have firewall in Datacenter and SMB 1500 device in remote site, both are connected via S2S VPN tunnel, I did upgrade the Datacenter firewall from R81.10 to R81.20 Take 76 on Aug 6th. All of sudden on Aug 16th , VPN is up on remote site, but not able to reach the internal IPs. When i check the routes on Datacenter firewall, I don't see the routes for the remote sites. 

Basically, RIM is not working, It is not inserting the routes on to the DC routing table. VPN is up on both ends, but i suspects there is some issue on VPN that's the reason routes are not learning on DC firewall. 

can you advise on this, any bug on R81.20 Take 76?

Found an issue.
After upgrading the SMS we where no longer able to login to SmartConsole.  The following message appeared as the symptom.

Error after applying JHFA79

After investigation found SK169253 which basically tells us that the host machine running smartconsole does not support TLS cipher DHE_RSA_WITH_AES_128_GCM_SHA256.

I verified this by running the following from powershell prompt:
Get-TlsCipherSuite TLS_ECDHE_RSA_WITH_AES_128 | Format-Table -Property Name

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256

As you can see above the required cipher is not listed.

So you would need to add this to the host machine (using SK instructions or via group policies)
Question is why is this now a restriction and where is it documented in the Jumbo list?

In the meantime we have reverted back to JHFA70 which works fine.

People just be aware of this requirement when applying JHFA79 as it may not show up in a LAB, but in a production environment the system hosting smartconsole is likely to be hardened, and therefore you may come across this.

Also the other observation is TLSv1.2 requirement, but implies no TLSv1.3 support so if you only enabled TLSv1.3 on the SMS perhaps this would also break things.