Hey Everyone,

I have been working with a customer running R80.40. While it's weird, I haven't had any specific explanation to the behavior.

The gateway is catering to several site to site VPNs which are up and running and we can verify the same via vpn tu or smartview monitor (tunnels per gateway/community).

Whenever we install policy, these entries just vanishes. VPN TU doesn't show a single entry though there are 6 to 7 tunnels. Smartview with "tunnels on gateway" shows "no data". Interestingly traffic through the VPN tunnel continues to work without any issues, VPN peers based on tcpdump/fwmonitor concludes that they continue to communicate with each other.

Sometimes the IKE SA entries come back automatically, sometimes only when the tunnel go through a manual or auto reset. (attached screenshots from the test bed)

In order confirm the behavior, I created a test bed with R80.10, R80.40 and R81.

R80.10 - Did not see this happening throughout the policy installation. IKE entries are always seen

R80.40 and R81 - IKE entries from VPN and Smartview monitor vanishes

Installed the latest R80.40 hotfix which did not make any difference, though I did not really find anything relevant in the hotfix notes.

Has anyone seen this or is this expected to happen, because this can deem risky if we are troubleshooting a VPN problem and we are to install such a policy!!