Weird VPN TU/Smart view monitor behavior during policy installation

May the 4th (+4)
Roadmap Session and Use Cases for
Cloud Security, SASE, and Email Security

SASE Masters:
Deploying Harmony SASE for a 6,000-Strong Workforce
in a Single Weekend

Paradigm Shifts: Adventures Unleashed!
Capture Your Adventure for a Chance to WIN!

Join the Photo Contest!

Mastering Compliance
Unveiling the power of Compliance Blade

WATCH NOW

CPX 2024 Content
is Here!

Get What You Need

Harmony SaaS
The most advanced prevention
for SaaS-based threats

LEARN MORE

CheckMates Go:
CPX 2024 Recap

LISTEN NOW

Create a Post

Hey Everyone,

I have been working with a customer running R80.40. While it's weird, I haven't had any specific explanation to the behavior.

The gateway is catering to several site to site VPNs which are up and running and we can verify the same via vpn tu or smartview monitor (tunnels per gateway/community).

Whenever we install policy, these entries just vanishes. VPN TU doesn't show a single entry though there are 6 to 7 tunnels. Smartview with "tunnels on gateway" shows "no data". Interestingly traffic through the VPN tunnel continues to work without any issues, VPN peers based on tcpdump/fwmonitor concludes that they continue to communicate with each other.

Sometimes the IKE SA entries come back automatically, sometimes only when the tunnel go through a manual or auto reset. (attached screenshots from the test bed)

In order confirm the behavior, I created a test bed with R80.10, R80.40 and R81.

R80.10 - Did not see this happening throughout the policy installation. IKE entries are always seen

R80.40 and R81 - IKE entries from VPN and Smartview monitor vanishes

Installed the latest R80.40 hotfix which did not make any difference, though I did not really find anything relevant in the hotfix notes.

Has anyone seen this or is this expected to happen, because this can deem risky if we are troubleshooting a VPN problem and we are to install such a policy!!