R80.40 T119 as requested to install by Checkpoint Support because of latency with SSL Inspection. Take 119 produces the cluster crashes.

Thanks for the heads-up.  Busy troubleshooting a perplexing IPSEC tunnel issue and TAC had us deploy T119.

Keep my fingers crossed for you.

OK so we got bitten hard as well.  All tunnels on the cluster failed - traffic dropped with local interface spoofing.  Gateways also randomly stopped passing DHCP traffic between VLANs.  Rolled back to T118 and all issues resolved.

Lesson learned for the nth time - be wary of installing ongoing takes as part of troubleshooting.  And only update on one cluster member so that you can roll-back quickly.

Any information, why this sk can't be accessed with expert level as partner?

Especially, as this is linked in the supportcenter "Hot News" Slider and if you click the link, it's just showing: 

To view this solution, higher access level is required.

The only higher access level is internal, and yes, it is accessible to employees still.
Users shouldn't run into this issue anymore unless we happen to release a faulty update.
Why it's linked in "Hot News" is a separate question.
@Ronen_Zel ?

Good catch. Since the issue was indeed already resolved, it should no longer appear in Support Center's "Hot News" section. The item is now removed.

Thanks for reporting this!

Hello,

we have also the problem that installing the policy takes a long time (didn't measure it) with updateable_ojects process taking 100% CPU for this time. I don't know if it started directly after the case mentioned in this sk or if it started later.
I opened a case for this problem today.

Regards,

Jan

Would you mind sharing the status of that issue? Is it still ongoing?

Yes the slow installation process is ongoing. In our environment the installation takes 10 minutes. But then it's working so that it doesn't have a big impact. 
Case is opened a few minutes so we will have to wait till checkpoint requests some information or will have a clue.

Ok, sounds good. In our case as well, policy does work, it just takes more than double time when geo block rule is enabled, but lets see what TAC says. As long as policy functions, I will take that : )

Hi @Jan_Kleinhans , @the_rock 

We are delivering to JHFs an improvement to the loading process of Geo Updatable objects. It's improving the policy installation duration when Geo Updatable objects are used in policy.

You can open SR for port-fix in case you wish to get this as a private fix instead of waiting for the GA release of the different JHFs as it can take several weeks.

Thanks.

Thank you for the response. So is there an official solution for customers who still have this issue or do we have to wait until next jumbo hotfix? I get port-fix can be requested, but I am little apprehensive about it, because it causes issues later on when next general jumbo take has to be installed...

As @Micky_Michaeli wrote: You can either wait a few weeks until this HF is included in GA Jumbo or request a port to the GA Jumbo you have installed. As next GA Jumbo should already contain this HF your thought is unnecessary...

@G_W_Albrecht ...I get what he said, no argument there :). I was more actually wondering if there was some sort of workaround for the time being that may not require rebooting the box, due to the port fix install.

Hi @the_rock,

I think that we don’t have other WA than installing the HF that requires a reboot.

Thanks.

Thanks Micky. So, will this be permanently fixed in jumbo take 121 for R80.40?

Most likely a future one.