Post management R80.10 upgrade things were fine after the 1st few policy pushes. It wasn't until we installed database, and pushed policy we started seeing: "dropped by fwpslglue_chain Reason: PSL Reject: internal - reject enabled;" in fw ctl zdebug drop on our R77.30 clusters. This is mainly HTTPS traffic that is being permitted by the FW blade, but dropped anyhow.
I found sk33328 which clears out $FWDIR/state directory to resolve policy corruption issues and is the same SK CP support has advised. This is a nuclear option, however as both MGMT and gateways need to be cpstop'd.
Have any of you run into this issue before and did you have a solution other than what was described in this SK?