Hi there,
I guess that you disabled HTTPS Inspection for the moment. Remember that even if you bypass, the firewall inspects the first packet of the connection, it's not a real bypass. Please let us know if you have any special configuration enabled for HTTPS Inspection.
Regarding the out of state packets, are they from all kinds? (Out of state sync, out of state ack, etc) or only from one type?
How are you enforcing the SSL Inspection policy? Are you using Access role objects (Identity Awareness)? Do you have many FQDN objects on top? If possible please show us parts of the policy and the number if inspection rules, please obfuscate sensible data.
¿Did you notice an increment load on the firewalls regarding Memory/CPU after the upgrade? You can check this in system counters.
I highly suggest that you re deploy your SSL Inspection policy by only specifying which subnets do you want to inspect, don't specify a bypass for the rest. Is the only way to deploy a gradual policy and not inspect at all the rest.
Also, R80.30 works really well if you are not using probe bypass, if you can try that version.
And last but not last, wstlsd debugs take a lot of CPU, so do it on a maintenance window.
Hope it helps
____________
https://www.linkedin.com/in/federicomeiners/