Hello, we are aware of the issue and are working to provide a fix for it.
Meanwhile, if you are affected, please use the following steps for short term remediation:
1. Re-enable IPS on the gateway object if it was disabled as a workaround.
2. Ensure that updates are not set to automatic gateway updates. (See sk120255 for more info)
a. Open Gateway Object in SmartConsole
b. Go to IPS tab (blade must be enabled)
c. Under "IPS Update Policy" select "Use IPS management updates"
3. Revert to previous good IPS database update
a. Under the "Security Policies" tab, select Threat Prevention or IPS policy
b. Under "Threat Tools" (left hand side) select "Updates"
c. Click the arrow next to "Update Now" and select "Switch to version..."
d. Select a previous version that is not 634204548 or 635204548 and click "Switch" (note it may take some time for the previous versions to populate if there are many previous versions. Look at the top right of the dialogue box where it says "# items")
e. Update will be pushed to gateways
f. Clear any scheduled updates from the "scheduled updates" option
4. Turn on IPS on the gateway if "IPS off" command was used to disable IPS via the CLI and test traffic.
Alternately, disabling TLS parsing for IPS is a secondary workaround. However, this degrades IPS protections and is therefore not the recommended path at this time. Nonetheless, if customers are experiencing severe issues, they can use this command on the gateway:
fw ctl set int tls_parser_enable 0