During the fail-over, Virtual Systems in VSLS Bridge Mode do not send CCP MAC Learning packets. As a result, switches can not update their MAC Address tables with the MAC Address of the new Active Virtual Systems.
When SecureXL is enabled, accelerated packets do not update Linux kernel shadow table, and, as a result, Check Point kernel table fdb_shadow.