Enabling the R80.20 "disable supernetting per community" feature causes this issue.

This problem was fixed. The fix is included in:

• Check Point R80.30
• Jumbo Hotfix Accumulator for R80.20 with Gaia 3.10 for CloudGuard and Open Server Security Gateways (R80_20_3_10_jumbo_hf)
• Jumbo Hotfix Accumulator for R80.20 - since Take_43

Check Point recommends to always upgrade to the most recent version (upgrade Security Gateway / upgrade Cluster / upgrade Security Management Server / upgrade Multi-Domain Security Management Server).

 

For R80.20, before Jumbo Hotfix Accumulator for R80.20 Take_43, disabling the R80.20 "disable supernetting per community" feature will resolve this issue.

Note: This new feature will still work once ike_enable_supernet is set to "true". 

1. Access the relevant gateway.
2. Run fw ctl set int enable_supernet_per_community 0
   

   Note: It can take some time until user.def tables start to take effect, as current connections can still invoke tunnels using the old ranges.

3. In order to save this change after reboot of the gateway, set this configuration variable: "enable_supernet_per_community=0" in the $FWDIR/boot/modules/fwkern.conf file of the gateway.

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.