Enabling the R80.20 "disable supernetting per community" feature causes this issue.
This problem was fixed. The fix is included in:
Check Point recommends to always upgrade to the most recent version (upgrade Security Gateway / upgrade Cluster / upgrade Security Management Server / upgrade Multi-Domain Security Management Server).
For R80.20, before Jumbo Hotfix Accumulator for R80.20 Take_43, disabling the R80.20 "disable supernetting per community" feature will resolve this issue.
Note: This new feature will still work once ike_enable_supernet is set to "true".
- Access the relevant gateway.
- Run fw ctl set int enable_supernet_per_community 0
Note: It can take some time until user.def tables start to take effect, as current connections can still invoke tunnels using the old ranges.
- In order to save this change after reboot of the gateway, set this configuration variable: "enable_supernet_per_community=0" in the $FWDIR/boot/modules/fwkern.conf file of the gateway.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.