[cciesec2006]

I ran into this issue six months ago in my previous employment.
Basically Checkpoint has a solution for this in checkpoint sk17280.
However, this article does not address if you have cluster
environment.

I opened a TAC case with Checkpoint and after three months
of going back and forth, the solution is to manually modified
the $FWDIR/conf/objects_5_0.C file as follows:

0) cd /tmp
1 ) mdsenv customer_CMA (if you have a P-1 environment),
cd $FWDIR/conf if you have SmartCenter environment

2) mdsstop_customer customer_CMA
cpstop (if you have SmartCenter)

3) cd $FWDIR/conf

4) cp objects_5_0.C objects_5_0.C.orginal
5) cp object_5_0.C.backup object_5_0.C.backup.original
6) vi objects_5_0.C file and add "keep_DF_flag" and set it to "true"
to the cluster object name, above the property "log_consolidtor (false)"
For example, if your gateway cluster name is "gw-cluster" then
place the following line:
gw_cluster=(true)
7) save the file,
8) cd /tmp
9) perform "mdsstart_customer customer_CMA
cpstop;cpstart if you have SmartCenter,
10) push the policy,

I did this 3 months ago and it seemed to fix the problem.

Let me know if it works for you.

BTW, dbedit is another way of using vi to modify the objects_5_0.C file.