BUG - SSL/TLS Inspection Breaking Checkpoint Mobile VPN since EAP2

Since EAP2 Checkpoint Mobile VPN connections (TCP 443 and UDP 4500) from LAN to WAN aren't possible.

Regardless if exceptions for the remote host are configured or not. SSL/TLS log says "Do not decrypt", but the only way to get the connection working is to disable SSL/TLS inspection completly. (It takes a few hours for me to find the point ...)

I believe that "Do not decrypt" means not "Do not modify connection".

Is it a bug or a feature?

 

Chris