Here’s a quick one:
In a previous posting I explained how when using SNX in a Provider-1 environment, you needed to license SNX to the IP of the MDS (Multi-Domain Server). Apparently this has now changed. When using Provider-1 R65 HFA30 and SNX, you now use the IP of the CMA that is managing the gateways providing SSL connectivity. So far this information has not been included in the HFA30 release notes or an SK article, but I have seen this first hand (and spent many hours trying to troubleshoot it). Doh.