Thank you for your answer, I already tried 10.4.1-h2 and it did not solve the issue (all firewalls are on 10.1.4 also). It solved my other problem with dynamic device groups tough.. 🙂
Generating config on the bottom level device group then push & commit makes the said rule appear again.
The problem is when I modify something in the parent device group or in Shared policy then push & commit (thus generating and pushing config to all child device groups) the policies dissapear again.
I tried to remove the tag from device, push/commit then re-add it again as @PSCH suggested, but it didn't help.
It could be a workaround to push&commit for each child device group, but I have 60+ device groups under my parent DG, where I store most of my policies, so it's not for me. And again, modifing Shared policies will also trigger the problem.
I had a remote session with a TAC engineer, and he confirmed the problem, it's still under investigation.
... View more