IKEv1

Phase 1

AES-256

SHA-256

Group 14

Renegotiate : 86400 sec

Phase 2

AES-256

SHA-256

Renegotiate : 3600 sec

Group 14

Perfect Forward Secrecy is enabled

log says after a while, when the tunnel went down -->  Informational Exchange Received Delete IPSEC-SA from Peer: 3.party external IP. 

Your IKE Phase 1 and Phase 2 timers do not match on both sides.  The tunnel will start even though they don't match and you will see behavior like this.  Unfortunately Check Point chose to express the Phase 1 timer in minutes and the Phase 2 timers in seconds, while most other vendors express both values in seconds so double-check that they really match on both sides.

Second that.

Actually Phase 1 and Phase 2 timers match.  But it is interesting, on barracude site there is max and min life time options. Normal lifetime options already match. But min/max lifetime is different. You can see in the attachment.

And also one point, After I reset the vpn, before tunnel goes up, fw received a message from other site, that "Quick Mode received Notification Peer: Invalid payload type" and " Payload malformed". But then vpn goes up, while vpn up in 30 min tunnel is resetted automatically. 

Make sure option for "keep ike SAs" in global properties is checked as @Chris_Atkinson mentioned. I cant open the attachment from your last response, but not 100% certain what those timers options would equate to on CP side.

Keep ike SA is already checked in global properties.  Following picture is from other site. Barracuda.

I cant find any timer settings on VPN community except under advanced tab in community itself (Im sure thats been like that for the last 25 years with CP vpn), but I did find below. Not sure this would help you, but I agree with @Timothy_Hall 

Andy

Set Min, Max, and Lifetime to the same value on the Barracuda matching the Check Point timers.  Anything that brings down the tunnel early (idle time, data lifesize) in an interoperable scenario will hang the tunnel and produce the behavior you are experiencing.

Hello,
I am having a problem with an S2S VPN with a third party, where every 4 to 5 hours, the tunnel goes down.
I have several other tunnels with other clients that are working fine.
Could this be a problem with the remote peer at the PUBLIC IP level?
Is there a command that can help me validate the negotiation, perhaps with tcpdump or cppcap?
Thank you.

Any relevant logs you can send?

The logs that I find suspicious are sequential; I see some “REJECT” messages followed by a “KEY INSTALL.”

It works well for a few hours, and then suddenly the tunnel collapses.

So does not like something with phase 2...just wondering, how is tunnel management configured? per subnet. gw, host?

Per Subnet ....

Route based, domain based? Permanent tunnel?

It is domain-based.
The resources behind the remote pair are IPs with /32, but on my side, I have /24.
Is it necessary to set it per host?
The permanent tunnel is enabled.

From my experience, when you have comination of hosts and subnets, per gateway is the right option.

Sorry, my mistake.
Permanent tunneling is disabled.
But I don't think that's the problem because most of my other VPNs work fine.

So in scenarios where HOST vs SUBNET are combined, is it better to set “per GW”?

Might be worth enabling permanet tunnel option and yes, per gw should be set in your case. What is the other side?