We have a set-up of 2 Checkpoint 5400 gateways in HA cluster mode.
For both the firewall we have 2 ISP configured one as Primary and another one as backup.
Users connect to gateway using "Checkpoint Endpoint security client" through Primary ISP.
But when there is failover users are able to connect to gateway only once through backup ISP.
As soon as the user disconnects the "Checkpoint Endpoint security client" he is not able to connect to the "Security client" and a failed message displays.
This occurs only when backup ISP is live.
There is no issue when Primary ISP is live.