Not aware this is documented anywhere, but that sounds pretty bad latency. Did it just start happening recently? Is it locally managed or central? Can you check to see if there any relevant system / traffic logs related to this?

Can you please share some specifics of the issue that you were investigating ?

Certainly from a user experience perspective where cloud services are involved it's reasonable that this latency could adversley impact the user experience somewhat and perhaps some tailored tuning may be required.

Actually the problem was put in our queue as following.  There was a 1430 gateway (centrally managed) which basically did nothing else then provide internet access for some different vlans.  The site was a joint-venture and thus at that moment no tunnels were active between the gateway and the corporate headoffice.  Only the sic trust was established.  Then came the request to have one specific server sync to a server at the corporate headoffice.  So we had to add some rules, add gateway to vpn domain, etc...).  However we never could get the tunnel stable.  Yesterday evening we actually reset the sic trust.  Since then the situation seems to have improved.  When i looked this morning the tunnel was still up, and the sync between the two servers was still working.  So we 'might' have solved the issue by resetting the sic.  But unfortunately i haven't had the time to keep an eye on it today.  So hence my questions out of curiosity : 

1. is there a certain latency where we could say, if you have this you can basically forget to ever have a stable tunnel...

2. is there a logfile where we can trace back the tunnel between the gateway and headoffice goes down or up (basically the alternative for smartconsole showing me the green and red status)?  I can ping the public ip of the gateway using a tool like prtg for example, and i could perhaps also write something which tests the sync status between the servers (altough that is basically somebody else's job) but i would suspect something basic like this could be traced in a log on the CP management server for example?

From a VPN perspective this would just follow standard VPN troubleshooting e.g. verifying time settings e.g. NTP etc and working from there.

Presumably also the 1430 is running a recent version i.e. R77.20.87 build ??

This is available in the local security logs as well as on SMS - search VPN

You’re doing a VPN over a satellite link, correct?
Not aware of any specific issues with this.
You’ll probably need to troubleshoot this like any other VPN issue.

Had a look and can find a vpnd.elg but there's nothing interesting in there.  Lot's of : 

Unable to open '/vs7/dev/fw6v0': Connection refused

No ike.log.  I'm guessing these only get filled when debugging is enabled?

Its actually ike.elg...they rotate when you do vpn debug trunc command. So run vpn debug ikeon, generate traffic, then vpn debug ikeoff