I have a weird outtage today where somehow the licensing on my cluster got all out of whack. I've fixed it and cluster is now all green.
However what I now notice is that ICMP to a Remote Office is broken as soon as I have a community setup on the CP side.
Checkpoint Public IP: x.x.x.x
Checkpoint VPN Encryption Domain: 10.10.171.0/24
Remote peer Public IP: z.z.z.z
Remote Peer Encryption Domain: 192.168.1.0/24 and 192.168.11.0/24
As soon as I configure this community (star or mesh), z.z.z.z can no longer ping x.x.x.x
Checkpoint logs report "Clear text packet should be encrypted".
I went as far as blowing out all the VPN communities, disabling IPSEC VPN. Pushing policy. Then reenabling and readding the community. I'm rather confused, as I know for a fact before this used to be fine.
On top of this, Checkpoint Mobile stopped working entirely.