• ISP Redundancy

You could try the track/alert option as explained here if not already... 

https://community.checkpoint.com/t5/Security-Gateways/ISP-Redundancy-Tracking/td-p/99891 

Otherwise the debug option perhaps:

https://community.checkpoint.com/t5/Security-Gateways/ISP-redundancy-link-health-status/td-p/204914 

SNMP may also be helpful per:
https://community.checkpoint.com/t5/Security-Gateways/ISP-Redundancy-SNMP-OID-for-monitoring-backup-... 

If I understand correctly, we don't have any of this configured and we won't be able to view any logs of the incident that occurred?

You can also review the contents of /var/log/messages or /var/log/messages.n to see if there a clues recorded there in lieu of the above.

And another question, if I set the Logs parameter in the ISP Redundancy settings, where will these logs be displayed?

SmartView/SmartConsole

You can also search by blade in the logs, though not sure if isp redundancy would be there, as its not technically a blade. 

Hey mate,

Any luck with this?

We haven't been able to figure out why the ISP switches are happening yet. We set the "LOG" parameter in the ISP settings.

In "Audit Logs" in Smart Console, we discovered that we can track the switches by entering the ISP's network gateway address in the search bar. This will show us which default gateway was assigned to the FW and when.

But as far as I understand, this option was available even before the "LOG" parameter was set in the ISP settings, but we couldn't find where the logs are stored that we can view after setting this parameter.

Did you open TAC case for it yet?