Our customer has an MDS server managing 15 CMAs. Each CMA has its own SG and SG cluster. There is a mesh global VPN community between the managed SGs/SG clusters, so there is a S2S VPN between those Check Point Security Gateway peers.
Along with the MDS, there is a Multi-Domain Log Server (MLM) installed.
The MDS, MLM and the SGs have been running on version R80.40 and R80.40 JHF Take_139
Our customer experiences that some S2S and C2S VPN connections break after policy installation but in a few minutes the VPN connections are reestablished by itself (all peer gateways are Check Point products). However there was a case where only a cluster node change helped to solve the issue which was forced by the customer, in that case the peer was in the azure environment and it was not affecting the rest of the S2S VPNs. Unfortunately this behavior is completely random, it doesn’t happens after every policy installation and we are not able to directly reproduce it.
As it's hard to reproduce this issue we don't see point of to create a maintenance window to debug.
Do you have any idea/suggestion which we could try out to find the root cause of this behavior?
Thanks in advance!
Zsolt