I have pair of Check Point 5900 gateways working in active/active cluster. DMZ is logically placed behind this cluster and I do have one server that has two network interfaces, one is placed in DMZ and the other is in inside network. This server serves as Edge Server for Cisco Jabber communications, so it has to accept some connections from outside network on port 5060 and 5061 for authentication. However, this doesn't happen, and it used to work just fine. Packet capture shows that there is traffic on outside interface but that traffic is never passed to DMZ interface. Log says that this traffic is allowed.
Routing shouldn't be problem since there are some other services in the same address range that are functioning properly. Also, the problem is that customer doesn't know when the issue occurred so there is no chance to track if there happened to be some minor change that caused such behavior. I can tell that there were only one major change recently, and that was upgrade of management server to R80.20 (gateways are still on R80.10).
Did you have some similar issue or can you give me some troubleshooting tips?