Checkpoint 80.10 has several VPN are up and working fine.
There is a problem a VPN to a paloalto firewall. The VPN is up but can't send or receive traffic. There is no monitor blade licence so troubleshooting options are limited.
1. "vpn tu" command shows tunnels are up.
2. fw.log shows icmp traffic from local to peer going out (description "Encrypted in community")
3. fw.log shows icmp traffic from peer to local coming in (description "Decrypted in community")
Yet the peer firewall team say nothing is hitting their side over the tunnel and neither side gets a ping reply.
100% confirmed all the usual phase 1, phase 2, IKE v1, main mode, preshared key, firewall rules, encryption domains etc.
No problem with VPNs to any other firewall (Cisco ASA, Sonicwall, Watchguard).