I am in the process of trying to move our checkpoint infrastructure forward and as part of an upgrade i've got to deploy a pair of R77.30 gaia boxes and then move them and the management station up through the versions. Everything works except where the mgmt station talks to remote appliances it needs to do it via a routable address and is NATd to one in our external range via a manual nat rule, on node a, this works fine, on node b the NAT is not applied and the internal address is seen on the external interface. I've checked the ruleset, the install of the gaia servers and everything seems the same between both boxes, and the NAT rules are applied to the cluster object and yet they two nodes behave differently. They do both NAT other objects correctly, just not the mgmt station.
One the incorrect node CP tracker shows the NAT applying on the log, FW Monitor shows it not being applied.
Any ideas what might cause this or where to approach for debugging ?
Both HP physical servers, with a virtual management station on windows, both R77.30 HFA take 351. HP servers have all the latest firmware. The external interface is a vlan on a 10gb trunk to a switch, this is the only difference between the two servers as one sees it's card as eth7, one as eth9, but they are configured the same and in the same cluster nic on the cluster topology.