Check that you have network connectivity between the gateway and the Security Gateway or Domain Management Server by pinging from the VSX system (A ping from the Domain Management Server/Security Management to the VSX system will not work because of the default security policy installed on the VSX Gateway/cluster.)

Make sure the context is vrf 0 first.

On all relevant machines, re-check the cables, routes, IP addresses and any intermediate networking devices (routers, switches, hubs, and so on) between the management and the gateway(s).

Check that all the Check Point processes on the VSX Gateway(s) are up and running by running cpwd_admin list and making sure each line has a non-zero value in the PID field.

If the gateway(s) has just rebooted, the Check Point processes might still be coming up. If this is not the case, and you are using Crossbeam X40, make sure you have executed the application … start command. (For more information refer to the Crossbeam documentation.)

Check that the CPD process is listening to the trust establishment port.

Run netstat -an | grep 18211 on the VSX Gateway(s), and make sure that output looks like this:
tcp   0   0 0.0.0.0:18211   0.0.0.0:* LISTEN