Check that you have network connectivity between the gateway and the Security Gateway or Domain Management Server by pinging from the VSX system (a ping from the Management Server to the VSX Gateway will not work because of the default security policy installed on the VSX Gateway / VSX Cluster Member).

Make sure the context is vrf 0 first.

On all relevant machines, re-check the cables, routes, IP addresses and any intermediate networking devices (routers, switches, hubs, and so on) between the management and the gateway(s).

Check that all the Check Point processes on the VSX Gateway(s) are up and running by running cpwd_admin list and making sure each line has a non-zero value in the PID field.

If the gateway(s) has just rebooted, the Check Point processes might still be coming up.

Check that the CPD process is listening to the trust establishment port.

Run netstat -an | grep 18211 on the VSX Gateway(s), and make sure that output looks like this:

tcp   0   0 0.0.0.0:18211   0.0.0.0:* LISTEN