NW 6.5 SP5
BM 3.8 SP4

Supposed VPN traffic bypasses VPN tunnel, and is instead routed into public internet.
We have configured a new VPN Site-to-Site connection over our public NAT address.
Our BM is the master, and there is a Checkpoint slave in the other end.
This config defines the protected networks on both sides.

How does the BM know which traffic that should be routed into the VPN tunnel?
Does the "3rd Party Server Protected IP Networks" added in the masters "Member List"
act as a routing table for the VPN traffic?

As of now it seems as if the BM isn't aware of it's own VPN at all.
I.e. when pinging a node in the 3rd party protected network,
the BM's IKE screen shows no response at all, and the ping can be traced outside
the VPN tunnel at the 3rd party site...

- Erik