we ran into a problem with a NGF in a customers LAN - the site-2-site vpn tina tunnel was totally unstable. Most of the other clients on the LAN (mostly windows pcs) works fine.
Finally a tcpdump capture helped to find the cause of the problem. There was an ip-conflict in the customers LAN, we saw two MAC addresses for the configured default gateway ip on the NGF.
Would be great if NGF detects duplicated gateway IPs.