These log errors in the SmartView Tracker are generated in the VPN module when a packet arrives with a replay counter that does not match the SA's counter window. This is a possible "Replay Attack", due to inspection in the VPN module detecting a sequence number of a late transmitted packet out of sequence. A Replay Attack is an act of an attacker obtaining a copy of an authenticated packet, and later transmitting it to the intended host. The receipt of duplicate, authenticated IP packets can have some undesired consequence, or disrupt service in some way.
The issue can be caused by Identity Sharing to/from standby member. As a result standby is opening a tunnel (in parallel to active) and this can cause the Replay Attack.
The sequence number field is designed to prevent such attacks. When a new Security Association (SA) is established, the sender initializes a sequence number counter to "0". Each time a packet is sent on this Security Association (SA), the sender increments the counter and places the value in the sequence number field. Thus, the first value used is "1".
Replay attack protection is implemented in VPN-1 and Check Point IPsec RA clients (all versions and variations, including the Safe@ series, Edges, UTM-1s).