The tunnels to and from MXs will be built regardless of their Security & SD-WAN > Firewall setings. The MX is smart enough not to block it's own VPN connections.
Whether traffic passes between the sites depends on whether their subnets are included in Security & SD-WAN > Site-to-Site VPN. And also the site-to-site firewall settings lower on the same page.
Regular things like the correct setting of default gateways and the firewalls on the clients themselves (e.g. Windows Firewall should also be kept in mind when troubleshooting).
