Tunnel
Monitoring
For a VPN tunnel, you can check connectivity to a destination
IP address across the tunnel. The network monitoring profile on
the firewall allows you to verify connectivity (using ICMP) to a
destination IP address or a next hop at a specified polling interval,
and to specify an action on failure to access the monitored IP address.
If the destination IP is unreachable, you either configure the
firewall to wait for the tunnel to recover or configure automatic
failover to another tunnel. In either case, the firewall generates
a system log that alerts you to a tunnel failure and renegotiates
the IPSec keys to accelerate recovery.