Because the tunnel interface is a logical interface,
it cannot indicate a physical link status. Therefore, you must enable
tunnel monitoring so that the tunnel interface can verify connectivity
to an IP address and determine if the path is still usable. If the
IP address is unreachable, the firewall will either wait for the
tunnel to recover or failover. When a failover occurs, the existing
tunnel is torn down and routing changes are triggered to set up
a new tunnel and redirect traffic.