You can now view the status of the IPSec VPN tunnels to know whether or not valid IKE and IPSec SAs have been established, and whether the tunnel interface is up and available for passing traffic.

Because the tunnel interface is a logical interface, it can’t indicate a physical link status. Therefore, you must use IPSec tunnel monitoring so that the tunnel interface can verify connectivity to an IP address and determine if the path is still usable. If the IP address is unreachable, the firewall will either wait for the tunnel to recover or failover. When a failover occurs, the existing tunnel is torn down, and routing changes are triggered to set up a new tunnel and redirect traffic.

With the IPSec VPN tunnel monitoring feature, you can view the tunnel status:

View the overall status of all the IPSec tunnels, IPSec tunnel status per device, and detailed status of each IPSec tunnel.