VPN Connection dropping randomly

Hello,

I am hoping someone can assist with an ongoing issue we seem to be having.

we have a file server that we use a site to site VPN to access remotely, there are 7 remote locations that use the VPN tunnels.  a few weeks ago out of the blue the Fortigate on the file server seemed to drop all the tunnels, we went in and brought them all back up, but since then, 2 of the sites keep dropping.  When we look at the tunnels on each Fortigate they both show as up, but the end users cannot access the shared drives through the VPN, to resolve this, we go onto the file server Fortigate and bring down the tunnel, then bring it back up, run a gpupdate on the PC and it restores, but it seems to happen every couple days. Looking at the logs, this is the client side:

negotiate Notice progress IPsec phase 2 success RaneHQ  2024/03/01 11:03:20 negotiate Notice progress IPsec phase 2 success RaneHQ  2024/03/01 11:03:20 tunnel-up Notice IPsec connection status change RaneHQ  2024/03/01 11:03:20 phase2-up Notice IPsec phase 2 status change RaneHQ  2024/03/01 11:03:20 install_sa Notice install IPsec SA RaneHQ 2024/03/01 11:03:20 negotiate Notice negotiate IPsec phase 2 success RaneHQ   2024/03/01 11:03:25 negotiate Notice progress IPsec phase 2 success RaneHQ  2024/03/01 11:03:25 tunnel-up Notice IPsec connection status change RaneHQ  2024/03/01 11:03:25 phase2-up Notice IPsec phase 2 status change RaneHQ  2024/03/01 11:03:25 install_sa Notice install IPsec SA RaneHQ  2024/03/01 11:03:25 negotiate Notice progress IPsec phase 2 success RaneHQ  2024/03/01 11:03:25 negotiate Notice progress IPsec phase 1 success RaneHQ  2024/03/01 11:03:25 negotiate Notice progress IPsec phase 1 success RaneHQ  2024/03/01 11:03:25 negotiate Notice progress IPsec phase 1 success RaneHQ  2024/03/01 11:03:25 negotiate Notice progress IPsec phase 1 success RaneHQ  2024/03/01 11:03:25 error Error IPsec ESP esp_error N/A  2024/03/01 11:03:25 delete_phase1_sa Notice delete IPsec phase 1 SA RaneHQ  2024/03/01 11:03:25 phase2-down Notice IPsec phase 2 status change RaneHQ  2024/03/01 11:03:25 tunnel-down Notice IPsec connection status change RaneHQ  2024/03/01 11:03:25 tunnel-stats Notice IPsec tunnel statistics RaneHQ  2024/03/01 11:03:40 negotiate Notice progress IPsec phase 1 success RaneHQ  2024/03/01 11:12:11 negotiate Notice progress IPsec phase 1 success RaneHQ  2024/03/01 11:12:11 negotiate Notice progress IPsec phase 1 success RaneHQ  2024/03/01 11:12:11 negotiate Notice progress IPsec phase 1 success RaneHQ  2024/03/01 11:12:11 tunnel-stats Notice IPsec tunnel statistics RaneHQ

The logs at the file server have a few of this:

2024/03/01 08:16:06 tunnel-stats Notice IPsec tunnel statistics Lockwood  2024/03/01 08:06:05 tunnel-stats Notice IPsec tunnel statistics Lockwood  2024/03/01 07:56:05 negotiate Notice progress IPsec phase 2 success Lockwood  2024/03/01 07:53:13 install_sa Notice install IPsec SA Lockwood  2024/03/01 07:53:13 phase2-up Notice IPsec phase 2 status change Lockwood  2024/03/01 07:53:13 tunnel-up Notice IPsec connection status change Lockwood  2024/03/01 07:53:13 negotiate Notice progress IPsec phase 2 success Lockwood  2024/03/01 07:53:13 negotiate Notice negotiate IPsec phase 2 success Lockwood  2024/03/01 07:53:13 negotiate Notice progress IPsec phase 1 success Lockwood  2024/03/01 07:53:12 negotiate Notice progress IPsec phase 1 success Lockwood  2024/03/01 07:53:12 negotiate Notice progress IPsec phase 1 success Lockwood  2024/03/01 07:53:12 negotiate Notice progress IPsec phase 1 success Lockwood  2024/03/01 07:53:12 tunnel-down Notice IPsec connection status change Lockwood  2024/03/01 07:53:11 phase2-down Notice IPsec phase 2 status change Lockwood

Any guidance as to where to look for failure would be appreciated.