I have 4 VPN tunnels configured on each of my 60D units 2 to a primary datacenter and the other 2 to a DR datacenter.  Then at my head end I have two FGT 300D units not in HA for the VPNs.  The VPNs are using BGP for routing so routing metrics get updated if one of the VPN tunnels goes down.  On the backup VPN to each datacenter I have the backup tunnel using the set monitor setting to monitor the primary tunnel.  My issue I am having is on some units the backup VPN tunnel either the primary or DR datacenter and sometimes both is coming up when the primary tunnel is still up.  I try to down the VPN tunnel and the tunnel will not go down and the only way to down the tunnel is to disable the tunnel interface.  Any thoughs on why the backup tunnel would be coming up?

I am trying to collect debug logs when the issue occurs but since it is so random I don’t know out of my 300 60D units which unit will have the issue.  I have been trying to use the VPN Monitor tab in Fortimanger to check if the backup tunnel is up but that does not help in collecting debug logs.

Also if I am running debug on a computer overnight will the ssh session go idle long enough for the Fortigate to log me out or if debug info is always going across the session will it not log me out?