FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 267783
Description This article describes when the IPsec tunnel will be brought down if DPD is disabled in phase1.
Scope FortiGate.

The tunnel will be brought down when the keylife expires. Check the keylife with the following command:


diagnose vpn tunnel list


For example:


name=DisabledDPD ver=1 serial=8> tun_id= tun_id6=:: dst_mtu=1500 dp
d-link=on weight=1
bound_if=3 lgwy=static/1 tun=intf mode=auto/1 encap=none/552 options[0228]=npu frag-rfc run_state=0 role=primary
accept_traffic=1 overlay_id=0

proxyid_num=1 child_num=0 refcnt=4 ilast=43980886 olast=43980886 ad=/0
stat: rxp=0 txp=0 rxb=0 txb=0
dpd: mode=off on=0 idle=20000ms retry=3 count=0 seqno=0
natt: mode=none draft=0 interval=0 remote_port=0
proxyid=DisabledDPD proto=0 sa=1 ref=2 serial=1
src: 0:
dst: 0:
SA: ref=3 options=30202 type=00 soft=0 mtu=1438 expire=42177/0B replaywin=2048
seqno=1 esn=0 replaywin_lastseq=00000000 qat=0 rekey=0 hash_search_len=1
life: type=01 bytes=0/0 timeout=42898/43200
dec: spi=f099b8fc esp=aes key=16 e5ee72022a73fcd4a5c6493373dbbe6f
ah=sha1 key=20 bfefaefc8f53443b29cc3aa123f22dcf21c74fc1
enc: spi=f5bfe1e9 esp=aes key=16 ad911f2396c9303afd5b4846d7a4ebd4
ah=sha1 key=20 d3a7cf3ae3499d9183181dc72237da08f9a82c84
dec:pkts/bytes=0/0, enc:pkts/bytes=0/0
npu_flag=00 npu_rgwy= npu_lgwy= npu_selid=3 dec_npuid=0 enc_npuid=0