I wanted to mention second message
take packet capture and see how many messages you are getting.
main mode have 6 message for phase 1
for aggressive mode its 4 message
if you are not getting second message then there is some mismatch in parameters
"The Security Parameter Index (SPI) is an identification tag added to the header while using IPsec for tunneling the IP traffic. This tag helps the kernel discern between two traffic streams where different encryption rules and algorithms may be in use."
So it looks like either;
1. the tunnel was setup but it has expired on your end, or
2. its a stray packet for something else
If #1, then check that the timer and data volume rekeying parameters are the same on both ends of the tunnel
If #2, do the endpoint IPs match?
My first guess would be that you have a shorter timer on your IPSec SAs than the remote end has, but usually tunnels fail to setup when parameters dont match. I have no experience with Forti IPSec...
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.