I manage a lot of FGs for different customers, and they are in different sites, different network connections, and so on.
During last months, I reported many and many and many strange problem with VPNs IPSEC site to site. Specially, working tunnels go down, and nothing can bring up them.
The only thing that many times solved the problem is to reboot devices EXTERNAL to the FG. Most of time the modem/router, sometimes just the L2 switch (e.g. when we have a cluster, and a switch on the wan side).
The Fortinet support didn't help. Diagnosing some single broken tunnel, the conclusion was that there isn't full connectivity between the units (ISP or devices). Sniffing packets you can see that the first unit sends packets to the second. The second sends a reply, but the reply is not received from the first unit (it seems). We haven't any NAT or particular filter. All sites have public IP addresses, free internet, etc.
After some days, the VPNs go back up.
This involves too many different FGs, customers, sites, IPSs, and so on the consider it related only to a single ISP or device problem.
The ISPs involved are various and different, and also FGs models.
Network devices are also different, but most sites (not all) have the same schema. They have a VDSL line, with a Zyxel VMG1312 connected as bridge (no router, just L2 bridge) and PPoE terminated to the FGs interface. Many times restarting the Zyxel solves the problem.
This makes us crazy.
Any idea? :(