Recently we've had a few Internet service interruptions unrelated to our firewall (ISP outage, etc) But our firewall failed to re-establish our two IPSec, site-so-site VPNs after the service came back up.
On our end is a Meraki MX84 firewall. One of the VPNs terminates at an Azure VNET gateway. The other terminates at a customer's Palo Alto device.
After the first service interruption, the VPNs hadn't come back up after 40 minutes. I unplugged the firewall power, and plugged it back in. The VPNs came up in less than 5 minutes.
The second service interruption caused a lot of grief for our owner. The VPNs hadn't come up in a few minutes. I didn't troubleshoot; I just unplugged the firewall power, and plugged it back in. Again, the VPNs came up in less than 5 minutes.
Questions:
Is this expected behavior?
If it's not, what do I do about it?
I see a lot of these messages in the event logs: "msg: request for establishing IPsec-SA was queued due to no phase1 found." Is this to be expected? And if not, what do I do about it?
Update
This happened again today, Jun 18. Meraki said the site-to-site VPNs were up this time (VPN status was green), but we had no communication over VPN to our Azure environment. I unplugged the firewall power, and plugged it back in. The VPNs came up in less than 5 minutes.
Azure registered a health event (inaccessible) for one Linux VM. (We have many VMs, mostly Windows.) That could possibly have something to do the the site-to-site Azure VPN.)
I'm crawling through the event logs again. It's slow going.
