Too short Internet disconnection of one peer

Question

Hello Community, 
 
 I've got a VPN (ipsec, site-2-site) between two offices. 
 On on site, the provider refresh the fiber connection every week (and no option to prevent that, free or not). The problem is the disconnection is really short (about 15 sec). 
 So the XG on this site tries to restart a new tunnel (as a Internet down has been detected), but on the second site, the XG tries to use the actual tunnel as 15 seconds is too short to be considered as a tunnel-down. 
 So both XG stucks on its mind for a few minutes, then after several minutes the second site stop/restart the tunnel and it's ok. 
 As a few minutes is too long (many people using RDP in the tunnel), the customer just reset the second site XG. 
 It's bothering and it will be worst as next week the second site will receive a fiber from the same provider and I don't think the two connections refreshment will be synchronized. So twice a week we'll need to reset a XG. 
 How can I shorten the tunnel restart ? The Internet shutdown is really fast (as I said it's about 15 seconds) so the Dead Peer Detection doesn't detect the site as down. 
 Any idea ?

Deepak Verma · Answer

Hi, 
 As I am getting your question that client site is having this issue. 
 Here I am sharing some idea to resolve the issue: 
 1. HQ (Where the Internet is stable) check the gateway type. I am recommended to change as "Respond Only" mode and other side change as "Initiate the Connection" mode. 
 2. Check the Phase 1 and Phase 2 key life. (I am not sure, how much will ok for you but the default is 3600 Seconds). 
 3. DPD option "When Peer Unreachable" change to "Disconnect" on HQ site and other side keep as "Re-Initiate". 
 I hope it will help and I suggest to share the screenshot of configuration for more details.