Keepalive

When an IPsec VPN tunnel is not in use, it can be shut down after a set period to release resources on SNS firewalls. However, if traffic must pass through this tunnel, negotiations must be started all over again. This will generate latency and cause minor packet loss. With the keepalive mechanism, traffic can be generated artificially in an IPsec VPN tunnel to keep it running. This type of traffic (discard protocol, UDP port 9) is of no use when it is received and can be filtered without being logged.

R48 | SNS | Configure Keepalive
The Keepalive function should be enabled, and traffic sent from the remote appliance should be filtered.

This feature can be configured in Configuration > VPN > IPsec VPN > Encryption policy - Tunnels by changing the interval between requests by the mechanism in the KeepAlive column. A value of 0 means that it is not in use.