Every once in a while you may experience some issues with certain IPSec VPN tunnels. For this reason it might be useful to know how to clear SA sessions that are stuck.**
To flush a tunnel use the following command:
diag vpn tunnel flush <phase1 name>
It is very important to specify the phase1 name, if you forget to specify this the Fortigate will flush ALL tunnels.
You can also reset a tunnel, in this case the Fortigate will completely re-negotiate the IPSec VPN:
diag vpn tunnel reset <phase1 name>
As with the flush do not forget the phase1 name or you will reset all your tunnels.