Why are IPSec No SAs and IKE No SAs warnings and alerts generated when a device on the Dashboard reboots?
When a monitored device reboots, the IPSec No SAs and IKE No SAs thresholds for that device reaches or surpasses the set values (box turns yellow or red). This is because a remote device continues to try to communicate with the rebooted device using the previously agreed upon parameters, which the rebooted device no longer recognizes. If the monitored device has not been rebooted, and the IPSec No SAs and IKE No SAs values for that device have exceeded, then it indicates a security violation. Investigate the problem using Syslog Analysis reports.