1) SNMP OID 18.104.22.168.4.1.2620.500.9002.1.3 is responsible for the VPN TUNNEL STATE Monitoring.
2) Map this OID if it is not present by default.
3) In the below document I have mapped the OID so it is showing as a customized event (i.e) 0xfff.... See the below screenshot.
4) After mapping the OID go to the firewall where the VPN Tunnels are configured and check for the VPNTunnelMonitoring attribute and will show as below with value and table.
5) If you click on the highlightened “Table” it will display the list of Tunnels configured as below. In the below screenshot there are 11 Tunnels configured.
6) The value 3 represents the state of the Tunnel and is Active. The following are the values for the Tunnel state.
7) Once you configured above steps you can create a Spectrowatch and monitor the Tunnels with the Alarm criticality that you require.