Remember, VM Series firewalls can only handle 300Mbps each way (600Mbps total) per Ipsec tunnel. This is due to the PAN-OS archtiecture. This does not affect hardware firewalls. More info here and here.

test vpn ipsec-sa

Where 1.1.1.1/24 is the other network and 2.2.2.2/24 is our network (and where there is no other traffic flowing between these IP addresses).

clear session all filter destination 1.1.1.1/24

clear session all filter destination 2.2.2.2/24

Or you can clear and recreate the tunnels using Palo commands on the CLI.

clear vpn ipsec-sa tunnel IPSEC_TUN_NAME

clear vpn ike-sa gateway IKE_GW_NAME

test vpn ike-sa gateway IKE_GW_NAME

test vpn ipsec-sa tunnel IPSEC_TUN_NAME

Remember, if you are setting up a VPN from site A which has a changeable IP address and site B which is static, you configure the IKE Gateway at Site B to use a dynamic peer. However, this will not work if you have a GlobalProtect gateway hosted on the same IP.