How to troubleshoot when Global protect gateway tunnel get disconnected due to" keep-alive timeout"

Info (1011): --Too many outstanding keepalive and no response from GP gateway, disconnect tunnel
Info (1011): --Too many outstanding keepalive and no response from GP gateway, disconnect tunnel
Info (1011): --Too many outstanding keepalive and no response from GP gateway, disconnect tunnel
Info (1011): --Too many outstanding keepalive and no response from GP gateway, disconnect tunnel

• PAN-OS 8.1 and above
• Global protect configured.

1. Take a packet capture on the Client System on the virtual and physical adapters, and on the GlobalProtect (GP) Gateway.
2. When the user reports failure, the packet captures taken reveal if the system has received the ICMP keepalives or not. 
3. If the client system has received the Keepalives then the GP Gateway or Network issues can be ruled out.
4. If the client system has not received the keepalives, then the network issue between the Gateway and Client needs to troubleshoot for packet drops, high CPU etc.
5. Finally, the packet captures on the GP Gateway will reveal if the Gateway itself is sending the keepalives.
6. IF the packet captures indicate a problem with GP gateway that needs help, engage TAC for assistance.

• By default, the client will send IPsec keepalives every 10 seconds, if 5 keepalives are missed (50 seconds) then the connection is torn down and retried.
• The keepalives can be seen in PanGPS logs if it is set on dump level. Keepalives are sent only when there is no network activity.
• Keepalives are regular ICMP packets exchanged within the tunnel between clients private IP address and gateway public IP address.