https://live.paloaltonetworks.com/t5/general-topics/failover-ipsec-tunnels-with-tunnel-monitor-keeps-both-tunnels/m-p/591590#M117808 <P>Thank you for that explanation.&nbsp; Also is it normal to have repeated firewall alerts/emails stating that Tunnel A is up/down Tunnel B is up/down?&nbsp; Or is this being generated due something going with the connection of the tunnels?&nbsp; This is the experience we were having yesterday after configuring the dual tunnels.&nbsp; The primary tunnel swapped over, and traffic was flowing properly, but got bombarded with tunnel up/down alerts.</P> Wed, 10 Jul 2024 13:03:18 GMT emarschang 2024-07-10T13:03:18Z https://live.paloaltonetworks.com/t5/general-topics/failover-ipsec-tunnels-with-tunnel-monitor-keeps-both-tunnels/m-p/591510#M117792 <P>We have just configured 2 IPSEC tunnels with a remote palo.&nbsp; Both sides have 2 IPSEC tunnels with tunnel monitor and DPD configured.&nbsp; For some odd reason, the when the primary tunnel is active and has active routes going to it, the secondary tunnel still shows active.&nbsp; Traffic is still flowing the way it should, I never see the traffic change to the secondary tunnel.&nbsp; The tunnel monitoring never disables the second tunnel.&nbsp; Did we over look something in our configuration?</P> Tue, 09 Jul 2024 22:18:34 GMT https://live.paloaltonetworks.com/t5/general-topics/failover-ipsec-tunnels-with-tunnel-monitor-keeps-both-tunnels/m-p/591510#M117792 emarschang 2024-07-09T22:18:34Z https://live.paloaltonetworks.com/t5/general-topics/failover-ipsec-tunnels-with-tunnel-monitor-keeps-both-tunnels/m-p/591520#M117797 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/211188">@emarschang</a>,</P> <P>This would be expected behavior in a properly configured dual tunnel configuration. You want both tunnels to be online and established and your primary passing traffic until it goes down; once the primary goes down the route is removed and traffic just moves to the already established secondary tunnel that is just waiting to take over traffic from the primary.</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 10 Jul 2024 01:49:48 GMT https://live.paloaltonetworks.com/t5/general-topics/failover-ipsec-tunnels-with-tunnel-monitor-keeps-both-tunnels/m-p/591520#M117797 BPry 2024-07-10T01:49:48Z https://live.paloaltonetworks.com/t5/general-topics/failover-ipsec-tunnels-with-tunnel-monitor-keeps-both-tunnels/m-p/591590#M117808 <P>Thank you for that explanation.&nbsp; Also is it normal to have repeated firewall alerts/emails stating that Tunnel A is up/down Tunnel B is up/down?&nbsp; Or is this being generated due something going with the connection of the tunnels?&nbsp; This is the experience we were having yesterday after configuring the dual tunnels.&nbsp; The primary tunnel swapped over, and traffic was flowing properly, but got bombarded with tunnel up/down alerts.</P> Wed, 10 Jul 2024 13:03:18 GMT https://live.paloaltonetworks.com/t5/general-topics/failover-ipsec-tunnels-with-tunnel-monitor-keeps-both-tunnels/m-p/591590#M117808 emarschang 2024-07-10T13:03:18Z https://live.paloaltonetworks.com/t5/general-topics/failover-ipsec-tunnels-with-tunnel-monitor-keeps-both-tunnels/m-p/615025#M121633 <P>I have a similar issue. I have created 2 tunnels on single palo with 2 different peer ip’s ( remote end using different fw). Both tunnela at my end are active but traffic flows through primary only. Issue is when recently i tried to do resiliency test, i shut down primary , traffic disn’t moved to secondary. What do i need to check?</P> Fri, 25 Oct 2024 22:11:26 GMT https://live.paloaltonetworks.com/t5/general-topics/failover-ipsec-tunnels-with-tunnel-monitor-keeps-both-tunnels/m-p/615025#M121633 qamarkhan 2024-10-25T22:11:26Z