https://live.paloaltonetworks.com/t5/general-topics/wan-interface-connectivity-loss-logged-anywhere/m-p/48448#M35657 <HTML><HEAD></HEAD><BODY><P>I haven't tried this quite yet but Dead Peer Detection is looking promising.(<A href="https://live.paloaltonetworks.com/docs/DOC-1323">Dead Peer Detection and Tunnel Monitoring</A>)&nbsp; It sounds like I can have it monitor an ip address on the other end of the tunnel and then it will write an event to the system log on down events.</P><P></P><P>@Mystique - Thanks for the syslog reminder and cautionary note, I have traffic and threat logs being forwarded already but the system syslog settings slipped by me.</P></BODY></HTML> Mon, 27 Oct 2014 23:46:53 GMT bgirdner 2014-10-27T23:46:53Z https://live.paloaltonetworks.com/t5/general-topics/wan-interface-connectivity-loss-logged-anywhere/m-p/48445#M35654 <HTML><HEAD></HEAD><BODY><P>Do the PaloAlto's have any functionality to monitor a wan link or tunnel and create a log entry if the link is down or there is significant packet loss?&nbsp; I am able to see these things through external monitoring tools but it would be nice to have a system log entry or something on the PANs as well.</P></BODY></HTML> Mon, 27 Oct 2014 22:36:18 GMT https://live.paloaltonetworks.com/t5/general-topics/wan-interface-connectivity-loss-logged-anywhere/m-p/48445#M35654 bgirdner 2014-10-27T22:36:18Z https://live.paloaltonetworks.com/t5/general-topics/wan-interface-connectivity-loss-logged-anywhere/m-p/48446#M35655 <HTML><HEAD></HEAD><BODY><P>You can use xml api to monitor the tunnel status.</P><P>Please refer to below document:</P><P><A href="https://live.paloaltonetworks.com/docs/DOC-7378">How to Monitor VPN state through XML API</A></P><P></P><P>You can also setup profile for system logs to be forwarded via Email or SNMP Trap by creating log setting profile under Device --&gt; Log setting --&gt; System --&gt; select severity </P><P>Whenever a tunnel is down, then system logs are created for the specific tunnel. Please note this could possibly flood your emails if you select forwarding for all types of severity. There is no way to filter the system logs only for tunnels before forwarding via Email or to syslog server</P><P></P><P>Hope this helps. </P></BODY></HTML> Mon, 27 Oct 2014 22:45:17 GMT https://live.paloaltonetworks.com/t5/general-topics/wan-interface-connectivity-loss-logged-anywhere/m-p/48446#M35655 Mystique 2014-10-27T22:45:17Z https://live.paloaltonetworks.com/t5/general-topics/wan-interface-connectivity-loss-logged-anywhere/m-p/48447#M35656 <HTML><HEAD></HEAD><BODY><P>Hi Bridrner,</P><P></P><P>For any interface up/down situation firewall creates log in Monitor &gt; System log. Let me know if you have query.</P><P></P><P>For error firewall do not create any report or log. That should be done via SNMP tool.</P><P></P><P>Regards,</P><P>Hardik Shah</P></BODY></HTML> Mon, 27 Oct 2014 23:12:22 GMT https://live.paloaltonetworks.com/t5/general-topics/wan-interface-connectivity-loss-logged-anywhere/m-p/48447#M35656 hshah 2014-10-27T23:12:22Z https://live.paloaltonetworks.com/t5/general-topics/wan-interface-connectivity-loss-logged-anywhere/m-p/48448#M35657 <HTML><HEAD></HEAD><BODY><P>I haven't tried this quite yet but Dead Peer Detection is looking promising.(<A href="https://live.paloaltonetworks.com/docs/DOC-1323">Dead Peer Detection and Tunnel Monitoring</A>)&nbsp; It sounds like I can have it monitor an ip address on the other end of the tunnel and then it will write an event to the system log on down events.</P><P></P><P>@Mystique - Thanks for the syslog reminder and cautionary note, I have traffic and threat logs being forwarded already but the system syslog settings slipped by me.</P></BODY></HTML> Mon, 27 Oct 2014 23:46:53 GMT https://live.paloaltonetworks.com/t5/general-topics/wan-interface-connectivity-loss-logged-anywhere/m-p/48448#M35657 bgirdner 2014-10-27T23:46:53Z https://live.paloaltonetworks.com/t5/general-topics/wan-interface-connectivity-loss-logged-anywhere/m-p/48449#M35658 <HTML><HEAD></HEAD><BODY><P>Hello <STRONG style="font-size: 12px; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; color: #3b3b3b;"><A _jive_internal="true" class="jiveTT-hover-user jive-username-link" data-avatarid="2086" data-externalid="" data-presence="null" data-userid="27029" data-username="bgirdner" href="https://live.paloaltonetworks.com/people/bgirdner" style="padding: 0 3px 0 0; font-weight: inherit; font-style: inherit; font-size: 1.1em; font-family: inherit; color: #006595;">bgirdner</A></STRONG>,</P><P></P><P>There is no provision to monitor WAN link but there is tunnel monitoring which can be used to monitor the tunnel status for IPsec VPN. When tunnel monitoring fails, it creates a system logs entry indicating the tunnel as down.</P><P>Please take a look at the document below which might be helpful to you:</P><P></P><P><A href="https://live.paloaltonetworks.com/docs/DOC-7636">Which Logs are Generated When a Monitor Detects Tunnel is Down/Up?</A></P><P></P><P><A href="https://live.paloaltonetworks.com/docs/DOC-1323">Dead Peer Detection and Tunnel Monitoring</A></P><P></P><P>Thanks</P></BODY></HTML> Tue, 28 Oct 2014 00:12:30 GMT https://live.paloaltonetworks.com/t5/general-topics/wan-interface-connectivity-loss-logged-anywhere/m-p/48449#M35658 tshiv 2014-10-28T00:12:30Z https://live.paloaltonetworks.com/t5/general-topics/wan-interface-connectivity-loss-logged-anywhere/m-p/48450#M35659 <HTML><HEAD></HEAD><BODY><P>Thanks <A href="https://live.paloaltonetworks.com/u1/10570">tshiv</A>,</P><P></P><P>That's pretty much what I was looking for.&nbsp; Between the dead peer detection for tunnel monitoring and the logs already created when ospf routes go down I should, in theory, have PaloAlto logs for pretty much any isp type issue.</P><P></P><P>-Ben</P></BODY></HTML> Tue, 28 Oct 2014 15:14:04 GMT https://live.paloaltonetworks.com/t5/general-topics/wan-interface-connectivity-loss-logged-anywhere/m-p/48450#M35659 bgirdner 2014-10-28T15:14:04Z