https://live.paloaltonetworks.com/t5/general-topics/vpn-tunnel-monitoring-between-two-palo-alto-devices/m-p/362883#M88299 <P>Hello,</P> <P>Sounds like you have it correct :).</P> <P>&nbsp;</P> <P>Cheers!</P> Thu, 12 Nov 2020 22:35:39 GMT OtakarKlier 2020-11-12T22:35:39Z https://live.paloaltonetworks.com/t5/general-topics/vpn-tunnel-monitoring-between-two-palo-alto-devices/m-p/362746#M88297 <P>Hello,</P><P>&nbsp;</P><P>From what I understand, when creating a tunnel monitor between two PA devices it's best to assign IP addresses on the same segment to the tunnel interface on each side.&nbsp; The monitor is then setup with the remote destination on each side.</P><P>&nbsp;</P><P>Example:</P><P>FW-A-Tunnel.1 (10.10.10.1/30)&nbsp; &lt;---&gt;&nbsp; FW-B-Tunnel.1 (10.10.10.2/30)</P><P>&nbsp;</P><P>FW-A will monitor 10.10.10.2</P><P>FW-B will monitor 10.10.10.1</P><P>&nbsp;</P><P>On the firewall this creates what appears to be a directly connected network on the tunnel interfaces, and no additional configuration or routing is required.&nbsp; I have set it up this way and it works, but I just want to make sure I'm understanding it correctly, and doing it properly.&nbsp; There isn't much documentation on the IP configuration, but it seems like an arbitrary private address on the same network on both sides is the solution.</P><P>&nbsp;</P><P>Thanks.&nbsp;</P> Thu, 12 Nov 2020 18:28:24 GMT https://live.paloaltonetworks.com/t5/general-topics/vpn-tunnel-monitoring-between-two-palo-alto-devices/m-p/362746#M88297 NobleNOC 2020-11-12T18:28:24Z https://live.paloaltonetworks.com/t5/general-topics/vpn-tunnel-monitoring-between-two-palo-alto-devices/m-p/362883#M88299 <P>Hello,</P> <P>Sounds like you have it correct :).</P> <P>&nbsp;</P> <P>Cheers!</P> Thu, 12 Nov 2020 22:35:39 GMT https://live.paloaltonetworks.com/t5/general-topics/vpn-tunnel-monitoring-between-two-palo-alto-devices/m-p/362883#M88299 OtakarKlier 2020-11-12T22:35:39Z