topic Re: ALERT WHEN VPN DESTINATION STOP WORKING in General Topics

ALERT WHEN VPN DESTINATION STOP WORKING

larry2019 — Wed, 22 Sep 2021 23:02:01 GMT

Hi everybody

Currently have a vpn connection to a remote site , and now we are transferring many info along the day

But sometimes connection closes and transfer interrupts

So we want to sent alerts when this connection o transfer interrupts to be able to sends a kind of email alert

Is it possible?

Re: ALERT WHEN VPN DESTINATION STOP WORKING

PavelK — Thu, 23 Sep 2021 00:12:28 GMT

Thank you for posting question @larry2019

There might be different ways to do it, but probably most straightforward way is to configure new alert under: Device > Log Settings > System

You can use for example following filter: ( subtype eq vpn ) and ( eventid eq tunnel-status-down )

and set email profile for alerting.

Kind Regards

Pavel

Re: ALERT WHEN VPN DESTINATION STOP WORKING

BPry — Fri, 24 Sep 2021 01:59:03 GMT

@larry2019,

In addition to what @PavelK already mentioned, you can also configure tunnel monitoring to have the firewall actually monitor traffic across that tunnel and alert when it goes down. The benefit of tunnel monitoring is that some non-PAN vendors (Cisco as an example) will actually bring down the tunnel if they don't have any traffic going across it for a set amount of time by default. By configuring tunnel monitoring you could potentially have the entire issue go away depending on how the other side is configured.

Re: ALERT WHEN VPN DESTINATION STOP WORKING

larry2019 — Fri, 24 Sep 2021 21:14:01 GMT

Thanks guys for the prompt reply. @BPry and @PavelK
I comment in more detail on the scenario.
What happens is that although it is true, traffic is being transferred through the VPN, the tunnel never falls, connectivity to the specific destination is lost.
What I have to do is restart phase 2 to have connectivity, however returning I also require that when I lose connection to the vpn destination it sends me an alert.
Thanks in advance

Re: ALERT WHEN VPN DESTINATION STOP WORKING

BPry — Sun, 26 Sep 2021 05:30:06 GMT

@larry2019,

When you say traffic to the specific host is lost, is that the only host you are monitoring or attempting to hit? When you experience this issue have you verified that traffic to other hosts across that VPN tunnel actually works?

I would still recommend that you setup a tunnel monitoring profile and define the specific host as your monitored IP. The firewall will simply attempt to send ICMP traffic to the host and will alert you if the tunnel monitor IP goes down that you can setup alert forwarding for. I would leave the action on the tunnel monitor profile as Wait Recover and see if the firewall attempting to recover by renegotiating new keys solves the issue, because it seems like it would in this particular case. Give it a go and see if it doesn't at least give you a RTO without manual intervention.