How do VPN connections get monitored outside of logs?

Reply
L0 Member

How do VPN connections get monitored outside of logs?

Am I missing some way of monitoring VPN connections outside of watching the logs?  How about a widget or something?

Not applicable

Re: How do VPN connections get monitored outside of logs?

Take a look at the PAN-TRAPS MIB file.  There are a number of IPSec VPN traps that could be used for SNMP-based monitoring.  There are also GlobalProtect traps if your questions was actually about monitoring SSL VPN and not IPSec VPN.  Download the MIB and open it in a MIB browser to quickly see if any of the available traps will cover what you need.

This is the link to the different MIB versions:  https://live.paloaltonetworks.com/community/documentation/content?filterID=content~category[enterpri...

I hope that helps.

- Jared Davis

L0 Member

Re: How do VPN connections get monitored outside of logs?

Jared,

Thanks for the reply but I was thinking something more along the line of something within the PA GUI on the dashboard tab like most other name brand products have.

Highlighted
Not applicable

Re: How do VPN connections get monitored outside of logs?

It appears that a feature request was filed with Product Management for exactly what interests you.  Check with your local systems engineer from Palo Alto Networks.  She or he will be able to look into the matter further and let you know whether there are any plans to include such an enhancement in a future release.  Ask her or him to search on "IPSec Monitor on Dashboard".

- Jared Davis

L2 Linker

Re: How do VPN connections get monitored outside of logs?

In the Network>IPSec Tunnels GUI, you have basic monitoring functionality for the status of each IPSec VPN connection...using those green/red "LEDs". If you need more than that, usually something on that IPSec peer is abnormal, and you have to view the logs anyway to troubleshoot.

From the help section of that page:

Viewing IPSec Tunnel Status on the Firewall

Network > IPSec Tunnels

To view the status of currently defined IPSec VPN tunnels, open the IPSec Tunnels page. The following status information is reported on the page:

  • Tunnel Status (first status column)—Green indicates an IPSec SA tunnel. Red indicates that IPSec SA is not available or has expired.
  • IKE Gateway Status—Green indicates a valid IKE phase-1 SA. Red indicates that IKE phase-1 SA is not available or has expired.
  • Tunnel Interface Status—Green indicates that the tunnel interface is up (because tunnel monitor is disabled, or because tunnel monitor status is UP). Red indicates that the tunnel interface is down, because the tunnel monitor is enabled and the status is down.

Hope that helps...

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!