ISP Failover Email Alert

Reply
Highlighted
L4 Transporter

ISP Failover Email Alert

Recently we configured ISP failover on two PA500s using PBF for the primary ISP and the virtual router for the backup ISP. We would like to setup some kind of email notification, or alert when this failover occurs. I've looked through the Admin Guide to try to figure out the best solution and the forums and haven't found a solution yet. What would be the best solution for this? Thanks!

L5 Sessionator

Re: ISP Failover Email Alert

Hello David, if you have link monitoring and/or path monitoring enabled for use in conjunction with your PBF configuration then the PAN device will generate a system log when a link monitoring or path monitoring event occurs.  You can also configure e-mail alerting for events of this nature and the PAN device will send e-mails when a failure is detected.  You may find the following articles helpful:

https://live.paloaltonetworks.com/docs/DOC-4117

https://live.paloaltonetworks.com/message/8821#8821

If you have a syslog server then filtering on specific syslog events for notification purposes may be a viable option in your environment as well.

Hope this helps.

L4 Transporter

Re: ISP Failover Email Alert

Thank you for the quick response. So, from the articles posted I understand that I CAN NOT configure an email alert based on the type "PBF" and event "nh-down" (which is what I am understanding is the ISP failover system log), but only on severity "informational". Is that correct? If this is the case, it would be extremely useful to allow for more granular configuration of emailing alerts/logs. Also, is there a way to change certain events to a different severity level? To our organization, an ISP failover is a high severity, maybe even critical.

L5 Sessionator

Re: ISP Failover Email Alert

David, your understanding is correct.  In additional to this you cannot assign a different severity level to an event.  While the level of granularity you require with regards to e-mail alerting does not currently exist this is a feature request you could submit through your Palo Alto systems engineer.  Otherwise, alerting on syslog events through a configurable third party syslog utility may be your best option.

L3 Networker

Re: ISP Failover Email Alert

This post is rather old, but I'm trying to do the same thing.  I want to know when we flip to our secondary ISP.  We are using 5.0.14 and will be upgrading to 6.1 soon - is there any new info for these images?

Thank you

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!