WAN interface connectivity loss logged anywhere?

Reply
Highlighted
L2 Linker

WAN interface connectivity loss logged anywhere?

Do the PaloAlto's have any functionality to monitor a wan link or tunnel and create a log entry if the link is down or there is significant packet loss?  I am able to see these things through external monitoring tools but it would be nice to have a system log entry or something on the PANs as well.

L2 Linker

Re: WAN interface connectivity loss logged anywhere?

You can use xml api to monitor the tunnel status.

Please refer to below document:

How to Monitor VPN state through XML API

You can also setup profile for system logs to be forwarded via Email or SNMP Trap by creating log setting profile under Device --> Log setting --> System --> select severity

Whenever a tunnel is down, then system logs are created for the specific tunnel. Please note this could possibly flood your emails if you select forwarding for all types of severity. There is no way to filter the system logs only for tunnels before forwarding via Email or to syslog server

Hope this helps.

L6 Presenter

Re: WAN interface connectivity loss logged anywhere?

Hi Bridrner,

For any interface up/down situation firewall creates log in Monitor > System log. Let me know if you have query.

For error firewall do not create any report or log. That should be done via SNMP tool.

Regards,

Hardik Shah

L2 Linker

Re: WAN interface connectivity loss logged anywhere?

I haven't tried this quite yet but Dead Peer Detection is looking promising.(Dead Peer Detection and Tunnel Monitoring)  It sounds like I can have it monitor an ip address on the other end of the tunnel and then it will write an event to the system log on down events.

@Mystique - Thanks for the syslog reminder and cautionary note, I have traffic and threat logs being forwarded already but the system syslog settings slipped by me.

L4 Transporter

Re: WAN interface connectivity loss logged anywhere?

Hello bgirdner,

There is no provision to monitor WAN link but there is tunnel monitoring which can be used to monitor the tunnel status for IPsec VPN. When tunnel monitoring fails, it creates a system logs entry indicating the tunnel as down.

Please take a look at the document below which might be helpful to you:

Which Logs are Generated When a Monitor Detects Tunnel is Down/Up?

Dead Peer Detection and Tunnel Monitoring

Thanks

L2 Linker

Re: WAN interface connectivity loss logged anywhere?

Thanks tshiv,

That's pretty much what I was looking for.  Between the dead peer detection for tunnel monitoring and the logs already created when ospf routes go down I should, in theory, have PaloAlto logs for pretty much any isp type issue.

-Ben

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!