Monitoring VPN tunnel down events with SNMP

Monitoring VPN tunnel down events with SNMP

52106
Created On 09/25/18 19:54 PM - Last Modified 06/09/23 07:35 AM


Symptom


Symptoms

Is there a way to generate SNMP traps or generate some type of notification if a VPN tunnel goes down?  

Diagnosis

A tunnel monitor was set up to monitor IPsec VPN Tunnels on the between PA device and want to generate an alert if the tunnel goes down. At this point in time PA devices do not support VPN tunnel monitoring events through SNMP MIB's.

Resolution


 As a workaround we can rely on Syslog server and the logs we send to it. 
 

Steps:

  1. Configure Tunnel Monitor feature on the firewall.
  2. Configure syslog server. 
  3. Configure Device > Log Setting > System to send logs to Syslog server. 
  4. When tunnel monitor fails firewall generates the following message in the system log: 
    Time Severity Subtype Object EventID ID Description
    ===============================================================================
    2015/11/15 13:24:34 low vpn <object name> tunnel- 0 Tunnel <tunnel name> is down  
  5. Syslog server receives "tunnel down" message 
  6. After IPSec tunnel is brought up tunnel interface also goes up and a new message "tunnel is UP" is generated in system logs 
  7. Newly generated log is sent to the Syslog server.

 

See also:

Dead Peer Detection and Tunnel Monitoring

How to Verify if IPSec Tunnel Monitoring is Working

How to Forward System Logs to Syslog Server



Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClgnCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language