Currently have a vpn connection to a remote site , and now we are transferring many info along the day
But sometimes connection closes and transfer interrupts
So we want to sent alerts when this connection o transfer interrupts to be able to sends a kind of email alert
Is it possible?
Thank you for posting question @larry2019
There might be different ways to do it, but probably most straightforward way is to configure new alert under: Device > Log Settings > System
You can use for example following filter: ( subtype eq vpn ) and ( eventid eq tunnel-status-down )
and set email profile for alerting.
In addition to what @PavelK already mentioned, you can also configure tunnel monitoring to have the firewall actually monitor traffic across that tunnel and alert when it goes down. The benefit of tunnel monitoring is that some non-PAN vendors (Cisco as an example) will actually bring down the tunnel if they don't have any traffic going across it for a set amount of time by default. By configuring tunnel monitoring you could potentially have the entire issue go away depending on how the other side is configured.
Thanks guys for the prompt reply. @BPry and @PavelK
I comment in more detail on the scenario.
What happens is that although it is true, traffic is being transferred through the VPN, the tunnel never falls, connectivity to the specific destination is lost.
What I have to do is restart phase 2 to have connectivity, however returning I also require that when I lose connection to the vpn destination it sends me an alert.
Thanks in advance
When you say traffic to the specific host is lost, is that the only host you are monitoring or attempting to hit? When you experience this issue have you verified that traffic to other hosts across that VPN tunnel actually works?
I would still recommend that you setup a tunnel monitoring profile and define the specific host as your monitored IP. The firewall will simply attempt to send ICMP traffic to the host and will alert you if the tunnel monitor IP goes down that you can setup alert forwarding for. I would leave the action on the tunnel monitor profile as Wait Recover and see if the firewall attempting to recover by renegotiating new keys solves the issue, because it seems like it would in this particular case. Give it a go and see if it doesn't at least give you a RTO without manual intervention.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!