ipsec tunnels freezing in PANOS 8.x on active passive configuration , when failoveris needed

cancel
Showing results for 
Search instead for 
Did you mean: 

ipsec tunnels freezing in PANOS 8.x on active passive configuration , when failoveris needed

L1 Bithead

 

 - We have been having issues with VPN tunnels freezing between PA's on different sites; since PANOS8.x  when a failover is done in an active -  passive configuration. Current workaround is to enable tunnel monitoring with failover action. This was not needed in PANOS 7.x, for these kind of situations. the failover works for all the rest of ongoing traffic towards the Internet, only the ipsec tunnel hangs, is this tunnel monitoring a REQUIRED setting in PANOS 8.x; or should it not failover stateless , as all the rest does ?

M.

2 REPLIES 2

Cyber Elite
Cyber Elite

@marce1000,

Is their a reason that you are not using tunnel monitoring at all? More of a question than anything else, I don't configure any IPSec tunnels without one. 

 

I haven't had any issues with failover when running 8.0.x on any of my equipment, but like I said I already have tunnel monitoring configured. 

 

  - Ok, but we fell upon this issue after upgrading to  8.x, I was wondering wether it became a required setting  , since everything worked without tunnel monitoring in 7.x.

 

M.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!