- We have been having issues with VPN tunnels freezing between PA's on different sites; since PANOS8.x when a failover is done in an active - passive configuration. Current workaround is to enable tunnel monitoring with failover action. This was not needed in PANOS 7.x, for these kind of situations. the failover works for all the rest of ongoing traffic towards the Internet, only the ipsec tunnel hangs, is this tunnel monitoring a REQUIRED setting in PANOS 8.x; or should it not failover stateless , as all the rest does ?
Is their a reason that you are not using tunnel monitoring at all? More of a question than anything else, I don't configure any IPSec tunnels without one.
I haven't had any issues with failover when running 8.0.x on any of my equipment, but like I said I already have tunnel monitoring configured.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!