- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
10-27-2014 03:36 PM
Do the PaloAlto's have any functionality to monitor a wan link or tunnel and create a log entry if the link is down or there is significant packet loss? I am able to see these things through external monitoring tools but it would be nice to have a system log entry or something on the PANs as well.
10-27-2014 05:12 PM
Hello bgirdner,
There is no provision to monitor WAN link but there is tunnel monitoring which can be used to monitor the tunnel status for IPsec VPN. When tunnel monitoring fails, it creates a system logs entry indicating the tunnel as down.
Please take a look at the document below which might be helpful to you:
Which Logs are Generated When a Monitor Detects Tunnel is Down/Up?
Dead Peer Detection and Tunnel Monitoring
Thanks
10-27-2014 03:45 PM
You can use xml api to monitor the tunnel status.
Please refer to below document:
How to Monitor VPN state through XML API
You can also setup profile for system logs to be forwarded via Email or SNMP Trap by creating log setting profile under Device --> Log setting --> System --> select severity
Whenever a tunnel is down, then system logs are created for the specific tunnel. Please note this could possibly flood your emails if you select forwarding for all types of severity. There is no way to filter the system logs only for tunnels before forwarding via Email or to syslog server
Hope this helps.
10-27-2014 04:12 PM
Hi Bridrner,
For any interface up/down situation firewall creates log in Monitor > System log. Let me know if you have query.
For error firewall do not create any report or log. That should be done via SNMP tool.
Regards,
Hardik Shah
10-27-2014 04:46 PM
I haven't tried this quite yet but Dead Peer Detection is looking promising.(Dead Peer Detection and Tunnel Monitoring) It sounds like I can have it monitor an ip address on the other end of the tunnel and then it will write an event to the system log on down events.
@Mystique - Thanks for the syslog reminder and cautionary note, I have traffic and threat logs being forwarded already but the system syslog settings slipped by me.
10-27-2014 05:12 PM
Hello bgirdner,
There is no provision to monitor WAN link but there is tunnel monitoring which can be used to monitor the tunnel status for IPsec VPN. When tunnel monitoring fails, it creates a system logs entry indicating the tunnel as down.
Please take a look at the document below which might be helpful to you:
Which Logs are Generated When a Monitor Detects Tunnel is Down/Up?
Dead Peer Detection and Tunnel Monitoring
Thanks
10-28-2014 08:14 AM
Thanks tshiv,
That's pretty much what I was looking for. Between the dead peer detection for tunnel monitoring and the logs already created when ospf routes go down I should, in theory, have PaloAlto logs for pretty much any isp type issue.
-Ben
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!