WAN interface connectivity loss logged anywhere?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

WAN interface connectivity loss logged anywhere?

L2 Linker

Do the PaloAlto's have any functionality to monitor a wan link or tunnel and create a log entry if the link is down or there is significant packet loss?  I am able to see these things through external monitoring tools but it would be nice to have a system log entry or something on the PANs as well.

1 accepted solution

Accepted Solutions

L4 Transporter

Hello bgirdner,

There is no provision to monitor WAN link but there is tunnel monitoring which can be used to monitor the tunnel status for IPsec VPN. When tunnel monitoring fails, it creates a system logs entry indicating the tunnel as down.

Please take a look at the document below which might be helpful to you:

Which Logs are Generated When a Monitor Detects Tunnel is Down/Up?

Dead Peer Detection and Tunnel Monitoring

Thanks

View solution in original post

5 REPLIES 5

L2 Linker

You can use xml api to monitor the tunnel status.

Please refer to below document:

How to Monitor VPN state through XML API

You can also setup profile for system logs to be forwarded via Email or SNMP Trap by creating log setting profile under Device --> Log setting --> System --> select severity

Whenever a tunnel is down, then system logs are created for the specific tunnel. Please note this could possibly flood your emails if you select forwarding for all types of severity. There is no way to filter the system logs only for tunnels before forwarding via Email or to syslog server

Hope this helps.

L6 Presenter

Hi Bridrner,

For any interface up/down situation firewall creates log in Monitor > System log. Let me know if you have query.

For error firewall do not create any report or log. That should be done via SNMP tool.

Regards,

Hardik Shah

L2 Linker

I haven't tried this quite yet but Dead Peer Detection is looking promising.(Dead Peer Detection and Tunnel Monitoring)  It sounds like I can have it monitor an ip address on the other end of the tunnel and then it will write an event to the system log on down events.

@Mystique - Thanks for the syslog reminder and cautionary note, I have traffic and threat logs being forwarded already but the system syslog settings slipped by me.

L4 Transporter

Hello bgirdner,

There is no provision to monitor WAN link but there is tunnel monitoring which can be used to monitor the tunnel status for IPsec VPN. When tunnel monitoring fails, it creates a system logs entry indicating the tunnel as down.

Please take a look at the document below which might be helpful to you:

Which Logs are Generated When a Monitor Detects Tunnel is Down/Up?

Dead Peer Detection and Tunnel Monitoring

Thanks

Thanks tshiv,

That's pretty much what I was looking for.  Between the dead peer detection for tunnel monitoring and the logs already created when ospf routes go down I should, in theory, have PaloAlto logs for pretty much any isp type issue.

-Ben

  • 1 accepted solution
  • 4678 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!