How to check which Remote Network tunnel handling traffic?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to check which Remote Network tunnel handling traffic?

L1 Bithead

In our Prisma Access Remote Network deployment, we have created 2 sites, each sites having two IPSec tunnels configured as Primary and Secondary. I wanted to verify the logs in Log viewer to identify the tunnel which is currently handling the traffic as I can see option to filter based on sites not tunnels 

 

Any suggestion would helpful.

1 accepted solution

Accepted Solutions

L2 Linker

@Lalit-Sahu wrote:

In our Prisma Access Remote Network deployment, we have created 2 sites, each sites having two IPSec tunnels configured as Primary and Secondary. I wanted to verify the logs in Log viewer to identify the tunnel which is currently handling the traffic as I can see option to filter based on sites not tunnels 

 

Any suggestion would helpful.


Hello @Lalit-Sahu , thank you for clarifying your questions and for providing additional context. Unfortunately, as of today, I don't believe Prisma Access Remote Network has that capability. Prisma Access logs will only show the site name and note the specific tunnel name, so you can do filters and reports based on that. There is no other way to check for which tunnel is processing your traffic in particular. Although, Traffic volume per tunnel can be seen in Prisma Access Insights, but that will be an aggregate number  so no number on AppID, etc. If this is something you truly want, I think you discuss the possibility with your account team and to determine if they have something in pipeline for future capability.  I hope that helps to provide some clarity.

View solution in original post

5 REPLIES 5

L2 Linker

@Lalit-Sahu wrote:

In our Prisma Access Remote Network deployment, we have created 2 sites, each sites having two IPSec tunnels configured as Primary and Secondary. I wanted to verify the logs in Log viewer to identify the tunnel which is currently handling the traffic as I can see option to filter based on sites not tunnels 

 

Any suggestion would helpful.


Hello @Lalit-Sahu ,

I understand you are looking for a way to verify which logs belong to which tunnel so you can determine which of the tunnels you created is currently handling your traffic. The best way to differentiate traffic hitting tunnel A from tunnel B is by focusing on the "From Zone" of the Firewall/Traffic logs. The "From Zone" will explicitly reference the tunnel name of the site location. So, for a good example, if traffic from client > Server is processed by Site A and you named the remote branch tunnel "Site A", on the Firewall/Traffic logs, you will see the "From Zone" as "Site A". This is an easy way to determine if traffic is processed either by Tunnel A (Site A) or Tunnel B (Site B). I hope this address your question. Thank you. 

L1 Bithead

Hello Vickynet,

 

Thanks for your reply. However, from zone showing site name not the tunnel name created for that site. My scenario is as below:

 

Site name: Site-A

Primary Tunnel Name: Site-A-1

Secondary Tunnel Name: Site-A-2

 

In logs, I can see 'Site-A' under Device Name as well as From Zone section not the tunnel name like Site-A-1 or Site-A-2.

 

Apert from above section is there any other option to check which tunnel actually handling the traffic?

 

L2 Linker

@Lalit-Sahu wrote:

In our Prisma Access Remote Network deployment, we have created 2 sites, each sites having two IPSec tunnels configured as Primary and Secondary. I wanted to verify the logs in Log viewer to identify the tunnel which is currently handling the traffic as I can see option to filter based on sites not tunnels 

 

Any suggestion would helpful.


Hello @Lalit-Sahu , thank you for clarifying your questions and for providing additional context. Unfortunately, as of today, I don't believe Prisma Access Remote Network has that capability. Prisma Access logs will only show the site name and note the specific tunnel name, so you can do filters and reports based on that. There is no other way to check for which tunnel is processing your traffic in particular. Although, Traffic volume per tunnel can be seen in Prisma Access Insights, but that will be an aggregate number  so no number on AppID, etc. If this is something you truly want, I think you discuss the possibility with your account team and to determine if they have something in pipeline for future capability.  I hope that helps to provide some clarity.

Thanks for the confirmation.

L2 Linker

You can find it in the traffic log of the on-prem firewall - outbound interface will be the tunnel to Prisma. 

  • 1 accepted solution
  • 1167 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!