- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
09-03-2024 02:34 AM
In our Prisma Access Remote Network deployment, we have created 2 sites, each sites having two IPSec tunnels configured as Primary and Secondary. I wanted to verify the logs in Log viewer to identify the tunnel which is currently handling the traffic as I can see option to filter based on sites not tunnels
Any suggestion would helpful.
09-22-2024 10:35 PM
@Lalit-Sahu wrote:
In our Prisma Access Remote Network deployment, we have created 2 sites, each sites having two IPSec tunnels configured as Primary and Secondary. I wanted to verify the logs in Log viewer to identify the tunnel which is currently handling the traffic as I can see option to filter based on sites not tunnels
Any suggestion would helpful.
Hello @Lalit-Sahu , thank you for clarifying your questions and for providing additional context. Unfortunately, as of today, I don't believe Prisma Access Remote Network has that capability. Prisma Access logs will only show the site name and note the specific tunnel name, so you can do filters and reports based on that. There is no other way to check for which tunnel is processing your traffic in particular. Although, Traffic volume per tunnel can be seen in Prisma Access Insights, but that will be an aggregate number so no number on AppID, etc. If this is something you truly want, I think you discuss the possibility with your account team and to determine if they have something in pipeline for future capability. I hope that helps to provide some clarity.
09-09-2024 04:07 PM
@Lalit-Sahu wrote:
In our Prisma Access Remote Network deployment, we have created 2 sites, each sites having two IPSec tunnels configured as Primary and Secondary. I wanted to verify the logs in Log viewer to identify the tunnel which is currently handling the traffic as I can see option to filter based on sites not tunnels
Any suggestion would helpful.
Hello @Lalit-Sahu ,
I understand you are looking for a way to verify which logs belong to which tunnel so you can determine which of the tunnels you created is currently handling your traffic. The best way to differentiate traffic hitting tunnel A from tunnel B is by focusing on the "From Zone" of the Firewall/Traffic logs. The "From Zone" will explicitly reference the tunnel name of the site location. So, for a good example, if traffic from client > Server is processed by Site A and you named the remote branch tunnel "Site A", on the Firewall/Traffic logs, you will see the "From Zone" as "Site A". This is an easy way to determine if traffic is processed either by Tunnel A (Site A) or Tunnel B (Site B). I hope this address your question. Thank you.
09-10-2024 01:27 AM
Hello Vickynet,
Thanks for your reply. However, from zone showing site name not the tunnel name created for that site. My scenario is as below:
Site name: Site-A
Primary Tunnel Name: Site-A-1
Secondary Tunnel Name: Site-A-2
In logs, I can see 'Site-A' under Device Name as well as From Zone section not the tunnel name like Site-A-1 or Site-A-2.
Apert from above section is there any other option to check which tunnel actually handling the traffic?
09-22-2024 10:35 PM
@Lalit-Sahu wrote:
In our Prisma Access Remote Network deployment, we have created 2 sites, each sites having two IPSec tunnels configured as Primary and Secondary. I wanted to verify the logs in Log viewer to identify the tunnel which is currently handling the traffic as I can see option to filter based on sites not tunnels
Any suggestion would helpful.
Hello @Lalit-Sahu , thank you for clarifying your questions and for providing additional context. Unfortunately, as of today, I don't believe Prisma Access Remote Network has that capability. Prisma Access logs will only show the site name and note the specific tunnel name, so you can do filters and reports based on that. There is no other way to check for which tunnel is processing your traffic in particular. Although, Traffic volume per tunnel can be seen in Prisma Access Insights, but that will be an aggregate number so no number on AppID, etc. If this is something you truly want, I think you discuss the possibility with your account team and to determine if they have something in pipeline for future capability. I hope that helps to provide some clarity.
09-23-2024 01:42 AM
Thanks for the confirmation.
10-17-2024 09:44 AM
You can find it in the traffic log of the on-prem firewall - outbound interface will be the tunnel to Prisma.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!