06-03-2022 08:36 AM
I'm wondering if the Palo Alto firewall (PA3020) logs the ping traffic of a path monitoring setup, or if it can be configured to do so.
Let me explain why.
We have configured path monitoring on the default route through our primary ISP. During manual testing (unplug the ethernet cable) the failover to the secondary works just fine. However, we've seen a couple of recent events where connectivity went down for longer than the 2 minute wait time, but no failover happened.
The IP we are pinging is the default gateway of the ISP, so I'm pretty confident that whatever is breaking is happening further out on the ISP's network. But when management asks "Why didn't the connection fail over?" I'd like to be able to point at a log and say, "See here? The pings to the gateway went right on working. So the problem was outside our facility."
Any ideas?
