Palo Alto Networks Knowledgebase: Monitoring VPN tunnel down events with SNMP

Monitoring VPN tunnel down events with SNMP

7495
Created On 02/08/19 00:05 AM - Last Updated 02/08/19 00:05 AM
VPNs
Symptom

Symptoms

Is there a way to generate SNMP traps or generate some type of notification if a VPN tunnel goes down?  

Diagnosis

A tunnel monitor was set up to monitor IPsec VPN Tunnels on the between PA device and want to generate an alert if the tunnel goes down. At this point in time PA devices do not support VPN tunnel monitoring events through SNMP MIB's.



Resolution

 As a workaround we can rely on Syslog server and the logs we send to it. 

Steps:

  1. Configure Tunnel Monitor feature on the firewall.
  2. Configure syslog server. 
  3. Configure Device > Log Setting > System to send logs to Syslog server. 
  4. When tunnel monitor fails firewall generates the following message in the system log: 
    Time Severity Subtype Object EventID ID Description
    ===============================================================================
    2015/11/15 13:24:34 low vpn <object name> tunnel- 0 Tunnel <tunnel name> is down  
  5. Syslog server receives "tunnel down" message 
  6. After IPSec tunnel is brought up tunnel interface also goes up and a new message "tunnel is UP" is generated in system logs 
  7. Newly generated log is sent to the Syslog server.

 

See also:

Dead Peer Detection and Tunnel Monitoring

How to Verify if IPSec Tunnel Monitoring is Working

How to Forward System Logs to Syslog Server



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClgnCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language