Why does the system log show Informative or Critical event when IpSec Tunnel is UP?
12219
Created On 12/20/19 20:11 PM - Last Modified 01/03/20 22:42 PM
Question
Why does the system log some times show severity as either Informative or Critical in a Tunnel-UP event with IpSec VPN?
Environment
- PAN 7.1.14
- PA-7050. Same result may apply to other platforms
Answer
SEVERITY: INFORMATIVE
The tunnel-up event is logged with Informational severity the first time that the tunnel comes up (after configuration or after the local gateway comes up).
The tunnel-up event is logged with Informational severity the first time that the tunnel comes up (after configuration or after the local gateway comes up).
This is an example of when a tunnel comes up after initial configuration.
Another way where tunnel-up event may be logged as informative is when there is a configuration in the local tunnel.
For example, a change on the monitor behavior, such as a change from fail-over to wait-recover or vice versa.
The monitor profile is called default
Network > Monitor
The monitor profile can be added in the IPsec tunnel
Network > IpSec Tunnels >
The following image is the tunnel-up event after changing the monitor profile behaviors.
SEVERITY: CRITICAL
If the tunnel is up, then goes down because of tunnel monitoring, and then comes up again, then the tunnel-up event will be logged with Critical severity.
As long as the tunnel goes down due to tunnel monitoring and then comes up again, the message should be Critical severity, regardless of the amount of time the tunnel is up or down.
As long as the tunnel goes down due to tunnel monitoring and then comes up again, the message should be Critical severity, regardless of the amount of time the tunnel is up or down.