How to create IPSEC Tunnel Monitoring alerts for Prisma Access tunnels using Strata logging service

How to create IPSEC Tunnel Monitoring alerts for Prisma Access tunnels using Strata logging service

1603
Created On 04/18/25 03:25 AM - Last Modified 04/24/25 21:11 PM


Objective


  • As administrator needs to create alerts when the IPSEC tunnels in the Prisma Access infrastructure (Remote Networks or Service connections) goes down or comes up.
  • These are the tunnels which are between Prisma Access and customer side equipment (CPE)
  • The alerting requires the tunnel monitoring to be configured on the Prisma Access in the respective IPSEC tunnel configuration.
  • The existing alert functionality on the SASE insights has a threshold of 10 minutes for the tunnel to be down which might not meet the requirements of some organizations. 

Environment


  • Prisma Access
  • Strata Logging Service (Formerly Cortex Data Lake)

Procedure


  1. Login to Strata logging service using Hub
  2. Navigate to Log forwarding and select the type of Log forwarding method suitable to the organisation. (We will use Email as an example but the steps would be similar to other alert types as well).

Log forwarding email alert 

  1. Click on add a profile and fill in the details.

Email log forwarding profile 

  1. In the filter section, Click on Add and select log type as System.
  2. User the filter vendor_severity.value = 'Critical' AND sub_type.value = 'vpn' which will show all the logs within the selected timeframe for tunnel down or up alerts.

System logs showing critical alerts with subtype VPN 

  1. Save the filter and the log forwarding profile. Now, Any new logs matching the filter will be sent over. Further customisation in the filter can be done by using different filters.

  

 

 

Additional Information


  • These alerts logs are available in the system logs and can be viewed directly from Strata logging service as well.
  • Use this document to learn about different methods of log forwarding as needed. 
  • The same method can be used to create alerts for logs in Strata logging service for On prem Strata firewalls as well. 
  • The only requirement is that the logs should be stored in Strata logging service and the respective tunnels should have the tunnel monitoring configured for them to generate the logs.
  • Read more about Prisma Access tunnel monitoring behavior. 

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000XZIaKAO&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail