How to monitor the state of VPN Tunnels in Palo Alto Firewalls?
Article ID: 223852
Updated On:
Products
Issue/Introduction
We are trying to monitor the site to site vpn tunnels with Spectrum. We are configuring the vpn tunnels on the Palo Alto firewall. What is the best way to monitor the vpn tunnels if they go down?
Environment
Release : 10.4.x, 20.x, 21.x
Resolution
Actually there isn't much intelligence in terms of code for Palo Alto devices except for events support and few Oneclick views.
The solution seems to configure the device to send traps to spectrum.
We found the following trap to event mappings for VPN Tunnel/UP/Down traps on Palo Alto devices:
panVPNTunnelStatusUpTrap 1.3.6.1.4.1.25461.2.1.3.2.0.1746 0x065200da
panVPNTunnelStatusDownTrap 1.3.6.1.4.1.25461.2.1.3.2.0.1747 0x065200db
If this does not provide the data you need, please contact the Palo Alto support to get the right information.
Feedback
