How to monitor the state of VPN Tunnels in Palo Alto Firewalls?

book

Article ID: 223852

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

We are trying to monitor the site to site vpn tunnels with Spectrum. We are configuring the vpn tunnels on the Palo Alto firewall. What is the best way to monitor the vpn tunnels if they go down? 

Environment

Release : 10.4.x, 20.x, 21.x

Resolution

Actually there isn't much intelligence in terms of code for Palo Alto devices except for events support and few Oneclick views.

So, basically, the solution seems to configure the device to send traps to spectrum.

We found the following trap to event mappings for VPN Tunnel/UP/Down traps on Palo Alto devices:

panVPNTunnelStatusUpTrap 1.3.6.1.4.1.25461.2.1.3.2.0.1746 0x065200da
panVPNTunnelStatusDownTrap 1.3.6.1.4.1.25461.2.1.3.2.0.1747 0x065200db

If this does not provide the data you need, please contact the Palo Alto support to get the right information.

Attachments