VPN dropping packets due to authentication errors for Palo Alto Networks


Palo Alto Networks


Indeni tracks critical error metrics for VPN tunnels and alerts when these are increasing.

Remediation Steps

Review the configurations on both sides of the tunnel.

How does this work?

This script uses the Palo Alto Networks API to retrieve the current status of the VPN tunnels (the equivalent of running "show vpn flow" in CLI). The script retrieves the authentication errors for each tunnel.

Why is this important?

VPN tunnels are one of the most critical features of a firewall. Tracking the health of the VPN tunnels, and specifically if there are any authentication errors, is a good indicator of whether a tunnel is working as planned.

Without Indeni how would you find this?

Authentication error information is only accessible through the CLI to an administrator.

View Source Code