VPN tunnel(s) down for Palo Alto Networks


Palo Alto Networks


Indeni will alert if one or more VPN tunnels is down.

Remediation Steps

Review the cause for the tunnels being down.
Review How to Troubleshoot IPSec VPN connectivity issues

How does this work?

This script uses the Palo Alto Networks API to retrieve the current status of the VPN tunnels (the equivalent of running "show vpn flow" in CLI). The script differentiates between alerts that are not "always on" (don't have a monitor set) and those that should be.

Why is this important?

VPN tunnels are one of the most critical features of a firewall. Many VPN tunnels are temporary, and may go up and down regularly, while some must be up at all times. Those that must remain up are usually set with a monitor to track their status. Knowing if a tunnel that should be up is down is critical for a quick response to service disruption.

Without Indeni how would you find this?

The VPN tunnel state is visible through the web interface. Normally, an administrator would access it after a service outage is reported.

View Source Code