A security engineer received multiple reports of an IPSec VPN tunnel going down the night before. The engineer couldn't find any events related to VPN under system logs.
What is the likely cause?
A security engineer received multiple reports of an IPSec VPN tunnel going down the night before. The engineer couldn't find any events related to VPN under system logs.
What is the likely cause?
The likely cause of not finding any events related to the VPN under system logs could be that the log quota for GTP (GPRS Tunneling Protocol) and Tunnel needs to be adjusted. If the log quota is exhausted or not properly configured, new log entries, including those related to the VPN, may not be recorded, leading to the absence of relevant logs in the system.
You dont need tunnel monitor to get ipsec vpn info from system logs. The only way system logs is not catching vpn logs is that the fw is not logging.
Curious what would happen if "fw is not logging", but you configure "Tunnel monitor" on the ipsec interface, would that generate a System log?
This is a nasty question, and that's right. You don't need Tunnel Monitoring for generating logs on regard of Ipsec VPN on System Monitor. There might be no more quota in the firewall left .
of course logging automatically happen, that is why an alert message is received for vpn down, but the question is asking "reason for cause" in other words, what cause the vpn connectivity to go down?
Should be C
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/vpns/site-to-site-vpn-concepts/tunnel-monitoring
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/vpns/site-to-site-vpn-concepts/tunnel-monitoring
It looks like Tunnel Monitor generates system logs = C https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CloXCAS
C is correct
C Tunnel monitor would generate a line in the System log.