>
    Define a Tunnel Monitoring Profile
    Focus
    Download PDF
    Focus
    1. Home
    2. PAN-OS
    3. VPNs
    4. Set Up Site-to-Site VPN
    5. Set Up Tunnel Monitoring
    6. Define a Tunnel Monitoring Profile
    Download PDF

    Define a Tunnel Monitoring Profile

    Table of Contents
    End-of-Life (EoL)

    Define a Tunnel Monitoring Profile

    A tunnel monitoring profile allows you to verify connectivity between the VPN peers; you can configure the tunnel interface to ping a destination IP address at a specified interval and specify the action if the communication across the tunnel is broken.
    1. Select NetworkNetwork ProfilesMonitor. A default tunnel monitoring profile is available for use.
    2. Click Add, and enter a Name for the profile.
    3. Select the Action to take if the destination IP address is unreachable.
      • Wait Recover—the firewall waits for the tunnel to recover. It continues to use the tunnel interface in routing decisions as if the tunnel were still active.
      • Fail Over—forces traffic to a back-up path if one is available. The firewall disables the tunnel interface, and thereby disables any routes in the routing table that use the interface.
      In either case, the firewall attempts to accelerate the recovery by negotiating new IPSec keys.
    4. Specify the Interval (sec) and Threshold to trigger the specified action.
      • Threshold specifies the number of heartbeats to wait before taking the specified action (range is 2-100; default is 5).
      • Interval (sec) specifies the time (in seconds) between heartbeats (range is 2-10; default is 3).
    5. Attach the monitoring profile to the IPsec Tunnel configuration. See Enable Tunnel Monitoring.

    © 2024 Palo Alto Networks, Inc. All rights reserved.