VPN Keep-Alives
Table of Contents
Expand all | Collapse all
-
-
- Configure Circuits
- Configure Circuit Categories
- Configure Device Initiated Connections for Circuits
- Add Public IP LAN Address to Enterprise Prefixes
- Add a Branch
- Add a Data Center
- Manage Data Center Clusters
- Configure a Site Prefix
- Configure a DHCP Server
- Configure NTP for Prisma SD-WAN
- Enable IoT Device Visibility in Prisma SD-WAN
- Configure the ION Device at a Branch Site
- Configure the ION Device at a Data Center
- Switch a Site to Control Mode
- Allow IP Addresses in Firewall Configuration
-
- Configure a Controller Port
- Configure Internet Ports
- Configure WAN/LAN Ports
- Configure a Sub-Interface
- Configure a Loopback Interface
- Configure a PPPoE Interface
- Configure a Layer 3 LAN Interface
- Configure Application Reachability Probes
- Configure a Secondary IP Address
- Configure a Static ARP
- Configure a DHCP Relay
- Configure IP Directed Broadcast
-
-
- Configure IPFIX
- Configure IPFIX Profiles
- Configure IPFIX Templates
- Configure Collector Contexts
- Configure Filter Contexts
- Configure Global IPFIX Prefixes
- Configure Local IPFIX Prefixes
- Attach an IPFIX Profile to an ION Device
- Attach a Collector Context to a Device Interface
- Attach a Filter Context to a Device Interface
- Configure High Availability (HA) for IPFIX
- Flow Information Elements
- Options Information Elements
- Configure SNMP
-
-
-
- Prisma SD-WAN Branch Routing
- Prisma SD-WAN Data Center Routing
-
- Configure Multicast
- Create a WAN Multicast Configuration Profile
- Assign WAN Multicast Configuration Profiles to Branch Sites
- Configure a Multicast Source at a Branch Site
- Configure Global Multicast Parameters
- Configure a Multicast Static Rendezvous Point (RP)
- Learn Rendezvous Points (RPs) Dynamically
- View LAN Statistics for Multicast
- View WAN Statistics for Multicast
- View IGMP Membership
- View the Multicast Route Table
- View Multicast Flow Statistics
- Prisma SD-WAN Incident Policies
-
- Prisma SD-WAN Branch HA Key Concepts
- Configure Branch HA
- Configure HA Groups
- Add ION Devices to HA Groups
- View Device Configuration of HA Groups
- Edit HA Groups and Group Membership
-
- Configure Branch HA with Gen-1 Platforms (2000, 3000, 7000, and 9000)
- Configure Branch HA with Gen-2 Platforms (3200, 5200, and 9200)
- Configure Branch HA with Gen-2 Embedded Switch Platforms (1200-S or 3200-L2)
- Configure Branch HA for Devices with Software Cellular Bypass (1200-S-C-5G)
- Configure Branch HA for Platforms without Bypass Pairs
-
-
- Native SASE Integration with Prisma SD-WAN
- Connect a Single Prisma SD-WAN Site to Prisma Access
- Connect Multiple Prisma SD-WAN Sites to Prisma Access
- Edit Application Policy Network Rules
- Understand Service and Data Center Groups
- Verify Standard VPN Endpoints
- Configure Standard Groups
- Assign Domains to Sites
- Prisma SD-WAN Incidents and Alerts
VPN Keep-Alives
Let us learn about the VPN Keep-Alives.
VPN keep-alive packets determine whether
a given path is reachable for an ION device. VPN keep-alive packets
are sent at a fixed interval on a VPN link. The VPN link is declared
down, if the peer is unreachable after a certain number of attempts
and a certain period of time.
The location of the ION device in a network topology plays an
important role in configuring VPN keep-alives. For example, you need
to configure a higher value of the keep-alive Interval between two
ION devices behind routers as compared to the keep-alive Interval
between two ION devices not behind routers.
VPN keep-alives are configured at the following levels:
The order of precedence for VPN keep-alives is as follows:
- VPN keep-alives configured at the secure fabric link level have the highest priority.
- If VPN keep-alives are not configured at the secure fabric link level, then VPN keep-alives configured at the circuits level take effect.
- If VPN keep-alives are not configured at both secure fabric link level and circuits level, then VPN keep-alives configured at the circuit categories level take effect.
If there is a mismatch in configuration between two VPN endpoints,
then:
- The keep-alive configuration with the larger keep-alive interval takes effect.
- If keep-alive intervals are the same, then the configuration with the higher keep-alive failure count takes effect.