Define a Tunnel Monitoring Profile

Network Security

Define a Tunnel Monitoring Profile

Table of Contents

Define a Tunnel Monitoring Profile

Where Can I Use This?
What Do I Need?
  • PAN-OS
No license required
A tunnel monitoring profile allows you to verify connectivity between the VPN peers; you can configure the tunnel interface to ping a destination IP address at a specified interval and specify the action if the communication across the tunnel is broken.
  1. Select
    Network Profiles
    . A default tunnel monitoring profile is available for use.
  2. Click
    , and enter a
    for the profile.
  3. Select the
    to take if the destination IP address is unreachable.
    • Wait Recover
      —the firewall waits for the tunnel to recover. It continues to use the tunnel interface in routing decisions as if the tunnel were still active.
    • Fail Over
      —forces traffic to a back-up path if one is available. The firewall disables the tunnel interface, and thereby disables any routes in the routing table that use the interface.
    In either case, the firewall attempts to accelerate the recovery by negotiating new IPSec keys.
  4. Specify the
    Interval (sec)
    to trigger the specified action.
    • Threshold
      specifies the number of heartbeats to wait before taking the specified action (range is 2-100; default is 5).
    • Interval (sec)
      specifies the time (in seconds) between heartbeats (range is 2-10; default is 3).
  5. Attach the monitoring profile to the IPSec Tunnel configuration. See Enable Tunnel Monitoring.

Recommended For You