Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC Monitoring - Tunnel Down Notifications

    Scheduled Pinned Locked Moved IPsec
    4 Posts 2 Posters 134 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Matt_Sharpe
      last edited by

      Hello All,

      We are wanting to add some monitoring/notifications so we know if an IPSEC tunnel goes down/disconnects.

      We have this set to SYSLOG and we can only really differentiate when a tunnel establishes. Are there any known methods to get this setup to notify?

      Or maybe a package that is built for this?

      M 1 Reply Last reply Reply Quote 0
      • M
        michmoor LAYER 8 Rebel Alliance @Matt_Sharpe
        last edited by

        @Matt_Sharpe do you own both sides of the tunnel? If so, snmp monitor the other site. No ping then tunnel down. Any snmp poller will do this

        Firewall: NetGate,Palo Alto-VM,Juniper SRX
        Routing: Juniper, Arista, Cisco
        Switching: Juniper, Arista, Cisco
        Wireless: Unifi, Aruba IAP
        JNCIP,CCNP Enterprise

        M 1 Reply Last reply Reply Quote 0
        • M
          Matt_Sharpe @michmoor
          last edited by

          @michmoor We only have access to the target side of the tunnel for this specific instance. No control on the other side of the tunnel...

          Any other ideas?

          M 1 Reply Last reply Reply Quote 0
          • M
            michmoor LAYER 8 Rebel Alliance @Matt_Sharpe
            last edited by

            @Matt_Sharpe

            Two other options that come to mind

            1. Alert on syslog. So if using a syslog server such as Graylog, you can have it alert you by sending an email when it sees entries for the tunnel going down.

            2. Modify the scripts here - although meant for Zabbix i can see it easily being customizable for any monitoring tool

            Firewall: NetGate,Palo Alto-VM,Juniper SRX
            Routing: Juniper, Arista, Cisco
            Switching: Juniper, Arista, Cisco
            Wireless: Unifi, Aruba IAP
            JNCIP,CCNP Enterprise

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.