Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Created on ‎11-21-2008 03:15 AM

Alerts on Ipsec VPN tunnels down

We have many fortigates around our sites and they are connected by ipsec vpn tunnels. We sometimes find the ipsec vpn does tunnel down for some reason. I want to able to configure alerts on all my fortigates which will email me when any vpn tunnels go down. Can someone advice on how I can configure these alerts to get alerted on this specific issue.
11112
0 Kudos
5 REPLIES 5
abelio
SuperUser
SuperUser

Created on ‎11-21-2008 09:40 AM

You could configure alerts by " IPsec tunnel errors" (look Log&Reports->LogConfig->AlertEmail) It´s not exactly ' ipsec down' but when it try to regenerate you' ll receive some alerts. However, you also receive more alerts (i.e. a DPD error for instance) even if your tunnel is up.

regards




/ Abel

regards / Abel
7160
0 Kudos
TopJimmy
New Contributor

Created on ‎11-21-2008 12:55 PM

do you have an Analyzer? I just set up an Analyzer " Alert" to email a when the tunnel goes down or comes up. You could also just use a syslog server to do the same thing. Looks something like this:
====Alert==== From: flg(FLG800xxxxxxxxx) Trigger Name: CoLo Tunnel Down Log type: event log Alert Severity: High Triggered Threshold: More than 1 event occured in the last 0.5 hour. Source Device: Primary_FGT800[Hostname:fw.saf.local SN:FGT800xxxxxxxxx IP:xxxx.xxx.xxx.xxx] Last Raw Message: itime=1227297354 date=2008-11-21 time=12:55:54 devname=FGT800xxxxxxxxx device_id=FGT800xxxxxxxxx log_id=0101023012 type=event subtype=ipsec pri=notice vd=root loc_ip=xxxx.xxx.xxx.xxx loc_port=500 rem_ip=xxxx.xxx.xxx.xxx rem_port=500 out_if=" external" vpn_tunnel=" CoLoPH2" action=tunnel_down user=" N/A" group=" N/A" msg=" IPsec tunnel to xxxx.xxx.xxx.xxx:500 is down"
-TJ
-TJ
7160
0 Kudos
Not applicable
In response to TopJimmy

Created on ‎11-24-2008 02:15 AM

I have a fortianalyzer, I think this is what I need. I have 9 fortigates and I want to be alerted when any of the vpn tunnels go down. All fortigates are being logged to the fortianalyzer. Are you able to give me instructions on how I can do this.
7160
0 Kudos
TopJimmy
New Contributor

Created on ‎11-25-2008 11:15 AM

Below is a screenshot of the " alert" I built in the FAZ. I' m running MR7 Patch 2 on it. I removed the IP addresses and names from the screenshot, but you get the idea. 1.) Create new alert 2.) Give it a name (my example is: CoLo Tunnel Down) 3.) Select the fortigate you want to use (my example is for all fortigates) 4.) Select " Event Log" and " Notification" as your trigger. I just dug through my event log until I found an entry that the tunnel was down and cut the info out of the event log 5.) Under " Log Filters" select " Generic Text" and paste in the log entry from #4 above. My example says " IPsec Tunnel to <ip adress and port here> is down" 6.) select your " Threshold" . 1 event in 1/2 hour is the minimum so it triggers on any event that meets your tigger/filter from above. 7) set up the destination for your alert. mine are all whited out, but it' s pretty easy. Then test away. I was able to test this during production hours and it works great. Post back and let us know how it went for you. I also set up the same alert with the generic text that says " IPsec Tunnel to <ip adress and port here> is up" to alert me when it comes back up.
-TJ
-TJ
7160
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.