VPN Tunnel Status Monitoring in GMS

VPN Tunnel Status Monitoring in GMS

GMS can monitor the status (up/down) of VPN tunnels configured on managed appliances. The status of the VPN tunnels on a managed unit can be see at Policies | VPN | Monitor (Manage | VPN | Monitor from GMS 8.4 and above):

The status of VPNs shown on this page is based on the status at the last time that GMS synchronized with the appliance. To get the current status, click the ‘Synchronize Tunnel Status Information’ option.

Real-time VPN Monitoring:

For real-time VPN Monitoring, the managed unit can be configured for SNMP, so GMS is notified as soon as the tunnel status changes. When this is done, GMS will reflect the current status of the VPN tunnel at Policies (Manage) | VPN | Monitor. GMS can then be configured to send an alert when the tunnel status changes.

To configure real-time VPN monitoring, follow these steps:

1. Enable SNMP on the managed appliance at System | SNMP (Manage | Appliance | SNMP from firmware version 6.5 and above):

1. 
   There is no need to specify an SNMP host, as GMS-managed units have a hidden host5 with the GMS host IP address.
2. 
   
3. On the managed appliance at Log | Settings, enable the ‘IPsec Tunnel Status Changed' category under Syslog column:

1. On the GMS gateway, if necessary, create a NAT Policy to forward SNMP traps to the GMS Agent:
   
2. On the GMS gateway, if necessary, create an Access Rule to allow SNMP traps on the appropriate interface:
   
3. When the GMS Agent receives an SNMP trap from the managed appliance about a change in VPN Tunnel Status, GMS will update the tunnel status immediately at Policies (Manage) | VPN | Monitor
4. To configure GMS to send an email alert when the VPN tunnel status changes, create an alert at Policies (Manage) | Events | Alert Settings:
   
5. If you’ve configured the alert to be emailed, verify the SMTP Server settings in GMS at Console | Management | Settings:
   
6. If you’ve configured the alert to be emailed to a GMS user, verify the email address for the user at Console | Management | Users:
   
7. When the VPN tunnel status changes, GMS will log the event in the UI log at Console | Log:
   
   GMS will also display the alert at Policies (Manage) | Events | Current Alerts:
   
   If GMS is configured to email the alert, the user will receive an alert when the VPN tunnel status changes.