VPN dropping packets due to decryption errors-paloaltonetworks-panos

VPN dropping packets due to decryption errors-paloaltonetworks-panos
0

VPN dropping packets due to decryption errors-paloaltonetworks-panos

Vendor: paloaltonetworks

OS: panos

Description:
indeni tracks critical error metrics for VPN tunnels and alerts when these are increasing.

Remediation Steps:
Review the configurations on both sides of the tunnel.

How does this work?
This script uses the Palo Alto Networks API to retrieve the current status of the VPN tunnels (the equivalent of running “show vpn flow” in CLI). The script retrieves the decryption errors for each tunnel.

Why is this important?
VPN tunnels are one of the most critical features of a firewall. Tracking the health of the VPN tunnels, and specifically if there are any decryption errors, is a good indicator of whether a tunnel is working as planned.

Without Indeni how would you find this?
Decryption error information is only accessible through the CLI to an administrator.

panos-show-vpn-flow

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/parsers/src/panw/panos/show-vpn-flow.ind

palo_alto_vpn_decryption_errors

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.paloaltonetworks

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.CounterIncreaseTemplateRule
/**
  *
  */
case class palo_alto_vpn_decryption_errors() extends CounterIncreaseTemplateRule(
  ruleName = "palo_alto_vpn_decryption_errors",
  ruleFriendlyName = "Palo Alto Networks Firewalls: VPN dropping packets due to decryption errors",
  ruleDescription = "indeni tracks critical error metrics for VPN tunnels and alerts when these are increasing.",
  metricName = "vpn-tunnel-decryption-errors",
  applicableMetricTag = "peerip",
  alertDescription = "The VPNs listed below are experiencing packet decryption errors. This is probably due to a configuration issue.",
  alertRemediationSteps = "Review the configurations on both sides of the tunnel.",
  alertItemsHeader = "Affected VPN Tunnels"
)()