VPN dropping packets due to decryption errors-paloaltonetworks-panos
indeni tracks critical error metrics for VPN tunnels and alerts when these are increasing.
Review the configurations on both sides of the tunnel.
How does this work?
This script uses the Palo Alto Networks API to retrieve the current status of the VPN tunnels (the equivalent of running “show vpn flow” in CLI). The script retrieves the decryption errors for each tunnel.
Why is this important?
VPN tunnels are one of the most critical features of a firewall. Tracking the health of the VPN tunnels, and specifically if there are any decryption errors, is a good indicator of whether a tunnel is working as planned.
Without Indeni how would you find this?
Decryption error information is only accessible through the CLI to an administrator.
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/parsers/src/panw/panos/show-vpn-flow.ind
// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead. package com.indeni.server.rules.library.templatebased.paloaltonetworks import com.indeni.server.rules.RuleContext import com.indeni.server.rules.library.templates.CounterIncreaseTemplateRule /** * */ case class palo_alto_vpn_decryption_errors() extends CounterIncreaseTemplateRule( ruleName = "palo_alto_vpn_decryption_errors", ruleFriendlyName = "Palo Alto Networks Firewalls: VPN dropping packets due to decryption errors", ruleDescription = "indeni tracks critical error metrics for VPN tunnels and alerts when these are increasing.", metricName = "vpn-tunnel-decryption-errors", applicableMetricTag = "peerip", alertDescription = "The VPNs listed below are experiencing packet decryption errors. This is probably due to a configuration issue.", alertRemediationSteps = "Review the configurations on both sides of the tunnel.", alertItemsHeader = "Affected VPN Tunnels" )()