Avatar of kiilaa
kiilaa
 asked on

Palo Alto site-to-site vpn monitoring

Hello all,

on A Palo Alto FW after executing "show vpn ike-sa gateway gateway_id" command I receive the output such as below
show vpn
Does the "Established" time suggest that the VPN was down and reestablished at 08:01:55 or does it only mean that rekeying of phase 1 happened at that time due to SA lifetime expiry?
Hardware Firewalls* Palo Alto NetworksVPNNetworking

Avatar of undefined
Last Comment
Dan Craciun

8/22/2022 - Mon
SOLUTION
Dan Craciun

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
kiilaa

ASKER
thanks for your comment. the SA lifetime is 24 hours indeed. A new key is also negotiated when a tunnel is established. from what I understand that output is not telling us the reason for rekey, is that correct?
ASKER CERTIFIED SOLUTION
Dan Craciun

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
kiilaa

ASKER
thanks Dan
Dan Craciun

You're welcome.

Glad I could help!
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck