Monitoring policy-based VPNs

You can monitor the status of VPNs in the Home view. The overall status of the VPNs and the tunnels they contain is shown in the tree of monitored elements.

Logging for policy-based VPNs is separate for the tunnels and the traffic that uses the tunnels:
  • VPN negotiations are always logged (regardless of the logging options in Access rules) as informational messages.
  • More detailed logging is available when you activate IPsec diagnostic logging for the Firewall/ VPN engine for troubleshooting purposes.
  • The traffic using the VPN tunnels is logged according to the logging options in the rule that allows the traffic in or out of the VPN.
  • The Home view provides shortcuts to logs filtered for the specific policy-based VPN or VPN Gateway element referenced in the log event.
    • Right-click a policy-based VPN in the Status tree, then select Monitoring > Logs by VPN.
    • Right-click a VPN Gateway in the Status tree or connectivity diagram, then select Monitoring > Logs by VPN Gateway.
    • Right-click the connection between two VPN Gateways in the connectivity diagram, then select Monitoring > Logs by VPN Gateways to view logs of traffic between the two VPN Gateways.

Log pruning filters can delete some (or even all) of the generated messages.