[mrtg] Monitoring IPSec VPN tunnels on Palo Alto 200 firewall device

Yogesh Hasabnis yhasabnis at gmail.com
Thu Mar 14 07:40:19 CET 2013

Hi All,

We have a Palo Alto 200 firewall device in our WAN routing setup. Along
with the firewall features it provides, the device is also used to
establish two ipsec-based VPN tunnels (using two different WAN links) to
our HQ office located at a remote location. I have limited access to this
device and all I know about it is it's SNMP read-only community string and
it's IP address. I also know that the interface names for the two tunnels
are tunnel.1 and tunnel.4 and the IP addresses used for the tunnel
interfaces are 10.<a.b>.2 and 10.<c.d>.2 respectively. When I try to create
a cfg file using the
 "/usr/bin/cfgmaker --output=/etc/mrtg/paloalto.cfg --global 'workdir:
/var/www/mrtg' -ifref=eth --global 'options[_]: growright,bits'
--snmp-options=:::::2 <comm_string>@<device_ip> " command on my MRTG host,
the cfg file I get doesn't list out any of the tunnel interfaces.

I also tried using a few other "--ifref=" options mentioned in the cfgmaker
man-page but neither of those options seems to work. I would be thankful if
I get some pointers/suggestions about how I can configure MRTG to monitor
the tunnel interfaces.

Thanks in advance,
Yogesh Hasabnis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.oetiker.ch/pipermail/mrtg/attachments/20130314/2bcbe095/attachment.htm 

More information about the mrtg mailing list