Monitoring policy-based VPNs

You can monitor the status of VPNs in the Dashboard view. The overall status of the VPNs and the tunnels they contain is shown in the tree of monitored elements.

Logging for policy-based VPNs is separate for the tunnels and the traffic that uses the tunnels:

VPNs negotiations are always logged (regardless of the logging options in Access rules) as informational messages.
More detailed logging is available when you activate IPsec diagnostic logging for the Engine/VPN for troubleshooting purposes.
The traffic using the VPNs tunnels is logged according to the logging options in the rule that allows the traffic in or out of the VPNs.
The Dashboard view provides shortcuts to logs filtered for the specific policy-based VPNs or VPNs Gateway element referenced in the log event.
- Right-click a policy-based SD-WAN in the Status tree, then select Monitoring > Logs by SD-WAN.
- Right-click a SD-WAN Gateway in the Status tree or connectivity diagram, then select Monitoring > Logs by SD-WAN Gateway.
- Right-click the connection between two SD-WAN Gateways in the connectivity diagram, then select Monitoring > Logs by SD-WAN Gateways to view logs of traffic between the two VPN Gateways.

Log pruning filters can delete some (or even all) of the generated messages.