I have a site to site vpn tunnel configured between an PA and Checkpoint FW. I control the PA side but no the Checkpoint side. The tunnel is showing up but traffic has stopped flowing across. I see were there were encaps and decaps at one time but the counters havent increased in for a few days. I have checked the IKE gateways, ProxyIDs, IPSec tunnel settings. Wondering what could make the traffic stop flowing.
top of page
All things Palo Alto Networks
Forum: Forum
bottom of page
The Palo side is fully route based, so check if your routing is still pointing to the tunnel interface, and verify if the proxyIDs match the expected source/destination It may not be necessary to have proxyIDs in place if the checkpoint has been set up for routing mode (not "community vpn"), also check if your IPsec SAs are present (>show vpn ipsec-sa tunnel <your tunnel> )