Tunnel Health Monitoring - IPSec


Our ZIA deployment is largely based on IPSEC VPN tunnels from Sonicwall firewalls. We periodically run into issues where the tunnel goes “stale” and stops passing traffic. The tunnel stays up so it doesn’t failover to our secondary VPN tunnel. Disabling and enabling the tunnel resolves the issue. We are looking for a way, preferably in a dashboard view that our helpdesk and NOC can verify that the tunnels between Zscaler and our individual nodes are up. VPN configuration on our side is shown below. Any advice on this our best practices for monitoring would be greatly appreciated.

You can have a look into Tunnel Insights into ZIA Dashboard.
Have you checked the following: https://help.zscaler.com/zia/ipsec-vpn-configuration-guide-sonicwall-tz-100 ?

Charles, we used a modified version of that documented setup (this doc is pretty old and based on an outdated Sonicwall model.)

Reading this document again though, “SonicWALL TZ 100 firewall doesn’t support VPN monitoring. It relies on DPD to fail over.” is probably true for our models.

We’ve looked at Tunnel Insights and it seems to be more useful just to see if traffic is passing at all rather than up/down health monitoring.