Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 619

A security engineer received multiple reports of an IPSec VPN tunnel going down the night before. The engineer couldn't find any events related to VPN under system logs.
What is the likely cause?

Answer options

• A. Tunnel Inspection settings are misconfigured.
• B. The log quota for GTP and Tunnel needs to be adjusted.
• C. The Tunnel Monitor is not configured.
• D. Dead Peer Detection is not enabled.

Correct answer: C

Explanation

The correct answer is C because if the Tunnel Monitor is not set up, it won't be able to detect when the tunnel goes down, leading to no logs being generated. Option A is incorrect as misconfigured Tunnel Inspection settings would not necessarily explain the lack of logs. Options B and D do not address the absence of logs related to the tunnel status.