Palo Alto Route Monitoring Troubleshooting Guide

1. CLI Commands for Route Monitoring

Use the following CLI commands to troubleshoot route monitoring issues:

Display Routing Table

show routing route

Display Specific Route

show routing fib virtual-router <name> | match <x.x.x.x/Y>

Show Path Monitoring Status

show routing path-monitor

Example Output:

flags: A:active, S:static, E:ecmp
VIRTUAL ROUTER: default (id 1)
=================================  ==========
destination                 nexthop              metric weight flags      interface     pathmonitor   status
192.168.16.0/24          172.16.130.96             10              S        ethernet1/1   Enabled(Any)  Down
|--> monitored-IP                              interval/count  state
     8.8.8.8                                         3/5      Failed

Debug Path Monitoring

debug routing path-monitor

Example Output:

ID: 0
Source Address: 172.16.130.165
Destination Address: 8.8.8.8
Next Hop Address: 172.16.130.96
Interface ID: 16
Ping Count: 5
Ping Interval: 3
Status: 0
TX packets: 19
Rx packets: 0

Check System Logs for Path Monitoring Events

less mp-log routed.log | match MON:

2. GUI Steps for Route Monitoring

To configure and monitor path monitoring via the GUI:

1. Navigate to Network > Virtual Routers and select the desired virtual router.
2. Click on the Static Routes tab and edit the route you wish to monitor.
3. In the Path Monitoring section, enable monitoring and specify the destination IP address to monitor.
4. Define the failure condition (e.g., any or all destinations unreachable) and set the preemptive hold time.
5. Commit the configuration changes.
6. To view the status, go to More Runtime Stats > Static Route Monitoring within the virtual router.

3. Additional Resources

• Configure Path Monitoring for a Static Route
• System logs report "Path monitoring failed for static route destination..." message
• CLI Cheat Sheet: Networking