icon-unified.svg
Experience Center

Tunnel Insights Logs: Columns

You can customize your tunnel logs using the columns. To learn more about logs, see About Insights Logs.

Following are the tunnel columns you can select:

  • Authentication Algorithm: The authentication algorithm used for IPSec Phase 1 and Phase 2. The following states appear under this column:
    • HMAC-MD5
    • HMAC-SHA
    • HMAC-SHA-256
    • HMAC-SHA-384
    • HMAC-SHA-512
    • DES-MAC
    • KPDK
  • Authentication Type: The method IPSec peers use to authenticate each other. The following methods appear under this column:
    • PSK
    • DSS Signature
    • RSA Signature
    • RSA Encryption
    • RSA Rev
  • Cipher Protocol: The cipher protocol used by the tunnel (i.e., TLS or DTLS).
  • Cipher: The ciphers used for the control and data channel of the tunnel.
  • Cloud Connector Instance: The specific Zscaler software instance from which you want to view the tunnel logs.
  • Data Center: The data center associated with the tunnel.
  • Encryption Algorithm: The encryption algorithm used to encrypt handshakes (IPSec Phase 1) and data (IPSec Phase 2). The following algorithms appear under this column:
    • DES-IV64
    • DES
    • 3DES
    • RC5
    • IDEA
    • CAST
    • Blowfish
    • 3IDEA
    • DES-IV32
    • RC4
    • NULL
    • AES
    • Twofish
  • Event Time: The date and time the event occurred.
  • Extranet Name: The extranet name configured for your organization.
  • Event Reason: The reason that the status change occurred for a tunnel. The following reasons appear under this column:
    • Lifetime expired
    • PSK not found
    • PSK mismatch
    • Invalid proposal
    • DPD timeout
    • Timeout
    • Org excluded from DC
  • IKE Phase 2 SPI: The Security Parameter Index (SPI) for the IKE SA established in Phase 2.
  • Initiator Cookie: The initiator's cookie value used during the IPSec IKE Phase 1 message exchange.
  • IPSec Protocol: Protocols used in establishing the IPSec VPN tunnel.
    • None
    • AH
    • ESP
    • ISAKMP
    • IPComp
  • Keep-Alive Packets: The Keep-Alive packet ensures that the SSL VPN connection remains open even when the device is inactive.
  • Location: The location associated with the tunnel.
  • Life Bytes: The total number of life bytes that is transmitted over an IPSec SA before it expires.
  • Logged Time: The date and time the event was logged.
  • Log Type: The type of tunnel logs. The following types appear under this column:
    • Sample: Logs regarding data activity through the tunnel. Applies to both GRE and IPSec.
    • IPSec Phase 1: Logs containing details for IPSec Phase 1 negotiation. Applies to IPSec only.
    • IPSec Phase 2: Logs containing details for IPSec Phase 2 negotiation. Applies to IPSec only.
    • Tunnel Event: Logs indicating status changes or failure events. Applies to both GRE and IPSec.
  • Policy Direction: The direction in which the IPSec Phase 2 policies (allowed subnets/ports/protocols) are proposed. The following directions appear under this column:
    • Inbound: From the organization's IPSec gateway to Zscaler.
    • Outbound: From Zscaler to the organization's IPSec gateway.
  • P2 Policy Dest IP - Start: The start destination IP address specified in the IPSec Phase 2 policy proposal.
  • P2 Policy Dest IP - End: The end destination IP address specified in the IPSec Phase 2 policy proposal.
  • P2 Policy Src IP - Start: The start source IP address specified in the IPSec Phase 2 policy proposal.
  • P2 Policy Src IP - End: The end source IP address specified in the IPSec Phase 2 policy proposal.
  • P2 Policy Src Port - Start: The start source port number specified in the IPSec Phase 2 policy proposal.
  • P2 Policy Dest Port - End: The end destination port number specified in the IPSec Phase 2 policy proposal.
  • P2 Policy Protocol: The protocol specified in the IPSec Phase 2 policy proposal. The following protocols appear under this column:
    • Any
    • TCP
    • UDP
    • ICMP
  • Received Bytes: The total bytes of data Zscaler received through the tunnel from the organization in the one-minute sample interval.
  • Received Packets: The total number of packets Zscaler received through the tunnel from the organization in the one-minute sample interval.
  • Responder Cookie: The responder's cookie value used during the IPSec IKE Phase 1 message exchange.
  • Sent Bytes: The total bytes of data Zscaler sent through the tunnel to the organization in the one-minute sample interval.
  • Sent Packets: The total number of packets Zscaler sent through the tunnel to the organization in the one-minute sample interval.
  • Session ID: A cryptographically generated random number that is unique per tunnel.
  • Tunnel Destination IP: The VPN or GRE VIP that the tunnel is destined to.
  • Tunnel Destination Port: The destination port number of the tunnel.
  • Tunnel Lifetime: The time after an IKE expires for the IPSec VPN tunnel.
  • Tunnel Source IP: The source IP address from which the tunnel is initiated.
  • Tunnel Source Port: The port number from which the tunnel is initiated.
  • Tunnel Status: The status of the tunnel. The following states appear under this column:
    • IPSec tunnel is up
    • IPSec tunnel is down
    • IPSec tunnel is renegotiated
    • Phase 1 is down
    • Phase 2 is down
    • Error while establishing Phase 1
    • Error while establishing Phase 2
    • None

The tunnel status None indicates that there is no change to the status of the tunnel from the last known status. Any change in the status is indicated by the respective tunnel status value.

  • Tunnel Type: The type of networking tunnel. The following types appear under this column:
    • GRE
    • IPSec IKEv1
    • IPSec IKEv2
  • Vendor ID: The vendor associated with the tunnel. The following vendors appear under this column:
    • Cisco
    • Juniper
    • strongSwan
    • Shrew Soft
    • Aruba
    • Check Point
    • QuickSec
    • SonicWall
  • VPN Credential: The VPN credential associated with the IPSec VPN tunnel.
Related Articles
About Insights LogsAbout SaaS Security Insights LogsDNS Insights Logs: ColumnsDNS Insights Logs: FiltersFirewall Insights Logs: ColumnsFirewall Insights Logs: FiltersMobile Insights Logs: ColumnsMobile Insights Logs: FiltersTunnel Insights Logs: ColumnsTunnel Insights Logs: FiltersWeb Insights Logs: ColumnsWeb Insights Logs: FiltersEndpoint DLP Insights Logs: ColumnsEndpoint DLP Insights Logs: FiltersEmail DLP Insights Logs: ColumnsEmail DLP Insights Logs: FiltersExtranet Insights Logs: ColumnsExtranet Insights Logs: Filters