Monitor AWS VPC Tunnels using AWS Transit Gateway

Amazon Web Service (AWS) Transit Gateway acts as a cloud router connecting enterprise virtual private clouds (VPCs) to AWS VPCs through a central hub that allows for simplified peering relationships.

Cisco Defense Orchestrator (CDO) allows you to monitor the connection status of your onboarded AWS VPCs using AWS Transit Gateway.


You do not need to onboard Secure Firewall Cloud Native (SFCN) VPC in CDO to be monitored using AWS Transit Gateway.


Step 1

In the CDO menu bar, select VPN > Site-to-Site VPN.

Step 2

The VPN Tunnels page displays the connection status for all network tunnels managed by your CDO tenant. The connection status for the VPN tunnel can be active or idle.

Step 3

Select a VPC and under Actions click Check Connectivity to trigger a real-time connectivity check against the tunnel and identify whether the tunnel is currently active or idle. Unless you click the on-demand connectivity check link, a check across all tunnels, available across all onboarded devices, occurs every ten minutes.


CDO prompts a notification if a VPN tunnel’s connection goes down. However, there is no notification prompt if the link is back up.