In the Umbrella Dashboard, there are two sections that report the cloud-delivered firewall tunnel state. This article explains the difference between the Active Network Tunnels widget and the Network Tunnel Status.
Network Tunnel Status reports on successful cloud-delivered firewall tunnel negotiation.
Active Network Tunnels widget reports on when cloud-delivered firewall data center has detected interesting traffic and the traffic has been logged.
Network Tunnel Status
In the Umbrella Dashboard->Deployments->Core Identities->Network Tunnels section, tunnels will report Active, when IKEv2 SAs have successfully negotiated. However, an active tunnel does not mean there is traffic traversing the cloud-delivered tunnel.
Active Network Tunnels
Upon logging into the Umbrella Dashboard, you will see Active Network Tunnels widget:
This widget defines an active network tunnel to match the following criteria:
1. There is interesting traffic traversing the cloud-delivered firewall tunnel
2. Logging has been enabled for default cloud-delivered firewall rule found in
Policies->Management->Firewall Policy section.