Network Tunnel is "Inactive" On the Umbrella Dashboard

Overview

After adding your network tunnels, your tunnels appear on the Umbrella Dashboard as "inactive". 

Troubleshooting

Your network tunnels will only show as "active" if logging for the default Cloud-Delivered Firewall (CDFW)policy is enabled:

If logging is already enabled, run the following command on the router which the network tunnels are configured with:

show crypto ikev2 sa

Ensure that the source IP address is an internal IP address from the user's network as per RFC 1918. Check your configuration according to this guide: Network Tunnel Configuration. If the error continues, please create a ticket with the show crypto ikev2 sa command along with the CDFW logs to our Support Team for assistance.