Alibaba Cloud provides monitoring and auditing services — including NIS, CloudMonitor, and Cloud Config — that track VPN Gateway resource usage and performance in real time, collect metrics, and alert you to anomalies.
NIS
NIS is a self-service platform for designing, deploying, and maintaining websites. It provides statistics for network planning and troubleshooting.
VPN Gateway integrates with NIS to diagnose gateways and analyze traffic paths, helping maintain service availability.
Instance diagnostics
Diagnoses VPN gateway configurations and health status and provides troubleshooting solutions. For more information, see Diagnose a VPN gateway.
Reachability analyzer
If you use VPN gateways to connect networks, test connectivity between resources with the reachability analyzer. Work with the reachability analyzer.
Troubleshooting
The troubleshooting feature analyzes VPN gateways in invalid states and request errors, and alerts you to anomalies.
Alibaba Cloud resource healthiness updates
Track the health of your Alibaba Cloud resources on the Alibaba Cloud Resource Healthiness Updates page to handle exceptions promptly.
This page shows the health status of each service per region and provides RSS feeds for service exception notifications.

Basic monitoring
VPN Gateway integrates with CloudMonitor (free of charge). CloudMonitor monitors system events, collects metrics in real time, and supports alert rules so you can detect anomalies promptly.
System event monitoring
CloudMonitor automatically records service errors and O&M events. After you group resources into application groups, system events are associated with those groups, centralizing monitoring and simplifying troubleshooting.
CloudMonitor supports event alerting. Create alert rules by priority to receive notifications via emails, DingTalk messages, or callback URLs.
For more information about the VPN gateway system events supported by CloudMonitor and how to create alert rules for VPN gateway system events, see Monitor system events.
Metric monitoring
CloudMonitor automatically collects metrics for cloud resources in your account. You can view monitoring charts and create alert rules to receive notifications when anomalies occur.
VPN Gateway provides metrics for different resource types. For more information about metrics and alert rules, see:
References
-
Dashboards
Customize monitoring dashboards for specified metrics. For more information, see Monitoring charts on a custom dashboard.
-
Alert blacklists
Block notifications for specified metrics. For more information, see Manage blacklist policies.
By default, Alibaba Cloud accounts have full permissions on resources, and RAM users do not have permissions on CloudMonitor resources. To allow a RAM user to view monitoring data, grant the required permissions. For more information about CloudMonitor permissions, see Grant permissions to a RAM user.
Cloud resource configuration auditing
Cloud Config traces and audits resource configurations to ensure your infrastructure complies with regulations.
VPN Gateway integrates with Cloud Config (free of charge). Cloud Config supports a subset of Alibaba Cloud services. Check the Supported Cloud Services list for VPN Gateway coverage.
Cloud Config audits operations by your Alibaba Cloud account and its RAM users. Configuration changes are recorded every 10 minutes by default.
You can view operations performed on VPN gateways in the Cloud Config console. For more information, see View the resource list.
Cloud Config delivers configuration changes and compliance violations to Log Service Logstores for query and analysis, helping ensure regulatory compliance. For more information, see Configure data delivery to Simple Log Service.
VPN gateway logging
VPN Gateway logs IPsec-VPN and SSL-VPN connection establishment processes. Use this log data to troubleshoot connection errors.
IPsec-VPN logging
IPsec-VPN connection logs record IPsec negotiations, dead peer detection (DPD), and NAT traversal details.
-
Logging starts automatically when an IPsec-VPN connection is established. You can query logs from the last 180 days in 10-minute intervals. For more information, see IPsec-VPN connection logs.
-
Logging starts automatically when an IPsec server is deployed. You can query logs from the last month in 10-minute intervals. For more information, see View IPsec-VPN server logs.
For more information about how to troubleshoot errors based on IPsec-VPN logs, see Troubleshoot IPsec-VPN connection issues.
SSL-VPN logging
SSL-VPN connection logs record SSL negotiations and client connection details.
Logging starts automatically when an SSL server is deployed. You can query logs from the last 180 days in 10-minute intervals. Query the logs of an SSL server.
For more information about how to troubleshoot errors based on SSL-VPN logs, see Troubleshoot SSL-VPN connection issues.