Checkpoint L2L inventory using CLI/API - automation

hichem — Thu, 28 Apr 2022 13:57:28 GMT

What is the best way to get the inventory of the L2L VPN on Checkpoint firewalls?

I used the CLI commands VPN TU TLIST & VPN TU LIST IKE on the gateways to get the output. With the help of ansible I end up with the following VPN Peer IP, VPN Name, Encryption method, Local hosts, remote hosts and Ike version. I believe I'm still missing the IKE phase1 and IKE phase2 encryption/integrity details. is there another CLI command that can provide that? in addition, I believe that the CLI command provide the list of active tunnels at the command execution time. If the interesting traffic is not crossing a specific tunnel, then we will miss that specific tunnel inventory. right?

I found also some documented APIs, I didn't try them yet. However, from the documentation it looks like we may end up with few information like VPN Name, encryption method, IKE phase 1 and IKE phase 2 encryption/integrity algorithm.

Now, I'm thinking to combine the output of the CLI and API to get the maximum information about the inventory.

Any suggestions is highly appreciated!

Re: Checkpoint L2L inventory using CLI/API - automation

Art_Zalenekas — Mon, 06 Jun 2022 16:54:30 GMT

You can get all the information through the API about S2S VPNs, Star or Mesh. You got it right. Good luck!

topic Re: Checkpoint L2L inventory using CLI/API - automation in API / CLI Discussion

Checkpoint L2L inventory using CLI/API - automation

Re: Checkpoint L2L inventory using CLI/API - automation