Checking the State of VPN Tunnel

LostBoY — Wed, 18 Jan 2023 11:12:56 GMT

Hello..

I am relatively new to Checkpoint S2S VPN Tunnels..recently i created a non vti VPN tunnel (R80.40 vsx limitation). I was wondering if there is a way to check if the tunnel is stablished and UP without asking the remote side.

I went to the Smartview Monitor and under "VPNs" and "Tunnels on Community" i can see the status of tunnel is showing UP and Green..does this mean that the tunnel is active ? or is there any other way to determine this at Checkpoint end.

Re: Checking the State of VPN Tunnel

Chris_Atkinson — Wed, 18 Jan 2023 12:03:32 GMT

You also have the "vpn tu" command on the Gateway CLI to show the SA info etc.

For more info see: sk33853

cpview also provides some VPN metrics that may be helpful.

Re: Checking the State of VPN Tunnel

_Val_ — Wed, 18 Jan 2023 15:05:42 GMT

In addition to what @Chris_Atkinson said, yes, if SmartView Monitor shows the tunnel UP, it means it is up 🙂

Re: Checking the State of VPN Tunnel

LostBoY — Wed, 18 Jan 2023 17:05:59 GMT

Thanks..this was helpful

Re: Checking the State of VPN Tunnel

CheckPointerXL — Fri, 20 Jan 2023 13:48:29 GMT

try this

echo;_vpn=1;if [[ -f /bin/enabled_blades ]];then if [[ `enabled_blades|tr 'A-Z' 'a-z'` != *'vpn'* ]];then _vpn=0;fi;elif [[ -f /opt/fw1/conf/active_blades.txt ]];then if [[ `grep VPN-S2S /opt/fw1/conf/active_blades.txt|awk '{print $NF}'` != '1' ]];then _vpn=0;fi;elif [[ -f /opt/fw1/conf/blades.json ]];then if [[ `jq '.data[]|select(.name=="VPN-S2S")|.enabled' /opt/fw1/conf/blades.json` != '1' ]];then _vpn=0;fi;fi;if [[ $_vpn == 1 ]];then _ha=0;if [[ `$CPDIR/bin/cpprod_util FwIsHighAvail` -eq '1' ]];then _ha=1;if [[ `cphaprob stat|grep $local$|tr 'A-Z' 'a-z'` == *'active'* ]];then _ha=0;fi;fi;if [[ $_ha == 0 ]];then if [[ -f /bin/timeout ]];then _stat=`timeout 5 stattest gettable 1.3.6.1.4.1.2620.1.9002.1 2 3 4 1 7 8 9 10 11`;else _stat=`stattest gettable 1.3.6.1.4.1.2620.1.9002.1 2 3 4 1 7 8 9 10 11`;fi;echo "$_stat"|tr ',' ' '|awk '{gsub("132","Initialized",$2)}1'|awk '{gsub("131","Down",$2)}1'|awk '{gsub("130","Phase_1",$2)}1'|awk '{gsub("129","Idle",$2)}1'|awk '{gsub("4","Destroyed",$2)}1'|awk '{gsub("3","UP",$2)}1'|awk '{gsub("0","Primary",$6)}1'|awk '{gsub("1","Backup",$6)}1'|awk '{gsub("2","On-demand",$6)}1'|awk '{gsub("0","?",$7)}1'|awk '{gsub("1","Alive",$7)}1'|awk '{gsub("2","!",$7)}1'|awk '{gsub("1","Regular",$8)}1'|awk '{gsub("2","DAIP",$8)}1'|awk '{gsub("3","ROBO",$8)}1'|awk '{gsub("4","LSV",$8)}1'|awk '{gsub("1","Regular",$9)}1'|awk '{gsub("2","Permanent",$9)}1'|sort|sed "s/^/$(hostname) <=> /"|sed '1 i\( , , , , , , , , , , )'|sed '1 i\FROM <=> TO STATE VPN_COMMUNITY PEER_IP SOURCE_IP LINK_PRIORITY PROB_STATE PEER_TYPE VPN_TYPE'|if [[ -f /bin/column ]];then column -t|sed "s/\bUP\b/\x1b[1;32m&\x1b[m/g;s/\bDown\b\|\bDestroyed\b/$\x1b[1;31m&\x1b[m/g;s/\bBackup\b\|\bAlive\b\|\bInitialized\b\|\bPhase_1\b/\x1b[1;36m&\x1b[m/g"|sed '/^(.*)$/ s/./=/g'|sed '$a+'|sed '2h;$x'|sed "s/^/ /";echo -e "\033[1;2m Reset VPN tunnel to peer : vpn tu del PEER_IP\n Show VPN tunnel details : vpn tu tlist -p PEER_IP\033[m";else cat|sed '/^(.*)$/ s/./=/g';fi;else echo -e "\033[1;31mNot an active HA member.\033[m";fi;else echo -e "\033[1;31mNot a VPN gateway.\033[m";fi;unset _vpn _ha _stat;echo

topic Re: Checking the State of VPN Tunnel in General Topics

Checking the State of VPN Tunnel

Re: Checking the State of VPN Tunnel

Re: Checking the State of VPN Tunnel

Re: Checking the State of VPN Tunnel

Re: Checking the State of VPN Tunnel