Create a Post
Showing results for 
Search instead for 
Did you mean: 

Checkpoint L2L inventory using CLI/API - automation

What is the best way to get the inventory of the L2L VPN on Checkpoint firewalls?

I used the CLI commands VPN TU TLIST & VPN TU LIST IKE on the gateways to get the output. With the help of ansible I end up with the following VPN Peer IP, VPN Name, Encryption method, Local hosts, remote hosts and Ike version. I believe I'm still missing the IKE phase1 and IKE phase2 encryption/integrity details. is there another CLI command that can provide that? in addition, I believe that the CLI command provide the list of active tunnels at the command execution time. If the interesting traffic is not crossing a specific tunnel, then we will miss that specific tunnel inventory. right?  


I found also some documented APIs, I didn't try them yet. However, from the documentation it looks like we may end up with few information like VPN Name, encryption method, IKE phase 1 and IKE phase 2 encryption/integrity algorithm.


Now, I'm thinking to combine the output of the CLI and API to get the maximum information about the inventory. 

Any suggestions is highly appreciated!


0 Kudos
1 Reply

You can get all the information through the API about S2S VPNs, Star or Mesh. You got it right. Good luck!

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events