Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

One-liner to show VPN topology on gateways

Danny
Champion Champion
Champion

✔️ Works on all VPN gateway types
👉 Available as SmartConsole Extension

In expert mode run:


    if [[ `$CPDIR/bin/cpprod_util FwIsFirewallModule 2>/dev/null` != *'1'* ]];then echo;tput bold;tput setab 1;echo ' Not a firewall gateway! ';tput sgr0;echo;else if [[ `grep R80.40 /etc/cp-release|wc -l` != 0 ]];then echo;tput bold;tput setab 1;echo -n ' Info: VPN Domain for Gateway Communities are currently not displayed correctly by this tool! ';tput sgr0;echo;fi;fw tab 
...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.




(1)
6 Replies

Tsvika_Gilman
Contributor

Nice

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

HeikoAnkenbrand
Champion Champion
Champion

Nice:-)

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Paul_Gademsky
Employee
Employee

Very nice, only improvement would be to show the peer's name next to the IP (when there are a lot of peers, it simplifies things).

Thanks for generating this type of one liners.

Paul G.,

CCSM

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Danny
Champion Champion
Champion

Hi Paul,

the only place I found on gateways to match a VPN peer's IP address to the object name as configured in SmartConsole is $FWDIR/state/local/FW1/local.objects . Unluckily I haven't found a way yet to extract the object name of an IP as the file structure isn't documented.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Paul_Gademsky
Employee
Employee

Hi Danny, thanks for the reply.

What I'm looking for is basically the same info that shows up in vpn tu when you select option 1.

It shows "Peer 10.10.10.1, peerfwname SAS:

  IKE SA <......>

Don't need the IKE SA, but based on the knowledge that is shown there, it seems like it's ex-tractable somehow.

 

Thank you,

PG

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


fabioromano
Explorer

Very appreciated!

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos