cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

unable to monitor vpn traffic

I have a pc in my environment which uses a vpn to connect to a client site, my question is there a way to monitor traffic via checkpoint when the machine is connected  to the vpn, because i can only see in the logs when the connection is made to the vpn and the ip but after the connection is successful with the vpn i cant see any traffic going through even though user confirms that he is sending data. 

Thanks 

4 Replies
JozkoMrkvicka
Platinum

Re: unable to monitor vpn traffic

Are you using Office Mode or IP Pool NAT? Every user is getting unique IP from the pool and you need to search for this IP in the logs.

Kind regards,
Jozko Mrkvicka
0 Kudos
Vladimir
Pearl

Re: unable to monitor vpn traffic

Hmm... that the point of the VPN.

If a user on your premises establishes a VPN from his PC to a remote site, the tunnel is between his PC and the security device at the remote site.

You should not be able to see what is in that tunnel, as it defeats the whole point of securing it.

If, instead, you setup a VPN between your firewall and the remote site and allow your user access to the remote resources, you should be able to monitor the content of the traffic before it is encrypted by the Check Point.

0 Kudos

Re: unable to monitor vpn traffic

thanks for your reply i totally agree with you as user establishes a VPN from his PC to a remote site so the traffic is all encrypted but do you think i can install the certificates on the checkpoint and then its possible? 

Thanks 

0 Kudos
Highlighted
Vladimir
Pearl

Re: unable to monitor vpn traffic

You likely mean installing Check Point certificate on the client for HTTPS inspection, as there is no point in installing certificate on Check Point to achieve what you are trying to.

That's assuming that it is an SSL VPN and that no other controls are present in the application or on the server site to detect MITM SSL.

If it is a well designed solution, than my money is on this not being an option.

If it is an IPSEC vpn with client installed on the PC, it is a definite no go, short of running packet capture on the client itself.