This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Scipion
Contributor
‎2019-11-01 01:14 AM

Disable all VPN tunnels command R80.30 gw

Hello everyone,

 

I need a cli command for Check Point Gateway R80.30 to disable all VPN tunnels. I want to use it in my script to disable and enable them.

I found vpn drv on|off command, but in the latest take of R80.30, I think they changed it - Usage: vpn drv stat | reset

 

0 Kudos
5 Replies
_Val_
Admin
Admin
‎2019-11-01 01:26 AM

What is the purpose? Force tunnel re-negotiations?

0 Kudos
Scipion
Contributor
‎2019-11-01 01:40 AM
In response to _Val_

No, the purpose is to disable them completely due to unforseen circumstrances. And to enable them back after the situation become normal.

0 Kudos
_Val_
Admin
Admin
‎2019-11-01 03:04 AM
In response to Scipion

vpn drp on|off is not availabe on R80.x due to infrastructure changes. The driver is being loaded during GW boot and cannot be unloaded. 

The best option would be to kick your GW in question out of VPN community or disable VPN on the GW object and reinstall policy. 

Still, what would be "unforeseen" circumstances in your case is a mystery to me. 

cezar_varlan1
Collaborator
‎2021-06-30 10:37 PM
In response to _Val_

Unforseen circumstances would be that the gateway persistently and incapabliy connects to VPN and then becomes unreacheable from the Management in order to change anything.  Even with iLO access you cannot disable VPN so you are stuck with diasbling the physical port... 

0 Kudos
Duane_Toler
Advisor
‎2021-07-01 08:08 AM
In response to cezar_varlan1

You could add a reject route for the VPN peer, perhaps:

route add -host <peer> reject

route del -host <peer> reject

 

You'll still need to kill the tunnel to be sure it's removed from SecureXL:

"vpn shell tunnels delete IKE all"

or: "vpn shell tunnels delete IKE peer <peer IP>" if you want per peer

 

You can get clever with "vpn shell tunnels show IKE all" and then your delete command.

 

 

0 Kudos
Labels