This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
AntonMakarychev
Contributor
Contributor
‎2019-11-01 01:14 AM

Disable all VPN tunnels command R80.30 gw

Hello everyone,

 

I need a cli command for Check Point Gateway R80.30 to disable all VPN tunnels. I want to use it in my script to disable and enable them.

I found vpn drv on|off command, but in the latest take of R80.30, I think they changed it - Usage: vpn drv stat | reset

 

0 Kudos
5 Replies
_Val_
Admin
Admin
‎2019-11-01 01:26 AM

What is the purpose? Force tunnel re-negotiations?

0 Kudos
AntonMakarychev
Contributor
Contributor
‎2019-11-01 01:40 AM
In response to _Val_

No, the purpose is to disable them completely due to unforseen circumstrances. And to enable them back after the situation become normal.

0 Kudos
_Val_
Admin
Admin
‎2019-11-01 03:04 AM
In response to AntonMakarychev

vpn drp on|off is not availabe on R80.x due to infrastructure changes. The driver is being loaded during GW boot and cannot be unloaded. 

The best option would be to kick your GW in question out of VPN community or disable VPN on the GW object and reinstall policy. 

Still, what would be "unforeseen" circumstances in your case is a mystery to me. 

cezar_varlan1
Collaborator
‎2021-06-30 10:37 PM
In response to _Val_

Unforseen circumstances would be that the gateway persistently and incapabliy connects to VPN and then becomes unreacheable from the Management in order to change anything.  Even with iLO access you cannot disable VPN so you are stuck with diasbling the physical port... 

0 Kudos
Duane_Toler
Advisor
‎2021-07-01 08:08 AM
In response to cezar_varlan1

You could add a reject route for the VPN peer, perhaps:

route add -host <peer> reject

route del -host <peer> reject

 

You'll still need to kill the tunnel to be sure it's removed from SecureXL:

"vpn shell tunnels delete IKE all"

or: "vpn shell tunnels delete IKE peer <peer IP>" if you want per peer

 

You can get clever with "vpn shell tunnels show IKE all" and then your delete command.

 

 

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top