Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Scipion
Contributor

Disable all VPN tunnels command R80.30 gw

Hello everyone,

 

I need a cli command for Check Point Gateway R80.30 to disable all VPN tunnels. I want to use it in my script to disable and enable them.

I found vpn drv on|off command, but in the latest take of R80.30, I think they changed it - Usage: vpn drv stat | reset

 

0 Kudos
5 Replies
_Val_
Admin
Admin

What is the purpose? Force tunnel re-negotiations?

0 Kudos
Scipion
Contributor

No, the purpose is to disable them completely due to unforseen circumstrances. And to enable them back after the situation become normal.

0 Kudos
_Val_
Admin
Admin

vpn drp on|off is not availabe on R80.x due to infrastructure changes. The driver is being loaded during GW boot and cannot be unloaded. 

The best option would be to kick your GW in question out of VPN community or disable VPN on the GW object and reinstall policy. 

Still, what would be "unforeseen" circumstances in your case is a mystery to me. 

cezar_varlan1
Collaborator

Unforseen circumstances would be that the gateway persistently and incapabliy connects to VPN and then becomes unreacheable from the Management in order to change anything.  Even with iLO access you cannot disable VPN so you are stuck with diasbling the physical port... 

0 Kudos
Duane_Toler
Collaborator

You could add a reject route for the VPN peer, perhaps:

route add -host <peer> reject

route del -host <peer> reject

 

You'll still need to kill the tunnel to be sure it's removed from SecureXL:

"vpn shell tunnels delete IKE all"

or: "vpn shell tunnels delete IKE peer <peer IP>" if you want per peer

 

You can get clever with "vpn shell tunnels show IKE all" and then your delete command.

 

 

0 Kudos