- Products
- Learn
- Local User Groups
- Partners
- More
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Ask Check Point Threat Intelligence Anything!
October 28th, 9am ET / 3pm CET
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
Hi everyone,
I am trying to get data usage from a site to site VPN tunnel into an overview. (how much mbit is the tunnel using)
This could be SmartEvent or SmartView Monitor.
The tunnel is from Check Point towards another vendor firewall.
I have played with SmartView Monitor and there we only can get the live data. There is a history option that you can set under the gateway object but this is limited. Only live data is not sufficient for this case.
Also tried to make many Smart Event reports but it does not show data. (for example: https://community.checkpoint.com/t5/SmartEvent/Enhanced-VPN-Dashboard/m-p/100235#M6)
On the VPN rule we made sure accounting is enabled on the logging.
I am out of ideas. Customer is running R81.10
You guys have any idea?
I know someone mentioned cpview for this in the past, but dont believe that gives any vpn info.
Andy
Thanks for the reply.
cpview is a great tool but not for this request. It shows more general stuff about tunnels. For example:
| Overview SysInfo Network CPU I/O Software-blades Hardware-Health Advanced |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Overview VPN SSL-Inspection IDA DLP Threat-Prevention Threat-Emulation Advanced Content-Awareness QoS URLF Application-Control |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Overview Detailed SecureXL |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| IKE errors: |
| |
| No response from peer 1 |
| Total initiator errors 523 |
| Total responder errors 2,159 |
| Proposal mismatch 6,457 |
| CRL validation 0 |
| Certificates errors 0 |
| Pre-shared key mismatch 0 |
| IKEv2 Narrowing 1,148 |
| No valid SA errors 2,548
Let me log into S1C portal for one of the customers we manage and will see what I can find there in sv monitor. Its R81.20, but Im sure its same as R81.10 options you get.
Andy
Not sure if below helps. I do see there are way more options for VPN monitoring in R82 lab I built.
Andy
When you say the history options are "limited" can you elaborate?
I would think if you log the various rules where VPN is relevant (either with accounting or detailed/extended logs) that you could aggregate that in SmartEvent.
I also know there is better VPN monitoring in R82, but nothing specific to your request (bandwidth used).
Thanks for reaching out.
Of course here the steps from Smartview Monitor.
First I make sure all below options are enabled on the relevant VPN gateway.
After that I move to the ''External application" -> Smarview Monitor
In there I press File -> New -> Traffic view. If you pick in under Type, real-time you have more tabs visible like filter and settings.
If you select history instead if real-time many options disappear indicating that those options are not possible in history mode.
With the live view I simply can filter the relevant source IP that is inside the VPN tunnel and it will show me a good live overview.
The customer would like to have this view in history.
Regarding SmartEvent, I have tried many ways also templates from Check Point to make an overview. I make sure accounting is enabled on the rule itself but I am not able to get the data into a report.
Thanks for any tips.
Lesley
I assume we do not track this stuff historically speaking, which is why it's not shown as an option in the UI.
That is probably an RFE.
Thanks, let's for now forget about SmartView monitor. I think RFE for (a bit) legacy app is maybe no the correct way 🙂
Hey Phoneboy,
I built R82 lab couple of weeks back, enabled mon. blade and all the options available, but I cant see anything extra to monitor for vpn tunnel compared to R81.20.
Andy
The enhanced monitoring shows in cpview...starting from R82.
You also have "network probe" objects which can be used for non-VPN purposes also.
Kk, got it, thank you. Will check in the lab tomorrow.
Andy
A screenshot will be highly appreciated or any insight regarding R82 and VPN monitoring.
Thank you
Once I see what it looks like in the lab, will send it.
If I can find the option, happy to send a screenshot. @PhoneBoy , can you please advise where that advanced monitoring setting is? I cant seem to find it in my R82 lab from cpview options.
Andy
What's there is in Software Blades > VPN > Tunnel Monitoring (I believe).
I guess need to have my eyes checked lol
I see it now.
Andy
I have build R82 in lab and cpview does not show me any relevant info that I need. Like you stated nothing for bandwidth. Any tips how to proceed? Maybe open TAC case to get this data in SmartEvent view? There must be a way to get this info.
there was some CLI command which gives you all inbound and outbound VPN traffic stats. It had to be enabled first and only after that you were able to see stats. It was also mentioned by TAC that enabling it may cause performance issues.
It was back while running R80.30, but will search some docu to find that fancy command 🙂
EDIT: It is "vpn tu tlist state" once enabled (vpn tu tlist start).
Im curious what that gives, though I think I ran it while ago and it was pretty basic, but will check in the lab.
Andy
Great tip thanks!
It looks like this:
vpn tu tlist start
[FW]# vpn tu tlist state
Tunnel List volume statistics are on.
[FW]# vpn tu tlist -t -p 1.1.1.1
+-----------------------------------------+-----------------------+
| Peer: 1.1.1.1 | 😧 674.76 KB - 22.59% |
| Number of TSs: 1 | E: 0.99 MB - 99.72% |
+-----------------------------------------+-----------------------+
I will suggest this to customer. Maybe I will put it on a script that it will run this command every couple minutes and put the output in a file.
To be honest, I have never used it. Not sure if the data seen in the output are reliable and can be used further.
Would be great if someone can validate it by sending/uploading some heavy files over VPN if it will reflect the reality 😉
I used it before, it honestly does not give results anything close to what people would see on peer's side.
Andy
If you have R82 already in LAB, you can check new R82 option Advanced VPN Monitoring tool that shows information on each VPN Tunnel and tracks its health and performance. Maybe also info about encrypt/decrypt usage is there...
I may have to build a tunnel with Azure lab and test this properly, but will have a look at that setting in smart console Wednesday.
Andy
Will play around with this at some point, looks interesting.
Andy
In my lab it looks like to be working. It only does not match de Mbps value in cpview (11 Mbps). It clearly says around 150MB. Not sure if I misunderstand the cpview then.
What is your version and JHF in your LAB ? Maybe some counters in cpview are not showing what you expect to see (non-accelerated, F2F packets vs templated traffic, ...).
PS: transferring fwk core dump is nice example how the things are working in LAB 😄
It is a fresh R82, everything is default. Could indeed be secureXL related.
the FWK core dump I had to get from my desktop to get a big file 😁
That looks pretty good to me. Maybe values are bit off, but not sure if other side can confirm?
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
20 | |
18 | |
18 | |
11 | |
11 | |
7 | |
7 | |
7 | |
6 | |
5 |
Tue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionTue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionThu 30 Oct 2025 @ 03:00 PM (CET)
Cloud Security Under Siege: Critical Insights from the 2025 Security Landscape - EMEAThu 30 Oct 2025 @ 02:00 PM (EDT)
Cloud Security Under Siege: Critical Insights from the 2025 Security Landscape - AMERAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY