Thanks for the reply.

cpview is a great tool but not for this request. It shows more general stuff about tunnels. For example:

| Overview SysInfo Network CPU I/O Software-blades Hardware-Health Advanced |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Overview VPN SSL-Inspection IDA DLP Threat-Prevention Threat-Emulation Advanced Content-Awareness QoS URLF Application-Control |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Overview Detailed SecureXL |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| IKE errors: |
| |
| No response from peer 1 |
| Total initiator errors 523 |
| Total responder errors 2,159 |
| Proposal mismatch 6,457 |
| CRL validation 0 |
| Certificates errors 0 |
| Pre-shared key mismatch 0 |
| IKEv2 Narrowing 1,148 |
| No valid SA errors 2,548

Let me log into S1C portal for one of the customers we manage and will see what I can find there in sv monitor. Its R81.20, but Im sure its same as R81.10 options you get.

Andy

Not sure if below helps. I do see there are way more options for VPN monitoring in R82 lab I built.

Andy

https://community.checkpoint.com/t5/Management/Monitor-a-S2S-VPN-for-bandwidth-utilization/td-p/2195...

Thanks for reaching out.

Of course here the steps from Smartview Monitor. 

First I make sure all below options are enabled on the relevant VPN gateway. 

After that I move to the ''External application" -> Smarview Monitor 

In there I press File -> New -> Traffic view. If you pick in under Type, real-time you have more tabs visible like filter and settings.

If you select history instead if real-time many options disappear indicating that those options are not possible in history mode.

With the live view I simply can filter the relevant source IP that is inside the VPN tunnel and it will show me a good live overview.

The customer would like to have this view in history. 

Regarding SmartEvent, I have tried many ways also templates from Check Point to make an overview. I make sure accounting is enabled on the rule itself but I am not able to get the data into a report.

Thanks for any tips. 

Lesley

I assume we do not track this stuff historically speaking, which is why it's not shown as an option in the UI.
That is probably an RFE.

Thanks, let's for now forget about SmartView monitor. I think RFE for (a bit) legacy app is maybe no the correct way 🙂 

Hey Phoneboy,

I built R82 lab couple of weeks back, enabled mon. blade and all the options available, but I cant see anything extra to monitor for vpn tunnel compared to R81.20.

Andy

The enhanced monitoring shows in cpview...starting from R82.
You also have "network probe" objects which can be used for non-VPN purposes also.

Kk, got it, thank you. Will check in the lab tomorrow.

Andy

A screenshot will be highly appreciated or any insight regarding R82 and VPN monitoring.

Thank you 

Once I see what it looks like in the lab, will send it.

If I can find the option, happy to send a screenshot. @PhoneBoy , can you please advise where that advanced monitoring setting is? I cant seem to find it in my R82 lab from cpview options.

Andy

What's there is in Software Blades > VPN > Tunnel Monitoring (I believe).

I guess need to have my eyes checked lol

I see it now.

Andy

I have build R82 in lab and cpview does not show me any relevant info that I need. Like you stated nothing for bandwidth. Any tips how to proceed? Maybe open TAC case to get this data in SmartEvent view? There must be a way to get this info. 

Im curious what that gives, though I think I ran it while ago and it was pretty basic, but will check in the lab.

Andy

Great tip thanks!

It looks like this:

vpn tu tlist start

[FW]# vpn tu tlist state
Tunnel List volume statistics are on.

[FW]# vpn tu tlist -t -p 1.1.1.1
+-----------------------------------------+-----------------------+
| Peer: 1.1.1.1 | 😧 674.76 KB - 22.59% |
| Number of TSs: 1 | E: 0.99 MB - 99.72% |
+-----------------------------------------+-----------------------+

I will suggest this to customer. Maybe I will put it on a script that it will run this command every couple minutes and put the output in a file. 

To be honest, I have never used it. Not sure if the data seen in the output are reliable and can be used further.

Would be great if someone can validate it by sending/uploading some heavy files over VPN if it will reflect the reality 😉 

I used it before, it honestly does not give results anything close to what people would see on peer's side.

Andy

If you have R82 already in LAB, you can check new R82 option Advanced VPN Monitoring tool that shows information on each VPN Tunnel and tracks its health and performance. Maybe also info about encrypt/decrypt usage is there...

I may have to build a tunnel with Azure lab and test this properly, but will have a look at that setting in smart console Wednesday.

Andy

Will play around with this at some point, looks interesting.

Andy

In my lab it looks like to be working. It only does not match de Mbps value in cpview (11 Mbps). It clearly says around 150MB. Not sure if I misunderstand the cpview then. 

What is your version and JHF in your LAB ? Maybe some counters in cpview are not showing what you expect to see (non-accelerated, F2F packets vs templated traffic, ...).

PS: transferring fwk core dump is nice example how the things are working in LAB 😄 

It is a fresh R82, everything is default. Could indeed be secureXL related.

the FWK core dump I had to get from my desktop to get a big file 😁

That looks pretty good to me. Maybe values are bit off, but not sure if other side can confirm?