cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
mr_andy
Ivory

R80.10/R80.20 not displaying correct number of remote access tunnels

Can anyone help with a strange problem we are experiencing. 

Smartview Monitor has started mis-reporting the number of remote user tunnels.   

vpn_ra-peers.png

the actual number of connected users is only 12,  but cluster member A is saying 383,  and cluster member B is showing 208  ?    if the gateways are restarted or cpstop/cpstart the number changes again.

it is definitely a gateway issue and not a management/smartconsole issue.    on each gateway if I run the following command -   cpstat -f all vpn    and check the value of  'IPsec number of VPN-1 RA peers" I get the same result shown above, e.g.   383 on the A member.

if I run the following command:

fw tab -t userc_users -s

this shows the correct number of connected remote access users under the #VALS column.

anyone seen this before and know of a fix ?   looks like we need to reset the count somewhere.

We have seen this behaviour on two of our clustered gateways and first occurred after upgrade from R77.30.    One pair of clusters is running R80.10 with JHFA 189,  the other is  R80.20 with JHFA 33  and both are exhibiting the same issue.

0 Kudos
5 Replies
Admin
Admin

Re: R80.10/R80.20 not displaying correct number of remote access tunnels

Best to engage the TAC here.
0 Kudos

Re: R80.10/R80.20 not displaying correct number of remote access tunnels

Did you get to the bottom of this? We see the same problem on R80.30 Take 50

0 Kudos
mr_andy
Ivory

Re: R80.10/R80.20 not displaying correct number of remote access tunnels

Hello

we tried the latest Jumbo Take 225 for R80.10 but this did not resolve the issue.

we have an open SR with Check Point on this problem, the latest update is that they have reproduced the issue and are currently working on a fix.     

 

0 Kudos
mr_andy
Ivory

Re: R80.10/R80.20 not displaying correct number of remote access tunnels

if you can I would suggest engaging with TAC as well,  as it looks as though this is affecting more than one customer.

0 Kudos

Re: R80.10/R80.20 not displaying correct number of remote access tunnels

Hi,

 

I have a TAC case currently logged for this exact issue. working fine under R77.30 but afterR80.20 upgrade it does this.

 

TAC have managed to replicate in a lab and are currently working on a fix. I will keep you posted on progress.

 

Regards,

 

Dan

 

0 Kudos