cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Remote Access VPN - Short List of Most Useful Resources and Tools

In these turbulent times, with more and more people working from home, getting a grip on one's current situation with Remote Access is essential.

What is my license count? Do I have enough licenses for all my users? What are my options for Remote Access in the first place?

In this post, I take a liberty to list some of the most useful links for the matter. A more extensive FAQ is now available in sk166032. See also our Secure Remote Workforce During Covid-19 hub.

1. What are the Remote Access options with Check Point?

All Check Point Remote Access Solutions, present and legacy, are listed in this SecureKnowledge Article. In a nutshell, you can choose one or a combination of:

  • SSL VPN Portal for published business application
  • Layer-3 VPN Tunnel
  • Layer-3 VPN Tunnel integrated with Endpoint Security

For more information, please follow this link.

2. How do I get effective view concerning Remote Access usage?

You can cook your own reports and views, of course, but we have you covered. In this post @Tomas_Vobruba presents a custom SmartView dashboard covering the following:

  •  total time spend on VPN,
  •  transferred total bytes,
  • number of logs,
  • blade used,
  • login fails and realauth schemes,
  • and client used for connection (workspace, endpoint, snx, etc)

Tomas_Vobruba_0-1584651578068.png

 

Two other community-provided reports of interest.

 

Another option to get statistics is to use this one-liner script, courtesy of our champion @Danny 

danny.png

 

3. Making sure you have enough licenses

With multiple tools and licenses used in parallel, you need to be sure you have enough capacity to serve your customers and clients. Assessing RA VPN licensing situation used to be a challenge. There are multiple SecureKnowledge articles for the matter: sk104644sk39034 and sk14496

Most probably, you will have to look into VPN tables to get information about usage:

Table

Output

fw tab -t om_assigned_ips -f

office mode users (including SNX and L2TP)

fw tab -t sslt_om_ip_params -f

SNX users

fw tab -t L2TP_tunnels -f

L2TP users

vpn show_tcpt

Will show the number of Office Mode users that are currently connected in Visitor Mode

fw tab -t cvpn_session

MAB users connected (not SNX just MAB portal)

 

However, there is an easier way, thanks to the community. To see both amount of connected users and license situation on a particular GW, use this fantastic script from one of our champions @HeikoAnkenbrand.

Screenshot 2020-03-20 at 14.30.30.png

 

4. I need more information: architecture, implementation, scaling, etc.

If you are looking for detailed guidance, please refer to our recently posted White Paper for the matter.

Screenshot 2020-03-20 at 18.38.04.png

5. Can I use Check Point baser Remote Access VPN on Linux?

The answer is yes. Here are two community posts about how to set up and use strongSwan (Roadwarrier) and Libreswan 3.23 with R80.30, both written by @Soeren_Rothe.

 

Feel free to add your questions and concerns in the comments, we will be happy to address them

6 Replies
Highlighted
Pearl

Re: Remote Access VPN - Short List of Most Useful Resources and Tools

Highlighted
Admin
Admin

Re: Remote Access VPN - Short List of Most Useful Resources and Tools

Well done putting this together!

Highlighted

Re: Remote Access VPN - Short List of Most Useful Resources and Tools

Thanks for this very helpful script and post.

Highlighted

Re: Remote Access VPN - Short List of Most Useful Resources and Tools

In the past days I have been working on a CLI script that can display all Secure Client license information centrally. This script creates a new command on the management server to read the Secure Client licenses. It displays all Secure Client licenses in total (sum). Furthermore, it can read out the currently used licenses on the gateway. If a connection to the gateway can be established, the following values are read out: Currently used Secure Client licenses and the maximum used Secure Client licenses.

If you execute the script via "copy and past" on the management server, a new CLI command "sclic" is created. Afterwards you can use this command to display all licenses in an overview. Please note that the execution of the new command may take a few seconds. This is a normal behaviour.

Now for following:
- Secure Client licenses
- Mobile Access Portal licenses
- SSLVPN licenses

More read here: R80.x - Mobile User License Tool - replaces "dtps lic" 

Here an example:
# sclic 10.0.0.1

Now all license parameters for Secure Client are displayed:

SC_Bild7.JPG

Tags (1)
Highlighted

Re: Remote Access VPN - Short List of Most Useful Resources and Tools

@HeikoAnkenbrand this is already mentioned above, even before you commented 🙂

0 Kudos
Highlighted

Re: Remote Access VPN - Short List of Most Useful Resources and Tools

Now for following:
- Secure Client licenses
- Mobile Access Portal licenses
- SSLVPN licenses