In these turbulent times, with more and more people working from home, getting a grip on one's current situation with Remote Access is essential.
What is my license count? Do I have enough licenses for all my users? What are my options for Remote Access in the first place?
In this post, I take a liberty to list some of the most useful links for the matter. A more extensive FAQ is now available in sk166032. See also our Secure Remote Workforce During Covid-19 hub.
All Check Point Remote Access Solutions, present and legacy, are listed in this SecureKnowledge Article. In a nutshell, you can choose one or a combination of:
For more information, please follow this link.
You can cook your own reports and views, of course, but we have you covered. In this post @Tomas_Vobruba presents a custom SmartView dashboard covering the following:
Three other community-provided reports of interest.
Another option to get statistics is to use this one-liner script, courtesy of our champion @Danny
As well as a SmartConsole Extension showing similar information (also from @Danny)
With multiple tools and licenses used in parallel, you need to be sure you have enough capacity to serve your customers and clients. Assessing RA VPN licensing situation used to be a challenge. There are multiple SecureKnowledge articles for the matter: sk104644, sk39034 and sk14496.
Most probably, you will have to look into VPN tables to get information about usage:
|
Table |
Output |
|
fw tab -t om_assigned_ips -f |
office mode users (including SNX and L2TP) |
|
fw tab -t sslt_om_ip_params -f |
SNX users |
|
fw tab -t L2TP_tunnels -f |
L2TP users |
|
vpn show_tcpt |
Will show the number of Office Mode users that are currently connected in Visitor Mode |
|
fw tab -t cvpn_session |
MAB users connected (not SNX just MAB portal) |
However, there is an easier way, thanks to the community. To see both amount of connected users and license situation on a particular GW, use this fantastic script from one of our champions @HeikoAnkenbrand.
If you are looking for detailed guidance, please refer to our recently posted White Paper for the matter.
The answer is yes. Here are two community posts about how to set up and use strongSwan (Roadwarrier) and Libreswan 3.23 with R80.30, both written by @Soeren_Rothe.
Feel free to add your questions and concerns in the comments, we will be happy to address them
To help you out with keeping an eye on the increased RA VPN usage, we have created a custom Remote Access VPN usage report. You can download the files you need to use it from this post.
In the past days I have been working on a CLI script that can display all Secure Client license information centrally. This script creates a new command on the management server to read the Secure Client licenses. It displays all Secure Client licenses in total (sum). Furthermore, it can read out the currently used licenses on the gateway. If a connection to the gateway can be established, the following values are read out: Currently used Secure Client licenses and the maximum used Secure Client licenses.
If you execute the script via "copy and past" on the management server, a new CLI command "sclic" is created. Afterwards you can use this command to display all licenses in an overview. Please note that the execution of the new command may take a few seconds. This is a normal behaviour.
Now for following:
- Secure Client licenses
- Mobile Access Portal licenses
- SSLVPN licenses
More read here: R80.x - Mobile User License Tool - replaces "dtps lic"
Here an example:
# sclic 10.0.0.1
Now all license parameters for Secure Client are displayed:
I stumbled upon sk112412 during my researches for the One-liner for Remote Access VPN Statistics and included the command in the latest version of ccc.
However, that command couldn't fully convince me yet to be included in my Remote Access VPN One-liner as it often results in errors like these:
Do you guys have any documentation on how to customize the [SSL VPN Portal for published business application] piece?
Talking about colors, etc.....
At the gateway, so far the only places I could find some info that looks even close to customization are:
A Checkmates session on this would also be awesome.
Thanks
David
| User | Count |
|---|---|
| 6 | |
| 6 | |
| 5 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 1 |
Tue 05 Nov 2024 @ 10:00 AM (CET)
EMEA CM LIVE: 30 Years for the CISSP certification - why it is still on topTue 05 Nov 2024 @ 05:00 PM (CET)
Americas CM LIVE: - 30 Years for the CISSP certification - why it is still on topThu 07 Nov 2024 @ 05:00 PM (CET)
What's New in CloudGuard - Priorities, Trends and Roadmap InnovationsTue 05 Nov 2024 @ 10:00 AM (CET)
EMEA CM LIVE: 30 Years for the CISSP certification - why it is still on topTue 05 Nov 2024 @ 05:00 PM (CET)
Americas CM LIVE: - 30 Years for the CISSP certification - why it is still on topTue 12 Nov 2024 @ 03:00 PM (AEDT)
Topic No Suits, No Ties: From Calm to Chaos: the sudden impact of ransomware and its effects (APAC)Wed 20 Nov 2024 @ 05:00 PM (CET)
Under the Hood: DO NOT Renew your WAF without watching THIS!!Tue 19 Nov 2024 @ 12:00 PM (MST)
Salt Lake City: Infinity External Risk Management and Harmony SaaSWed 20 Nov 2024 @ 02:00 PM (MST)
Denver South: Infinity External Risk Management and Harmony SaaS
