- Products
- Learn
- Local User Groups
- Partners
- More
Firewall Uptime, Reimagined
How AIOps Simplifies Operations and Prevents Outages
Introduction to Lakera:
Securing the AI Frontier!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
How to find for S2S VPN tunnel for defined date, time when tunnel is created, time when is down in logs?
For example, I want to find in logs when S2S VPN tunnel is created on 29.09.2023. for peer 81.93.73.155?
Is it enough to find IKE logs for peer 81.93.73.155 on date 29.09.2023.?
Best regards
Look for Key Install Events - you should see at least one Key Install for Quick Mode and one for Main Mode complete. Also tunnel down is a Key Install log.
29 Sep 23, 9:09:49 AM Informational Exchange Received Notification from Peer: Responder Lifetime(phase1)
29 Sep 23, 9:29:16 AM Informational Exchange Received Notification from Peer: Responder Lifetime(phase1)
29 Sep 23, 9:29:16 AM Quick Mode Received Notification from Peer: invalid id information
29 Sep 23, 9:29:16 AM Informational Exchange Received Delete IKE-SA from Peer: 81.93.73.155; Cookies: 6288df3d467a54f9-24dc01cea79c573e
29 Sep 23, 9:32:28 AM Informational Exchange Received Notification from Peer: Responder Lifetime(phase1)
29 Sep 23, 9:32:28 AM Quick Mode Received Notification from Peer: invalid id information
29 Sep 23, 9:32:28 AM Informational Exchange Received Delete IKE-SA from Peer: 81.93.73.155; Cookies: cfee3d114ade6c26-7164d994f8d95749
29 Sep 23, 9:35:17 AM Quick Mode Received Notification from Peer: invalid id information
29 Sep 23, 9:35:17 AM Informational Exchange Received Delete IKE-SA from Peer: 81.93.73.155; Cookies: 5fa2520d840b9d04-82eb57ebb5e31265
29 Sep 23, 9:43:41 AM Informational Exchange Received Notification from Peer: Responder Lifetime(phase1)
29 Sep 23, 9:43:41 AM Quick Mode Received Notification from Peer: invalid id information
29 Sep 23, 9:43:41 AM Informational Exchange Received Delete IKE-SA from Peer: 81.93.73.155; Cookies: 5e3d5c7ac2ec55a4-ed9a9498f5bf9339
29 Sep 23, 9:45:13 AM Informational Exchange Received Notification from Peer: Responder Lifetime(phase1)
So what ? You did not write that VPN does not work, look at https://support.checkpoint.com/results/sk/sk108600
Hello, I send to you logs on 29 Sep 23 for peer 81.93.73.155 between 6-11 AM
Please let me know on which time S2S VPN tunnel is created and when is down?
Please explain what you want to achieve - and why i should analyze your logs without cause ?
Hello, regarding this logs, I want to know when S2S tunnel was up and when was down.
Is it possible to know this information based on "Key Install" logs.
Best regards.
Easy - it was down starting somewhere before 29 Sep 23, 9:29:16 until before 29 Sep 23, 9:45:13.
The Key Install logs are a good indication of when the tunnel came up.
Tunnels "exist" so long as there is traffic flowing through them and/or the various IPsec timers do not expire.
Short of some sort of debugging mode, I don't believe we log anything that might be interpreted as a "tunnel down" event.
See...unfortunately, CP does not have an easy way of telling such info, unlike some other fw vendors, so what @G_W_Albrecht gave you is probably your best bet.
You can verify with TAC to see if they have better method, but personally, I never heard of any.
Andy
I found customers using ping from one peer network node to another to monitor this 8)
I would NOT call such a method a monitoring tool 🤣🤣🤣
Andy
Maybe not - but it does
- try to keep the tunnel up all the time
- logs when the tunnel goes down
- logs when the tunnel came up again
I guess thats the best method in this case lol
Andy
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
13 | |
12 | |
11 | |
10 | |
9 | |
8 | |
7 | |
5 | |
5 | |
5 |
Tue 07 Oct 2025 @ 10:00 AM (CEST)
Cloud Architect Series: AI-Powered API Security with CloudGuard WAFThu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Thu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Wed 22 Oct 2025 @ 11:00 AM (EDT)
Firewall Uptime, Reimagined: How AIOps Simplifies Operations and Prevents OutagesAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY