This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
the_rock
MVP Diamond
MVP Diamond
‎2026-01-23 08:33 AM

VPN report script

Hey guys,

Wondering if someone would be willing to test this script? I gave it to a customer with just single tunnel and it appars it did work (output below), but I wanted to see what it would give for gateway with multiple vpn tunnels.

 

Tx in advance.

 

Script attached. dos2unix and chmod 777 needed before running it.

 

Their output:

 

Check Point Gateway VPN Runtime Report - HQFW1-84 - 20260123_102122
Generated: 2026-01-23T10:21:22-0500
 
==================================================================
## System Version (clish)
## Command: clish -c show version all
## Time: 2026-01-23T10:21:22-0500
==================================================================
 
Product version Check Point Gaia R81.20
OS build 631
OS kernel version 3.10.0-1160.15.2cpx86_64
OS edition 64-bit
 
==================================================================
## VPN Statistics (cpstat -f all vpn)
## Command: cpstat -f all vpn
## Time: 2026-01-23T10:21:23-0500
==================================================================
 
 
Encrypted packets:                            0
Decrypted packets:                            0
Encryption errors:                            5
Decryption errors:                            278
Connection related errors:                    97
Product:                                      IPSec VPN
Major version:                                6
Minor version:                                0
Kernel build num.:                            997000020
IKE current SAs:                              1
IKE current SAs initiated by me:              0
IKE current SAs initiated by peer:            1
IKE max concurrent SAs:                       2
IKE max concurrent SAs initiated by me:       1
IKE max concurrent SAs initiated by peer:     1
IKE total SAs:                                243
IKE total SAs initiated by me:                57
IKE total SAs initiated by peer:              186
IKE total SA attempts:                        127
IKE total SA attempts initiated by me:        0
IKE total SA attempts initiated by peer:      127
IKE current ongoing SA negotiations:          0
IKE max concurrent SA negotiations:           1
IKE no response from peer (initiator errors): 0
IKE total failures (initiator errors):        33
IKE total failures (responder errors):        167
IKE total failures (initiator + responder):   200
IPsec current Inbound SAs:                    2
IPsec current Outbound SAs:                   1
IPsec max concurrent Inbound SAs:             2
IPsec max concurrent Outbound SAs:            1
IPsec total Inbound SAs:                      7049
IPsec total Outbound SAs:                     7049
IPsec number of VPN-1 peers:                  1
IPsec maximum number of VPN-1 peers:          2
IPsec number of VPN-1 RA peers:               0
IPsec maximum number of VPN-1 RA peers:       0
IPsec decryption errors:                      0
IPsec authentication errors:                  0
IPsec replay errors:                          0
IPsec Connection related errors:              0
IPsec unknown SPI errors:                     0
IPsec other inbound errors:                   278
IPsec other outbound errors:                  0
IPsec UDP encrypted packets:                  0
IPsec UDP decrypted packets:                  0
IPsec encrypted bytes:                        0
IPsec decrypted bytes:                        0
IPsec encrypted packets:                      0
IPsec decrypted packets:                      0
IPsec bytes before decompression:             0
IPsec bytes after decompression:              0
IPsec bytes decompression overhead:           0
IPsec packets decompressed:                   0
IPsec decompression errors:                   0
IPsec bytes before compression:               0
IPsec bytes after compression:                0
IPsec bytes compression overhead:             0
IPsec bytes non compressible:                 0
IPsec packets compressed:                     0
IPsec packets non compressible:               0
IPsec compression errors:                     0
HW accel. vendor:                             None
HW accel. status:                             Off
HW accel. driver major version:               0
HW accel. driver minor version:               0
HW accel. encrypted IPsec packets:            0
HW accel. decrypted IPsec packets:            0
HW accel. encrypted IPsec bytes:              0
HW accel. decrypted IPsec bytes:              0
HW accel. encryption errors:                  0
HW accel. decrytpion errors:                  0
HW accel. context errors:                     0
IPsec NIC: Number of IPsec NIC's   :          0
IPsec NIC: Current SA's :                     0
IPsec NIC: Total SA's   :                     0
IPsec NIC: Decrypted bytes by NIC  :          0
IPsec NIC: Encrypted bytes by NIC  :          0
IPsec NIC: Decrypted packets by NIC:          0
IPsec NIC: Encrypted packets by NIC:          0
 
 
==================================================================
## Active IKE SAs (vpn tu -w list ike)
## Command: vpn tu -w list ike
## Time: 2026-01-23T10:21:23-0500
==================================================================
 
 
 
 
Peer 156.137.39.21 , DHL-GW-156.137.39.21 SAs:
 
IKE SA <3eac3f724ad73858,4fef3098d56672fc>
 
==================================================================
## Active IPsec SAs (vpn tu -w list ipsec)
## Command: vpn tu -w list ipsec
## Time: 2026-01-23T10:21:23-0500
==================================================================
 
 
 
 
Peer 156.137.39.21 , DHL-GW-156.137.39.21 SAs:
 
IKE SA <3eac3f724ad73858,4fef3098d56672fc>
INBOUND:
1. 0xcf82bff7 (i: 3)
2. 0xc989e04 (i: 3)
OUTBOUND:
1. 0xf4977076 (i: 3)
Best,
Andy
"Have a great day and if its not, change it"
cp_gateway_vpn_report.sh
0 Kudos
7 Replies
Vincent_Bacher
MVP Silver
MVP Silver
‎2026-01-23 11:11 AM

I can test it on Monday. I am not responsible for the S2S VPN devices but I think there are dozens of active tunnels

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-01-23 11:18 AM
In response to Vincent_Bacher

Thanks! I will test it shortly on one of customer's fws, I know they have about 10 tunnels on that cluster.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
CaseyB
Advisor
‎2026-01-23 11:38 AM

It works for multiples, 3/3 no issues.

vpn_script.png

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-01-23 11:39 AM
In response to CaseyB

Awesome, thanks!

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Vincent_Bacher
MVP Silver
MVP Silver
‎2026-01-23 11:44 AM
In response to the_rock

Perhaps the output could be spruced up a bit; I'll play around with it a little on Monday. 🙂

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
CaseyB
Advisor
‎2026-01-23 11:44 AM
In response to the_rock

Anytime! It scaled to 40 without issues as well.

the_rock
MVP Diamond
MVP Diamond
‎2026-01-23 11:46 AM
In response to CaseyB

K, great, tx a lot!

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events