Thank you for replying.

I can see in my firewall logs the total traffic being sent over a period of time, based on the source IP from the peer. I would like to put these logs into a graph to show daily connections from the client side (they asked us if we could provide this as they don't monitor these metrics on their side)

I don't know if I can get Traffic In (bytes) to show on the graph, when I select this in my report creation it shows "0b" in the widget.

We then have an internal Zabbix monitor using SNMP to monitor the state of the tunnel using 1.3.6.1.4.1.2620.500.9002.1.3.peer.ip.of.client.0, and this alerts when it changes from 3 (active) to any other value (4 destroy, 129 idle, 130 phase1, 131 down, 132 init).

I would like to provide some info in my report on the state of the tunnel say over a 30 day period, like a table that shows number of times the tunnel changed from 3 to any other state.

We are running Checkpoint R81.10 on our side, the client is running Fortigate (I think) on theirs.

For my report parameters I`m using :

Blade = Firewall

Source = peer.ip.of.client

I hope this is the info you require, thanks for your assistance.

I think the only thing we log is when the VPN comes up or there is a new key exchange.
We don't log VPN state beyond when the tunnel comes up due to interesting traffic being sent/received.
That means you will not be able to get this information from SmartEvent.

Hi,

Sounds good but how to set the filter to encryption domain of the relevant gateways?

I'm trying to provide a monthly report to the customer about the amount of traffic between two locations (Check Point GWs connected to the same SMS).

When setting VPN community as filter in the Smart Console Log I can see all of the connections being encrypted and decrypted but I have no clue how to build the report.

Setting Custom Filter = VPN-xxx-Corporate is not working

The Chart Filter should be based on Source/Destination, not "Custom Filter," I'm fairly certain.