This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Nyklon
Explorer
‎2023-05-03 08:34 AM
Jump to solution

Skyline VPN tunnel telemetry

I have multiple ikev2 tunnels running on different gateways and have setup skyline and the required backend.  I am getting data from the firewalls but the vpn vti interfaces are showing 0bps.  I would expect to see some kind of data from the gateways regarding the tunnels bandwidth usage.  Are there additional steps to get this data through skyline outside the skyline setup sk?  This is a Maestro environment.

 

Thanks

Jim

0 Kudos
1 Solution

Accepted Solutions
D_Schoenberger
Employee
Employee
‎2023-05-16 08:57 AM
Jump to solution

Hi @Nyklon ,

 

VTIs are virtual interfaces which do not receive/transmit packets - they are logical only, for providing a nexthop to which traffic can be routed.

 

Traffic that is routed via a VTI is intercepted by the kernel, encrypted, and transmitted via the real physical interface of the gateway. Likewise, decrypted traffic is received on the external, real physical, interface of the gateway and transmitted by the internal, real physical, interface of the gateway. Because of this interception, no packet ever actually reaches the RX/TX queues of the vpntX interfaces, so the OS won't report them in the output of "ifconfig".

 

Hope this clears things up a bit.

View solution in original post

0 Kudos
5 Replies
Arik_Ovtracht
Employee
Employee
‎2023-05-04 06:41 AM
Jump to solution

Hi @Nyklon

What do you see when you run CPview on the firewalls? Is the correct data displayed there?

Nyklon
Explorer
‎2023-05-04 08:32 AM
In response to Arik_Ovtracht
Jump to solution

no cpview shows no information for the vpn tunnels.    Below is the cpview.  vpnt101 and 102 are used and actually using most of the bandwidth across the firewall.  vpnt103 and 104 are down so can be ignored.

cpview no tunnel statscpview no tunnel stats

0 Kudos
Arik_Ovtracht
Employee
Employee
‎2023-05-07 01:06 AM
In response to Nyklon
Jump to solution

In that case, the issue is not with Skyline itself, but with the data producers from CPview.

I will loop in the relevant feature owners, and will try to put an update here once we have some conclusions.

0 Kudos
Arik_Ovtracht
Employee
Employee
‎2023-05-07 01:32 AM
In response to Arik_Ovtracht
Jump to solution

Hi @Nyklon,

looks like this issue would require more investigation from us - can you please open a support ticket for it? You can mention my name (Arik Ovtracht) on the ticket to get the investigation task directly to me.

0 Kudos
D_Schoenberger
Employee
Employee
‎2023-05-16 08:57 AM
Jump to solution

Hi @Nyklon ,

 

VTIs are virtual interfaces which do not receive/transmit packets - they are logical only, for providing a nexthop to which traffic can be routed.

 

Traffic that is routed via a VTI is intercepted by the kernel, encrypted, and transmitted via the real physical interface of the gateway. Likewise, decrypted traffic is received on the external, real physical, interface of the gateway and transmitted by the internal, real physical, interface of the gateway. Because of this interception, no packet ever actually reaches the RX/TX queues of the vpntX interfaces, so the OS won't report them in the output of "ifconfig".

 

Hope this clears things up a bit.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top