This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Zee
Contributor
‎2026-01-28 07:50 AM

VPN Monitoring due to disconnections.

Hi,
We are facing multiple issues related to  VPN in our infrastructure for months and CheckPoint is unfortunately unable to resolve it till now. The issue is mainly related to random VPN disconnections from One site to our HQ and all other firewalls do not have any issues. To monitor it, and to reset the tunnel when issue is seen, we are using SNMP for VPN alerts but it is not entirely reliable as sometime the tunnel shows UP but the traffic from our problematic site does not reach HQ and vice versa but it is entirely random. I wanted to ask if there is any possibility to have an alert on Grafana via SKYLINE , which can verify if VPN traffic between these two sites is successful or not irrespective of the VPN tunnel state. VPN from problematic site has VPN tunnels with other sites as well (mesh), so I wanted to have a dedicate alert between these two sites. It would be helpful if someone has configured such alerts on Grafana. Thank you.

0 Kudos
2 Replies
Vincent_Bacher
MVP Silver
MVP Silver
‎2026-01-28 08:49 AM

Hi,

from my perspective afaik with Skyline alone this is currently not possible. Skyline mainly provides tunnel state and related metrics, but it cannot verify whether actual VPN traffic is successfully passing between two specific sites. Therefore, you cannot reliably alert on real connectivity issues when the tunnel still shows UP.

If you are exporting Skyline metrics to Prometheus, I guess you can then implement synthetic traffic checks using Prometheus Blackbox Exporter.

This allows you to actively test ICMP or TCP connectivity to a target that is only reachable through the VPN and alert on real traffic failure, independent of tunnel state.

 

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
Tal_Paz-Fridman
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2026-01-28 09:01 AM

Please look at two options:
sk181994 How to monitor the status of VPN Network Probes in R82 and higher
https://support.checkpoint.com/results/sk/sk181994 

R82.10 Logging and Monitoring Administration Guide (applies to older versions as well)
Monitoring VPN Tunnels
https://sc1.checkpoint.com/documents/R82.10/WebAdminGuides/EN/CP_R82.10_LoggingAndMonitoring_AdminGu... 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Trending Discussions
Memory Leak in CPotelcol?
Upcoming Events

    Sort by:
    CheckMates Events