Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Mauro_Conoscian
Participant

Create Alert for VPN Expiration

Jump to solution

Hi Mates, I would like create an alert (via script) to notify my soc in case some of our VPN is going to expired, besides as we use vpn authentication with the Checkpoint (ICA) internal certificates it would be usefull to get the same info for the certicates .. in the past i remember that there was a cli command to get this info but i am not able to find it anymore...I remeber also that once you opened the smartconsole you received a list of vpn user expired or in expiration...

I use r80.40 .. any help would be appreciated.

Thanks

Mauro

0 Kudos
1 Solution

Accepted Solutions
Alex_Sazonov
Employee
Employee

Hi @Mauro_Conoscian ,

To get list of the user's certificates issued by ICA you can use this CLI command on the management server:

[Expert@RA_sms:0]# cpca_client lscert -kind  User
Operation succeeded. rc=0.
189 certs found.

Subject = CN=tut,OU=users,O=RA_sms..u5u27o
Status = Revoked   Kind = IKE   Serial = 901   DP = 3
Not_Before: Tue Jun 22 18:59:07 2021   Not_After: Fri Jun 23 18:57:58 2023
Comment: 'was renewed, will be revoked on Wed Jun 30 19:00:06 2021'

Subject = CN=sba2,OU=users,O=RA_sms..u5u27o
Status = Valid   Kind = IKE   Serial = 1060   DP = 3
Not_Before: Fri Jan  1 11:47:00 2021   Not_After: Mon Jan  2 11:41:17 2023

 

Also you can add "-stat Valid" to see only valid certificates

View solution in original post

0 Kudos
2 Replies
Alex_Sazonov
Employee
Employee

Hi @Mauro_Conoscian ,

To get list of the user's certificates issued by ICA you can use this CLI command on the management server:

[Expert@RA_sms:0]# cpca_client lscert -kind  User
Operation succeeded. rc=0.
189 certs found.

Subject = CN=tut,OU=users,O=RA_sms..u5u27o
Status = Revoked   Kind = IKE   Serial = 901   DP = 3
Not_Before: Tue Jun 22 18:59:07 2021   Not_After: Fri Jun 23 18:57:58 2023
Comment: 'was renewed, will be revoked on Wed Jun 30 19:00:06 2021'

Subject = CN=sba2,OU=users,O=RA_sms..u5u27o
Status = Valid   Kind = IKE   Serial = 1060   DP = 3
Not_Before: Fri Jan  1 11:47:00 2021   Not_After: Mon Jan  2 11:41:17 2023

 

Also you can add "-stat Valid" to see only valid certificates

View solution in original post

0 Kudos
Mauro_Conoscian
Participant

Thanks Alex.. have you got any idea about how to manage also the vpn user expiration ?

0 Kudos