This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Mauro_Conoscian
Participant
‎2021-07-26 05:59 AM
Jump to solution

Create Alert for VPN Expiration

Hi Mates, I would like create an alert (via script) to notify my soc in case some of our VPN is going to expired, besides as we use vpn authentication with the Checkpoint (ICA) internal certificates it would be usefull to get the same info for the certicates .. in the past i remember that there was a cli command to get this info but i am not able to find it anymore...I remeber also that once you opened the smartconsole you received a list of vpn user expired or in expiration...

I use r80.40 .. any help would be appreciated.

Thanks

Mauro

0 Kudos
1 Solution

Accepted Solutions
Alex_Sazonov
Employee Alumnus
Employee Alumnus
‎2021-07-26 08:00 AM
Jump to solution

Hi @Mauro_Conoscian ,

To get list of the user's certificates issued by ICA you can use this CLI command on the management server:

[Expert@RA_sms:0]# cpca_client lscert -kind  User
Operation succeeded. rc=0.
189 certs found.

Subject = CN=tut,OU=users,O=RA_sms..u5u27o
Status = Revoked   Kind = IKE   Serial = 901   DP = 3
Not_Before: Tue Jun 22 18:59:07 2021   Not_After: Fri Jun 23 18:57:58 2023
Comment: 'was renewed, will be revoked on Wed Jun 30 19:00:06 2021'

Subject = CN=sba2,OU=users,O=RA_sms..u5u27o
Status = Valid   Kind = IKE   Serial = 1060   DP = 3
Not_Before: Fri Jan  1 11:47:00 2021   Not_After: Mon Jan  2 11:41:17 2023

 

Also you can add "-stat Valid" to see only valid certificates

View solution in original post

0 Kudos
2 Replies
Alex_Sazonov
Employee Alumnus
Employee Alumnus
‎2021-07-26 08:00 AM
Jump to solution

Hi @Mauro_Conoscian ,

To get list of the user's certificates issued by ICA you can use this CLI command on the management server:

[Expert@RA_sms:0]# cpca_client lscert -kind  User
Operation succeeded. rc=0.
189 certs found.

Subject = CN=tut,OU=users,O=RA_sms..u5u27o
Status = Revoked   Kind = IKE   Serial = 901   DP = 3
Not_Before: Tue Jun 22 18:59:07 2021   Not_After: Fri Jun 23 18:57:58 2023
Comment: 'was renewed, will be revoked on Wed Jun 30 19:00:06 2021'

Subject = CN=sba2,OU=users,O=RA_sms..u5u27o
Status = Valid   Kind = IKE   Serial = 1060   DP = 3
Not_Before: Fri Jan  1 11:47:00 2021   Not_After: Mon Jan  2 11:41:17 2023

 

Also you can add "-stat Valid" to see only valid certificates

0 Kudos
Mauro_Conoscian
Participant
‎2021-07-29 06:48 AM
In response to Alex_Sazonov
Jump to solution

Thanks Alex.. have you got any idea about how to manage also the vpn user expiration ?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top