Create a Post
Showing results for 
Search instead for 
Did you mean: 

Pre-Share Keys CMD CLISH


does anyone the CMD to see the vpn Pre-Share Keys in Checkpoint?


In Fortinet the PSK is saved in the config File like:

set remote-gw
set psksecret ENC Sqjxee+N3ZaTG2lL..........wa27N+XALaSxVQ==

0 Kudos
5 Replies

As far as I know, no such command exists.

If you don't know what it is, you have to reset it, per this SK:

Is it possible to recover the VPN pre-shared secrets, if they are unknown? 

0 Kudos

Hi Dameon,
thanks for your reply.
Maybe in the active connections?
grep radius /config/active
aaa:auth_profile:base_radius_authprofile:radius_sr v:0:secret \ lDGLiWozsw==
So instead of radius maybe vpn?
grep vpn /config/active
Finally i would search this in the CP Firewall with 
find / -type f  -not -path "/var/log"  | xargs grep  -i " lDGLiWozsw== " 2>&1 | grep -v "Permission denied" 
Unfortunately, at the moment, i install a CP and i don"t  have a finished CP Installation to
to see if this could find this key?
0 Kudos

I can assure you the shared VPN key will NOT appear in /config/active as that contains OS config only, nothing related to firewall, VPN, or Threat Prevention.


As Dameon wrote, there is an sk about that - sk92561 Is it possible to recover the VPN pre-shared secrets, if they are unknown? In older (<R75.40) version dashboard, the PSK entry was unmasked and readable, but that has been changed for good! I assume that even using GuiDBedit to search a known PSK in the database would not yield any success... At least it should not .


The unencrypted pre-shared key is needed to establish the VPN.  Therefor it must be stored somewhere on the CP FW in a reversible format.

The question is, where is it stored, and how is it decrypted?

Any claim that it cannot be recovered is just security by obscurity ....

0 Kudos