This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sanjeev
Employee
Employee
‎2020-04-28 09:23 PM

VPN Capacity Optimization - cpstat -f all vpn

Hi folks,

I am new to checkpoint VPN solution and would like to understand the VPN Capacity Optimization for a 4600 GW appliance running Remote Access VPN. The output of cpstat -f all vpn showed below, how do I drive the maximum concurrent users that have connected to the GW?

IKE current SAs:                              2075

IKE current SAs initiated by me:              0

IKE current SAs initiated by peer:            2075

IKE max concurrent SAs:                       2254

IKE max concurrent SAs initiated by me:       0

IKE max concurrent SAs initiated by peer:     2254

IKE total SAs:                                63454

IKE total SAs initiated by me:                0

IKE total SAs initiated by peer:              63454

IKE total SA attempts:                        98080

IKE total SA attempts initiated by me:        73612

IKE total SA attempts initiated by peer:      24468

IKE current ongoing SA negotiations:          4

IKE max concurrent SA negotiations:           35

IKE no response from peer (initiator errors): 8317

IKE total failures (initiator errors):        151288

IKE total failures (responder errors):        10302

IKE total failures (initiator + responder):   169907

IPsec current Inbound SAs:                    2138

IPsec current Outbound SAs:                   1962

IPsec max concurrent Inbound SAs:             2388

IPsec max concurrent Outbound SAs:            2158

IPsec total Inbound SAs:                      221703

IPsec total Outbound SAs:                     376261

IPsec number of VPN-1 peers:                  2351

IPsec maximum number of VPN-1 peers:          2536

IPsec number of VPN-1 RA peers:               2351

IPsec maximum number of VPN-1 RA peers:       2567

Also if there is no performance impact on the gateway can the device support 2200 + concurrent users? The customer wants to set the right value for Maximum concurrent tunnels for this box (running NGTP).

Thanks,

Sanjeev

0 Kudos
1 Reply
Danny
Champion Champion
Champion
‎2020-04-28 09:55 PM

One-liner for Remote Access VPN Statistics

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events