Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

VPN information different for CLI vs GUI - why?

Jump to solution

Hello all,

 

I've posted about some of this before.  this time I am having challenges with the various ways that Check Point displays VPN users. 

From the CLI  running 'fw tab -t userc_users -s' I see I have 290 users connected.  (CLI screenshot attached).

 

From the GUI, I right click on the firewall I am looking for details on, select Monitoring, then accessing IPSec VPN, clicking the carrot to expand that I see I have 452 users connected (GUI screenshot attached).

 

I am trying to reconcile how many current VPN users I have connected.  The CLI compared to the GUI show different figures.  

Some questions for Check Point:

1. Which answer is correct?

2. Is there a better (AND more reliable) method to find the accurate number of VPN users connected to my gateway?

3. Why is it so difficult to figure out how many VPN Users are connected currently (poke poke developers)?

4. How do I see the bandwidh being taken up by the VPN users so we can gauge the need to add additional bandwidth?

5. What CLI command feeds the GUI list of IPSec VPN users?

 

Thank you all for your responses, I appreciate it.

 

Scott

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Pearl

1. Which answer is correct?

The CLI info is correct. Check Point confirmed the Monitoring info has a visual glitch.

2. Is there a better (AND more reliable) method to find the accurate number of VPN users connected to my gateway?

Simply use my One-liner for Remote Access VPN statistics and run it on your VPN gateways.

3. Why is it so difficult to figure out how many VPN Users are connected currently (poke poke developers)?

It's not. See my answer for 2.

4. How do I see the bandwidh being taken up by the VPN users so we can gauge the need to add additional bandwidth?

Just enable monitoring of bandwidth data on your gateway and run the VPN history report after data has been collected.

5. What CLI command feeds the GUI list of IPSec VPN users?

Just use the -f parameter instead of -s on all the fw tab -t commands used within my One-liner in 2.

View solution in original post

4 Replies
Highlighted
Pearl

1. Which answer is correct?

The CLI info is correct. Check Point confirmed the Monitoring info has a visual glitch.

2. Is there a better (AND more reliable) method to find the accurate number of VPN users connected to my gateway?

Simply use my One-liner for Remote Access VPN statistics and run it on your VPN gateways.

3. Why is it so difficult to figure out how many VPN Users are connected currently (poke poke developers)?

It's not. See my answer for 2.

4. How do I see the bandwidh being taken up by the VPN users so we can gauge the need to add additional bandwidth?

Just enable monitoring of bandwidth data on your gateway and run the VPN history report after data has been collected.

5. What CLI command feeds the GUI list of IPSec VPN users?

Just use the -f parameter instead of -s on all the fw tab -t commands used within my One-liner in 2.

View solution in original post

Highlighted
thank you Danny, that is exactly what I have been looking for. Awesome!!!
0 Kudos
Highlighted
Admin
Admin
Please open a TAC case on the visual error.
As Danny noted below, the CLI is more correct.
0 Kudos
Highlighted
Thank you PhoneBoy, I will do just that.
0 Kudos