Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Scott_Perry1
Participant
Jump to solution

VPN information different for CLI vs GUI - why?

Hello all,

 

I've posted about some of this before.  this time I am having challenges with the various ways that Check Point displays VPN users. 

From the CLI  running 'fw tab -t userc_users -s' I see I have 290 users connected.  (CLI screenshot attached).

 

From the GUI, I right click on the firewall I am looking for details on, select Monitoring, then accessing IPSec VPN, clicking the carrot to expand that I see I have 452 users connected (GUI screenshot attached).

 

I am trying to reconcile how many current VPN users I have connected.  The CLI compared to the GUI show different figures.  

Some questions for Check Point:

1. Which answer is correct?

2. Is there a better (AND more reliable) method to find the accurate number of VPN users connected to my gateway?

3. Why is it so difficult to figure out how many VPN Users are connected currently (poke poke developers)?

4. How do I see the bandwidh being taken up by the VPN users so we can gauge the need to add additional bandwidth?

5. What CLI command feeds the GUI list of IPSec VPN users?

 

Thank you all for your responses, I appreciate it.

 

Scott

0 Kudos
1 Solution

Accepted Solutions
Danny
Champion Champion
Champion

1. Which answer is correct?

The CLI info is correct. Check Point confirmed the Monitoring info has a visual glitch.

2. Is there a better (AND more reliable) method to find the accurate number of VPN users connected to my gateway?

Simply use my One-liner for Remote Access VPN statistics and run it on your VPN gateways.

3. Why is it so difficult to figure out how many VPN Users are connected currently (poke poke developers)?

It's not. See my answer for 2.

4. How do I see the bandwidh being taken up by the VPN users so we can gauge the need to add additional bandwidth?

Just enable monitoring of bandwidth data on your gateway and run the VPN history report after data has been collected.

5. What CLI command feeds the GUI list of IPSec VPN users?

Just use the -f parameter instead of -s on all the fw tab -t commands used within my One-liner in 2.

View solution in original post

4 Replies
Danny
Champion Champion
Champion

1. Which answer is correct?

The CLI info is correct. Check Point confirmed the Monitoring info has a visual glitch.

2. Is there a better (AND more reliable) method to find the accurate number of VPN users connected to my gateway?

Simply use my One-liner for Remote Access VPN statistics and run it on your VPN gateways.

3. Why is it so difficult to figure out how many VPN Users are connected currently (poke poke developers)?

It's not. See my answer for 2.

4. How do I see the bandwidh being taken up by the VPN users so we can gauge the need to add additional bandwidth?

Just enable monitoring of bandwidth data on your gateway and run the VPN history report after data has been collected.

5. What CLI command feeds the GUI list of IPSec VPN users?

Just use the -f parameter instead of -s on all the fw tab -t commands used within my One-liner in 2.

Scott_Perry1
Participant
thank you Danny, that is exactly what I have been looking for. Awesome!!!
0 Kudos
PhoneBoy
Admin
Admin
Please open a TAC case on the visual error.
As Danny noted below, the CLI is more correct.
0 Kudos
Scott_Perry1
Participant
Thank you PhoneBoy, I will do just that.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events