Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Nickel

VPN Uptime

Jump to solution

What is the command for finding the uptime for a vpn tunnel?  I have a couple of 1450s at each branch that has a tunnel back to corporate and need to the uptime for each tunnel.  Thanks.

Tags (1)
0 Kudos
1 Solution

Accepted Solutions
Highlighted
Pearl

You can easily use the "fw log" command on your firewall management in order to check when a specific VPN tunnel was recently initiated and if VPN Phase1 (IKE) and Phase2 (IPSec) is still established on the firewall gateway in order to tell the uptime of the VPN tunnel.

View solution in original post

0 Kudos
4 Replies
Highlighted

Keep in mind that the initial IKE Phase 1 tunnel will never stay continuously up longer than the "Renegotiate IKE security associations every" SA timer expressed in minutes (1440 by default).  Similarly the IPSec tunnel will never stay continuously up longer than the "Renegotiate IPSec security associations every" SA timer expressed in seconds (3600 by default).  However when the SA Lifetime is reached for either of these tunnels associated with a VPN Community, if there is still traffic trying to traverse the VPN connection (or Permanent Tunnels is enabled) then the tunnel will come right back. 

That being said, other than examining "Key Exchange" events (key icon) in the firewall logs there is not really a direct way to see how long a tunnel has been continually available ("up" is probably not the proper term here) that I can find.

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos
Highlighted
Pearl

You can easily use the "fw log" command on your firewall management in order to check when a specific VPN tunnel was recently initiated and if VPN Phase1 (IKE) and Phase2 (IPSec) is still established on the firewall gateway in order to tell the uptime of the VPN tunnel.

View solution in original post

0 Kudos
Highlighted
Ivory

hi 

i suspect  that 2 of my vpn tunell were down for 5 min and i cant find a command or from smartview monitor about the up time

 

0 Kudos
Highlighted
Platinum

If it is centrally managed SMB then there is an option in Link selection -> Outgoing link tracking to send e-mail alert.

But I prefer to use monitoring system to ping host on the other side. That always works. 

0 Kudos