cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

VPN Uptime

What is the command for finding the uptime for a vpn tunnel?  I have a couple of 1450s at each branch that has a tunnel back to corporate and need to the uptime for each tunnel.  Thanks.

Tags (1)
0 Kudos
2 Replies

Re: VPN Uptime

Keep in mind that the initial IKE Phase 1 tunnel will never stay continuously up longer than the "Renegotiate IKE security associations every" SA timer expressed in minutes (1440 by default).  Similarly the IPSec tunnel will never stay continuously up longer than the "Renegotiate IPSec security associations every" SA timer expressed in seconds (3600 by default).  However when the SA Lifetime is reached for either of these tunnels associated with a VPN Community, if there is still traffic trying to traverse the VPN connection (or Permanent Tunnels is enabled) then the tunnel will come right back. 

That being said, other than examining "Key Exchange" events (key icon) in the firewall logs there is not really a direct way to see how long a tunnel has been continually available ("up" is probably not the proper term here) that I can find.

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
0 Kudos
Danny
Pearl

Re: VPN Uptime

You can easily use the "fw log" command on your firewall management in order to check when a specific VPN tunnel was recently initiated and if VPN Phase1 (IKE) and Phase2 (IPSec) is still established on the firewall gateway in order to tell the uptime of the VPN tunnel.

0 Kudos