This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Oliver_Fink
Advisor
Advisor
‎2020-11-24 06:36 AM
Jump to solution

Delete VPN tunnel from the CLI

One of our customers is running two clusters of 1450 (R77.20.87, JHFA B990173042) managing a vpn connection to the central site with a VSX cluster (R80.30). The problem is that sometimes the 1450 does not delete IKE connections to the central site. Today, we saw 3 IKE connections running, only one of them with IPsec SAs. In these cases no packets pass to the central site.

I want to do some scripting to detect these situations. (I know: Pain in the a… on Embedded GAIA!) But the  "vpn tu" utility is very limited on SMB appliances. It lacks the "vpn tu del" functionality. Such, one must use the menu system of "vpn tu" to delete any vpn tunnel.

Does any possibility exist to delete a vpn tunnel from the command line within a bash script?

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend
‎2020-12-15 07:24 AM
Jump to solution

Click to Expand
vpntu.png

Took about 15mins for a shell script dummy...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

0 Kudos
(1)
5 Replies
G_W_Albrecht
Legend Legend
Legend
‎2020-11-24 09:25 AM
Jump to solution

Yes - you have to write a bash script that will answer with the right numbers and letters for the command you need from the menue. This is possible in bash, i had an experienced collegue who did that for me (some time ago for another command).

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Oliver_Fink
Advisor
Advisor
‎2020-12-15 04:53 AM
Jump to solution

Thanks. That is the answer I feared I would get. SMB with Embedded GIA remains being a pain in the a**.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2020-12-15 06:04 AM
In response to Oliver_Fink
Jump to solution

Dont be so hard on them 😎

Example was to enter y(es) upon command reboot:

(echo y ) | reboot

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2020-12-20 02:08 AM
In response to Oliver_Fink
Jump to solution

Tried it yet ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2020-12-15 07:24 AM
Jump to solution

Click to Expand
vpntu.png

Took about 15mins for a shell script dummy...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events