This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Pedro_Sentinela
Contributor
‎2022-05-10 10:59 AM

VPN LOGS

Good afternoon, I would like to know if it is possible to check the status of a vpn. For example, I would like to be checking how many times in a month a site-to-site tunnel was down. To be able to make a report.

In the logs it is possible to see the errors, but it is almost impossible to look at all the logs for this period of time that I need to analyze.

 

Can someone help me?

0 Kudos
6 Replies
Timothy_Hall
MVP Gold
MVP Gold
‎2022-05-10 03:46 PM

Problem is the SA lifetimes dictate how long a tunnel is allowed to be up before being torn down to change keys, so just looking at key exchange messages does not mean an outage actually occurred. In addition most VPNs are brought up on demand when interesting traffic needs to use them, and if there is no traffic the tunnel can time out and appear "down" until some more interesting traffic arrives.

Only way I can think of to do this is via Permanent Tunnels which by default only work between Check Point gateways, but can be made to work with other vendor's firewalls by setting Dead Peer Detection (DPD) mode.  Assuming you set both "tunnel up" and "tunnel down" alerts you could measure the time between tunnel down and tunnel up alerts to determine total outage time, although it can take between 20-30 seconds to detect that a tunnel has fallen down and cannot get back up.  The default lifesign interval is 10 seconds with 3 failures causing a "tunnel down" condition, but these timers could be shortened I suppose.  Here is the coverage for Permanent Tunnels from my book:

pt1.pngpt2.pngpt3.pngpt4.png

 

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
0 Kudos
(1)
Pedro_Sentinela
Contributor
‎2022-05-11 08:00 AM
In response to Timothy_Hall

 

Thanks for your response. Let me go into more detail about my case. My client is experiencing connectivity issues on their VPN. In this case, I wanted to be able to tell you which of these errors are happening in a report. But because it's an SMB I don't have access to errors via CPView.

Of course it is possible to see in the logs when a tennel or a link is down, but because it is a lot of logs as it has already been clear. I wanted to know if there is a more practical way to check these errors, as well as in CPView.

Thanks for listening.

 

Captura de tela 2022-05-11 115718.png

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2022-05-12 04:03 AM
In response to Pedro_Sentinela

On SMB options are missing to Monitor VPN status, so all you can do is ping thru the GW from a internal client and record that...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
(1)
Pedro_Sentinela
Contributor
‎2022-05-12 07:47 AM
In response to G_W_Albrecht

In fact, what I need is to collect evidence of how many times the tunnel was unavailable within 30 days.

We had some unavailability and a client asked me how many times it was unavailable and what caused this unavailability.

Could you give me any ideas on how to put together a report on this or how to gather this evidence?

thanks.

0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2022-05-12 02:21 PM
In response to Pedro_Sentinela

Agree with Gunter here, your best option on SMB is some kind of third-party monitoring system that continuously sends traffic through the VPN tunnel every so often and records the availability statistics you need.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
(1)
Pedro_Sentinela
Contributor
‎2022-05-13 04:30 AM
In response to Timothy_Hall

thank you very much for everyone's attention

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events