Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
David_Chau
Contributor
Jump to solution

VPN Uptime

What is the command for finding the uptime for a vpn tunnel?  I have a couple of 1450s at each branch that has a tunnel back to corporate and need to the uptime for each tunnel.  Thanks.

0 Kudos
1 Solution

Accepted Solutions
Danny
Champion Champion
Champion

You can easily use the "fw log" command on your firewall management in order to check when a specific VPN tunnel was recently initiated and if VPN Phase1 (IKE) and Phase2 (IPSec) is still established on the firewall gateway in order to tell the uptime of the VPN tunnel.

View solution in original post

0 Kudos
4 Replies
Timothy_Hall
Legend Legend
Legend

Keep in mind that the initial IKE Phase 1 tunnel will never stay continuously up longer than the "Renegotiate IKE security associations every" SA timer expressed in minutes (1440 by default).  Similarly the IPSec tunnel will never stay continuously up longer than the "Renegotiate IPSec security associations every" SA timer expressed in seconds (3600 by default).  However when the SA Lifetime is reached for either of these tunnels associated with a VPN Community, if there is still traffic trying to traverse the VPN connection (or Permanent Tunnels is enabled) then the tunnel will come right back. 

That being said, other than examining "Key Exchange" events (key icon) in the firewall logs there is not really a direct way to see how long a tunnel has been continually available ("up" is probably not the proper term here) that I can find.

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Danny
Champion Champion
Champion

You can easily use the "fw log" command on your firewall management in order to check when a specific VPN tunnel was recently initiated and if VPN Phase1 (IKE) and Phase2 (IPSec) is still established on the firewall gateway in order to tell the uptime of the VPN tunnel.

0 Kudos
roeiz2019
Explorer

hi 

i suspect  that 2 of my vpn tunell were down for 5 min and i cant find a command or from smartview monitor about the up time

 

0 Kudos
HristoGrigorov

If it is centrally managed SMB then there is an option in Link selection -> Outgoing link tracking to send e-mail alert.

But I prefer to use monitoring system to ping host on the other side. That always works. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events