This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
IZoom
Contributor
‎2021-11-20 11:39 AM
Jump to solution

how to list currently connected VPN users on embedded GAIA

Hello,

I want to know, who is connected via VPN to my 1800 gateway (R80.20.35) centrally managed from Smart-1 Cloud

 

I have tried to get it from:

  • fw tab -t om_assigned_ips (or users_userc).
    • The embedded GAIA does not know switch -f, so the output is not readable for me
  • cpstat vpn
    • not enough info
  • cpview
    • not uspported on embedded GAIA
  • vpn tu
    • I am not able to identify users
  • VPN oneliners (and from in CCC)
    • not supported on GAIA, no oneliner is fully functional on this build
  • SmartView Monitor
    • shows only the sum of concurrent connection
    • the rest requires Monitoring blade, which is missing on embeded GAIA
  • Various Views templates I found
    • requires SmartEvent, which is not applicable for embedded GAIA

 

well... the 1800 has 500 VPN licenses included, but no reporting functionality?

0 Kudos
1 Solution

Accepted Solutions
Danny
Champion Champion
Champion
‎2021-11-26 07:28 AM
In response to IZoom
Jump to solution

This should show what you are looking for:

vpn tu tlist

View solution in original post

13 Replies
Danny
Champion Champion
Champion
‎2021-11-20 03:01 PM
Jump to solution 

fw tab -t userc_users -f -u
(1)
G_W_Albrecht
Legend Legend
Legend
‎2021-11-20 11:32 PM
In response to Danny
Jump to solution

This is not usable on SMB:
# fw tab -t userc_users -f -u
fw: illegal option -- f
Usage: fw tab [-v] [-t <table>] [-s | -c] [-f] [-o <filename>] [-k <kbuf names>] [-r] [-u | -m <maxvals>] [[-x | -a] -e entry]
[-y]
 
With locally managed SMBs you would be able to use the WebGUI VPN > Remote Access > Connected Remote Users page.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Tomas_Vobruba
Employee
Employee
‎2021-11-26 03:44 AM
In response to G_W_Albrecht
Jump to solution

Btw, i do not understand why this parameter is there, if this is not usable. Benefit from working param is huge, nobody will read raw hex format of tables

 

 

0 Kudos
_Val_
Admin
Admin
‎2021-11-26 03:59 AM
In response to Tomas_Vobruba
Jump to solution

The syntax is for regular Gaia

0 Kudos
Tomas_Vobruba
Employee
Employee
‎2021-11-26 04:05 AM
In response to _Val_
Jump to solution

Val, I'm aware about this.. but as you can see, running same command on smb causes illegal error. Which means this parameter should never be visible on smb code or it should return correct formated output. I will take it and manage it with code owners.

_Val_
Admin
Admin
‎2021-11-26 05:06 AM
In response to Tomas_Vobruba
Jump to solution

Yes, reaching out to SMB developers is the best way to get rid of this cosmetic issue, please do so.

0 Kudos
Tomas_Vobruba
Employee
Employee
‎2021-11-30 08:01 AM
In response to _Val_
Jump to solution

Hi all, 

 

according to my discussion parameter -f was corrected(added) into the latest jumbo and will be delivered in near future to next GA.

 

Tomas

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2021-11-21 01:31 PM
Jump to solution

Open a SR# with TAC to find a solution, that is the most promising advice...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
IZoom
Contributor
‎2021-11-22 02:01 AM
In response to G_W_Albrecht
Jump to solution

thank you for advice. I'll do.

0 Kudos
Danny
Champion Champion
Champion
‎2021-11-26 07:28 AM
In response to IZoom
Jump to solution

This should show what you are looking for:

vpn tu tlist

IZoom
Contributor
‎2021-11-27 08:22 AM
In response to Danny
Jump to solution

yeah. that's good start.

 

gw1> vpn tu tlist | grep -A1 -B4 User:
                        ^
Bad parameter starting at '| grep -A1 -B4 User:'

 

 

whatewer vpn tu tlist give first readable output.  I completly forgot about tlist switch and it was not mentioned in command help. Even the I enabled statistic, nothing readable is written.

 

gw1> vpn tu -t tlist
+-----------------------------------------+-----------------------+---------------------+
| Peer: 172.160.11.4 (89bf1149ce499691)   | MSA: ffff00040becb538 | i: 3  ref:     1    |
| Methods: ESP Tunnel 3DES SHA1           |                       | i: 4  ref:     4    |
| My TS:   0.0.0.0/0                      |                       |                     |
| Peer TS: 172.160.11.4                   |                       |                     |
| User: CN=....user1.....,OU=users,O=gw-..| NAT-T                 |                     |
| MSPI:   2000064 (i:  4, p:  0)          | Out SPI: d3807e48     |                     |
+-----------------------------------------+-----------------------+---------------------+


gw1> vpn tu tlist -t
Usage:
vpn tu tlist [VOLUME_STATISTICS_OPTION] [OPTION]...
List information about existing VPN tunnels
Example: vpn tu tlist -v -t -br (or -vtbr)

VOLUME_STATISTICS_OPTIONs:
  clear                        clear Tunnel List volume statistics
  start                        turn on Tunnel List volume statistics
  stop                         turn off Tunnel List volume statistics
  state                        show Tunnel List volume statistics state

OPTIONs (mandatory arguments to long options are mandatory for short options too):
  -b                           sort by total (encrypted+decrypted) bytes
  -d                           sort by inbound (decrypted) bytes
  -e                           sort by outbound (encrypted) bytes
  -h                           display this help and exit
  -i                           combine list rows per instance with accumulated traffic. Default order is descending by total bytes

  -m                           sort by MSPI
  -n                           sort by peer name
  -p IP                        list tunnels only for peer with IP
  -r                           reverse order while sorting
  -s                           sort by SPI
  -t                           combine list rows per peer with accumulated traffic. Default order is descending by total bytes
  -v                           print a message for each provided OPTION after this one
  -a off/on                    print only accelerated tunnels or only non-accelerated tunnels

 

0 Kudos
IZoom
Contributor
‎2021-11-27 08:29 AM
In response to IZoom
Jump to solution

ok, well the statistics are displayed after a while.

GW1> vpn tu list tunnels
+-----------------------------------------+-----------------------+---------------------+
| Peer: 172.160.11.5 (d764901471566341)   | MSA: ffff00040becb438 | i: 0  ref: -- 15/60 |
| Methods: ESP Tunnel 3DES SHA1           |                       | i: 1  ref: -- 23/60 |
| My TS:   0.0.0.0/0                      | 😧 233.57 KB -100.00% | i: 2  ref: -- 16/60 |
| Peer TS: 172.160.11.5                   | E: 894.27 KB -100.00% | i: 3  ref: -- 16/60 |
| User: CN=....user1.....,OU=users,O=gw-..| NAT-T                 | i: 4  ref: -- 15/60 |
| MSPI:   40000d2 (i:  8, p:  0)          | Out SPI: 8748db45     | i: 5  ref: -- 13/60 |
|                                         |                       | i: 6  ref: -- 15/60 |
|                                         |                       | i: 7  ref: -- 30/60 |
|                                         |                       | i: 8  ref:    31    |
|                                         |                       | i: 9  ref: -- 16/60 |
+-----------------------------------------+-----------------------+---------------------+

 

0 Kudos
Danny
Champion Champion
Champion
‎2021-11-27 10:53 AM
In response to IZoom
Jump to solution

I'm glad I could be of help.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events