- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
ℹ️ Will be released as SmartConsole extension soon.
One-liner (Bash) to show IPsec VPN site-to-site tunnels on Check Point security gateways.
In expert mode run:
echo;_vpn=1;if [[ -f /bin/enabled_blades ]];then if [[ `enabled_blades|tr 'A-Z' 'a-z'` != *'vpn'* ]];then _vpn=0;fi;elif [[ -f /opt/fw1/conf/active_blades.txt ]];then if [[ `grep VPN-S2S /opt/fw1/conf/active_blades.txt|awk '{print $NF}'` != '1' ]];then _vpn=0;fi;elif [[ -f /opt/fw1/conf/blades.json ]];then if [[ `jq '.data[]|select(.name=="VPN-S2S")|.enabled' /opt/fw1/conf/blades.json` != '1' ]];then _vpn=0;fi;fi;if [[ $_vpn == 1 ]];then _ha=0;if [[ `$CPDIR/bin/cpprod_util FwIsHighAvail` -eq '1' ]];then _ha=1;if [[ `cphaprob stat|grep \(local\)|tr 'A-Z' 'a-z'` == *'active'* ]];then _ha=0;fi;fi;if [[ $_ha == 0 ]];then if [[ -f /bin/timeout ]];then _stat=`timeout 5 stattest gettable 1.3.6.1.4.1.2620.1.9002.1 2 3 4 1 7 8 9 10 11`;else _stat=`stattest gettable 1.3.6.1.4.1.2620.1.9002.1 2 3 4 1 7 8 9 10 11`;fi;echo "$_stat"|tr ',' ' '|awk '{gsub("132","Initialized",$2)}1'|awk '{gsub("131","Down",$2)}1'|awk '{gsub("130","Phase_1",$2)}1'|awk '{gsub("129","Idle",$2)}1'|awk '{gsub("4","Destroyed",$2)}1'|awk '{gsub("3","UP",$2)}1'|awk '{gsub("0","Primary",$6)}1'|awk '{gsub("1","Backup",$6)}1'|awk '{gsub("2","On-demand",$6)}1'|awk '{gsub("0","?",$7)}1'|awk '{gsub("1","Alive",$7)}1'|awk '{gsub("2","!",$7)}1'|awk '{gsub("1","Regular",$8)}1'|awk '{gsub("2","DAIP",$8)}1'|awk '{gsub("3","ROBO",$8)}1'|awk '{gsub("4","LSV",$8)}1'|awk '{gsub("1","Regular",$9)}1'|awk '{gsub("2","Permanent",$9)}1'|sort|sed "s/^/$(hostname) <=> /"|sed '1 i\( , , , , , , , , , , )'|sed '1 i\FROM <=> TO STATE VPN_COMMUNITY PEER_IP SOURCE_IP LINK_PRIORITY PROB_STATE PEER_TYPE VPN_TYPE'|if [[ -f /bin/column ]];then column -t|sed "s/\bUP\b/\x1b[1;32m&\x1b[m/g;s/\bDown\b\|\bDestroyed\b/$\x1b[1;31m&\x1b[m/g;s/\bBackup\b\|\bAlive\b\|\bInitialized\b\|\bPhase_1\b/\x1b[1;36m&\x1b[m/g"|sed '/^(.*)$/ s/./=/g'|sed '$a+'|sed '2h;$x'|sed "s/^/ /";echo -e "\033[1;2m Reset VPN tunnel to peer : vpn tu del PEER_IP\n Show VPN tunnel details : vpn tu tlist -p PEER_IP\033[m";else cat|sed '/^(.*)$/ s/./=/g';fi;else echo -e "\033[1;31mNot an active HA member.\033[m";fi;else echo -e "\033[1;31mNot a VPN gateway.\033[m";fi;unset _vpn _ha _stat;echo
Will be integrated in v5.0 of our ccc script.
To show the VPN topology see here
To list VPN user tunnels see here.
ℹ️ Will be released as SmartConsole extension soon.
One-liner (Bash) to show IPsec VPN site-to-site tunnels on Check Point security gateways.
In expert mode run:
echo;_vpn=1;if [[ -f /bin/enabled_blades ]];then if [[ `enabled_blades|tr 'A-Z' 'a-z'` != *'vpn'* ]];then _vpn=0;fi;elif [[ -f /opt/fw1/conf/active_blades.txt ]];then if [[ `grep VPN-S2S /opt/fw1/conf/active_blades.txt|awk '{print $NF}'` != '1' ]];then _vpn=0;fi;elif [[ -f /opt/fw1/conf/blades.json ]];then i
Finally. Have been waiting so long for a much simpler method to check the VPN tunnels and here it is.
Works great, thanks! 🙂
Wow holy cow ... cool stuff!!!
cannot believe we had to wait since 1993 for such a cool CLI command for a nice overview of vpn tunnels!
Awesome stuff!
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY