One-liner to show VPN S2S tunnels on gateway

Danny

ℹ️ Will be released as SmartConsole extension soon.

One-liner (Bash) to show IPsec VPN site-to-site tunnels on Check Point security gateways.
In expert mode run:

echo;_vpn=1;if [[ -f /bin/enabled_blades ]];then if [[ `enabled_blades|tr 'A-Z' 'a-z'` != *'vpn'* ]];then _vpn=0;fi;elif [[ -f /opt/fw1/conf/active_blades.txt ]];then if [[ `grep VPN-S2S /opt/fw1/conf/active_blades.txt|awk '{print $NF}'` != '1' ]];then _vpn=0;fi;elif [[ -f /opt/fw1/conf/blades.json ]];then if [[ `jq '.data[]|select(.name=="VPN-S2S")|.enabled' /opt/fw1/conf/blades.json` != '1' ]];then _vpn=0;fi;fi;if [[ $_vpn == 1 ]];then _ha=0;if [[ `$CPDIR/bin/cpprod_util FwIsHighAvail` -eq '1' ]];then _ha=1;if [[ `cphaprob stat|grep \(local\)|tr 'A-Z' 'a-z'` == *'active'* ]];then _ha=0;fi;fi;if [[ $_ha == 0 ]];then if [[ -f /bin/timeout ]];then _stat=`timeout 5 stattest gettable 1.3.6.1.4.1.2620.1.9002.1 2 3 4 1 7 8 9 10 11`;else _stat=`stattest gettable 1.3.6.1.4.1.2620.1.9002.1 2 3 4 1 7 8 9 10 11`;fi;echo "$_stat"|tr ',' ' '|awk '{gsub("132","Initialized",$2)}1'|awk '{gsub("131","Down",$2)}1'|awk '{gsub("130","Phase_1",$2)}1'|awk '{gsub("129","Idle",$2)}1'|awk '{gsub("4","Destroyed",$2)}1'|awk '{gsub("3","UP",$2)}1'|awk '{gsub("0","Primary",$6)}1'|awk '{gsub("1","Backup",$6)}1'|awk '{gsub("2","On-demand",$6)}1'|awk '{gsub("0","?",$7)}1'|awk '{gsub("1","Alive",$7)}1'|awk '{gsub("2","!",$7)}1'|awk '{gsub("1","Regular",$8)}1'|awk '{gsub("2","DAIP",$8)}1'|awk '{gsub("3","ROBO",$8)}1'|awk '{gsub("4","LSV",$8)}1'|awk '{gsub("1","Regular",$9)}1'|awk '{gsub("2","Permanent",$9)}1'|sort|sed "s/^/$(hostname) <=> /"|sed '1 i\( , , , , , , , , , , )'|sed '1 i\FROM <=> TO STATE VPN_COMMUNITY PEER_IP SOURCE_IP LINK_PRIORITY PROB_STATE PEER_TYPE VPN_TYPE'|if [[ -f /bin/column ]];then column -t|sed "s/\bUP\b/\x1b[1;32m&\x1b[m/g;s/\bDown\b\|\bDestroyed\b/$\x1b[1;31m&\x1b[m/g;s/\bBackup\b\|\bAlive\b\|\bInitialized\b\|\bPhase_1\b/\x1b[1;36m&\x1b[m/g"|sed '/^(.*)$/ s/./=/g'|sed '$a+'|sed '2h;$x'|sed "s/^/  /";echo -e "\033[1;2m  Reset VPN tunnel to peer : vpn tu del PEER_IP\n  Show  VPN tunnel details : vpn tu tlist -p PEER_IP\033[m";else cat|sed '/^(.*)$/ s/./=/g';fi;else echo -e "\033[1;31mNot an active HA member.\033[m";fi;else echo -e "\033[1;31mNot a VPN gateway.\033[m";fi;unset _vpn _ha _stat;echo

Will be integrated in v5.0 of our ccc script.
To show the VPN topology see here
To list VPN user tunnels see here.

the_rock · ‎2022-06-05

Will try it tomorrow and provide feedback ; - )

the_rock · ‎2022-06-06

Very good, works well!

Dennis_M · ‎2022-06-07

Finally. Have been waiting so long for a much simpler method to check the VPN tunnels and here it is.

Works great, thanks! 🙂

ptuttle_2 · ‎2022-06-07

This AWESOME !!! Thanks Very Much. Works Great. I clicked Kudos 50 + times but only went up one -😊

-pat

Joshua · ‎2022-06-09

This is very useful. A great addition to the power house that is the ccc-script. Just wow!

mombro · ‎2022-06-13

Great! Looking forward to the smart console extension 🙂

Friedrich_Taatz · ‎2022-06-14

Awesome!

Ziegelsambach · ‎2022-06-15

Good Job ^^

danjue · ‎2022-06-16

Thanks!

Thomas_Eichelbu · ‎2022-06-16

Wow holy cow ... cool stuff!!!

cannot believe we had to wait since 1993 for such a cool CLI command for a nice overview of vpn tunnels!
Awesome stuff!

jannag · ‎2022-06-20

Awesome Job!

Yannic_Schmitt · ‎2022-06-27

Awesome tool, works great!

Thank you for your contribution to the community. 😀

Marcus_E · ‎2022-06-27

Works like a charm. Thank you for sharing! 😊

Filters

Sort By

Categories

One-liner to show VPN S2S tunnels on gateway

Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.