Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Remote Access VPN Statistics - One-Liner

Champion
Champion

COVID-19 💊 We take care of your Remote Access VPN needs!
👩‍💻 Reviewed by RnD.
👍 Available as SmartConsole Extension.

One-liner (Bash) to show a summary about the remote access statistics of a VPN gateway.
Run in SmartConsole as one-time script or from your scripts repository or directly on your Gateway in expert mode:

echo; if [[ `if [[ $(cat /etc/cp-release) == *"Embed"* ]]; then grep 1 /opt/fw1/conf/active_blades.txt | tr '[:upper:]' '[:lower:]'; else enabled_blades 2>/dev/null; fi` != *'vpn'* ]]; then echo ' Not a VPN gateway!'; else echo ' REMOTE ACCESS VPN STATS - Current'; printf '%.s-' {1..70}; echo; function f { if [[ "$TERM" == "xterm" ]]; then fw tab -t $1 -s | tail -n1 | awk '{print "\033[0;32m"$4"\033[0m (Peak: "$5")"}'; else fw tab -t $1 -s | tail -n1 | awk '{print $4" (Peak: "$5")"}'; fi; }; function t { [ "$TERM" == "xterm" ] && tput bold; }; t; echo -n " Assigned OfficeMode IPs    : "; f "om_assigned_ips"; t; echo -n " Capsule/Endpoint VPN Users : "; echo `f "userc_users"` using Visitor Mode: `vpn show_tcpt 2>/dev/null | grep 'Visitor' | tail -n1 | awk '{print $NF}' | tr -s 'Mode:' '0'`; t; echo -n " Capsule Workspace Users    : "; f "mob_mail_session"; if [[ `cat /etc/cp-release` != *"Embed"* ]]; then t; echo -n " MAB Portal Users           : "; f "cvpn_session"; fi; t; echo -n " L2TP Users                 : "; f "L2TP_tunnels"; t; echo -n " SNX Users                  : "; f "sslt_om_ip_params"; echo; echo ' LICENSES'; printf '%.s-' {1..70}; t; echo; function s { awk '{ sum += $1 } END { print sum }'; }; function u { echo Unlimited; }; l=`cplic print -p 2>/dev/null | awk --re-interval 'BEGIN{today="date +%s"; today | getline today; } $1 ~ /([1-9][0-9]*\.?){4}/ {if ($2 != "never") {expdate=$2; cmd="date -d " expdate " +%s"; cmd | getline expdate; if (expdate>today) {print} } else {print}}' | tr ' ' '\n'`; echo -n ' SecuRemote Users           : '; if [[ "$l" == *'srunlimited'* ]]; then u; else echo "$l" | grep fw1:6.0:sr | cut -c 11- | s; fi; echo -n ' Endpoint Connect Users     : '; grep -a sc_users $FWDIR/database/fwauth.NDB | tr -dc '[:digit:]\n' | awk '{print $1/5}' | echo $(cat); echo -n ' Mobile Access Users        : '; if [[ "$l" == *'cvpnunlimited'* ]]; then u; else echo "$l" | grep cvpn:6.0:cvpn | cut -c 14- | tr -d 'user' | s; fi; echo -n ' SNX Users                  : '; if [[ "$l" == *'nxunlimit'* ]]; then u; else echo "$l" | grep fw1:6.0:nx | cut -c 11- | s; fi; [ "$TERM" == "xterm" ] && tput sgr0; unset l; fi; echo

This One-liner is also integrated with our ccc script.

Thanks to @PhoneBoy for license macro information in this thread. [ VPN License Guide ]
Thanks to @HristoGrigorov for SMB support and testing.
Thanks to CheckMates for these Remote Access SmartEvent Reports: Basic, Enhanced, Application Monitoring, Custom User Stats

72 Replies
Highlighted

Champion
Champion

👍 Perfect. I tested it successfully and added it to the one-liner.

Reply
0 Kudos
Highlighted

Explorer

Awesome tool, @Danny! That's a very useful script.

Overall, it works as expected, but I've got a few difficulties understanding the meaning of the numbers. As I understand, the entry "Assigned Office Mode IPs" shows the number of all currently assigned remote access IPs which would mean the sum of Capsule/Endpoint VPN Users and SNX Users. For us, these numbers (sum of Capsule/Endpoint VPN Users and SNX Users vs. Assigned Office Mode IPs) don't match.

The same applies to the number of MAB Portal Users, which would in my opinion mean Capsule/Endpoint VPN Users, Capsule Workspace Users, SNX Users and all users that use the portal without connecting to the SNX.

Another point is the peak score. Our peak score for SNX users for example increases from time to time without the peak being hit within this time (verified with cron job).

Do you have any advice what might be the reason for this behavior?

Reply
0 Kudos
Highlighted

Champion
Champion

Hi @StephS ,

you wrote: As I understand, the entry "Assigned Office Mode IPs" shows the number of all currently assigned remote access IPs

It shows how many IP addresses have been assigned from the Office Mode IP pool within your configured lease time (Default: 60 minutes).

Our peak score for SNX users increases .. without the peak being hit .. (verified with cron job).

May I ask how you exactly verify the peak levels via cronjob? My one-liner does no calculation at this point, it just formats the original numbers that are returned by Check Points commands so you might want to open a ticket with TAC to consult on the origin of the peak levels.

Reply
0 Kudos
Highlighted

Why using the old script I can see users using Visitor Mode and why using the current script the numbers of users using Visitor Mode is 0.

The old script: [...]using Visitor Mode: `vpn show_tcpt 2>/dev/null | tail -n1 | rev | awk [...]

The curren script:using Visitor Mode: `vpn show_tcpt 2>/dev/null | grep 'Visitor Mode' | tail -n1 | awk '

Thanks!

Reply
0 Kudos
Highlighted

Champion
Champion

Please post the last line of the command: vpn show_tcpt

Reply
0 Kudos
Highlighted

[Expert@NHVSXGW01:1]# vpn show_tcpt
Showing all users connected in Visitor Mode:
[...]
Total number of users: 930, SNX users : 119, Visitor mode users: 191

Reply
0 Kudos
Highlighted

Champion
Champion

Thanks, I fixed the code.

Reply
0 Kudos
Highlighted

Explorer

We scheduled a cron job which runs every minute, executes your script and writes the output into a file. We then looked out for the entry when the peak changed and saw that the number of users by far didn't match the peak.

Reply
0 Kudos
Highlighted

Participant

This is so great.
And you made a Smart Console Extension based on it.
Brilliant!

Reply
0 Kudos
Highlighted

Hello @Danny and @phoneboy  --

We recently ran this on R80.40 smartconsole and MOB displayed as "205" available sessions.    The customer has MOB-200 license.    I know CP appliances come with MOB-5.  

However, I am also aware that MOB licensing in not additive.  you can't add two MOB-200 on cluster and get 400 supported sessions.  Similarly, I doubt that MOB-200 and MOB-5 add together to provide 205 user sessions.

The gateway container license:

"CPAP-SG660X CPSM-C-2 CPSB-FW CPSG-C-4-U CPSG-C-2-U CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-SSLVPN-200 CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS CPSB-URLF CPSB-APCL CPSB-AV CPSB-ABOT-M CPSB-ASPM CPSB-CTNT ...xxx"

not a big deal but wanted to raise the topic.   thx.

Reply
0 Kudos
Highlighted

Admin
Admin

Two possible explanations:

  1. The licenses function additively "under the hood" (though we don't license it/support it that way)
  2. There is some overage allowed in the license (which I know we did have previously)

Reply
0 Kudos
Highlighted

Contributor

hi there i ran the one liner on out 1500 smb gateway and the licenses section does output correctly. this is centrally managed gateway. 

Check Point's 1550 Appliance R80.20.10 - Build 365

here is the output:

 

 

 

 

 

 REMOTE ACCESS VPN STATS - Current
----------------------------------------------------------------------
 Assigned OfficeMode IPs    : 4 (Peak: 7)
 Capsule/Endpoint VPN Users : 4 (Peak: 8 ) using Visitor Mode: 1
 Capsule Workspace Users    : 0 (Peak: 0)
 L2TP Users                 : 0 (Peak: 0)
 SNX Users                  : 0 (Peak: 0)

 LICENSES
----------------------------------------------------------------------
awk: unrecognized option '--re-interval'
BusyBox v1.28.3 (2020-01-13 11:34:59 IST) multi-call binary.

Usage: awk [OPTIONS] [AWK_PROGRAM] [FILE]...

        -v VAR=VAL      Set variable
        -F SEP          Use SEP as field separator
        -f FILE         Read program from FILE
        -e AWK_PROGRAM
 SecuRemote Users           :
 Endpoint Connect Users     :
 Mobile Access Users        :
 SNX Users                  :

 

 

 

 

Reply
0 Kudos
Highlighted

Admin
Admin

It’s possible this needs to be refactored for SMB appliances (at least the 1500s).
awk syntax appears to be different.

Reply
0 Kudos