- CheckMates
- :
- CheckMates Toolbox
- :
- Scripts
- :
- Re: One-liner for Remote Access VPN Statistics
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Remote Access VPN Statistics - One-liner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
COVID-19 💊 We take care of your Remote Access VPN needs!
👩💻 Reviewed by RnD.
👍 Available as SmartConsole Extension.
One-liner (Bash) to show a summary about the remote access statistics of a VPN gateway.
Run in SmartConsole as one-time script or from your scripts repository or directly on your Gateway in expert mode:
echo; if [[ `if [[ $(cat /etc/cp-release) == *"Embed"* ]]; then grep 1 /opt/fw1/conf/active_blades.txt | tr '[:upper:]' '[:lower:]'; else enabled_blades 2>/dev/null; fi` != *'vpn'* ]]; then echo ' Not a VPN gateway!'; else echo ' REMOTE ACCESS VPN STATS - Current'; printf '%.s-' {1..70}; echo; function f { if [[ "$TERM" == "xterm" ]]; then fw tab -t $1 -s | tail -n1 | awk '{print "\033[0;32m"$4"\033[0m (Peak: "$5")"}'; else fw tab -t $1 -s | tail -n1 | awk '{print $4" (Peak: "$5")"}'; fi; }; function t { [ "$TERM" == "xterm" ] && tput bold; }; t; echo -n " Assigned OfficeMode IPs : "; f "om_assigned_ips"; t; echo -n " Capsule/Endpoint VPN Users : "; echo `f "userc_users"` using Visitor Mode: `vpn show_tcpt 2>/dev/null | grep 'Visitor' | tail -n1 | awk '{print $NF}' | sed 's/Mode:/0/'`; t; echo -n " Capsule Workspace Users : "; f "mob_mail_session"; if [[ `cat /etc/cp-release` != *"Embed"* ]]; then t; echo -n " MAB Portal Users : "; f "cvpn_session"; fi; t; echo -n " L2TP Users : "; f "L2TP_tunnels"; t; echo -n " SNX Users : "; f "sslt_om_ip_params"; echo; echo ' LICENSES'; printf '%.s-' {1..70}; t; echo; function s { awk '{ sum += $1 } END { print sum }'; }; function u { echo Unlimited; }; l=`cplic print -p 2>/dev/null | awk --re-interval 'BEGIN{today="date +%s"; today | getline today; } $1 ~ /([1-9][0-9]*\.?){4}/ {if ($2 != "never") {expdate=$2; cmd="date -d " expdate " +%s"; cmd | getline expdate; if (expdate>today) {print} } else {print}}' | tr ' ' '\n'`; echo -n ' SecuRemote Users : '; if [[ "$l" == *'srunlimited'* ]]; then u; else echo "$l" | grep fw1:6.0:sr | cut -c 11- | s; fi; echo -n ' Endpoint Connect Users : '; grep -a sc_users $FWDIR/database/fwauth.NDB | tr -dc '[:digit:]\n' | awk '{print $1/5}' | echo $(cat); echo -n ' Mobile Access Users : '; if [[ "$l" == *'cvpnunlimited'* ]]; then u; else echo "$l" | grep cvpn:6.0:cvpn | cut -c 14- | tr -d 'user' | s; fi; echo -n ' SNX Users : '; if [[ "$l" == *'nxunlimit'* ]]; then u; else echo "$l" | grep fw1:6.0:nx | cut -c 11- | s; fi; [ "$TERM" == "xterm" ] && tput sgr0; unset l; fi; echo
This One-liner is also integrated with our ccc script.
Thanks to @PhoneBoy for license macro information in this thread. [ VPN License Guide ]
Thanks to @HristoGrigorov for SMB support and testing.
Thanks to CheckMates for these Remote Access SmartEvent Reports: Basic, Enhanced, Application Monitoring, Custom User Stats
COVID-19
💊 We take care of your Remote Access VPN needs!
👩💻 Reviewed by RnD.
👍 Available as SmartConsole Extension.
One-liner (Bash) to show a summary about the remote access statistics of a VPN gateway.
Run in SmartConsole as one-time script or from your scripts repository or directly on your Gateway in expert mode:
echo; if [[ `if [[ $(cat /etc/cp-release) == *"Embed"* ]]; then grep 1 /opt/fw1/conf/active_blades.txt | tr '[:upper:]' '[:lower:]'; else e
Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For historical data, you need reports like: https://community.checkpoint.com/t5/Remote-Access-Solutions/Monitoring-applications-and-data-volume-...
Or: https://community.checkpoint.com/t5/Visibility-Analytics/SmartView-VPN-Client-enhanced-view/m-p/7887...
For historical data, you need reports like: https://community.checkpoint.com/t5/Remote-Access-Solutions/Monitoring-applications-and-data-volume-related-to-remote-access/m-p/79147#M2739
Or: https://community.checkpoint.com/t5/Visibility-Analytics/SmartView-VPN-Client-enhanced-view/m-p/78873#M48 ;
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I can understand that the current number is the live stat from the gateway at the point in time of running the one liner but what about the peak number? - that must be historical, surely? Over what historical period?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
running in export mode is fine, but from Smartconsole repository some small formatting errors are seen.
Maybee you can find the problem.
Wolfgang
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Danny, thank you for the great one-liner script!
It's certainly helping a lot.
Quick feedback on when running Gateways CG IaaS (VE), the outcome is "Not a firewall gateway!".
We had to bypassed it by getting rid of the first "if" of the script.
Hi Danny, thank you for the great one-liner script!
It's certainly helping a lot.
Quick feedback on when running Gateways CG IaaS (VE), the outcome is "Not a firewall gateway!".
We had to bypassed it by getting rid of the first "if" of the script.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the enabled_blades tip, @Eduardo_Pereira, I just improved the One-liner to check the VPN blade.
Thanks for the enabled_blades tip, @Eduardo_Pereira, I just improved the One-liner to check the VPN blade.
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the tip. I'll add the word 'current' to the title. The peak score is an overall status since last reboot of the system.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi :
Thank you very much for your work
I have spent tons of hours trying to do the same thing
In my script I have used the following kernel table to obtain SNX users:
- SNX users ---> fw tab -t sslt_connectra_sessions -s
I have counted the lines with SNX users on the smartview monitor users table, and with this number I could find the "correct" kernel table
If I use your script, the number shown is different from the number that you can obtain from the kernel table shown above.
What are the differences between your number, my number and the number of users listed on the smartview monitor table?
I think your result is correct (you are a checkpoint expert) , but the number is different from the number of snx users you can see (and count, line by line) on the smartview monitor users table.
Thanks in advanced for your answer
PD: Sorry about my bad english
Hi :
Thank you very much for your work
I have spent tons of hours trying to do the same thing
In my script I have used the following kernel table to obtain SNX users:
- SNX users ---> fw tab -t sslt_connectra_sessions -s
I have counted the lines with SNX users on the smartview monitor users table, and with this number I could find the "correct" kernel table
If I use your script, the number shown is different from the number that you can obtain from the kernel table s
...;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey @Danny,
This is a one-liner that I did for a client few days ago to monitor VPN clients and the performance of the appliance. It was a huge appliance with thousands of users.
It help to find any heavy connections and monitor the connected users real time.
Have you ever wrote something to find/monitor heavy connections/elephant flows? (VPN or not related).
Script:
watch -n 0.1 "echo ' CPU UTILIZATION'; printf '%.s-' {1..100}; echo;echo;mpstat -P ALL 1 1 | grep -v Average;echo;echo;echo;echo ' ENABLED BLADES'; printf '%.s-' {1..100};echo;enabled_blades;echo;echo;echo ' LAST INSTALLED POLICY'; printf '%.s-' {1..100};echo; fw stat | grep -o '.\{0,5\}2020.\{0,10\}';echo;echo;echo ' NUMBER OF CONNECTED USERS'; printf '%.s-' {1..100};echo;fw tab -t userc_users -s | grep userc_users | awk '{print \$4}';echo;echo ' NUMBER OF OFFICE MODE IPs'; printf '%.s-' {1..100};echo;fw tab -t om_assigned_ips -s | grep om_assigned_ips | awk '{print \$4}';echo;echo ' SHOW HEAVY CONNECTIONS'; printf '%.s-' {1..100}; echo;echo;fw ctl multik print_heavy_conn;echo;"
Attached a printscreen of the outcome as well.
Hey @Danny,
This is a one-liner that I did for a client few days ago to monitor VPN clients and the performance of the appliance. It was a huge appliance with thousands of users.
It help to find any heavy connections and monitor the connected users real time.
Have you ever wrote something to find/monitor heavy connections/elephant flows? (VPN or not related).
Script:
watch -n 0.1 "echo ' CPU UTILIZATION'; printf '%.s-' {1..100}; echo;echo;mpstat -P ALL 1 1 | gre
...;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for sharing your code with us. 😀 I haven't yet created a solution to identify top VPN remote users.
It's impressive to see what we can bring up together while working from home focusing on getting home workers connected and protected maintaining their businesses during COVID-19.
Thanks for sharing your code with us. 😀 I haven't yet created a solution to identify top VPN remote users.
It's impressive to see what we can bring up together while working from home focusing on getting home workers connected and protected maintaining their businesses during COVID-19.
;
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you have a script that can check to see if specific remote access users are actively connected across multiple remote access gateways within the same mds domain?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm glad it's useful to you. This one-liner also got reviewed by R&D today as Check Point SE's now use it, too. 👩💻