A user may login to MAB portal but not connect SNX. In this case he will be counted as MAB user and will not be counted as SNX user.

This one-liner won't work on SMB appliances out of the box mainly because enabled_blades and rev commands are missing. To overcome this problem you need to run following two commands in expert mode:

echo "grep 1 /opt/fw1/conf/active_blades.txt |  awk '{printf \"%s \", tolower(\$1)} END {print \"\"}'" > /usr/bin/enabled_blades && chmod 755 /usr/bin/enabled_blades

echo "echo \$1 | awk '{ for(i=length;i!=0;i--)x=x substr(\$0,i,1);}END{print x}'" > /usr/bin/rev && chmod 755 /usr/bin/rev

Btw, mobile blade is not supported on SMB.

I just added SMB support to the one-liner, so your adjustments are not required anymore.

Awesome work as usual Danny. 😉

On SMB you have two kind of VPN blades - VPN-RA and VPN-S2S. One-liner will match even if only S2S is enabled but I guess most of them usually have both blades enabled anyway... Yet if you want to be precise you should probably account for that 🤔

The one-liner checks for the VPN blade to make sure it's getting executed on the right type of gateway. Correct configuration of the VPN blade is up to the firewall admin. In case the admin doesn't get that right, the RAS-VPN user count will just show 0 as no RAS-VPN user will be able to connect.

You are welcome! 🙂

Thanks @MikaelJohnsson, I improved the code.

Thanks for all your kind comments! I'm glad this is of help for so many people. 😀

Hi Danny!

Like everybody else, I agree that it is a fantastic job you have done with this One-Liner tool!

But have you reviewed @MikaelJohnsson above, and his concerns about the counter of licenses vs the amount that is supposedly installed?

I have tested on my environment, to install 3 x 100 SandBlast Agent (SecureClient/Endpoint Connect or whatever we want to call them) licenses, and when I run the command I get an output of 1500 licenses installed:

LICENSES
----------------------------------------------------------------------
SecuRemote Users : 5000
Endpoint Connect Users : 1500
Mobile Access Users : Unlimited
SNX Users :

So, that beg to consider Mikaels "multiplicator" suggestion, but from my point of view the result should really be 300, as this is the amount of licenses I installed.

I assume that if I were to add another 100-license, the output would increase to 2000, which isn't correct.

Keep up the great work!

Cheers mate!

/Jonas

Thanks for the heads up. I improved the one-liner.

Nice, works fine now 😀

REMOTE ACCESS VPN STATS - Current
----------------------------------------------------------------------
Assigned OfficeMode IPs : 0 (Peak: 0)
Capsule/Endpoint VPN Users : 0 (Peak: 0) using Visitor Mode: 0
Capsule Workspace Users : 0 (Peak: 0)
MAB Portal Users : 3 (Peak: 5)
L2TP Users : 0 (Peak: 0)
SNX Users : 0 (Peak: 0)

LICENSES
----------------------------------------------------------------------
SecuRemote Users : 5000
Endpoint Connect Users : 300
Mobile Access Users : Unlimited
SNX Users :

Not good Danny, you broke SMB compatibility 😉

LICENSES
----------------------------------------------------------------------
SecuRemote Users : 0
Endpoint Connect Users : grep: unrecognized option '--binary-files=text'
BusyBox v1.28.3 (2019-05-23 14:00:45 IDT) multi-call binary.

Usage: grep [-HhnlLoqvsriwFE] [-m N] [-A/B/C N] PATTERN/-e PATTERN.../-f FILE [FILE]...

Replaced it with the even shorter -a parameter which also works fine on SMB gateways. 😉

Yeah, well... it works on SMB but...

LICENSES
----------------------------------------------------------------------
SecuRemote Users : 0
Endpoint Connect Users : Mobile Access Users : 200  <== this line causes pain in my eyes 😁
SNX Users :

Need to inject new line before ' Mobile ... '

I'm here for your cure. 😃 Code improved. 💉

Perfect, beautiful, awesome! 😀

I took some execution time measurements on my 1470 toy:

real 0m0.654s
user 0m0.370s
sys 0m0.140s

Great tool. Works fine even on VSX gateways. But only if I first change the context (using vsenv). Unfortunatelly I cannot add this vsenv to the script so that it could run from the repository. This command cannot be used in scripts?

Any ideas how to use it on a VSX gw?

As Check Point doesn't support (yet) to run scripts on virtual systems (VS) within SmartConsole you are looking for a way to circumvent this limitation by running the one-oneliner directly on the VSX object in SmartConsole. As far as I know this won't work.

However, I'm working on a SmartConsole Extension that will easily show all Remote Access VPN Statistics with a single click on any gateway, even VS. It's just a matter of time and support.

As per your description you have 205 MOB licenses for Mobile Access -> the bundled CPSB-MOB-5 + your purchased CPSB-MOB-200.

In your case the one-liner shows 410 instead of 205 MOB licences. That's twice the number you expect it to show. I just checked on my side and don't see this behaviour. Could you show us what cplic print -x and cplic print -p shows on your gateway?

Danny,

cplic print -x shows:

cplic print -p shows:

Looks like everything is attached twice on your gateway.

PS: We have a spoiler function on this forum so you can hide such long output behind a button.

Hello, 

I have a question, In this moment I have a demo licence

Assigned Office Mode: 266

Capsule/Endpoint Users: 309

The client paid for 200 MOB-HA as say the guy, I could connect 410 users for MOB? 205 for gateway? 

And What the difference in asigned office mode address and capsule/endpoint VPN Users? This values dont should be the same?

Hello, 

What is the difference between Office Mode IP assigned and Capsule/Endpoint VPN Users? 

I have now 37 Assigned OPffceMode IPs and 205 Endpoint vPN Users, the values dont should be the same?