Re: One-liner for Remote Access VPN Statistics - Page 2

Danny

COVID-19 💊 We take care of your Remote Access VPN needs!
👩‍💻 Reviewed by RnD.
👍 Available as SmartConsole Extension.

One-liner (Bash) to show a summary about the remote access statistics of a VPN gateway.
Run in SmartConsole as one-time script or from your scripts repository or directly on your Gateway in expert mode:

echo; if [[ `if [[ $(cat /etc/cp-release) == *"Embed"* ]]; then grep 1 /opt/fw1/conf/active_blades.txt | tr '[:upper:]' '[:lower:]'; else enabled_blades 2>/dev/null; fi` != *'vpn'* ]]; then echo ' Not a VPN gateway!'; else echo ' REMOTE ACCESS VPN STATS - Current'; printf '%.s-' {1..70}; echo; function f { if [[ "$TERM" == "xterm" ]]; then fw tab -t $1 -s | tail -n1 | awk '{print "\033[0;32m"$4"\033[0m (Peak: "$5")"}'; else fw tab -t $1 -s | tail -n1 | awk '{print $4" (Peak: "$5")"}'; fi; }; function t { [ "$TERM" == "xterm" ] && tput bold; }; t; echo -n " Assigned OfficeMode IPs    : "; f "om_assigned_ips"; t; echo -n " Capsule/Endpoint VPN Users : "; echo `f "userc_users"` using Visitor Mode: `vpn show_tcpt 2>/dev/null | grep 'Visitor' | tail -n1 | awk '{print $NF}' | sed 's/Mode:/0/'`; t; echo -n " Capsule Workspace Users    : "; f "mob_mail_session"; if [[ `cat /etc/cp-release` != *"Embed"* ]]; then t; echo -n " MAB Portal Users           : "; f "cvpn_session"; fi; t; echo -n " L2TP Users                 : "; f "L2TP_tunnels"; t; echo -n " SNX Users                  : "; f "sslt_om_ip_params"; echo; echo ' LICENSES'; printf '%.s-' {1..70}; t; echo; function s { awk '{ sum += $1 } END { print sum }'; }; function u { echo Unlimited; }; l=`cplic print -p 2>/dev/null | awk --re-interval 'BEGIN{today="date +%s"; today | getline today; } $1 ~ /([1-9][0-9]*\.?){4}/ {if ($2 != "never") {expdate=$2; cmd="date -d " expdate " +%s"; cmd | getline expdate; if (expdate>today) {print} } else {print}}' | tr ' ' '\n'`; echo -n ' SecuRemote Users           : '; if [[ "$l" == *'srunlimited'* ]]; then u; else echo "$l" | grep fw1:6.0:sr | cut -c 11- | s; fi; echo -n ' Endpoint Connect Users     : '; grep -a sc_users $FWDIR/database/fwauth.NDB | tr -dc '[:digit:]\n' | awk '{print $1/5}' | echo $(cat); echo -n ' Mobile Access Users        : '; if [[ "$l" == *'cvpnunlimited'* ]]; then u; else echo "$l" | grep cvpn:6.0:cvpn | cut -c 14- | tr -d 'user' | s; fi; echo -n ' SNX Users                  : '; if [[ "$l" == *'nxunlimit'* ]]; then u; else echo "$l" | grep fw1:6.0:nx | cut -c 11- | s; fi; [ "$TERM" == "xterm" ] && tput sgr0; unset l; fi; echo

This One-liner is also integrated with our ccc script.

Thanks to @PhoneBoy for license macro information in this thread. [ VPN License Guide ]
Thanks to @HristoGrigorov for SMB support and testing.
Thanks to CheckMates for these Remote Access SmartEvent Reports: Basic, Enhanced, Application Monitoring, Custom User Stats

HristoGrigorov · ‎2020-03-30

This one-liner won't work on SMB appliances out of the box mainly because enabled_blades and rev commands are missing. To overcome this problem you need to run following two commands in expert mode:

echo "grep 1 /opt/fw1/conf/active_blades.txt |  awk '{printf \"%s \", tolower(\$1)} END {print \"\"}'" > /usr/bin/enabled_blades && chmod 755 /usr/bin/enabled_blades

echo "echo \$1 | awk '{ for(i=length;i!=0;i--)x=x substr(\$0,i,1);}END{print x}'" > /usr/bin/rev && chmod 755 /usr/bin/rev

Btw, mobile blade is not supported on SMB.

Danny · ‎2020-03-31

I just added SMB support to the one-liner, so your adjustments are not required anymore.

HristoGrigorov · ‎2020-03-31

Awesome work as usual Danny. 😉

On SMB you have two kind of VPN blades - VPN-RA and VPN-S2S. One-liner will match even if only S2S is enabled but I guess most of them usually have both blades enabled anyway... Yet if you want to be precise you should probably account for that 🤔

Danny · ‎2020-03-31

The one-liner checks for the VPN blade to make sure it's getting executed on the right type of gateway. Correct configuration of the VPN blade is up to the firewall admin. In case the admin doesn't get that right, the RAS-VPN user count will just show 0 as no RAS-VPN user will be able to connect.

MattGB7 · ‎2020-03-31

Brilliant @Danny just what I needed.

Danny · ‎2020-04-02

You are welcome! 🙂

MikaelJohnsson · ‎2020-04-01

Thanks for a really great script!!

One thing that I noticed though is that it doesn't seem to handle CPVP-VSC licenses.
I have multiple customers using these types of licenses that doesn't show up in the list.
There's sk98121 that describes how to check the current no. of seats that you have.
As far as I've been able to figure out the value for sc_users seems to be the amount of seats * 5, ie.
100 license = 500
400 license = 2000
5000 lic = 25000

Example:
[Expert@VS:3]# grep --binary-files=text sc_users fwauth.NDB
:sc_users (2000)
[Expert@VS:3]#

REMOTE ACCESS VPN STATS - Current
----------------------------------------------------------------------
Assigned OfficeMode IPs : 6 (Peak: 6)
Capsule/Endpoint VPN Users : 6 (Peak: 6) using Visitor Mode: 0
Capsule Workspace Users : 0 (Peak: 0)
MAB Portal Users : 0 (Peak: 0)
L2TP Users : 0 (Peak: 0)
SNX Users : 0 (Peak: 0)

LICENSES
----------------------------------------------------------------------
SecuRemote Users : 5000
Endpoint Connect Users :
Mobile Access Users : 5
SNX Users :

If you have the time to add the logic for those licenses as well that'd be great!

Thanks again!!

Danny · ‎2020-04-01

Thanks @MikaelJohnsson, I improved the code.

Peter_Elmer · ‎2020-04-03

Great work Danny!

Danny · ‎2020-04-05

Thanks for all your kind comments! I'm glad this is of help for so many people. 😀

Jonas_Nyquist · ‎2020-04-05

Hi Danny!

Like everybody else, I agree that it is a fantastic job you have done with this One-Liner tool!

But have you reviewed @MikaelJohnsson above, and his concerns about the counter of licenses vs the amount that is supposedly installed?

I have tested on my environment, to install 3 x 100 SandBlast Agent (SecureClient/Endpoint Connect or whatever we want to call them) licenses, and when I run the command I get an output of 1500 licenses installed:

LICENSES
----------------------------------------------------------------------
SecuRemote Users : 5000
Endpoint Connect Users : 1500
Mobile Access Users : Unlimited
SNX Users :

So, that beg to consider Mikaels "multiplicator" suggestion, but from my point of view the result should really be 300, as this is the amount of licenses I installed.

I assume that if I were to add another 100-license, the output would increase to 2000, which isn't correct.

Keep up the great work!

Cheers mate!

/Jonas

Danny · ‎2020-04-05

Thanks for the heads up. I improved the one-liner.

Jonas_Nyquist · ‎2020-04-06

Nice, works fine now 😀

REMOTE ACCESS VPN STATS - Current
----------------------------------------------------------------------
Assigned OfficeMode IPs : 0 (Peak: 0)
Capsule/Endpoint VPN Users : 0 (Peak: 0) using Visitor Mode: 0
Capsule Workspace Users : 0 (Peak: 0)
MAB Portal Users : 3 (Peak: 5)
L2TP Users : 0 (Peak: 0)
SNX Users : 0 (Peak: 0)

LICENSES
----------------------------------------------------------------------
SecuRemote Users : 5000
Endpoint Connect Users : 300
Mobile Access Users : Unlimited
SNX Users :

HristoGrigorov · ‎2020-04-06

Not good Danny, you broke SMB compatibility 😉

LICENSES
----------------------------------------------------------------------
SecuRemote Users : 0
Endpoint Connect Users : grep: unrecognized option '--binary-files=text'
BusyBox v1.28.3 (2019-05-23 14:00:45 IDT) multi-call binary.

Usage: grep [-HhnlLoqvsriwFE] [-m N] [-A/B/C N] PATTERN/-e PATTERN.../-f FILE [FILE]...

Danny · ‎2020-04-06

Replaced it with the even shorter -a parameter which also works fine on SMB gateways. 😉

HristoGrigorov · ‎2020-04-07

Yeah, well... it works on SMB but...

LICENSES
----------------------------------------------------------------------
SecuRemote Users : 0
Endpoint Connect Users : Mobile Access Users : 200 <== this line causes pain in my eyes 😁
SNX Users :

Need to inject new line before ' Mobile ... '

Danny · ‎2020-04-07

I'm here for your cure. 😃 Code improved. 💉

HristoGrigorov · ‎2020-04-07

Perfect, beautiful, awesome! 😀

I took some execution time measurements on my 1470 toy:

real 0m0.654s
user 0m0.370s
sys 0m0.140s

Daniel_Fischler · ‎2020-04-06

Great tool. Works fine even on VSX gateways. But only if I first change the context (using vsenv). Unfortunatelly I cannot add this vsenv to the script so that it could run from the repository. This command cannot be used in scripts?

Any ideas how to use it on a VSX gw?

Danny · ‎2020-04-07

As Check Point doesn't support (yet) to run scripts on virtual systems (VS) within SmartConsole you are looking for a way to circumvent this limitation by running the one-oneliner directly on the VSX object in SmartConsole. As far as I know this won't work.

However, I'm working on a SmartConsole Extension that will easily show all Remote Access VPN Statistics with a single click on any gateway, even VS. It's just a matter of time and support.

TheRealNiko · ‎2020-04-07

Great script man.

MaximE · ‎2020-04-09

We have two clustered gateways with CPSB-MOB-200 and CPSB-MOB-200-HA license.

In our case One-liner shows total 410 Mobile Access Users licenses.

I doubt wheter this is correct behaviour. Does this mean it's possible to have up to 410 simultaneous Mobile Access connections?

Danny · ‎2020-04-09

As per your description you have 205 MOB licenses for Mobile Access -> the bundled CPSB-MOB-5 + your purchased CPSB-MOB-200.

In your case the one-liner shows 410 instead of 205 MOB licences. That's twice the number you expect it to show. I just checked on my side and don't see this behaviour. Could you show us what cplic print -x and cplic print -p shows on your gateway?

MaximE · ‎2020-04-10

Danny,

cplic print -x shows:

Click to Expand

never CPAP-SG460X-H A CPSB-FW-HA CPSM-C-2 CPSB-VPN-HA CPSB-NPM CPSB-LOGS CPSB-SSLVPN-200-HA CPSB-IA- HA CPSB-SSLVPN-5-HA CPSB-ADNC-HA CPSB-IPS-S1-HA CPSB-URLF-HA CPSB-APCL-HA CPSB-A V-HA CPSB-ABOT-S-HA CPSB-ASPM-HA CPSB-CTNT

never CPAP-SG460X-H A CPSB-FW-HA CPSM-C-2 CPSB-VPN-HA CPSB-NPM CPSB-LOGS CPSB-SSLVPN-200-HA CPSB-IA- HA CPSB-SSLVPN-5-HA CPSB-ADNC-HA CPSB-IPS-S1-HA CPSB-URLF-HA CPSB-APCL-HA CPSB-A V-HA CPSB-ABOT-S-HA CPSB-ASPM-HA CPSB-CTNT never CPAP-SG460X-H A CPSB-FW-HA CPSM-C-2 CPSB-VPN-HA CPSB-NPM CPSB-LOGS CPSB-SSLVPN-200-HA CPSB-IA- HA CPSB-SSLVPN-5-HA CPSB-ADNC-HA CPSB-IPS-S1-HA CPSB-URLF-HA CPSB-APCL-HA CPSB-A V-HA CPSB-ABOT-S-HA CPSB-ASPM-HA CPSB-CTNT

cplic print -p shows:

Click to Expand

never fw1:6.0:swb fw1:6.0:ctnt fw1:6.0:hfm fw1:6.0:swb fw1:6.0:aspm fw1:6.0:av1000 fw1:6.0:hfm fw1:6.0:swb fw1:6.0:swb fw1:6.0:abot fw1:6.0:hfm fw1:6.0:swb fw1:6.0:av fw1:6.0:av1000 fw1:6.0:hfm fw1:6.0:swb fw1:6.0:appi fw1:6.0:hfm fw1:6.0:swb fw1:6.0:urlf fw1:6.0:av1000 fw1:6.0:hfm fw1:6.0:swb fw1:6.0:ipss1 fw1:6.0:hfm fw1:6.0:swb fw1:6.0:cluster-1 fw1:6.0:cpls fw1:6.0:cluster-u fw1:6.0:mpu fw1:6.0:sxl_vpn fw1:6.0:sxl_fw fw1:6.0:sxl_ppk fw1:6.0:hfm fw1:6.0:swb fw1:6.0:connect fw1:6.0:pam etm:6.0:fgcountunl etm:6.0:fg etm:6.0:tclog etm:6.0:fgvpn fw1:6.0:hfm fw1:6.0:swb cvpn:6.0:ccv1 cvpn:6.0:ccv1 cvpn:6.0:ccv1 cvpn:6.0:ccv1 cvpn:6.0:ccv1 cvpn:6.0:cvpn1users cvpn:6.0:cvpn1users cvpn:6.0:cvpn1users cvpn:6.0:cvpn1users cvpn:6.0:cvpn1users fw1:6.0:des fw1:6.0:strong fw1:6.0:encryption cvpn:6.0:cvpn fw1:6.0:hfm fw1:6.0:swb fw1:6.0:identity fw1:6.0:hfm fw1:6.0:swb cvpn:6.0:ccv100 cvpn:6.0:ccv100 cvpn:6.0:cvpn100users cvpn:6.0:cvpn100users fw1:6.0:des fw1:6.0:strong fw1:6.0:encryption cvpn:6.0:cvpn fw1:6.0:swb fw1:6.0:fwc fw1:6.0:ca fw1:6.0:rtmui fw1:6.0:sstui fw1:6.0:fwlv fw1:6.0:cmd fw1:6.0:swb fw1:6.0:vpe_unlimit fw1:6.0:cluster-u fw1:6.0:remote1 fw1:6.0:aes fw1:6.0:strong fw1:6.0:rdp fw1:6.0:des fw1:6.0:isakmp fw1:6.0:ca fw1:6.0:cluster-u fw1:6.0:dbvr_unlimit fw1:6.0:cmpmgmt fw1:6.0:rtmmgmt fw1:6.0:fgmgmt fw1:6.0:rtmui fw1:6.0:sstui fw1:6.0:fwlv fw1:6.0:ui fw1:6.0:filter fw1:6.0:fwc fw1:6.0:cmd fw1:6.0:hfm fw1:6.0:swb fw1:6.0:spcps fw1:6.0:pam fw1:6.0:enchostsunlimit fw1:6.0:encryption fw1:6.0:aes fw1:6.0:strong fw1:6.0:rdp fw1:6.0:des fw1:6.0:isakmp fw1:6.0:blades fw1:6.0:cpipv6 fw1:6.0:mgmtha fw1:6.0:remote2 fw1:6.0:hfm fw1:6.0:swb fw1:6.0:xlate fw1:6.0:auth fw1:6.0:content fw1:6.0:sync fw1:6.0:fm fw1:6.0:hostsunlimit fw1:6.0:sxl_vpn fw1:6.0:sxl_fw fw1:6.0:sync fw1:6.0:fm fw1:6.0:hfm fw1:6.0:blades fw1:6.0:sxl_vpn fw1:6.0:sxl_fw fw1:6.0:sr500 fw1:6.0:hosts500 fw1:6.0:sxl_vpn fw1:6.0:sxl_fw fw1:6.0:sync fw1:6.0:fm fw1:6.0:mc_all_2 fw1:6.0:multicore

never fw1:6.0:swb fw1:6.0:ctnt fw1:6.0:hfm fw1:6.0:swb fw1:6.0:aspm fw1:6.0:av1000 fw1:6.0:hfm fw1:6.0:swb fw1:6.0:swb fw1:6.0:abot fw1:6.0:hfm fw1:6.0:swb fw1:6.0:av fw1:6.0:av1000 fw1:6.0:hfm fw1:6.0:swb fw1:6.0:appi fw1:6.0:hfm fw1:6.0:swb fw1:6.0:urlf fw1:6.0:av1000 fw1:6.0:hfm fw1:6.0:swb fw1:6.0:ipss1 fw1:6.0:hfm fw1:6.0:swb fw1:6.0:cluster-1 fw1:6.0:cpls fw1:6.0:cluster-u fw1:6.0:mpu fw1:6.0:sxl_vpn fw1:6.0:sxl_fw fw1:6.0:sxl_ppk fw1:6.0:hfm fw1:6.0:swb fw1:6.0:connect fw1:6.0:pam etm:6.0:fgcountunl etm:6.0:fg etm:6.0:tclog etm:6.0:fgvpn fw1:6.0:hfm fw1:6.0:swb cvpn:6.0:ccv1 cvpn:6.0:ccv1 cvpn:6.0:ccv1 cvpn:6.0:ccv1 cvpn:6.0:ccv1 cvpn:6.0:cvpn1users cvpn:6.0:cvpn1users cvpn:6.0:cvpn1users cvpn:6.0:cvpn1users cvpn:6.0:cvpn1users fw1:6.0:des fw1:6.0:strong fw1:6.0:encryption cvpn:6.0:cvpn fw1:6.0:hfm fw1:6.0:swb fw1:6.0:identity fw1:6.0:hfm fw1:6.0:swb cvpn:6.0:ccv100 cvpn:6.0:ccv100 cvpn:6.0:cvpn100users cvpn:6.0:cvpn100users fw1:6.0:des fw1:6.0:strong fw1:6.0:encryption cvpn:6.0:cvpn fw1:6.0:swb fw1:6.0:fwc fw1:6.0:ca fw1:6.0:rtmui fw1:6.0:sstui fw1:6.0:fwlv fw1:6.0:cmd fw1:6.0:swb fw1:6.0:vpe_unlimit fw1:6.0:cluster-u fw1:6.0:remote1 fw1:6.0:aes fw1:6.0:strong fw1:6.0:rdp fw1:6.0:des fw1:6.0:isakmp fw1:6.0:ca fw1:6.0:cluster-u fw1:6.0:dbvr_unlimit fw1:6.0:cmpmgmt fw1:6.0:rtmmgmt fw1:6.0:fgmgmt fw1:6.0:rtmui fw1:6.0:sstui fw1:6.0:fwlv fw1:6.0:ui fw1:6.0:filter fw1:6.0:fwc fw1:6.0:cmd fw1:6.0:hfm fw1:6.0:swb fw1:6.0:spcps fw1:6.0:pam fw1:6.0:enchostsunlimit fw1:6.0:encryption fw1:6.0:aes fw1:6.0:strong fw1:6.0:rdp fw1:6.0:des fw1:6.0:isakmp fw1:6.0:blades fw1:6.0:cpipv6 fw1:6.0:mgmtha fw1:6.0:remote2 fw1:6.0:hfm fw1:6.0:swb fw1:6.0:xlate fw1:6.0:auth fw1:6.0:content fw1:6.0:sync fw1:6.0:fm fw1:6.0:hostsunlimit fw1:6.0:sxl_vpn fw1:6.0:sxl_fw fw1:6.0:sync fw1:6.0:fm fw1:6.0:hfm fw1:6.0:blades fw1:6.0:sxl_vpn fw1:6.0:sxl_fw fw1:6.0:sr500 fw1:6.0:hosts500 fw1:6.0:sxl_vpn fw1:6.0:sxl_fw fw1:6.0:sync fw1:6.0:fm fw1:6.0:mc_all_2 fw1:6.0:multicore never fw1:6.0:swb fw1:6.0:ctnt fw1:6.0:hfm fw1:6.0:swb fw1:6.0:aspm fw1:6.0:av1000 fw1:6.0:hfm fw1:6.0:swb fw1:6.0:swb fw1:6.0:abot fw1:6.0:hfm fw1:6.0:swb fw1:6.0:av fw1:6.0:av1000 fw1:6.0:hfm fw1:6.0:swb fw1:6.0:appi fw1:6.0:hfm fw1:6.0:swb fw1:6.0:urlf fw1:6.0:av1000 fw1:6.0:hfm fw1:6.0:swb fw1:6.0:ipss1 fw1:6.0:hfm fw1:6.0:swb fw1:6.0:cluster-1 fw1:6.0:cpls fw1:6.0:cluster-u fw1:6.0:mpu fw1:6.0:sxl_vpn fw1:6.0:sxl_fw fw1:6.0:sxl_ppk fw1:6.0:hfm fw1:6.0:swb fw1:6.0:connect fw1:6.0:pam etm:6.0:fgcountunl etm:6.0:fg etm:6.0:tclog etm:6.0:fgvpn fw1:6.0:hfm fw1:6.0:swb cvpn:6.0:ccv1 cvpn:6.0:ccv1 cvpn:6.0:ccv1 cvpn:6.0:ccv1 cvpn:6.0:ccv1 cvpn:6.0:cvpn1users cvpn:6.0:cvpn1users cvpn:6.0:cvpn1users cvpn:6.0:cvpn1users cvpn:6.0:cvpn1users fw1:6.0:des fw1:6.0:strong fw1:6.0:encryption cvpn:6.0:cvpn fw1:6.0:hfm fw1:6.0:swb fw1:6.0:identity fw1:6.0:hfm fw1:6.0:swb cvpn:6.0:ccv100 cvpn:6.0:ccv100 cvpn:6.0:cvpn100users cvpn:6.0:cvpn100users fw1:6.0:des fw1:6.0:strong fw1:6.0:encryption cvpn:6.0:cvpn fw1:6.0:swb fw1:6.0:fwc fw1:6.0:ca fw1:6.0:rtmui fw1:6.0:sstui fw1:6.0:fwlv fw1:6.0:cmd fw1:6.0:swb fw1:6.0:vpe_unlimit fw1:6.0:cluster-u fw1:6.0:remote1 fw1:6.0:aes fw1:6.0:strong fw1:6.0:rdp fw1:6.0:des fw1:6.0:isakmp fw1:6.0:ca fw1:6.0:cluster-u fw1:6.0:dbvr_unlimit fw1:6.0:cmpmgmt fw1:6.0:rtmmgmt fw1:6.0:fgmgmt fw1:6.0:rtmui fw1:6.0:sstui fw1:6.0:fwlv fw1:6.0:ui fw1:6.0:filter fw1:6.0:fwc fw1:6.0:cmd fw1:6.0:hfm fw1:6.0:swb fw1:6.0:spcps fw1:6.0:pam fw1:6.0:enchostsunlimit fw1:6.0:encryption fw1:6.0:aes fw1:6.0:strong fw1:6.0:rdp fw1:6.0:des fw1:6.0:isakmp fw1:6.0:blades fw1:6.0:cpipv6 fw1:6.0:mgmtha fw1:6.0:remote2 fw1:6.0:hfm fw1:6.0:swb fw1:6.0:xlate fw1:6.0:auth fw1:6.0:content fw1:6.0:sync fw1:6.0:fm fw1:6.0:hostsunlimit fw1:6.0:sxl_vpn fw1:6.0:sxl_fw fw1:6.0:sync fw1:6.0:fm fw1:6.0:hfm fw1:6.0:blades fw1:6.0:sxl_vpn fw1:6.0:sxl_fw fw1:6.0:sr500 fw1:6.0:hosts500 fw1:6.0:sxl_vpn fw1:6.0:sxl_fw fw1:6.0:sync fw1:6.0:fm fw1:6.0:mc_all_2 fw1:6.0:multicore

Danny · ‎2020-04-10

Looks like everything is attached twice on your gateway.

PS: We have a spoiler function on this forum so you can hide such long output behind a button.

Julian_Sanchez · ‎2020-04-30

Hello,

I have a question, In this moment I have a demo licence

Assigned Office Mode: 266

Capsule/Endpoint Users: 309

The client paid for 200 MOB-HA as say the guy, I could connect 410 users for MOB? 205 for gateway?

And What the difference in asigned office mode address and capsule/endpoint VPN Users? This values dont should be the same?

Julian_Sanchez · ‎2020-06-26

Hello,

What is the difference between Office Mode IP assigned and Capsule/Endpoint VPN Users?

I have now 37 Assigned OPffceMode IPs and 205 Endpoint vPN Users, the values dont should be the same?

PhoneBoy · ‎2020-04-14

FYI, I got a couple reports internally that the script might not be taking into account expiration dates of licenses, which might cause the license counts to be off, especially if you have multiple evals applied.
This should be in the cplic print -p output.

Danny · ‎2020-04-14

Thanks, I'll look into this.

PhoneBoy · ‎2020-04-15

Suggested fix right for parsing cplic print output:

awk --re-interval 'BEGIN{today="date +%s"; today | getline today; } $1 ~ /([1-9][0-9]*\.?){4}/ {if ($2 != "never") {expdate=$2; cmd="date -d " expdate " +%s"; cmd | getline expdate; if (expdate>today) {print} } else {print}}'

Filters

Sort By

Categories

Remote Access VPN Statistics - One-liner

Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.