Quantum Spark Management Unleashed!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
Danny
COVID-19 💊 We take care of your Remote Access VPN needs!
👩💻 Reviewed by RnD.
👍 Available as SmartConsole Extension.
One-liner (Bash) to show a summary about the remote access statistics of a VPN gateway.
Run in SmartConsole as one-time script or from your scripts repository or directly on your Gateway in expert mode:
echo; if [[ `if [[ $(cat /etc/cp-release) == *"Embed"* ]]; then grep 1 /opt/fw1/conf/active_blades.txt | tr '[:upper:]' '[:lower:]'; else enabled_blades 2>/dev/null; fi` != *'vpn'* ]]; then echo ' Not a VPN gateway!'; else echo ' REMOTE ACCESS VPN STATS - Current'; printf '%.s-' {1..70}; echo; function f { if [[ "$TERM" == "xterm" ]]; then fw tab -t $1 -s | tail -n1 | awk '{print "\033[0;32m"$4"\033[0m (Peak: "$5")"}'; else fw tab -t $1 -s | tail -n1 | awk '{print $4" (Peak: "$5")"}'; fi; }; function t { [ "$TERM" == "xterm" ] && tput bold; }; t; echo -n " Assigned OfficeMode IPs : "; f "om_assigned_ips"; t; echo -n " Capsule/Endpoint VPN Users : "; echo `f "userc_users"` using Visitor Mode: `vpn show_tcpt 2>/dev/null | grep 'Visitor' | tail -n1 | awk '{print $NF}' | sed 's/Mode:/0/'`; t; echo -n " Capsule Workspace Users : "; f "mob_mail_session"; if [[ `cat /etc/cp-release` != *"Embed"* ]]; then t; echo -n " MAB Portal Users : "; f "cvpn_session"; fi; t; echo -n " L2TP Users : "; f "L2TP_tunnels"; t; echo -n " SNX Users : "; f "sslt_om_ip_params"; echo; echo ' LICENSES'; printf '%.s-' {1..70}; t; echo; function s { awk '{ sum += $1 } END { print sum }'; }; function u { echo Unlimited; }; l=`cplic print -p 2>/dev/null | awk --re-interval 'BEGIN{today="date +%s"; today | getline today; } $1 ~ /([1-9][0-9]*\.?){4}/ {if ($2 != "never") {expdate=$2; cmd="date -d " expdate " +%s"; cmd | getline expdate; if (expdate>today) {print} } else {print}}' | tr ' ' '\n'`; echo -n ' SecuRemote Users : '; if [[ "$l" == *'srunlimited'* ]]; then u; else echo "$l" | grep fw1:6.0:sr | cut -c 11- | s; fi; echo -n ' Endpoint Connect Users : '; grep -a sc_users $FWDIR/database/fwauth.NDB | tr -dc '[:digit:]\n' | awk '{print $1/5}' | echo $(cat); echo -n ' Mobile Access Users : '; if [[ "$l" == *'cvpnunlimited'* ]]; then u; else echo "$l" | grep cvpn:6.0:cvpn | cut -c 14- | tr -d 'user' | s; fi; echo -n ' SNX Users : '; if [[ "$l" == *'nxunlimit'* ]]; then u; else echo "$l" | grep fw1:6.0:nx | cut -c 11- | s; fi; [ "$TERM" == "xterm" ] && tput sgr0; unset l; fi; echoThis One-liner is also integrated with our ccc script.
Thanks to @PhoneBoy for license macro information in this thread. [ VPN License Guide ]
Thanks to @HristoGrigorov for SMB support and testing.
Thanks to CheckMates for these Remote Access SmartEvent Reports: Basic, Enhanced, Application Monitoring, Custom User Stats
COVID-19
💊 We take care of your Remote Access VPN needs!
👩💻 Reviewed by RnD.
👍 Available as SmartConsole Extension.
One-liner (Bash) to show a summary about the remote access statistics of a VPN gateway.
Run in SmartConsole as one-time script or from your scripts repository or directly on your Gateway in expert mode:
echo; if [[ `if [[ $(cat /etc/cp-release) == *"Embed"* ]]; then grep 1 /opt/fw1/conf/active_blades.txt | tr '[:upper:]' '[:lower:]'; else e
Danny
PhoneBoy
Danny
Awesome tool, @Danny! That's a very useful script.
Overall, it works as expected, but I've got a few difficulties understanding the meaning of the numbers. As I understand, the entry "Assigned Office Mode IPs" shows the number of all currently assigned remote access IPs which would mean the sum of Capsule/Endpoint VPN Users and SNX Users. For us, these numbers (sum of Capsule/Endpoint VPN Users and SNX Users vs. Assigned Office Mode IPs) don't match.
The same applies to the number of MAB Portal Users, which would in my opinion mean Capsule/Endpoint VPN Users, Capsule Workspace Users, SNX Users and all users that use the portal without connecting to the SNX.
Another point is the peak score. Our peak score for SNX users for example increases from time to time without the peak being hit within this time (verified with cron job).
Do you have any advice what might be the reason for this behavior?
Awesome tool, @Danny! That's a very useful script.
Overall, it works as expected, but I've got a few difficulties understanding the meaning of the numbers. As I understand, the entry "Assigned Office Mode IPs" shows the number of all currently assigned remote access IPs which would mean the sum of Capsule/Endpoint VPN Users and SNX Users. For us, these numbers (sum of Capsule/Endpoint VPN Users and SNX Users vs. Assigned Office Mode IPs) don't match.
The same applies to the number
...;
Danny
Hi @StephS ,
you wrote: As I understand, the entry "Assigned Office Mode IPs" shows the number of all currently assigned remote access IPs
It shows how many IP addresses have been assigned from the Office Mode IP pool within your configured lease time (Default: 60 minutes).
Our peak score for SNX users increases .. without the peak being hit .. (verified with cron job).
May I ask how you exactly verify the peak levels via cronjob? My one-liner does no calculation at this point, it just formats the original numbers that are returned by Check Points commands so you might want to open a ticket with TAC to consult on the origin of the peak levels.
Hi @StephS ,
you wrote: As I understand, the entry "Assigned Office Mode IPs" shows the number of all currently assigned remote access IPs
It shows how many IP addresses have been assigned from the Office Mode IP pool within your configured lease time (Default: 60 minutes).
Our peak score for SNX users increases .. without the peak being hit .. (verified with cron job).
May I ask how you exactly verify the peak levels via cronjob? My one-liner does no calculation at this p
...;
Danny
Danny
We scheduled a cron job which runs every minute, executes your script and writes the output into a file. We then looked out for the entry when the peak changed and saw that the number of users by far didn't match the peak.
Hello @Danny and @phoneboy --
We recently ran this on R80.40 smartconsole and MOB displayed as "205" available sessions. The customer has MOB-200 license. I know CP appliances come with MOB-5.
However, I am also aware that MOB licensing in not additive. you can't add two MOB-200 on cluster and get 400 supported sessions. Similarly, I doubt that MOB-200 and MOB-5 add together to provide 205 user sessions.
The gateway container license:
"CPAP-SG660X CPSM-C-2 CPSB-FW CPSG-C-4-U CPSG-C-2-U CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-SSLVPN-200 CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS CPSB-URLF CPSB-APCL CPSB-AV CPSB-ABOT-M CPSB-ASPM CPSB-CTNT ...xxx"
not a big deal but wanted to raise the topic. thx.
Hello @Danny and @phoneboy --
We recently ran this on R80.40 smartconsole and MOB displayed as "205" available sessions. The customer has MOB-200 license. I know CP appliances come with MOB-5.
However, I am also aware that MOB licensing in not additive. you can't add two MOB-200 on cluster and get 400 supported sessions. Similarly, I doubt that MOB-200 and MOB-5 add together to provide 205 user sessions.
The gateway container license:
"CPAP-SG660X CPSM-C-2 CPSB-FW C
...;
PhoneBoy
Two possible explanations:
hi there i ran the one liner on out 1500 smb gateway and the licenses section does output correctly. this is centrally managed gateway.
Check Point's 1550 Appliance R80.20.10 - Build 365
here is the output:
REMOTE ACCESS VPN STATS - Current
----------------------------------------------------------------------
Assigned OfficeMode IPs : 4 (Peak: 7)
Capsule/Endpoint VPN Users : 4 (Peak: 8 ) using Visitor Mode: 1
Capsule Workspace Users : 0 (Peak: 0)
L2TP Users : 0 (Peak: 0)
SNX Users : 0 (Peak: 0)
LICENSES
----------------------------------------------------------------------
awk: unrecognized option '--re-interval'
BusyBox v1.28.3 (2020-01-13 11:34:59 IST) multi-call binary.
Usage: awk [OPTIONS] [AWK_PROGRAM] [FILE]...
-v VAR=VAL Set variable
-F SEP Use SEP as field separator
-f FILE Read program from FILE
-e AWK_PROGRAM
SecuRemote Users :
Endpoint Connect Users :
Mobile Access Users :
SNX Users :
hi there i ran the one liner on out 1500 smb gateway and the licenses section does output correctly. this is centrally managed gateway.
Check Point's 1550 Appliance R80.20.10 - Build 365
here is the output:
REMOTE ACCESS VPN STATS - Current ---------------------------------------------------------------------- Assigned OfficeMode IPs : 4 (Peak: 7) Capsule/Endpoint VPN Users : 4 (Peak: 8 ) using Visitor Mode: 1 Capsule Workspace Users : 0 (Peak: 0) L2TP UserIt’s possible this needs to be refactored for SMB appliances (at least the 1500s).
awk syntax appears to be different.
Hi @Danny,
we discovered a minor bug in the output of the script. Every time the number of Visitor Mode Users hits 100, the script output ("using Visitor Mode:") just shows 10 instead of 100. When the number gets to 101 (and every other number we experienced so far), it is printed out correctly. Do you know where this comes from?
Hi @Danny,
we discovered a minor bug in the output of the script. Every time the number of Visitor Mode Users hits 100, the script output ("using Visitor Mode:") just shows 10 instead of 100. When the number gets to 101 (and every other number we experienced so far), it is printed out correctly. Do you know where this comes from?
;
Danny
Hi Danny,
Unfortunately, starting from R81 getline is missing and the script is not able to fetch the VPN licenses anymore.
Danny
jaimej
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY