Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Show VPN Routing on CLI

sipr123.JPG
The following command shows detailed policy based routing on the CLI. You found the policy based VPN routes  to the corresponding external gateway. The basic Check Point table is "fw tab -f -t vpn_routing -u".

_Val__0-1605787183339.png

Command:

echo -e "\033[0m####################\n# VPN Routing      #\n####################";fw tab -f -t vpn_routing -u 2>&1 |grep -v "+"| awk '{split($0,a,";"); print a[8]}' |sort -ng |uniq | awk '{split($0,a," "); print a[2]}' | xargs -I % sh -c  'echo -n "Externa

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
17 Replies

Participant

Great job!

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Contributor

Amazing!!!
Thanks for sharing.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Advisor

Thanks for sharing.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Advisor

Awsome. Thank you for sharing.

Do you have a way to reset vpn tunnel via command line?

I would like to automate vpn tu procedure.


;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Hi Kim,

I think you can use the following commands to delete vpn connections.

  vpn tu del ipsec all
  vpn tu del ipsec ip-addr
  vpn tu del ipsec ip-addr username
  vpn tu del all
  vpn tu del ip-addr
  vpn tu del ip-addr username

Regards,

Heiko

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Contributor

Nice command.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Participant

Is it possible to add ProxyID‘s to the routes?

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Contributor

When I try the show vpn routing on cli on the FW, it does not work.

 

 

 

[Expert@fw1-sydney-a]# echo -e "\033[0m####################\n# VPN Routing #\n####################";fw tab -f -t vpn_routing -u 2>&1 |grep -v "+"| awk '{split($0,a,";"); print a[8]}' |sort -ng |uniq | awk '{split($0,a," "); print a[2]}' | xargs -I % sh -c 'echo -n "External Gateway: ";echo -e "\033[0;31m % \\033[37m";echo -e " Routing: \033[32m";fw tab -f -t vpn_routing -u 2>&1 |grep % |awk '\''{split($0,b,"

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Collaborator

For me doesn't give any output for some reason. R77.30 Take 338. fw tab -t vpn_routing -u -f works though.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Contributor

Because in actual script additional param seted: "grep -v '+' ". You may use simplified command like this:

fw tab -t vpn_routing -u | awk 'NR>3 {$0=substr($0,2,28); gsub(", ", ""); gsub("; ", ""); gsub("..", "0x& "); print}' | xargs printf "%d.%d.%d.%d\t-\t%d.%d.%d.%d\tPeer: %d.%d.%d.%d\r\n"

Checked on many takes of 77.30

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Collaborator

Brilliant, thank you Alexey. For myself just added sorting by first column.

fw tab -t vpn_routing -u | awk 'NR>3 {$0=substr($0,2,28); gsub(", ", ""); gsub("; ", ""); gsub("..", "0x& "); print}' | xargs printf "%d.%d.%d.%d\t-\t%d.%d.%d.%d\tPeer: %d.%d.%d.%d\r\n" | sort -k1n,1
;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Explorer

Is there any option to edit VPN routes in Kernel ? I have many routes from one peer (not in my control) and I need to remove one route. Please suggest.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Hi,

I adapted the full command to work on a R77.30 Gaia, with the same display as the screenshot:

echo -e "\033[0m####################\n# VPN Routing      #\n####################";fw tab -f -t vpn_routing -u 2>&1 |grep "+"| awk '{split($4,a,";"); print a[6]}' |sort -ng |uniq | awk '{split($0,a,":"); print a[2]}' | xargs -I % sh -'echo -n "External Gateway: ";echo -e "\033[0;31m % \\033[37m";echo -e "  Routing: \033[32m";fw tab -f -t vpn_routing -u 2>&1 |grep % |awk '\''{split($4
...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Contributor

Now you may compare scripts execution times. My version is faster. Smiley Happy Because I don't use `-f` for formating output and I call `fw tab` only once. After all my colleague just added additional sorting for outpue like this: 

sort -t . -k  1,1n -k 2,2n -k 3,3n -k 4,4n

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Champion
Champion

Hi @AlexeyB,

I like your solution and created a One-liner from it that also adds grouping and coloring, which is also included with our ccc script.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Contributor

Hi,  @Danny  I didn't specifically group the output so that it would be convenient to filter the output line by line, using "grep" to filter by peer or the specific network you need. Everyone can adapt this command to their own needs. I'm glad that my code was useful to someone 🙂

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Explorer
it works,thanks! ;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos