Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Danny
Champion
Champion

One-liner to show VPN topology on gateways

ℹ️ Also available as SmartConsole Extension.

In expert mode run:

if [[ `$CPDIR/bin/cpprod_util FwIsFirewallModule 2>/dev/null` != *'1'* ]]; then echo; tput bold; tput setab 1; echo ' Not a firewall gateway! '; tput sgr0; echo; else if [[ `grep R80.40 /etc/cp-release | wc -l` != 0 ]]; then echo; tput bold; tput setab 1; echo -n ' Info: VPN Domain for Gateway Communities are currently not displayed correctly by this tool! '; tput sgr0; echo; fi; fw tab -t vpn_routing -u | awk 'NR>3 {$0=substr($0,2,28); gsub(", ", ""); gsub("; ", ""); gsub("..", "0x& "); print}' | xargs printf "%d.%d.%d.%d %d.%d.%d.%d %d.%d.%d.%d\n" | awk '{print $3"."$1" - "$2}' | sort -t . -k  1,1n -k 2,2n -k 3,3n -k 4,4n -k 5,5n -k 6,6n -k 7,7n -k 8,8n | sed 's/^/x/' | sed 's/\./\n\t/4' | awk '!x[$0]++' | sed '/x/s/$/\n\tEncryption domain/' | sed 's/x/\nVPN Gateway > /' | if [[ $(cat /etc/cp-release) != *"Embedded"* ]]; then egrep -C 9999 --color=auto $'VPN Gateway|Encryption domain'; else cat $1 | sed 's/^\t//'; fi; echo; fi; if [[ `grep R80.40 /etc/cp-release | wc -l` != 0 ]]; then tput bold; tput setab 1; echo -n ' Info: VPN Domain for Gateway Communities are currently not displayed correctly by this tool! '; tput sgr0; echo; echo; fi

The One-liner is working on all gateways running on Check Point GAiA, Embedded GAiA (SMB appliances) and also integrated with our ccc script.

Thanks to Tim Hall's preliminary work in this thread and reference in his book 📕Max Power 2020.
Thanks to AlexeyB's preliminary work in this thread.
Thanks to Pawel's SMB support and testing in this thread.

-- More One-liners --

One-liner for Address Spoofing Troubleshooting
One-liner for Remote Access VPN Statistics
One-liner to show Geo Policy on gateways
FW Monitor SuperTool

6 Replies
This widget could not be displayed.