- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- S2S VPN history.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
S2S VPN history.
Hello, Mates.
Is there any way to see the "summary" of the status of a VPN?
My intention is to know if a S2S VPN that we have against a third party is down or rebooted maybe 12 hours ago.
I am looking for options in the SmartView Monitor, but I can't find an appropriate option.
Any ideas that can help me please?
Cheers. 🙂
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The only thing we log is when the tunnel "comes up" (key install).
The tunnel never really goes "down" unless the remote end stops responding (which should be logged).
In R82, I believe we plan to have some enhanced VPN monitoring features.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Uhm,
I have a S2S VPN, which 12 hours ago, lost connection between both sides of the VPN.
So, we want to "see" if in that time range, the VPN was logged as "down" in Check Point.
I have made some filters in the SmartConsole, "calling" only the VPN community under discussion, and filtering the "action" field with a "Key Install".
And this is the result I get.
Exactly what does the "Key Install" mean?
Is it the moment when Check Point "detects" that a VPN is being set up?
Is there any option that you think can help me?
Cheers. 🙂
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A VPN connection requires symmetric encryption keys to be generated every so often with the various IPsec timers determining how often this is done.
Likewise, the remote end might request termination and issue a "delete IKE SA request."
These are logged as "Key Install" events as they affect the encryption keys used.
If the remote VPN peer cannot be reached, you may see "peer not responding" messages in the logs.
However, this will only occur if there is active traffic on the VPN.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
This action ""delete IKE SA request.", does not necessarily mean that the VPN TUNEL, is "down" right?
I mean, the remote peer may send a message like "delete IKE SA request.", but for us, it may be something "transparent", and we could still see the tunnel "active", at that moment?
Or is this action necessarily going to lower the tunnel?
Greetings
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Correct, an IKE SA being deleted does not necessarily mean the tunnel is down.
In IKEv2, it's actually done as part of the rekeying process that should happen every few hours (so called Break Before Make).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Old Legacy SV Monitor has Tunnels on GW > VPN History > Last Day > Active Tunnels Average that should show it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A monitoring tool could help.
For example pinging a host across the VPN.
Other option is with SNMP :
