This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ebalmon
Participant
‎2022-11-14 03:45 AM
Jump to solution

End-Users connected in 1570 appliance

Hi mates,

Is there any way to see end-users connected via CLI in a 1570 appliance?

 

Thanks in advance

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2022-11-14 09:36 AM
In response to ebalmon
Jump to solution

It's what allows you to associate IP addresses to usernames and requires a connection to your Active Directory server.
You configure it here:

image.png

Unfortunately, the only method supported on the SMB appliances currently is ADQuery, which may not work if your AD servers have recently been patched.
Refer to: https://community.checkpoint.com/t5/Security-Gateways/WMI-Permission-denied-From-this-months-Windows... 

View solution in original post

(1)
12 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-11-14 05:06 AM
Jump to solution

Just to confirm are you asking about VPN users or Admins connected via SSH or something else?

 

 

CCSM R77/R80/ELITE
0 Kudos
ebalmon
Participant
‎2022-11-14 06:18 AM
In response to Chris_Atkinson
Jump to solution

Users connected to LAN or WIFI

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-11-14 06:24 AM
In response to ebalmon
Jump to solution

Is Identity Awareness enabled?

CCSM R77/R80/ELITE
0 Kudos
ebalmon
Participant
‎2022-11-14 08:54 AM
In response to Chris_Atkinson
Jump to solution

No, could you tell me about that?

0 Kudos
PhoneBoy
Admin
Admin
‎2022-11-14 09:36 AM
In response to ebalmon
Jump to solution

It's what allows you to associate IP addresses to usernames and requires a connection to your Active Directory server.
You configure it here:

image.png

Unfortunately, the only method supported on the SMB appliances currently is ADQuery, which may not work if your AD servers have recently been patched.
Refer to: https://community.checkpoint.com/t5/Security-Gateways/WMI-Permission-denied-From-this-months-Windows... 

(1)
Lesley
MVP Gold
MVP Gold
‎2022-11-14 06:09 AM
Jump to solution

Try this one (I assume you mean VPN clients):

vpn tu tlist

vpn tu -t tlist

To be honest I would recommend the web interface. GAIA embedded has less commands for on the CLI so it is a bit limited. For example you cannot run cpview. 

-------
Please press "Accept as Solution" if my post solved it 🙂
0 Kudos
PhoneBoy
Admin
Admin
‎2022-11-14 06:16 AM
In response to Lesley
Jump to solution

cpview is available on SMB appliances with R81.10 firmware:

image.png

Not sure if information about connected VPN users is there.

0 Kudos
(1)
ebalmon
Participant
‎2022-11-14 06:23 AM
In response to Lesley
Jump to solution

Hi, 

 

sorry, I mean users connected to LAN or WIFI. Thanks for the tip

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2022-11-15 01:37 AM
In response to ebalmon
Jump to solution

Use WebGUI - not CLI...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
ebalmon
Participant
‎2022-11-17 06:12 AM
In response to G_W_Albrecht
Jump to solution

Hi,

It is a specific need to do it through the CLI to run it with a troubleshooting script. Shouldn't it be possible to do it if it's also done via GUI?

Thanks for your help

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2022-11-17 07:22 AM
In response to ebalmon
Jump to solution

I think the scripting used for GUI can read details that are not directly available as commands in clish / bash. This would be a RFE...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin
‎2022-11-17 03:44 PM
In response to ebalmon
Jump to solution

If you have Identity Awareness enabled, you can use the various CLI commands to query said database (for example adlog a query all).
These are for regular gateways but the commands here should also work on the SMB appliances in expert mode: https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_IdentityAwareness_AdminGuide...

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events