- Products
- Learn
- Local User Groups
- Partners
- More
Firewall Uptime, Reimagined
How AIOps Simplifies Operations and Prevents Outages
Introduction to Lakera:
Securing the AI Frontier!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
VPNs aren't really a connection, so they don't have a meaningful "up" versus "down" distinction. They instead have valid keys or they don't. To illustrate why this may matter, if you negotiate a VPN from your laptop to the firewall, then you disconnect your laptop from the network, the key is still negotiated, even though the VPN cannot carry traffic due to the underlying network issue.
To see VPN keys which have been negotiated and which are currently valid, you can use the command 'vpn tu'. This is the tunnel utility. On VSX, you will have to specify the VSID, like 'vpn -v <VSID> tu', I believe.
Once the tunnel utility is running, it presents a menu of options. One of them is to list all currently valid IKE SAs. That will tell you which peers you have a valid key for, along with the associated key identifiers. I suspect this is the information you're after.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY