- Products
- Learn
- Local User Groups
- Partners
- More
The State of Ransomware Q1 2026
Key Trends and Their Impact
Good, Better, Best:
Prioritizing Defenses Against Credential Abuse
AI Security Masters E7:
How CPR Broke ChatGPT's Isolation and What It Means for You
Blueprint Architecture for Securing
The AI Factory & AI Data Center
Call For Papers
Your Expertise. Our Stage
CheckMates Go:
CheckMates Fest
VPNs aren't really a connection, so they don't have a meaningful "up" versus "down" distinction. They instead have valid keys or they don't. To illustrate why this may matter, if you negotiate a VPN from your laptop to the firewall, then you disconnect your laptop from the network, the key is still negotiated, even though the VPN cannot carry traffic due to the underlying network issue.
To see VPN keys which have been negotiated and which are currently valid, you can use the command 'vpn tu'. This is the tunnel utility. On VSX, you will have to specify the VSID, like 'vpn -v <VSID> tu', I believe.
Once the tunnel utility is running, it presents a menu of options. One of them is to list all currently valid IKE SAs. That will tell you which peers you have a valid key for, along with the associated key identifiers. I suspect this is the information you're after.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
