This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Chris_Blake
Participant
‎2023-03-30 05:14 AM

IPSEC traffic report

Hi all,

Is there a way to get IPSEC traffic on a specific gateway put into a report or view, so that it can be sent off to our client?

I have searched the community posts and come across various topics dealing with VPN users and their traffic, but nothing specific for IPSEC tunnel traffic.

Thanks

Labels
0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2023-03-30 08:28 PM

Can you clarify exactly what you are expecting in this report and provide some clarity about the S2S VPN configuration?
My guess (at a high level) is you could use the encryption domains of the relevant gateways to filter the report down to the relevant traffic.

0 Kudos
Chris_Blake
Participant
‎2023-03-31 04:36 AM
In response to PhoneBoy

Thank you for replying.

I can see in my firewall logs the total traffic being sent over a period of time, based on the source IP from the peer. I would like to put these logs into a graph to show daily connections from the client side (they asked us if we could provide this as they don't monitor these metrics on their side)

I don't know if I can get Traffic In (bytes) to show on the graph, when I select this in my report creation it shows "0b" in the widget.

We then have an internal Zabbix monitor using SNMP to monitor the state of the tunnel using 1.3.6.1.4.1.2620.500.9002.1.3.peer.ip.of.client.0, and this alerts when it changes from 3 (active) to any other value (4 destroy, 129 idle, 130 phase1, 131 down, 132 init).

I would like to provide some info in my report on the state of the tunnel say over a 30 day period, like a table that shows number of times the tunnel changed from 3 to any other state.

We are running Checkpoint R81.10 on our side, the client is running Fortigate (I think) on theirs.

For my report parameters I`m using :

Blade = Firewall

Source = peer.ip.of.client

I hope this is the info you require, thanks for your assistance.

 

 

 

0 Kudos
PhoneBoy
Admin
Admin
‎2023-03-31 03:24 PM
In response to Chris_Blake

I think the only thing we log is when the VPN comes up or there is a new key exchange.
We don't log VPN state beyond when the tunnel comes up due to interesting traffic being sent/received.
That means you will not be able to get this information from SmartEvent.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫