Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Chris_Blake
Participant

IPSEC traffic report

Hi all,

Is there a way to get IPSEC traffic on a specific gateway put into a report or view, so that it can be sent off to our client?

I have searched the community posts and come across various topics dealing with VPN users and their traffic, but nothing specific for IPSEC tunnel traffic.

Thanks

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

Can you clarify exactly what you are expecting in this report and provide some clarity about the S2S VPN configuration?
My guess (at a high level) is you could use the encryption domains of the relevant gateways to filter the report down to the relevant traffic.

0 Kudos
Chris_Blake
Participant

Thank you for replying.

I can see in my firewall logs the total traffic being sent over a period of time, based on the source IP from the peer. I would like to put these logs into a graph to show daily connections from the client side (they asked us if we could provide this as they don't monitor these metrics on their side)

I don't know if I can get Traffic In (bytes) to show on the graph, when I select this in my report creation it shows "0b" in the widget.

We then have an internal Zabbix monitor using SNMP to monitor the state of the tunnel using 1.3.6.1.4.1.2620.500.9002.1.3.peer.ip.of.client.0, and this alerts when it changes from 3 (active) to any other value (4 destroy, 129 idle, 130 phase1, 131 down, 132 init).

I would like to provide some info in my report on the state of the tunnel say over a 30 day period, like a table that shows number of times the tunnel changed from 3 to any other state.

We are running Checkpoint R81.10 on our side, the client is running Fortigate (I think) on theirs.

For my report parameters I`m using :

Blade = Firewall

Source = peer.ip.of.client

I hope this is the info you require, thanks for your assistance.

 

 

 

0 Kudos
PhoneBoy
Admin
Admin

I think the only thing we log is when the VPN comes up or there is a new key exchange.
We don't log VPN state beyond when the tunnel comes up due to interesting traffic being sent/received.
That means you will not be able to get this information from SmartEvent.

0 Kudos
Michael_Menen
Participant

Hi,

Sounds good but how to set the filter to encryption domain of the relevant gateways?

I'm trying to provide a monthly report to the customer about the amount of traffic between two locations (Check Point GWs connected to the same SMS).

When setting VPN community as filter in the Smart Console Log I can see all of the connections being encrypted and decrypted but I have no clue how to build the report.

Setting Custom Filter = VPN-xxx-Corporate is not working

0 Kudos
PhoneBoy
Admin
Admin

The Chart Filter should be based on Source/Destination, not "Custom Filter," I'm fairly certain.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events