Download Complete PDF Send Feedback Print This Page

Previous

Synchronize Contents

Next

Monitoring Tunnels

Related Topics

Tunnels Solution

Tunnel View Configuration

Tunnels Solution

VPN Tunnels are secure links between Security Gateways and ensure secure connections between an organization's gateways and remote access clients.

Once Tunnels are created and put to use, you are able to keep track of their normal function, so that possible malfunctions and connectivity problems can be accessed and solved as soon as possible.

To ensure this security level, SmartView Monitor can recognize malfunctions and connectivity problems by constantly monitoring and analyzing the status of an organizations Tunnels. With the use of Tunnel views, you can generate fully detailed reports that include information about all the Tunnels that fulfill the specific Tunnel views conditions. With this information it is possible to monitor Tunnel status, the Community with which a Tunnel is associated, the gateways to which the Tunnel is connected, etc. The following represent the two Tunnel types:

  • A Regular tunnel refers to the ability to send encrypted data between two peers. The Regular tunnel is considered "up" if both peers have Phase 1 and Phase 2 keys.
  • Permanent tunnels are constantly kept active and as a result it is easier to recognize malfunctions and connectivity problems. With Permanent tunnels administrators can monitor the two sides of a VPN tunnel and identify problems without delay.

    Each VPN tunnel in the community can be set as a Permanent tunnel. Since Permanent tunnels are constantly monitored. A log, alert, or user defined action can be issued when the VPN tunnel is down.

    Permanent tunnels can only be established between Check Point gateways. The configuration of Permanent tunnels takes place on the community level and:

    • can be specified for an entire community. This option sets every VPN tunnel in the community as permanent.
    • can be specified for a specific gateway. Use this option to configure specific gateways to have Permanent tunnels.
    • can be specified for a single VPN tunnel. This feature allows configuring specific tunnels between specific gateways as permanent.

The following table explains the possible Tunnel states and their significance to a Permanent or Regular Tunnel.

Tunnel Monitoring States

State

Permanent Tunnel

Regular Tunnel

Up

The tunnel is functioning and the data can flow with no problems.

Both IDE SA (Phase 1) and IPSEC SA (Phase 2) exist with a peer gateway.

Destroyed

The tunnel is destroyed.

The tunnel is destroyed.

Up Phase1

Not relevant

Tunnel initialization is in process and Phase 1 is complete (that is, IKE SA exists with cookies), but there is no Phase 2.

Down

There is a tunnel failure. You cannot send and receive data to or from a remote peer.

Not relevant.

Up Init

The tunnel is being initialized.

Not relevant.

Gateway not Responding

The gateway is not responding.

The gateway is not responding.

Tunnel View Configuration

The following pages contain a number of different sets of steps that will instruct you on how to work with SmartView Monitor Tunnel views.

Note - If a Tunnel is deleted from SmartDashboard, the Tunnel Results View contains the deleted Tunnel for an hour after it was deleted. Likewise, if a community is edited (that is, Tunnels are removed or added), the Results View will contain the deleted communities tunnels for one hour after they were deleted.

To obtain an explicit understanding about the fields, text boxes, drop-down lists, etc., in each window refer to SmartView Monitor Online Help.

Run a Tunnel View

When a Tunnel view is run the results appear in the SmartView Monitor client. A Tunnel view can be run:

  • from an existing view
  • by creating a new view
  • by changing an existing view

A Tunnels view can be created and run for

  • Down Permanent Tunnels
  • Permanent Tunnels
  • Tunnels on Community
  • Tunnels on Gateway
Run a Down Tunnel View

Down Tunnel view results list all the Tunnels that are currently not active.

  1. In the SmartView Monitor client, click the Tunnels branch in the Tree View.
  2. In the Tunnels branch, (Custom or Predefined) double-click the Down Permanent Tunnel view.

    A list of all the Down Tunnels associated with the selected view's properties appears.

Run a Permanent Tunnel View

Permanent Tunnel view results list all the existing Permanent Tunnels and their current status.

A Permanent Tunnel is a Tunnel that is constantly kept active.

  1. In the SmartView Monitor client, click the Tunnels branch in the Tree View.
  2. In the Tunnels branch, double click the Custom Permanent Tunnel view that you would like to run.

    A list of all the Permanent Tunnels associated with the selected view's properties appears.

Run a Tunnels on Community View

Tunnels on Community view results list all the Tunnels associated with a selected Community.

  1. In the SmartView Monitor client, click the Tunnels branch in the Tree View.
  2. In the Tunnels branch (Custom or Predefined), double-click the Tunnels on Community view.

    A list of all Communities appears.

  3. Select the Community whose Tunnels you would like to monitor.
  4. Select OK.

    A list of all the Tunnels associated with the selected Community appears.

Run a Tunnels on Gateway View

Tunnels on Gateway view results list all the Tunnels associated with a selected Gateway.

  1. In the SmartView Monitor client, click the Tunnels branch in the Tree View.
  2. In the Tunnels branch (Custom or Predefined) double-click the Tunnels on Gateway view.

    A list of all the gateways appears.

  3. Select the gateway whose Tunnels and their status you would like to see.
  4. Select OK.

    A list of all the Tunnels associated with the selected gateway appears.

Refresh a Tunnel View

Once a Tunnel view is run the information that appears is related to the time at which the view was run. To see current information about the Tunnel view running you must refresh the view.

To refresh the entire Tunnel view select the specific view in the Tree View, right-click and select Run.

To refresh information about a specific gateway in the currently running Tunnel view, right-click the specific gateway line and select Refresh.

Run a Specific View at Startup

With SmartView Monitor you can select the view that will first appear when you launch SmartView Monitor.

  1. Right-click the view that should be run as soon as SmartView Monitor is launched.
  2. Select Run at Startup.
Create a Custom Tunnel View
  1. In the SmartView Monitor client, select File > New > Tunnels View.

    The Query Properties window appears.

  2. Select Prompt on to generate a report about a specific Tunnel, Community or Gateway. Do not select Prompt on if your view is not specifically about one these three.

    Prompt on signifies that you will be asked for the specific Tunnel, Community or Gateway on which to base your view, as soon as you decide to run the view.

  3. Select either Show one record per tunnel or Show two records per tunnel.

    By selecting Show two records per tunnel a more accurate status is displayed since the report will provide the status for the tunnels in both directions.

  4. In the Show column, select the filter that should be associated with this view
  5. In the Filter column edit the selected filters by clicking the corresponding Any(*) link and selecting the relevant objects.
  6. Click the Advanced button and set a limit in the Records limitation window for the number of lines displayed in the report that will appear.
  7. Enter a record limitation and click OK.
  8. Click OK.

    A Tunnels view appears in the Custom branch of the Tree View.

  9. Type the name of the new Tunnel view and press Enter.
Edit a Custom Tunnel View
  1. In the SmartView Monitor client, click the Custom branch in the Tree View.
  2. In the Custom branch, select the Tunnel view whose settings you would like to change.
  3. Select the Query Properties button in the view's toolbar.
  4. Make the necessary changes with the options provided and click OK
  5. Click the Save to Tree button on the toolbar and enter a new name
  6. Click Save.
  7. When you are asked to replace the specific view click Yes so that the new properties are saved.

    The changes are saved automatically.

Edit a Tunnel View

You cannot change a view in the branch Tree View. Therefore, when you change a view's properties you will need to save the view in the Custom branch of the Tree View in order to preserve those changes.

  1. In the SmartView Monitor client, click the Tunnels icon in the Tree View.
  2. Select the view whose settings you would like to change.
  3. Click the Query Properties button in the toolbar provided.
  4. Make the necessary changes in the tabs provided and click OK
  5. Click the Save to Tree button in the toolbar provided.
  6. Enter a name for the new view and click OK.

    The changes will be preserved in a new view in the Custom branch of the Tree View.

Delete a Custom Tunnel View
  1. In the SmartView Monitor client, click the Custom branch in the Tree View.
  2. In the Custom branch of the Tree View select the Tunnels view you would like to delete.
  3. Right click the selected view and select Delete.
  4. Select Yes to delete the selected Tunnels view.
Copy a Tunnel View
  1. In the SmartView Monitor client, click the Tunnels view (that is, Custom or Predefined) in the Tree View.
  2. Right click the selected view and select Copy.
  3. Right click the Custom branch of the Tree View and select Paste.

    A copy of the Custom view appears under the Custom branch.

Rename a Custom Tunnel View
  1. In the SmartView Monitor client, click the Custom branch of the Tree View.
  2. Right click the Tunnels view whose name you would like to change.
  3. Select Rename.
  4. Type the new name and press Enter.

View In-Depth Information about a Specific Gateway

  1. Run the Gateways Status view for which you would like to view information.
  2. Right-click the specific gateway in the Results View.
  3. Right-click the specific gateway and select Gateway Details.

    The window that appears provides you with information about system performance, licenses, High Availability, etc., for the selected gateway.

Create a Custom Gateways Status View

  1. In the SmartView Monitor client, select File > New > Gateways View.

    The Gateway Properties > Fields window appears.

  2. Select the topics for which you would like to receive information in the Available fields list and move them to the Show these fields in the grid list.
  3. Select the Filter Gateways tab to remove gateways from the specific Gateways Status view results.
  4. Click OK.

    The results of the view appear in the SmartView Monitor console.

  5. The specific Gateways Status view appears in the Custom branch of the Tree View. Right-click the view and type the name of the custom Gateways Status view.

Edit a Gateway View

The changes you make to an existing view cannot be saved. To save the changes you must perform Save To Tree and subsequently create a new view.

  1. In the Custom branch of the Tree View select the Gateways Status view that you would like to change.
  2. Click the View Properties button in the toolbar directly above the Results View.
  3. Make the required changes by adding or removing topics from the Show these fields in the grid list.
  4. Click OK.

    The results of the view appear in the SmartView Monitor console.

  5. To save the results of the view that has been changed, select the Save to Tree button in the toolbar directly above the Results View.
  6. Enter a name for the new Gateways Status view and click Save.

    The edited Gateways Status view will appear as a new view in the Custom branch of the Tree View.

Defining a Threshold

  1. In the Tree View run a Gateways Status view.
  2. Select the gateway for which you would like to change one or more thresholds.
  3. Right-click and select Configure Thresholds.
  4. You have the option of selecting one of the following:
    • Use global settings applies the global threshold settings to the selected gateway.
    • Custom enables you to select specific thresholds for the selected gateway.
    • None removes all thresholds from the selected gateway.
  5. Select the Software Blade whose threshold you would like to change and make the necessary changes with the fields provided.

    The Action column provides you with the following options:

    • none does not send an alert.
    • log sends a log entry to the database.
    • alert sends a pop window to your desktop.
    • mail sends a mail alert to your inbox.
    • snmptrap sends an SNMP alert.
    • useralert sends a customized alert in the manner that you configure.

Note - To configure these Action options go to SmartDashboard > Policy > Global Properties > Log and Alert > Alert Commands.
  1. Click the Ok button to save your changes.

Define Global Threshold Settings

  1. In the Tree View run a Gateways Status view.
  2. Select the gateway for which you would like to change one or more thresholds.
  3. Right-click and select Configure Thresholds.
  4. Click the Edit Global Settings button.
  5. Select the Software Blade whose threshold you would like to change and make the necessary changes with the fields provided.
  6. Click OK to save your changes.

Delete a Custom Gateway View

  1. In the Custom branch of the Tree View select the Gateways view you would like to delete.
  2. Right click the selected view and select Delete.
  3. Select Yes to delete the selected Custom view.

Copy a Gateway View

  1. In the Tree View right-click the Gateways Status view you would like to copy.
  2. Select Copy.

    The Save To Tree window appears.

  3. Enter a name for the copy you are creating.

    A copy of the view appears under the Custom branch.

Rename a Custom Gateway Status View

  1. In the Custom branch of the Tree View right-click the Gateways view whose name you would like to change.
  2. Select Rename.
  3. Type the new name and press Enter.

Export a Custom Gateway Status View

  1. Right-click the Gateways view you would like to export.
  2. Select Export Properties.
  3. Select the directory in which you would like to save the exported view settings and click Save. A file with an svm_setting extension is created.
  
Top of Page ©2013 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print