Monitoring VPN Tunnels
Because VPN tunnels synchronize between all SGMS, use traditional tools to monitor tunnels. This gives you a better selection of monitoring tools compared to the native 61000/41000 Security System capabilities.
SmartView Monitor
You must not activate the Monitoring Blade on the 61000/41000 Security System. But, you can still use the Tunnels information in SmartView Monitor to see VPN tunnel status and details.
SNMP
- You can use the sub-tree in Check Point MIB .1.3.6.1.4.1.2620.500.9002 to see VPN status with SNMP.
- For VSX environments, search for the SNMP Monitoring section in the R76 VSX Administration Guide for VSX related SMTP information.
CLI Tools
Use these CLI commands:
- Run
# cpstat -f all vpn (Expert Mode) to see VPN statistics per SGM. - Run
# vpn tu (Expert Mode) to monitor VPN tunnels per SGM. Since VPN tunnels are synchronized to all SGMs, you can use run this command from the scope of one SGM.
- Run
> vpn shell tu (gclish) to monitor VPN tunnels in the non-interactive mode. This command is supported for versions R76SP.20 and higher.
Note - In a VSX environment, you must run these commands from the applicable Virtual System contact.
|
|
