Monitoring VPN Tunnels

Because VPN tunnels synchronize between all Security Group A logical group of Security Appliances that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. Every Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected. Members, use traditional tools to monitor tunnels.

SmartConsole

You must not activate the Monitoring Software Blade Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. in the Security Group object. But, you can still use the tunnels information in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. to see VPN tunnel status and details.

SNMP

• You can use the tunnelTable sub-tree in Check Point MIB .1.3.6.1.4.1.2620.500.9002 to see VPN status with SNMP.

• For VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. environments, search for the SNMP Monitoring section in the R80.30SP Quantum Maestro VSX Administration Guide for VSX-related SNMP information.

CLI Tools

Use these commands:

• To see VPN statistics for each Security Group Member, in the Expert mode run:

  # cpstat -f all vpn

• To monitor VPN tunnels for each Security Group Member, in the Expert mode run:

  # vpn tu

  VPN tunnels are synchronized to all Security Group Members, therefore you can run this command from the scope of one Security Group Member.

• To monitor VPN tunnels in the non-interactive mode, in Gaia gClish The name of the global command line shell in Check Point Gaia operating system for Security Appliances connected to Check Point Quantum Maestro Orchestrators. Commands you run in this shell apply to all Security Appliances in the Security Group. run:

  > vpn shell t

Note - In a VSX environment, you must run these commands from the context of the applicable Virtual System.