Monitoring VPN Tunnels
Because VPN tunnels synchronize between all Security Group Members, use traditional tools to monitor tunnels.
SmartConsole
You must not activate the Monitoring Software Blade in the Security Gateway (Security Group) object.
You can still see VPN tunnel status and details information in SmartConsole.
SNMP
-
You can use the OID sub-tree tunnelTable (.1.3.6.1.4.1.2620.500.9002 ) in the Check Point MIB to see the VPN status.
-
For VSX environments, search for the SNMP Monitoring section in the R81.20 VSX Administration GuideR81.20 VSX Administration Guide for VSX-related SNMP information.
CLI Tools
|
Note - In a VSX environment, you must run these commands from the context of the applicable Virtual System. |
Use these commands:
-
To see VPN statistics for each Security Group Member, run in the Expert mode:
cpstat -f all vpn
-
To monitor VPN tunnels for each Security Group Member, run in the Expert mode:
vpn tu
VPN tunnels are synchronized to all Security Group Members. Therefore, you can run this command from the scope of one Security Group Member.
-
To monitor VPN tunnels in the non-interactive mode, run in Gaia gClish:
vpn shell tunnels