Monitoring VPN Tunnels
Because VPN tunnels synchronize between all Security Group A logical group of Security Gateway Modules that provides Active/Active cluster functionality. A Security Group can contain one or more Security Gateway Modules. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. Members, use traditional tools to monitor tunnels.
SmartConsole
You must not activate the Monitoring Software Blade in the Security Gateway (Security Group) object.
You can still see VPN tunnel status and details information in SmartConsole.
SNMP
-
You can use the OID sub-tree tunnelTable (.1.3.6.1.4.1.2620.500.9002 ) in the Check Point MIB to see the VPN status.
-
For VSX environments, search for the SNMP Monitoring section in the R81.20 VSX Administration GuideR81.20 VSX Administration Guide for VSX-related SNMP information.
CLI Tools
|
Note - In a VSX environment, you must run these commands from the context of the applicable Virtual System. |
Use these commands:
-
To see VPN statistics for each Security Group Member, run in the Expert mode:
cpstat -f all vpn
-
To monitor VPN tunnels for each Security Group Member, run in the Expert mode:
vpn tu
VPN tunnels are synchronized to all Security Group Members. Therefore, you can run this command from the scope of one Security Group Member.
-
To monitor VPN tunnels in the non-interactive mode, run in Gaia gClish The name of the global command line shell in Check Point Gaia operating system for Security Gateway Modules. Commands you run in this shell apply to all Security Gateway Module in the Security Group.:
vpn shell tunnels