pdp monitor

Description

Monitors the status of connected PDP Check Point Identity Awareness Security Gateway that acts as Policy Decision Point: acquires identities from identity sources; shares identities with other gateways. sessions.

You can run different queries with the commands below to get the output, in which you are interested.

Syntax

pdp monitor

all

client_type <Client Type>

cv_ge <Version>

cv_le <Version>

groups <Group Name>

ip <IP address>

machine <Computer Name>

machine_exact

mad

network

s_port

summary

user <Username>

user_exact

Important - On Scalable Platforms (Maestro and Chassis), you must run the applicable commands in the Expert mode on the applicable Security Group.

Parameters

Parameter	Description
`all`	Shows information for all connected sessions.
`client_type <Client Type>`	Shows all sessions that connect through the specified client type. Possible client types are: `"AD Query"` - User was identified by the AD Query Check Point clientless identity acquisition tool. It is based on Active Directory integration and it is completely transparent to the user. The technology is based on querying the Active Directory Security Event Logs and extracting the user and computer mapping to the network address from them. It is based on Windows Management Instrumentation (WMI), a standard Microsoft protocol. The Check Point Security Gateway communicates directly with the Active Directory domain controllers and does not require a separate server. No installation is necessary on the clients, or on the Active Directory server.. `"Identity Agent"` - User or computer was identified by an Identity Awareness Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. Agent. `portal` - User was identified by the Captive Portal A Check Point Identity Awareness web portal, to which users connect with their web browser to log in and authenticate, when using Browser-Based Authentication.. `unknown` - User was identified by an unknown source.
`cv_ge <Version>`	Shows all sessions that are connected with a client version that is higher than (or equal to) the specified version.
`cv_le <Version>`	Shows all sessions that are connected through a client version that is lower than (or equal to) the specified version.
`groups <Group Name>`	Shows all sessions of users or computers that are members of the specified group.
`ip <IP address>`	Shows session information for the specified IP address.
`machine <Computer Name>`	Shows session information for the specified computer name.
`machine_exact`	Shows sessions filtered by the exact computer name.
`mad`	Shows all sessions that relate to a managed asset. For example, all sessions that successfully performed computer authentication.
`network`	Shows sessions filtered by a network wildcard. For example: `192.168.72.*`
`s_port`	Shows sessions filtered by the assigned source port (MUH sessions only).
`summary`	Shows the summary monitoring data.
`user <Username>`	Shows session information for the specified user name.
`user_exact`	Shows sessions filtered by the exact user.

Example - Show the connected user behind the IP address 192.0.2.1

pdp monitor ip 192.0.2.1

Note - The last field "Published" indicates whether the session information was already published to the Gateway PEPs, whose IP addresses are listed.